1 /* Standard includes. */
2 #include <stdint.h>
3 #include <stdio.h>
4 
5 /* FreeRTOS includes. */
6 #include "FreeRTOS.h"
7 #include "task.h"
8 #include "queue.h"
9 #include "semphr.h"
10 
11 /* FreeRTOS+TCP includes. */
12 #include "FreeRTOS_IP.h"
13 #include "FreeRTOS_Sockets.h"
14 #include "FreeRTOS_IP_Private.h"
15 #include "FreeRTOS_UDP_IP.h"
16 #include "FreeRTOS_DHCP.h"
17 #include "NetworkInterface.h"
18 #include "NetworkBufferManagement.h"
19 #include "FreeRTOS_ARP.h"
20 
21 #include "cbmc.h"
22 
23 /****************************************************************
24 * Signature of function under test
25 ****************************************************************/
26 
27 void prvReadSackOption( const uint8_t * const pucPtr,
28                         size_t uxIndex,
29                         FreeRTOS_Socket_t * const pxSocket );
30 
31 /****************************************************************
32 * Proof of prvReadSackOption function contract
33 ****************************************************************/
34 
35 
36 
harness()37 void harness()
38 {
39     /* pucPtr points into a buffer */
40     size_t buffer_size;
41     uint8_t * pucPtr = malloc( buffer_size );
42 
43     __CPROVER_assume( pucPtr != NULL );
44 
45     /* uxIndex in an index into the buffer */
46     size_t uxIndex;
47 
48     /* pxSocket can be any socket with some initialized values */
49     FreeRTOS_Socket_t * pxSocket = malloc( sizeof( FreeRTOS_Socket_t ) );
50 
51     __CPROVER_assume( pxSocket != NULL );
52 
53     pxSocket->u.xTCP.txStream = malloc( sizeof( StreamBuffer_t ) );
54     __CPROVER_assume( pxSocket->u.xTCP.txStream != NULL );
55 
56     vListInitialise( &pxSocket->u.xTCP.xTCPWindow.xWaitQueue );
57 
58     if( nondet_bool() )
59     {
60         TCPSegment_t * segment = malloc( sizeof( TCPSegment_t ) );
61         __CPROVER_assume( segment != NULL );
62         listSET_LIST_ITEM_OWNER( &segment->xQueueItem, ( void * ) segment );
63         vListInsertEnd( &pxSocket->u.xTCP.xTCPWindow.xWaitQueue, &segment->xQueueItem );
64     }
65 
66     vListInitialise( &pxSocket->u.xTCP.xTCPWindow.xTxSegments );
67 
68     if( nondet_bool() )
69     {
70         TCPSegment_t * segment = malloc( sizeof( TCPSegment_t ) );
71         __CPROVER_assume( segment != NULL );
72         vListInitialiseItem( &segment->xSegmentItem );
73         listSET_LIST_ITEM_OWNER( &segment->xQueueItem, ( void * ) segment );
74         vListInsertEnd( &pxSocket->u.xTCP.xTCPWindow.xTxSegments, &segment->xQueueItem );
75     }
76 
77     vListInitialise( &pxSocket->u.xTCP.xTCPWindow.xPriorityQueue );
78 
79     extern List_t xSegmentList;
80 
81     vListInitialise( &xSegmentList );
82 
83     /****************************************************************
84     * Specification and proof of CheckOptions inner loop
85     ****************************************************************/
86 
87     /* Preconditions */
88 
89     /* CBMC model of pointers limits the size of the buffer */
90     __CPROVER_assume( buffer_size < CBMC_MAX_OBJECT_SIZE );
91 
92     /* Both preconditions are required to avoid integer overflow in the */
93     /* pointer offset of the pointer pucPtr + uxIndex + 8 */
94     __CPROVER_assume( uxIndex <= buffer_size );
95     __CPROVER_assume( uxIndex + 8 <= buffer_size );
96 
97     /* Assuming quite a bit more about the initialization of pxSocket */
98     __CPROVER_assume( pucPtr != NULL );
99     __CPROVER_assume( pxSocket != NULL );
100 
101     prvReadSackOption( pucPtr, uxIndex, pxSocket );
102 
103     /* No postconditions required */
104 }
105