1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
CBMC Proof Infrastructure
=========================
This directory contains automated proofs of the memory safety of various parts
of the FreeRTOS codebase. A continuous integration system validates every
pull request posted to the repository against these proofs, and developers can
also run the proofs on their local machines.
The proofs are checked using the
[C Bounded Model Checker](http://www.cprover.org/cbmc/), an open-source static
analysis tool
([GitHub repository](https://github.com/diffblue/cbmc)). This README describes
how to run the proofs on your local clone of a:FR.
Bulding and running proofs
--------------------------
For historical reasons, some of the proofs are built and run using CMake
and CTest. Others use a custom python-based build system. New proofs
should use CMake. This README describes how to build and run both kinds
of proof.
CMake-based build
-----------------
Follow the CBMC installation instructions below.
Suppose that the freertos source tree is located at
`~/src/freertos` and you wish to build the proofs into
`~/build/freertos`. The following three commands build and run
the proofs:
```sh
cmake -S~/src/freertos -B~/build/freertos -DCOMPILER=cbmc
-DBOARD=windows -DVENDOR=pc
cmake --build ~/build/freertos --target all-proofs
cd ~/build/freertos && ctest -L cbmc
```
Alternatively, this single command does the same thing, assuming you
have the Ninja build tool installed:
```sh
ctest --build-and-test \
~/src/freertos \
~/build/freertos \
--build-target cbmc \
--build-generator Ninja \
--build-options \
-DCOMPILER=cbmc \
-DBOARD=windows \
-DVENDOR=pc \
--test-command ctest -j4 -L cbmc --output-on-failure
```
Python-based build
------------------
### Prerequisites
You will need Python 3. On Windows, you will need Visual Studio 2015 or later
(in particular, you will need the Developer Command Prompt and NMake). On macOS
and Linux, you will need Make.
### Installing CBMC
- Clone the [CBMC repository](https://github.com/diffblue/cbmc).
- The canonical compilation and installation instructions are in the
[COMPILING.md](https://github.com/diffblue/cbmc/blob/develop/COMPILING.md)
file in the CBMC repository; we reproduce the most important steps for
Windows users here, but refer to that document if in doubt.
- Download and install CMake from the [CMake website](https://cmake.org/download).
- Download and install the "git for Windows" package, which also
provides the `patch` command, from [here](https://git-scm.com/download/win).
- Download the flex and bison for Windows package from
[this sourceforge site](https://sourceforge.net/projects/winflexbison).
"Install" it by dropping the contents of the entire unzipped
package into the top-level CBMC source directory.
- Change into the top-level CBMC source directory and run
```
cmake -H. -Bbuild -DCMAKE_BUILD_TYPE=Release -DWITH_JBMC=OFF
cmake --build build
```
- Ensure that you can run the programs `cbmc`, `goto-cc` (or `goto-cl`
on Windows), and `goto-instrument` from the command line. If you build
CBMC with CMake, the programs will have been installed under the
`build/bin/Debug` directory under the top-level `cbmc` directory; you
should add that directory to your `$PATH`. If you built CBMC using
Make, then those programs will have been installed in the `src/cbmc`,
`src/goto-cc`, and `src/goto-instrument` directories respectively.
### Setting up the proofs
Change into the `proofs` directory. On Windows, run
```
python prepare.py
```
On macOS or Linux, run
```
./prepare.py
```
If you are on a Windows machine but want to generate Linux Makefiles (or vice
versa), you can pass the `--system linux` or `--system windows` options to those
programs.
### Running the proofs
Each of the leaf directories under `proofs` is a proof of the memory
safety of a single entry point in FreeRTOS. The scripts that you ran in the
previous step will have left a Makefile in each of those directories. To
run a proof, change into the directory for that proof and run `nmake` on
Windows or `make` on Linux or macOS. The proofs may take some time to
run; they eventually write their output to `cbmc.txt`, which should have
the text `VERIFICATION SUCCESSFUL` at the end.
### Proof directory structure
This directory contains the following subdirectories:
- `proofs` contains the proofs run against each pull request
- `patches` contains a set of patches that get applied to the codebase prior to
running the proofs
- `include` and `windows` contain header files used by the proofs.
|
