From b3af566a7ddd008e37cf94dc51c4d6b4f44de3ad Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 11 Oct 2022 11:54:15 -0400 Subject: [PATCH 001/289] Added .DS_Store files to .gitignore. --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitignore b/.gitignore index af2ca7b0ab5..2b592bb3194 100644 --- a/.gitignore +++ b/.gitignore @@ -19,3 +19,6 @@ __pycache__/ # Ignore certificate files. *.pem *.crt + +# Ignore OS bookkeeping files +.DS_Store From 143e76755ef1ed799307f1b79efa09dc557755ba Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 11 Oct 2022 11:54:32 -0400 Subject: [PATCH 002/289] Added FreeRTOS-SMP-Demos repo as submodule. --- .gitmodules | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .gitmodules diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 00000000000..d39461e659f --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "verification/verifast/demos/FreeRTOS-SMP-Demos"] + path = verification/verifast/demos/FreeRTOS-SMP-Demos + url = https://github.com/Tobias-internship-AWS-2022/FreeRTOS-SMP-Demos.git From 0c3f65d8ad2bd27404207e922774c2723254e8b6 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 11 Oct 2022 12:20:41 -0400 Subject: [PATCH 003/289] Setup environment for VeriFast proof and start script for vfide. --- tasks.c | 5 + .../verifast/proof_setup/FreeRTOSConfig.h | 140 +++ verification/verifast/proof_setup/README.md | 2 + .../verifast/proof_setup/generated/README.md | 1 + .../generated/pico_base/pico/README.md | 3 + .../generated/pico_base/pico/config_autogen.h | 19 + .../generated/pico_base/pico/version.h | 21 + .../verifast/proof_setup/pico/README.md | 2 + .../verifast/proof_setup/pico/platform.h | 504 ++++++++++ .../verifast/proof_setup/sys/README.md | 12 + verification/verifast/proof_setup/sys/cdefs.h | 924 ++++++++++++++++++ .../proof_setup/verifast_proof_defs.h | 24 + verification/verifast/start-vfide.sh | 91 ++ 13 files changed, 1748 insertions(+) create mode 100644 verification/verifast/proof_setup/FreeRTOSConfig.h create mode 100644 verification/verifast/proof_setup/README.md create mode 100644 verification/verifast/proof_setup/generated/README.md create mode 100644 verification/verifast/proof_setup/generated/pico_base/pico/README.md create mode 100644 verification/verifast/proof_setup/generated/pico_base/pico/config_autogen.h create mode 100644 verification/verifast/proof_setup/generated/pico_base/pico/version.h create mode 100644 verification/verifast/proof_setup/pico/README.md create mode 100644 verification/verifast/proof_setup/pico/platform.h create mode 100644 verification/verifast/proof_setup/sys/README.md create mode 100644 verification/verifast/proof_setup/sys/cdefs.h create mode 100644 verification/verifast/proof_setup/verifast_proof_defs.h create mode 100755 verification/verifast/start-vfide.sh diff --git a/tasks.c b/tasks.c index 046aed9aace..ff67e224f55 100644 --- a/tasks.c +++ b/tasks.c @@ -23,6 +23,11 @@ * https://github.com/FreeRTOS * */ + +/* Verifast proof setup */ +#ifdef VERIFAST_PROOF + #include "verifast_proof_defs.h" +#endif /* Standard includes. */ #include diff --git a/verification/verifast/proof_setup/FreeRTOSConfig.h b/verification/verifast/proof_setup/FreeRTOSConfig.h new file mode 100644 index 00000000000..31f51ccc955 --- /dev/null +++ b/verification/verifast/proof_setup/FreeRTOSConfig.h @@ -0,0 +1,140 @@ +/* This is a stub used for the VeriFast proof. */ + +/* + * FreeRTOS V202107.00 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * http://www.FreeRTOS.org + * http://aws.amazon.com/freertos + * + * 1 tab == 4 spaces! + */ + +#ifndef FREERTOS_CONFIG_H +#define FREERTOS_CONFIG_H + +/*----------------------------------------------------------- + * Application specific definitions. + * + * These definitions should be adjusted for your particular hardware and + * application requirements. + * + * THESE PARAMETERS ARE DESCRIBED WITHIN THE 'CONFIGURATION' SECTION OF THE + * FreeRTOS API DOCUMENTATION AVAILABLE ON THE FreeRTOS.org WEB SITE. + * + * See http://www.freertos.org/a00110.html + *----------------------------------------------------------*/ + +/* Scheduler Related */ +#define configUSE_PREEMPTION 1 +#define configUSE_TICKLESS_IDLE 0 +#define configUSE_IDLE_HOOK 0 +#define configUSE_TICK_HOOK 1 +#define configTICK_RATE_HZ ( ( TickType_t ) 1000 ) +#define configMAX_PRIORITIES 32 +#define configMINIMAL_STACK_SIZE ( configSTACK_DEPTH_TYPE ) 256 +#define configUSE_16_BIT_TICKS 0 + +#define configIDLE_SHOULD_YIELD 1 + +/* Synchronization Related */ +#define configUSE_MUTEXES 1 +#define configUSE_RECURSIVE_MUTEXES 1 +#define configUSE_APPLICATION_TASK_TAG 0 +#define configUSE_COUNTING_SEMAPHORES 1 +#define configQUEUE_REGISTRY_SIZE 8 +#define configUSE_QUEUE_SETS 1 +#define configUSE_TIME_SLICING 1 +#define configUSE_NEWLIB_REENTRANT 0 +#define configENABLE_BACKWARD_COMPATIBILITY 0 +#define configNUM_THREAD_LOCAL_STORAGE_POINTERS 5 + +/* System */ +#define configSTACK_DEPTH_TYPE uint32_t +#define configMESSAGE_BUFFER_LENGTH_TYPE size_t + +/* Memory allocation related definitions. */ +#define configSUPPORT_STATIC_ALLOCATION 0 +#define configSUPPORT_DYNAMIC_ALLOCATION 1 +#define configTOTAL_HEAP_SIZE (128*1024) +#define configAPPLICATION_ALLOCATED_HEAP 0 + +/* Hook function related definitions. */ +#define configCHECK_FOR_STACK_OVERFLOW 2 +#define configUSE_MALLOC_FAILED_HOOK 1 +#define configUSE_DAEMON_TASK_STARTUP_HOOK 0 + +/* Run time and task stats gathering related definitions. */ +#define configGENERATE_RUN_TIME_STATS 0 +#define configUSE_TRACE_FACILITY 1 +#define configUSE_STATS_FORMATTING_FUNCTIONS 0 + +/* Co-routine related definitions. */ +#define configUSE_CO_ROUTINES 0 +#define configMAX_CO_ROUTINE_PRIORITIES 1 + +/* Software timer related definitions. */ +#define configUSE_TIMERS 1 +#define configTIMER_TASK_PRIORITY ( configMAX_PRIORITIES - 1 ) +#define configTIMER_QUEUE_LENGTH 10 +#define configTIMER_TASK_STACK_DEPTH 1024 + +/* Interrupt nesting behaviour configuration. */ +/* +#define configKERNEL_INTERRUPT_PRIORITY [dependent of processor] +#define configMAX_SYSCALL_INTERRUPT_PRIORITY [dependent on processor and application] +#define configMAX_API_CALL_INTERRUPT_PRIORITY [dependent on processor and application] +*/ + +/* SMP port only */ +#define configNUM_CORES 1 +#define configTICK_CORE 1 +#define configRUN_MULTIPLE_PRIORITIES 1 + +/* RP2040 specific */ +#define configSUPPORT_PICO_SYNC_INTEROP 1 +#define configSUPPORT_PICO_TIME_INTEROP 1 + +#include +/* Define to trap errors during development. */ +#define configASSERT(x) assert(x) + +/* Set the following definitions to 1 to include the API function, or zero +to exclude the API function. */ +#define INCLUDE_vTaskPrioritySet 1 +#define INCLUDE_uxTaskPriorityGet 1 +#define INCLUDE_vTaskDelete 1 +#define INCLUDE_vTaskSuspend 1 +#define INCLUDE_vTaskDelayUntil 1 +#define INCLUDE_vTaskDelay 1 +#define INCLUDE_xTaskGetSchedulerState 1 +#define INCLUDE_xTaskGetCurrentTaskHandle 1 +#define INCLUDE_uxTaskGetStackHighWaterMark 1 +#define INCLUDE_xTaskGetIdleTaskHandle 1 +#define INCLUDE_eTaskGetState 1 +#define INCLUDE_xTimerPendFunctionCall 1 +#define INCLUDE_xTaskAbortDelay 1 +#define INCLUDE_xTaskGetHandle 1 +#define INCLUDE_xTaskResumeFromISR 1 +#define INCLUDE_xQueueGetMutexHolder 1 + +/* A header file that defines trace macro can be included here. */ + +#endif /* FREERTOS_CONFIG_H */ diff --git a/verification/verifast/proof_setup/README.md b/verification/verifast/proof_setup/README.md new file mode 100644 index 00000000000..fba9881513a --- /dev/null +++ b/verification/verifast/proof_setup/README.md @@ -0,0 +1,2 @@ +The current proof setup uses the preconfigured setup from +`$FREERTOS_SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore` diff --git a/verification/verifast/proof_setup/generated/README.md b/verification/verifast/proof_setup/generated/README.md new file mode 100644 index 00000000000..74d8029f2a4 --- /dev/null +++ b/verification/verifast/proof_setup/generated/README.md @@ -0,0 +1 @@ +This directory contains files that would normally be generated during the build. diff --git a/verification/verifast/proof_setup/generated/pico_base/pico/README.md b/verification/verifast/proof_setup/generated/pico_base/pico/README.md new file mode 100644 index 00000000000..f17fa89d613 --- /dev/null +++ b/verification/verifast/proof_setup/generated/pico_base/pico/README.md @@ -0,0 +1,3 @@ +This directory contains files that would normally be generated during the build +and placed into +`$FREERTOS_SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base/pico` diff --git a/verification/verifast/proof_setup/generated/pico_base/pico/config_autogen.h b/verification/verifast/proof_setup/generated/pico_base/pico/config_autogen.h new file mode 100644 index 00000000000..486e12e9703 --- /dev/null +++ b/verification/verifast/proof_setup/generated/pico_base/pico/config_autogen.h @@ -0,0 +1,19 @@ +/* This is a stub used for the VeriFast proof. */ + +// AUTOGENERATED FROM PICO_CONFIG_HEADER_FILES and then PICO__CONFIG_HEADER_FILES +// DO NOT EDIT! + + +// based on PICO_CONFIG_HEADER_FILES: + +#ifdef VERIFAST_PROOF + /* Reason for rewrite: VeriFast cannot handle absolute include paths. */ + #include "freertos_sdk_config.h" + #include "boards/pico.h" + + // based on PICO_RP2040_CONFIG_HEADER_FILES: + + #include "cmsis/rename_exceptions.h" +#else + // Generated include directives with absolute paths. +#endif diff --git a/verification/verifast/proof_setup/generated/pico_base/pico/version.h b/verification/verifast/proof_setup/generated/pico_base/pico/version.h new file mode 100644 index 00000000000..1bb2f11061f --- /dev/null +++ b/verification/verifast/proof_setup/generated/pico_base/pico/version.h @@ -0,0 +1,21 @@ +/* This is a stub used for the VeriFast proof. */ + +/* + * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +// --------------------------------------- +// THIS FILE IS AUTOGENERATED; DO NOT EDIT +// --------------------------------------- + +#ifndef _PICO_VERSION_H +#define _PICO_VERSION_H + +#define PICO_SDK_VERSION_MAJOR 1 +#define PICO_SDK_VERSION_MINOR 4 +#define PICO_SDK_VERSION_REVISION 0 +#define PICO_SDK_VERSION_STRING "1.4.0" + +#endif diff --git a/verification/verifast/proof_setup/pico/README.md b/verification/verifast/proof_setup/pico/README.md new file mode 100644 index 00000000000..9f7c7f9c31d --- /dev/null +++ b/verification/verifast/proof_setup/pico/README.md @@ -0,0 +1,2 @@ +This directory contains files that originally resided in: +`$PICO_SDK_PATH/src/rp2_common/pico_platform/include/pico` diff --git a/verification/verifast/proof_setup/pico/platform.h b/verification/verifast/proof_setup/pico/platform.h new file mode 100644 index 00000000000..213446f7bc7 --- /dev/null +++ b/verification/verifast/proof_setup/pico/platform.h @@ -0,0 +1,504 @@ +/* This is a stub used for the VeriFast proof. */ +/* + * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef _PICO_PLATFORM_H_ +#define _PICO_PLATFORM_H_ + +/** \file platform.h + * \defgroup pico_platform pico_platform + * + * Macros and definitions (and functions when included by non assembly code) for the RP2 family device / architecture + * to provide a common abstraction over low level compiler / platform specifics. + * + * This header may be included by assembly code + */ + +#include "hardware/platform_defs.h" +#include "hardware/regs/addressmap.h" +#include "hardware/regs/sio.h" + +// Marker for builds targeting the RP2040 +#define PICO_RP2040 1 + +// PICO_CONFIG: PICO_STACK_SIZE, Stack Size, min=0x100, default=0x800, advanced=true, group=pico_platform +#ifndef PICO_STACK_SIZE +#define PICO_STACK_SIZE _u(0x800) +#endif + +// PICO_CONFIG: PICO_HEAP_SIZE, Heap size to reserve, min=0x100, default=0x800, advanced=true, group=pico_platform +#ifndef PICO_HEAP_SIZE +#define PICO_HEAP_SIZE _u(0x800) +#endif + +// PICO_CONFIG: PICO_NO_RAM_VECTOR_TABLE, Enable/disable the RAM vector table, type=bool, default=0, advanced=true, group=pico_platform +#ifndef PICO_NO_RAM_VECTOR_TABLE +#define PICO_NO_RAM_VECTOR_TABLE 0 +#endif + +// PICO_CONFIG: PICO_RP2040_B0_SUPPORTED, Whether to include any specific software support for RP2040 B0 revision, type=bool, default=1, advanced=true, group=pico_platform +#ifndef PICO_RP2040_B0_SUPPORTED +#define PICO_RP2040_B0_SUPPORTED 1 +#endif + +// PICO_CONFIG: PICO_FLOAT_SUPPORT_ROM_V1, Include float support code for RP2040 B0 when that chip revision is supported , type=bool, default=1, advanced=true, group=pico_platform +#ifndef PICO_FLOAT_SUPPORT_ROM_V1 +#define PICO_FLOAT_SUPPORT_ROM_V1 1 +#endif + +// PICO_CONFIG: PICO_DOUBLE_SUPPORT_ROM_V1, Include double support code for RP2040 B0 when that chip revision is supported , type=bool, default=1, advanced=true, group=pico_platform +#ifndef PICO_DOUBLE_SUPPORT_ROM_V1 +#define PICO_DOUBLE_SUPPORT_ROM_V1 1 +#endif + + +// PICO_CONFIG: PICO_RP2040_B1_SUPPORTED, Whether to include any specific software support for RP2040 B1 revision, type=bool, default=1, advanced=true, group=pico_platform +#ifndef PICO_RP2040_B1_SUPPORTED +#define PICO_RP2040_B1_SUPPORTED 1 +#endif + +// PICO_CONFIG: PICO_RP2040_B2_SUPPORTED, Whether to include any specific software support for RP2040 B2 revision, type=bool, default=1, advanced=true, group=pico_platform +#ifndef PICO_RP2040_B2_SUPPORTED +#define PICO_RP2040_B2_SUPPORTED 1 +#endif + +// --- remainder of file is not included by assembly code --- + +#ifndef __ASSEMBLER__ + +#include +#include "pico/types.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/*! \brief Marker for an interrupt handler + * \ingroup pico_platform + * For example an IRQ handler function called my_interrupt_handler: + * + * void __isr my_interrupt_handler(void) { + */ +#define __isr + +/*! \brief Section attribute macro for placement in RAM after the `.data` section + * \ingroup pico_platform + * + * For example a 400 element `uint32_t` array placed after the .data section + * + * uint32_t __after_data("my_group_name") a_big_array[400]; + * + * The section attribute is `.after_data.` + * + * \param group a string suffix to use in the section name to distinguish groups that can be linker + * garbage-collected independently + */ +#define __after_data(group) __attribute__((section(".after_data." group))) + +/*! \brief Section attribute macro for placement not in flash (i.e in RAM) + * \ingroup pico_platform + * + * For example a 3 element `uint32_t` array placed in RAM (even though it is `static const`) + * + * static const uint32_t __not_in_flash("my_group_name") an_array[3]; + * + * The section attribute is `.time_critical.` + * + * \param group a string suffix to use in the section name to distinguish groups that can be linker + * garbage-collected independently + */ +#define __not_in_flash(group) __attribute__((section(".time_critical." group))) + +/*! \brief Section attribute macro for placement in the SRAM bank 4 (known as "scratch X") + * \ingroup pico_platform + * + * Scratch X is commonly used for critical data and functions accessed only by one core (when only + * one core is accessing the RAM bank, there is no opportunity for stalls) + * + * For example a `uint32_t` variable placed in "scratch X" + * + * uint32_t __scratch_x("my_group_name") foo = 23; + * + * The section attribute is `.scratch_x.` + * + * \param group a string suffix to use in the section name to distinguish groups that can be linker + * garbage-collected independently + */ +#define __scratch_x(group) __attribute__((section(".scratch_x." group))) + +/*! \brief Section attribute macro for placement in the SRAM bank 5 (known as "scratch Y") + * \ingroup pico_platform + * + * Scratch Y is commonly used for critical data and functions accessed only by one core (when only + * one core is accessing the RAM bank, there is no opportunity for stalls) + * + * For example a `uint32_t` variable placed in "scratch Y" + * + * uint32_t __scratch_y("my_group_name") foo = 23; + * + * The section attribute is `.scratch_y.` + * + * \param group a string suffix to use in the section name to distinguish groups that can be linker + * garbage-collected independently + */ +#define __scratch_y(group) __attribute__((section(".scratch_y." group))) + +/*! \brief Section attribute macro for data that is to be left uninitialized + * \ingroup pico_platform + * + * Data marked this way will retain its value across a reset (normally uninitialized data - in the .bss + * section) is initialized to zero during runtime initialization + * + * For example a `uint32_t` foo that will retain its value if the program is restarted by reset. + * + * uint32_t __uninitialized_ram("my_group_name") foo; + * + * The section attribute is `.uninitialized_ram.` + * + * \param group a string suffix to use in the section name to distinguish groups that can be linker + * garbage-collected independently + */ +#define __uninitialized_ram(group) __attribute__((section(".uninitialized_ram." #group))) group + +/*! \brief Section attribute macro for placement in flash even in a COPY_TO_RAM binary + * \ingroup pico_platform + * + * For example a `uint32_t` variable explicitly placed in flash (it will hard fault if you attempt to write it!) + * + * uint32_t __in_flash("my_group_name") foo = 23; + * + * The section attribute is `.flashdata.` + * + * \param group a string suffix to use in the section name to distinguish groups that can be linker + * garbage-collected independently + */ +#define __in_flash(group) __attribute__((section(".flashdata" group))) + +/*! \brief Indicates a function should not be stored in flash + * \ingroup pico_platform + * + * Decorates a function name, such that the function will execute from RAM (assuming it is not inlined + * into a flash function by the compiler) + * + * For example a function called my_func taking an int parameter: + * + * void __not_in_flash_func(my_func)(int some_arg) { + * + * The function is placed in the `.time_critical.` linker section + * + * \see __no_inline_not_in_flash_func + */ +#define __not_in_flash_func(func_name) __not_in_flash(__STRING(func_name)) func_name + +/*! \brief Indicates a function is time/latency critical and should not run from flash + * \ingroup pico_platform + * + * Decorates a function name, such that the function will execute from RAM (assuming it is not inlined + * into a flash function by the compiler) to avoid possible flash latency. Currently this macro is identical + * in implementation to `__not_in_flash_func`, however the semantics are distinct and a `__time_critical_func` + * may in the future be treated more specially to reduce the overhead when calling such function from a flash + * function. + * + * For example a function called my_func taking an int parameter: + * + * void __time_critical(my_func)(int some_arg) { + * + * The function is placed in the `.time_critical.` linker section + * + * \see __not_in_flash_func + */ +#define __time_critical_func(func_name) __not_in_flash_func(func_name) + +/*! \brief Indicate a function should not be stored in flash and should not be inlined + * \ingroup pico_platform + * + * Decorates a function name, such that the function will execute from RAM, explicitly marking it as + * noinline to prevent it being inlined into a flash function by the compiler + * + * For example a function called my_func taking an int parameter: + * + * void __no_inline_not_in_flash_func(my_func)(int some_arg) { + * + * The function is placed in the `.time_critical.` linker section + */ +#define __no_inline_not_in_flash_func(func_name) __noinline __not_in_flash_func(func_name) + +#define __packed_aligned __packed __aligned(4) + +#ifdef VERIFAST_PROOF + /* Reason for rewrite: + * VeriFast cannot handle defines for `__force_inline`. + */ +#else + /*! \brief Attribute to force inlining of a function regardless of optimization level + * \ingroup pico_platform + * + * For example my_function here will always be inlined: + * + * int __force_inline my_function(int x) { + * + */ + #if defined(__GNUC__) && (__GNUC__ <= 6 || (__GNUC__ == 7 && (__GNUC_MINOR__ < 3 || !defined(__cplusplus)))) + #define __force_inline inline __always_inline + #else + #define __force_inline __always_inline + #endif +#endif /* VERIFAST_PROOF */ + +/*! \brief Macro to determine the number of elements in an array + * \ingroup pico_platform + */ +#ifndef count_of +#define count_of(a) (sizeof(a)/sizeof((a)[0])) +#endif + +/*! \brief Macro to return the maximum of two comparable values + * \ingroup pico_platform + */ +#ifndef MAX +#define MAX(a, b) ((a)>(b)?(a):(b)) +#endif + +/*! \brief Macro to return the minimum of two comparable values + * \ingroup pico_platform + */ +#ifndef MIN +#define MIN(a, b) ((b)>(a)?(a):(b)) +#endif + +/*! \brief Execute a breakpoint instruction + * \ingroup pico_platform + */ +static inline void __breakpoint(void) { + __asm__("bkpt #0"); +} + +/*! \brief Ensure that the compiler does not move memory access across this method call + * \ingroup pico_platform + * + * For example in the following code: + * + * *some_memory_location = var_a; + * __compiler_memory_barrier(); + * uint32_t var_b = *some_other_memory_location + * + * The compiler will not move the load from `some_other_memory_location` above the memory barrier (which it otherwise + * might - even above the memory store!) + */ +#ifdef VERIFAST_PROOF + /* Reason for rewrite: VeriFast cannot parse: + * - `__force_inline` + * - the function body + */ + static void __compiler_memory_barrier(void); +#else + __force_inline static void __compiler_memory_barrier(void) { + __asm__ volatile ("" : : : "memory"); + } +#endif + + +/*! \brief Macro for converting memory addresses to 32 bit addresses suitable for DMA + * \ingroup pico_platform + * + * This is just a cast to `uintptr_t` on the RP2040, however you may want to use this when developing code + * that also runs in "host" mode. If the host mode is 64 bit and you are embedding data pointers + * in other data (e.g. DMA chaining), then there is a need in "host" mode to convert a 64 bit native + * pointer to a 32 bit value for storage, which can be done using this macro. + */ +#define host_safe_hw_ptr(x) ((uintptr_t)(x)) +#define native_safe_hw_ptr(x) host_safe_hw_ptr(x) + + +/*! \brief Panics with the message "Unsupported" + * \ingroup pico_platform + * \see panic + */ +#ifdef VERIFAST_PROOF + /* Reason for rewrite: VeriFast cannot parse `__attribute__((noreturn))`. */ + void panic_unsupported(void); +#else + void __attribute__((noreturn)) panic_unsupported(void); +#endif + +/*! \brief Displays a panic message and halts execution + * \ingroup pico_platform + * + * An attempt is made to output the message to all registered STDOUT drivers + * after which this method executes a BKPT instruction. + * + * @param fmt format string (printf-like) + * @param ... printf-like arguments + */ +#ifdef VERIFAST_PROOF + /* Reason for rewrite: VeriFast cannot parse `__attribute__((noreturn))`. */ + void panic(const char *fmt, ...); +#else + void __attribute__((noreturn)) panic(const char *fmt, ...); +#endif + +// PICO_CONFIG: PICO_NO_FPGA_CHECK, Remove the FPGA platform check for small code size reduction, type=bool, default=0, advanced=true, group=pico_runtime +#ifndef PICO_NO_FPGA_CHECK +#define PICO_NO_FPGA_CHECK 0 +#endif + +#if PICO_NO_FPGA_CHECK +static inline bool running_on_fpga(void) {return false;} +#else +bool running_on_fpga(void); +#endif + +/*! \brief Returns the RP2040 chip revision number + * \ingroup pico_platform + * @return the RP2040 chip revision number (1 for B0/B1, 2 for B2) + */ +uint8_t rp2040_chip_version(void); + +/*! \brief Returns the RP2040 rom version number + * \ingroup pico_platform + * @return the RP2040 rom version number (1 for RP2040-B0, 2 for RP2040-B1, 3 for RP2040-B2) + */ +static inline uint8_t rp2040_rom_version(void) { + #ifdef VERIFAST_PROOF + /* Reason for rewrite: VeriFast cannot parse GCC pragmas */ + return *(uint8_t*)0x13; + #else + #pragma GCC diagnostic push + #pragma GCC diagnostic ignored "-Warray-bounds" + return *(uint8_t*)0x13; + #pragma GCC diagnostic pop + #endif /* VERIFAST_PROOF */ +} + +/*! \brief No-op function for the body of tight loops + * \ingroup pico_platform + * + * No-op function intended to be called by any tight hardware polling loop. Using this ubiquitously + * makes it much easier to find tight loops, but also in the future \#ifdef-ed support for lockup + * debugging might be added + */ +#ifdef VERIFAST_PROOF + /* Reason for rewrite: VeriFast cannot parse `__force_inline`. */ + static void tight_loop_contents(void) {} +#else + static __force_inline void tight_loop_contents(void) {} +#endif /* VERIFAST_PROOF */ + + +/*! \brief Multiply two integers using an assembly `MUL` instruction + * \ingroup pico_platform + * + * This multiplies a by b using multiply instruction using the ARM mul instruction regardless of values (the compiler + * might otherwise choose to perform shifts/adds), i.e. this is a 1 cycle operation. + * + * \param a the first operand + * \param b the second operand + * \return a * b + */ +#ifdef VERIFAST_PROOF + /* Reason for rewrite: VeriFast cannot parse: + * - `__force_inline` + * - function body + */ + static int32_t __mul_instruction(int32_t a, int32_t b); +#else + __force_inline static int32_t __mul_instruction(int32_t a, int32_t b) { + asm ("mul %0, %1" : "+l" (a) : "l" (b) : ); + return a; + } +#endif /* VERIFAST_PROOF */ + +/*! \brief multiply two integer values using the fastest method possible + * \ingroup pico_platform + * + * Efficiently multiplies value a by possibly constant value b. + * + * If b is known to be constant and not zero or a power of 2, then a mul instruction is used rather than gcc's default + * which is often a slow combination of shifts and adds. If b is a power of 2 then a single shift is of course preferable + * and will be used + * + * \param a the first operand + * \param b the second operand + * \return a * b + */ +#define __fast_mul(a, b) __builtin_choose_expr(__builtin_constant_p(b) && !__builtin_constant_p(a), \ +(__builtin_popcount(b) >= 2 ? __mul_instruction(a,b) : (a)*(b)), \ +(a)*(b)) + +/*! \brief Utility macro to assert two types are equivalent. + * \ingroup pico_platform + * + * This macro can be useful in other macros along with `typeof` to assert that two parameters are of equivalent type + * (or that a single parameter is of an expected type) + */ +#define __check_type_compatible(type_a, type_b) static_assert(__builtin_types_compatible_p(type_a, type_b), __STRING(type_a) " is not compatible with " __STRING(type_b)); + +/*! \brief Get the current exception level on this core + * \ingroup pico_platform + * + * \return the exception number if the CPU is handling an exception, or 0 otherwise + */ +uint __get_current_exception(void); + +#define WRAPPER_FUNC(x) __wrap_ ## x +#define REAL_FUNC(x) __real_ ## x + +#ifdef __cplusplus +} +#endif + +/*! \brief Helper method to busy-wait for at least the given number of cycles + * \ingroup pico_platform + * + * This method is useful for introducing very short delays. + * + * This method busy-waits in a tight loop for the given number of system clock cycles. The total wait time is only accurate to within 2 cycles, + * and this method uses a loop counter rather than a hardware timer, so the method will always take longer than expected if an + * interrupt is handled on the calling core during the busy-wait; you can of course disable interrupts to prevent this. + * + * You can use \ref clock_get_hz(clk_sys) to determine the number of clock cycles per second if you want to convert an actual + * time duration to a number of cycles. + * + * \param minimum_cycles the minimum number of system clock cycles to delay for + */ +#ifdef VERIFAST_PROOF + /* Reason for rewrite: VeriFast cannot parse function body. */ + static inline void busy_wait_at_least_cycles(uint32_t minimum_cycles); +#else + static inline void busy_wait_at_least_cycles(uint32_t minimum_cycles) { + __asm volatile ( + ".syntax unified\n" + "1: subs %0, #3\n" + "bcs 1b\n" + : "+r" (minimum_cycles) : : "memory" + ); + } +#endif /* VERIFAST_PROOF */ + +/*! \brief Get the current core number + * \ingroup pico_platform + * + * \return The core number the call was made from + */ +#ifdef VERIFAST_PROOF + /* Reason for rewrite: VeriFast cannot parse `__force_inline`. */ + static uint get_core_num(void) +#else + __force_inline static uint get_core_num(void) +#endif /* VERIFAST_PROOF */ +{ + return (*(uint32_t *) (SIO_BASE + SIO_CPUID_OFFSET)); +} + +#else // __ASSEMBLER__ + +#define WRAPPER_FUNC_NAME(x) __wrap_##x +#define SECTION_NAME(x) .text.##x +#define RAM_SECTION_NAME(x) .time_critical.##x + +#endif // !__ASSEMBLER__ + +#endif diff --git a/verification/verifast/proof_setup/sys/README.md b/verification/verifast/proof_setup/sys/README.md new file mode 100644 index 00000000000..752771d3a7a --- /dev/null +++ b/verification/verifast/proof_setup/sys/README.md @@ -0,0 +1,12 @@ +This directory contains files copied from: +`/Library/Developer/CommandLineTools/SDKs/MacOSX12.3.sdk/System/Library/Frameworks/Kernel.framework/Versions/A/Headers` +We cannot put this directory on VeriFast's include path because it contains +the file `stdbool.h` which VeriFast cannot parse. + +More specifically, VeriFast cannot parse the defines `#define false 0` and +`#define true 1` contained in the header `stdbool.h`. +Therefore, by default, it skips all includes of `stdbool.h` and +uses its builtin definitions of `true` and `false`. However, if we manually +specify an include path (via VeriFast's `-I` option) that contains `stdbool.h`, +this behaviour changes. It stops skipping these includes which leads to parse +errors. diff --git a/verification/verifast/proof_setup/sys/cdefs.h b/verification/verifast/proof_setup/sys/cdefs.h new file mode 100644 index 00000000000..e86eb4c1364 --- /dev/null +++ b/verification/verifast/proof_setup/sys/cdefs.h @@ -0,0 +1,924 @@ +/* This is a stub used for the VeriFast proof. */ + +/* + * Copyright (c) 2000-2018 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +/* Copyright 1995 NeXT Computer, Inc. All rights reserved. */ +/* + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * This code is derived from software contributed to Berkeley by + * Berkeley Software Design, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)cdefs.h 8.8 (Berkeley) 1/9/95 + */ + +#ifndef _CDEFS_H_ +#define _CDEFS_H_ + +/* Verifast proof setup */ +#ifdef VERIFAST_PROOF + /* + * The proof setup header is already included at the top of the proof target, + * e.g., `tasks.c`. But it seems like the contained defines are not propagated + * to this file. + */ + #include "verifast_proof_defs.h" +#endif + +#if defined(__cplusplus) +#define __BEGIN_DECLS extern "C" { +#define __END_DECLS } +#else +#define __BEGIN_DECLS +#define __END_DECLS +#endif + +/* This SDK is designed to work with clang and specific versions of + * gcc >= 4.0 with Apple's patch sets */ +#if !defined(__GNUC__) || __GNUC__ < 4 +#warning "Unsupported compiler detected" +#endif + +/* + * Compatibility with compilers and environments that don't support compiler + * feature checking function-like macros. + */ +#ifndef __has_builtin +#define __has_builtin(x) 0 +#endif +#ifndef __has_include +#define __has_include(x) 0 +#endif +#ifndef __has_feature +#define __has_feature(x) 0 +#endif +#ifndef __has_attribute +#define __has_attribute(x) 0 +#endif +#ifndef __has_extension +#define __has_extension(x) 0 +#endif + +/* + * The __CONCAT macro is used to concatenate parts of symbol names, e.g. + * with "#define OLD(foo) __CONCAT(old,foo)", OLD(foo) produces oldfoo. + * The __CONCAT macro is a bit tricky -- make sure you don't put spaces + * in between its arguments. __CONCAT can also concatenate double-quoted + * strings produced by the __STRING macro, but this only works with ANSI C. + */ +#if defined(__STDC__) || defined(__cplusplus) +#define __P(protos) protos /* full-blown ANSI C */ +#define __CONCAT(x, y) x ## y +#define __STRING(x) #x + +#define __const const /* define reserved names to standard */ +#define __signed signed +#define __volatile volatile +#if defined(__cplusplus) +#define __inline inline /* convert to C++ keyword */ +#else +#ifndef __GNUC__ +#define __inline /* delete GCC keyword */ +#endif /* !__GNUC__ */ +#endif /* !__cplusplus */ + +#else /* !(__STDC__ || __cplusplus) */ +#define __P(protos) () /* traditional C preprocessor */ +#define __CONCAT(x, y) x /**/ y +#define __STRING(x) "x" + +#ifndef __GNUC__ +#define __const /* delete pseudo-ANSI C keywords */ +#define __inline +#define __signed +#define __volatile +#endif /* !__GNUC__ */ + +/* + * In non-ANSI C environments, new programs will want ANSI-only C keywords + * deleted from the program and old programs will want them left alone. + * When using a compiler other than gcc, programs using the ANSI C keywords + * const, inline etc. as normal identifiers should define -DNO_ANSI_KEYWORDS. + * When using "gcc -traditional", we assume that this is the intent; if + * __GNUC__ is defined but __STDC__ is not, we leave the new keywords alone. + */ +#ifndef NO_ANSI_KEYWORDS +#define const __const /* convert ANSI C keywords */ +#define inline __inline +#define signed __signed +#define volatile __volatile +#endif /* !NO_ANSI_KEYWORDS */ +#endif /* !