diff options
Diffstat (limited to 'FreeRTOS/Test/CBMC/proofs/Task')
57 files changed, 2978 insertions, 0 deletions
diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskCheckForTimeOut/Makefile.json b/FreeRTOS/Test/CBMC/proofs/Task/TaskCheckForTimeOut/Makefile.json new file mode 100644 index 000000000..8b2904e30 --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskCheckForTimeOut/Makefile.json @@ -0,0 +1,49 @@ +# +# FreeRTOS memory safety proofs with CBMC. +# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Permission is hereby granted, free of charge, to any person +# obtaining a copy of this software and associated documentation +# files (the "Software"), to deal in the Software without +# restriction, including without limitation the rights to use, copy, +# modify, merge, publish, distribute, sublicense, and/or sell copies +# of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# +# http://aws.amazon.com/freertos +# http://www.FreeRTOS.org +# + +{ + "ENTRY": "TaskCheckForTimeOut", + "DEF": + [ + "FREERTOS_MODULE_TEST", + "'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'" + ], + "CBMCFLAGS": + [ + "--unwind 1" + ], + "OBJS": + [ + "$(ENTRY)_harness.goto", + "$(FREERTOS)/Source/tasks.goto" + ], + "INC": + [ + "$(FREERTOS)/Test/CBMC/proofs/Task/TaskCheckForTimeOut/" + ] +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskCheckForTimeOut/README.md b/FreeRTOS/Test/CBMC/proofs/Task/TaskCheckForTimeOut/README.md new file mode 100644 index 000000000..5550f59d1 --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskCheckForTimeOut/README.md @@ -0,0 +1,10 @@ +This proof demonstrates the memory safety of the TaskCheckForTimeOut function. +We assume `pxTimeOut`, `pxTicksToWait` and `pxCurrentTCB` to be non-NULL. + +This proof is a work-in-progress. Proof assumptions are described in +the harness. The proof also assumes the following functions are +memory safe and have no side effects relevant to the memory safety of +this function: + +* vPortEnterCritical +* vPortExitCritical diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskCheckForTimeOut/TaskCheckForTimeOut_harness.c b/FreeRTOS/Test/CBMC/proofs/Task/TaskCheckForTimeOut/TaskCheckForTimeOut_harness.c new file mode 100644 index 000000000..d78189d3c --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskCheckForTimeOut/TaskCheckForTimeOut_harness.c @@ -0,0 +1,54 @@ +/* + * FreeRTOS memory safety proofs with CBMC. + * Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * http://aws.amazon.com/freertos + * http://www.FreeRTOS.org + */ + +#include <stdint.h> + +/* FreeRTOS includes. */ +#include "FreeRTOS.h" +#include "task.h" + +BaseType_t xPrepareCurrentTCB( void ); + +/* + * The function requires that the function arguments `pxTimeOut` and + * `pxTicksToWait` and the global variable `pxCurrentTCB` are not + * NULL. + */ +void harness() +{ + UBaseType_t xTasksPrepared; + TimeOut_t pxTimeOut; + TickType_t pxTicksToWait; + + xTasksPrepared = xPrepareCurrentTCB(); + + if ( xTasksPrepared != pdFAIL ) + { + xTaskCheckForTimeOut( &pxTimeOut, &pxTicksToWait ); + } +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskCheckForTimeOut/tasks_test_access_functions.h b/FreeRTOS/Test/CBMC/proofs/Task/TaskCheckForTimeOut/tasks_test_access_functions.h new file mode 100644 index 000000000..926986b35 --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskCheckForTimeOut/tasks_test_access_functions.h @@ -0,0 +1,51 @@ +/* + * FreeRTOS memory safety proofs with CBMC. + * Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * http://aws.amazon.com/freertos + * http://www.FreeRTOS.org + */ + +#include "cbmc.h" + +/* + * We allocate a TCB and set some members to basic values + */ +TaskHandle_t xUnconstrainedTCB( void ) +{ + TCB_t * pxTCB = pvPortMalloc( sizeof( TCB_t ) ); + + return pxTCB; +} + +/* + * We just need to allocate a totally unconstrained TCB + */ +BaseType_t xPrepareCurrentTCB( void ) +{ + __CPROVER_assert_zero_allocation(); + + pxCurrentTCB = xUnconstrainedTCB(); + + return pxCurrentTCB == NULL ? pdFAIL : pdPASS; +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskCreate/Makefile.json b/FreeRTOS/Test/CBMC/proofs/Task/TaskCreate/Makefile.json new file mode 100644 index 000000000..71aac7719 --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskCreate/Makefile.json @@ -0,0 +1,52 @@ +# +# FreeRTOS memory safety proofs with CBMC. +# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Permission is hereby granted, free of charge, to any person +# obtaining a copy of this software and associated documentation +# files (the "Software"), to deal in the Software without +# restriction, including without limitation the rights to use, copy, +# modify, merge, publish, distribute, sublicense, and/or sell copies +# of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# +# http://aws.amazon.com/freertos +# http://www.FreeRTOS.org +# + +{ + "ENTRY": "TaskCreate", + "DEF": + [ + "STACK_DEPTH=10", + "FREERTOS_MODULE_TEST", + "'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'" + ], + "CBMCFLAGS": + [ + "--unwind 1", + "--unwindset prvInitialiseNewTask.0:16,prvInitialiseNewTask.1:4,prvInitialiseTaskLists.0:8" + ], + "OBJS": + [ + "$(ENTRY)_harness.goto", + "$(FREERTOS)/Source/tasks.goto", + "$(FREERTOS)/Source/list.goto" + ], + "INC": + [ + "$(FREERTOS)/Test/CBMC/proofs/Task/TaskCreate/" + ] +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskCreate/README.md b/FreeRTOS/Test/CBMC/proofs/Task/TaskCreate/README.md new file mode 100644 index 000000000..39a275a7d --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskCreate/README.md @@ -0,0 +1,22 @@ +This proof demonstrates the memory safety of the TaskCreate function. +We initialize task lists, but we set other data structures to +unconstrained (arbitrary) values, including the data structures +`pxCurrentTCB`, `uxCurrentNumberOfTasks`, `pcName` and `pxCreateTask`. +STACK_DEPTH is set to a fixed number (10) since it is not possible to +specify a range. + +This proof is a work-in-progress. Proof assumptions are described in +the harness. The proof also assumes the following functions are +memory safe and have no side effects relevant to the memory safety of +this function: + +* prvTraceGetObjectHandle +* prvTraceGetTaskNumber +* prvTraceSetObjectName +* prvTraceSetPriorityProperty +* prvTraceStoreKernelCall +* prvTraceStoreTaskReady +* pxPortInitialiseStack +* vPortEnterCritical +* vPortExitCritical +* vPortGenerateSimulatedInterrupt diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskCreate/TaskCreate_harness.c b/FreeRTOS/Test/CBMC/proofs/Task/TaskCreate/TaskCreate_harness.c new file mode 100644 index 000000000..d86a27639 --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskCreate/TaskCreate_harness.c @@ -0,0 +1,63 @@ +/* + * FreeRTOS memory safety proofs with CBMC. + * Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * http://aws.amazon.com/freertos + * http://www.FreeRTOS.org + */ + +#include <stdint.h> + +/* FreeRTOS includes. */ +#include "FreeRTOS.h" +#include "task.h" + +void vNondetSetCurrentTCB( void ); +void vSetGlobalVariables( void ); +void vPrepareTaskLists( void ); +TaskHandle_t *pxNondetSetTaskHandle( void ); +char *pcNondetSetString( size_t xSizeLength ); + +void harness() +{ + TaskFunction_t pxTaskCode; + char * pcName; + configSTACK_DEPTH_TYPE usStackDepth = STACK_DEPTH; + void * pvParameters; + UBaseType_t uxPriority; + TaskHandle_t * pxCreatedTask; + + vNondetSetCurrentTCB(); + vSetGlobalVariables(); + vPrepareTaskLists(); + + pxCreatedTask = pxNondetSetTaskHandle(); + pcName = pcNondetSetString( configMAX_TASK_NAME_LEN ); + + xTaskCreate(pxTaskCode, + pcName, + usStackDepth, + pvParameters, + uxPriority, + pxCreatedTask ); +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskCreate/tasks_test_access_functions.h b/FreeRTOS/Test/CBMC/proofs/Task/TaskCreate/tasks_test_access_functions.h new file mode 100644 index 000000000..9e48040c7 --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskCreate/tasks_test_access_functions.h @@ -0,0 +1,84 @@ +/* + * FreeRTOS memory safety proofs with CBMC. + * Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * http://aws.amazon.com/freertos + * http://www.FreeRTOS.org + */ + +#include "cbmc.h" + +/* + * Our stub for pvPortMalloc in cbmc.h nondeterministically chooses + * either to return NULL or to allocate the requested memory. + */ +void vNondetSetCurrentTCB( void ) +{ + pxCurrentTCB = pvPortMalloc( sizeof(TCB_t) ); +} +/* + * We just require task lists to be initialized for this proof + */ +void vPrepareTaskLists( void ) +{ + __CPROVER_assert_zero_allocation(); + + prvInitialiseTaskLists(); +} + +/* + * We set the values of relevant global + * variables to nondeterministic values + */ +void vSetGlobalVariables( void ) +{ + xSchedulerRunning = nondet_basetype(); + uxCurrentNumberOfTasks = nondet_ubasetype(); +} + +/* + * pvPortMalloc is nondeterministic by definition, thus we do not need + * to check for NULL allocation in this function + */ +TaskHandle_t *pxNondetSetTaskHandle( void ) +{ + TaskHandle_t *pxNondetTaskHandle = pvPortMalloc( sizeof(TaskHandle_t) ); + return pxNondetTaskHandle; +} + +/* + * Tries to allocate a string of size xStringLength and sets the string + * to be terminated using a nondeterministic index if allocation was successful + */ +char *pcNondetSetString( size_t xStringLength ) +{ + char *pcName = pvPortMalloc( xStringLength ); + + if ( pcName != NULL ) { + size_t