diff options
Diffstat (limited to 'FreeRTOS-Plus/Test/CBMC/proofs/DHCP/DHCPProcess')
4 files changed, 202 insertions, 0 deletions
diff --git a/FreeRTOS-Plus/Test/CBMC/proofs/DHCP/DHCPProcess/DHCPProcess_harness.c b/FreeRTOS-Plus/Test/CBMC/proofs/DHCP/DHCPProcess/DHCPProcess_harness.c new file mode 100644 index 000000000..bbed7b243 --- /dev/null +++ b/FreeRTOS-Plus/Test/CBMC/proofs/DHCP/DHCPProcess/DHCPProcess_harness.c @@ -0,0 +1,102 @@ +/* + * FreeRTOS memory safety proofs with CBMC. + * Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * http://aws.amazon.com/freertos + * http://www.FreeRTOS.org + */ + +/* Standard includes. */ +#include <stdint.h> + +/* FreeRTOS includes. */ +#include "FreeRTOS.h" +#include "task.h" +#include "semphr.h" + +/* FreeRTOS+TCP includes. */ +#include "FreeRTOS_IP.h" +#include "FreeRTOS_Sockets.h" +#include "FreeRTOS_IP_Private.h" +#include "FreeRTOS_UDP_IP.h" +#include "FreeRTOS_DHCP.h" +#include "FreeRTOS_ARP.h" + +/* Static members defined in FreeRTOS_DHCP.c */ +extern DHCPData_t xDHCPData; +extern Socket_t xDHCPSocket; +void prvCreateDHCPSocket(); + +/* Static member defined in freertos_api.c */ +#ifdef CBMC_GETNETWORKBUFFER_FAILURE_BOUND + extern uint32_t GetNetworkBuffer_failure_count; +#endif + +/**************************************************************** + * The signature of the function under test. + ****************************************************************/ + +void vDHCPProcess( BaseType_t xReset ); + +/**************************************************************** + * Abstract prvProcessDHCPReplies proved memory safe in ProcessDHCPReplies. + ****************************************************************/ + +BaseType_t prvProcessDHCPReplies( BaseType_t xExpectedMessageType ) +{ + return nondet_BaseType(); +} + +/**************************************************************** + * The proof of vDHCPProcess + ****************************************************************/ + +void harness() +{ + BaseType_t xReset; + + /**************************************************************** + * Initialize the counter used to bound the number of times + * GetNetworkBufferWithDescriptor can fail. + ****************************************************************/ + + #ifdef CBMC_GETNETWORKBUFFER_FAILURE_BOUND + GetNetworkBuffer_failure_count = 0; + #endif + + /**************************************************************** + * Assume a valid socket in most states of the DHCP state machine. + * + * The socket is created in the eWaitingSendFirstDiscover state. + * xReset==True resets the state to eWaitingSendFirstDiscover. + ****************************************************************/ + + if( !( ( xDHCPData.eDHCPState == eWaitingSendFirstDiscover ) || + ( xReset != pdFALSE ) ) ) + { + prvCreateDHCPSocket(); + __CPROVER_assume( xDHCPSocket != NULL ); + } + + vDHCPProcess( xReset ); +} diff --git a/FreeRTOS-Plus/Test/CBMC/proofs/DHCP/DHCPProcess/Makefile.json b/FreeRTOS-Plus/Test/CBMC/proofs/DHCP/DHCPProcess/Makefile.json new file mode 100644 index 000000000..d96988754 --- /dev/null +++ b/FreeRTOS-Plus/Test/CBMC/proofs/DHCP/DHCPProcess/Makefile.json @@ -0,0 +1,56 @@ +# +# FreeRTOS memory safety proofs with CBMC. +# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Permission is hereby granted, free of