(__STDC__ || __cplusplus) */ + +/* + * __pure2 can be used for functions that are only a function of their scalar + * arguments (meaning they can't dereference pointers). + * + * __stateful_pure can be used for functions that have no side effects, + * but depend on the state of the memory. + */ +#define __dead2 __attribute__((__noreturn__)) +#define __pure2 __attribute__((__const__)) +#define __stateful_pure __attribute__((__pure__)) + +/* __unused denotes variables and functions that may not be used, preventing + * the compiler from warning about it if not used. + */ +#define __unused __attribute__((__unused__)) + +/* __used forces variables and functions to be included even if it appears + * to the compiler that they are not used (and would thust be discarded). + */ +#define __used __attribute__((__used__)) + +/* __cold marks code used for debugging or that is rarely taken + * and tells the compiler to optimize for size and outline code. + */ +#if __has_attribute(cold) +#define __cold __attribute__((__cold__)) +#else +#define __cold +#endif + +/* __exported denotes symbols that should be exported even when symbols + * are hidden by default. + * __exported_push/_exported_pop are pragmas used to delimit a range of + * symbols that should be exported even when symbols are hidden by default. + */ +#define __exported __attribute__((__visibility__("default"))) +#define __exported_push _Pragma("GCC visibility push(default)") +#define __exported_pop _Pragma("GCC visibility pop") + +/* __deprecated causes the compiler to produce a warning when encountering + * code using the deprecated functionality. + * __deprecated_msg() does the same, and compilers that support it will print + * a message along with the deprecation warning. + * This may require turning on such warning with the -Wdeprecated flag. + * __deprecated_enum_msg() should be used on enums, and compilers that support + * it will print the deprecation warning. + * __kpi_deprecated() specifically indicates deprecation of kernel programming + * interfaces in Kernel.framework used by KEXTs. + */ +#define __deprecated __attribute__((__deprecated__)) + +#if __has_extension(attribute_deprecated_with_message) || \ + (defined(__GNUC__) && ((__GNUC__ >= 5) || ((__GNUC__ == 4) && (__GNUC_MINOR__ >= 5)))) + #define __deprecated_msg(_msg) __attribute__((__deprecated__(_msg))) +#else + #define __deprecated_msg(_msg) __attribute__((__deprecated__)) +#endif + +#if __has_extension(enumerator_attributes) + #define __deprecated_enum_msg(_msg) __deprecated_msg(_msg) +#else + #define __deprecated_enum_msg(_msg) +#endif + +#define __kpi_deprecated(_msg) __deprecated_msg(_msg) + +/* __unavailable causes the compiler to error out when encountering + * code using the tagged function + */ +#if __has_attribute(unavailable) +#define __unavailable __attribute__((__unavailable__)) +#else +#define __unavailable +#endif + +#define __kpi_unavailable __unavailable + +#if defined(__arm64__) +#define __kpi_deprecated_arm64_macos_unavailable __unavailable +#else +#define __kpi_deprecated_arm64_macos_unavailable __deprecated +#endif /* XNU_KERNEL_PRIVATE */ + +/* Delete pseudo-keywords wherever they are not available or needed. */ +#ifndef __dead +#define __dead +#define __pure +#endif + +/* + * We use `__restrict' as a way to define the `restrict' type qualifier + * without disturbing older software that is unaware of C99 keywords. + */ +#if __STDC_VERSION__ < 199901 +#define __restrict +#else +#define __restrict restrict +#endif + +/* Compatibility with compilers and environments that don't support the + * nullability feature. + */ + +#if !__has_feature(nullability) +#ifndef __nullable +#define __nullable +#endif +#ifndef __nonnull +#define __nonnull +#endif +#ifndef __null_unspecified +#define __null_unspecified +#endif +#ifndef _Nullable +#define _Nullable +#endif +#ifndef _Nonnull +#define _Nonnull +#endif +#ifndef _Null_unspecified +#define _Null_unspecified +#endif +#endif + +/* + * __disable_tail_calls causes the compiler to not perform tail call + * optimization inside the marked function. + */ +#if __has_attribute(disable_tail_calls) +#define __disable_tail_calls __attribute__((__disable_tail_calls__)) +#else +#define __disable_tail_calls +#endif + +/* + * __not_tail_called causes the compiler to prevent tail call optimization + * on statically bound calls to the function. It has no effect on indirect + * calls. Virtual functions, objective-c methods, and functions marked as + * "always_inline" cannot be marked as __not_tail_called. + */ +#if __has_attribute(not_tail_called) +#define __not_tail_called __attribute__((__not_tail_called__)) +#else +#define __not_tail_called +#endif + +/* + * __result_use_check warns callers of a function that not using the function + * return value is a bug, i.e. dismissing malloc() return value results in a + * memory leak. + */ +#if __has_attribute(warn_unused_result) +#define __result_use_check __attribute__((__warn_unused_result__)) +#else +#define __result_use_check +#endif + +/* + * __swift_unavailable causes the compiler to mark a symbol as specifically + * unavailable in Swift, regardless of any other availability in C. + */ +#if __has_feature(attribute_availability_swift) +#define __swift_unavailable(_msg) __attribute__((__availability__(swift, unavailable, message=_msg))) +#else +#define __swift_unavailable(_msg) +#endif + +/* + * __abortlike is the attribute to put on functions like abort() that are + * typically used to mark assertions. These optimize the codegen + * for outlining while still maintaining debugability. + */ +#ifndef __abortlike +#define __abortlike __dead2 __cold __not_tail_called +#endif + +/* Declaring inline functions within headers is error-prone due to differences + * across various versions of the C language and extensions. __header_inline + * can be used to declare inline functions within system headers. In cases + * where you want to force inlining instead of letting the compiler make + * the decision, you can use __header_always_inline. + * + * Be aware that using inline for functions which compilers may also provide + * builtins can behave differently under various compilers. If you intend to + * provide an inline version of such a function, you may want to use a macro + * instead. + * + * The check for !__GNUC__ || __clang__ is because gcc doesn't correctly + * support c99 inline in some cases: + * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55965 + */ + +#if defined(__cplusplus) || \ + (__STDC_VERSION__ >= 199901L && \ + !defined(__GNUC_GNU_INLINE__) && \ + (!defined(__GNUC__) || defined(__clang__))) +# define __header_inline inline +#elif defined(__GNUC__) && defined(__GNUC_STDC_INLINE__) +# define __header_inline extern __inline __attribute__((__gnu_inline__)) +#elif defined(__GNUC__) +# define __header_inline extern __inline +#else +/* If we land here, we've encountered an unsupported compiler, + * so hopefully it understands static __inline as a fallback. + */ +# define __header_inline static __inline +#endif + +#ifdef __GNUC__ +# define __header_always_inline __header_inline __attribute__ ((__always_inline__)) +#else +/* Unfortunately, we're using a compiler that we don't know how to force to + * inline. Oh well. + */ +# define __header_always_inline __header_inline +#endif + +/* + * Compiler-dependent macros that bracket portions of code where the + * "-Wunreachable-code" warning should be ignored. Please use sparingly. + */ +#if defined(__clang__) +# define __unreachable_ok_push \ + _Pragma("clang diagnostic push") \ + _Pragma("clang diagnostic ignored \"-Wunreachable-code\"") +# define __unreachable_ok_pop \ + _Pragma("clang diagnostic pop") +#elif defined(__GNUC__) && ((__GNUC__ > 4) || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6)) +# define __unreachable_ok_push \ + _Pragma("GCC diagnostic push") \ + _Pragma("GCC diagnostic ignored \"-Wunreachable-code\"") +# define __unreachable_ok_pop \ + _Pragma("GCC diagnostic pop") +#else +# define __unreachable_ok_push +# define __unreachable_ok_pop +#endif + +/* + * Compiler-dependent macros to declare that functions take printf-like + * or scanf-like arguments. They are null except for versions of gcc + * that are known to support the features properly. Functions declared + * with these attributes will cause compilation warnings if there is a + * mismatch between the format string and subsequent function parameter + * types. + */ +#define __printflike(fmtarg, firstvararg) \ + __attribute__((__format__ (__printf__, fmtarg, firstvararg))) +#define __printf0like(fmtarg, firstvararg) \ + __attribute__((__format__ (__printf0__, fmtarg, firstvararg))) +#define __scanflike(fmtarg, firstvararg) \ + __attribute__((__format__ (__scanf__, fmtarg, firstvararg))) +#define __osloglike(fmtarg, firstvararg) \ + __attribute__((__format__ (__os_log__, fmtarg, firstvararg))) + +#define __IDSTRING(name, string) static const char name[] __used = string + +#ifndef __COPYRIGHT +#define __COPYRIGHT(s) __IDSTRING(copyright,s) +#endif + +#ifndef __RCSID +#define __RCSID(s) __IDSTRING(rcsid,s) +#endif + +#ifndef __SCCSID +#define __SCCSID(s) __IDSTRING(sccsid,s) +#endif + +#ifndef __PROJECT_VERSION +#define __PROJECT_VERSION(s) __IDSTRING(project_version,s) +#endif + +/* Source compatibility only, ID string not emitted in object file */ +#ifndef __FBSDID +#define __FBSDID(s) +#endif + +#ifndef __DECONST +#define __DECONST(type, var) __CAST_AWAY_QUALIFIER(var, const, type) +#endif + +#ifndef __DEVOLATILE +#define __DEVOLATILE(type, var) __CAST_AWAY_QUALIFIER(var, volatile, type) +#endif + +#ifndef __DEQUALIFY +#define __DEQUALIFY(type, var) __CAST_AWAY_QUALIFIER(var, const volatile, type) +#endif + +/* + * __alloc_size can be used to label function arguments that represent the + * size of memory that the function allocates and returns. The one-argument + * form labels a single argument that gives the allocation size (where the + * arguments are numbered from 1): + * + * void *malloc(size_t __size) __alloc_size(1); + * + * The two-argument form handles the case where the size is calculated as the + * product of two arguments: + * + * void *calloc(size_t __count, size_t __size) __alloc_size(1,2); + */ +#ifndef __alloc_size +#if __has_attribute(alloc_size) +#define __alloc_size(...) __attribute__((alloc_size(__VA_ARGS__))) +#else +#define __alloc_size(...) +#endif +#endif // __alloc_size + +/* + * COMPILATION ENVIRONMENTS -- see compat(5) for additional detail + * + * DEFAULT By default newly complied code will get POSIX APIs plus + * Apple API extensions in scope. + * + * Most users will use this compilation environment to avoid + * behavioral differences between 32 and 64 bit code. + * + * LEGACY Defining _NONSTD_SOURCE will get pre-POSIX APIs plus Apple + * API extensions in scope. + * + * This is generally equivalent to the Tiger release compilation + * environment, except that it cannot be applied to 64 bit code; + * its use is discouraged. + * + * We expect this environment to be deprecated in the future. + * + * STRICT Defining _POSIX_C_SOURCE or _XOPEN_SOURCE restricts the + * available APIs to exactly the set of APIs defined by the + * corresponding standard, based on the value defined. + * + * A correct, portable definition for _POSIX_C_SOURCE is 200112L. + * A correct, portable definition for _XOPEN_SOURCE is 600L. + * + * Apple API extensions are not visible in this environment, + * which can cause Apple specific code to fail to compile, + * or behave incorrectly if prototypes are not in scope or + * warnings about missing prototypes are not enabled or ignored. + * + * In any compilation environment, for correct symbol resolution to occur, + * function prototypes must be in scope. It is recommended that all Apple + * tools users add either the "-Wall" or "-Wimplicit-function-declaration" + * compiler flags to their projects to be warned when a function is being + * used without a prototype in scope. + */ + +/* These settings are particular to each product. */ +#define __DARWIN_ONLY_64_BIT_INO_T 0 +#define __DARWIN_ONLY_UNIX_CONFORMANCE 0 +#define __DARWIN_ONLY_VERS_1050 0 +#if defined(__x86_64__) +#define __DARWIN_SUF_DARWIN14 "_darwin14" +#define __DARWIN14_ALIAS(sym) __asm("_" __STRING(sym) __DARWIN_SUF_DARWIN14) +#else +#define __DARWIN14_ALIAS(sym) +#endif + +/* + * The __DARWIN_ALIAS macros are used to do symbol renaming; they allow + * legacy code to use the old symbol, thus maintaining binary compatibility + * while new code can use a standards compliant version of the same function. + * + * __DARWIN_ALIAS is used by itself if the function signature has not + * changed, it is used along with a #ifdef check for __DARWIN_UNIX03 + * if the signature has changed. Because the __LP64__ environment + * only supports UNIX03 semantics it causes __DARWIN_UNIX03 to be + * defined, but causes __DARWIN_ALIAS to do no symbol mangling. + * + * As a special case, when XCode is used to target a specific version of the + * OS, the manifest constant __ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ + * will be defined by the compiler, with the digits representing major version + * time 100 + minor version times 10 (e.g. 10.5 := 1050). If we are targeting + * pre-10.5, and it is the default compilation environment, revert the + * compilation environment to pre-__DARWIN_UNIX03. + */ +#if !defined(__DARWIN_UNIX03) +# define __DARWIN_UNIX03 0 +#endif /* !__DARWIN_UNIX03 */ + +#if !defined(__DARWIN_64_BIT_INO_T) +# define __DARWIN_64_BIT_INO_T 0 +#endif /* !__DARWIN_64_BIT_INO_T */ + +#if !defined(__DARWIN_VERS_1050) +# define __DARWIN_VERS_1050 0 +#endif /* !__DARWIN_VERS_1050 */ + +#if !defined(__DARWIN_NON_CANCELABLE) +# define __DARWIN_NON_CANCELABLE 0 +#endif /* !__DARWIN_NON_CANCELABLE */ + +/* + * symbol suffixes used for symbol versioning + */ +#if __DARWIN_UNIX03 +# if __DARWIN_ONLY_UNIX_CONFORMANCE +# define __DARWIN_SUF_UNIX03 /* nothing */ +# else /* !__DARWIN_ONLY_UNIX_CONFORMANCE */ +# define __DARWIN_SUF_UNIX03 "$UNIX2003" +# endif /* __DARWIN_ONLY_UNIX_CONFORMANCE */ + +# if __DARWIN_64_BIT_INO_T +# if __DARWIN_ONLY_64_BIT_INO_T +# define __DARWIN_SUF_64_BIT_INO_T /* nothing */ +# else /* !__DARWIN_ONLY_64_BIT_INO_T */ +# define __DARWIN_SUF_64_BIT_INO_T "$INODE64" +# endif /* __DARWIN_ONLY_64_BIT_INO_T */ +# else /* !__DARWIN_64_BIT_INO_T */ +# define __DARWIN_SUF_64_BIT_INO_T /* nothing */ +# endif /* __DARWIN_64_BIT_INO_T */ + +# if __DARWIN_VERS_1050 +# if __DARWIN_ONLY_VERS_1050 +# define __DARWIN_SUF_1050 /* nothing */ +# else /* !__DARWIN_ONLY_VERS_1050 */ +# define __DARWIN_SUF_1050 "$1050" +# endif /* __DARWIN_ONLY_VERS_1050 */ +# else /* !__DARWIN_VERS_1050 */ +# define __DARWIN_SUF_1050 /* nothing */ +# endif /* __DARWIN_VERS_1050 */ + +# if __DARWIN_NON_CANCELABLE +# define __DARWIN_SUF_NON_CANCELABLE "$NOCANCEL" +# else /* !__DARWIN_NON_CANCELABLE */ +# define __DARWIN_SUF_NON_CANCELABLE /* nothing */ +# endif /* __DARWIN_NON_CANCELABLE */ + +#else /* !__DARWIN_UNIX03 */ +# define __DARWIN_SUF_UNIX03 /* nothing */ +# define __DARWIN_SUF_64_BIT_INO_T /* nothing */ +# define __DARWIN_SUF_NON_CANCELABLE /* nothing */ +# define __DARWIN_SUF_1050 /* nothing */ +#endif /* __DARWIN_UNIX03 */ + +#define __DARWIN_SUF_EXTSN "$DARWIN_EXTSN" + +/* + * symbol versioning macros + */ +#define __DARWIN_ALIAS(sym) __asm("_" __STRING(sym) __DARWIN_SUF_UNIX03) +#define __DARWIN_ALIAS_C(sym) __asm("_" __STRING(sym) __DARWIN_SUF_NON_CANCELABLE __DARWIN_SUF_UNIX03) +#define __DARWIN_ALIAS_I(sym) __asm("_" __STRING(sym) __DARWIN_SUF_64_BIT_INO_T __DARWIN_SUF_UNIX03) +#define __DARWIN_NOCANCEL(sym) __asm("_" __STRING(sym) __DARWIN_SUF_NON_CANCELABLE) +#define __DARWIN_INODE64(sym) __asm("_" __STRING(sym) __DARWIN_SUF_64_BIT_INO_T) + +#define __DARWIN_1050(sym) __asm("_" __STRING(sym) __DARWIN_SUF_1050) +#define __DARWIN_1050ALIAS(sym) __asm("_" __STRING(sym) __DARWIN_SUF_1050 __DARWIN_SUF_UNIX03) +#define __DARWIN_1050ALIAS_C(sym) __asm("_" __STRING(sym) __DARWIN_SUF_1050 __DARWIN_SUF_NON_CANCELABLE __DARWIN_SUF_UNIX03) +#define __DARWIN_1050ALIAS_I(sym) __asm("_" __STRING(sym) __DARWIN_SUF_1050 __DARWIN_SUF_64_BIT_INO_T __DARWIN_SUF_UNIX03) +#define __DARWIN_1050INODE64(sym) __asm("_" __STRING(sym) __DARWIN_SUF_1050 __DARWIN_SUF_64_BIT_INO_T) + +#define __DARWIN_EXTSN(sym) __asm("_" __STRING(sym) __DARWIN_SUF_EXTSN) +#define __DARWIN_EXTSN_C(sym) __asm("_" __STRING(sym) __DARWIN_SUF_EXTSN __DARWIN_SUF_NON_CANCELABLE) + +/* + * symbol release macros + */ +#define __DARWIN_ALIAS_STARTING(_mac, _iphone, x) + + +/* + * POSIX.1 requires that the macros we test be defined before any standard + * header file is included. This permits us to convert values for feature + * testing, as necessary, using only _POSIX_C_SOURCE. + * + * Here's a quick run-down of the versions: + * defined(_POSIX_SOURCE) 1003.1-1988 + * _POSIX_C_SOURCE == 1L 1003.1-1990 + * _POSIX_C_SOURCE == 2L 1003.2-1992 C Language Binding Option + * _POSIX_C_SOURCE == 199309L 1003.1b-1993 + * _POSIX_C_SOURCE == 199506L 1003.1c-1995, 1003.1i-1995, + * and the omnibus ISO/IEC 9945-1: 1996 + * _POSIX_C_SOURCE == 200112L 1003.1-2001 + * _POSIX_C_SOURCE == 200809L 1003.1-2008 + * + * In addition, the X/Open Portability Guide, which is now the Single UNIX + * Specification, defines a feature-test macro which indicates the version of + * that specification, and which subsumes _POSIX_C_SOURCE. + */ + +/* Deal with IEEE Std. 1003.1-1990, in which _POSIX_C_SOURCE == 1L. */ +#if defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE == 1L +#undef _POSIX_C_SOURCE +#define _POSIX_C_SOURCE 199009L +#endif + +/* Deal with IEEE Std. 1003.2-1992, in which _POSIX_C_SOURCE == 2L. */ +#if defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE == 2L +#undef _POSIX_C_SOURCE +#define _POSIX_C_SOURCE 199209L +#endif + +/* Deal with various X/Open Portability Guides and Single UNIX Spec. */ +#ifdef _XOPEN_SOURCE +#if _XOPEN_SOURCE - 0L >= 700L && (!defined(_POSIX_C_SOURCE) || _POSIX_C_SOURCE - 0L < 200809L) +#undef _POSIX_C_SOURCE +#define _POSIX_C_SOURCE 200809L +#elif _XOPEN_SOURCE - 0L >= 600L && (!defined(_POSIX_C_SOURCE) || _POSIX_C_SOURCE - 0L < 200112L) +#undef _POSIX_C_SOURCE +#define _POSIX_C_SOURCE 200112L +#elif _XOPEN_SOURCE - 0L >= 500L && (!defined(_POSIX_C_SOURCE) || _POSIX_C_SOURCE - 0L < 199506L) +#undef _POSIX_C_SOURCE +#define _POSIX_C_SOURCE 199506L +#endif +#endif + +/* + * Deal with all versions of POSIX. The ordering relative to the tests above is + * important. + */ +#if defined(_POSIX_SOURCE) && !defined(_POSIX_C_SOURCE) +#define _POSIX_C_SOURCE 198808L +#endif + +/* POSIX C deprecation macros */ +#define __POSIX_C_DEPRECATED(ver) + +/* + * Set a single macro which will always be defined and can be used to determine + * the appropriate namespace. For POSIX, these values will correspond to + * _POSIX_C_SOURCE value. Currently there are two additional levels corresponding + * to ANSI (_ANSI_SOURCE) and Darwin extensions (_DARWIN_C_SOURCE) + */ +#define __DARWIN_C_ANSI 010000L +#define __DARWIN_C_FULL 900000L + +#if defined(_ANSI_SOURCE) +#define __DARWIN_C_LEVEL __DARWIN_C_ANSI +#elif defined(_POSIX_C_SOURCE) && !defined(_DARWIN_C_SOURCE) && !defined(_NONSTD_SOURCE) +#define __DARWIN_C_LEVEL _POSIX_C_SOURCE +#else +#define __DARWIN_C_LEVEL __DARWIN_C_FULL +#endif + +/* If the developer has neither requested a strict language mode nor a version + * of POSIX, turn on functionality provided by __STDC_WANT_LIB_EXT1__ as part + * of __DARWIN_C_FULL. + */ +#if !defined(__STDC_WANT_LIB_EXT1__) && !defined(__STRICT_ANSI__) && __DARWIN_C_LEVEL >= __DARWIN_C_FULL +#define __STDC_WANT_LIB_EXT1__ 1 +#endif + +/* + * long long is not supported in c89 (__STRICT_ANSI__), but g++ -ansi and + * c99 still want long longs. While not perfect, we allow long longs for + * g++. + */ +#if (defined(__STRICT_ANSI__) && (__STDC_VERSION__ - 0 < 199901L) && !defined(__GNUG__)) +#define __DARWIN_NO_LONG_LONG 1 +#else +#define __DARWIN_NO_LONG_LONG 0 +#endif + +/***************************************** +* Public darwin-specific feature macros +*****************************************/ + +/* + * _DARWIN_FEATURE_64_BIT_INODE indicates that the ino_t type is 64-bit, and + * structures modified for 64-bit inodes (like struct stat) will be used. + */ +#if __DARWIN_64_BIT_INO_T +#define _DARWIN_FEATURE_64_BIT_INODE 1 +#endif + +/* + * _DARWIN_FEATURE_64_ONLY_BIT_INODE indicates that the ino_t type may only + * be 64-bit; there is no support for 32-bit ino_t when this macro is defined + * (and non-zero). There is no struct stat64 either, as the regular + * struct stat will already be the 64-bit version. + */ +#if __DARWIN_ONLY_64_BIT_INO_T +#define _DARWIN_FEATURE_ONLY_64_BIT_INODE 1 +#endif + +/* + * _DARWIN_FEATURE_ONLY_VERS_1050 indicates that only those APIs updated + * in 10.5 exists; no pre-10.5 variants are available. + */ +#if __DARWIN_ONLY_VERS_1050 +#define _DARWIN_FEATURE_ONLY_VERS_1050 1 +#endif + +/* + * _DARWIN_FEATURE_ONLY_UNIX_CONFORMANCE indicates only UNIX conforming API + * are available (the legacy BSD APIs are not available) + */ +#if __DARWIN_ONLY_UNIX_CONFORMANCE +#define _DARWIN_FEATURE_ONLY_UNIX_CONFORMANCE 1 +#endif + +/* + * _DARWIN_FEATURE_UNIX_CONFORMANCE indicates whether UNIX conformance is on, + * and specifies the conformance level (3 is SUSv3) + */ +#if __DARWIN_UNIX03 +#define _DARWIN_FEATURE_UNIX_CONFORMANCE 3 +#endif + + +/* + * This macro casts away the qualifier from the variable + * + * Note: use at your own risk, removing qualifiers can result in + * catastrophic run-time failures. + */ +#ifndef __CAST_AWAY_QUALIFIER +#define __CAST_AWAY_QUALIFIER(variable, qualifier, type) (type) (long)(variable) +#endif + +/* + * __XNU_PRIVATE_EXTERN is a linkage decoration indicating that a symbol can be + * used from other compilation units, but not other libraries or executables. + */ +#ifndef __XNU_PRIVATE_EXTERN +#define __XNU_PRIVATE_EXTERN __attribute__((visibility("hidden"))) +#endif + +#if __has_include() +#include +#else +/* + * We intentionally define to nothing pointer attributes which do not have an + * impact on the ABI. __indexable and __bidi_indexable are not defined because + * of the ABI incompatibility that makes the diagnostic preferable. + */ +#define __has_ptrcheck 0 +#define __single +#define __unsafe_indexable +#define __counted_by(N) +#define __sized_by(N) +#define __ended_by(E) + +/* + * Similarly, we intentionally define to nothing the + * __ptrcheck_abi_assume_single and __ptrcheck_abi_assume_unsafe_indexable + * macros because they do not lead to an ABI incompatibility. However, we do not + * define the indexable and unsafe_indexable ones because the diagnostic is + * better than the silent ABI break. + */ +#define __ptrcheck_abi_assume_single() +#define __ptrcheck_abi_assume_unsafe_indexable() + +/* __unsafe_forge intrinsics are defined as regular C casts. */ +#define __unsafe_forge_bidi_indexable(T, P, S) ((T)(P)) +#define __unsafe_forge_single(T, P) ((T)(P)) + +/* decay operates normally; attribute is meaningless without pointer checks. */ +#define __array_decay_dicards_count_in_parameters +#endif /* !__has_include() */ + +#define __ASSUME_PTR_ABI_SINGLE_BEGIN __ptrcheck_abi_assume_single() +#define __ASSUME_PTR_ABI_SINGLE_END __ptrcheck_abi_assume_unsafe_indexable() + +#if __has_ptrcheck +#define __header_indexable __indexable +#define __header_bidi_indexable __bidi_indexable +#else +#define __header_indexable +#define __header_bidi_indexable +#endif + +/* + * Architecture validation for current SDK + */ +#if !defined(__sys_cdefs_arch_unknown__) && defined(__i386__) +#elif !defined(__sys_cdefs_arch_unknown__) && defined(__x86_64__) +#elif !defined(__sys_cdefs_arch_unknown__) && defined(__arm__) +#elif !defined(__sys_cdefs_arch_unknown__) && defined(__arm64__) +#else +#error Unsupported architecture +#endif + + +/* + * Check if __probable and __improbable have already been defined elsewhere. + * These macros inform the compiler (and humans) about which branches are likely + * to be taken. + */ +#if !defined(__probable) && !defined(__improbable) +#define __probable(x) __builtin_expect(!!(x), 1) +#define __improbable(x) __builtin_expect(!!(x), 0) +#endif /* !defined(__probable) && !defined(__improbable) */ + +#define __container_of(ptr, type, field) __extension__({ \ + const __typeof__(((type *)NULL)->field) *__ptr = (ptr); \ + (type *)((uintptr_t)__ptr - offsetof(type, field)); \ + }) + + +#define __compiler_barrier() __asm__ __volatile__("" ::: "memory") + +#if __has_attribute(enum_extensibility) +#define __enum_open __attribute__((__enum_extensibility__(open))) +#define __enum_closed __attribute__((__enum_extensibility__(closed))) +#else +#define __enum_open +#define __enum_closed +#endif // __has_attribute(enum_extensibility) + +#if __has_attribute(flag_enum) +#define __enum_options __attribute__((__flag_enum__)) +#else +#define __enum_options +#endif + +/* + * Similar to OS_ENUM/OS_CLOSED_ENUM/OS_OPTIONS/OS_CLOSED_OPTIONS + * + * This provides more advanced type checking on compilers supporting + * the proper extensions, even in C. + */ +#if __has_feature(objc_fixed_enum) || __has_extension(cxx_fixed_enum) || \ + __has_extension(cxx_strong_enums) +#define __enum_decl(_name, _type, ...) \ + typedef enum : _type __VA_ARGS__ __enum_open _name +#define __enum_closed_decl(_name, _type, ...) \ + typedef enum : _type __VA_ARGS__ __enum_closed _name +#define __options_decl(_name, _type, ...) \ + typedef enum : _type __VA_ARGS__ __enum_open __enum_options _name +#define __options_closed_decl(_name, _type, ...) \ + typedef enum : _type __VA_ARGS__ __enum_closed __enum_options _name +#else +#define __enum_decl(_name, _type, ...) \ + typedef _type _name; enum __VA_ARGS__ __enum_open +#define __enum_closed_decl(_name, _type, ...) \ + typedef _type _name; enum __VA_ARGS__ __enum_closed +#define __options_decl(_name, _type, ...) \ + typedef _type _name; enum __VA_ARGS__ __enum_open __enum_options +#define __options_closed_decl(_name, _type, ...) \ + typedef _type _name; enum __VA_ARGS__ __enum_closed __enum_options +#endif + + +#if defined(KERNEL) && __has_attribute(xnu_usage_semantics) +/* + * These macros can be used to annotate type definitions or scalar structure + * fields to inform the compiler about which semantic they have with regards + * to the content of the underlying memory represented by such type or field. + * + * This information is used in the analysis of the types performed by the + * signature based type segregation implemented in kalloc. + */ +#define __kernel_ptr_semantics __attribute__((xnu_usage_semantics("pointer"))) +#define __kernel_data_semantics __attribute__((xnu_usage_semantics("data"))) +#define __kernel_dual_semantics __attribute__((xnu_usage_semantics("pointer", "data"))) + +#else /* defined(KERNEL) && __has_attribute(xnu_usage_semantics) */ + +#define __kernel_ptr_semantics +#define __kernel_data_semantics +#define __kernel_dual_semantics + +#endif /* defined(KERNEL) && __has_attribute(xnu_usage_semantics) */ + +#endif /* !_CDEFS_H_ */ diff --git a/verification/verifast/proof_setup/verifast_proof_defs.h b/verification/verifast/proof_setup/verifast_proof_defs.h new file mode 100644 index 00000000000..73f0578c572 --- /dev/null +++ b/verification/verifast/proof_setup/verifast_proof_defs.h @@ -0,0 +1,24 @@ +/* + * This file contains defines to configure the VeriFast proof setup which are + * not already handled in `port.c` or `portmacro.h`. + * + */ + +// /Users/reitobia/repos/forked/FreeRTOS-Kernel/verification/verifast/proof_setup_incremental/verifast_proof_defs.h + + +#ifndef VERIFAST_PROOF_DEFS_H + // The following defines are required by `FRTOS.h` + // line 93 + #define configMAX_PRIORITIES 100 + + // The following defines are required by `cdefs.h` + #define __GNUC__ 10 + #define __STDC__ 1 + + // line 827 + // This proof setup assumes an RP2040 processor (Raspberry Pi Pico). + #define __arm__ + + +#endif /* VERIFAST_PROOF_DEFS_H */ diff --git a/verification/verifast/start-vfide.sh b/verification/verifast/start-vfide.sh new file mode 100755 index 00000000000..bb100617744 --- /dev/null +++ b/verification/verifast/start-vfide.sh @@ -0,0 +1,91 @@ + +# This script must be run from the directory in which it resides, +# i.e., `FreeRTOS-Kernel/verification/verifast`. + +# Expected arguments: +# $1 : The path to the verifast IDE binary, i.e., `vfide`. +# $2 : The path to the pico sdk installation, usually stored in an environment +# variable called `$PICO_SDK_PATH`. + + + +VFIDE="$1" +echo Path to vfide binary : "\'$VFIDE\'" +PICO_SDK_PATH="$2" +echo Path to the Pico SDK : "\"$PICO_SDK_PATH\"" + + +SOURCE_DIR="../.." +HEADER_DIR="$SOURCE_DIR/include" + +TASK_H="$HEADER_DIR/task.h" +TASKS_C="$SOURCE_DIR/tasks.c" + +PROOF_SETUP_DIR="proof_setup" +GENERATED_HEADERS_DIR="$PROOF_SETUP_DIR/generated" + +FREERTOS_SMP_DEMO_DIR="demos/FreeRTOS-SMP-Demos" + + +# We replaced the following include paths: +# `$FREERTOS_SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base` +# -> +# `$GENERATED_HEADERS_DIR/pico_base` + +"$VFIDE" "$HEADER_DIR" \ +-I $PROOF_SETUP_DIR -D VERIFAST_PROOF "$TASKS_C" \ +-I $FREERTOS_SMP_DEMO_DIR/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include \ +-I $PICO_SDK_PATH/src/common/pico_base/include \ +-I $FREERTOS_SMP_DEMO_DIR/FreeRTOS/Source/include \ +-I $GENERATED_HEADERS_DIR/pico_base \ +-I $PICO_SDK_PATH/src/boards/include \ +-I $PICO_SDK_PATH/src/rp2_common/cmsis/include \ +-I $FREERTOS_SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore \ +-I $PICO_SDK_PATH/src/rp2040/hardware_regs/include \ +-I $PICO_SDK_PATH/src/rp2_common/hardware_base/include \ +-I $PICO_SDK_PATH/src/rp2_common/hardware_clocks/include \ +-I $PICO_SDK_PATH/src/rp2040/hardware_structs/include \ +-I $PICO_SDK_PATH/src/rp2_common/hardware_claim/include \ +-I $PICO_SDK_PATH/src/rp2_common/hardware_sync/include \ +-I $PICO_SDK_PATH/src/rp2_common/hardware_gpio/include \ +-I $PICO_SDK_PATH/src/rp2_common/hardware_irq/include \ +-I $PICO_SDK_PATH/src/common/pico_sync/include \ +-I $PICO_SDK_PATH/src/common/pico_time/include \ +-I $PICO_SDK_PATH/src/rp2_common/hardware_timer/include \ +-I $PICO_SDK_PATH/src/common/pico_util/include \ +-I $PICO_SDK_PATH/src/rp2_common/hardware_resets/include \ +-I $PICO_SDK_PATH/src/rp2_common/hardware_pll/include \ +-I $PICO_SDK_PATH/src/rp2_common/hardware_vreg/include \ +-I $PICO_SDK_PATH/src/rp2_common/hardware_watchdog/include \ +-I $PICO_SDK_PATH/src/rp2_common/hardware_xosc/include \ +-I $PICO_SDK_PATH/src/rp2_common/hardware_exception/include \ +-I $PICO_SDK_PATH/src/rp2_common/pico_multicore/include \ +-I $PICO_SDK_PATH/src/common/pico_stdlib/include \ +-I $PICO_SDK_PATH/src/rp2_common/hardware_uart/include \ +-I $PICO_SDK_PATH/src/rp2_common/hardware_divider/include \ +-I $PICO_SDK_PATH/src/rp2_common/pico_runtime/include \ +-I $PICO_SDK_PATH/src/rp2_common/pico_printf/include \ +-I $PICO_SDK_PATH/src/rp2_common/pico_bootrom/include \ +-I $PICO_SDK_PATH/src/common/pico_bit_ops/include \ +-I $PICO_SDK_PATH/src/common/pico_divider/include \ +-I $PICO_SDK_PATH/src/rp2_common/pico_double/include \ +-I $PICO_SDK_PATH/src/rp2_common/pico_int64_ops/include \ +-I $PICO_SDK_PATH/src/rp2_common/pico_float/include \ +-I $PICO_SDK_PATH/src/rp2_common/pico_malloc/include \ +-I $PICO_SDK_PATH/src/rp2_common/boot_stage2/include \ +-I $PICO_SDK_PATH/src/common/pico_binary_info/include \ +-I $PICO_SDK_PATH/src/rp2_common/pico_stdio/include \ +-I $PICO_SDK_PATH/src/rp2_common/pico_stdio_uart/include \ +-I $PICO_SDK_PATH/src/rp2_common/pico_stdio_usb/include \ +-I $PICO_SDK_PATH/lib/tinyusb/src \ +-I $PICO_SDK_PATH/lib/tinyusb/src/common \ +-I $PICO_SDK_PATH/lib/tinyusb/hw \ +-I $PICO_SDK_PATH/src/rp2_common/pico_fix/rp2040_usb_device_enumeration/include \ +-I $PICO_SDK_PATH/src/rp2_common/pico_unique_id/include \ +-I $PICO_SDK_PATH/src/rp2_common/hardware_flash/include \ +-I $PICO_SDK_PATH/src/common/pico_usb_reset_interface/include \ + + +# Defines used during the built of the FreeRTOS SMP Demo that might be relevant +# in the future: +# -D CFG_TUSB_DEBUG=0 -D CFG_TUSB_MCU=OPT_MCU_RP2040 -D CFG_TUSB_OS=OPT_OS_PICO -D FREE_RTOS_KERNEL_SMP=1 -D LIB_FREERTOS_KERNEL=1 -D LIB_PICO_BIT_OPS=1 -D LIB_PICO_BIT_OPS_PICO=1 -D LIB_PICO_DIVIDER=1 -D LIB_PICO_DIVIDER_HARDWARE=1 -D LIB_PICO_DOUBLE=1 -D LIB_PICO_DOUBLE_PICO=1 -D LIB_PICO_FIX_RP2040_USB_DEVICE_ENUMERATION=1 -D LIB_PICO_FLOAT=1 -D LIB_PICO_FLOAT_PICO=1 -D LIB_PICO_INT64_OPS=1 -D LIB_PICO_INT64_OPS_PICO=1 -D LIB_PICO_MALLOC=1 -D LIB_PICO_MEM_OPS=1 -D LIB_PICO_MEM_OPS_PICO=1 -D LIB_PICO_MULTICORE=1 -D LIB_PICO_PLATFORM=1 -D LIB_PICO_PRINTF=1 -D LIB_PICO_PRINTF_PICO=1 -D LIB_PICO_RUNTIME=1 -D LIB_PICO_STANDARD_LINK=1 -D LIB_PICO_STDIO=1 -D LIB_PICO_STDIO_UART=1 -D LIB_PICO_STDIO_USB=1 -D LIB_PICO_STDLIB=1 -D LIB_PICO_SYNC=1 -D LIB_PICO_SYNC_CORE=1 -D LIB_PICO_SYNC_CRITICAL_SECTION=1 -D LIB_PICO_SYNC_MUTEX=1 -D LIB_PICO_SYNC_SEM=1 -D LIB_PICO_TIME=1 -D LIB_PICO_UNIQUE_ID=1 -D LIB_PICO_UTIL=1 -D PICO_BOARD=\"pico\" -D PICO_BUILD=1 -D PICO_CMAKE_BUILD_TYPE=\"Release\" -D PICO_COPY_TO_RAM=0 -D PICO_CXX_ENABLE_EXCEPTIONS=0 -D PICO_NO_FLASH=0 -D PICO_NO_HARDWARE=0 -D PICO_ON_DEVICE=1 -D PICO_TARGET_NAME=\"on_core_zero\" -D PICO_USE_BLOCKED_RAM=0 \ From bcde4983132a874ad9be839ddbce80913f907417 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 11 Oct 2022 14:32:14 -0400 Subject: [PATCH 004/289] Added FreeRTOS-SMP-Demos repo as submodule. --- verification/verifast/demos/FreeRTOS-SMP-Demos | 1 + 1 file changed, 1 insertion(+) create mode 160000 verification/verifast/demos/FreeRTOS-SMP-Demos diff --git a/verification/verifast/demos/FreeRTOS-SMP-Demos b/verification/verifast/demos/FreeRTOS-SMP-Demos new file mode 160000 index 00000000000..c84926adafd --- /dev/null +++ b/verification/verifast/demos/FreeRTOS-SMP-Demos @@ -0,0 +1 @@ +Subproject commit c84926adafd83830f75c3b59c85988a9898b7351 From 5995eb2ac47b212a38b06fb7151f9ed5c47e5ee2 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 11 Oct 2022 14:34:41 -0400 Subject: [PATCH 005/289] Added Pico SDK repo as submodule. --- .gitmodules | 3 +++ verification/verifast/sdks/pico-sdk | 1 + 2 files changed, 4 insertions(+) create mode 160000 verification/verifast/sdks/pico-sdk diff --git a/.gitmodules b/.gitmodules index d39461e659f..c56f6e0b696 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,6 @@ [submodule "verification/verifast/demos/FreeRTOS-SMP-Demos"] path = verification/verifast/demos/FreeRTOS-SMP-Demos url = https://github.com/Tobias-internship-AWS-2022/FreeRTOS-SMP-Demos.git +[submodule "verification/verifast/sdks/pico-sdk"] + path = verification/verifast/sdks/pico-sdk + url = https://github.com/raspberrypi/pico-sdk.git diff --git a/verification/verifast/sdks/pico-sdk b/verification/verifast/sdks/pico-sdk new file mode 160000 index 00000000000..2e6142b15b8 --- /dev/null +++ b/verification/verifast/sdks/pico-sdk @@ -0,0 +1 @@ +Subproject commit 2e6142b15b8a75c1227dd3edbe839193b2bf9041 From eec276d0a3496b063bfe220bec6247845d419c12 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 11 Oct 2022 14:39:57 -0400 Subject: [PATCH 006/289] Replaced Pico SDK submodule by fork. --- .gitmodules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitmodules b/.gitmodules index c56f6e0b696..9690876310a 100644 --- a/.gitmodules +++ b/.gitmodules @@ -3,4 +3,4 @@ url = https://github.com/Tobias-internship-AWS-2022/FreeRTOS-SMP-Demos.git [submodule "verification/verifast/sdks/pico-sdk"] path = verification/verifast/sdks/pico-sdk - url = https://github.com/raspberrypi/pico-sdk.git + url = https://github.com/Tobias-internship-AWS-2022/pico-sdk.git From 80651ca320b958eb554f01538bd1fd4b5cbaf990 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 11 Oct 2022 14:50:43 -0400 Subject: [PATCH 007/289] Switched submodules to `verifast` branch. --- .gitmodules | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitmodules b/.gitmodules index 9690876310a..c0ce92937b8 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,6 +1,8 @@ [submodule "verification/verifast/demos/FreeRTOS-SMP-Demos"] path = verification/verifast/demos/FreeRTOS-SMP-Demos url = https://github.com/Tobias-internship-AWS-2022/FreeRTOS-SMP-Demos.git + branch = verifast [submodule "verification/verifast/sdks/pico-sdk"] path = verification/verifast/sdks/pico-sdk url = https://github.com/Tobias-internship-AWS-2022/pico-sdk.git + branch = verifast From 21457b6611dff0d90f0a83f654ef3186ee1da2b8 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 11 Oct 2022 15:10:20 -0400 Subject: [PATCH 008/289] Added missing include flag in vf start script. --- verification/verifast/start-vfide.