Fix CBMC proofs for DNS#718
Merged
tony-josi-aws merged 30 commits intoFreeRTOS:dev/IPv6_integrationfrom Feb 23, 2023
Merged
Conversation
Prior to this commit, CBMC would emit logging information in plain text format, which does not contain information required for the CBMC VSCode debugger. This commit makes CBMC use XML instead of plain text. Co-authored-by: Mark Tuttle <tuttle@acm.org>
| { | ||
| #if ( ipconfigUSE_IPv6 != 0 ) | ||
| if( ( *ppxAddressInfo )->ai_family == FREERTOS_AF_INET6 ) | ||
| if( ( ppxAddressInfo != NULL) && ( *ppxAddressInfo )->ai_family == FREERTOS_AF_INET6 ) |
Member
There was a problem hiding this comment.
Suggested change
| if( ( ppxAddressInfo != NULL) && ( *ppxAddressInfo )->ai_family == FREERTOS_AF_INET6 ) | |
| if( ( ppxAddressInfo != NULL ) && | |
| ( ( *ppxAddressInfo )->ai_family == FREERTOS_AF_INET6 ) ) |
Member
Author
There was a problem hiding this comment.
Updated all formatting issues
| BaseType_t ret; | ||
| int len; | ||
|
|
||
| __CPROVER_assume( len > sizeof(DNSMessage_t) && len < CBMC_MAX_OBJECT_SIZE ); |
Member
There was a problem hiding this comment.
Suggested change
| __CPROVER_assume( len > sizeof(DNSMessage_t) && len < CBMC_MAX_OBJECT_SIZE ); | |
| __CPROVER_assume( ( len > sizeof( DNSMessage_t ) ) && | |
| ( len < CBMC_MAX_OBJECT_SIZE ) ); |
| Socket_t sock; | ||
|
|
||
| Socket_t sock = safeMalloc( sizeof(struct xSOCKET) ); | ||
| __CPROVER_assume(sock != NULL); |
Member
There was a problem hiding this comment.
Suggested change
| __CPROVER_assume(sock != NULL); | |
| __CPROVER_assume( sock != NULL ); |
Comment on lines
+185
to
+186
| pxNetworkBuffer->pucEthernetBuffer = ( (uint8_t *) malloc( xRequestedSizeBytes + ipUDP_PAYLOAD_IP_TYPE_OFFSET ) ) + ipUDP_PAYLOAD_IP_TYPE_OFFSET; | ||
| __CPROVER_assume( pxNetworkBuffer->pucEthernetBuffer != NULL ); |
Member
There was a problem hiding this comment.
Why are we assuming this? Why cannot malloc fail? In actual scenario, it can fail and in this proof it should fail too. And we need to make the code robust to check this if we are not doing that already.
| __CPROVER_assume( pxNetworkBuffer != NULL ); | ||
|
|
||
| pxNetworkBuffer->pucEthernetBuffer = ( (uint8_t *) malloc( xRequestedSizeBytes + ipUDP_PAYLOAD_IP_TYPE_OFFSET ) ) + ipUDP_PAYLOAD_IP_TYPE_OFFSET; | ||
| __CPROVER_assume( pxNetworkBuffer->pucEthernetBuffer != NULL ); |
Member
There was a problem hiding this comment.
Similarly this should not be here. Malloc can fail in real life.
| { | ||
|
|
||
| Socket_t sock = safeMalloc( sizeof(struct xSOCKET) ); | ||
| __CPROVER_assume(sock != NULL); |
Member
There was a problem hiding this comment.
Similar comment here. Do we have a justification for the malloc not to fail?
| Socket_t DNS_CreateSocket( TickType_t uxReadTimeout_ticks ); | ||
| void DNS_CloseSocket( Socket_t xDNSSocket ); | ||
| void DNS_ReadReply( Socket_t xDNSSocket, | ||
| BaseType_t DNS_ReadReply( const ConstSocket_t xDNSSocket, |
Member
There was a problem hiding this comment.
Do we need const ConstSocket_t? Or should ConstSocket_t be enough?
| NetworkBufferDescriptor_t * pxGetNetworkBufferWithDescriptor( size_t xRequestedSizeBytes, | ||
| TickType_t xBlockTimeTicks ) | ||
| { | ||
| NetworkBufferDescriptor_t * pxNetworkBuffer = ( NetworkBufferDescriptor_t * ) malloc( sizeof( NetworkBufferDescriptor_t ) ); |
Member
There was a problem hiding this comment.
Why are we using malloc and safeMalloc? Why not stick to one?
| will be less than ipconfigENDPOINT_DNS_ADDRESS_COUNT */ | ||
| __CPROVER_assume( pxNetworkEndPoints->ipv6_settings.ucDNSIndex < ipconfigENDPOINT_DNS_ADDRESS_COUNT ); | ||
| __CPROVER_assume( pxNetworkEndPoints->ipv4_settings.ucDNSIndex < ipconfigENDPOINT_DNS_ADDRESS_COUNT ); | ||
| __CPROVER_assume( pxNetworkEndPoints->pxNext == NULL ); |
Member
There was a problem hiding this comment.