charge, to any person +# obtaining a copy of this software and associated documentation +# files (the "Software"), to deal in the Software without +# restriction, including without limitation the rights to use, copy, +# modify, merge, publish, distribute, sublicense, and/or sell copies +# of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# +# http://aws.amazon.com/freertos +# http://www.FreeRTOS.org +# + +{ + "ENTRY": "DHCPProcess", + + # Minimal buffer size for maximum coverage, see harness for details. + "BUFFER_SIZE": 299, + + # The number of times GetNetworkBufferWithDescriptor can be allowed to fail + # (plus 1). + "FAILURE_BOUND": 2, + + "CBMCFLAGS": "--unwind 4 --unwindset strlen.0:11,memcmp.0:7,prvProcessDHCPReplies.0:8,prvCreatePartDHCPMessage.0:{FAILURE_BOUND} --nondet-static --flush", + "OBJS": + [ + "$(ENTRY)_harness.goto", + "$(FREERTOS)/../FreeRTOS-Plus/Test/CBMC/stubs/cbmc.goto", + "$(FREERTOS)/../FreeRTOS-Plus/Test/CBMC/stubs/freertos_api.goto", + "$(FREERTOS)/../FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/FreeRTOS_DHCP.goto", + "$(FREERTOS)/../FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/FreeRTOS_IP.goto", + "$(FREERTOS)/../FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/FreeRTOS_ARP.goto" + ], + + "DEF": + [ + "BUFFER_SIZE={BUFFER_SIZE}", + "CBMC_REQUIRE_NETWORKBUFFER_ETHERNETBUFFER_NONNULL=1", + "CBMC_GETNETWORKBUFFER_FAILURE_BOUND={FAILURE_BOUND}" + ] +} diff --git a/FreeRTOS-Plus/Test/CBMC/proofs/DHCP/DHCPProcess/README.md b/FreeRTOS-Plus/Test/CBMC/proofs/DHCP/DHCPProcess/README.md new file mode 100644 index 000000000..0de21e6b1 --- /dev/null +++ b/FreeRTOS-Plus/Test/CBMC/proofs/DHCP/DHCPProcess/README.md @@ -0,0 +1,28 @@ +This is the memory safety proof for DHCPProcess function, which is the +function that triggers the DHCP protocol. + +The main stubs in this proof deal with buffer management, which assume +that the buffer is large enough to accomodate a DHCP message plus a +few additional bytes for options (which is the last, variable-sized +field in a DHCP message). We have abstracted away sockets, concurrency +and third-party code. For more details, please check the comments on +the harness file. + +This proof is a work-in-progress. Proof assumptions are described in +the harness. The proof also assumes the following functions are +memory safe and have no side effects relevant to the memory safety of +this function: + +* FreeRTOS_sendto +* FreeRTOS_setsockopt +* FreeRTOS_socket +* ulRand +* vARPSendGratuitous +* vApplicationIPNetworkEventHook +* vLoggingPrintf +* vPortEnterCritical +* vPortExitCritical +* vReleaseNetworkBufferAndDescriptor +* vSocketBind +* vSocketClose + diff --git a/FreeRTOS-Plus/Test/CBMC/proofs/DHCP/DHCPProcess/cbmc-viewer.json b/FreeRTOS-Plus/Test/CBMC/proofs/DHCP/DHCPProcess/cbmc-viewer.json new file mode 100644 index 000000000..1bc333788 --- /dev/null +++ b/FreeRTOS-Plus/Test/CBMC/proofs/DHCP/DHCPProcess/cbmc-viewer.json @@ -0,0 +1,16 @@ +{ "expected-missing-functions": + [ + "vPortEnterCritical", + "vPortExitCritical", + "vSocketBind", + "vSocketClose", + "vTaskSetTimeOutState", + "xTaskGetTickCount", + "xTaskGetCurrentTaskHandle", + "xQueueGenericSend", + "xApplicationGetRandomNumber", + "vLoggingPrintf" + ], + "proof-name": "DHCPProcess", + "proof-root": "tools/cbmc/proofs" +} |