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/verification/verifast/start-vfide.sh b/verification/verifast/start-vfide.sh index bb100617744..ae21ff525c8 100755 --- a/verification/verifast/start-vfide.sh +++ b/verification/verifast/start-vfide.sh @@ -32,7 +32,7 @@ FREERTOS_SMP_DEMO_DIR="demos/FreeRTOS-SMP-Demos" # -> # `$GENERATED_HEADERS_DIR/pico_base` -"$VFIDE" "$HEADER_DIR" \ +"$VFIDE" -I "$HEADER_DIR" \ -I $PROOF_SETUP_DIR -D VERIFAST_PROOF "$TASKS_C" \ -I $FREERTOS_SMP_DEMO_DIR/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include \ -I $PICO_SDK_PATH/src/common/pico_base/include \ From e65247562899ba5a3adc08a7219abd0cc7d1851b Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 11 Oct 2022 15:14:03 -0400 Subject: [PATCH 009/289] vf start script now now uses pico sdk submodule for includes instead of system-wider pico sdk installation. --- verification/verifast/start-vfide.sh | 100 +++++++++++++-------------- 1 file changed, 48 insertions(+), 52 deletions(-) diff --git a/verification/verifast/start-vfide.sh b/verification/verifast/start-vfide.sh index ae21ff525c8..05137be8bae 100755 --- a/verification/verifast/start-vfide.sh +++ b/verification/verifast/start-vfide.sh @@ -2,17 +2,11 @@ # This script must be run from the directory in which it resides, # i.e., `FreeRTOS-Kernel/verification/verifast`. -# Expected arguments: -# $1 : The path to the verifast IDE binary, i.e., `vfide`. -# $2 : The path to the pico sdk installation, usually stored in an environment -# variable called `$PICO_SDK_PATH`. VFIDE="$1" echo Path to vfide binary : "\'$VFIDE\'" -PICO_SDK_PATH="$2" -echo Path to the Pico SDK : "\"$PICO_SDK_PATH\"" SOURCE_DIR="../.." @@ -26,6 +20,8 @@ GENERATED_HEADERS_DIR="$PROOF_SETUP_DIR/generated" FREERTOS_SMP_DEMO_DIR="demos/FreeRTOS-SMP-Demos" +PICO_SDK_DIR="sdks/pico-sdk" + # We replaced the following include paths: # `$FREERTOS_SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base` @@ -35,55 +31,55 @@ FREERTOS_SMP_DEMO_DIR="demos/FreeRTOS-SMP-Demos" "$VFIDE" -I "$HEADER_DIR" \ -I $PROOF_SETUP_DIR -D VERIFAST_PROOF "$TASKS_C" \ -I $FREERTOS_SMP_DEMO_DIR/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include \ --I $PICO_SDK_PATH/src/common/pico_base/include \ +-I $PICO_SDK_DIR/src/common/pico_base/include \ -I $FREERTOS_SMP_DEMO_DIR/FreeRTOS/Source/include \ -I $GENERATED_HEADERS_DIR/pico_base \ --I $PICO_SDK_PATH/src/boards/include \ --I $PICO_SDK_PATH/src/rp2_common/cmsis/include \ +-I $PICO_SDK_DIR/src/boards/include \ +-I $PICO_SDK_DIR/src/rp2_common/cmsis/include \ -I $FREERTOS_SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore \ --I $PICO_SDK_PATH/src/rp2040/hardware_regs/include \ --I $PICO_SDK_PATH/src/rp2_common/hardware_base/include \ --I $PICO_SDK_PATH/src/rp2_common/hardware_clocks/include \ --I $PICO_SDK_PATH/src/rp2040/hardware_structs/include \ --I $PICO_SDK_PATH/src/rp2_common/hardware_claim/include \ --I $PICO_SDK_PATH/src/rp2_common/hardware_sync/include \ --I $PICO_SDK_PATH/src/rp2_common/hardware_gpio/include \ --I $PICO_SDK_PATH/src/rp2_common/hardware_irq/include \ --I $PICO_SDK_PATH/src/common/pico_sync/include \ --I $PICO_SDK_PATH/src/common/pico_time/include \ --I $PICO_SDK_PATH/src/rp2_common/hardware_timer/include \ --I $PICO_SDK_PATH/src/common/pico_util/include \ --I $PICO_SDK_PATH/src/rp2_common/hardware_resets/include \ --I $PICO_SDK_PATH/src/rp2_common/hardware_pll/include \ --I $PICO_SDK_PATH/src/rp2_common/hardware_vreg/include \ --I $PICO_SDK_PATH/src/rp2_common/hardware_watchdog/include \ --I $PICO_SDK_PATH/src/rp2_common/hardware_xosc/include \ --I $PICO_SDK_PATH/src/rp2_common/hardware_exception/include \ --I $PICO_SDK_PATH/src/rp2_common/pico_multicore/include \ --I $PICO_SDK_PATH/src/common/pico_stdlib/include \ --I $PICO_SDK_PATH/src/rp2_common/hardware_uart/include \ --I $PICO_SDK_PATH/src/rp2_common/hardware_divider/include \ --I $PICO_SDK_PATH/src/rp2_common/pico_runtime/include \ --I $PICO_SDK_PATH/src/rp2_common/pico_printf/include \ --I $PICO_SDK_PATH/src/rp2_common/pico_bootrom/include \ --I $PICO_SDK_PATH/src/common/pico_bit_ops/include \ --I $PICO_SDK_PATH/src/common/pico_divider/include \ --I $PICO_SDK_PATH/src/rp2_common/pico_double/include \ --I $PICO_SDK_PATH/src/rp2_common/pico_int64_ops/include \ --I $PICO_SDK_PATH/src/rp2_common/pico_float/include \ --I $PICO_SDK_PATH/src/rp2_common/pico_malloc/include \ --I $PICO_SDK_PATH/src/rp2_common/boot_stage2/include \ --I $PICO_SDK_PATH/src/common/pico_binary_info/include \ --I $PICO_SDK_PATH/src/rp2_common/pico_stdio/include \ --I $PICO_SDK_PATH/src/rp2_common/pico_stdio_uart/include \ --I $PICO_SDK_PATH/src/rp2_common/pico_stdio_usb/include \ --I $PICO_SDK_PATH/lib/tinyusb/src \ --I $PICO_SDK_PATH/lib/tinyusb/src/common \ --I $PICO_SDK_PATH/lib/tinyusb/hw \ --I $PICO_SDK_PATH/src/rp2_common/pico_fix/rp2040_usb_device_enumeration/include \ --I $PICO_SDK_PATH/src/rp2_common/pico_unique_id/include \ --I $PICO_SDK_PATH/src/rp2_common/hardware_flash/include \ --I $PICO_SDK_PATH/src/common/pico_usb_reset_interface/include \ +-I $PICO_SDK_DIR/src/rp2040/hardware_regs/include \ +-I $PICO_SDK_DIR/src/rp2_common/hardware_base/include \ +-I $PICO_SDK_DIR/src/rp2_common/hardware_clocks/include \ +-I $PICO_SDK_DIR/src/rp2040/hardware_structs/include \ +-I $PICO_SDK_DIR/src/rp2_common/hardware_claim/include \ +-I $PICO_SDK_DIR/src/rp2_common/hardware_sync/include \ +-I $PICO_SDK_DIR/src/rp2_common/hardware_gpio/include \ +-I $PICO_SDK_DIR/src/rp2_common/hardware_irq/include \ +-I $PICO_SDK_DIR/src/common/pico_sync/include \ +-I $PICO_SDK_DIR/src/common/pico_time/include \ +-I $PICO_SDK_DIR/src/rp2_common/hardware_timer/include \ +-I $PICO_SDK_DIR/src/common/pico_util/include \ +-I $PICO_SDK_DIR/src/rp2_common/hardware_resets/include \ +-I $PICO_SDK_DIR/src/rp2_common/hardware_pll/include \ +-I $PICO_SDK_DIR/src/rp2_common/hardware_vreg/include \ +-I $PICO_SDK_DIR/src/rp2_common/hardware_watchdog/include \ +-I $PICO_SDK_DIR/src/rp2_common/hardware_xosc/include \ +-I $PICO_SDK_DIR/src/rp2_common/hardware_exception/include \ +-I $PICO_SDK_DIR/src/rp2_common/pico_multicore/include \ +-I $PICO_SDK_DIR/src/common/pico_stdlib/include \ +-I $PICO_SDK_DIR/src/rp2_common/hardware_uart/include \ +-I $PICO_SDK_DIR/src/rp2_common/hardware_divider/include \ +-I $PICO_SDK_DIR/src/rp2_common/pico_runtime/include \ +-I $PICO_SDK_DIR/src/rp2_common/pico_printf/include \ +-I $PICO_SDK_DIR/src/rp2_common/pico_bootrom/include \ +-I $PICO_SDK_DIR/src/common/pico_bit_ops/include \ +-I $PICO_SDK_DIR/src/common/pico_divider/include \ +-I $PICO_SDK_DIR/src/rp2_common/pico_double/include \ +-I $PICO_SDK_DIR/src/rp2_common/pico_int64_ops/include \ +-I $PICO_SDK_DIR/src/rp2_common/pico_float/include \ +-I $PICO_SDK_DIR/src/rp2_common/pico_malloc/include \ +-I $PICO_SDK_DIR/src/rp2_common/boot_stage2/include \ +-I $PICO_SDK_DIR/src/common/pico_binary_info/include \ +-I $PICO_SDK_DIR/src/rp2_common/pico_stdio/include \ +-I $PICO_SDK_DIR/src/rp2_common/pico_stdio_uart/include \ +-I $PICO_SDK_DIR/src/rp2_common/pico_stdio_usb/include \ +-I $PICO_SDK_DIR/lib/tinyusb/src \ +-I $PICO_SDK_DIR/lib/tinyusb/src/common \ +-I $PICO_SDK_DIR/lib/tinyusb/hw \ +-I $PICO_SDK_DIR/src/rp2_common/pico_fix/rp2040_usb_device_enumeration/include \ +-I $PICO_SDK_DIR/src/rp2_common/pico_unique_id/include \ +-I $PICO_SDK_DIR/src/rp2_common/hardware_flash/include \ +-I $PICO_SDK_DIR/src/common/pico_usb_reset_interface/include \ # Defines used during the built of the FreeRTOS SMP Demo that might be relevant From 7f69232893203e6db91196f0d9bfbee27f5a196d Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 11 Oct 2022 15:26:00 -0400 Subject: [PATCH 010/289] Resolved VF parse error in pico sdk's `platform.h` and deleted stub. --- .../verifast/proof_setup/pico/README.md | 2 - .../verifast/proof_setup/pico/platform.h | 504 ------------------ verification/verifast/sdks/pico-sdk | 2 +- verification/verifast/start-vfide.sh | 2 +- 4 files changed, 2 insertions(+), 508 deletions(-) delete mode 100644 verification/verifast/proof_setup/pico/README.md delete mode 100644 verification/verifast/proof_setup/pico/platform.h diff --git a/verification/verifast/proof_setup/pico/README.md b/verification/verifast/proof_setup/pico/README.md deleted file mode 100644 index 9f7c7f9c31d..00000000000 --- a/verification/verifast/proof_setup/pico/README.md +++ /dev/null @@ -1,2 +0,0 @@ -This directory contains files that originally resided in: -`$PICO_SDK_PATH/src/rp2_common/pico_platform/include/pico` diff --git a/verification/verifast/proof_setup/pico/platform.h b/verification/verifast/proof_setup/pico/platform.h deleted file mode 100644 index 213446f7bc7..00000000000 --- a/verification/verifast/proof_setup/pico/platform.h +++ /dev/null @@ -1,504 +0,0 @@ -/* This is a stub used for the VeriFast proof. */ -/* - * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - -#ifndef _PICO_PLATFORM_H_ -#define _PICO_PLATFORM_H_ - -/** \file platform.h - * \defgroup pico_platform pico_platform - * - * Macros and definitions (and functions when included by non assembly code) for the RP2 family device / architecture - * to provide a common abstraction over low level compiler / platform specifics. - * - * This header may be included by assembly code - */ - -#include "hardware/platform_defs.h" -#include "hardware/regs/addressmap.h" -#include "hardware/regs/sio.h" - -// Marker for builds targeting the RP2040 -#define PICO_RP2040 1 - -// PICO_CONFIG: PICO_STACK_SIZE, Stack Size, min=0x100, default=0x800, advanced=true, group=pico_platform -#ifndef PICO_STACK_SIZE -#define PICO_STACK_SIZE _u(0x800) -#endif - -// PICO_CONFIG: PICO_HEAP_SIZE, Heap size to reserve, min=0x100, default=0x800, advanced=true, group=pico_platform -#ifndef PICO_HEAP_SIZE -#define PICO_HEAP_SIZE _u(0x800) -#endif - -// PICO_CONFIG: PICO_NO_RAM_VECTOR_TABLE, Enable/disable the RAM vector table, type=bool, default=0, advanced=true, group=pico_platform -#ifndef PICO_NO_RAM_VECTOR_TABLE -#define PICO_NO_RAM_VECTOR_TABLE 0 -#endif - -// PICO_CONFIG: PICO_RP2040_B0_SUPPORTED, Whether to include any specific software support for RP2040 B0 revision, type=bool, default=1, advanced=true, group=pico_platform -#ifndef PICO_RP2040_B0_SUPPORTED -#define PICO_RP2040_B0_SUPPORTED 1 -#endif - -// PICO_CONFIG: PICO_FLOAT_SUPPORT_ROM_V1, Include float support code for RP2040 B0 when that chip revision is supported , type=bool, default=1, advanced=true, group=pico_platform -#ifndef PICO_FLOAT_SUPPORT_ROM_V1 -#define PICO_FLOAT_SUPPORT_ROM_V1 1 -#endif - -// PICO_CONFIG: PICO_DOUBLE_SUPPORT_ROM_V1, Include double support code for RP2040 B0 when that chip revision is supported , type=bool, default=1, advanced=true, group=pico_platform -#ifndef PICO_DOUBLE_SUPPORT_ROM_V1 -#define PICO_DOUBLE_SUPPORT_ROM_V1 1 -#endif - - -// PICO_CONFIG: PICO_RP2040_B1_SUPPORTED, Whether to include any specific software support for RP2040 B1 revision, type=bool, default=1, advanced=true, group=pico_platform -#ifndef PICO_RP2040_B1_SUPPORTED -#define PICO_RP2040_B1_SUPPORTED 1 -#endif - -// PICO_CONFIG: PICO_RP2040_B2_SUPPORTED, Whether to include any specific software support for RP2040 B2 revision, type=bool, default=1, advanced=true, group=pico_platform -#ifndef PICO_RP2040_B2_SUPPORTED -#define PICO_RP2040_B2_SUPPORTED 1 -#endif - -// --- remainder of file is not included by assembly code --- - -#ifndef __ASSEMBLER__ - -#include -#include "pico/types.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/*! \brief Marker for an interrupt handler - * \ingroup pico_platform - * For example an IRQ handler function called my_interrupt_handler: - * - * void __isr my_interrupt_handler(void) { - */ -#define __isr - -/*! \brief Section attribute macro for placement in RAM after the `.data` section - * \ingroup pico_platform - * - * For example a 400 element `uint32_t` array placed after the .data section - * - * uint32_t __after_data("my_group_name") a_big_array[400]; - * - * The section attribute is `.after_data.` - * - * \param group a string suffix to use in the section name to distinguish groups that can be linker - * garbage-collected independently - */ -#define __after_data(group) __attribute__((section(".after_data." group))) - -/*! \brief Section attribute macro for placement not in flash (i.e in RAM) - * \ingroup pico_platform - * - * For example a 3 element `uint32_t` array placed in RAM (even though it is `static const`) - * - * static const uint32_t __not_in_flash("my_group_name") an_array[3]; - * - * The section attribute is `.time_critical.` - * - * \param group a string suffix to use in the section name to distinguish groups that can be linker - * garbage-collected independently - */ -#define __not_in_flash(group) __attribute__((section(".time_critical." group))) - -/*! \brief Section attribute macro for placement in the SRAM bank 4 (known as "scratch X") - * \ingroup pico_platform - * - * Scratch X is commonly used for critical data and functions accessed only by one core (when only - * one core is accessing the RAM bank, there is no opportunity for stalls) - * - * For example a `uint32_t` variable placed in "scratch X" - * - * uint32_t __scratch_x("my_group_name") foo = 23; - * - * The section attribute is `.scratch_x.` - * - * \param group a string suffix to use in the section name to distinguish groups that can be linker - * garbage-collected independently - */ -#define __scratch_x(group) __attribute__((section(".scratch_x." group))) - -/*! \brief Section attribute macro for placement in the SRAM bank 5 (known as "scratch Y") - * \ingroup pico_platform - * - * Scratch Y is commonly used for critical data and functions accessed only by one core (when only - * one core is accessing the RAM bank, there is no opportunity for stalls) - * - * For example a `uint32_t` variable placed in "scratch Y" - * - * uint32_t __scratch_y("my_group_name") foo = 23; - * - * The section attribute is `.scratch_y.` - * - * \param group a string suffix to use in the section name to distinguish groups that can be linker - * garbage-collected independently - */ -#define __scratch_y(group) __attribute__((section(".scratch_y." group))) - -/*! \brief Section attribute macro for data that is to be left uninitialized - * \ingroup pico_platform - * - * Data marked this way will retain its value across a reset (normally uninitialized data - in the .bss - * section) is initialized to zero during runtime initialization - * - * For example a `uint32_t` foo that will retain its value if the program is restarted by reset. - * - * uint32_t __uninitialized_ram("my_group_name") foo; - * - * The section attribute is `.uninitialized_ram.` - * - * \param group a string suffix to use in the section name to distinguish groups that can be linker - * garbage-collected independently - */ -#define __uninitialized_ram(group) __attribute__((section(".uninitialized_ram." #group))) group - -/*! \brief Section attribute macro for placement in flash even in a COPY_TO_RAM binary - * \ingroup pico_platform - * - * For example a `uint32_t` variable explicitly placed in flash (it will hard fault if you attempt to write it!) - * - * uint32_t __in_flash("my_group_name") foo = 23; - * - * The section attribute is `.flashdata.` - * - * \param group a string suffix to use in the section name to distinguish groups that can be linker - * garbage-collected independently - */ -#define __in_flash(group) __attribute__((section(".flashdata" group))) - -/*! \brief Indicates a function should not be stored in flash - * \ingroup pico_platform - * - * Decorates a function name, such that the function will execute from RAM (assuming it is not inlined - * into a flash function by the compiler) - * - * For example a function called my_func taking an int parameter: - * - * void __not_in_flash_func(my_func)(int some_arg) { - * - * The function is placed in the `.time_critical.` linker section - * - * \see __no_inline_not_in_flash_func - */ -#define __not_in_flash_func(func_name) __not_in_flash(__STRING(func_name)) func_name - -/*! \brief Indicates a function is time/latency critical and should not run from flash - * \ingroup pico_platform - * - * Decorates a function name, such that the function will execute from RAM (assuming it is not inlined - * into a flash function by the compiler) to avoid possible flash latency. Currently this macro is identical - * in implementation to `__not_in_flash_func`, however the semantics are distinct and a `__time_critical_func` - * may in the future be treated more specially to reduce the overhead when calling such function from a flash - * function. - * - * For example a function called my_func taking an int parameter: - * - * void __time_critical(my_func)(int some_arg) { - * - * The function is placed in the `.time_critical.` linker section - * - * \see __not_in_flash_func - */ -#define __time_critical_func(func_name) __not_in_flash_func(func_name) - -/*! \brief Indicate a function should not be stored in flash and should not be inlined - * \ingroup pico_platform - * - * Decorates a function name, such that the function will execute from RAM, explicitly marking it as - * noinline to prevent it being inlined into a flash function by the compiler - * - * For example a function called my_func taking an int parameter: - * - * void __no_inline_not_in_flash_func(my_func)(int some_arg) { - * - * The function is placed in the `.time_critical.` linker section - */ -#define __no_inline_not_in_flash_func(func_name) __noinline __not_in_flash_func(func_name) - -#define __packed_aligned __packed __aligned(4) - -#ifdef VERIFAST_PROOF - /* Reason for rewrite: - * VeriFast cannot handle defines for `__force_inline`. - */ -#else - /*! \brief Attribute to force inlining of a function regardless of optimization level - * \ingroup pico_platform - * - * For example my_function here will always be inlined: - * - * int __force_inline my_function(int x) { - * - */ - #if defined(__GNUC__) && (__GNUC__ <= 6 || (__GNUC__ == 7 && (__GNUC_MINOR__ < 3 || !defined(__cplusplus)))) - #define __force_inline inline __always_inline - #else - #define __force_inline __always_inline - #endif -#endif /* VERIFAST_PROOF */ - -/*! \brief Macro to determine the number of elements in an array - * \ingroup pico_platform - */ -#ifndef count_of -#define count_of(a) (sizeof(a)/sizeof((a)[0])) -#endif - -/*! \brief Macro to return the maximum of two comparable values - * \ingroup pico_platform - */ -#ifndef MAX -#define MAX(a, b) ((a)>(b)?(a):(b)) -#endif - -/*! \brief Macro to return the minimum of two comparable values - * \ingroup pico_platform - */ -#ifndef MIN -#define MIN(a, b) ((b)>(a)?(a):(b)) -#endif - -/*! \brief Execute a breakpoint instruction - * \ingroup pico_platform - */ -static inline void __breakpoint(void) { - __asm__("bkpt #0"); -} - -/*! \brief Ensure that the compiler does not move memory access across this method call - * \ingroup pico_platform - * - * For example in the following code: - * - * *some_memory_location = var_a; - * __compiler_memory_barrier(); - * uint32_t var_b = *some_other_memory_location - * - * The compiler will not move the load from `some_other_memory_location` above the memory barrier (which it otherwise - * might - even above the memory store!) - */ -#ifdef VERIFAST_PROOF - /* Reason for rewrite: VeriFast cannot parse: - * - `__force_inline` - * - the function body - */ - static void __compiler_memory_barrier(void); -#else - __force_inline static void __compiler_memory_barrier(void) { - __asm__ volatile ("" : : : "memory"); - } -#endif - - -/*! \brief Macro for converting memory addresses to 32 bit addresses suitable for DMA - * \ingroup pico_platform - * - * This is just a cast to `uintptr_t` on the RP2040, however you may want to use this when developing code - * that also runs in "host" mode. If the host mode is 64 bit and you are embedding data pointers - * in other data (e.g. DMA chaining), then there is a need in "host" mode to convert a 64 bit native - * pointer to a 32 bit value for storage, which can be done using this macro. - */ -#define host_safe_hw_ptr(x) ((uintptr_t)(x)) -#define native_safe_hw_ptr(x) host_safe_hw_ptr(x) - - -/*! \brief Panics with the message "Unsupported" - * \ingroup pico_platform - * \see panic - */ -#ifdef VERIFAST_PROOF - /* Reason for rewrite: VeriFast cannot parse `__attribute__((noreturn))`. */ - void panic_unsupported(void); -#else - void __attribute__((noreturn)) panic_unsupported(void); -#endif - -/*! \brief Displays a panic message and halts execution - * \ingroup pico_platform - * - * An attempt is made to output the message to all registered STDOUT drivers - * after which this method executes a BKPT instruction. - * - * @param fmt format string (printf-like) - * @param ... printf-like arguments - */ -#ifdef VERIFAST_PROOF - /* Reason for rewrite: VeriFast cannot parse `__attribute__((noreturn))`. */ - void panic(const char *fmt, ...); -#else - void __attribute__((noreturn)) panic(const char *fmt, ...); -#endif - -// PICO_CONFIG: PICO_NO_FPGA_CHECK, Remove the FPGA platform check for small code size reduction, type=bool, default=0, advanced=true, group=pico_runtime -#ifndef PICO_NO_FPGA_CHECK -#define PICO_NO_FPGA_CHECK 0 -#endif - -#if PICO_NO_FPGA_CHECK -static inline bool running_on_fpga(void) {return false;} -#else -bool running_on_fpga(void); -#endif - -/*! \brief Returns the RP2040 chip revision number - * \ingroup pico_platform - * @return the RP2040 chip revision number (1 for B0/B1, 2 for B2) - */ -uint8_t rp2040_chip_version(void); - -/*! \brief Returns the RP2040 rom version number - * \ingroup pico_platform - * @return the RP2040 rom version number (1 for RP2040-B0, 2 for RP2040-B1, 3 for RP2040-B2) - */ -static inline uint8_t rp2040_rom_version(void) { - #ifdef VERIFAST_PROOF - /* Reason for rewrite: VeriFast cannot parse GCC pragmas */ - return *(uint8_t*)0x13; - #else - #pragma GCC diagnostic push - #pragma GCC diagnostic ignored "-Warray-bounds" - return *(uint8_t*)0x13; - #pragma GCC diagnostic pop - #endif /* VERIFAST_PROOF */ -} - -/*! \brief No-op function for the body of tight loops - * \ingroup pico_platform - * - * No-op function intended to be called by any tight hardware polling loop. Using this ubiquitously - * makes it much easier to find tight loops, but also in the future \#ifdef-ed support for lockup - * debugging might be added - */ -#ifdef VERIFAST_PROOF - /* Reason for rewrite: VeriFast cannot parse `__force_inline`. */ - static void tight_loop_contents(void) {} -#else - static __force_inline void tight_loop_contents(void) {} -#endif /* VERIFAST_PROOF */ - - -/*! \brief Multiply two integers using an assembly `MUL` instruction - * \ingroup pico_platform - * - * This multiplies a by b using multiply instruction using the ARM mul instruction regardless of values (the compiler - * might otherwise choose to perform shifts/adds), i.e. this is a 1 cycle operation. - * - * \param a the first operand - * \param b the second operand - * \return a * b - */ -#ifdef VERIFAST_PROOF - /* Reason for rewrite: VeriFast cannot parse: - * - `__force_inline` - * - function body - */ - static int32_t __mul_instruction(int32_t a, int32_t b); -#else - __force_inline static int32_t __mul_instruction(int32_t a, int32_t b) { - asm ("mul %0, %1" : "+l" (a) : "l" (b) : ); - return a; - } -#endif /* VERIFAST_PROOF */ - -/*! \brief multiply two integer values using the fastest method possible - * \ingroup pico_platform - * - * Efficiently multiplies value a by possibly constant value b. - * - * If b is known to be constant and not zero or a power of 2, then a mul instruction is used rather than gcc's default - * which is often a slow combination of shifts and adds. If b is a power of 2 then a single shift is of course preferable - * and will be used - * - * \param a the first operand - * \param b the second operand - * \return a * b - */ -#define __fast_mul(a, b) __builtin_choose_expr(__builtin_constant_p(b) && !__builtin_constant_p(a), \ -(__builtin_popcount(b) >= 2 ? __mul_instruction(a,b) : (a)*(b)), \ -(a)*(b)) - -/*! \brief Utility macro to assert two types are equivalent. - * \ingroup pico_platform - * - * This macro can be useful in other macros along with `typeof` to assert that two parameters are of equivalent type - * (or that a single parameter is of an expected type) - */ -#define __check_type_compatible(type_a, type_b) static_assert(__builtin_types_compatible_p(type_a, type_b), __STRING(type_a) " is not compatible with " __STRING(type_b)); - -/*! \brief Get the current exception level on this core - * \ingroup pico_platform - * - * \return the exception number if the CPU is handling an exception, or 0 otherwise - */ -uint __get_current_exception(void); - -#define WRAPPER_FUNC(x) __wrap_ ## x -#define REAL_FUNC(x) __real_ ## x - -#ifdef __cplusplus -} -#endif - -/*! \brief Helper method to busy-wait for at least the given number of cycles - * \ingroup pico_platform - * - * This method is useful for introducing very short delays. - * - * This method busy-waits in a tight loop for the given number of system clock cycles. The total wait time is only accurate to within 2 cycles, - * and this method uses a loop counter rather than a hardware timer, so the method will always take longer than expected if an - * interrupt is handled on the calling core during the busy-wait; you can of course disable interrupts to prevent this. - * - * You can use \ref clock_get_hz(clk_sys) to determine the number of clock cycles per second if you want to convert an actual - * time duration to a number of cycles. - * - * \param minimum_cycles the minimum number of system clock cycles to delay for - */ -#ifdef VERIFAST_PROOF - /* Reason for rewrite: VeriFast cannot parse function body. */ - static inline void busy_wait_at_least_cycles(uint32_t minimum_cycles); -#else - static inline void busy_wait_at_least_cycles(uint32_t minimum_cycles) { - __asm volatile ( - ".syntax unified\n" - "1: subs %0, #3\n" - "bcs 1b\n" - : "+r" (minimum_cycles) : : "memory" - ); - } -#endif /* VERIFAST_PROOF */ - -/*! \brief Get the current core number - * \ingroup pico_platform - * - * \return The core number the call was made from - */ -#ifdef VERIFAST_PROOF - /* Reason for rewrite: VeriFast cannot parse `__force_inline`. */ - static uint get_core_num(void) -#else - __force_inline static uint get_core_num(void) -#endif /* VERIFAST_PROOF */ -{ - return (*(uint32_t *) (SIO_BASE + SIO_CPUID_OFFSET)); -} - -#else // __ASSEMBLER__ - -#define WRAPPER_FUNC_NAME(x) __wrap_##x -#define SECTION_NAME(x) .text.##x -#define RAM_SECTION_NAME(x) .time_critical.##x - -#endif // !__ASSEMBLER__ - -#endif diff --git a/verification/verifast/sdks/pico-sdk b/verification/verifast/sdks/pico-sdk index 2e6142b15b8..0c8802074d5 160000 --- a/verification/verifast/sdks/pico-sdk +++ b/verification/verifast/sdks/pico-sdk @@ -1 +1 @@ -Subproject commit 2e6142b15b8a75c1227dd3edbe839193b2bf9041 +Subproject commit 0c8802074d519ed0354400d85113c98618277c8b diff --git a/verification/verifast/start-vfide.sh b/verification/verifast/start-vfide.sh index 05137be8bae..ba01278cc63 100755 --- a/verification/verifast/start-vfide.sh +++ b/verification/verifast/start-vfide.sh @@ -80,7 +80,7 @@ PICO_SDK_DIR="sdks/pico-sdk" -I $PICO_SDK_DIR/src/rp2_common/pico_unique_id/include \ -I $PICO_SDK_DIR/src/rp2_common/hardware_flash/include \ -I $PICO_SDK_DIR/src/common/pico_usb_reset_interface/include \ - +-I $PICO_SDK_DIR/src/rp2_common/pico_platform/include/ # Defines used during the built of the FreeRTOS SMP Demo that might be relevant # in the future: From 497a23d2ebddf1d8edb7a2b48e031dd9fc857e7d Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 11 Oct 2022 15:32:57 -0400 Subject: [PATCH 011/289] Renamed `VERIFAST_PROOF` define into `VERIFAST`. --- tasks.c | 2 +- .../proof_setup/generated/pico_base/pico/config_autogen.h | 2 +- verification/verifast/proof_setup/sys/cdefs.h | 2 +- verification/verifast/proof_setup/verifast_proof_defs.h | 4 ++-- verification/verifast/sdks/pico-sdk | 2 +- verification/verifast/start-vfide.sh | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/tasks.c b/tasks.c index ff67e224f55..1afc706e4cb 100644 --- a/tasks.c +++ b/tasks.c @@ -25,7 +25,7 @@ */ /* Verifast proof setup */ -#ifdef VERIFAST_PROOF +#ifdef VERIFAST #include "verifast_proof_defs.h" #endif diff --git a/verification/verifast/proof_setup/generated/pico_base/pico/config_autogen.h b/verification/verifast/proof_setup/generated/pico_base/pico/config_autogen.h index 486e12e9703..013a80dfc35 100644 --- a/verification/verifast/proof_setup/generated/pico_base/pico/config_autogen.h +++ b/verification/verifast/proof_setup/generated/pico_base/pico/config_autogen.h @@ -6,7 +6,7 @@ // based on PICO_CONFIG_HEADER_FILES: -#ifdef VERIFAST_PROOF +#ifdef VERIFAST /* Reason for rewrite: VeriFast cannot handle absolute include paths. */ #include "freertos_sdk_config.h" #include "boards/pico.h" diff --git a/verification/verifast/proof_setup/sys/cdefs.h b/verification/verifast/proof_setup/sys/cdefs.h index e86eb4c1364..0940dd63346 100644 --- a/verification/verifast/proof_setup/sys/cdefs.h +++ b/verification/verifast/proof_setup/sys/cdefs.h @@ -70,7 +70,7 @@ #define _CDEFS_H_ /* Verifast proof setup */ -#ifdef VERIFAST_PROOF +#ifdef VERIFAST /* * The proof setup header is already included at the top of the proof target, * e.g., `tasks.c`. But it seems like the contained defines are not propagated diff --git a/verification/verifast/proof_setup/verifast_proof_defs.h b/verification/verifast/proof_setup/verifast_proof_defs.h index 73f0578c572..77c2a9184fb 100644 --- a/verification/verifast/proof_setup/verifast_proof_defs.h +++ b/verification/verifast/proof_setup/verifast_proof_defs.h @@ -7,7 +7,7 @@ // /Users/reitobia/repos/forked/FreeRTOS-Kernel/verification/verifast/proof_setup_incremental/verifast_proof_defs.h -#ifndef VERIFAST_PROOF_DEFS_H +#ifndef VERIFAST_DEFS_H // The following defines are required by `FRTOS.h` // line 93 #define configMAX_PRIORITIES 100 @@ -21,4 +21,4 @@ #define __arm__ -#endif /* VERIFAST_PROOF_DEFS_H */ +#endif /* VERIFAST_DEFS_H */ diff --git a/verification/verifast/sdks/pico-sdk b/verification/verifast/sdks/pico-sdk index 0c8802074d5..649256491cc 160000 --- a/verification/verifast/sdks/pico-sdk +++ b/verification/verifast/sdks/pico-sdk @@ -1 +1 @@ -Subproject commit 0c8802074d519ed0354400d85113c98618277c8b +Subproject commit 649256491cc60f331d39d2d06def7da8ede91790 diff --git a/verification/verifast/start-vfide.sh b/verification/verifast/start-vfide.sh index ba01278cc63..a49fcd6576a 100755 --- a/verification/verifast/start-vfide.sh +++ b/verification/verifast/start-vfide.sh @@ -29,7 +29,7 @@ PICO_SDK_DIR="sdks/pico-sdk" # `$GENERATED_HEADERS_DIR/pico_base` "$VFIDE" -I "$HEADER_DIR" \ --I $PROOF_SETUP_DIR -D VERIFAST_PROOF "$TASKS_C" \ +-I $PROOF_SETUP_DIR -D VERIFAST "$TASKS_C" \ -I $FREERTOS_SMP_DEMO_DIR/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include \ -I $PICO_SDK_DIR/src/common/pico_base/include \ -I $FREERTOS_SMP_DEMO_DIR/FreeRTOS/Source/include \ From 8ef03612b54e14bfbb7dce0db4f825543b11c492 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 12 Oct 2022 11:07:19 -0400 Subject: [PATCH 012/289] Update pico sdk submodule to resolve VF parse errors. --- verification/verifast/sdks/pico-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/verification/verifast/sdks/pico-sdk b/verification/verifast/sdks/pico-sdk index 649256491cc..0ad01b3ad67 160000 --- a/verification/verifast/sdks/pico-sdk +++ b/verification/verifast/sdks/pico-sdk @@ -1 +1 @@ -Subproject commit 649256491cc60f331d39d2d06def7da8ede91790 +Subproject commit 0ad01b3ad6787cd2acbc9f1e7dba3ac903cb9307 From c71025fda02249a85aab771803de45d10917cdc1 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 13 Oct 2022 09:16:54 -0400 Subject: [PATCH 013/289] Added minimal example for VF bug involving testing for macro defines in headers. --- verification/verifast/problems/README.md | 2 ++ .../bugs/define_name/defining_header.h | 10 ++++++++++ .../verifast/problems/bugs/define_name/main.c | 20 +++++++++++++++++++ .../bugs/define_name/testing_header.h | 17 ++++++++++++++++ 4 files changed, 49 insertions(+) create mode 100644 verification/verifast/problems/README.md create mode 100644 verification/verifast/problems/bugs/define_name/defining_header.h create mode 100644 verification/verifast/problems/bugs/define_name/main.c create mode 100644 verification/verifast/problems/bugs/define_name/testing_header.h diff --git a/verification/verifast/problems/README.md b/verification/verifast/problems/README.md new file mode 100644 index 00000000000..712ec28155b --- /dev/null +++ b/verification/verifast/problems/README.md @@ -0,0 +1,2 @@ +This directory contains collection of problems encountered with VeriFast that +need to be fixed in order to verify the current code base as is. diff --git a/verification/verifast/problems/bugs/define_name/defining_header.h b/verification/verifast/problems/bugs/define_name/defining_header.h new file mode 100644 index 00000000000..e63adcfa07b --- /dev/null +++ b/verification/verifast/problems/bugs/define_name/defining_header.h @@ -0,0 +1,10 @@ +#define ABC + + +/* +#ifdef ABC // ok: evaluates to true + #error "ABC defined" +#else // ok: evaluates to false + #error "ABC not defined" +#endif +*/ diff --git a/verification/verifast/problems/bugs/define_name/main.c b/verification/verifast/problems/bugs/define_name/main.c new file mode 100644 index 00000000000..c71f3ef2fb0 --- /dev/null +++ b/verification/verifast/problems/bugs/define_name/main.c @@ -0,0 +1,20 @@ +/* Bug: + * The header `defining_header.h` defines the constant `ABC` and + * the header `testing_header.h` checks whether `ABC` has been defined. + * In `testing_header.h` both checks `#ifdef ABC` and its negation + * `#ifndef ABC` evaluate to true. + */ + +#include "defining_header.h" + + +/* +#ifdef ABC // ok: evaluates to true + #error "ABC defined" +#else // ok: evaluates to false + #error "ABC not defined" +#endif +*/ + + +#include "testing_header.h" \ No newline at end of file diff --git a/verification/verifast/problems/bugs/define_name/testing_header.h b/verification/verifast/problems/bugs/define_name/testing_header.h new file mode 100644 index 00000000000..9add91a69ff --- /dev/null +++ b/verification/verifast/problems/bugs/define_name/testing_header.h @@ -0,0 +1,17 @@ +// Problem: Both branches branch conditions evaluate to true. + +/* `main.c` included this header after including `defining_header.h`. + * Hence, `#ifdef ABC` should evaluate to true and `#ifndef ABC should + * evaluate to false. + */ + +/* +#ifdef ABC // ok: evaluates to true. + #error "ABC defined" +#endif +*/ + + +#ifndef ABC // bug: evaluates to true + #error "ABC defined" +#endif \ No newline at end of file From 21f9a95a1090b8f054da405db98d695ece0db3f6 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 13 Oct 2022 09:48:11 -0400 Subject: [PATCH 014/289] Fixed proof setup include path The include path contained some directories within the SMP demos FreeRTOS source tree (which is the official unaltered FreeRTOS repo). Updated the include path such that it points to our forked version of the FreeRTOS kernel repo. --- verification/verifast/start-vfide.