Why assume when you can set it to NULL directly?
| "Precondition: pcHostName != NULL" ); | ||
| __CPROVER_assert( pvSearchID != NULL, | ||
| "Precondition: pvSearchID != NULL" ); | ||
| } |
Member
There was a problem hiding this comment.
Any asserts on the pxAddressInfo pointer?
| pxNetworkEndPoints->pxNetworkInterface = ( NetworkInterface_t * ) malloc( sizeof( NetworkInterface_t ) ); | ||
| __CPROVER_assume( pxNetworkEndPoints->pxNetworkInterface != NULL ); | ||
|
|
||
| //pxNetworkEndPoints->pxNetworkInterface->pfOutput = &NetworkInterfaceOutputFunction_Stub; |
| { | ||
| size_t len; | ||
|
|
||
| pxNetworkEndPoints = ( NetworkEndPoint_t * ) safeMalloc( sizeof( NetworkEndPoint_t ) ); |
Member
There was a problem hiding this comment.
Here again we are using safeMalloc. Why not use malloc only?
shubnil
approved these changes
Feb 23, 2023
tony-josi-aws
added a commit
to tony-josi-aws/FreeRTOS-Plus-TCP
that referenced
this pull request
Feb 24, 2023
* Use CBMC XML output to enable VSCode debugger (FreeRTOS#673) Prior to this commit, CBMC would emit logging information in plain text format, which does not contain information required for the CBMC VSCode debugger. This commit makes CBMC use XML instead of plain text. Co-authored-by: Mark Tuttle <tuttle@acm.org> * wip * wip DNSgetHostByName * wip DNSgetHostByName * fixed cbmc proof for DNS_ReadNameField * wip DNSgetHostByName_a_harness * Fix CBMC prooff for DNSgetHostByName * wip fix DNSgetHostByName_a CBMC proof * fixed cbmc target func not called issue in DNSclear * fixed cbmc target func not called issue in DNSlookup * fix DNSgetHostByName_a CBMC proof * update comments * more asserts * fixing formatting * updating as per review comments * fix dns after review comments * adding more asserts * adds more asserts * minor fix * fixing comments * fixing comments * fixing minor issue * fixing DNS_ReadReply() signature * making code more consistant * adding more asserts * making code more consistent --------- Co-authored-by: Kareem Khazem <karkhaz@amazon.com> Co-authored-by: Mark Tuttle <tuttle@acm.org>
tony-josi-aws
added a commit
that referenced
this pull request
Feb 24, 2023
* updating doxygen config * fixing doxygen comments * adding IPv6 files and fixing comments * fix doxygen cfg and file names in comments * wip doxygen v6 docs * adding doxygen comments * include RA src file to doxgendocs generation * fix spell check issues * Uncrustify: triggered by comment. * fix minor build issue * fix spell check issues * Uncrustify: triggered by comment * fix trailing white space * Dev integration hein.v8 (#738) * Updating tcp utilities * Some more change in dev_integration_hein.v8 * In FreeRTOS_DNS_Parser.c : use 'ipUDP_PAYLOAD_OFFSET_IPv4' in stead of 'ipIP_PAYLOAD_OFFSET' * And a few more corrections * Changes to WinPCap network interface, removed debugging code * After applying uncrustify * Oops, I forgot the push changes in include files. * Now removing it, hopefully --------- Co-authored-by: Nikhil Kamath <110539926+amazonKamath@users.noreply.github.com> Co-authored-by: Monika Singh <108652024+moninom1@users.noreply.github.com> * Fix CBMC proofs for DNS (#718) * Use CBMC XML output to enable VSCode debugger (#673) Prior to this commit, CBMC would emit logging information in plain text format, which does not contain information required for the CBMC VSCode debugger. This commit makes CBMC use XML instead of plain text. Co-authored-by: Mark Tuttle <tuttle@acm.org> * wip * wip DNSgetHostByName * wip DNSgetHostByName * fixed cbmc proof for DNS_ReadNameField * wip DNSgetHostByName_a_harness * Fix CBMC prooff for DNSgetHostByName * wip fix DNSgetHostByName_a CBMC proof * fixed cbmc target func not called issue in DNSclear * fixed cbmc target func not called issue in DNSlookup * fix DNSgetHostByName_a CBMC proof * update comments * more asserts * fixing formatting * updating as per review comments * fix dns after review comments * adding more asserts * adds more asserts * minor fix * fixing comments * fixing comments * fixing minor issue * fixing DNS_ReadReply() signature * making code more consistant * adding more asserts * making code more consistent --------- Co-authored-by: Kareem Khazem <karkhaz@amazon.com> Co-authored-by: Mark Tuttle <tuttle@acm.org> * Uncrustify: triggered by comment * fixing formatting --------- Co-authored-by: GitHub Action <action@github.com> Co-authored-by: Hein Tibosch <hein_tibosch@yahoo.es> Co-authored-by: Nikhil Kamath <110539926+amazonKamath@users.noreply.github.com> Co-authored-by: Monika Singh <108652024+moninom1@users.noreply.github.com> Co-authored-by: Kareem Khazem <karkhaz@amazon.com> Co-authored-by: Mark Tuttle <tuttle@acm.org>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR fixes the build issues and proof failures for the DNS CBMC proofs post the IPv6 changes.
Test Steps
Related Issue
Failing CBMC proofs
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.