blob: b76b9c5e00209c0d374f4b4594a44b18709de25a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
Assuming the bound described in the harness, this harness proves memory safety
for the QueueReceive function abstracting away
the task pool and concurrency functions.
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* vPortEnterCritical
* vPortExitCritical
* vPortGenerateSimulatedInterrupt
* vTaskMissedYield
* vTaskPlaceOnEventList
* vTaskSuspendAll
* xTaskRemoveFromEventList
* xTaskResumeAll
|