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/verification/verifast/start-vfide.sh b/verification/verifast/start-vfide.sh index a49fcd6576a..5e5c9bc2aba 100755 --- a/verification/verifast/start-vfide.sh +++ b/verification/verifast/start-vfide.sh @@ -18,6 +18,8 @@ TASKS_C="$SOURCE_DIR/tasks.c" PROOF_SETUP_DIR="proof_setup" GENERATED_HEADERS_DIR="$PROOF_SETUP_DIR/generated" +RP2040_CONFIG_DIR="$SOURCE_DIR/portable/ThirdParty/GCC/RP2040/include" + FREERTOS_SMP_DEMO_DIR="demos/FreeRTOS-SMP-Demos" PICO_SDK_DIR="sdks/pico-sdk" @@ -28,11 +30,12 @@ PICO_SDK_DIR="sdks/pico-sdk" # -> # `$GENERATED_HEADERS_DIR/pico_base` + + "$VFIDE" -I "$HEADER_DIR" \ -I $PROOF_SETUP_DIR -D VERIFAST "$TASKS_C" \ --I $FREERTOS_SMP_DEMO_DIR/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include \ +-I $RP2040_CONFIG_DIR \ -I $PICO_SDK_DIR/src/common/pico_base/include \ --I $FREERTOS_SMP_DEMO_DIR/FreeRTOS/Source/include \ -I $GENERATED_HEADERS_DIR/pico_base \ -I $PICO_SDK_DIR/src/boards/include \ -I $PICO_SDK_DIR/src/rp2_common/cmsis/include \ From 4431a1f5d6d5abb8d97be4996fde5aada85fd0c1 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 13 Oct 2022 09:52:20 -0400 Subject: [PATCH 015/289] Resolved VF parse error: VF does not support local static variables. Removed problematic function definition for now. --- .../ThirdParty/GCC/RP2040/include/portmacro.h | 63 ++++++++++--------- 1 file changed, 34 insertions(+), 29 deletions(-) diff --git a/portable/ThirdParty/GCC/RP2040/include/portmacro.h b/portable/ThirdParty/GCC/RP2040/include/portmacro.h index e2982370058..56def3c9940 100644 --- a/portable/ThirdParty/GCC/RP2040/include/portmacro.h +++ b/portable/ThirdParty/GCC/RP2040/include/portmacro.h @@ -172,40 +172,45 @@ /* Note this is a single method with uxAcquire parameter since we have * static vars, the method is always called with a compile time constant for * uxAcquire, and the compiler should dothe right thing! */ - static inline void vPortRecursiveLock(uint32_t ulLockNum, spin_lock_t *pxSpinLock, BaseType_t uxAcquire) { - static uint8_t ucOwnedByCore[ portMAX_CORE_COUNT ]; - static uint8_t ucRecursionCountByLock[ portRTOS_SPINLOCK_COUNT ]; - configASSERT(ulLockNum >= 0 && ulLockNum < portRTOS_SPINLOCK_COUNT ); - uint32_t ulCoreNum = get_core_num(); - uint32_t ulLockBit = 1u << ulLockNum; - configASSERT(ulLockBit < 256u ); - if( uxAcquire ) - { - if( __builtin_expect( !*pxSpinLock, 0 ) ) + #ifdef VERIFAST + /* Reason for rewrite: VeriFast does not support local static variables. + */ + #else + static inline void vPortRecursiveLock(uint32_t ulLockNum, spin_lock_t *pxSpinLock, BaseType_t uxAcquire) { + static uint8_t ucOwnedByCore[ portMAX_CORE_COUNT ]; + static uint8_t ucRecursionCountByLock[ portRTOS_SPINLOCK_COUNT ]; + configASSERT(ulLockNum >= 0 && ulLockNum < portRTOS_SPINLOCK_COUNT ); + uint32_t ulCoreNum = get_core_num(); + uint32_t ulLockBit = 1u << ulLockNum; + configASSERT(ulLockBit < 256u ); + if( uxAcquire ) { - if( ucOwnedByCore[ulCoreNum] & ulLockBit ) + if( __builtin_expect( !*pxSpinLock, 0 ) ) { - configASSERT(ucRecursionCountByLock[ulLockNum] != 255u ); - ucRecursionCountByLock[ulLockNum]++; - return; + if( ucOwnedByCore[ulCoreNum] & ulLockBit ) + { + configASSERT(ucRecursionCountByLock[ulLockNum] != 255u ); + ucRecursionCountByLock[ulLockNum]++; + return; + } + while ( __builtin_expect( !*pxSpinLock, 0 ) ); + } + __mem_fence_acquire(); + configASSERT(ucRecursionCountByLock[ulLockNum] == 0 ); + ucRecursionCountByLock[ulLockNum] = 1; + ucOwnedByCore[ulCoreNum] |= ulLockBit; + } else { + configASSERT((ucOwnedByCore[ulCoreNum] & ulLockBit) != 0 ); + configASSERT(ucRecursionCountByLock[ulLockNum] != 0 ); + if( !--ucRecursionCountByLock[ulLockNum] ) + { + ucOwnedByCore[ulCoreNum] &= ~ulLockBit; + __mem_fence_release(); + *pxSpinLock = 1; } - while ( __builtin_expect( !*pxSpinLock, 0 ) ); - } - __mem_fence_acquire(); - configASSERT(ucRecursionCountByLock[ulLockNum] == 0 ); - ucRecursionCountByLock[ulLockNum] = 1; - ucOwnedByCore[ulCoreNum] |= ulLockBit; - } else { - configASSERT((ucOwnedByCore[ulCoreNum] & ulLockBit) != 0 ); - configASSERT(ucRecursionCountByLock[ulLockNum] != 0 ); - if( !--ucRecursionCountByLock[ulLockNum] ) - { - ucOwnedByCore[ulCoreNum] &= ~ulLockBit; - __mem_fence_release(); - *pxSpinLock = 1; } } - } + #endif /* VERIFAST */ #define portGET_ISR_LOCK() vPortRecursiveLock(0, spin_lock_instance(configSMP_SPINLOCK_0), pdTRUE) #define portRELEASE_ISR_LOCK() vPortRecursiveLock(0, spin_lock_instance(configSMP_SPINLOCK_0), pdFALSE) From f7316a77f0370b250daf0636e59646389602d77a Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 13 Oct 2022 10:01:34 -0400 Subject: [PATCH 016/289] Added temporary work-around for VF's `define_name` bug. For bug description, see minimal example `define_name`. --- include/list.h | 14 ++++++++++++++ include/task.h | 14 ++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/include/list.h b/include/list.h index 332f3f413ce..2e4d45823cd 100644 --- a/include/list.h +++ b/include/list.h @@ -56,6 +56,20 @@ #ifndef LIST_H #define LIST_H + +#ifdef VERIFAST + /* Reason for rewrite: + * VeriFast bug: + * Both `#ifdef INC_FREERTOS_H` and its negation `#ifdef INC_FREERTOS_H` + * evaluate to true. See minimal example `define_name`. + */ + #define INC_FREERTOS_H + /* Remember that this header is included indirectly `tasks.c` after it + * includes `FreeRTOS.h`. + */ + // TODO: Remove this work-around once VF has been fixed. +#endif /* VERIFAST */ + #ifndef INC_FREERTOS_H #error "FreeRTOS.h must be included before list.h" #endif diff --git a/include/task.h b/include/task.h index 65cd86e8dd0..410f9283b89 100644 --- a/include/task.h +++ b/include/task.h @@ -28,6 +28,20 @@ #ifndef INC_TASK_H #define INC_TASK_H +#ifdef VERIFAST + /* Reason for rewrite: + * VeriFast bug: + * Both `#ifdef INC_FREERTOS_H` and its negation `#ifdef INC_FREERTOS_H` + * evaluate to true. See minimal example `define_name`. + */ + #define INC_FREERTOS_H + /* Remember that this header is included by `tasks.c` after it includes + * `FreeRTOS.h`. + */ + // TODO: Remove this work-around once VF has been fixed. +#endif /* VERIFAST */ + + #ifndef INC_FREERTOS_H #error "include FreeRTOS.h must appear in source files before include task.h" #endif From a1a16c7dba4575dc3f2193d6fb73d842eda26358 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 13 Oct 2022 10:02:31 -0400 Subject: [PATCH 017/289] Dumped new version of pico sdk submodule. --- verification/verifast/sdks/pico-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/verification/verifast/sdks/pico-sdk b/verification/verifast/sdks/pico-sdk index 0ad01b3ad67..780173e22f1 160000 --- a/verification/verifast/sdks/pico-sdk +++ b/verification/verifast/sdks/pico-sdk @@ -1 +1 @@ -Subproject commit 0ad01b3ad6787cd2acbc9f1e7dba3ac903cb9307 +Subproject commit 780173e22f197ec7481001f45a5daa1ae5d1788a From 50c5b21a59a88e91822c057bf8397ce5ef210bb7 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 13 Oct 2022 11:34:24 -0400 Subject: [PATCH 018/289] Resolved VF preprocessor error. VF's preprocessor cannot handle expansion of `PRIVILEGED_FUNCTION` macro because the normal and the context-free preprocessor consume different numbers of tokens. We resolved this temporarily by deleting the macro. --- include/list.h | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/include/list.h b/include/list.h index 2e4d45823cd..2b6283aa89f 100644 --- a/include/list.h +++ b/include/list.h @@ -74,6 +74,17 @@ #error "FreeRTOS.h must be included before list.h" #endif +#ifdef VERIFAST + /* Reason for rewrite: + * VeriFast's normal and context-free preprocessor consume different + * numbers of tokens when expanding `PRIVILEGED_FUNCTION` in this file. + */ + #define PRIVILEGED_FUNCTION + // TODO: Figure out why the preprocessors consume different amounts of + // of tokens. This most likely has to do with the path/context + // from which this header is included. +#endif /* VERIFAST */ + /* * The list structure members are modified from within interrupts, and therefore * by rights should be declared volatile. However, they are only modified in a From 612972650168df94096a8e6f4ba38f969418f0f9 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 13 Oct 2022 12:21:36 -0400 Subject: [PATCH 019/289] Resolved VF preprocessor error. VF's preprocessor cannot handle context-sensitive macro expansion. --- include/task.h | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/include/task.h b/include/task.h index 410f9283b89..8bc75d1f333 100644 --- a/include/task.h +++ b/include/task.h @@ -42,6 +42,23 @@ #endif /* VERIFAST */ +/* Remark: + * Note that the following VF section renders the previous one obsolete. + * However, we keep the above as a reminder until the corresponding bug + * has been fixed. + */ +#ifdef VERIFAST + /* Reason for rewrite: + * Even though in the current verification setup, `FreeRTOS.h` is always + * included before this file is processed, VeriFast does not consider this + * context when processing this file. VeriFast forbids macro expansions to + * depend on a potentially variable context, e.g, `configSTACK_DEPTH_TYPE` + * which expands to 'uint16_t' if and only if `FreeRTOS.h` has been + * included. + */ + #include "FreeRTOS.h" +#endif /* VERIFAST */ + #ifndef INC_FREERTOS_H #error "include FreeRTOS.h must appear in source files before include task.h" #endif From 8aa7af3fd56420acc99661c6fe0e49a5a41f2765 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 13 Oct 2022 12:36:18 -0400 Subject: [PATCH 020/289] Resolved VF parser error: VF does not support attribute `used`. --- portable/ThirdParty/GCC/RP2040/include/portmacro.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/portable/ThirdParty/GCC/RP2040/include/portmacro.h b/portable/ThirdParty/GCC/RP2040/include/portmacro.h index 56def3c9940..7bbf05ab02b 100644 --- a/portable/ThirdParty/GCC/RP2040/include/portmacro.h +++ b/portable/ThirdParty/GCC/RP2040/include/portmacro.h @@ -77,7 +77,13 @@ #define portSTACK_GROWTH ( -1 ) #define portTICK_PERIOD_MS ( ( TickType_t ) 1000 / configTICK_RATE_HZ ) #define portBYTE_ALIGNMENT 8 - #define portDONT_DISCARD __attribute__( ( used ) ) + #ifdef VERIFAST + /* Reason for rewrite: VeriFast does not support the attriibute `used`. + */ + #define portDONT_DISCARD + #else + #define portDONT_DISCARD __attribute__( ( used ) ) + #endif /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config, * as our FreeRTOSConfig.h header cannot be included by ASM code - which is what this affects in the SDK */ #define portUSE_DIVIDER_SAVE_RESTORE !PICO_DIVIDER_DISABLE_INTERRUPTS From 997d39d894313b13ae42ba24163274e0bba36941 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 13 Oct 2022 12:40:50 -0400 Subject: [PATCH 021/289] Added temporary work-around for VF's `define_name` bug. For bug description, see minimal example `define_name`. --- include/timers.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/include/timers.h b/include/timers.h index 2ef995114b3..344cbf39568 100644 --- a/include/timers.h +++ b/include/timers.h @@ -28,6 +28,20 @@ #ifndef TIMERS_H #define TIMERS_H + +#ifdef VERIFAST + /* Reason for rewrite: + * VeriFast bug: + * Both `#ifdef INC_FREERTOS_H` and its negation `#ifdef INC_FREERTOS_H` + * evaluate to true. See minimal example `define_name`. + */ + #define INC_FREERTOS_H + /* Remember that this header is included indirectly `tasks.c` after it + * includes `FreeRTOS.h`. + */ + // TODO: Remove this work-around once VF has been fixed. +#endif /* VERIFAST */ + #ifndef INC_FREERTOS_H #error "include FreeRTOS.h must appear in source files before include timers.h" #endif From ee70a7815d1b5ec25213b80e960cc7e03e9da13a Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 13 Oct 2022 12:52:57 -0400 Subject: [PATCH 022/289] Resolved VF parse error. Deleted functions involving inline assembler. --- tasks.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/tasks.c b/tasks.c index 1afc706e4cb..81ad299e3bf 100644 --- a/tasks.c +++ b/tasks.c @@ -602,20 +602,31 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) PRIVILEGED_FUNCTION; /*-----------------------------------------------------------*/ -static BaseType_t prvGetCurrentYieldPending( void ) -{ - BaseType_t xReturn; - UBaseType_t ulState; +#ifndef VERIFAST + /* Reason for rewrite: + * VeriFast cannot handle inline assembler and both `portDISABLE_INTERRUPTS` + * and `portRESTORE_INTERRUPTS` expand to inline assembler instructions. + */ + static BaseType_t prvGetCurrentYieldPending( void ) + { + BaseType_t xReturn; + UBaseType_t ulState; - ulState = portDISABLE_INTERRUPTS(); - xReturn = xYieldPendings[ portGET_CORE_ID() ]; - portRESTORE_INTERRUPTS( ulState ); + ulState = portDISABLE_INTERRUPTS(); + xReturn = xYieldPendings[ portGET_CORE_ID() ]; + portRESTORE_INTERRUPTS( ulState ); - return xReturn; -} + return xReturn; + } +#endif /* VERIFAST */ /*-----------------------------------------------------------*/ +#ifndef VERIFAST + /* Reason for rewrite: + * VeriFast cannot handle inline assembler and `portCHECK_IF_IN_ISR` + * expands to inline assembler. + */ static void prvCheckForRunStateChange( void ) { UBaseType_t uxPrevCriticalNesting; @@ -690,6 +701,7 @@ static void prvCheckForRunStateChange( void ) } } } +#endif /* VERIFAST */ /*-----------------------------------------------------------*/ From d7fff36a2bfdecc63d4911ff4d3420712a77d8df Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 14 Oct 2022 13:10:53 -0400 Subject: [PATCH 023/289] Update SMP demo submodule. --- verification/verifast/demos/FreeRTOS-SMP-Demos | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/verification/verifast/demos/FreeRTOS-SMP-Demos b/verification/verifast/demos/FreeRTOS-SMP-Demos index c84926adafd..345437a815d 160000 --- a/verification/verifast/demos/FreeRTOS-SMP-Demos +++ b/verification/verifast/demos/FreeRTOS-SMP-Demos @@ -1 +1 @@ -Subproject commit c84926adafd83830f75c3b59c85988a9898b7351 +Subproject commit 345437a815defb4d7ccc549d3f04e7ec0883e8ad From 7d029778bf7a8b23a8eac643e9e883faa336d1fe Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 14 Oct 2022 13:23:37 -0400 Subject: [PATCH 024/289] Added scripts to build kernel and to preprocess tasks.c. The scripts use the demo configuration for RP2040. --- .../custom_build_scripts_RP2040/build_full.sh | 22 +++++++++++++++++++ .../preprocess_tasks_c.sh | 16 ++++++++++++++ 2 files changed, 38 insertions(+) create mode 100755 verification/verifast/custom_build_scripts_RP2040/build_full.sh create mode 100755 verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh diff --git a/verification/verifast/custom_build_scripts_RP2040/build_full.sh b/verification/verifast/custom_build_scripts_RP2040/build_full.sh new file mode 100755 index 00000000000..9a2723f107e --- /dev/null +++ b/verification/verifast/custom_build_scripts_RP2040/build_full.sh @@ -0,0 +1,22 @@ +#!/bin/zsh +ps -o comm= -p $$ + +CURRENT_DIR=`pwd` +DEMO_DIR="../demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040" +LOG_DIR="`pwd`/build_logs" +BUILD_LOG="$LOG_DIR/build_log--`date +'%y_%m_%d--%H_%M'`.txt" + +export CC=/usr/bin/clang +export CQQ=/usr/bin/clang++ + +mkdir $LOG_DIR +cd $DEMO_DIR +rm -rf build +mkdir build +cd build +cmake .. &>$BUILD_LOG +echo "\ncmake finished\n" + +make VERBOSE=1 &>>$BUILD_LOG + +echo "\nmake finished\n" diff --git a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh new file mode 100755 index 00000000000..3675e2cdcdf --- /dev/null +++ b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh @@ -0,0 +1,16 @@ +#!/bin/zsh +ps -o comm= -p $$ + +CURRENT_DIR=`pwd` +DEMO_DIR="../FreeRTOS/Demo/CORTEX_M0+_RP2040/" +#LOG_DIR="`pwd`/build_logs" +#BUILD_LOG="$LOG_DIR/build_log--`date +'%y_%m_%d--%H_%M'`.txt" +TIMESTAMP=`date +'%y_%m_%d--%H_%M'` +PP_OUT_DIR="preprocessed_files" +PP_TASK_C="$PP_OUT_DIR/tasks--pp--$TIMESTAMP.c" + + +mkdir $PP_OUT_DIR + + +clang -E -C -P -DFREE_RTOS_KERNEL_SMP=1 -DLIB_FREERTOS_KERNEL=1 -DLIB_PICO_BIT_OPS=1 -DLIB_PICO_BIT_OPS_PICO=1 -DLIB_PICO_DIVIDER=1 -DLIB_PICO_DIVIDER_HARDWARE=1 -DLIB_PICO_DOUBLE=1 -DLIB_PICO_DOUBLE_PICO=1 -DLIB_PICO_FLOAT=1 -DLIB_PICO_FLOAT_PICO=1 -DLIB_PICO_INT64_OPS=1 -DLIB_PICO_INT64_OPS_PICO=1 -DLIB_PICO_MALLOC=1 -DLIB_PICO_MEM_OPS=1 -DLIB_PICO_MEM_OPS_PICO=1 -DLIB_PICO_MULTICORE=1 -DLIB_PICO_PLATFORM=1 -DLIB_PICO_PRINTF=1 -DLIB_PICO_PRINTF_PICO=1 -DLIB_PICO_RUNTIME=1 -DLIB_PICO_STANDARD_LINK=1 -DLIB_PICO_STDIO=1 -DLIB_PICO_STDIO_UART=1 -DLIB_PICO_STDLIB=1 -DLIB_PICO_SYNC=1 -DLIB_PICO_SYNC_CORE=1 -DLIB_PICO_SYNC_CRITICAL_SECTION=1 -DLIB_PICO_SYNC_MUTEX=1 -DLIB_PICO_SYNC_SEM=1 -DLIB_PICO_TIME=1 -DLIB_PICO_UTIL=1 -DPICO_BOARD=\"pico\" -DPICO_BUILD=1 -DPICO_CMAKE_BUILD_TYPE=\"Release\" -DPICO_COPY_TO_RAM=0 -DPICO_CXX_ENABLE_EXCEPTIONS=0 -DPICO_NO_FLASH=0 -DPICO_NO_HARDWARE=0 -DPICO_ON_DEVICE=1 -DPICO_STACK_SIZE=0x1000 -DPICO_TARGET_NAME=\"on_core_one\" -DPICO_USE_BLOCKED_RAM=0 -DmainRUN_FREE_RTOS_ON_CORE=1 -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_base/include -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base -I/Users/reitobia/programs/pico-sdk/src/boards/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_platform/include -I/Users/reitobia/programs/pico-sdk/src/rp2040/hardware_regs/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_base/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_clocks/include -I/Users/reitobia/programs/pico-sdk/src/rp2040/hardware_structs/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_claim/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_sync/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_gpio/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_irq/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_sync/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_time/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_timer/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_util/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_resets/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_pll/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_vreg/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_watchdog/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_xosc/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_exception/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_multicore/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_stdlib/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_uart/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_divider/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_runtime/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_printf/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_bootrom/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_bit_ops/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_divider/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_double/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_int64_ops/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_float/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_malloc/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/boot_stage2/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_binary_info/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_stdio/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_stdio_uart/include -c /Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c &>$PP_TASK_C From 24130f5334320ec7692a16ffb7970fdae6e74913 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 14 Oct 2022 13:37:30 -0400 Subject: [PATCH 025/289] Added VF startup script for preprocessed tasks.c. The script preprocesses task.c according to the RP2040 configuration and launches verifast. --- .../preprocess_tasks_c.sh | 15 +- .../verifast/preprocessed_files/tasks--pp.c | 14869 ++++++++++++++++ ...tart-vfide.sh => start-vfide--original.sh} | 0 .../verifast/start-vfide--preprocessed.sh | 14 + 4 files changed, 14894 insertions(+), 4 deletions(-) create mode 100644 verification/verifast/preprocessed_files/tasks--pp.c rename verification/verifast/{start-vfide.sh => start-vfide--original.sh} (100%) create mode 100755 verification/verifast/start-vfide--preprocessed.sh diff --git a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh index 3675e2cdcdf..eaf7fe8b616 100755 --- a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh +++ b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh @@ -6,11 +6,18 @@ DEMO_DIR="../FreeRTOS/Demo/CORTEX_M0+_RP2040/" #LOG_DIR="`pwd`/build_logs" #BUILD_LOG="$LOG_DIR/build_log--`date +'%y_%m_%d--%H_%M'`.txt" TIMESTAMP=`date +'%y_%m_%d--%H_%M'` -PP_OUT_DIR="preprocessed_files" -PP_TASK_C="$PP_OUT_DIR/tasks--pp--$TIMESTAMP.c" +LOG_PP_OUT_DIR="preprocessed_files" +LOG_PP_TASK_C="$LOG_PP_OUT_DIR/tasks--pp--$TIMESTAMP.c" +PP_OUT_DIR="../preprocessed_files" +PP_TASK_C="$PP_OUT_DIR/tasks--pp.c" -mkdir $PP_OUT_DIR +mkdir $LOG_PP_OUT_DIR -clang -E -C -P -DFREE_RTOS_KERNEL_SMP=1 -DLIB_FREERTOS_KERNEL=1 -DLIB_PICO_BIT_OPS=1 -DLIB_PICO_BIT_OPS_PICO=1 -DLIB_PICO_DIVIDER=1 -DLIB_PICO_DIVIDER_HARDWARE=1 -DLIB_PICO_DOUBLE=1 -DLIB_PICO_DOUBLE_PICO=1 -DLIB_PICO_FLOAT=1 -DLIB_PICO_FLOAT_PICO=1 -DLIB_PICO_INT64_OPS=1 -DLIB_PICO_INT64_OPS_PICO=1 -DLIB_PICO_MALLOC=1 -DLIB_PICO_MEM_OPS=1 -DLIB_PICO_MEM_OPS_PICO=1 -DLIB_PICO_MULTICORE=1 -DLIB_PICO_PLATFORM=1 -DLIB_PICO_PRINTF=1 -DLIB_PICO_PRINTF_PICO=1 -DLIB_PICO_RUNTIME=1 -DLIB_PICO_STANDARD_LINK=1 -DLIB_PICO_STDIO=1 -DLIB_PICO_STDIO_UART=1 -DLIB_PICO_STDLIB=1 -DLIB_PICO_SYNC=1 -DLIB_PICO_SYNC_CORE=1 -DLIB_PICO_SYNC_CRITICAL_SECTION=1 -DLIB_PICO_SYNC_MUTEX=1 -DLIB_PICO_SYNC_SEM=1 -DLIB_PICO_TIME=1 -DLIB_PICO_UTIL=1 -DPICO_BOARD=\"pico\" -DPICO_BUILD=1 -DPICO_CMAKE_BUILD_TYPE=\"Release\" -DPICO_COPY_TO_RAM=0 -DPICO_CXX_ENABLE_EXCEPTIONS=0 -DPICO_NO_FLASH=0 -DPICO_NO_HARDWARE=0 -DPICO_ON_DEVICE=1 -DPICO_STACK_SIZE=0x1000 -DPICO_TARGET_NAME=\"on_core_one\" -DPICO_USE_BLOCKED_RAM=0 -DmainRUN_FREE_RTOS_ON_CORE=1 -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_base/include -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base -I/Users/reitobia/programs/pico-sdk/src/boards/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_platform/include -I/Users/reitobia/programs/pico-sdk/src/rp2040/hardware_regs/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_base/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_clocks/include -I/Users/reitobia/programs/pico-sdk/src/rp2040/hardware_structs/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_claim/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_sync/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_gpio/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_irq/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_sync/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_time/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_timer/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_util/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_resets/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_pll/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_vreg/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_watchdog/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_xosc/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_exception/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_multicore/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_stdlib/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_uart/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_divider/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_runtime/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_printf/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_bootrom/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_bit_ops/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_divider/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_double/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_int64_ops/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_float/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_malloc/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/boot_stage2/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_binary_info/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_stdio/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_stdio_uart/include -c /Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c &>$PP_TASK_C + +clang -E -C -P -DFREE_RTOS_KERNEL_SMP=1 -DLIB_FREERTOS_KERNEL=1 -DLIB_PICO_BIT_OPS=1 -DLIB_PICO_BIT_OPS_PICO=1 -DLIB_PICO_DIVIDER=1 -DLIB_PICO_DIVIDER_HARDWARE=1 -DLIB_PICO_DOUBLE=1 -DLIB_PICO_DOUBLE_PICO=1 -DLIB_PICO_FLOAT=1 -DLIB_PICO_FLOAT_PICO=1 -DLIB_PICO_INT64_OPS=1 -DLIB_PICO_INT64_OPS_PICO=1 -DLIB_PICO_MALLOC=1 -DLIB_PICO_MEM_OPS=1 -DLIB_PICO_MEM_OPS_PICO=1 -DLIB_PICO_MULTICORE=1 -DLIB_PICO_PLATFORM=1 -DLIB_PICO_PRINTF=1 -DLIB_PICO_PRINTF_PICO=1 -DLIB_PICO_RUNTIME=1 -DLIB_PICO_STANDARD_LINK=1 -DLIB_PICO_STDIO=1 -DLIB_PICO_STDIO_UART=1 -DLIB_PICO_STDLIB=1 -DLIB_PICO_SYNC=1 -DLIB_PICO_SYNC_CORE=1 -DLIB_PICO_SYNC_CRITICAL_SECTION=1 -DLIB_PICO_SYNC_MUTEX=1 -DLIB_PICO_SYNC_SEM=1 -DLIB_PICO_TIME=1 -DLIB_PICO_UTIL=1 -DPICO_BOARD=\"pico\" -DPICO_BUILD=1 -DPICO_CMAKE_BUILD_TYPE=\"Release\" -DPICO_COPY_TO_RAM=0 -DPICO_CXX_ENABLE_EXCEPTIONS=0 -DPICO_NO_FLASH=0 -DPICO_NO_HARDWARE=0 -DPICO_ON_DEVICE=1 -DPICO_STACK_SIZE=0x1000 -DPICO_TARGET_NAME=\"on_core_one\" -DPICO_USE_BLOCKED_RAM=0 -DmainRUN_FREE_RTOS_ON_CORE=1 -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_base/include -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base -I/Users/reitobia/programs/pico-sdk/src/boards/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_platform/include -I/Users/reitobia/programs/pico-sdk/src/rp2040/hardware_regs/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_base/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_clocks/include -I/Users/reitobia/programs/pico-sdk/src/rp2040/hardware_structs/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_claim/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_sync/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_gpio/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_irq/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_sync/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_time/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_timer/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_util/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_resets/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_pll/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_vreg/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_watchdog/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_xosc/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_exception/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_multicore/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_stdlib/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_uart/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_divider/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_runtime/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_printf/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_bootrom/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_bit_ops/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_divider/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_double/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_int64_ops/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_float/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_malloc/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/boot_stage2/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_binary_info/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_stdio/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_stdio_uart/include -c /Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c &>$LOG_PP_TASK_C + + +mkdir "$PP_OUT_DIR" +cp "$LOG_PP_TASK_C" "$PP_TASK_C" diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c new file mode 100644 index 00000000000..f4e28f0ea96 --- /dev/null +++ b/verification/verifast/preprocessed_files/tasks--pp.c @@ -0,0 +1,14869 @@ +/* + * FreeRTOS Kernel V10.4.3 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * https://www.FreeRTOS.org + * https://github.com/FreeRTOS + * + */ +/* Standard includes. */ +/* + * Copyright (c) 2000, 2002 - 2008 Apple Inc. All rights reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ +/*- + * Copyright (c) 1990, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)stdlib.h 8.5 (Berkeley) 5/19/95 + */ +/* + * Copyright (c) 2007-2016 by Apple Inc.. All rights reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + /* + These macros are for use in OS header files. They enable function prototypes + and Objective-C methods to be tagged with the OS version in which they + were first available; and, if applicable, the OS version in which they + became deprecated. + + The desktop Mac OS X and iOS each have different version numbers. + The __OSX_AVAILABLE_STARTING() macro allows you to specify both the desktop + and iOS version numbers. For instance: + __OSX_AVAILABLE_STARTING(__MAC_10_2,__IPHONE_2_0) + means the function/method was first available on Mac OS X 10.2 on the desktop + and first available in iOS 2.0 on the iPhone. + + If a function is available on one platform, but not the other a _NA (not + applicable) parameter is used. For instance: + __OSX_AVAILABLE_STARTING(__MAC_10_3,__IPHONE_NA) + means that the function/method was first available on Mac OS X 10.3, and it + currently not implemented on the iPhone. + + At some point, a function/method may be deprecated. That means Apple + recommends applications stop using the function, either because there is a + better replacement or the functionality is being phased out. Deprecated + functions/methods can be tagged with a __OSX_AVAILABLE_BUT_DEPRECATED() + macro which specifies the OS version where the function became available + as well as the OS version in which it became deprecated. For instance: + __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_0,__MAC_10_5,__IPHONE_NA,__IPHONE_NA) + means that the function/method was introduced in Mac OS X 10.0, then + became deprecated beginning in Mac OS X 10.5. On iOS the function + has never been available. + + For these macros to function properly, a program must specify the OS version range + it is targeting. The min OS version is specified as an option to the compiler: + -mmacosx-version-min=10.x when building for Mac OS X, and -miphoneos-version-min=y.z + when building for the iPhone. The upper bound for the OS version is rarely needed, + but it can be set on the command line via: -D__MAC_OS_X_VERSION_MAX_ALLOWED=10x0 for + Mac OS X and __IPHONE_OS_VERSION_MAX_ALLOWED = y0z00 for iOS. + + Examples: + + A function available in Mac OS X 10.5 and later, but not on the phone: + + extern void mymacfunc() __OSX_AVAILABLE_STARTING(__MAC_10_5,__IPHONE_NA); + + + An Objective-C method in Mac OS X 10.5 and later, but not on the phone: + + @interface MyClass : NSObject + -(void) mymacmethod __OSX_AVAILABLE_STARTING(__MAC_10_5,__IPHONE_NA); + @end + + + An enum available on the phone, but not available on Mac OS X: + + #if __IPHONE_OS_VERSION_MIN_REQUIRED + enum { myEnum = 1 }; + #endif + Note: this works when targeting the Mac OS X platform because + __IPHONE_OS_VERSION_MIN_REQUIRED is undefined which evaluates to zero. + + + An enum with values added in different iPhoneOS versions: + + enum { + myX = 1, // Usable on iPhoneOS 2.1 and later + myY = 2, // Usable on iPhoneOS 3.0 and later + myZ = 3, // Usable on iPhoneOS 3.0 and later + ... + Note: you do not want to use #if with enumeration values + when a client needs to see all values at compile time + and use runtime logic to only use the viable values. + + + It is also possible to use the *_VERSION_MIN_REQUIRED in source code to make one + source base that can be compiled to target a range of OS versions. It is best + to not use the _MAC_* and __IPHONE_* macros for comparisons, but rather their values. + That is because you might get compiled on an old OS that does not define a later + OS version macro, and in the C preprocessor undefined values evaluate to zero + in expresssions, which could cause the #if expression to evaluate in an unexpected + way. + + #ifdef __MAC_OS_X_VERSION_MIN_REQUIRED + // code only compiled when targeting Mac OS X and not iPhone + // note use of 1050 instead of __MAC_10_5 + #if __MAC_OS_X_VERSION_MIN_REQUIRED < 1050 + // code in here might run on pre-Leopard OS + #else + // code here can assume Leopard or later + #endif + #endif + + +*/ +/* + * __API_TO_BE_DEPRECATED is used as a version number in API that will be deprecated + * in an upcoming release. This soft deprecation is an intermediate step before formal + * deprecation to notify developers about the API before compiler warnings are generated. + * You can find all places in your code that use soft deprecated API by redefining the + * value of this macro to your current minimum deployment target, for example: + * (macOS) + * clang -D__API_TO_BE_DEPRECATED=10.12 + * (iOS) + * clang -D__API_TO_BE_DEPRECATED=11.0 + */ +/* + * Copyright (c) 2019 by Apple Inc.. All rights reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ +/* __MAC_NA is not defined to a value but is used as a token by macros to indicate that the API is unavailable */ +/* __IPHONE_NA is not defined to a value but is used as a token by macros to indicate that the API is unavailable */ +/* + * Set up standard Mac OS X versions + */ +/* + * Copyright (c) 2007-2016 by Apple Inc.. All rights reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ +/* + File: AvailabilityInternal.h + + Contains: implementation details of __OSX_AVAILABLE_* macros from + +*/ + /* compiler for Mac OS X sets __ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ */ + /* make sure a default max version is set */ + /* use better attributes if possible */ +/* + Macros for defining which versions/platform a given symbol can be used. + + @see http://clang.llvm.org/docs/AttributeReference.html#availability + */ + /* + * API Unavailability + * Use to specify that an API is unavailable for a particular platform. + * + * Example: + * __API_UNAVAILABLE(macos) + * __API_UNAVAILABLE(watchos, tvos) + */ +/* + * Swift compiler version + * Allows for project-agnostic "epochs" for frameworks imported into Swift via the Clang importer, like #if _compiler_version for Swift + * Example: + * + * #if __swift_compiler_version_at_least(800, 2, 20) + * - (nonnull NSString *)description; + * #else + * - (NSString *)description; + * #endif + */ +/* + * If __SPI_AVAILABLE has not been defined elsewhere, disable it. + */ +/* for use to document app extension usage */ +/* for use marking APIs available info for Mac OSX */ +/* for use marking APIs available info for iOS */ +/* for use marking APIs available info for tvOS */ +/* for use marking APIs available info for Watch OS */ +/* for use marking APIs unavailable for swift */ +/* + Macros for defining which versions/platform a given symbol can be used. + + @see http://clang.llvm.org/docs/AttributeReference.html#availability + + * Note that these macros are only compatible with clang compilers that + * support the following target selection options: + * + * -mmacosx-version-min + * -miphoneos-version-min + * -mwatchos-version-min + * -mtvos-version-min + */ + /* + * API Introductions + * + * Use to specify the release that a particular API became available. + * + * Platform names: + * macos, ios, tvos, watchos + * + * Examples: + * __API_AVAILABLE(macos(10.10)) + * __API_AVAILABLE(macos(10.9), ios(10.0)) + * __API_AVAILABLE(macos(10.4), ios(8.0), watchos(2.0), tvos(10.0)) + * __API_AVAILABLE(driverkit(19.0)) + */ + /* + * API Deprecations + * + * Use to specify the release that a particular API became unavailable. + * + * Platform names: + * macos, ios, tvos, watchos + * + * Examples: + * + * __API_DEPRECATED("No longer supported", macos(10.4, 10.8)) + * __API_DEPRECATED("No longer supported", macos(10.4, 10.8), ios(2.0, 3.0), watchos(2.0, 3.0), tvos(9.0, 10.0)) + * + * __API_DEPRECATED_WITH_REPLACEMENT("-setName:", tvos(10.0, 10.4), ios(9.0, 10.0)) + * __API_DEPRECATED_WITH_REPLACEMENT("SomeClassName", macos(10.4, 10.6), watchos(2.0, 3.0)) + */ + /* + * API Unavailability + * Use to specify that an API is unavailable for a particular platform. + * + * Example: + * __API_UNAVAILABLE(macos) + * __API_UNAVAILABLE(watchos, tvos) + */ +/* + * If SPI decorations have not been defined elsewhere, disable them. + */ +/* + * Copyright (c) 2000-2018 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +/* Copyright 1995 NeXT Computer, Inc. All rights reserved. */ +/* + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * This code is derived from software contributed to Berkeley by + * Berkeley Software Design, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)cdefs.h 8.8 (Berkeley) 1/9/95 + */ +/* This SDK is designed to work with clang and specific versions of + * gcc >= 4.0 with Apple's patch sets */ +/* + * Compatibility with compilers and environments that don't support compiler + * feature checking function-like macros. + */ +/* + * The __CONCAT macro is used to concatenate parts of symbol names, e.g. + * with "#define OLD(foo) __CONCAT(old,foo)", OLD(foo) produces oldfoo. + * The __CONCAT macro is a bit tricky -- make sure you don't put spaces + * in between its arguments. __CONCAT can also concatenate double-quoted + * strings produced by the __STRING macro, but this only works with ANSI C. + */ +/* + * __pure2 can be used for functions that are only a function of their scalar + * arguments (meaning they can't dereference pointers). + * + * __stateful_pure can be used for functions that have no side effects, + * but depend on the state of the memory. + */ +/* __unused denotes variables and functions that may not be used, preventing + * the compiler from warning about it if not used. + */ +/* __used forces variables and functions to be included even if it appears + * to the compiler that they are not used (and would thust be discarded). + */ +/* __cold marks code used for debugging or that is rarely taken + * and tells the compiler to optimize for size and outline code. + */ +/* __exported denotes symbols that should be exported even when symbols + * are hidden by default. + * __exported_push/_exported_pop are pragmas used to delimit a range of + * symbols that should be exported even when symbols are hidden by default. + */ +/* __deprecated causes the compiler to produce a warning when encountering + * code using the deprecated functionality. + * __deprecated_msg() does the same, and compilers that support it will print + * a message along with the deprecation warning. + * This may require turning on such warning with the -Wdeprecated flag. + * __deprecated_enum_msg() should be used on enums, and compilers that support + * it will print the deprecation warning. + * __kpi_deprecated() specifically indicates deprecation of kernel programming + * interfaces in Kernel.framework used by KEXTs. + */ +/* __unavailable causes the compiler to error out when encountering + * code using the tagged function + */ +/* Delete pseudo-keywords wherever they are not available or needed. */ +/* + * We use `__restrict' as a way to define the `restrict' type qualifier + * without disturbing older software that is unaware of C99 keywords. + */ +/* Compatibility with compilers and environments that don't support the + * nullability feature. + */ +/* + * __disable_tail_calls causes the compiler to not perform tail call + * optimization inside the marked function. + */ +/* + * __not_tail_called causes the compiler to prevent tail call optimization + * on statically bound calls to the function. It has no effect on indirect + * calls. Virtual functions, objective-c methods, and functions marked as + * "always_inline" cannot be marked as __not_tail_called. + */ +/* + * __result_use_check warns callers of a function that not using the function + * return value is a bug, i.e. dismissing malloc() return value results in a + * memory leak. + */ +/* + * __swift_unavailable causes the compiler to mark a symbol as specifically + * unavailable in Swift, regardless of any other availability in C. + */ +/* + * __abortlike is the attribute to put on functions like abort() that are + * typically used to mark assertions. These optimize the codegen + * for outlining while still maintaining debugability. + */ +/* Declaring inline functions within headers is error-prone due to differences + * across various versions of the C language and extensions. __header_inline + * can be used to declare inline functions within system headers. In cases + * where you want to force inlining instead of letting the compiler make + * the decision, you can use __header_always_inline. + * + * Be aware that using inline for functions which compilers may also provide + * builtins can behave differently under various compilers. If you intend to + * provide an inline version of such a function, you may want to use a macro + * instead. + * + * The check for !__GNUC__ || __clang__ is because gcc doesn't correctly + * support c99 inline in some cases: + * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55965 + */ +/* + * Compiler-dependent macros that bracket portions of code where the + * "-Wunreachable-code" warning should be ignored. Please use sparingly. + */ +/* + * Compiler-dependent macros to declare that functions take printf-like + * or scanf-like arguments. They are null except for versions of gcc + * that are known to support the features properly. Functions declared + * with these attributes will cause compilation warnings if there is a + * mismatch between the format string and subsequent function parameter + * types. + */ +/* Source compatibility only, ID string not emitted in object file */ +/* + * __alloc_size can be used to label function arguments that represent the + * size of memory that the function allocates and returns. The one-argument + * form labels a single argument that gives the allocation size (where the + * arguments are numbered from 1): + * + * void *malloc(size_t __size) __alloc_size(1); + * + * The two-argument form handles the case where the size is calculated as the + * product of two arguments: + * + * void *calloc(size_t __count, size_t __size) __alloc_size(1,2); + */ +/* + * COMPILATION ENVIRONMENTS -- see compat(5) for additional detail + * + * DEFAULT By default newly complied code will get POSIX APIs plus + * Apple API extensions in scope. + * + * Most users will use this compilation environment to avoid + * behavioral differences between 32 and 64 bit code. + * + * LEGACY Defining _NONSTD_SOURCE will get pre-POSIX APIs plus Apple + * API extensions in scope. + * + * This is generally equivalent to the Tiger release compilation + * environment, except that it cannot be applied to 64 bit code; + * its use is discouraged. + * + * We expect this environment to be deprecated in the future. + * + * STRICT Defining _POSIX_C_SOURCE or _XOPEN_SOURCE restricts the + * available APIs to exactly the set of APIs defined by the + * corresponding standard, based on the value defined. + * + * A correct, portable definition for _POSIX_C_SOURCE is 200112L. + * A correct, portable definition for _XOPEN_SOURCE is 600L. + * + * Apple API extensions are not visible in this environment, + * which can cause Apple specific code to fail to compile, + * or behave incorrectly if prototypes are not in scope or + * warnings about missing prototypes are not enabled or ignored. + * + * In any compilation environment, for correct symbol resolution to occur, + * function prototypes must be in scope. It is recommended that all Apple + * tools users add either the "-Wall" or "-Wimplicit-function-declaration" + * compiler flags to their projects to be warned when a function is being + * used without a prototype in scope. + */ +/* These settings are particular to each product. */ +/* Platform: MacOSX */ +/* + * The __DARWIN_ALIAS macros are used to do symbol renaming; they allow + * legacy code to use the old symbol, thus maintaining binary compatibility + * while new code can use a standards compliant version of the same function. + * + * __DARWIN_ALIAS is used by itself if the function signature has not + * changed, it is used along with a #ifdef check for __DARWIN_UNIX03 + * if the signature has changed. Because the __LP64__ environment + * only supports UNIX03 semantics it causes __DARWIN_UNIX03 to be + * defined, but causes __DARWIN_ALIAS to do no symbol mangling. + * + * As a special case, when XCode is used to target a specific version of the + * OS, the manifest constant __ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ + * will be defined by the compiler, with the digits representing major version + * time 100 + minor version times 10 (e.g. 10.5 := 1050). If we are targeting + * pre-10.5, and it is the default compilation environment, revert the + * compilation environment to pre-__DARWIN_UNIX03. + */ +/* + * symbol suffixes used for symbol versioning + */ +/* + * symbol versioning macros + */ +/* + * symbol release macros + */ +/* Copyright (c) 2010 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +/* + * POSIX.1 requires that the macros we test be defined before any standard + * header file is included. This permits us to convert values for feature + * testing, as necessary, using only _POSIX_C_SOURCE. + * + * Here's a quick run-down of the versions: + * defined(_POSIX_SOURCE) 1003.1-1988 + * _POSIX_C_SOURCE == 1L 1003.1-1990 + * _POSIX_C_SOURCE == 2L 1003.2-1992 C Language Binding Option + * _POSIX_C_SOURCE == 199309L 1003.1b-1993 + * _POSIX_C_SOURCE == 199506L 1003.1c-1995, 1003.1i-1995, + * and the omnibus ISO/IEC 9945-1: 1996 + * _POSIX_C_SOURCE == 200112L 1003.1-2001 + * _POSIX_C_SOURCE == 200809L 1003.1-2008 + * + * In addition, the X/Open Portability Guide, which is now the Single UNIX + * Specification, defines a feature-test macro which indicates the version of + * that specification, and which subsumes _POSIX_C_SOURCE. + */ +/* Deal with IEEE Std. 1003.1-1990, in which _POSIX_C_SOURCE == 1L. */ +/* Deal with IEEE Std. 1003.2-1992, in which _POSIX_C_SOURCE == 2L. */ +/* Deal with various X/Open Portability Guides and Single UNIX Spec. */ +/* + * Deal with all versions of POSIX. The ordering relative to the tests above is + * important. + */ +/* POSIX C deprecation macros */ +/* Copyright (c) 2010 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +/* + * Set a single macro which will always be defined and can be used to determine + * the appropriate namespace. For POSIX, these values will correspond to + * _POSIX_C_SOURCE value. Currently there are two additional levels corresponding + * to ANSI (_ANSI_SOURCE) and Darwin extensions (_DARWIN_C_SOURCE) + */ +/* If the developer has neither requested a strict language mode nor a version + * of POSIX, turn on functionality provided by __STDC_WANT_LIB_EXT1__ as part + * of __DARWIN_C_FULL. + */ +/* + * long long is not supported in c89 (__STRICT_ANSI__), but g++ -ansi and + * c99 still want long longs. While not perfect, we allow long longs for + * g++. + */ +/***************************************** +* Public darwin-specific feature macros +*****************************************/ +/* + * _DARWIN_FEATURE_64_BIT_INODE indicates that the ino_t type is 64-bit, and + * structures modified for 64-bit inodes (like struct stat) will be used. + */ +/* + * _DARWIN_FEATURE_64_ONLY_BIT_INODE indicates that the ino_t type may only + * be 64-bit; there is no support for 32-bit ino_t when this macro is defined + * (and non-zero). There is no struct stat64 either, as the regular + * struct stat will already be the 64-bit version. + */ +/* + * _DARWIN_FEATURE_ONLY_VERS_1050 indicates that only those APIs updated + * in 10.5 exists; no pre-10.5 variants are available. + */ +/* + * _DARWIN_FEATURE_ONLY_UNIX_CONFORMANCE indicates only UNIX conforming API + * are available (the legacy BSD APIs are not available) + */ +/* + * _DARWIN_FEATURE_UNIX_CONFORMANCE indicates whether UNIX conformance is on, + * and specifies the conformance level (3 is SUSv3) + */ +/* + * This macro casts away the qualifier from the variable + * + * Note: use at your own risk, removing qualifiers can result in + * catastrophic run-time failures. + */ +/* + * __XNU_PRIVATE_EXTERN is a linkage decoration indicating that a symbol can be + * used from other compilation units, but not other libraries or executables. + */ +/* + * We intentionally define to nothing pointer attributes which do not have an + * impact on the ABI. __indexable and __bidi_indexable are not defined because + * of the ABI incompatibility that makes the diagnostic preferable. + */ +/* + * Similarly, we intentionally define to nothing the + * __ptrcheck_abi_assume_single and __ptrcheck_abi_assume_unsafe_indexable + * macros because they do not lead to an ABI incompatibility. However, we do not + * define the indexable and unsafe_indexable ones because the diagnostic is + * better than the silent ABI break. + */ +/* __unsafe_forge intrinsics are defined as regular C casts. */ +/* decay operates normally; attribute is meaningless without pointer checks. */ +/* + * Architecture validation for current SDK + */ +/* + * Similar to OS_ENUM/OS_CLOSED_ENUM/OS_OPTIONS/OS_CLOSED_OPTIONS + * + * This provides more advanced type checking on compilers supporting + * the proper extensions, even in C. + */ + +/* + * Copyright (c) 2004, 2008, 2009 Apple Inc. All rights reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ +/* + * Copyright (c) 2003-2007 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +/* + * Copyright (c) 2003-2007 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +/* + * Copyright (c) 2000-2007 Apple Inc. All rights reserved. + */ +/* + * This header file contains integer types. It's intended to also contain + * flotaing point and other arithmetic types, as needed, later. + */ +typedef signed char __int8_t; +typedef unsigned char __uint8_t; +typedef short __int16_t; +typedef unsigned short __uint16_t; +typedef int __int32_t; +typedef unsigned int __uint32_t; +typedef long long __int64_t; +typedef unsigned long long __uint64_t; +typedef long __darwin_intptr_t; +typedef unsigned int __darwin_natural_t; +/* + * The rune type below is declared to be an ``int'' instead of the more natural + * ``unsigned long'' or ``long''. Two things are happening here. It is not + * unsigned so that EOF (-1) can be naturally assigned to it and used. Also, + * it looks like 10646 will be a 31 bit standard. This means that if your + * ints cannot hold 32 bits, you will be in trouble. The reason an int was + * chosen over a long is that the is*() and to*() routines take ints (says + * ANSI C), but they use __darwin_ct_rune_t instead of int. By changing it + * here, you lose a bit of ANSI conformance, but your programs will still + * work. + * + * NOTE: rune_t is not covered by ANSI nor other standards, and should not + * be instantiated outside of lib/libc/locale. Use wchar_t. wchar_t and + * rune_t must be the same type. Also wint_t must be no narrower than + * wchar_t, and should also be able to hold all members of the largest + * character set plus one extra value (WEOF). wint_t must be at least 16 bits. + */ +typedef int __darwin_ct_rune_t; /* ct_rune_t */ +/* + * mbstate_t is an opaque object to keep conversion state, during multibyte + * stream conversions. The content must not be referenced by user programs. + */ +typedef union { + char __mbstate8[128]; + long long _mbstateL; /* for alignment */ +} __mbstate_t; +typedef __mbstate_t __darwin_mbstate_t; /* mbstate_t */ +typedef long int __darwin_ptrdiff_t; /* ptr1 - ptr2 */ +typedef long unsigned int __darwin_size_t; /* sizeof() */ +typedef __builtin_va_list __darwin_va_list; /* va_list */ +typedef int __darwin_wchar_t; /* wchar_t */ +typedef __darwin_wchar_t __darwin_rune_t; /* rune_t */ +typedef int __darwin_wint_t; /* wint_t */ +typedef unsigned long __darwin_clock_t; /* clock() */ +typedef __uint32_t __darwin_socklen_t; /* socklen_t (duh) */ +typedef long __darwin_ssize_t; /* byte count or error */ +typedef long __darwin_time_t; /* time() */ + +/* + * Type definitions; takes common type definitions that must be used + * in multiple header files due to [XSI], removes them from the system + * space, and puts them in the implementation space. + */ +typedef __int64_t __darwin_blkcnt_t; /* total blocks */ +typedef __int32_t __darwin_blksize_t; /* preferred block size */ +typedef __int32_t __darwin_dev_t; /* dev_t */ +typedef unsigned int __darwin_fsblkcnt_t; /* Used by statvfs and fstatvfs */ +typedef unsigned int __darwin_fsfilcnt_t; /* Used by statvfs and fstatvfs */ +typedef __uint32_t __darwin_gid_t; /* [???] process and group IDs */ +typedef __uint32_t __darwin_id_t; /* [XSI] pid_t, uid_t, or gid_t*/ +typedef __uint64_t __darwin_ino64_t; /* [???] Used for 64 bit inodes */ +typedef __darwin_ino64_t __darwin_ino_t; /* [???] Used for inodes */ +typedef __darwin_natural_t __darwin_mach_port_name_t; /* Used by mach */ +typedef __darwin_mach_port_name_t __darwin_mach_port_t; /* Used by mach */ +typedef __uint16_t __darwin_mode_t; /* [???] Some file attributes */ +typedef __int64_t __darwin_off_t; /* [???] Used for file sizes */ +typedef __int32_t __darwin_pid_t; /* [???] process and group IDs */ +typedef __uint32_t __darwin_sigset_t; /* [???] signal set */ +typedef __int32_t __darwin_suseconds_t; /* [???] microseconds */ +typedef __uint32_t __darwin_uid_t; /* [???] user IDs */ +typedef __uint32_t __darwin_useconds_t; /* [???] microseconds */ +typedef unsigned char __darwin_uuid_t[16]; +typedef char __darwin_uuid_string_t[37]; +/* + * Copyright (c) 2003-2013 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +// pthread opaque structures +struct __darwin_pthread_handler_rec { + void (*__routine)(void *); // Routine to call + void *__arg; // Argument to pass + struct __darwin_pthread_handler_rec *__next; +}; +struct _opaque_pthread_attr_t { + long __sig; + char __opaque[56]; +}; +struct _opaque_pthread_cond_t { + long __sig; + char __opaque[40]; +}; +struct _opaque_pthread_condattr_t { + long __sig; + char __opaque[8]; +}; +struct _opaque_pthread_mutex_t { + long __sig; + char __opaque[56]; +}; +struct _opaque_pthread_mutexattr_t { + long __sig; + char __opaque[8]; +}; +struct _opaque_pthread_once_t { + long __sig; + char __opaque[8]; +}; +struct _opaque_pthread_rwlock_t { + long __sig; + char __opaque[192]; +}; +struct _opaque_pthread_rwlockattr_t { + long __sig; + char __opaque[16]; +}; +struct _opaque_pthread_t { + long __sig; + struct __darwin_pthread_handler_rec *__cleanup_stack; + char __opaque[8176]; +}; +typedef struct _opaque_pthread_attr_t __darwin_pthread_attr_t; +typedef struct _opaque_pthread_cond_t __darwin_pthread_cond_t; +typedef struct _opaque_pthread_condattr_t __darwin_pthread_condattr_t; +typedef unsigned long __darwin_pthread_key_t; +typedef struct _opaque_pthread_mutex_t __darwin_pthread_mutex_t; +typedef struct _opaque_pthread_mutexattr_t __darwin_pthread_mutexattr_t; +typedef struct _opaque_pthread_once_t __darwin_pthread_once_t; +typedef struct _opaque_pthread_rwlock_t __darwin_pthread_rwlock_t; +typedef struct _opaque_pthread_rwlockattr_t __darwin_pthread_rwlockattr_t; +typedef struct _opaque_pthread_t *__darwin_pthread_t; +typedef int __darwin_nl_item; +typedef int __darwin_wctrans_t; +typedef __uint32_t __darwin_wctype_t; + +/* + * Copyright (c) 2000 Apple Computer, Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +/* Copyright (c) 1995 NeXT Computer, Inc. All Rights Reserved */ +/* + * Copyright (c) 1982, 1986, 1989, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)wait.h 8.2 (Berkeley) 7/10/94 + */ +/* + * This file holds definitions relevent to the wait4 system call + * and the alternate interfaces that use it (wait, wait3, waitpid). + */ +/* + * [XSI] The type idtype_t shall be defined as an enumeration type whose + * possible values shall include at least P_ALL, P_PID, and P_PGID. + */ +typedef enum { + P_ALL, + P_PID, + P_PGID +} idtype_t; +/* + * [XSI] The id_t and pid_t types shall be defined as described + * in + */ +/* + * Copyright (c) 2003-2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +typedef __darwin_pid_t pid_t; +/* + * Copyright (c) 2003-2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +typedef __darwin_id_t id_t; /* can hold pid_t, gid_t, or uid_t */ + +/* + * [XSI] The siginfo_t type shall be defined as described in + * [XSI] The rusage structure shall be defined as described in + * [XSI] Inclusion of the header may also make visible all + * symbols from and + * + * NOTE: This requirement is currently being satisfied by the direct + * inclusion of and , below. + * + * Software should not depend on the exposure of anything other + * than the types siginfo_t and struct rusage as a result of + * this inclusion. If you depend on any types or manifest + * values othe than siginfo_t and struct rusage from either of + * those files, you should explicitly include them yourself, as + * well, or in future releases your stware may not compile + * without modification. + */ +/* + * Copyright (c) 2000-2006 Apple Computer, Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +/* Copyright (c) 1995 NeXT Computer, Inc. All Rights Reserved */ +/* + * Copyright (c) 1982, 1986, 1989, 1991, 1993 + * The Regents of the University of California. All rights reserved. + * (c) UNIX System Laboratories, Inc. + * All or some portions of this file are derived from material licensed + * to the University of California by American Telephone and Telegraph + * Co. or Unix System Laboratories, Inc. and are reproduced herein with + * the permission of UNIX System Laboratories, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)signal.h 8.2 (Berkeley) 1/21/94 + */ +/* + * Copyright (c) 2002 Apple Computer, Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +/* + * Copyright (c) 2000-2007 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +/* + * Copyright (c) 2000-2009 Apple, Inc. All rights reserved. + */ +/* + * Copyright (c) 1992 NeXT Computer, Inc. + * + */ +typedef int sig_atomic_t; +/* + * Language spec sez we must list exactly one parameter, even though we + * actually supply three. Ugh! + * SIG_HOLD is chosen to avoid KERN_SIG_* values in + */ +/* + * Copyright (c) 2003-2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +/* + * Copyright (c) 2003-2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +/* + * Copyright (c) 2017 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +/* + * Copyright (c) 2004-2007 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +/* + * @OSF_COPYRIGHT@ + */ +/* + * Copyright (c) 2000-2007 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +/* + * Copyright 1995 NeXT Computer, Inc. All rights reserved. + */ +/* + * Copyright (c) 2000-2008 Apple Inc. All rights reserved. + */ +/* + * Copyright 1995 NeXT Computer, Inc. All rights reserved. + */ +/* + * Copyright (c) 1990, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)types.h 8.3 (Berkeley) 1/5/94 + */ +/* + * Basic integral types. Omit the typedef if + * not possible for a machine/compiler combination. + */ +/* + * Copyright (c) 2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +typedef signed char int8_t; +/* + * Copyright (c) 2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +typedef short int16_t; +/* + * Copyright (c) 2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +typedef int int32_t; +/* + * Copyright (c) 2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +typedef long long int64_t; + +/* + * Copyright (c) 2016 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +typedef unsigned char u_int8_t; +/* + * Copyright (c) 2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +typedef unsigned short u_int16_t; +/* + * Copyright (c) 2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +typedef unsigned int u_int32_t; +/* + * Copyright (c) 2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +typedef unsigned long long u_int64_t; +typedef int64_t register_t; +/* + * Copyright (c) 2003-2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +/* + * Copyright (c) 2000-2007 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +/* + * Copyright 1995 NeXT Computer, Inc. All rights reserved. + */ + +typedef __darwin_intptr_t intptr_t; +/* + * Copyright (c) 2003-2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +typedef unsigned long uintptr_t; +/* These types are used for reserving the largest possible size. */ +typedef u_int64_t user_addr_t; +typedef u_int64_t user_size_t; +typedef int64_t user_ssize_t; +typedef int64_t user_long_t; +typedef u_int64_t user_ulong_t; +typedef int64_t user_time_t; +typedef int64_t user_off_t; +/* This defines the size of syscall arguments after copying into the kernel: */ +typedef u_int64_t syscall_arg_t; +struct __darwin_arm_exception_state +{ + __uint32_t __exception; /* number of arm exception taken */ + __uint32_t __fsr; /* Fault status */ + __uint32_t __far; /* Virtual Fault Address */ +}; +struct __darwin_arm_exception_state64 +{ + __uint64_t __far; /* Virtual Fault Address */ + __uint32_t __esr; /* Exception syndrome */ + __uint32_t __exception; /* number of arm exception taken */ +}; +struct __darwin_arm_thread_state +{ + __uint32_t __r[13]; /* General purpose register r0-r12 */ + __uint32_t __sp; /* Stack pointer r13 */ + __uint32_t __lr; /* Link register r14 */ + __uint32_t __pc; /* Program counter r15 */ + __uint32_t __cpsr; /* Current program status register */ +}; +/* + * By default, the pointer fields in the arm_thread_state64_t structure are + * opaque on the arm64e architecture and require the use of accessor macros. + * This mode can also be enabled on the arm64 architecture by building with + * -D__DARWIN_OPAQUE_ARM_THREAD_STATE64=1. + */ +struct __darwin_arm_thread_state64 +{ + __uint64_t __x[29]; /* General purpose registers x0-x28 */ + __uint64_t __fp; /* Frame pointer x29 */ + __uint64_t __lr; /* Link register x30 */ + __uint64_t __sp; /* Stack pointer x31 */ + __uint64_t __pc; /* Program counter */ + __uint32_t __cpsr; /* Current program status register */ + __uint32_t __pad; /* Same size for 32-bit or 64-bit clients */ +}; +/* Accessor macros for arm_thread_state64_t pointer fields */ +/* Return pc field of arm_thread_state64_t as a data pointer value */ +/* Return pc field of arm_thread_state64_t as a function pointer */ +/* Set pc field of arm_thread_state64_t to a function pointer */ +/* Return lr field of arm_thread_state64_t as a data pointer value */ +/* Return lr field of arm_thread_state64_t as a function pointer */ +/* Set lr field of arm_thread_state64_t to a function pointer */ +/* Return sp field of arm_thread_state64_t as a data pointer value */ +/* Set sp field of arm_thread_state64_t to a data pointer value */ +/* Return fp field of arm_thread_state64_t as a data pointer value */ +/* Set fp field of arm_thread_state64_t to a data pointer value */ +/* Strip ptr auth bits from pc, lr, sp and fp field of arm_thread_state64_t */ +struct __darwin_arm_vfp_state +{ + __uint32_t __r[64]; + __uint32_t __fpscr; +}; +struct __darwin_arm_neon_state64 +{ + __uint128_t __v[32]; + __uint32_t __fpsr; + __uint32_t __fpcr; +}; +struct __darwin_arm_neon_state +{ + __uint128_t __v[16]; + __uint32_t __fpsr; + __uint32_t __fpcr; +}; +struct __arm_pagein_state +{ + int __pagein_error; +}; +/* + * Debug State + */ +/* ARM's arm_debug_state is ARM64's arm_legacy_debug_state */ +struct __arm_legacy_debug_state +{ + __uint32_t __bvr[16]; + __uint32_t __bcr[16]; + __uint32_t __wvr[16]; + __uint32_t __wcr[16]; +}; +struct __darwin_arm_debug_state32 +{ + __uint32_t __bvr[16]; + __uint32_t __bcr[16]; + __uint32_t __wvr[16]; + __uint32_t __wcr[16]; + __uint64_t __mdscr_el1; /* Bit 0 is SS (Hardware Single Step) */ +}; +struct __darwin_arm_debug_state64 +{ + __uint64_t __bvr[16]; + __uint64_t __bcr[16]; + __uint64_t __wvr[16]; + __uint64_t __wcr[16]; + __uint64_t __mdscr_el1; /* Bit 0 is SS (Hardware Single Step) */ +}; +struct __darwin_arm_cpmu_state64 +{ + __uint64_t __ctrs[16]; +}; +struct __darwin_mcontext32 +{ + struct __darwin_arm_exception_state __es; + struct __darwin_arm_thread_state __ss; + struct __darwin_arm_vfp_state __fs; +}; +struct __darwin_mcontext64 +{ + struct __darwin_arm_exception_state64 __es; + struct __darwin_arm_thread_state64 __ss; + struct __darwin_arm_neon_state64 __ns; +}; +typedef struct __darwin_mcontext64 *mcontext_t; + +/* + * Copyright (c) 2003-2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +typedef __darwin_pthread_attr_t pthread_attr_t; + +/* + * Copyright (c) 2003-2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +/* Structure used in sigaltstack call. */ +struct __darwin_sigaltstack +{ + void *ss_sp; /* signal stack base */ + __darwin_size_t ss_size; /* signal stack length */ + int ss_flags; /* SA_DISABLE and/or SA_ONSTACK */ +}; +typedef struct __darwin_sigaltstack stack_t; /* [???] signal stack */ +/* + * Copyright (c) 2003-2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +struct __darwin_ucontext +{ + int uc_onstack; + __darwin_sigset_t uc_sigmask; /* signal mask used by this context */ + struct __darwin_sigaltstack uc_stack; /* stack used by this context */ + struct __darwin_ucontext *uc_link; /* pointer to resuming context */ + __darwin_size_t uc_mcsize; /* size of the machine context passed in */ + struct __darwin_mcontext64 *uc_mcontext; /* pointer to machine specific context */ +}; +/* user context */ +typedef struct __darwin_ucontext ucontext_t; /* [???] user context */ +/* + * Copyright (c) 2003-2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +typedef __darwin_sigset_t sigset_t; +/* + * Copyright (c) 2003-2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +typedef __darwin_size_t size_t; +/* + * Copyright (c) 2003-2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +typedef __darwin_uid_t uid_t; + +union sigval { + /* Members as suggested by Annex C of POSIX 1003.1b. */ + int sival_int; + void *sival_ptr; +}; +struct sigevent { + int sigev_notify; /* Notification type */ + int sigev_signo; /* Signal number */ + union sigval sigev_value; /* Signal value */ + void (*sigev_notify_function)(union sigval); /* Notification function */ + pthread_attr_t *sigev_notify_attributes; /* Notification attributes */ +}; +typedef struct __siginfo { + int si_signo; /* signal number */ + int si_errno; /* errno association */ + int si_code; /* signal code */ + pid_t si_pid; /* sending process */ + uid_t si_uid; /* sender's ruid */ + int si_status; /* exit value */ + void *si_addr; /* faulting instruction */ + union sigval si_value; /* signal value */ + long si_band; /* band event for SIGPOLL */ + unsigned long __pad[7]; /* Reserved for Future Use */ +} siginfo_t; +/* + * When the signal is SIGILL or SIGFPE, si_addr contains the address of + * the faulting instruction. + * When the signal is SIGSEGV or SIGBUS, si_addr contains the address of + * the faulting memory reference. Although for x86 there are cases of SIGSEGV + * for which si_addr cannot be determined and is NULL. + * If the signal is SIGCHLD, the si_pid field will contain the child process ID, + * si_status contains the exit value or signal and + * si_uid contains the real user ID of the process that sent the signal. + */ +/* Values for si_code */ +/* Codes for SIGILL */ +/* Codes for SIGFPE */ +/* Codes for SIGSEGV */ +/* Codes for SIGBUS */ +/* Codes for SIGTRAP */ +/* Codes for SIGCHLD */ +/* Codes for SIGPOLL */ +/* union for signal handlers */ +union __sigaction_u { + void (*__sa_handler)(int); + void (*__sa_sigaction)(int, struct __siginfo *, + void *); +}; +/* Signal vector template for Kernel user boundary */ +struct __sigaction { + union __sigaction_u __sigaction_u; /* signal handler */ + void (*sa_tramp)(void *, int, int, siginfo_t *, void *); + sigset_t sa_mask; /* signal mask to apply */ + int sa_flags; /* see signal options below */ +}; +/* + * Signal vector "template" used in sigaction call. + */ +struct sigaction { + union __sigaction_u __sigaction_u; /* signal handler */ + sigset_t sa_mask; /* signal mask to apply */ + int sa_flags; /* see signal options below */ +}; +/* if SA_SIGINFO is set, sa_sigaction is to be used instead of sa_handler. */ +/* This will provide 64bit register set in a 32bit user address space */ +/* the following are the only bits we support from user space, the + * rest are for kernel use only. + */ +/* + * Flags for sigprocmask: + */ +/* POSIX 1003.1b required values. */ +typedef void (*sig_t)(int); /* type of signal function */ +/* + * Structure used in sigaltstack call. + */ +/* + * 4.3 compatibility: + * Signal vector "template" used in sigvec call. + */ +struct sigvec { + void (*sv_handler)(int); /* signal handler */ + int sv_mask; /* signal mask to apply */ + int sv_flags; /* see signal options below */ +}; +/* + * Structure used in sigstack call. + */ +struct sigstack { + char *ss_sp; /* signal stack pointer */ + int ss_onstack; /* current status */ +}; +/* + * Macro for converting signal number to a mask suitable for + * sigblock(). + */ +/* + * For historical reasons; programs expect signal's return value to be + * defined by . + */ + void(*signal(int, void (*)(int)))(int); +/* + * Copyright (c) 2000-2018 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +/* Copyright (c) 1995 NeXT Computer, Inc. All Rights Reserved */ +/* + * Copyright (c) 1982, 1986, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)resource.h 8.2 (Berkeley) 1/4/94 + */ +/*===---- stdint.h - Standard header for sized integer types --------------===*\ + * + * Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. + * See https://llvm.org/LICENSE.txt for license information. + * SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception + * +\*===----------------------------------------------------------------------===*/ +// AIX system headers need stdint.h to be re-enterable while _STD_TYPES_T +// is defined until an inclusion of it without _STD_TYPES_T occurs, in which +// case the header guard macro is defined. +/* If we're hosted, fall back to the system's stdint.h, which might have + * additional definitions. + */ +// C99 7.18.3 Limits of other integer types +// +// Footnote 219, 220: C++ implementations should define these macros only when +// __STDC_LIMIT_MACROS is defined before is included. +// +// Footnote 222: C++ implementations should define these macros only when +// __STDC_CONSTANT_MACROS is defined before is included. +// +// C++11 [cstdint.syn]p2: +// +// The macros defined by are provided unconditionally. In particular, +// the symbols __STDC_LIMIT_MACROS and __STDC_CONSTANT_MACROS (mentioned in +// footnotes 219, 220, and 222 in the C standard) play no role in C++. +// +// C11 removed the problematic footnotes. +// +// Work around this inconsistency by always defining those macros in C++ mode, +// so that a C library implementation which follows the C99 standard can be +// used in C++. +/* + * Copyright (c) 2000-2010 Apple Inc. + * All rights reserved. + */ +/* from ISO/IEC 988:1999 spec */ +/* 7.18.1.1 Exact-width integer types */ +/* + * Copyright (c) 2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +typedef unsigned char uint8_t; +/* + * Copyright (c) 2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +typedef unsigned short uint16_t; +/* + * Copyright (c) 2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +typedef unsigned int uint32_t; +/* + * Copyright (c) 2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +typedef unsigned long long uint64_t; + +/* 7.18.1.2 Minimum-width integer types */ +typedef int8_t int_least8_t; +typedef int16_t int_least16_t; +typedef int32_t int_least32_t; +typedef int64_t int_least64_t; +typedef uint8_t uint_least8_t; +typedef uint16_t uint_least16_t; +typedef uint32_t uint_least32_t; +typedef uint64_t uint_least64_t; +/* 7.18.1.3 Fastest-width integer types */ +typedef int8_t int_fast8_t; +typedef int16_t int_fast16_t; +typedef int32_t int_fast32_t; +typedef int64_t int_fast64_t; +typedef uint8_t uint_fast8_t; +typedef uint16_t uint_fast16_t; +typedef uint32_t uint_fast32_t; +typedef uint64_t uint_fast64_t; +/* 7.18.1.4 Integer types capable of holding object pointers */ +/* 7.18.1.5 Greatest-width integer types */ +/* + * Copyright (c) 2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +typedef long int intmax_t; +/* + * Copyright (c) 2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +typedef long unsigned int uintmax_t; + +/* 7.18.4 Macros for integer constants */ +/* 7.18.2 Limits of specified-width integer types: + * These #defines specify the minimum and maximum limits + * of each of the types declared above. + * + * They must have "the same type as would an expression that is an + * object of the corresponding type converted according to the integer + * promotion". + */ +/* 7.18.2.1 Limits of exact-width integer types */ + /* + Note: the literal "most negative int" cannot be written in C -- + the rules in the standard (section 6.4.4.1 in C99) will give it + an unsigned type, so INT32_MIN (and the most negative member of + any larger signed type) must be written via a constant expression. + */ +/* 7.18.2.2 Limits of minimum-width integer types */ +/* 7.18.2.3 Limits of fastest minimum-width integer types */ +/* 7.18.2.4 Limits of integer types capable of holding object pointers */ +/* 7.18.2.5 Limits of greatest-width integer types */ +/* 7.18.3 "Other" */ +/* WCHAR_MIN should be 0 if wchar_t is an unsigned type and + (-WCHAR_MAX-1) if wchar_t is a signed type. Unfortunately, + it turns out that -fshort-wchar changes the signedness of + the type. */ +/* [XSI] The timeval structure shall be defined as described in + * + */ +/* + * Copyright (c) 2003-2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +struct timeval +{ + __darwin_time_t tv_sec; /* seconds */ + __darwin_suseconds_t tv_usec; /* and microseconds */ +}; + +/* The id_t type shall be defined as described in */ +/* + * Resource limit type (low 63 bits, excluding the sign bit) + */ +typedef __uint64_t rlim_t; +/***** + * PRIORITY + */ +/* + * Possible values of the first parameter to getpriority()/setpriority(), + * used to indicate the type of the second parameter. + */ +/* + * Range limitations for the value of the third parameter to setpriority(). + */ +/* + * use PRIO_DARWIN_BG to set the current thread into "background" state + * which lowers CPU, disk IO, and networking priorites until thread terminates + * or "background" state is revoked + */ +/* + * use PRIO_DARWIN_NONUI to restrict a process's ability to make calls to + * the GPU. (deprecated) + */ +/***** + * RESOURCE USAGE + */ +/* + * Possible values of the first parameter to getrusage(), used to indicate + * the scope of the information to be returned. + */ +/* + * A structure representing an accounting of resource utilization. The + * address of an instance of this structure is the second parameter to + * getrusage(). + * + * Note: All values other than ru_utime and ru_stime are implementaiton + * defined and subject to change in a future release. Their use + * is discouraged for standards compliant programs. + */ +struct rusage { + struct timeval ru_utime; /* user time used (PL) */ + struct timeval ru_stime; /* system time used (PL) */ + /* + * Informational aliases for source compatibility with programs + * that need more information than that provided by standards, + * and which do not mind being OS-dependent. + */ + long ru_maxrss; /* max resident set size (PL) */ + long ru_ixrss; /* integral shared memory size (NU) */ + long ru_idrss; /* integral unshared data (NU) */ + long ru_isrss; /* integral unshared stack (NU) */ + long ru_minflt; /* page reclaims (NU) */ + long ru_majflt; /* page faults (NU) */ + long ru_nswap; /* swaps (NU) */ + long ru_inblock; /* block input operations (atomic) */ + long ru_oublock; /* block output operations (atomic) */ + long ru_msgsnd; /* messages sent (atomic) */ + long ru_msgrcv; /* messages received (atomic) */ + long ru_nsignals; /* signals received (atomic) */ + long ru_nvcsw; /* voluntary context switches (atomic) */ + long ru_nivcsw; /* involuntary " */ +}; +/* + * Flavors for proc_pid_rusage(). + */ +/* + * Flags for RUSAGE_INFO_V5 + */ +typedef void *rusage_info_t; +struct rusage_info_v0 { + uint8_t ri_uuid[16]; + uint64_t ri_user_time; + uint64_t ri_system_time; + uint64_t ri_pkg_idle_wkups; + uint64_t ri_interrupt_wkups; + uint64_t ri_pageins; + uint64_t ri_wired_size; + uint64_t ri_resident_size; + uint64_t ri_phys_footprint; + uint64_t ri_proc_start_abstime; + uint64_t ri_proc_exit_abstime; +}; +struct rusage_info_v1 { + uint8_t ri_uuid[16]; + uint64_t ri_user_time; + uint64_t ri_system_time; + uint64_t ri_pkg_idle_wkups; + uint64_t ri_interrupt_wkups; + uint64_t ri_pageins; + uint64_t ri_wired_size; + uint64_t ri_resident_size; + uint64_t ri_phys_footprint; + uint64_t ri_proc_start_abstime; + uint64_t ri_proc_exit_abstime; + uint64_t ri_child_user_time; + uint64_t ri_child_system_time; + uint64_t ri_child_pkg_idle_wkups; + uint64_t ri_child_interrupt_wkups; + uint64_t ri_child_pageins; + uint64_t ri_child_elapsed_abstime; +}; +struct rusage_info_v2 { + uint8_t ri_uuid[16]; + uint64_t ri_user_time; + uint64_t ri_system_time; + uint64_t ri_pkg_idle_wkups; + uint64_t ri_interrupt_wkups; + uint64_t ri_pageins; + uint64_t ri_wired_size; + uint64_t ri_resident_size; + uint64_t ri_phys_footprint; + uint64_t ri_proc_start_abstime; + uint64_t ri_proc_exit_abstime; + uint64_t ri_child_user_time; + uint64_t ri_child_system_time; + uint64_t ri_child_pkg_idle_wkups; + uint64_t ri_child_interrupt_wkups; + uint64_t ri_child_pageins; + uint64_t ri_child_elapsed_abstime; + uint64_t ri_diskio_bytesread; + uint64_t ri_diskio_byteswritten; +}; +struct rusage_info_v3 { + uint8_t ri_uuid[16]; + uint64_t ri_user_time; + uint64_t ri_system_time; + uint64_t ri_pkg_idle_wkups; + uint64_t ri_interrupt_wkups; + uint64_t ri_pageins; + uint64_t ri_wired_size; + uint64_t ri_resident_size; + uint64_t ri_phys_footprint; + uint64_t ri_proc_start_abstime; + uint64_t ri_proc_exit_abstime; + uint64_t ri_child_user_time; + uint64_t ri_child_system_time; + uint64_t ri_child_pkg_idle_wkups; + uint64_t ri_child_interrupt_wkups; + uint64_t ri_child_pageins; + uint64_t ri_child_elapsed_abstime; + uint64_t ri_diskio_bytesread; + uint64_t ri_diskio_byteswritten; + uint64_t ri_cpu_time_qos_default; + uint64_t ri_cpu_time_qos_maintenance; + uint64_t ri_cpu_time_qos_background; + uint64_t ri_cpu_time_qos_utility; + uint64_t ri_cpu_time_qos_legacy; + uint64_t ri_cpu_time_qos_user_initiated; + uint64_t ri_cpu_time_qos_user_interactive; + uint64_t ri_billed_system_time; + uint64_t ri_serviced_system_time; +}; +struct rusage_info_v4 { + uint8_t ri_uuid[16]; + uint64_t ri_user_time; + uint64_t ri_system_time; + uint64_t ri_pkg_idle_wkups; + uint64_t ri_interrupt_wkups; + uint64_t ri_pageins; + uint64_t ri_wired_size; + uint64_t ri_resident_size; + uint64_t ri_phys_footprint; + uint64_t ri_proc_start_abstime; + uint64_t ri_proc_exit_abstime; + uint64_t ri_child_user_time; + uint64_t ri_child_system_time; + uint64_t ri_child_pkg_idle_wkups; + uint64_t ri_child_interrupt_wkups; + uint64_t ri_child_pageins; + uint64_t ri_child_elapsed_abstime; + uint64_t ri_diskio_bytesread; + uint64_t ri_diskio_byteswritten; + uint64_t ri_cpu_time_qos_default; + uint64_t ri_cpu_time_qos_maintenance; + uint64_t ri_cpu_time_qos_background; + uint64_t ri_cpu_time_qos_utility; + uint64_t ri_cpu_time_qos_legacy; + uint64_t ri_cpu_time_qos_user_initiated; + uint64_t ri_cpu_time_qos_user_interactive; + uint64_t ri_billed_system_time; + uint64_t ri_serviced_system_time; + uint64_t ri_logical_writes; + uint64_t ri_lifetime_max_phys_footprint; + uint64_t ri_instructions; + uint64_t ri_cycles; + uint64_t ri_billed_energy; + uint64_t ri_serviced_energy; + uint64_t ri_interval_max_phys_footprint; + uint64_t ri_runnable_time; +}; +struct rusage_info_v5 { + uint8_t ri_uuid[16]; + uint64_t ri_user_time; + uint64_t ri_system_time; + uint64_t ri_pkg_idle_wkups; + uint64_t ri_interrupt_wkups; + uint64_t ri_pageins; + uint64_t ri_wired_size; + uint64_t ri_resident_size; + uint64_t ri_phys_footprint; + uint64_t ri_proc_start_abstime; + uint64_t ri_proc_exit_abstime; + uint64_t ri_child_user_time; + uint64_t ri_child_system_time; + uint64_t ri_child_pkg_idle_wkups; + uint64_t ri_child_interrupt_wkups; + uint64_t ri_child_pageins; + uint64_t ri_child_elapsed_abstime; + uint64_t ri_diskio_bytesread; + uint64_t ri_diskio_byteswritten; + uint64_t ri_cpu_time_qos_default; + uint64_t ri_cpu_time_qos_maintenance; + uint64_t ri_cpu_time_qos_background; + uint64_t ri_cpu_time_qos_utility; + uint64_t ri_cpu_time_qos_legacy; + uint64_t ri_cpu_time_qos_user_initiated; + uint64_t ri_cpu_time_qos_user_interactive; + uint64_t ri_billed_system_time; + uint64_t ri_serviced_system_time; + uint64_t ri_logical_writes; + uint64_t ri_lifetime_max_phys_footprint; + uint64_t ri_instructions; + uint64_t ri_cycles; + uint64_t ri_billed_energy; + uint64_t ri_serviced_energy; + uint64_t ri_interval_max_phys_footprint; + uint64_t ri_runnable_time; + uint64_t ri_flags; +}; +typedef struct rusage_info_v5 rusage_info_current; +/***** + * RESOURCE LIMITS + */ +/* + * Symbolic constants for resource limits; since all limits are representable + * as a type rlim_t, we are permitted to define RLIM_SAVED_* in terms of + * RLIM_INFINITY. + */ +/* + * Possible values of the first parameter to getrlimit()/setrlimit(), to + * indicate for which resource the operation is being performed. + */ +/* + * A structure representing a resource limit. The address of an instance + * of this structure is the second parameter to getrlimit()/setrlimit(). + */ +struct rlimit { + rlim_t rlim_cur; /* current (soft) limit */ + rlim_t rlim_max; /* maximum value for rlim_cur */ +}; +/* + * proc_rlimit_control() + * + * Resource limit flavors + */ +/* + * Flags for wakeups monitor control. + */ +/* + * Flags for CPU usage monitor control. + */ +/* + * Flags for memory footprint interval tracking. + */ +struct proc_rlimit_control_wakeupmon { + uint32_t wm_flags; + int32_t wm_rate; +}; +/* I/O type */ +/* scope */ +/* I/O Priority */ +/* compatibility with older names */ +int getpriority(int, id_t); +int getiopolicy_np(int, int) __attribute__((availability(macosx,introduced=10.5))); +int getrlimit(int, struct rlimit *) __asm("_" "getrlimit" ); +int getrusage(int, struct rusage *); +int setpriority(int, id_t, int); +int setiopolicy_np(int, int, int) __attribute__((availability(macosx,introduced=10.5))); +int setrlimit(int, const struct rlimit *) __asm("_" "setrlimit" ); + +/* + * Option bits for the third argument of wait4. WNOHANG causes the + * wait to not hang if there are no stopped or terminated processes, rather + * returning an error indication in this case (pid==0). WUNTRACED + * indicates that the caller should receive status about untraced children + * which stop due to signals. If children are stopped and a wait without + * this option is done, it is as though they were still running... nothing + * about them is returned. + */ +/* + * Macros to test the exit status returned by wait + * and extract the relevant values. + */ +/* These macros are permited, as they are in the implementation namespace */ +/* + * [XSI] The header shall define the following macros for + * analysis of process status values + */ +/* 0x13 == SIGCONT */ +/* + * [XSI] The following symbolic constants shall be defined as possible + * values for the fourth argument to waitid(). + */ +/* WNOHANG already defined for wait4() */ +/* WUNTRACED defined for wait4() but not for waitid() */ +/* waitid() parameter */ +/* POSIX extensions and 4.2/4.3 compatability: */ +/* + * Tokens for special values of the "pid" parameter to wait4. + */ +/* + * Copyright (c) 2000-2007 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +/* + * Copyright 1995 NeXT Computer, Inc. All rights reserved. + */ +/* + * Copyright (c) 2000-2007 Apple Inc. All rights reserved. + */ +/* + * Copyright 1995 NeXT Computer, Inc. All rights reserved. + */ +/* + * Copyright (c) 1987, 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)endian.h 8.1 (Berkeley) 6/11/93 + */ +/* + * Define _NOQUAD if the compiler does NOT support 64-bit integers. + */ +/* #define _NOQUAD */ +/* + * Define the order of 32-bit words in 64-bit words. + */ +/* + * Definitions for byte order, according to byte significance from low + * address to high. + */ +/* + * Copyright (c) 2004, 2006 Apple Computer, Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +/* + * Copyright (c) 1995 NeXT Computer, Inc. All rights reserved. + * Copyright (c) 2000-2002 Apple Computer, Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +/* + * Copyright (c) 1987, 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ +/* + * Macros for network/external number representation conversion. + */ +/* + * Copyright (c) 2006 Apple Computer, Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +/* + * This header is normally included from . However, + * also includes this in the case of little-endian + * architectures, so that we can map OSByteOrder routines to the hton* and ntoh* + * macros. This results in the asymmetry below; we only include + * for little-endian architectures. + */ +/* Macros for swapping constant values in the preprocessing stage. */ +/* + * Copyright (c) 1999-2007 Apple Inc. All rights reserved. + */ +/* + * Copyright (c) 2007 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +/* Collect the __ARM_ARCH_*__ compiler flags into something easier to use. */ + +/* Generic byte swapping functions. */ +static inline +uint16_t +_OSSwapInt16( + uint16_t _data + ) +{ + /* Reduces to 'rev16' with clang */ + return (uint16_t)(_data << 8 | _data >> 8); +} +static inline +uint32_t +_OSSwapInt32( + uint32_t _data + ) +{ + _data = __builtin_bswap32(_data); + return _data; +} +static inline +uint64_t +_OSSwapInt64( + uint64_t _data + ) +{ + return __builtin_bswap64(_data); +} +/* Functions for byte reversed loads. */ +struct _OSUnalignedU16 { + volatile uint16_t __val; +} __attribute__((__packed__)); +struct _OSUnalignedU32 { + volatile uint32_t __val; +} __attribute__((__packed__)); +struct _OSUnalignedU64 { + volatile uint64_t __val; +} __attribute__((__packed__)); +static inline +uint16_t +OSReadSwapInt16( + const volatile void * _base, + uintptr_t _offset + ) +{ + return _OSSwapInt16(((struct _OSUnalignedU16 *)((uintptr_t)_base + _offset))->__val); +} +static inline +uint32_t +OSReadSwapInt32( + const volatile void * _base, + uintptr_t _offset + ) +{ + return _OSSwapInt32(((struct _OSUnalignedU32 *)((uintptr_t)_base + _offset))->__val); +} +static inline +uint64_t +OSReadSwapInt64( + const volatile void * _base, + uintptr_t _offset + ) +{ + return _OSSwapInt64(((struct _OSUnalignedU64 *)((uintptr_t)_base + _offset))->__val); +} +/* Functions for byte reversed stores. */ +static inline +void +OSWriteSwapInt16( + volatile void * _base, + uintptr_t _offset, + uint16_t _data + ) +{ + ((struct _OSUnalignedU16 *)((uintptr_t)_base + _offset))->__val = _OSSwapInt16(_data); +} +static inline +void +OSWriteSwapInt32( + volatile void * _base, + uintptr_t _offset, + uint32_t _data + ) +{ + ((struct _OSUnalignedU32 *)((uintptr_t)_base + _offset))->__val = _OSSwapInt32(_data); +} +static inline +void +OSWriteSwapInt64( + volatile void * _base, + uintptr_t _offset, + uint64_t _data + ) +{ + ((struct _OSUnalignedU64 *)((uintptr_t)_base + _offset))->__val = _OSSwapInt64(_data); +} + +/* + * Deprecated: + * Structure of the information in the status word returned by wait4. + * If w_stopval==_WSTOPPED, then the second structure describes + * the information returned, else the first. + */ +union wait { + int w_status; /* used in syscall */ + /* + * Terminated process status. + */ + struct { + unsigned int w_Termsig:7, /* termination signal */ + w_Coredump:1, /* core dump indicator */ + w_Retcode:8, /* exit code if w_termsig==0 */ + w_Filler:16; /* upper bits filler */ + } w_T; + /* + * Stopped process status. Returned + * only for traced children unless requested + * with the WUNTRACED option bit. + */ + struct { + unsigned int w_Stopval:8, /* == W_STOPPED if stopped */ + w_Stopsig:8, /* signal that stopped us */ + w_Filler:16; /* upper bits filler */ + } w_S; +}; +pid_t wait(int *) __asm("_" "wait" ); +pid_t waitpid(pid_t, int *, int) __asm("_" "waitpid" ); +int waitid(idtype_t, id_t, siginfo_t *, int) __asm("_" "waitid" ); +pid_t wait3(int *, int, struct rusage *); +pid_t wait4(pid_t, int *, int, struct rusage *); + +/* + * Copyright (c) 2003 Apple Computer, Inc. All rights reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ +void *alloca(size_t); /* built-in for gcc */ +/* built-in for gcc 3 */ +/* DO NOT REMOVE THIS COMMENT: fixincludes needs to see: + * _GCC_SIZE_T */ +/* + * Copyright (c) 2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +typedef __darwin_ct_rune_t ct_rune_t; +/* + * Copyright (c) 2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +typedef __darwin_rune_t rune_t; +/* + * Copyright (c) 2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +/* wchar_t is a built-in type in C++ */ +typedef __darwin_wchar_t wchar_t; + +typedef struct { + int quot; /* quotient */ + int rem; /* remainder */ +} div_t; +typedef struct { + long quot; /* quotient */ + long rem; /* remainder */ +} ldiv_t; +typedef struct { + long long quot; + long long rem; +} lldiv_t; +/* + * Copyright (c) 2003-2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +extern int __mb_cur_max; +/* + * Copyright (c) 2018 Apple Computer, Inc. All rights reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ +/* + * This header is included from , so the contents of this file have + * broad source compatibility and POSIX conformance implications. + * Be cautious about what is included and declared here. + */ +void *malloc(size_t __size) __attribute__((__warn_unused_result__)) __attribute__((alloc_size(1))); +void *calloc(size_t __count, size_t __size) __attribute__((__warn_unused_result__)) __attribute__((alloc_size(1,2))); +void free(void *); +void *realloc(void *__ptr, size_t __size) __attribute__((__warn_unused_result__)) __attribute__((alloc_size(2))); +void *valloc(size_t) __attribute__((alloc_size(1))); +void *aligned_alloc(size_t __alignment, size_t __size) __attribute__((__warn_unused_result__)) __attribute__((alloc_size(2))) __attribute__((availability(macosx,introduced=10.15))) __attribute__((availability(ios,introduced=13.0))) __attribute__((availability(tvos,introduced=13.0))) __attribute__((availability(watchos,introduced=6.0))); +int posix_memalign(void **__memptr, size_t __alignment, size_t __size) __attribute__((availability(macosx,introduced=10.6))); +void abort(void) __attribute__((__cold__)) __attribute__((__noreturn__)); +int abs(int) __attribute__((__const__)); +int atexit(void (* _Nonnull)(void)); +double atof(const char *); +int atoi(const char *); +long atol(const char *); +long long + atoll(const char *); +void *bsearch(const void *__key, const void *__base, size_t __nel, + size_t __width, int (* _Nonnull __compar)(const void *, const void *)); +/* calloc is now declared in _malloc.h */ +div_t div(int, int) __attribute__((__const__)); +void exit(int) __attribute__((__noreturn__)); +/* free is now declared in _malloc.h */ +char *getenv(const char *); +long labs(long) __attribute__((__const__)); +ldiv_t ldiv(long, long) __attribute__((__const__)); +long long + llabs(long long); +lldiv_t lldiv(long long, long long); +/* malloc is now declared in _malloc.h */ +int mblen(const char *__s, size_t __n); +size_t mbstowcs(wchar_t * restrict , const char * restrict, size_t); +int mbtowc(wchar_t * restrict, const char * restrict, size_t); +/* posix_memalign is now declared in _malloc.h */ +void qsort(void *__base, size_t __nel, size_t __width, + int (* _Nonnull __compar)(const void *, const void *)); +int rand(void) __attribute__((__availability__(swift, unavailable, message="Use arc4random instead."))); +/* realloc is now declared in _malloc.h */ +void srand(unsigned) __attribute__((__availability__(swift, unavailable, message="Use arc4random instead."))); +double strtod(const char *, char **) __asm("_" "strtod" ); +float strtof(const char *, char **) __asm("_" "strtof" ); +long strtol(const char *__str, char **__endptr, int __base); +long double + strtold(const char *, char **); +long long + strtoll(const char *__str, char **__endptr, int __base); +unsigned long + strtoul(const char *__str, char **__endptr, int __base); +unsigned long long + strtoull(const char *__str, char **__endptr, int __base); +__attribute__((__availability__(swift, unavailable, message="Use posix_spawn APIs or NSTask instead. (On iOS, process spawning is unavailable.)"))) +__attribute__((availability(macos,introduced=10.0))) __attribute__((availability(ios,unavailable))) +__attribute__((availability(watchos,unavailable))) __attribute__((availability(tvos,unavailable))) +int system(const char *) __asm("_" "system" ); +size_t wcstombs(char * restrict, const wchar_t * restrict, size_t); +int wctomb(char *, wchar_t); +void _Exit(int) __attribute__((__noreturn__)); +long a64l(const char *); +double drand48(void); +char *ecvt(double, int, int *restrict, int *restrict); /* LEGACY */ +double erand48(unsigned short[3]); +char *fcvt(double, int, int *restrict, int *restrict); /* LEGACY */ +char *gcvt(double, int, char *); /* LEGACY */ +int getsubopt(char **, char * const *, char **); +int grantpt(int); +char *initstate(unsigned, char *, size_t); /* no __DARWIN_ALIAS needed */ +long jrand48(unsigned short[3]) __attribute__((__availability__(swift, unavailable, message="Use arc4random instead."))); +char *l64a(long); +void lcong48(unsigned short[7]); +long lrand48(void) __attribute__((__availability__(swift, unavailable, message="Use arc4random instead."))); +char *mktemp(char *); +int mkstemp(char *); +long mrand48(void) __attribute__((__availability__(swift, unavailable, message="Use arc4random instead."))); +long nrand48(unsigned short[3]) __attribute__((__availability__(swift, unavailable, message="Use arc4random instead."))); +int posix_openpt(int); +char *ptsname(int); +int ptsname_r(int fildes, char *buffer, size_t buflen) __attribute__((availability(macos,introduced=10.13.4))) __attribute__((availability(ios,introduced=11.3))) __attribute__((availability(tvos,introduced=11.3))) __attribute__((availability(watchos,introduced=4.3))); +int putenv(char *) __asm("_" "putenv" ); +long random(void) __attribute__((__availability__(swift, unavailable, message="Use arc4random instead."))); +int rand_r(unsigned *) __attribute__((__availability__(swift, unavailable, message="Use arc4random instead."))); +char *realpath(const char * restrict, char * restrict) __asm("_" "realpath" "$DARWIN_EXTSN"); +unsigned short + *seed48(unsigned short[3]); +int setenv(const char * __name, const char * __value, int __overwrite) __asm("_" "setenv" ); +void setkey(const char *) __asm("_" "setkey" ); +char *setstate(const char *); +void srand48(long); +void srandom(unsigned); +int unlockpt(int); +int unsetenv(const char *) __asm("_" "unsetenv" ); +/* + * Copyright (c) 2003-2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +typedef __darwin_dev_t dev_t; /* device number */ +/* + * Copyright (c) 2003-2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +typedef __darwin_mode_t mode_t; +uint32_t arc4random(void); +void arc4random_addrandom(unsigned char * /*dat*/, int /*datlen*/) + __attribute__((availability(macosx,introduced=10.0))) __attribute__((availability(macosx,deprecated=10.12,message="use arc4random_stir"))) + __attribute__((availability(ios,introduced=2.0))) __attribute__((availability(ios,deprecated=10.0,message="use arc4random_stir"))) + __attribute__((availability(tvos,introduced=2.0))) __attribute__((availability(tvos,deprecated=10.0,message="use arc4random_stir"))) + __attribute__((availability(watchos,introduced=1.0))) __attribute__((availability(watchos,deprecated=3.0,message="use arc4random_stir"))); +void arc4random_buf(void * __buf, size_t __nbytes) __attribute__((availability(macosx,introduced=10.7))); +void arc4random_stir(void); +uint32_t + arc4random_uniform(uint32_t __upper_bound) __attribute__((availability(macosx,introduced=10.7))); +int atexit_b(void (^ _Nonnull)(void)) __attribute__((availability(macosx,introduced=10.6))); +void *bsearch_b(const void *__key, const void *__base, size_t __nel, + size_t __width, int (^ _Nonnull __compar)(const void *, const void *) __attribute__((__noescape__))) + __attribute__((availability(macosx,introduced=10.6))); + /* getcap(3) functions */ +char *cgetcap(char *, const char *, int); +int cgetclose(void); +int cgetent(char **, char **, const char *); +int cgetfirst(char **, char **); +int cgetmatch(const char *, const char *); +int cgetnext(char **, char **); +int cgetnum(char *, const char *, long *); +int cgetset(const char *); +int cgetstr(char *, const char *, char **); +int cgetustr(char *, const char *, char **); +int daemon(int, int) __asm("_" "daemon" ) __attribute__((availability(macosx,introduced=10.0,deprecated=10.5,message="Use posix_spawn APIs instead."))) __attribute__((availability(watchos,unavailable))) __attribute__((availability(tvos,unavailable))); +char *devname(dev_t, mode_t); +char *devname_r(dev_t, mode_t, char *buf, int len); +char *getbsize(int *, long *); +int getloadavg(double [], int); +const char + *getprogname(void); +void setprogname(const char *); +int heapsort(void *__base, size_t __nel, size_t __width, + int (* _Nonnull __compar)(const void *, const void *)); +int heapsort_b(void *__base, size_t __nel, size_t __width, + int (^ _Nonnull __compar)(const void *, const void *) __attribute__((__noescape__))) + __attribute__((availability(macosx,introduced=10.6))); +int mergesort(void *__base, size_t __nel, size_t __width, + int (* _Nonnull __compar)(const void *, const void *)); +int mergesort_b(void *__base, size_t __nel, size_t __width, + int (^ _Nonnull __compar)(const void *, const void *) __attribute__((__noescape__))) + __attribute__((availability(macosx,introduced=10.6))); +void psort(void *__base, size_t __nel, size_t __width, + int (* _Nonnull __compar)(const void *, const void *)) + __attribute__((availability(macosx,introduced=10.6))); +void psort_b(void *__base, size_t __nel, size_t __width, + int (^ _Nonnull __compar)(const void *, const void *) __attribute__((__noescape__))) + __attribute__((availability(macosx,introduced=10.6))); +void psort_r(void *__base, size_t __nel, size_t __width, void *, + int (* _Nonnull __compar)(void *, const void *, const void *)) + __attribute__((availability(macosx,introduced=10.6))); +void qsort_b(void *__base, size_t __nel, size_t __width, + int (^ _Nonnull __compar)(const void *, const void *) __attribute__((__noescape__))) + __attribute__((availability(macosx,introduced=10.6))); +void qsort_r(void *__base, size_t __nel, size_t __width, void *, + int (* _Nonnull __compar)(void *, const void *, const void *)); +int radixsort(const unsigned char **__base, int __nel, const unsigned char *__table, + unsigned __endbyte); +int rpmatch(const char *) + __attribute__((availability(macos,introduced=10.15))) __attribute__((availability(ios,introduced=13.0))) __attribute__((availability(tvos,introduced=13.0))) __attribute__((availability(watchos,introduced=6.0))); +int sradixsort(const unsigned char **__base, int __nel, const unsigned char *__table, + unsigned __endbyte); +void sranddev(void); +void srandomdev(void); +void *reallocf(void *__ptr, size_t __size) __attribute__((alloc_size(2))); +long long + strtonum(const char *__numstr, long long __minval, long long __maxval, const char **__errstrp) + __attribute__((availability(macos,introduced=11.0))) __attribute__((availability(ios,introduced=14.0))) __attribute__((availability(tvos,introduced=14.0))) __attribute__((availability(watchos,introduced=7.0))); +long long + strtoq(const char *__str, char **__endptr, int __base); +unsigned long long + strtouq(const char *__str, char **__endptr, int __base); +extern char *suboptarg; /* getsubopt(3) external variable */ +/* valloc is now declared in _malloc.h */ +/* Poison the following routines if -fshort-wchar is set */ +/* + * Copyright (c) 2000, 2007, 2010 Apple Inc. All rights reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ +/*- + * Copyright (c) 1990, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)string.h 8.1 (Berkeley) 6/2/93 + */ +/* ANSI-C */ +void *memchr(const void *__s, int __c, size_t __n); +int memcmp(const void *__s1, const void *__s2, size_t __n); +void *memcpy(void *__dst, const void *__src, size_t __n); +void *memmove(void *__dst, const void *__src, size_t __len); +void *memset(void *__b, int __c, size_t __len); +char *strcat(char *__s1, const char *__s2); +char *strchr(const char *__s, int __c); +int strcmp(const char *__s1, const char *__s2); +int strcoll(const char *__s1, const char *__s2); +char *strcpy(char *__dst, const char *__src); +size_t strcspn(const char *__s, const char *__charset); +char *strerror(int __errnum) __asm("_" "strerror" ); +size_t strlen(const char *__s); +char *strncat(char *__s1, const char *__s2, size_t __n); +int strncmp(const char *__s1, const char *__s2, size_t __n); +char *strncpy(char *__dst, const char *__src, size_t __n); +char *strpbrk(const char *__s, const char *__charset); +char *strrchr(const char *__s, int __c); +size_t strspn(const char *__s, const char *__charset); +char *strstr(const char *__big, const char *__little); +char *strtok(char *__str, const char *__sep); +size_t strxfrm(char *__s1, const char *__s2, size_t __n); +/* Additional functionality provided by: + * POSIX.1c-1995, + * POSIX.1i-1995, + * and the omnibus ISO/IEC 9945-1: 1996 + */ +char *strtok_r(char *__str, const char *__sep, char **__lasts); +/* Additional functionality provided by: + * POSIX.1-2001 + */ +int strerror_r(int __errnum, char *__strerrbuf, size_t __buflen); +char *strdup(const char *__s1); +void *memccpy(void *__dst, const void *__src, int __c, size_t __n); +/* Additional functionality provided by: + * POSIX.1-2008 + */ +char *stpcpy(char *__dst, const char *__src); +char *stpncpy(char *__dst, const char *__src, size_t __n) __attribute__((availability(macosx,introduced=10.7))); +char *strndup(const char *__s1, size_t __n) __attribute__((availability(macosx,introduced=10.7))); +size_t strnlen(const char *__s1, size_t __n) __attribute__((availability(macosx,introduced=10.7))); +char *strsignal(int __sig); +/* C11 Annex K */ +/* + * Copyright (c) 2003-2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +typedef __darwin_size_t rsize_t; +/* + * Copyright (c) 2003-2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +typedef int errno_t; +errno_t memset_s(void *__s, rsize_t __smax, int __c, rsize_t __n) __attribute__((availability(macosx,introduced=10.9))); +/* Darwin extensions */ +/* + * Copyright (c) 2003-2012 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ +typedef __darwin_ssize_t ssize_t; +void *memmem(const void *__big, size_t __big_len, const void *__little, size_t __little_len) __attribute__((availability(macosx,introduced=10.7))); +void memset_pattern4(void *__b, const void *__pattern4, size_t __len) __attribute__((availability(macosx,introduced=10.5))); +void memset_pattern8(void *__b, const void *__pattern8, size_t __len) __attribute__((availability(macosx,introduced=10.5))); +void memset_pattern16(void *__b, const void *__pattern16, size_t __len) __attribute__((availability(macosx,introduced=10.5))); +char *strcasestr(const char *__big, const char *__little); +char *strnstr(const char *__big, const char *__little, size_t __len); +size_t strlcat(char *__dst, const char *__source, size_t __size); +size_t strlcpy(char *__dst, const char *__source, size_t __size); +void strmode(int __mode, char *__bp); +char *strsep(char **__stringp, const char *__delim); +/* SUS places swab() in unistd.h. It is listed here for source compatibility */ +void swab(const void * restrict, void * restrict, ssize_t); +__attribute__((availability(macosx,introduced=10.12.1))) __attribute__((availability(ios,introduced=10.1))) +__attribute__((availability(tvos,introduced=10.0.1))) __attribute__((availability(watchos,introduced=3.1))) +int timingsafe_bcmp(const void *__b1, const void *__b2, size_t __len); +__attribute__((availability(macosx,introduced=11.0))) __attribute__((availability(ios,introduced=14.0))) +__attribute__((availability(tvos,introduced=14.0))) __attribute__((availability(watchos,introduced=7.0))) +int strsignal_r(int __sig, char *__strsignalbuf, size_t __buflen); +/* Some functions historically defined in string.h were placed in strings.h + * by SUS. We are using "strings.h" instead of to avoid an issue + * where /Developer/Headers/FlatCarbon/Strings.h could be included instead on + * case-insensitive file systems. + */ +/* + * Copyright (c) 2000, 2007, 2010 Apple Inc. All rights reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ +/*- + * Copyright (c) 1990, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)strings.h 8.1 (Berkeley) 6/2/93 + */ +/* Removed in Issue 7 */ +int bcmp(const void *, const void *, size_t) ; +void bcopy(const void *, void *, size_t) ; +void bzero(void *, size_t) ; +char *index(const char *, int) ; +char *rindex(const char *, int) ; +int ffs(int); +int strcasecmp(const char *, const char *); +int strncasecmp(const char *, const char *, size_t); +/* Darwin extensions */ +int ffsl(long) __attribute__((availability(macosx,introduced=10.5))); +int ffsll(long long) __attribute__((availability(macosx,introduced=10.9))); +int fls(int) __attribute__((availability(macosx,introduced=10.5))); +int flsl(long) __attribute__((availability(macosx,introduced=10.5))); +int flsll(long long) __attribute__((availability(macosx,introduced=10.9))); +/* + * Copyright (c) 2000, 2007, 2010 Apple Inc. All rights reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ +/*- + * Copyright (c) 1990, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)string.h 8.1 (Berkeley) 6/2/93 + */ +/* Security checking functions. */ +/* + * Copyright (c) 2017 Apple Inc. All rights reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ +/* + * Copyright (c) 2007, 2008 Apple Inc. All rights reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ +/* bcopy and bzero */ +/* Removed in Issue 7 */ +/* void bcopy(const void *src, void *dst, size_t len) */ +/* void bzero(void *s, size_t n) */ +/* Security checking functions. */ +/* + * Copyright (c) 2007,2017 Apple Inc. All rights reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ +/* */ +/* memccpy, memcpy, mempcpy, memmove, memset, strcpy, strlcpy, stpcpy, + strncpy, stpncpy, strcat, strlcat, and strncat */ +/* void *memccpy(void *dst, const void *src, int c, size_t n) */ +/* void *memcpy(void *dst, const void *src, size_t n) */ +/* void *memmove(void *dst, const void *src, size_t len) */ +/* void *memset(void *b, int c, size_t len) */ +/* char *strcpy(char *dst, const char *src) */ +/* char *stpcpy(char *dst, const char *src) */ +/* char *stpncpy(char *dst, const char *src, size_t n) */ +/* size_t strlcpy(char *dst, const char *source, size_t size) */ +/* size_t strlcat(char *dst, const char *source, size_t size) */ +/* char *strncpy(char *dst, const char *src, size_t n) */ +/* char *strcat(char *s1, const char *s2) */ +/* char *strncat(char *s1, const char *s2, size_t n) */ + +/* Defining MPU_WRAPPERS_INCLUDED_FROM_API_FILE prevents task.h from redefining + * all the API functions to use the MPU wrappers. That should only be done when + * task.h is included from an application file. */ +/* FreeRTOS includes. */ +/* + * FreeRTOS Kernel V10.4.3 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * https://www.FreeRTOS.org + * https://github.com/FreeRTOS + * + */ +/* + * Include the generic headers required for the FreeRTOS port being used. + */ +/*===---- stddef.h - Basic type definitions --------------------------------=== + * + * Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. + * See https://llvm.org/LICENSE.txt for license information. + * SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception + * + *===-----------------------------------------------------------------------=== + */ +/* Always define miscellaneous pieces when modules are available. */ +/* __need_wint_t is intentionally not defined here. */ +/* Always define ptrdiff_t when modules are available. */ +typedef long int ptrdiff_t; +/* ISO9899:2011 7.20 (C11 Annex K): Define rsize_t if __STDC_WANT_LIB_EXT1__ is + * enabled. */ +/* Always define wchar_t when modules are available. */ +/*===---- __stddef_max_align_t.h - Definition of max_align_t for modules ---=== + * + * Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. + * See https://llvm.org/LICENSE.txt for license information. + * SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception + * + *===-----------------------------------------------------------------------=== + */ +typedef long double max_align_t; +/* Some C libraries expect to see a wint_t here. Others (notably MinGW) will use +__WINT_TYPE__ directly; accommodate both by requiring __need_wint_t */ + +/* + * If stdint.h cannot be located then: + * + If using GCC ensure the -nostdint options is *not* being used. + * + Ensure the project's include path includes the directory in which your + * compiler stores stdint.h. + * + Set any compiler options necessary for it to support C99, as technically + * stdint.h is only mandatory with C99 (FreeRTOS does not require C99 in any + * other way). + * + The FreeRTOS download includes a simple stdint.h definition that can be + * used in cases where none is provided by the compiler. The files only + * contains the typedefs required to build FreeRTOS. Read the instructions + * in FreeRTOS/source/stdint.readme for more information. + */ +/* *INDENT-OFF* */ +/* *INDENT-ON* */ +/* Application specific configuration options. */ +/* + * FreeRTOS V202107.00 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * http://www.FreeRTOS.org + * http://aws.amazon.com/freertos + * + * 1 tab == 4 spaces! + */ +/*----------------------------------------------------------- + * Application specific definitions. + * + * These definitions should be adjusted for your particular hardware and + * application requirements. + * + * THESE PARAMETERS ARE DESCRIBED WITHIN THE 'CONFIGURATION' SECTION OF THE + * FreeRTOS API DOCUMENTATION AVAILABLE ON THE FreeRTOS.org WEB SITE. + * + * See http://www.freertos.org/a00110.html + *----------------------------------------------------------*/ +/* Scheduler Related */ +/* Synchronization Related */ +/* System */ +/* Memory allocation related definitions. */ +/* Hook function related definitions. */ +/* Run time and task stats gathering related definitions. */ +/* Co-routine related definitions. */ +/* Software timer related definitions. */ +/* Interrupt nesting behaviour configuration. */ +/* +#define configKERNEL_INTERRUPT_PRIORITY [dependent of processor] +#define configMAX_SYSCALL_INTERRUPT_PRIORITY [dependent on processor and application] +#define configMAX_API_CALL_INTERRUPT_PRIORITY [dependent on processor and application] +*/ +/* SMP port only */ +/* RP2040 specific */ +/*- + * Copyright (c) 1992, 1993 + * The Regents of the University of California. All rights reserved. + * (c) UNIX System Laboratories, Inc. + * All or some portions of this file are derived from material licensed + * to the University of California by American Telephone and Telegraph + * Co. or Unix System Laboratories, Inc. and are reproduced herein with + * the permission of UNIX System Laboratories, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)assert.h 8.2 (Berkeley) 1/21/94 + * $FreeBSD: src/include/assert.h,v 1.4 2002/03/23 17:24:53 imp Exp $ + */ +/* + * Unlike other ANSI header files, may usefully be included + * multiple times, with and without NDEBUG defined. + */ +void __assert_rtn(const char *, const char *, int, const char *) __attribute__((__noreturn__)) __attribute__((__cold__)) __attribute__((__disable_tail_calls__)); +/* 8462256: modified __assert_rtn() replaces deprecated __eprintf() */ +/* Define to trap errors during development. */ +/* Set the following definitions to 1 to include the API function, or zero +to exclude the API function. */ +/* A header file that defines trace macro can be included here. */ + +/* Basic FreeRTOS definitions. */ +/* + * FreeRTOS Kernel V10.4.3 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * https://www.FreeRTOS.org + * https://github.com/FreeRTOS + * + */ +/* + * Defines the prototype to which task functions must conform. Defined in this + * file to ensure the type is known before portable.h is included. + */ +typedef void (* TaskFunction_t)( void * ); +/* Converts a time in milliseconds to a time in ticks. This macro can be + * overridden by a macro of the same name defined in FreeRTOSConfig.h in case the + * definition here is not suitable for your application. */ +/* FreeRTOS error definitions. */ +/* Macros used for basic data corruption checks. */ +/* The following errno values are used by FreeRTOS+ components, not FreeRTOS + * itself. */ +/* The following endian values are used by FreeRTOS+ components, not FreeRTOS + * itself. */ +/* Re-defining endian values for generic naming. */ + +/* Definitions specific to the port being used. */ +/* + * FreeRTOS Kernel V10.4.3 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * https://www.FreeRTOS.org + * https://github.com/FreeRTOS + * + */ +/*----------------------------------------------------------- +* Portable layer API. Each function must be defined for each port. +*----------------------------------------------------------*/ +/* Each FreeRTOS port has a unique portmacro.h header file. Originally a + * pre-processor definition was used to ensure the pre-processor found the correct + * portmacro.h file for the port being used. That scheme was deprecated in favour + * of setting the compiler's include path such that it found the correct + * portmacro.h file - removing the need for the constant and allowing the + * portmacro.h file to be located anywhere in relation to the port being used. + * Purely for reasons of backward compatibility the old method is still valid, but + * to make it clear that new projects should not use it, support for the port + * specific constants has been moved into the deprecated_definitions.h header + * file. */ +/* + * FreeRTOS Kernel V10.4.3 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * https://www.FreeRTOS.org + * https://github.com/FreeRTOS + * + */ +/* Each FreeRTOS port has a unique portmacro.h header file. Originally a + * pre-processor definition was used to ensure the pre-processor found the correct + * portmacro.h file for the port being used. That scheme was deprecated in favour + * of setting the compiler's include path such that it found the correct + * portmacro.h file - removing the need for the constant and allowing the + * portmacro.h file to be located anywhere in relation to the port being used. The + * definitions below remain in the code for backward compatibility only. New + * projects should not use them. */ + +/* If portENTER_CRITICAL is not defined then including deprecated_definitions.h + * did not result in a portmacro.h header file being included - and it should be + * included here. In this case the path to the correct portmacro.h header file + * must be set in the compiler's include path. */ +/* + * FreeRTOS Kernel V10.4.3 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright (c) 2021 Raspberry Pi (Trading) Ltd. + * + * SPDX-License-Identifier: MIT AND BSD-3-Clause + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * https://www.FreeRTOS.org + * https://github.com/FreeRTOS + * + */ +/* + * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. + * + * SPDX-License-Identifier: BSD-3-Clause + */ +/** \file pico.h + * \defgroup pico_base pico_base + * + * Core types and macros for the Raspberry Pi Pico SDK. This header is intended to be included by all source code + * as it includes configuration headers and overrides in the correct order + * + * This header may be included by assembly code +*/ +/* + * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. + * + * SPDX-License-Identifier: BSD-3-Clause + */ +/* + * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. + * + * SPDX-License-Identifier: BSD-3-Clause + */ +/*===---- stdbool.h - Standard header for booleans -------------------------=== + * + * Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. + * See https://llvm.org/LICENSE.txt for license information. + * SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception + * + *===-----------------------------------------------------------------------=== + */ +/* Don't define bool, true, and false in C++, except as a GNU extension. */ +/*- + * Copyright (c) 1992, 1993 + * The Regents of the University of California. All rights reserved. + * (c) UNIX System Laboratories, Inc. + * All or some portions of this file are derived from material licensed + * to the University of California by American Telephone and Telegraph + * Co. or Unix System Laboratories, Inc. and are reproduced herein with + * the permission of UNIX System Laboratories, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)assert.h 8.2 (Berkeley) 1/21/94 + * $FreeBSD: src/include/assert.h,v 1.4 2002/03/23 17:24:53 imp Exp $ + */ +/* + * Unlike other ANSI header files, may usefully be included + * multiple times, with and without NDEBUG defined. + */ +void __assert_rtn(const char *, const char *, int, const char *) __attribute__((__noreturn__)) __attribute__((__cold__)) __attribute__((__disable_tail_calls__)); +/* 8462256: modified __assert_rtn() replaces deprecated __eprintf() */ +// PICO_CONFIG: PARAM_ASSERTIONS_ENABLE_ALL, Global assert enable, type=bool, default=0, group=pico_base +// PICO_CONFIG: PARAM_ASSERTIONS_DISABLE_ALL, Global assert disable, type=bool, default=0, group=pico_base +/*===---- stddef.h - Basic type definitions --------------------------------=== + * + * Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. + * See https://llvm.org/LICENSE.txt for license information. + * SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception + * + *===-----------------------------------------------------------------------=== + */ + +typedef unsigned int uint; +/*! \typedef absolute_time_t + \brief An opaque 64 bit timestamp in microseconds + + The type is used instead of a raw uint64_t to prevent accidentally passing relative times or times in the wrong + time units where an absolute time is required. It is equivalent to uint64_t in release builds. + + \see to_us_since_boot() + \see update_us_since_boot() + \ingroup timestamp +*/ +typedef struct { + uint64_t _private_us_since_boot; +} absolute_time_t; +/*! fn to_us_since_boot + * \brief convert an absolute_time_t into a number of microseconds since boot. + * \param t the absolute time to convert + * \return a number of microseconds since boot, equivalent to t + * \ingroup timestamp + */ +static inline uint64_t to_us_since_boot(absolute_time_t t) { + return t._private_us_since_boot; +} +/*! fn update_us_since_boot + * \brief update an absolute_time_t value to represent a given number of microseconds since boot + * \param t the absolute time value to update + * \param us_since_boot the number of microseconds since boot to represent. Note this should be representable + * as a signed 64 bit integer + * \ingroup timestamp + */ +static inline void update_us_since_boot(absolute_time_t *t, uint64_t us_since_boot) { + (__builtin_expect(!(us_since_boot <= 9223372036854775807LL), 0) ? __assert_rtn(__func__, "types.h", 63, "us_since_boot <= INT64_MAX") : (void)0); + t->_private_us_since_boot = us_since_boot; +} +/** \struct datetime_t + * \ingroup util_datetime + * \brief Structure containing date and time information + * + * When setting an RTC alarm, set a field to -1 tells + * the RTC to not match on this field + */ +typedef struct { + int16_t year; ///< 0..4095 + int8_t month; ///< 1..12, 1 is January + int8_t day; ///< 1..28,29,30,31 depending on month + int8_t dotw; ///< 0..6, 0 is Sunday + int8_t hour; ///< 0..23 + int8_t min; ///< 0..59 + int8_t sec; ///< 0..59 +} datetime_t; +/* + * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. + * + * SPDX-License-Identifier: BSD-3-Clause + */ +// --------------------------------------- +// THIS FILE IS AUTOGENERATED; DO NOT EDIT +// --------------------------------------- + +// PICO_CONFIG: PICO_CONFIG_HEADER, unquoted path to header include in place of the default pico/config.h which may be desirable for build systems which can't easily generate the config_autogen header, group=pico_base +/* + * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. + * + * SPDX-License-Identifier: BSD-3-Clause + */ +// ----------------------------------------------------- +// NOTE: THIS HEADER IS ALSO INCLUDED BY ASSEMBLY CODE SO +// SHOULD ONLY CONSIST OF PREPROCESSOR DIRECTIVES +// OR USE #ifndef __ASSEMBLER__ guards +// ------------- +// PICO_CONFIG_HEADER_FILES and then PICO_SDK__CONFIG_INCLUDE_FILES +// entries are dumped in order at build time into this generated header +// AUTOGENERATED FROM PICO_CONFIG_HEADER_FILES and then PICO__CONFIG_HEADER_FILES +// DO NOT EDIT! +// based on PICO_CONFIG_HEADER_FILES: +/* + * FreeRTOS Kernel V10.4.3 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright (c) 2021 Raspberry Pi (Trading) Ltd. + * + * SPDX-License-Identifier: BSD-3-Clause + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * https://www.FreeRTOS.org + * https://github.com/FreeRTOS + */ +/* + * FreeRTOS Kernel V10.4.3 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright (c) 2021 Raspberry Pi (Trading) Ltd. + * + * SPDX-License-Identifier: MIT AND BSD-3-Clause + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * https://www.FreeRTOS.org + * https://github.com/FreeRTOS + */ +/* configUSE_DYNAMIC_EXCEPTION_HANDLERS == 1 means set the exception handlers dynamically on cores + * that need them in case the user has set up distinct vector table offsets per core + */ +/* configSUPPORT_PICO_SYNC_INTEROP == 1 means that SDK pico_sync + * sem/mutex/queue etc. will work correctly when called from FreeRTOS tasks + */ +/* configSUPPORT_PICO_SYNC_INTEROP == 1 means that SDK pico_time + * sleep_ms/sleep_us/sleep_until will work correctly when called from FreeRTOS + * tasks, and will actually block at the FreeRTOS level + */ +/* This SMP port requires two spin locks, which are claimed from the SDK. + * the spin lock numbers to be used are defined statically and defaulted here + * to the values nominally set aside for RTOS by the SDK */ + // increase the amount of time it may reasonably take to wake us up + extern uint32_t ulPortLockGetCurrentOwnerId(void); + struct lock_core; + extern void vPortLockInternalSpinUnlockWithWait( struct lock_core *pxLock, uint32_t ulSave); + extern void vPortLockInternalSpinUnlockWithNotify( struct lock_core *pxLock, uint32_t save); + extern _Bool xPortLockInternalSpinUnlockWithBestEffortWaitOrTimeout( struct lock_core *pxLock, uint32_t ulSave, absolute_time_t uxUntil); + extern void xPortSyncInternalYieldUntilBefore(absolute_time_t t); +/* + * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. + * + * SPDX-License-Identifier: BSD-3-Clause + */ +// ----------------------------------------------------- +// NOTE: THIS HEADER IS ALSO INCLUDED BY ASSEMBLER SO +// SHOULD ONLY CONSIST OF PREPROCESSOR DIRECTIVES +// ----------------------------------------------------- +// This header may be included by other board headers as "boards/pico.h" +// For board detection +// --- UART --- +// --- LED --- +// no PICO_DEFAULT_WS2812_PIN +// --- I2C --- +// --- SPI --- +// --- FLASH --- +// Drive high to force power supply into PWM mode (lower ripple on 3V3 at light loads) + +// based on PICO_RP2040_CONFIG_HEADER_FILES: +/* + * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +// PICO_CONFIG: PICO_CONFIG_RTOS_ADAPTER_HEADER, unquoted path to header include in the default pico/config.h for RTOS integration defines that must be included in all sources, group=pico_base + +/* + * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. + * + * SPDX-License-Identifier: BSD-3-Clause + */ +/** \file platform.h + * \defgroup pico_platform pico_platform + * + * Macros and definitions (and functions when included by non assembly code) for the RP2 family device / architecture + * to provide a common abstraction over low level compiler / platform specifics. + * + * This header may be included by assembly code + */ +/* + * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. + * + * SPDX-License-Identifier: BSD-3-Clause + */ +// This header is included from C and assembler - intended mostly for #defines; guard other stuff with #ifdef __ASSEMBLER__ +// PICO_CONFIG: XOSC_MHZ, The crystal oscillator frequency in Mhz, type=int, default=12, advanced=true, group=hardware_base +/** + * Copyright (c) 2021 Raspberry Pi (Trading) Ltd. + * + * SPDX-License-Identifier: BSD-3-Clause + */ +// Register address offsets for atomic RMW aliases +/** + * Copyright (c) 2022 Raspberry Pi (Trading) Ltd. + * + * SPDX-License-Identifier: BSD-3-Clause + */ +// ============================================================================= +// Register block : SIO +// Version : 1 +// Bus type : apb +// Description : Single-cycle IO block +// Provides core-local and inter-core hardware for the two +// processors, with single-cycle access. +// ============================================================================= +// ============================================================================= +// Register : SIO_CPUID +// Description : Processor core identifier +// Value is 0 when read from processor core 0, and 1 when read +// from processor core 1. +// ============================================================================= +// Register : SIO_GPIO_IN +// Description : Input value for GPIO pins +// Input value for GPIO0...29 +// ============================================================================= +// Register : SIO_GPIO_HI_IN +// Description : Input value for QSPI pins +// Input value on QSPI IO in order 0..5: SCLK, SSn, SD0, SD1, SD2, +// SD3 +// ============================================================================= +// Register : SIO_GPIO_OUT +// Description : GPIO output value +// Set output level (1/0 -> high/low) for GPIO0...29. +// Reading back gives the last value written, NOT the input value +// from the pins. +// If core 0 and core 1 both write to GPIO_OUT simultaneously (or +// to a SET/CLR/XOR alias), +// the result is as though the write from core 0 took place first, +// and the write from core 1 was then applied to that intermediate +// result. +// ============================================================================= +// Register : SIO_GPIO_OUT_SET +// Description : GPIO output value set +// Perform an atomic bit-set on GPIO_OUT, i.e. `GPIO_OUT |= wdata` +// ============================================================================= +// Register : SIO_GPIO_OUT_CLR +// Description : GPIO output value clear +// Perform an atomic bit-clear on GPIO_OUT, i.e. `GPIO_OUT &= +// ~wdata` +// ============================================================================= +// Register : SIO_GPIO_OUT_XOR +// Description : GPIO output value XOR +// Perform an atomic bitwise XOR on GPIO_OUT, i.e. `GPIO_OUT ^= +// wdata` +// ============================================================================= +// Register : SIO_GPIO_OE +// Description : GPIO output enable +// Set output enable (1/0 -> output/input) for GPIO0...29. +// Reading back gives the last value written. +// If core 0 and core 1 both write to GPIO_OE simultaneously (or +// to a SET/CLR/XOR alias), +// the result is as though the write from core 0 took place first, +// and the write from core 1 was then applied to that intermediate +// result. +// ============================================================================= +// Register : SIO_GPIO_OE_SET +// Description : GPIO output enable set +// Perform an atomic bit-set on GPIO_OE, i.e. `GPIO_OE |= wdata` +// ============================================================================= +// Register : SIO_GPIO_OE_CLR +// Description : GPIO output enable clear +// Perform an atomic bit-clear on GPIO_OE, i.e. `GPIO_OE &= +// ~wdata` +// ============================================================================= +// Register : SIO_GPIO_OE_XOR +// Description : GPIO output enable XOR +// Perform an atomic bitwise XOR on GPIO_OE, i.e. `GPIO_OE ^= +// wdata` +// ============================================================================= +// Register : SIO_GPIO_HI_OUT +// Description : QSPI output value +// Set output level (1/0 -> high/low) for QSPI IO0...5. +// Reading back gives the last value written, NOT the input value +// from the pins. +// If core 0 and core 1 both write to GPIO_HI_OUT simultaneously +// (or to a SET/CLR/XOR alias), +// the result is as though the write from core 0 took place first, +// and the write from core 1 was then applied to that intermediate +// result. +// ============================================================================= +// Register : SIO_GPIO_HI_OUT_SET +// Description : QSPI output value set +// Perform an atomic bit-set on GPIO_HI_OUT, i.e. `GPIO_HI_OUT |= +// wdata` +// ============================================================================= +// Register : SIO_GPIO_HI_OUT_CLR +// Description : QSPI output value clear +// Perform an atomic bit-clear on GPIO_HI_OUT, i.e. `GPIO_HI_OUT +// &= ~wdata` +// ============================================================================= +// Register : SIO_GPIO_HI_OUT_XOR +// Description : QSPI output value XOR +// Perform an atomic bitwise XOR on GPIO_HI_OUT, i.e. `GPIO_HI_OUT +// ^= wdata` +// ============================================================================= +// Register : SIO_GPIO_HI_OE +// Description : QSPI output enable +// Set output enable (1/0 -> output/input) for QSPI IO0...5. +// Reading back gives the last value written. +// If core 0 and core 1 both write to GPIO_HI_OE simultaneously +// (or to a SET/CLR/XOR alias), +// the result is as though the write from core 0 took place first, +// and the write from core 1 was then applied to that intermediate +// result. +// ============================================================================= +// Register : SIO_GPIO_HI_OE_SET +// Description : QSPI output enable set +// Perform an atomic bit-set on GPIO_HI_OE, i.e. `GPIO_HI_OE |= +// wdata` +// ============================================================================= +// Register : SIO_GPIO_HI_OE_CLR +// Description : QSPI output enable clear +// Perform an atomic bit-clear on GPIO_HI_OE, i.e. `GPIO_HI_OE &= +// ~wdata` +// ============================================================================= +// Register : SIO_GPIO_HI_OE_XOR +// Description : QSPI output enable XOR +// Perform an atomic bitwise XOR on GPIO_HI_OE, i.e. `GPIO_HI_OE +// ^= wdata` +// ============================================================================= +// Register : SIO_FIFO_ST +// Description : Status register for inter-core FIFOs (mailboxes). +// There is one FIFO in the core 0 -> core 1 direction, and one +// core 1 -> core 0. Both are 32 bits wide and 8 words deep. +// Core 0 can see the read side of the 1->0 FIFO (RX), and the +// write side of 0->1 FIFO (TX). +// Core 1 can see the read side of the 0->1 FIFO (RX), and the +// write side of 1->0 FIFO (TX). +// The SIO IRQ for each core is the logical OR of the VLD, WOF and +// ROE fields of its FIFO_ST register. +// ----------------------------------------------------------------------------- +// Field : SIO_FIFO_ST_ROE +// Description : Sticky flag indicating the RX FIFO was read when empty. This +// read was ignored by the FIFO. +// ----------------------------------------------------------------------------- +// Field : SIO_FIFO_ST_WOF +// Description : Sticky flag indicating the TX FIFO was written when full. This +// write was ignored by the FIFO. +// ----------------------------------------------------------------------------- +// Field : SIO_FIFO_ST_RDY +// Description : Value is 1 if this core's TX FIFO is not full (i.e. if FIFO_WR +// is ready for more data) +// ----------------------------------------------------------------------------- +// Field : SIO_FIFO_ST_VLD +// Description : Value is 1 if this core's RX FIFO is not empty (i.e. if FIFO_RD +// is valid) +// ============================================================================= +// Register : SIO_FIFO_WR +// Description : Write access to this core's TX FIFO +// ============================================================================= +// Register : SIO_FIFO_RD +// Description : Read access to this core's RX FIFO +// ============================================================================= +// Register : SIO_SPINLOCK_ST +// Description : Spinlock state +// A bitmap containing the state of all 32 spinlocks (1=locked). +// Mainly intended for debugging. +// ============================================================================= +// Register : SIO_DIV_UDIVIDEND +// Description : Divider unsigned dividend +// Write to the DIVIDEND operand of the divider, i.e. the p in `p +// / q`. +// Any operand write starts a new calculation. The results appear +// in QUOTIENT, REMAINDER. +// UDIVIDEND/SDIVIDEND are aliases of the same internal register. +// The U alias starts an +// unsigned calculation, and the S alias starts a signed +// calculation. +// ============================================================================= +// Register : SIO_DIV_UDIVISOR +// Description : Divider unsigned divisor +// Write to the DIVISOR operand of the divider, i.e. the q in `p / +// q`. +// Any operand write starts a new calculation. The results appear +// in QUOTIENT, REMAINDER. +// UDIVISOR/SDIVISOR are aliases of the same internal register. +// The U alias starts an +// unsigned calculation, and the S alias starts a signed +// calculation. +// ============================================================================= +// Register : SIO_DIV_SDIVIDEND +// Description : Divider signed dividend +// The same as UDIVIDEND, but starts a signed calculation, rather +// than unsigned. +// ============================================================================= +// Register : SIO_DIV_SDIVISOR +// Description : Divider signed divisor +// The same as UDIVISOR, but starts a signed calculation, rather +// than unsigned. +// ============================================================================= +// Register : SIO_DIV_QUOTIENT +// Description : Divider result quotient +// The result of `DIVIDEND / DIVISOR` (division). Contents +// undefined while CSR_READY is low. +// For signed calculations, QUOTIENT is negative when the signs of +// DIVIDEND and DIVISOR differ. +// This register can be written to directly, for context +// save/restore purposes. This halts any +// in-progress calculation and sets the CSR_READY and CSR_DIRTY +// flags. +// Reading from QUOTIENT clears the CSR_DIRTY flag, so should read +// results in the order +// REMAINDER, QUOTIENT if CSR_DIRTY is used. +// ============================================================================= +// Register : SIO_DIV_REMAINDER +// Description : Divider result remainder +// The result of `DIVIDEND % DIVISOR` (modulo). Contents undefined +// while CSR_READY is low. +// For signed calculations, REMAINDER is negative only when +// DIVIDEND is negative. +// This register can be written to directly, for context +// save/restore purposes. This halts any +// in-progress calculation and sets the CSR_READY and CSR_DIRTY +// flags. +// ============================================================================= +// Register : SIO_DIV_CSR +// Description : Control and status register for divider. +// ----------------------------------------------------------------------------- +// Field : SIO_DIV_CSR_DIRTY +// Description : Changes to 1 when any register is written, and back to 0 when +// QUOTIENT is read. +// Software can use this flag to make save/restore more efficient +// (skip if not DIRTY). +// If the flag is used in this way, it's recommended to either +// read QUOTIENT only, +// or REMAINDER and then QUOTIENT, to prevent data loss on context +// switch. +// ----------------------------------------------------------------------------- +// Field : SIO_DIV_CSR_READY +// Description : Reads as 0 when a calculation is in progress, 1 otherwise. +// Writing an operand (xDIVIDEND, xDIVISOR) will immediately start +// a new calculation, no +// matter if one is already in progress. +// Writing to a result register will immediately terminate any +// in-progress calculation +// and set the READY and DIRTY flags. +// ============================================================================= +// Register : SIO_INTERP0_ACCUM0 +// Description : Read/write access to accumulator 0 +// ============================================================================= +// Register : SIO_INTERP0_ACCUM1 +// Description : Read/write access to accumulator 1 +// ============================================================================= +// Register : SIO_INTERP0_BASE0 +// Description : Read/write access to BASE0 register. +// ============================================================================= +// Register : SIO_INTERP0_BASE1 +// Description : Read/write access to BASE1 register. +// ============================================================================= +// Register : SIO_INTERP0_BASE2 +// Description : Read/write access to BASE2 register. +// ============================================================================= +// Register : SIO_INTERP0_POP_LANE0 +// Description : Read LANE0 result, and simultaneously write lane results to +// both accumulators (POP). +// ============================================================================= +// Register : SIO_INTERP0_POP_LANE1 +// Description : Read LANE1 result, and simultaneously write lane results to +// both accumulators (POP). +// ============================================================================= +// Register : SIO_INTERP0_POP_FULL +// Description : Read FULL result, and simultaneously write lane results to both +// accumulators (POP). +// ============================================================================= +// Register : SIO_INTERP0_PEEK_LANE0 +// Description : Read LANE0 result, without altering any internal state (PEEK). +// ============================================================================= +// Register : SIO_INTERP0_PEEK_LANE1 +// Description : Read LANE1 result, without altering any internal state (PEEK). +// ============================================================================= +// Register : SIO_INTERP0_PEEK_FULL +// Description : Read FULL result, without altering any internal state (PEEK). +// ============================================================================= +// Register : SIO_INTERP0_CTRL_LANE0 +// Description : Control register for lane 0 +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP0_CTRL_LANE0_OVERF +// Description : Set if either OVERF0 or OVERF1 is set. +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP0_CTRL_LANE0_OVERF1 +// Description : Indicates if any masked-off MSBs in ACCUM1 are set. +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP0_CTRL_LANE0_OVERF0 +// Description : Indicates if any masked-off MSBs in ACCUM0 are set. +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP0_CTRL_LANE0_BLEND +// Description : Only present on INTERP0 on each core. If BLEND mode is enabled: +// - LANE1 result is a linear interpolation between BASE0 and +// BASE1, controlled +// by the 8 LSBs of lane 1 shift and mask value (a fractional +// number between +// 0 and 255/256ths) +// - LANE0 result does not have BASE0 added (yields only the 8 +// LSBs of lane 1 shift+mask value) +// - FULL result does not have lane 1 shift+mask value added +// (BASE2 + lane 0 shift+mask) +// LANE1 SIGNED flag controls whether the interpolation is signed +// or unsigned. +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP0_CTRL_LANE0_FORCE_MSB +// Description : ORed into bits 29:28 of the lane result presented to the +// processor on the bus. +// No effect on the internal 32-bit datapath. Handy for using a +// lane to generate sequence +// of pointers into flash or SRAM. +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP0_CTRL_LANE0_ADD_RAW +// Description : If 1, mask + shift is bypassed for LANE0 result. This does not +// affect FULL result. +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP0_CTRL_LANE0_CROSS_RESULT +// Description : If 1, feed the opposite lane's result into this lane's +// accumulator on POP. +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP0_CTRL_LANE0_CROSS_INPUT +// Description : If 1, feed the opposite lane's accumulator into this lane's +// shift + mask hardware. +// Takes effect even if ADD_RAW is set (the CROSS_INPUT mux is +// before the shift+mask bypass) +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP0_CTRL_LANE0_SIGNED +// Description : If SIGNED is set, the shifted and masked accumulator value is +// sign-extended to 32 bits +// before adding to BASE0, and LANE0 PEEK/POP appear extended to +// 32 bits when read by processor. +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP0_CTRL_LANE0_MASK_MSB +// Description : The most-significant bit allowed to pass by the mask +// (inclusive) +// Setting MSB < LSB may cause chip to turn inside-out +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP0_CTRL_LANE0_MASK_LSB +// Description : The least-significant bit allowed to pass by the mask +// (inclusive) +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP0_CTRL_LANE0_SHIFT +// Description : Logical right-shift applied to accumulator before masking +// ============================================================================= +// Register : SIO_INTERP0_CTRL_LANE1 +// Description : Control register for lane 1 +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP0_CTRL_LANE1_FORCE_MSB +// Description : ORed into bits 29:28 of the lane result presented to the +// processor on the bus. +// No effect on the internal 32-bit datapath. Handy for using a +// lane to generate sequence +// of pointers into flash or SRAM. +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP0_CTRL_LANE1_ADD_RAW +// Description : If 1, mask + shift is bypassed for LANE1 result. This does not +// affect FULL result. +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP0_CTRL_LANE1_CROSS_RESULT +// Description : If 1, feed the opposite lane's result into this lane's +// accumulator on POP. +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP0_CTRL_LANE1_CROSS_INPUT +// Description : If 1, feed the opposite lane's accumulator into this lane's +// shift + mask hardware. +// Takes effect even if ADD_RAW is set (the CROSS_INPUT mux is +// before the shift+mask bypass) +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP0_CTRL_LANE1_SIGNED +// Description : If SIGNED is set, the shifted and masked accumulator value is +// sign-extended to 32 bits +// before adding to BASE1, and LANE1 PEEK/POP appear extended to +// 32 bits when read by processor. +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP0_CTRL_LANE1_MASK_MSB +// Description : The most-significant bit allowed to pass by the mask +// (inclusive) +// Setting MSB < LSB may cause chip to turn inside-out +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP0_CTRL_LANE1_MASK_LSB +// Description : The least-significant bit allowed to pass by the mask +// (inclusive) +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP0_CTRL_LANE1_SHIFT +// Description : Logical right-shift applied to accumulator before masking +// ============================================================================= +// Register : SIO_INTERP0_ACCUM0_ADD +// Description : Values written here are atomically added to ACCUM0 +// Reading yields lane 0's raw shift and mask value (BASE0 not +// added). +// ============================================================================= +// Register : SIO_INTERP0_ACCUM1_ADD +// Description : Values written here are atomically added to ACCUM1 +// Reading yields lane 1's raw shift and mask value (BASE1 not +// added). +// ============================================================================= +// Register : SIO_INTERP0_BASE_1AND0 +// Description : On write, the lower 16 bits go to BASE0, upper bits to BASE1 +// simultaneously. +// Each half is sign-extended to 32 bits if that lane's SIGNED +// flag is set. +// ============================================================================= +// Register : SIO_INTERP1_ACCUM0 +// Description : Read/write access to accumulator 0 +// ============================================================================= +// Register : SIO_INTERP1_ACCUM1 +// Description : Read/write access to accumulator 1 +// ============================================================================= +// Register : SIO_INTERP1_BASE0 +// Description : Read/write access to BASE0 register. +// ============================================================================= +// Register : SIO_INTERP1_BASE1 +// Description : Read/write access to BASE1 register. +// ============================================================================= +// Register : SIO_INTERP1_BASE2 +// Description : Read/write access to BASE2 register. +// ============================================================================= +// Register : SIO_INTERP1_POP_LANE0 +// Description : Read LANE0 result, and simultaneously write lane results to +// both accumulators (POP). +// ============================================================================= +// Register : SIO_INTERP1_POP_LANE1 +// Description : Read LANE1 result, and simultaneously write lane results to +// both accumulators (POP). +// ============================================================================= +// Register : SIO_INTERP1_POP_FULL +// Description : Read FULL result, and simultaneously write lane results to both +// accumulators (POP). +// ============================================================================= +// Register : SIO_INTERP1_PEEK_LANE0 +// Description : Read LANE0 result, without altering any internal state (PEEK). +// ============================================================================= +// Register : SIO_INTERP1_PEEK_LANE1 +// Description : Read LANE1 result, without altering any internal state (PEEK). +// ============================================================================= +// Register : SIO_INTERP1_PEEK_FULL +// Description : Read FULL result, without altering any internal state (PEEK). +// ============================================================================= +// Register : SIO_INTERP1_CTRL_LANE0 +// Description : Control register for lane 0 +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP1_CTRL_LANE0_OVERF +// Description : Set if either OVERF0 or OVERF1 is set. +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP1_CTRL_LANE0_OVERF1 +// Description : Indicates if any masked-off MSBs in ACCUM1 are set. +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP1_CTRL_LANE0_OVERF0 +// Description : Indicates if any masked-off MSBs in ACCUM0 are set. +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP1_CTRL_LANE0_CLAMP +// Description : Only present on INTERP1 on each core. If CLAMP mode is enabled: +// - LANE0 result is shifted and masked ACCUM0, clamped by a lower +// bound of +// BASE0 and an upper bound of BASE1. +// - Signedness of these comparisons is determined by +// LANE0_CTRL_SIGNED +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP1_CTRL_LANE0_FORCE_MSB +// Description : ORed into bits 29:28 of the lane result presented to the +// processor on the bus. +// No effect on the internal 32-bit datapath. Handy for using a +// lane to generate sequence +// of pointers into flash or SRAM. +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP1_CTRL_LANE0_ADD_RAW +// Description : If 1, mask + shift is bypassed for LANE0 result. This does not +// affect FULL result. +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP1_CTRL_LANE0_CROSS_RESULT +// Description : If 1, feed the opposite lane's result into this lane's +// accumulator on POP. +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP1_CTRL_LANE0_CROSS_INPUT +// Description : If 1, feed the opposite lane's accumulator into this lane's +// shift + mask hardware. +// Takes effect even if ADD_RAW is set (the CROSS_INPUT mux is +// before the shift+mask bypass) +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP1_CTRL_LANE0_SIGNED +// Description : If SIGNED is set, the shifted and masked accumulator value is +// sign-extended to 32 bits +// before adding to BASE0, and LANE0 PEEK/POP appear extended to +// 32 bits when read by processor. +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP1_CTRL_LANE0_MASK_MSB +// Description : The most-significant bit allowed to pass by the mask +// (inclusive) +// Setting MSB < LSB may cause chip to turn inside-out +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP1_CTRL_LANE0_MASK_LSB +// Description : The least-significant bit allowed to pass by the mask +// (inclusive) +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP1_CTRL_LANE0_SHIFT +// Description : Logical right-shift applied to accumulator before masking +// ============================================================================= +// Register : SIO_INTERP1_CTRL_LANE1 +// Description : Control register for lane 1 +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP1_CTRL_LANE1_FORCE_MSB +// Description : ORed into bits 29:28 of the lane result presented to the +// processor on the bus. +// No effect on the internal 32-bit datapath. Handy for using a +// lane to generate sequence +// of pointers into flash or SRAM. +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP1_CTRL_LANE1_ADD_RAW +// Description : If 1, mask + shift is bypassed for LANE1 result. This does not +// affect FULL result. +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP1_CTRL_LANE1_CROSS_RESULT +// Description : If 1, feed the opposite lane's result into this lane's +// accumulator on POP. +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP1_CTRL_LANE1_CROSS_INPUT +// Description : If 1, feed the opposite lane's accumulator into this lane's +// shift + mask hardware. +// Takes effect even if ADD_RAW is set (the CROSS_INPUT mux is +// before the shift+mask bypass) +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP1_CTRL_LANE1_SIGNED +// Description : If SIGNED is set, the shifted and masked accumulator value is +// sign-extended to 32 bits +// before adding to BASE1, and LANE1 PEEK/POP appear extended to +// 32 bits when read by processor. +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP1_CTRL_LANE1_MASK_MSB +// Description : The most-significant bit allowed to pass by the mask +// (inclusive) +// Setting MSB < LSB may cause chip to turn inside-out +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP1_CTRL_LANE1_MASK_LSB +// Description : The least-significant bit allowed to pass by the mask +// (inclusive) +// ----------------------------------------------------------------------------- +// Field : SIO_INTERP1_CTRL_LANE1_SHIFT +// Description : Logical right-shift applied to accumulator before masking +// ============================================================================= +// Register : SIO_INTERP1_ACCUM0_ADD +// Description : Values written here are atomically added to ACCUM0 +// Reading yields lane 0's raw shift and mask value (BASE0 not +// added). +// ============================================================================= +// Register : SIO_INTERP1_ACCUM1_ADD +// Description : Values written here are atomically added to ACCUM1 +// Reading yields lane 1's raw shift and mask value (BASE1 not +// added). +// ============================================================================= +// Register : SIO_INTERP1_BASE_1AND0 +// Description : On write, the lower 16 bits go to BASE0, upper bits to BASE1 +// simultaneously. +// Each half is sign-extended to 32 bits if that lane's SIGNED +// flag is set. +// ============================================================================= +// Register : SIO_SPINLOCK0 +// Description : Reading from a spinlock address will: +// - Return 0 if lock is already locked +// - Otherwise return nonzero, and simultaneously claim the lock +// +// Writing (any value) releases the lock. +// If core 0 and core 1 attempt to claim the same lock +// simultaneously, core 0 wins. +// The value returned on success is 0x1 << lock number. +// ============================================================================= +// Register : SIO_SPINLOCK1 +// Description : Reading from a spinlock address will: +// - Return 0 if lock is already locked +// - Otherwise return nonzero, and simultaneously claim the lock +// +// Writing (any value) releases the lock. +// If core 0 and core 1 attempt to claim the same lock +// simultaneously, core 0 wins. +// The value returned on success is 0x1 << lock number. +// ============================================================================= +// Register : SIO_SPINLOCK2 +// Description : Reading from a spinlock address will: +// - Return 0 if lock is already locked +// - Otherwise return nonzero, and simultaneously claim the lock +// +// Writing (any value) releases the lock. +// If core 0 and core 1 attempt to claim the same lock +// simultaneously, core 0 wins. +// The value returned on success is 0x1 << lock number. +// ============================================================================= +// Register : SIO_SPINLOCK3 +// Description : Reading from a spinlock address will: +// - Return 0 if lock is already locked +// - Otherwise return nonzero, and simultaneously claim the lock +// +// Writing (any value) releases the lock. +// If core 0 and core 1 attempt to claim the same lock +// simultaneously, core 0 wins. +// The value returned on success is 0x1 << lock number. +// ============================================================================= +// Register : SIO_SPINLOCK4 +// Description : Reading from a spinlock address will: +// - Return 0 if lock is already locked +// - Otherwise return nonzero, and simultaneously claim the lock +// +// Writing (any value) releases the lock. +// If core 0 and core 1 attempt to claim the same lock +// simultaneously, core 0 wins. +// The value returned on success is 0x1 << lock number. +// ============================================================================= +// Register : SIO_SPINLOCK5 +// Description : Reading from a spinlock address will: +// - Return 0 if lock is already locked +// - Otherwise return nonzero, and simultaneously claim the lock +// +// Writing (any value) releases the lock. +// If core 0 and core 1 attempt to claim the same lock +// simultaneously, core 0 wins. +// The value returned on success is 0x1 << lock number. +// ============================================================================= +// Register : SIO_SPINLOCK6 +// Description : Reading from a spinlock address will: +// - Return 0 if lock is already locked +// - Otherwise return nonzero, and simultaneously claim the lock +// +// Writing (any value) releases the lock. +// If core 0 and core 1 attempt to claim the same lock +// simultaneously, core 0 wins. +// The value returned on success is 0x1 << lock number. +// ============================================================================= +// Register : SIO_SPINLOCK7 +// Description : Reading from a spinlock address will: +// - Return 0 if lock is already locked +// - Otherwise return nonzero, and simultaneously claim the lock +// +// Writing (any value) releases the lock. +// If core 0 and core 1 attempt to claim the same lock +// simultaneously, core 0 wins. +// The value returned on success is 0x1 << lock number. +// ============================================================================= +// Register : SIO_SPINLOCK8 +// Description : Reading from a spinlock address will: +// - Return 0 if lock is already locked +// - Otherwise return nonzero, and simultaneously claim the lock +// +// Writing (any value) releases the lock. +// If core 0 and core 1 attempt to claim the same lock +// simultaneously, core 0 wins. +// The value returned on success is 0x1 << lock number. +// ============================================================================= +// Register : SIO_SPINLOCK9 +// Description : Reading from a spinlock address will: +// - Return 0 if lock is already locked +// - Otherwise return nonzero, and simultaneously claim the lock +// +// Writing (any value) releases the lock. +// If core 0 and core 1 attempt to claim the same lock +// simultaneously, core 0 wins. +// The value returned on success is 0x1 << lock number. +// ============================================================================= +// Register : SIO_SPINLOCK10 +// Description : Reading from a spinlock address will: +// - Return 0 if lock is already locked +// - Otherwise return nonzero, and simultaneously claim the lock +// +// Writing (any value) releases the lock. +// If core 0 and core 1 attempt to claim the same lock +// simultaneously, core 0 wins. +// The value returned on success is 0x1 << lock number. +// ============================================================================= +// Register : SIO_SPINLOCK11 +// Description : Reading from a spinlock address will: +// - Return 0 if lock is already locked +// - Otherwise return nonzero, and simultaneously claim the lock +// +// Writing (any value) releases the lock. +// If core 0 and core 1 attempt to claim the same lock +// simultaneously, core 0 wins. +// The value returned on success is 0x1 << lock number. +// ============================================================================= +// Register : SIO_SPINLOCK12 +// Description : Reading from a spinlock address will: +// - Return 0 if lock is already locked +// - Otherwise return nonzero, and simultaneously claim the lock +// +// Writing (any value) releases the lock. +// If core 0 and core 1 attempt to claim the same lock +// simultaneously, core 0 wins. +// The value returned on success is 0x1 << lock number. +// ============================================================================= +// Register : SIO_SPINLOCK13 +// Description : Reading from a spinlock address will: +// - Return 0 if lock is already locked +// - Otherwise return nonzero, and simultaneously claim the lock +// +// Writing (any value) releases the lock. +// If core 0 and core 1 attempt to claim the same lock +// simultaneously, core 0 wins. +// The value returned on success is 0x1 << lock number. +// ============================================================================= +// Register : SIO_SPINLOCK14 +// Description : Reading from a spinlock address will: +// - Return 0 if lock is already locked +// - Otherwise return nonzero, and simultaneously claim the lock +// +// Writing (any value) releases the lock. +// If core 0 and core 1 attempt to claim the same lock +// simultaneously, core 0 wins. +// The value returned on success is 0x1 << lock number. +// ============================================================================= +// Register : SIO_SPINLOCK15 +// Description : Reading from a spinlock address will: +// - Return 0 if lock is already locked +// - Otherwise return nonzero, and simultaneously claim the lock +// +// Writing (any value) releases the lock. +// If core 0 and core 1 attempt to claim the same lock +// simultaneously, core 0 wins. +// The value returned on success is 0x1 << lock number. +// ============================================================================= +// Register : SIO_SPINLOCK16 +// Description : Reading from a spinlock address will: +// - Return 0 if lock is already locked +// - Otherwise return nonzero, and simultaneously claim the lock +// +// Writing (any value) releases the lock. +// If core 0 and core 1 attempt to claim the same lock +// simultaneously, core 0 wins. +// The value returned on success is 0x1 << lock number. +// ============================================================================= +// Register : SIO_SPINLOCK17 +// Description : Reading from a spinlock address will: +// - Return 0 if lock is already locked +// - Otherwise return nonzero, and simultaneously claim the lock +// +// Writing (any value) releases the lock. +// If core 0 and core 1 attempt to claim the same lock +// simultaneously, core 0 wins. +// The value returned on success is 0x1 << lock number. +// ============================================================================= +// Register : SIO_SPINLOCK18 +// Description : Reading from a spinlock address will: +// - Return 0 if lock is already locked +// - Otherwise return nonzero, and simultaneously claim the lock +// +// Writing (any value) releases the lock. +// If core 0 and core 1 attempt to claim the same lock +// simultaneously, core 0 wins. +// The value returned on success is 0x1 << lock number. +// ============================================================================= +// Register : SIO_SPINLOCK19 +// Description : Reading from a spinlock address will: +// - Return 0 if lock is already locked +// - Otherwise return nonzero, and simultaneously claim the lock +// +// Writing (any value) releases the lock. +// If core 0 and core 1 attempt to claim the same lock +// simultaneously, core 0 wins. +// The value returned on success is 0x1 << lock number. +// ============================================================================= +// Register : SIO_SPINLOCK20 +// Description : Reading from a spinlock address will: +// - Return 0 if lock is already locked +// - Otherwise return nonzero, and simultaneously claim the lock +// +// Writing (any value) releases the lock. +// If core 0 and core 1 attempt to claim the same lock +// simultaneously, core 0 wins. +// The value returned on success is 0x1 << lock number. +// ============================================================================= +// Register : SIO_SPINLOCK21 +// Description : Reading from a spinlock address will: +// - Return 0 if lock is already locked +// - Otherwise return nonzero, and simultaneously claim the lock +// +// Writing (any value) releases the lock. +// If core 0 and core 1 attempt to claim the same lock +// simultaneously, core 0 wins. +// The value returned on success is 0x1 << lock number. +// ============================================================================= +// Register : SIO_SPINLOCK22 +// Description : Reading from a spinlock address will: +// - Return 0 if lock is already locked +// - Otherwise return nonzero, and simultaneously claim the lock +// +// Writing (any value) releases the lock. +// If core 0 and core 1 attempt to claim the same lock +// simultaneously, core 0 wins. +// The value returned on success is 0x1 << lock number. +// ============================================================================= +// Register : SIO_SPINLOCK23 +// Description : Reading from a spinlock address will: +// - Return 0 if lock is already locked +// - Otherwise return nonzero, and simultaneously claim the lock +// +// Writing (any value) releases the lock. +// If core 0 and core 1 attempt to claim the same lock +// simultaneously, core 0 wins. +// The value returned on success is 0x1 << lock number. +// ============================================================================= +// Register : SIO_SPINLOCK24 +// Description : Reading from a spinlock address will: +// - Return 0 if lock is already locked +// - Otherwise return nonzero, and simultaneously claim the lock +// +// Writing (any value) releases the lock. +// If core 0 and core 1 attempt to claim the same lock +// simultaneously, core 0 wins. +// The value returned on success is 0x1 << lock number. +// ============================================================================= +// Register : SIO_SPINLOCK25 +// Description : Reading from a spinlock address will: +// - Return 0 if lock is already locked +// - Otherwise return nonzero, and simultaneously claim the lock +// +// Writing (any value) releases the lock. +// If core 0 and core 1 attempt to claim the same lock +// simultaneously, core 0 wins. +// The value returned on success is 0x1 << lock number. +// ============================================================================= +// Register : SIO_SPINLOCK26 +// Description : Reading from a spinlock address will: +// - Return 0 if lock is already locked +// - Otherwise return nonzero, and simultaneously claim the lock +// +// Writing (any value) releases the lock. +// If core 0 and core 1 attempt to claim the same lock +// simultaneously, core 0 wins. +// The value returned on success is 0x1 << lock number. +// ============================================================================= +// Register : SIO_SPINLOCK27 +// Description : Reading from a spinlock address will: +// - Return 0 if lock is already locked +// - Otherwise return nonzero, and simultaneously claim the lock +// +// Writing (any value) releases the lock. +// If core 0 and core 1 attempt to claim the same lock +// simultaneously, core 0 wins. +// The value returned on success is 0x1 << lock number. +// ============================================================================= +// Register : SIO_SPINLOCK28 +// Description : Reading from a spinlock address will: +// - Return 0 if lock is already locked +// - Otherwise return nonzero, and simultaneously claim the lock +// +// Writing (any value) releases the lock. +// If core 0 and core 1 attempt to claim the same lock +// simultaneously, core 0 wins. +// The value returned on success is 0x1 << lock number. +// ============================================================================= +// Register : SIO_SPINLOCK29 +// Description : Reading from a spinlock address will: +// - Return 0 if lock is already locked +// - Otherwise return nonzero, and simultaneously claim the lock +// +// Writing (any value) releases the lock. +// If core 0 and core 1 attempt to claim the same lock +// simultaneously, core 0 wins. +// The value returned on success is 0x1 << lock number. +// ============================================================================= +// Register : SIO_SPINLOCK30 +// Description : Reading from a spinlock address will: +// - Return 0 if lock is already locked +// - Otherwise return nonzero, and simultaneously claim the lock +// +// Writing (any value) releases the lock. +// If core 0 and core 1 attempt to claim the same lock +// simultaneously, core 0 wins. +// The value returned on success is 0x1 << lock number. +// ============================================================================= +// Register : SIO_SPINLOCK31 +// