# The proof depends on one parameter: # BUFFER_SIZE is the size of the buffer being parsed # The buffer size must be bounded because we must bound the number of # iterations loops iterating over the buffer. { "ENTRY": "ProcessDHCPReplies", ################################################################ # Buffer header: sizeof(DHCPMessage_t) = 241 # Buffer header: sizeof(DHCPMessage_IPv4_t) = 240 "BUFFER_HEADER": 240, "ENDPOINT_DNS_ADDRESS_COUNT": 5, ################################################################ # Buffer size # Reasonable sizes are BUFFER_SIZE > BUFFER_HEADER # Sizes smaller than this causes CBMC to fail in simplify_byte_extract "BUFFER_SIZE": 252, ################################################################ # Buffer payload "BUFFER_PAYLOAD": "__eval 1 if {BUFFER_SIZE} <= {BUFFER_HEADER} else {BUFFER_SIZE} - {BUFFER_HEADER} + 1", "ENDPOINT_DNS_ADDRESS_COUNT_UNWIND": "__eval {ENDPOINT_DNS_ADDRESS_COUNT} + 1", ################################################################ "CBMCFLAGS": [ # "--nondet-static", "--unwind 1", "--unwindset __CPROVER_file_local_FreeRTOS_DHCP_c_vProcessHandleOption.0:{ENDPOINT_DNS_ADDRESS_COUNT_UNWIND}", "--unwindset __CPROVER_file_local_FreeRTOS_DHCP_c_vProcessHandleOption.1:{ENDPOINT_DNS_ADDRESS_COUNT_UNWIND}", "--unwindset memcmp.0:7,__CPROVER_file_local_FreeRTOS_DHCP_c_prvProcessDHCPReplies.0:{BUFFER_PAYLOAD}" ], "OPT": [ "--export-file-local-symbols" ], "OBJS": [ "$(ENTRY)_harness.goto", "$(FREERTOS_PLUS_TCP)/test/cbmc/stubs/cbmc.goto", "$(FREERTOS_PLUS_TCP)/test/cbmc/stubs/freertos_api.goto", "$(FREERTOS_PLUS_TCP)/source/FreeRTOS_DHCP.goto", "$(FREERTOS_PLUS_TCP)/source/portable/BufferManagement/BufferAllocation_2.goto", "$(FREERTOS_PLUS_TCP)/test/FreeRTOS-Kernel/event_groups.goto", "$(FREERTOS_PLUS_TCP)/test/FreeRTOS-Kernel/list.goto" ], "DEF": [ "CBMC_DHCPMESSAGE_HEADER_SIZE={BUFFER_HEADER}", "CBMC_FREERTOS_RECVFROM_BUFFER_BOUND={BUFFER_SIZE}", "ipconfigENDPOINT_DNS_ADDRESS_COUNT={ENDPOINT_DNS_ADDRESS_COUNT}" ] }