blob: 27122656ac3726893cc174c285bbb766ff016e5c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
Assuming the bound specified in the harness and abstracting the task pool and
concurrency functions, this harness proves the memory safety of QueueSemaphoreTake.
Some of the task pool functions are used to model concurrent behavior required
to trigger all branches during the model creation.
This proof is a work-in-progress. Proof assumptions are described in
the harness. The proof also assumes the following functions are
memory safe and have no side effects relevant to the memory safety of
this function:
* pvTaskIncrementMutexHeldCount
* vPortEnterCritical
* vPortExitCritical
* vPortGenerateSimulatedInterrupt
* vTaskMissedYield
* vTaskPlaceOnEventList
* vTaskPriorityDisinheritAfterTimeout
* vTaskSuspendAll
* xTaskPriorityDisinherit
* xTaskPriorityInherit
* xTaskRemoveFromEventList
* xTaskResumeAll
|