uNondetIndex; + __CPROVER_assume( uNondetIndex < xStringLength ); + pcName[uNondetIndex] = '\0'; + } + + return pcName; +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskDelay/Configurations.json b/FreeRTOS/Test/CBMC/proofs/Task/TaskDelay/Configurations.json new file mode 100644 index 000000000..5061e8e8a --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskDelay/Configurations.json @@ -0,0 +1,68 @@ +# +# FreeRTOS memory safety proofs with CBMC. +# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Permission is hereby granted, free of charge, to any person +# obtaining a copy of this software and associated documentation +# files (the "Software"), to deal in the Software without +# restriction, including without limitation the rights to use, copy, +# modify, merge, publish, distribute, sublicense, and/or sell copies +# of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# +# http://aws.amazon.com/freertos +# http://www.FreeRTOS.org +# + +{ + "ENTRY": "TaskDelay", + "DEF": + [ + { "default" : + [ + "FREERTOS_MODULE_TEST", + "PENDED_TICKS=1", + "'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'", + "configUSE_TRACE_FACILITY=0", + "configGENERATE_RUN_TIME_STATS=0" + ] + }, + { "vTaskSuspend0" : + [ + "FREERTOS_MODULE_TEST", + "PENDED_TICKS=1", + "'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'", + "configUSE_TRACE_FACILITY=0", + "configGENERATE_RUN_TIME_STATS=0", + "INCLUDE_vTaskSuspend=0" + ] + } + ], + "CBMCFLAGS": + [ + "--unwind 1", + "--unwindset prvInitialiseTaskLists.0:8,vListInsert.0:4" + ], + "OBJS": + [ + "$(ENTRY)_harness.goto", + "$(FREERTOS)/Source/tasks.goto", + "$(FREERTOS)/Source/list.goto" + ], + "INC": + [ + "$(FREERTOS)/Test/CBMC/proofs/Task/TaskDelay/" + ] +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskDelay/README.md b/FreeRTOS/Test/CBMC/proofs/Task/TaskDelay/README.md new file mode 100644 index 000000000..f5cb3552d --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskDelay/README.md @@ -0,0 +1,21 @@ +This proof demonstrates the memory safety of the TaskDelay function. We assume +that `pxCurrentTCB` is initialized and inserted in one of the ready tasks lists +(with and without another task in the same list). We abstract function +`xTaskResumeAll` by assuming that `xPendingReadyList` is empty and +`xPendedTicks` is `0`. Finally, we assume nondeterministic values for global +variables `xTickCount` and `xNextTaskUnblockTime`, and `pdFALSE` for +`uxSchedulerSuspended` (to avoid assertion failure). + +Configurations available: + + * `default`: The default configuration. + * `useTickHook1`: The default configuration with `INCLUDE_vTaskSuspend=0` + +This proof is a work-in-progress. Proof assumptions are described in +the harness. The proof also assumes the following functions are +memory safe and have no side effects relevant to the memory safety of +this function: + +* vPortEnterCritical +* vPortExitCritical +* vPortGenerateSimulatedInterrupt diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskDelay/TaskDelay_harness.c b/FreeRTOS/Test/CBMC/proofs/Task/TaskDelay/TaskDelay_harness.c new file mode 100644 index 000000000..2ef21dedb --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskDelay/TaskDelay_harness.c @@ -0,0 +1,65 @@ +/* + * FreeRTOS memory safety proofs with CBMC. + * Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * http://aws.amazon.com/freertos + * http://www.FreeRTOS.org + */ + +#include <stdint.h> + +/* FreeRTOS includes. */ +#include "FreeRTOS.h" +#include "task.h" + +void vSetGlobalVariables( void ); +BaseType_t xPrepareTaskLists( void ); +BaseType_t xTaskResumeAllStub( void ); + +/* + * This is a trick to overcome the "redefined twice" error + * when stubbing out the `xTaskResumeAll` function in the header + */ +BaseType_t xTaskResumeAll( void ) { + return xTaskResumeAllStub(); +} + +/* + * The harness test first calls two functions included in the tasks.c file + * that initialize the task lists and other global variables + */ +void harness() +{ + TickType_t xTicksToDelay; + BaseType_t xTasksPrepared; + + vSetGlobalVariables(); + xTasksPrepared = xPrepareTaskLists(); + + if ( xTasksPrepared != pdFAIL ) + { + vTaskDelay( xTicksToDelay ); + } +} + + diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskDelay/tasks_test_access_functions.h b/FreeRTOS/Test/CBMC/proofs/Task/TaskDelay/tasks_test_access_functions.h new file mode 100644 index 000000000..b6b1210b0 --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskDelay/tasks_test_access_functions.h @@ -0,0 +1,145 @@ +/* + * FreeRTOS memory safety proofs with CBMC. + * Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * http://aws.amazon.com/freertos + * http://www.FreeRTOS.org + */ + +#include "cbmc.h" + +/* + * We allocate a TCB and set some members to basic values + */ +TaskHandle_t xUnconstrainedTCB( void ) +{ + TCB_t * pxTCB = pvPortMalloc(sizeof(TCB_t)); + + if ( pxTCB == NULL ) + return NULL; + + __CPROVER_assume( pxTCB->uxPriority < configMAX_PRIORITIES ); + + vListInitialiseItem( &( pxTCB->xStateListItem ) ); + vListInitialiseItem( &( pxTCB->xEventListItem ) ); + + listSET_LIST_ITEM_OWNER( &( pxTCB->xStateListItem ), pxTCB ); + listSET_LIST_ITEM_OWNER( &( pxTCB->xEventListItem ), pxTCB ); + + if ( nondet_bool() ) + { + listSET_LIST_ITEM_VALUE( &( pxTCB->xStateListItem ), pxTCB->uxPriority ); + } + else + { + listSET_LIST_ITEM_VALUE( &( pxTCB->xStateListItem ), portMAX_DELAY ); + } + + if ( nondet_bool() ) + { + listSET_LIST_ITEM_VALUE( &( pxTCB->xEventListItem ), ( TickType_t ) configMAX_PRIORITIES - ( TickType_t ) pxTCB->uxPriority ); + } + else + { + listSET_LIST_ITEM_VALUE( &( pxTCB->xEventListItem ), portMAX_DELAY ); + } + return pxTCB; +} + +/* + * We set the values of relevant global variables to + * nondeterministic values, except for `uxSchedulerSuspended` + * which is set to 0 (to pass through the assertion) + */ + +void vSetGlobalVariables( void ) +{ + uxSchedulerSuspended = pdFALSE; + xTickCount = nondet_ticktype(); + xNextTaskUnblockTime = nondet_ticktype(); +} + +/* + * We initialise and fill the task lists so coverage is optimal. + * This initialization is not guaranteed to be minimal, but it + * is quite efficient and it serves the same purpose + */ +BaseType_t xPrepareTaskLists( void ) +{ + TCB_t * pxTCB = NULL; + + __CPROVER_assert_zero_allocation(); + + prvInitialiseTaskLists(); + + /* The current task will be moved to the delayed list */ + pxCurrentTCB = xUnconstrainedTCB(); + if ( pxCurrentTCB == NULL ) + { + return pdFAIL; + } + vListInsert( &pxReadyTasksLists[ pxCurrentTCB->uxPriority ], &( pxCurrentTCB->xStateListItem ) ); + + /* + * Nondeterministic insertion of a task in the ready tasks list + * guarantees coverage in line 5104 (tasks.c) + */ + if ( nondet_bool() ) + { + pxTCB = xUnconstrainedTCB(); + if ( pxTCB == NULL ) + { + return pdFAIL; + } + vListInsert( &pxReadyTasksLists[ pxTCB->uxPriority ], &( pxTCB->xStateListItem ) ); + + /* Use of this macro ensures coverage on line 185 (list.c) */ + listGET_OWNER_OF_NEXT_ENTRY( pxTCB , &pxReadyTasksLists[ pxTCB->uxPriority ] ); + } + + + return pdPASS; +} + +/* + * We stub out `xTaskResumeAll` including the assertion and change on + * variables `uxSchedulerSuspended`. We assume that `xPendingReadyList` + * is empty to avoid the first loop, and xPendedTicks to avoid the second + * one. Finally, we return a nondeterministic value (overapproximation) + */ +BaseType_t xTaskResumeAllStub( void ) +{ + BaseType_t xAlreadyYielded; + + configASSERT( uxSchedulerSuspended ); + + taskENTER_CRITICAL(); + { + --uxSchedulerSuspended; + __CPROVER_assert( listLIST_IS_EMPTY( &xPendingReadyList ), "Pending ready tasks list not empty." ); + __CPROVER_assert( xPendedTicks == 0 , "xPendedTicks is not equal to zero."); + } + taskEXIT_CRITICAL(); + + return xAlreadyYielded; +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskDelete/Makefile.json b/FreeRTOS/Test/CBMC/proofs/Task/TaskDelete/Makefile.json new file mode 100644 index 000000000..bce77b851 --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskDelete/Makefile.json @@ -0,0 +1,55 @@ +# +# FreeRTOS memory safety proofs with CBMC. +# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Permission is hereby granted, free of charge, to any person +# obtaining a copy of this software and associated documentation +# files (the "Software"), to deal in the Software without +# restriction, including without limitation the rights to use, copy, +# modify, merge, publish, distribute, sublicense, and/or sell copies +# of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# +# http://aws.amazon.com/freertos +# http://www.FreeRTOS.org +# + +{ + "ENTRY": "TaskDelete", + "DEF": + [ + "FREERTOS_MODULE_TEST", + "'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'", + "STACK_DEPTH=10", + "configUSE_TRACE_FACILITY=0", + "configGENERATE_RUN_TIME_STATS=0" + ], + "CBMCFLAGS": + [ + "--unwind 1", + "--unwindset prvInitialiseTaskLists.0:8,vListInsert.0:3" + + ], + "OBJS": + [ + "$(ENTRY)_harness.goto", + "$(FREERTOS)/Source/tasks.goto", + "$(FREERTOS)/Source/list.goto" + ], + "INC": + [ + "$(FREERTOS)/Test/CBMC/proofs/Task/TaskDelete/" + ] +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskDelete/README.md b/FreeRTOS/Test/CBMC/proofs/Task/TaskDelete/README.md new file mode 100644 index 000000000..9b9753043 --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskDelete/README.md @@ -0,0 +1,19 @@ +This proof demonstrates the memory safety of the TaskDelete function. The +initialization for the task to be delete and `pxCurrentTCB` is quite similar +(since the task handle may be NULL, and in that case `pxCurrentTCB` is used). +The task to be deleted requires the stack in the task control block to be +allocated, and the flag for static allocation to be properly set (i.e., valid +values as defined by the macros) Task lists are initialized with these tasks +and nondet. filled with a few more items. We assume a nondet. value for +`xSchedulerRunning`. + +This proof is a work-in-progress. Proof assumptions are described in +the harness. The proof also assumes the following functions are +memory safe and have no side effects relevant to the memory safety of +this function: + +* vPortCloseRunningThread +* vPortDeleteThread +* vPortEnterCritical +* vPortExitCritical +* vPortGenerateSimulatedInterrupt diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskDelete/TaskDelete_harness.c b/FreeRTOS/Test/CBMC/proofs/Task/TaskDelete/TaskDelete_harness.c new file mode 100644 index 000000000..4bc5cc7cf --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskDelete/TaskDelete_harness.c @@ -0,0 +1,54 @@ +/* + * FreeRTOS memory safety proofs with CBMC. + * Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * http://aws.amazon.com/freertos + * http://www.FreeRTOS.org + */ + +#include <stdint.h> + +/* FreeRTOS includes. */ +#include "FreeRTOS.h" +#include "task.h" + +void vSetGlobalVariables(); +BaseType_t xPrepareTaskLists( TaskHandle_t * xTask ); + +/* + * The harness test first calls two functions included in the tasks.c file + * that initialize the task lists and other global variables + */ +void harness() +{ + TaskHandle_t xTaskToDelete; + BaseType_t xTasksPrepared; + + vSetGlobalVariables(); + xTasksPrepared = xPrepareTaskLists( &xTaskToDelete ); + + if ( xTasksPrepared != pdFAIL ) + { + vTaskDelete( xTaskToDelete ); + } +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskDelete/tasks_test_access_functions.h b/FreeRTOS/Test/CBMC/proofs/Task/TaskDelete/tasks_test_access_functions.h new file mode 100644 index 000000000..67c367cd7 --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskDelete/tasks_test_access_functions.h @@ -0,0 +1,172 @@ +/* + * FreeRTOS memory safety proofs with CBMC. + * Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * http://aws.amazon.com/freertos + * http://www.FreeRTOS.org + */ + +#include "cbmc.h" + +/* + * We allocate a TCB and set some members to basic values + */ +TaskHandle_t xUnconstrainedTCB( void ) +{ + TCB_t * pxTCB = pvPortMalloc(sizeof(TCB_t)); + uint8_t ucStaticAllocationFlag; + + if ( pxTCB == NULL ) + return NULL; + + __CPROVER_assume( pxTCB->uxPriority < configMAX_PRIORITIES ); + + vListInitialiseItem( &( pxTCB->xStateListItem ) ); + vListInitialiseItem( &( pxTCB->xEventListItem ) ); + + listSET_LIST_ITEM_OWNER( &( pxTCB->xStateListItem ), pxTCB ); + listSET_LIST_ITEM_OWNER( &( pxTCB->xEventListItem ), pxTCB ); + + if ( nondet_bool() ) + { + listSET_LIST_ITEM_VALUE( &( pxTCB->xStateListItem ), pxTCB->uxPriority ); + } + else + { + listSET_LIST_ITEM_VALUE( &( pxTCB->xStateListItem ), portMAX_DELAY ); + } + + if ( nondet_bool() ) + { + listSET_LIST_ITEM_VALUE( &( pxTCB->xEventListItem ), ( TickType_t ) configMAX_PRIORITIES - ( TickType_t ) pxTCB->uxPriority ); + } + else + { + listSET_LIST_ITEM_VALUE( &( pxTCB->xEventListItem ), portMAX_DELAY ); + } + + pxTCB->pxStack = ( StackType_t * ) pvPortMalloc( ( ( ( size_t ) STACK_DEPTH ) * sizeof( StackType_t ) ) ); + if ( pxTCB->pxStack == NULL ) + { + vPortFree( pxTCB ); + return NULL; + } + + __CPROVER_assume( ucStaticAllocationFlag <= tskSTATICALLY_ALLOCATED_STACK_AND_TCB ); + __CPROVER_assume( ucStaticAllocationFlag >= tskDYNAMICALLY_ALLOCATED_STACK_AND_TCB ); + pxTCB->ucStaticallyAllocated = ucStaticAllocationFlag; + + return pxTCB; +} + +/* + * We set the values of relevant global + * variables to nondeterministic values + */ +void vSetGlobalVariables() +{ + xSchedulerRunning = nondet_basetype(); +} + +/* + * We initialise and fill the task lists so coverage is optimal. + * This initialization is not guaranteed to be minimal, but it + * is quite efficient and it serves the same purpose + */ +BaseType_t xPrepareTaskLists( TaskHandle_t * xTask ) +{ + TCB_t * pxTCB = NULL; + + __CPROVER_assert_zero_allocation(); + + prvInitialiseTaskLists(); + + /* + * The task handle passed to TaskDelete can be NULL. In that case, the + * task to delete is the one in `pxCurrentTCB`, see the macro `prvGetTCBFromHandle` + * in line 1165 (tasks.c) for reference. For that reason, we provide a similar + * initialization for an arbitrary task `pxTCB` and `pxCurrentTCB`. + */ + + pxTCB = xUnconstrainedTCB(); + if ( pxTCB != NULL ) + { + if ( nondet_bool() ) + { + TCB_t * pxOtherTCB; + pxOtherTCB = xUnconstrainedTCB(); + /* + * Nondeterministic insertion of another TCB in the same list + * to guarantee coverage in line 1174 (tasks.c) + */ + if ( pxOtherTCB != NULL ) + { + vListInsert( &xPendingReadyList, &( pxOtherTCB->xStateListItem ) ); + } + } + vListInsert( &xPendingReadyList, &( pxTCB->xStateListItem ) ); + + /* + * Nondeterministic insertion of an event list item to guarantee + * coverage in lines 1180-1184 (tasks.c) + */ + if ( nondet_bool() ) + { + vListInsert( pxDelayedTaskList, &( pxTCB->xEventListItem ) ); + } + } + + /* Note that `*xTask = NULL` can happen here, but this is fine -- `pxCurrentTCB` will be used instead */ + *xTask = pxTCB; + + /* + * `pxCurrentTCB` must be initialized the same way as the previous task, but an + * allocation failure cannot happen in this case (i.e., if the previous task is NULL) + */ + pxCurrentTCB = xUnconstrainedTCB(); + if ( pxCurrentTCB == NULL ) + { + return pdFAIL; + } + + if ( nondet_bool() ) + { + TCB_t * pxOtherTCB; + pxOtherTCB = xUnconstrainedTCB(); + if ( pxOtherTCB != NULL ) + { + vListInsert( &pxReadyTasksLists[ pxOtherTCB->uxPriority ], &( pxOtherTCB->xStateListItem ) ); + } + } + vListInsert( &pxReadyTasksLists[ pxCurrentTCB->uxPriority ], &( pxCurrentTCB->xStateListItem ) ); + + /* Use of this macro ensures coverage on line 185 (list.c) */ + listGET_OWNER_OF_NEXT_ENTRY( pxCurrentTCB , &pxReadyTasksLists[ pxCurrentTCB->uxPriority ] ); + + if ( nondet_bool() ) + { + vListInsert( pxDelayedTaskList, &( pxCurrentTCB->xEventListItem ) ); + } + + return pdPASS; +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskGetCurrentTaskHandle/Makefile.json b/FreeRTOS/Test/CBMC/proofs/Task/TaskGetCurrentTaskHandle/Makefile.json new file mode 100644 index 000000000..d461b1dd3 --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskGetCurrentTaskHandle/Makefile.json @@ -0,0 +1,51 @@ +# +# FreeRTOS memory safety proofs with CBMC. +# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Permission is hereby granted, free of charge, to any person +# obtaining a copy of this software and associated documentation +# files (the "Software"), to deal in the Software without +# restriction, including without limitation the rights to use, copy, +# modify, merge, publish, distribute, sublicense, and/or sell copies +# of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# +# http://aws.amazon.com/freertos +# http://www.FreeRTOS.org +# + +{ + "ENTRY": "TaskGetCurrentTaskHandle", + "DEF": + [ + "FREERTOS_MODULE_TEST", + "'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'" + ], + "CBMCFLAGS": + [ + "--unwind 1" + ], + "OBJS": + [ + "$(ENTRY)_harness.goto", + "$(FREERTOS)/Source/tasks.goto", + "$(FREERTOS)/Source/list.goto" + ], + "INC": + [ + "$(FREERTOS)/Source/", + "$(FREERTOS)/Test/CBMC/proofs/Task/TaskGetCurrentTaskHandle/" + ] +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskGetCurrentTaskHandle/README.md b/FreeRTOS/Test/CBMC/proofs/Task/TaskGetCurrentTaskHandle/README.md new file mode 100644 index 000000000..af9280495 --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskGetCurrentTaskHandle/README.md @@ -0,0 +1,6 @@ +This proof demonstrates the memory safety of the TaskGetCurrentTaskHandle +function. We assume that `pxCurrentTCB` is not NULL and we check that the +return value is not NULL. + +This proof is a work-in-progress. Proof assumptions are described in +the harness. diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskGetCurrentTaskHandle/TaskGetCurrentTaskHandle_harness.c b/FreeRTOS/Test/CBMC/proofs/Task/TaskGetCurrentTaskHandle/TaskGetCurrentTaskHandle_harness.c new file mode 100644 index 000000000..dac3c6685 --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskGetCurrentTaskHandle/TaskGetCurrentTaskHandle_harness.c @@ -0,0 +1,54 @@ +/* + * FreeRTOS memory safety proofs with CBMC. + * Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * http://aws.amazon.com/freertos + * http://www.FreeRTOS.org + */ + +#include <stdint.h> + +/* FreeRTOS includes. */ +#include "FreeRTOS.h" +#include "task.h" + +BaseType_t xPrepareCurrentTCB( void ); + +/* + * We set pxCurrentTCB to an unconstrained TCB. Then we call + * xTaskGetCurrentTaskHandle() and check the return value is not NULL + */ +void harness() +{ + TaskHandle_t xTask; + BaseType_t xTasksPrepared; + + xTasksPrepared = xPrepareCurrentTCB(); + + if ( xTasksPrepared != pdFAIL ) + { + xTask = xTaskGetCurrentTaskHandle(); + + __CPROVER_assert( xTask != NULL , "Current task handle is NULL!"); + } +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskGetCurrentTaskHandle/tasks_test_access_functions.h b/FreeRTOS/Test/CBMC/proofs/Task/TaskGetCurrentTaskHandle/tasks_test_access_functions.h new file mode 100644 index 000000000..29505148d --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskGetCurrentTaskHandle/tasks_test_access_functions.h @@ -0,0 +1,58 @@ +/* + * FreeRTOS memory safety proofs with CBMC. + * Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * http://aws.amazon.com/freertos + * http://www.FreeRTOS.org + */ + +#include "cbmc.h" + +/* + * We allocate a TCB and set some members to basic values + */ +TaskHandle_t xUnconstrainedTCB( void ) +{ + TCB_t * pxTCB = pvPortMalloc(sizeof(TCB_t)); + + if ( pxTCB == NULL ) + return NULL; + + return pxTCB; +} + +/* + * We just need to allocate a totally unconstrained TCB + */ +BaseType_t xPrepareCurrentTCB( void ) +{ + __CPROVER_assert_zero_allocation(); + + pxCurrentTCB = xUnconstrainedTCB(); + if ( pxCurrentTCB == NULL ) + { + return pdFAIL; + } + + return pdPASS; +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskGetSchedulerState/Makefile.json b/FreeRTOS/Test/CBMC/proofs/Task/TaskGetSchedulerState/Makefile.json new file mode 100644 index 000000000..633e659cd --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskGetSchedulerState/Makefile.json @@ -0,0 +1,49 @@ +# +# FreeRTOS memory safety proofs with CBMC. +# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Permission is hereby granted, free of charge, to any person +# obtaining a copy of this software and associated documentation +# files (the "Software"), to deal in the Software without +# restriction, including without limitation the rights to use, copy, +# modify, merge, publish, distribute, sublicense, and/or sell copies +# of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# +# http://aws.amazon.com/freertos +# http://www.FreeRTOS.org +# + +{ + "ENTRY": "TaskGetSchedulerState", + "DEF": + [ + "FREERTOS_MODULE_TEST", + "'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'" + ], + "CBMCFLAGS": + [ + "--unwind 1" + ], + "OBJS": + [ + "$(ENTRY)_harness.goto", + "$(FREERTOS)/Source/tasks.goto" + ], + "INC": + [ + "$(FREERTOS)/Test/CBMC/proofs/Task/TaskGetSchedulerState/" + ] +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskGetSchedulerState/README.md b/FreeRTOS/Test/CBMC/proofs/Task/TaskGetSchedulerState/README.md new file mode 100644 index 000000000..d7b732bdd --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskGetSchedulerState/README.md @@ -0,0 +1,6 @@ +This proof demonstrates the memory safety of the TaskGetSchedulerState function. +We assume `xSchedulerRunning` and `uxSchedulerSuspended` to be nondeterministic values. + +This proof is a work-in-progress. Proof assumptions are described in +the harness. + diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskGetSchedulerState/TaskGetSchedulerState_harness.c b/FreeRTOS/Test/CBMC/proofs/Task/TaskGetSchedulerState/TaskGetSchedulerState_harness.c new file mode 100644 index 000000000..557fb598e --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskGetSchedulerState/TaskGetSchedulerState_harness.c @@ -0,0 +1,48 @@ +/* + * FreeRTOS memory safety proofs with CBMC. + * Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * http://aws.amazon.com/freertos + * http://www.FreeRTOS.org + */ + +#include <stdint.h> + +/* FreeRTOS includes. */ +#include "FreeRTOS.h" +#include "task.h" + +void vSetGlobalVariables( void ); + +/* + * We just require scheduler flags to be nondeterministic + * values before calling `xTaskGetSchedulerState` + */ +void harness() +{ + BaseType_t xResult; + + vSetGlobalVariables(); + + xResult = xTaskGetSchedulerState(); +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskGetSchedulerState/tasks_test_access_functions.h b/FreeRTOS/Test/CBMC/proofs/Task/TaskGetSchedulerState/tasks_test_access_functions.h new file mode 100644 index 000000000..7e1b29489 --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskGetSchedulerState/tasks_test_access_functions.h @@ -0,0 +1,37 @@ +/* + * FreeRTOS memory safety proofs with CBMC. + * Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * http://aws.amazon.com/freertos + * http://www.FreeRTOS.org + */ + +/* + * We set the values of relevant global + * variables to nondeterministic values + */ +void vSetGlobalVariables( void ) +{ + xSchedulerRunning = nondet_basetype(); + uxSchedulerSuspended = nondet_ubasetype(); +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskGetTaskNumber/Makefile.json b/FreeRTOS/Test/CBMC/proofs/Task/TaskGetTaskNumber/Makefile.json new file mode 100644 index 000000000..909ada3de --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskGetTaskNumber/Makefile.json @@ -0,0 +1,49 @@ +# +# FreeRTOS memory safety proofs with CBMC. +# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Permission is hereby granted, free of charge, to any person +# obtaining a copy of this software and associated documentation +# files (the "Software"), to deal in the Software without +# restriction, including without limitation the rights to use, copy, +# modify, merge, publish, distribute, sublicense, and/or sell copies +# of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# +# http://aws.amazon.com/freertos +# http://www.FreeRTOS.org +# + +{ + "ENTRY": "TaskGetTaskNumber", + "DEF": + [ + "FREERTOS_MODULE_TEST", + "'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'" + ], + "CBMCFLAGS": + [ + "--unwind 1" + ], + "OBJS": + [ + "$(ENTRY)_harness.goto", + "$(FREERTOS)/Source/tasks.goto" + ], + "INC": + [ + "$(FREERTOS)/Test/CBMC/proofs/Task/TaskGetTaskNumber/" + ] +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskGetTaskNumber/README.md b/FreeRTOS/Test/CBMC/proofs/Task/TaskGetTaskNumber/README.md new file mode 100644 index 000000000..3c35737aa --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskGetTaskNumber/README.md @@ -0,0 +1,5 @@ +This proof demonstrates the memory safety of the TaskGetTaskNumber function. +No assumption is required since the function accepts a NULL value for the task handle. + +This proof is a work-in-progress. Proof assumptions are described in +the harness. diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskGetTaskNumber/TaskGetTaskNumber_harness.c b/FreeRTOS/Test/CBMC/proofs/Task/TaskGetTaskNumber/TaskGetTaskNumber_harness.c new file mode 100644 index 000000000..6df4fe393 --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskGetTaskNumber/TaskGetTaskNumber_harness.c @@ -0,0 +1,49 @@ +/* + * FreeRTOS memory safety proofs with CBMC. + * Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * http://aws.amazon.com/freertos + * http://www.FreeRTOS.org + */ + +#include <stdint.h> + +/* FreeRTOS includes. */ +#include "FreeRTOS.h" +#include "task.h" + +void vPrepareTask( TaskHandle_t * xTask ); + +/* + * We prepare an unconstrained task (possibly NULL) + * and then call `uxTaskGetTaskNumber` + */ +void harness() +{ + TaskHandle_t xTask; + UBaseType_t uxTaskNumber; + + vPrepareTask( &xTask ); + + uxTaskNumber = uxTaskGetTaskNumber( xTask ); +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskGetTaskNumber/tasks_test_access_functions.h b/FreeRTOS/Test/CBMC/proofs/Task/TaskGetTaskNumber/tasks_test_access_functions.h new file mode 100644 index 000000000..cfd998f3a --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskGetTaskNumber/tasks_test_access_functions.h @@ -0,0 +1,53 @@ +/* + * FreeRTOS memory safety proofs with CBMC. + * Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * http://aws.amazon.com/freertos + * http://www.FreeRTOS.org + */ + +#include "cbmc.h" + +/* + * We allocate a TCB and set some members to basic values + */ +TaskHandle_t xUnconstrainedTCB( void ) +{ + TCB_t * pxTCB = pvPortMalloc(sizeof(TCB_t)); + + if ( pxTCB == NULL ) + return NULL; + + return pxTCB; +} + +/* + * We try to allocate an unconstrained TCB but do not + * check for NULL errors here (the function does it) + */ +void vPrepareTask( TaskHandle_t * xTask ) +{ + __CPROVER_assert_zero_allocation(); + + *xTask = xUnconstrainedTCB(); +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskGetTickCount/Makefile.json b/FreeRTOS/Test/CBMC/proofs/Task/TaskGetTickCount/Makefile.json new file mode 100644 index 000000000..e9da10fef --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskGetTickCount/Makefile.json @@ -0,0 +1,40 @@ +# +# FreeRTOS memory safety proofs with CBMC. +# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Permission is hereby granted, free of charge, to any person +# obtaining a copy of this software and associated documentation +# files (the "Software"), to deal in the Software without +# restriction, including without limitation the rights to use, copy, +# modify, merge, publish, distribute, sublicense, and/or sell copies +# of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# +# http://aws.amazon.com/freertos +# http://www.FreeRTOS.org +# + +{ + "ENTRY": "TaskGetTickCount", + "CBMCFLAGS": + [ + "--unwind 1" + ], + "OBJS": + [ + "$(ENTRY)_harness.goto", + "$(FREERTOS)/Source/tasks.goto" + ] +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskGetTickCount/README.md b/FreeRTOS/Test/CBMC/proofs/Task/TaskGetTickCount/README.md new file mode 100644 index 000000000..dea602356 --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskGetTickCount/README.md @@ -0,0 +1,5 @@ +This proof demonstrates the memory safety of the TaskIncrementTick function. +No assumptions nor abstractions are required for single-threaded computation. + +This proof is a work-in-progress. Proof assumptions are described in +the harness. diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskGetTickCount/TaskGetTickCount_harness.c b/FreeRTOS/Test/CBMC/proofs/Task/TaskGetTickCount/TaskGetTickCount_harness.c new file mode 100644 index 000000000..4229606eb --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskGetTickCount/TaskGetTickCount_harness.c @@ -0,0 +1,40 @@ +/* + * FreeRTOS memory safety proofs with CBMC. + * Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * http://aws.amazon.com/freertos + * http://www.FreeRTOS.org + */ + +#include <stdint.h> + +/* FreeRTOS includes. */ +#include "FreeRTOS.h" +#include "task.h" + +void harness() +{ + TickType_t xTickCount; + + xTickCount = xTaskGetTickCount(); +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskIncrementTick/Configurations.json b/FreeRTOS/Test/CBMC/proofs/Task/TaskIncrementTick/Configurations.json new file mode 100644 index 000000000..12cc4e7b4 --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskIncrementTick/Configurations.json @@ -0,0 +1,63 @@ +# +# FreeRTOS memory safety proofs with CBMC. +# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Permission is hereby granted, free of charge, to any person +# obtaining a copy of this software and associated documentation +# files (the "Software"), to deal in the Software without +# restriction, including without limitation the rights to use, copy, +# modify, merge, publish, distribute, sublicense, and/or sell copies +# of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# +# http://aws.amazon.com/freertos +# http://www.FreeRTOS.org +# + +{ + "ENTRY": "TaskIncrementTick", + "DEF": + [ + { "default": + [ + "FREERTOS_MODULE_TEST", + "'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'", + "configUSE_TICK_HOOK=0" + ] + }, + { "useTickHook1": + [ + "FREERTOS_MODULE_TEST", + "'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'", + "configUSE_TICK_HOOK=1" + ] + } + ], + "CBMCFLAGS": + [ + "--unwind 1", + "--unwindset prvInitialiseTaskLists.0:8,vListInsert.0:2,xTaskIncrementTick.0:4" + ], + "OBJS": + [ + "$(ENTRY)_harness.goto", + "$(FREERTOS)/Source/tasks.goto", + "$(FREERTOS)/Source/list.goto" + ], + "INC": + [ + "$(FREERTOS)/Test/CBMC/proofs/Task/TaskIncrementTick/" + ] +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskIncrementTick/README.md b/FreeRTOS/Test/CBMC/proofs/Task/TaskIncrementTick/README.md new file mode 100644 index 000000000..84f0fea11 --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskIncrementTick/README.md @@ -0,0 +1,18 @@ +This proof demonstrates the memory safety of the TaskIncrementTick function. +We assume that task lists are initialized and filled with a few list items. We +also assign nondeterministic values to some global variables. + +Configurations available: + * `default`: The default configuration. `useTickHook1`: The default + * configuration with `configUSE_TICK_HOOK=1` + +This proof is a work-in-progress. Proof assumptions are described in +the harness. The proof also assumes the following functions are +memory safe and have no side effects relevant to the memory safety of +this function: + +* prvTraceGetTaskNumber +* prvTracePortGetTimeStamp +* prvTraceStoreKernelCallWithNumericParamOnly +* prvTraceStoreTaskReady +* vApplicationTickHook diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskIncrementTick/TaskIncrementTick_harness.c b/FreeRTOS/Test/CBMC/proofs/Task/TaskIncrementTick/TaskIncrementTick_harness.c new file mode 100644 index 000000000..db2b41472 --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskIncrementTick/TaskIncrementTick_harness.c @@ -0,0 +1,53 @@ +/* + * FreeRTOS memory safety proofs with CBMC. + * Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * http://aws.amazon.com/freertos + * http://www.FreeRTOS.org + */ + +#include <stdint.h> + +/* FreeRTOS includes. */ +#include "FreeRTOS.h" +#include "task.h" + +void vSetGlobalVariables(); +BaseType_t xPrepareTaskLists( void ); + +/* + * The harness test first calls two functions included in the tasks.c file + * that initialize the task lists and other global variables + */ +void harness() +{ + BaseType_t xTasksPrepared; + + vSetGlobalVariables(); + xTasksPrepared = xPrepareTaskLists(); + + if ( xTasksPrepared != pdFAIL ) + { + xTaskIncrementTick(); + } +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskIncrementTick/tasks_test_access_functions.h b/FreeRTOS/Test/CBMC/proofs/Task/TaskIncrementTick/tasks_test_access_functions.h new file mode 100644 index 000000000..e6bf00058 --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskIncrementTick/tasks_test_access_functions.h @@ -0,0 +1,126 @@ +/* + * FreeRTOS memory safety proofs with CBMC. + * Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * http://aws.amazon.com/freertos + * http://www.FreeRTOS.org + */ + +#include "cbmc.h" + +/* + * We allocate a TCB and set some members to basic values + */ +TaskHandle_t xUnconstrainedTCB( void ) +{ + TCB_t * pxTCB = pvPortMalloc(sizeof(TCB_t)); + + if ( pxTCB == NULL ) + return NULL; + + __CPROVER_assume( pxTCB->uxPriority < configMAX_PRIORITIES ); + + vListInitialiseItem( &( pxTCB->xStateListItem ) ); + vListInitialiseItem( &( pxTCB->xEventListItem ) ); + + listSET_LIST_ITEM_OWNER( &( pxTCB->xStateListItem ), pxTCB ); + listSET_LIST_ITEM_OWNER( &( pxTCB->xEventListItem ), pxTCB ); + + if ( nondet_bool() ) + { + listSET_LIST_ITEM_VALUE( &( pxTCB->xStateListItem ), pxTCB->uxPriority ); + } + else + { + listSET_LIST_ITEM_VALUE( &( pxTCB->xStateListItem ), portMAX_DELAY ); + } + + if ( nondet_bool() ) + { + listSET_LIST_ITEM_VALUE( &( pxTCB->xEventListItem ), ( TickType_t ) configMAX_PRIORITIES - ( TickType_t ) pxTCB->uxPriority ); + } + else + { + listSET_LIST_ITEM_VALUE( &( pxTCB->xEventListItem ), portMAX_DELAY ); + } + return pxTCB; +} + +/* + * We set the values of relevant global + * variables to nondeterministic values + */ +void vSetGlobalVariables() +{ + xPendedTicks = nondet_ubasetype(); + uxSchedulerSuspended = nondet_ubasetype(); + xYieldPending = nondet_basetype(); + xTickCount = nondet_ticktype(); +} + +/* + * We initialise and fill the task lists so coverage is optimal. + * This initialization is not guaranteed to be minimal, but it + * is quite efficient and it serves the same purpose + */ +BaseType_t xPrepareTaskLists( void ) +{ + TCB_t * pxTCB = NULL; + + __CPROVER_assert_zero_allocation(); + + prvInitialiseTaskLists(); + + /* Needed for coverage: This task will be moved to a ready list */ + pxTCB = xUnconstrainedTCB(); + if ( pxTCB == NULL ) + { + return pdFAIL; + } + vListInsert( pxOverflowDelayedTaskList, &( pxTCB->xStateListItem ) ); + + /* Needed for coverage. */ + listGET_OWNER_OF_NEXT_ENTRY( pxTCB , pxOverflowDelayedTaskList ); + + pxTCB = xUnconstrainedTCB(); + if ( pxTCB == NULL ) + { + return pdFAIL; + } + vListInsert( &xPendingReadyList, &( pxTCB->xStateListItem ) ); + + /* Needed for coverage: A nondeterministic choice */ + if ( nondet_bool() ) + { + vListInsert( pxOverflowDelayedTaskList, &( pxTCB->xEventListItem ) ); + } + + pxCurrentTCB = xUnconstrainedTCB(); + if ( pxCurrentTCB == NULL ) + { + return pdFAIL; + } + vListInsert( &pxReadyTasksLists[ pxCurrentTCB->uxPriority ], &( pxCurrentTCB->xStateListItem ) ); + + return pdPASS; +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskPrioritySet/Makefile.json b/FreeRTOS/Test/CBMC/proofs/Task/TaskPrioritySet/Makefile.json new file mode 100644 index 000000000..9502f830f --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskPrioritySet/Makefile.json @@ -0,0 +1,54 @@ +# +# FreeRTOS memory safety proofs with CBMC. +# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Permission is hereby granted, free of charge, to any person +# obtaining a copy of this software and associated documentation +# files (the "Software"), to deal in the Software without +# restriction, including without limitation the rights to use, copy, +# modify, merge, publish, distribute, sublicense, and/or sell copies +# of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# +# http://aws.amazon.com/freertos +# http://www.FreeRTOS.org +# + +{ + "ENTRY": "TaskPrioritySet", + "DEF": + [ + "FREERTOS_MODULE_TEST", + "'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'", + "configUSE_TRACE_FACILITY=0", + "configGENERATE_RUN_TIME_STATS=0" + ], + "CBMCFLAGS": + [ + "--unwind 1", + "--unwindset prvInitialiseTaskLists.0:8,vListInsert.0:3" + + ], + "OBJS": + [ + "$(ENTRY)_harness.goto", + "$(FREERTOS)/Source/tasks.goto", + "$(FREERTOS)/Source/list.goto" + ], + "INC": + [ + "$(FREERTOS)/Test/CBMC/proofs/Task/TaskPrioritySet/" + ] +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskPrioritySet/README.md b/FreeRTOS/Test/CBMC/proofs/Task/TaskPrioritySet/README.md new file mode 100644 index 000000000..d9b79a1f4 --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskPrioritySet/README.md @@ -0,0 +1,14 @@ +This proof demonstrates the memory safety of the TaskPrioritySet function. The +initialization for the task to be set and `pxCurrentTCB` is quite similar +(since the task handle may be NULL, and in that case `pxCurrentTCB` is used). +Task lists are initialized with these tasks and nondet. filled with a few more +items. + +This proof is a work-in-progress. Proof assumptions are described in +the harness. The proof also assumes the following functions are +memory safe and have no side effects relevant to the memory safety of +this function: + +* vPortEnterCritical +* vPortExitCritical +* vPortGenerateSimulatedInterrupt diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskPrioritySet/TaskPrioritySet_harness.c b/FreeRTOS/Test/CBMC/proofs/Task/TaskPrioritySet/TaskPrioritySet_harness.c new file mode 100644 index 000000000..30339538d --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskPrioritySet/TaskPrioritySet_harness.c @@ -0,0 +1,57 @@ +/* + * FreeRTOS memory safety proofs with CBMC. + * Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * http://aws.amazon.com/freertos + * http://www.FreeRTOS.org + */ + +#include <stdint.h> + +/* FreeRTOS includes. */ +#include "FreeRTOS.h" +#include "task.h" + +BaseType_t xPrepareTaskLists( TaskHandle_t * xTask ); + +/* + * We assume `uxNewPriority` to be a valid priority (avoids failed assert). + * The harness test first calls two functions included in the tasks.c file + * that initialize the task lists and other global variables + */ +void harness() +{ + TaskHandle_t xTask; + UBaseType_t uxNewPriority; + BaseType_t xTasksPrepared; + + __CPROVER_assume( uxNewPriority < configMAX_PRIORITIES ); + + xTasksPrepared = xPrepareTaskLists( &xTask ); + + /* Check that this second invocation of xPrepareTaskLists is needed. */ + if ( xPrepareTaskLists( &xTask ) != pdFAIL ) + { + vTaskPrioritySet( xTask, uxNewPriority ); + } +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskPrioritySet/tasks_test_access_functions.h b/FreeRTOS/Test/CBMC/proofs/Task/TaskPrioritySet/tasks_test_access_functions.h new file mode 100644 index 000000000..9128138ab --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskPrioritySet/tasks_test_access_functions.h @@ -0,0 +1,125 @@ +/* + * FreeRTOS memory safety proofs with CBMC. + * Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * http://aws.amazon.com/freertos + * http://www.FreeRTOS.org + */ + +#include "cbmc.h" + +/* + * We allocate a TCB and set some members to basic values + */ +TaskHandle_t xUnconstrainedTCB( void ) +{ + TCB_t * pxTCB = pvPortMalloc(sizeof(TCB_t)); + uint8_t ucStaticAllocationFlag; + + if ( pxTCB == NULL ) + return NULL; + + __CPROVER_assume( pxTCB->uxPriority < configMAX_PRIORITIES ); + + vListInitialiseItem( &( pxTCB->xStateListItem ) ); + vListInitialiseItem( &( pxTCB->xEventListItem ) ); + + listSET_LIST_ITEM_OWNER( &( pxTCB->xStateListItem ), pxTCB ); + listSET_LIST_ITEM_OWNER( &( pxTCB->xEventListItem ), pxTCB ); + + if ( nondet_bool() ) + { + listSET_LIST_ITEM_VALUE( &( pxTCB->xStateListItem ), pxTCB->uxPriority ); + } + else + { + listSET_LIST_ITEM_VALUE( &( pxTCB->xStateListItem ), portMAX_DELAY ); + } + + if ( nondet_bool() ) + { + listSET_LIST_ITEM_VALUE( &( pxTCB->xEventListItem ), ( TickType_t ) configMAX_PRIORITIES - ( TickType_t ) pxTCB->uxPriority ); + } + else + { + listSET_LIST_ITEM_VALUE( &( pxTCB->xEventListItem ), portMAX_DELAY ); + } + + return pxTCB; +} + +/* + * We initialise and fill the task lists so coverage is optimal. + * This initialization is not guaranteed to be minimal, but it + * is quite efficient and it serves the same purpose + */ +BaseType_t xPrepareTaskLists( TaskHandle_t * xTask ) +{ + TCB_t * pxTCB = NULL; + + __CPROVER_assert_zero_allocation(); + + prvInitialiseTaskLists(); + + pxTCB = xUnconstrainedTCB(); + + /* Needed for coverage: nondet insertion of task. */ + if ( nondet_bool() ) + { + TCB_t * pxOtherTCB; + pxOtherTCB = xUnconstrainedTCB(); + if ( pxOtherTCB != NULL ) + { + vListInsert( &pxReadyTasksLists[ pxOtherTCB->uxPriority ], &( pxOtherTCB->xStateListItem ) ); + } + } + + if ( pxTCB != NULL ) + { + /* Needed for coverage: nondeterministic insertion of task */ + if ( nondet_bool() ) + { + vListInsert( &pxReadyTasksLists[ pxTCB->uxPriority ], &( pxTCB->xStateListItem ) ); + } + } + + /* Note that `*xTask = NULL` can happen here, but this is fine -- `pxCurrentTCB` will be used instead */ + *xTask = pxTCB; + + pxCurrentTCB = xUnconstrainedTCB(); + if ( pxCurrentTCB == NULL ) + { + return pdFAIL; + } + + /* Needed for coverage: nondeterministic insertion of task */ + if ( nondet_bool() ) + { + vListInsert( &pxReadyTasksLists[ pxCurrentTCB->uxPriority ], &( pxCurrentTCB->xStateListItem ) ); + + /* Needed for coverage. */ + listGET_OWNER_OF_NEXT_ENTRY( pxCurrentTCB , &pxReadyTasksLists[ pxCurrentTCB->uxPriority ] ); + } + + return pdPASS; +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskResumeAll/Configurations.json b/FreeRTOS/Test/CBMC/proofs/Task/TaskResumeAll/Configurations.json new file mode 100644 index 000000000..d2d1ab1f3 --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskResumeAll/Configurations.json @@ -0,0 +1,69 @@ +# +# FreeRTOS memory safety proofs with CBMC. +# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Permission is hereby granted, free of charge, to any person +# obtaining a copy of this software and associated documentation +# files (the "Software"), to deal in the Software without +# restriction, including without limitation the rights to use, copy, +# modify, merge, publish, distribute, sublicense, and/or sell copies +# of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# +# http://aws.amazon.com/freertos +# http://www.FreeRTOS.org +# + +{ + "ENTRY": "TaskResumeAll", + "DEF": + [ + { "default": + [ + "FREERTOS_MODULE_TEST", + "PENDED_TICKS=1", + "'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'", + "configUSE_TRACE_FACILITY=0", + "configGENERATE_RUN_TIME_STATS=0" + ] + }, + { "useTickHook1": + [ + "FREERTOS_MODULE_TEST", + "PENDED_TICKS=1", + "'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'", + "configUSE_TRACE_FACILITY=0", + "configGENERATE_RUN_TIME_STATS=0", + "configUSE_TICK_HOOK=1" + ] + } + ], + "CBMCFLAGS": + [ + "--unwind 1", + "--unwindset prvInitialiseTaskLists.0:8,xTaskResumeAll.0:2,vListInsert.0:5,xTaskIncrementTick.0:4" + + ], + "OBJS": + [ + "$(ENTRY)_harness.goto", + "$(FREERTOS)/Source/tasks.goto", + "$(FREERTOS)/Source/list.goto" + ], + "INC": + [ + "$(FREERTOS)/Test/CBMC/proofs/Task/TaskResumeAll/" + ] +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskResumeAll/README.md b/FreeRTOS/Test/CBMC/proofs/Task/TaskResumeAll/README.md new file mode 100644 index 000000000..e4e0e17ae --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskResumeAll/README.md @@ -0,0 +1,19 @@ +This proof demonstrates the memory safety of the TaskResumeAll function. We +assume that task lists are initialized and filled with a few list items. We +also assume that some global variables are set to a nondeterministic value, +except for `uxSchedulerSuspended` which cannot be 0 and `xPendedTicks` which +is either `1` (to unwind a loop in a reasonable amount of time) or `0`. + +Configurations available: + * `default`: The default configuration. + * `useTickHook1`: The default configuration with `configUSE_TICK_HOOK=1` + +This proof is a work-in-progress. Proof assumptions are described in +the harness. The proof also assumes the following functions are +memory safe and have no side effects relevant to the memory safety of +this function: + +* vApplicationTickHook +* vPortEnterCritical +* vPortExitCritical +* vPortGenerateSimulatedInterrupt diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskResumeAll/TaskResumeAll_harness.c b/FreeRTOS/Test/CBMC/proofs/Task/TaskResumeAll/TaskResumeAll_harness.c new file mode 100644 index 000000000..fbb4956f5 --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskResumeAll/TaskResumeAll_harness.c @@ -0,0 +1,53 @@ +/* + * FreeRTOS memory safety proofs with CBMC. + * Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * http://aws.amazon.com/freertos + * http://www.FreeRTOS.org + */ + +#include <stdint.h> + +/* FreeRTOS includes. */ +#include "FreeRTOS.h" +#include "task.h" + +void vSetGlobalVariables( void ); +BaseType_t xPrepareTaskLists( void ); + +/* + * The harness test first calls two functions included in the tasks.c file + * that initialize the task lists and other global variables + */ +void harness() +{ + BaseType_t xTasksPrepared; + + vSetGlobalVariables(); + xTasksPrepared = xPrepareTaskLists(); + + if ( xTasksPrepared != pdFAIL ) + { + xTaskResumeAll(); + } +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskResumeAll/tasks_test_access_functions.h b/FreeRTOS/Test/CBMC/proofs/Task/TaskResumeAll/tasks_test_access_functions.h new file mode 100644 index 000000000..981cd8284 --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskResumeAll/tasks_test_access_functions.h @@ -0,0 +1,138 @@ +/* + * FreeRTOS memory safety proofs with CBMC. + * Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * http://aws.amazon.com/freertos + * http://www.FreeRTOS.org + */ + +#include "cbmc.h" + +/* + * We allocate a TCB and set some members to basic values + */ +TaskHandle_t xUnconstrainedTCB( void ) +{ + TCB_t * pxTCB = pvPortMalloc(sizeof(TCB_t)); + + if ( pxTCB == NULL ) + return NULL; + + __CPROVER_assume( pxTCB->uxPriority < configMAX_PRIORITIES ); + + vListInitialiseItem( &( pxTCB->xStateListItem ) ); + vListInitialiseItem( &( pxTCB->xEventListItem ) ); + + listSET_LIST_ITEM_OWNER( &( pxTCB->xStateListItem ), pxTCB ); + listSET_LIST_ITEM_OWNER( &( pxTCB->xEventListItem ), pxTCB ); + + if ( nondet_bool() ) + { + listSET_LIST_ITEM_VALUE( &( pxTCB->xStateListItem ), pxTCB->uxPriority ); + } + else + { + listSET_LIST_ITEM_VALUE( &( pxTCB->xStateListItem ), portMAX_DELAY ); + } + + if ( nondet_bool() ) + { + listSET_LIST_ITEM_VALUE( &( pxTCB->xEventListItem ), ( TickType_t ) configMAX_PRIORITIES - ( TickType_t ) pxTCB->uxPriority ); + } + else + { + listSET_LIST_ITEM_VALUE( &( pxTCB->xEventListItem ), portMAX_DELAY ); + } + return pxTCB; +} + +/* + * We set xPendedTicks since __CPROVER_assume does not work + * well with statically initialised variables + */ +void vSetGlobalVariables( void ) { + UBaseType_t uxNonZeroValue; + + __CPROVER_assume( uxNonZeroValue != 0 ); + + uxSchedulerSuspended = uxNonZeroValue; + xPendedTicks = nondet_bool() ? PENDED_TICKS : 0; + uxCurrentNumberOfTasks = nondet_ubasetype(); + xTickCount = nondet_ticktype(); +} + +/* + * We initialise and fill the task lists so coverage is optimal. + * This initialization is not guaranteed to be minimal, but it + * is quite efficient and it serves the same purpose + */ +BaseType_t xPrepareTaskLists( void ) +{ + TCB_t * pxTCB = NULL; + + __CPROVER_assert_zero_allocation(); + + prvInitialiseTaskLists(); + + /* This task will be moved to a ready list, granting coverage + * on lines 2780-2786 (tasks.c) */ + pxTCB = xUnconstrainedTCB(); + if ( pxTCB == NULL ) + { + return pdFAIL; + } + vListInsert( pxOverflowDelayedTaskList, &( pxTCB->xStateListItem ) ); + + /* Use of this macro ensures coverage on line 185 (list.c) */ + listGET_OWNER_OF_NEXT_ENTRY( pxTCB , pxOverflowDelayedTaskList ); + + pxTCB = xUnconstrainedTCB(); + if ( pxTCB == NULL ) + { + return pdFAIL; + } + vListInsert( &xPendingReadyList, &( pxTCB->xStateListItem ) ); + vListInsert( pxOverflowDelayedTaskList, &( pxTCB->xEventListItem ) ); + + pxTCB = xUnconstrainedTCB(); + if ( pxTCB == NULL ) + { + return pdFAIL; + } + vListInsert( pxOverflowDelayedTaskList, &( pxTCB->xStateListItem ) ); + + /* This nondeterministic choice ensure coverage in line 2746 (tasks.c) */ + if ( nondet_bool() ) + { + vListInsert( pxOverflowDelayedTaskList, &( pxTCB->xEventListItem ) ); + } + + pxCurrentTCB = xUnconstrainedTCB(); + if ( pxCurrentTCB == NULL ) + { + return pdFAIL; + } + vListInsert( &pxReadyTasksLists[ pxCurrentTCB->uxPriority ], &( pxCurrentTCB->xStateListItem ) ); + + return pdPASS; +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskSetTimeOutState/Makefile.json b/FreeRTOS/Test/CBMC/proofs/Task/TaskSetTimeOutState/Makefile.json new file mode 100644 index 000000000..86e5e4b02 --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskSetTimeOutState/Makefile.json @@ -0,0 +1,48 @@ +# +# FreeRTOS memory safety proofs with CBMC. +# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Permission is hereby granted, free of charge, to any person +# obtaining a copy of this software and associated documentation +# files (the "Software"), to deal in the Software without +# restriction, including without limitation the rights to use, copy, +# modify, merge, publish, distribute, sublicense, and/or sell copies +# of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# +# http://aws.amazon.com/freertos +# http://www.FreeRTOS.org +# + +{ + "ENTRY": "TaskSetTimeOutState", + "DEF": + [ + "'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'" + ], + "CBMCFLAGS": + [ + "--unwind 1" + ], + "OBJS": + [ + "$(ENTRY)_harness.goto", + "$(FREERTOS)/Source/tasks.goto" + ], + "INC": + [ + "$(FREERTOS)/Test/CBMC/proofs/Task/TaskSetTimeOutState/" + ] +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskSetTimeOutState/README.md b/FreeRTOS/Test/CBMC/proofs/Task/TaskSetTimeOutState/README.md new file mode 100644 index 000000000..c4d1ecfa9 --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskSetTimeOutState/README.md @@ -0,0 +1,10 @@ +This proof demonstrates the memory safety of the TaskSetTimeOutState function. +No assumption is required other than its single argument being non-NULL. + +This proof is a work-in-progress. Proof assumptions are described in +the harness. The proof also assumes the following functions are +memory safe and have no side effects relevant to the memory safety of +this function: + +* vPortEnterCritical +* vPortExitCritical diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskSetTimeOutState/TaskSetTimeOutState_harness.c b/FreeRTOS/Test/CBMC/proofs/Task/TaskSetTimeOutState/TaskSetTimeOutState_harness.c new file mode 100644 index 000000000..b38aee6ea --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskSetTimeOutState/TaskSetTimeOutState_harness.c @@ -0,0 +1,44 @@ +/* + * FreeRTOS memory safety proofs with CBMC. + * Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * http://aws.amazon.com/freertos + * http://www.FreeRTOS.org + */ + +#include <stdint.h> + +/* FreeRTOS includes. */ +#include "FreeRTOS.h" +#include "task.h" + +/* + * We assume xTime to allocated since the function includes a configASSERT + * call at the beginning to make sure the pointer to it is not NULL + */ +void harness() +{ + TimeOut_t xTime; + + vTaskSetTimeOutState( &xTime ); +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskStartScheduler/Makefile.json b/FreeRTOS/Test/CBMC/proofs/Task/TaskStartScheduler/Makefile.json new file mode 100644 index 000000000..e2b8610ef --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskStartScheduler/Makefile.json @@ -0,0 +1,55 @@ +# +# FreeRTOS memory safety proofs with CBMC. +# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Permission is hereby granted, free of charge, to any person +# obtaining a copy of this software and associated documentation +# files (the "Software"), to deal in the Software without +# restriction, including without limitation the rights to use, copy, +# modify, merge, publish, distribute, sublicense, and/or sell copies +# of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# +# http://aws.amazon.com/freertos +# http://www.FreeRTOS.org +# + +{ + "ENTRY": "TaskStartScheduler", + "DEF": + [ + "FREERTOS_MODULE_TEST", + "'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'", + "configUSE_TRACE_FACILITY=0", + "configGENERATE_RUN_TIME_STATS=0" + ], + "CBMCFLAGS": + [ + "--unwind 1", + "--unwindset prvInitialiseTaskLists.0:8,prvInitialiseNewTask.0:16,prvInitialiseNewTask.1:4" + ], + "OBJS": + [ + "$(ENTRY)_harness.goto", + "$(FREERTOS)/Source/tasks.goto", + "$(FREERTOS)/Source/list.goto", + "$(FREERTOS)/Source/timers.goto", + "$(FREERTOS)/Source/queue.goto" + ], + "INC": + [ + "$(FREERTOS)/Test/CBMC/proofs/Task/TaskStartScheduler/" + ] +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskStartScheduler/README.md b/FreeRTOS/Test/CBMC/proofs/Task/TaskStartScheduler/README.md new file mode 100644 index 000000000..4e0294f7c --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskStartScheduler/README.md @@ -0,0 +1,18 @@ +This proof demonstrates the memory safety of the TaskStartScheduler function. +We assume that buffers for `pxIdleTaskTCB` and `pxTimerTaskTCB` (and their +associated stacks `pxIdleTaskStack` and `pxTimerTaskStack`) have been +previously allocated. The arguments passed by reference to +`vApplicationGetIdleTaskMemory` and `vApplicationGetTimerTaskMemory` are +assigned to these pointers since both functions expect statically-allocated +buffers to be passed. + +This proof is a work-in-progress. Proof assumptions are described in +the harness. The proof also assumes the following functions are +memory safe and have no side effects relevant to the memory safety of +this function: + +* pxPortInitialiseStack +* vConfigureTimerForRunTimeStats +* vPortEnterCritical +* vPortExitCritical +* xPortStartScheduler diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskStartScheduler/TaskStartScheduler_harness.c b/FreeRTOS/Test/CBMC/proofs/Task/TaskStartScheduler/TaskStartScheduler_harness.c new file mode 100644 index 000000000..ffa84fab1 --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskStartScheduler/TaskStartScheduler_harness.c @@ -0,0 +1,51 @@ +/* + * FreeRTOS memory safety proofs with CBMC. + * Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * http://aws.amazon.com/freertos + * http://www.FreeRTOS.org + */ + +#include <stdint.h> + +/* FreeRTOS includes. */ +#include "FreeRTOS.h" +#include "task.h" + +BaseType_t xPrepareTasks( void ); + +/* + * We prepare `pxCurrentTCB` and the idle/timer task buffers + * (TCB + stack), then we call the function if allocation was ok + */ +void harness() +{ + BaseType_t xTasksPrepared; + + xTasksPrepared = xPrepareTasks(); + + if ( xTasksPrepared != pdFAIL ) + { + vTaskStartScheduler(); + } +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskStartScheduler/tasks_test_access_functions.h b/FreeRTOS/Test/CBMC/proofs/Task/TaskStartScheduler/tasks_test_access_functions.h new file mode 100644 index 000000000..e985b51bc --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskStartScheduler/tasks_test_access_functions.h @@ -0,0 +1,110 @@ +/* + * FreeRTOS memory safety proofs with CBMC. + * Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * http://aws.amazon.com/freertos + * http://www.FreeRTOS.org + */ + +#include "cbmc.h" + +/* + * We allocate an unconstrained TCB or return NULL if it fails + */ +TaskHandle_t xUnconstrainedTCB( void ) +{ + TCB_t * pxTCB = pvPortMalloc(sizeof(TCB_t)); + + if ( pxTCB == NULL ) + return NULL; + + return pxTCB; +} + +StaticTask_t *pxIdleTaskTCB; +StaticTask_t *pxTimerTaskTCB; +StackType_t *pxIdleTaskStack; +StackType_t *pxTimerTaskStack; + +/* + * `pxCurrentTCB` allocation is allowed to fail. The global variables above + * this comment are used in the stubbed functions `vApplicationGetIdleTaskMemory` + * and `vApplicationGetTimerTaskMemory` (at the end of this file) and buffer allocation + * must be succesful for the proof to have no errors + */ +BaseType_t xPrepareTasks( void ) +{ + __CPROVER_assert_zero_allocation(); + + prvInitialiseTaskLists(); + + pxCurrentTCB = xUnconstrainedTCB(); + + pxIdleTaskTCB = pvPortMalloc(sizeof(StaticTask_t)); + if (pxIdleTaskTCB == NULL ) + { + return pdFAIL; + } + + pxIdleTaskStack = pvPortMalloc( sizeof(StackType_t) * configMINIMAL_STACK_SIZE ); + if ( pxIdleTaskStack == NULL ) + { + return pdFAIL; + } + + pxTimerTaskTCB = pvPortMalloc( sizeof(StaticTask_t) ); + if ( pxTimerTaskTCB == NULL ) + { + return pdFAIL; + } + + pxTimerTaskStack = pvPortMalloc( sizeof(StackType_t) * configTIMER_TASK_STACK_DEPTH ); + if ( pxTimerTaskStack == NULL ) + { + return pdFAIL; + } + + return pdPASS; +} + +/* + * The buffers used here have been succesfully allocated before (global variables) + */ +void vApplicationGetIdleTaskMemory( StaticTask_t ** ppxIdleTaskTCBBuffer, + StackType_t ** ppxIdleTaskStackBuffer, + uint32_t * pulIdleTaskStackSize ) +{ + *ppxIdleTaskTCBBuffer = pxIdleTaskTCB; + *ppxIdleTaskStackBuffer = pxIdleTaskStack; + *pulIdleTaskStackSize = configMINIMAL_STACK_SIZE; +} + +/* + * The buffers used here have been succesfully allocated before (global variables) + */ +void vApplicationGetTimerTaskMemory( StaticTask_t **ppxTimerTaskTCBBuffer, StackType_t **ppxTimerTaskStackBuffer, uint32_t *pulTimerTaskStackSize ) +{ + *ppxTimerTaskTCBBuffer = pxTimerTaskTCB; + *ppxTimerTaskStackBuffer = pxTimerTaskStack; + *pulTimerTaskStackSize = configTIMER_TASK_STACK_DEPTH; +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskSuspendAll/Makefile.json b/FreeRTOS/Test/CBMC/proofs/Task/TaskSuspendAll/Makefile.json new file mode 100644 index 000000000..e9403c769 --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskSuspendAll/Makefile.json @@ -0,0 +1,49 @@ +# +# FreeRTOS memory safety proofs with CBMC. +# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Permission is hereby granted, free of charge, to any person +# obtaining a copy of this software and associated documentation +# files (the "Software"), to deal in the Software without +# restriction, including without limitation the rights to use, copy, +# modify, merge, publish, distribute, sublicense, and/or sell copies +# of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# +# http://aws.amazon.com/freertos +# http://www.FreeRTOS.org +# + +{ + "ENTRY": "TaskSuspendAll", + "DEF": + [ + "'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'" + ], + "CBMCFLAGS": + [ + "--unwind 1" + ], + "OBJS": + [ + "$(ENTRY)_harness.goto", + "$(FREERTOS)/Source/tasks.goto", + "$(FREERTOS)/Source/list.goto" + ], + "INC": + [ + "$(FREERTOS)/Test/CBMC/proofs/Task/TaskSuspendAll/" + ] +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskSuspendAll/README.md b/FreeRTOS/Test/CBMC/proofs/Task/TaskSuspendAll/README.md new file mode 100644 index 000000000..3aa4e5e93 --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskSuspendAll/README.md @@ -0,0 +1,5 @@ +This proof demonstrates the memory safety of the TaskSuspendAll function. +No assumption or abstraction is required for this memory-safety proof. + +This proof is a work-in-progress. Proof assumptions are described in +the harness. diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskSuspendAll/TaskSuspendAll_harness.c b/FreeRTOS/Test/CBMC/proofs/Task/TaskSuspendAll/TaskSuspendAll_harness.c new file mode 100644 index 000000000..3fe438229 --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskSuspendAll/TaskSuspendAll_harness.c @@ -0,0 +1,42 @@ +/* + * FreeRTOS memory safety proofs with CBMC. + * Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * http://aws.amazon.com/freertos + * http://www.FreeRTOS.org + */ + +#include <stdint.h> + +/* FreeRTOS includes. */ +#include "FreeRTOS.h" +#include "task.h" + +/* + * We just call vTaskSuspendAll(). No assumption + * or abstraction is required for this proof + */ +void harness() +{ + vTaskSuspendAll(); +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskSwitchContext/Makefile.json b/FreeRTOS/Test/CBMC/proofs/Task/TaskSwitchContext/Makefile.json new file mode 100644 index 000000000..a17a721ca --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskSwitchContext/Makefile.json @@ -0,0 +1,52 @@ +# +# FreeRTOS memory safety proofs with CBMC. +# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Permission is hereby granted, free of charge, to any person +# obtaining a copy of this software and associated documentation +# files (the "Software"), to deal in the Software without +# restriction, including without limitation the rights to use, copy, +# modify, merge, publish, distribute, sublicense, and/or sell copies +# of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# +# http://aws.amazon.com/freertos +# http://www.FreeRTOS.org +# + +{ + "ENTRY": "TaskSwitchContext", + "DEF": + [ + "FREERTOS_MODULE_TEST", + "'portGET_HIGHEST_PRIORITY(uxTopPriority, uxReadyPriorities)=__CPROVER_assume( uxTopPriority < configMAX_PRIORITIES )'", + "'mtCOVERAGE_TEST_MARKER()=__CPROVER_assert(1, \"Coverage marker\")'" + ], + "CBMCFLAGS": + [ + "--unwind 1", + "--unwindset prvInitialiseTaskLists.0:8,xPrepareTaskLists.0:8,vListInsert.0:2" + ], + "OBJS": + [ + "$(ENTRY)_harness.goto", + "$(FREERTOS)/Source/tasks.goto", + "$(FREERTOS)/Source/list.goto" + ], + "INC": + [ + "$(FREERTOS)/Test/CBMC/proofs/Task/TaskSwitchContext/" + ] +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskSwitchContext/README.md b/FreeRTOS/Test/CBMC/proofs/Task/TaskSwitchContext/README.md new file mode 100644 index 000000000..5bc20c5e5 --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskSwitchContext/README.md @@ -0,0 +1,14 @@ +This proof demonstrates the memory safety of the TaskSwitchContext function. +We assume task ready lists to be initialized and filled with one element each, +and `pxCurrentTCB` to be the highest priority task. We also set +`uxSchedulerSuspended` to a nondeterministic value. + +This proof is a work-in-progress. Proof assumptions are described in +the harness. The proof also assumes the following functions are +memory safe and have no side effects relevant to the memory safety of +this function: + +* prvTraceGetCurrentTaskHandle +* prvTraceGetTaskNumber +* prvTraceStoreTaskswitch +* ulGetRunTimeCounterValue diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskSwitchContext/TaskSwitchContext_harness.c b/FreeRTOS/Test/CBMC/proofs/Task/TaskSwitchContext/TaskSwitchContext_harness.c new file mode 100644 index 000000000..52295bc81 --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskSwitchContext/TaskSwitchContext_harness.c @@ -0,0 +1,54 @@ +/* + * FreeRTOS memory safety proofs with CBMC. + * Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * http://aws.amazon.com/freertos + * http://www.FreeRTOS.org + */ + +#include <stdint.h> + +/* FreeRTOS includes. */ +#include "FreeRTOS.h" +#include "task.h" + +void vSetGlobalVariables( void ); +BaseType_t xPrepareTaskLists( void ); + +/* + * We prepare task lists by inserting one item in each list, + * and with the macro redefinition we ensure only valid ready + * task lists are checked in `taskSELECT_HIGHEST_PRIORITY_TASK()` + */ +void harness() +{ + BaseType_t xTasksPrepared; + + vSetGlobalVariables(); + xTasksPrepared = xPrepareTaskLists(); + + if ( xTasksPrepared != pdFAIL ) + { + vTaskSwitchContext(); + } +} diff --git a/FreeRTOS/Test/CBMC/proofs/Task/TaskSwitchContext/tasks_test_access_functions.h b/FreeRTOS/Test/CBMC/proofs/Task/TaskSwitchContext/tasks_test_access_functions.h new file mode 100644 index 000000000..2b5ebff7f --- /dev/null +++ b/FreeRTOS/Test/CBMC/proofs/Task/TaskSwitchContext/tasks_test_access_functions.h @@ -0,0 +1,103 @@ +/* + * FreeRTOS memory safety proofs with CBMC. + * Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * http://aws.amazon.com/freertos + * http://www.FreeRTOS.org + */ + +#include "cbmc.h" + +/* + * We allocate a TCB and set some members to basic values + */ +TaskHandle_t xUnconstrainedTCB( UBaseType_t uxPriority ) +{ + TCB_t * pxTCB = pvPortMalloc(sizeof(TCB_t)); + + if ( pxTCB == NULL ) + return NULL; + + /* uxPriority is set to a specific priority */ + pxTCB->uxPriority = uxPriority; + + vListInitialiseItem( &( pxTCB->xStateListItem ) ); + vListInitialiseItem( &( pxTCB->xEventListItem ) ); + + listSET_LIST_ITEM_OWNER( &( pxTCB->xStateListItem ), pxTCB ); + listSET_LIST_ITEM_OWNER( &( pxTCB->xEventListItem ), pxTCB ); + + if ( nondet_bool() ) + { + listSET_LIST_ITEM_VALUE( &( pxTCB->xStateListItem ), pxTCB->uxPriority ); + } + else + { + listSET_LIST_ITEM_VALUE( &( pxTCB->xStateListItem ), portMAX_DELAY ); + } + + if ( nondet_bool() ) + { + listSET_LIST_ITEM_VALUE( &( pxTCB->xEventListItem ), ( TickType_t ) configMAX_PRIORITIES - ( TickType_t ) pxTCB->uxPriority ); + } + else + { + listSET_LIST_ITEM_VALUE( &( pxTCB->xEventListItem ), portMAX_DELAY ); + } + return pxTCB; +} + +/* + * We set the values of relevant global + * variables to nondeterministic values + */ +void vSetGlobalVariables( void ) +{ + uxSchedulerSuspended = nondet_ubasetype(); +} + +/* + * We initialize and fill with one item each ready tasks list + * so that the assertion on line 175 (tasks.c) does not fail + */ +BaseType_t xPrepareTaskLists( void ) +{ + TCB_t * pxTCB = NULL; + + __CPROVER_assert_zero_allocation(); + + prvInitialiseTaskLists(); + + for ( int i = 0; i < configMAX_PRIORITIES; ++i ) + { + pxTCB = xUnconstrainedTCB( i ); + if ( pxTCB == NULL ) + { + return pdFAIL; + } + vListInsert( &pxReadyTasksLists[ pxTCB->uxPriority ], &( pxTCB->xStateListItem ) ); + } + listGET_OWNER_OF_NEXT_ENTRY( pxCurrentTCB, &pxReadyTasksLists[ configMAX_PRIORITIES - 1 ] ); + + return pdPASS; +} |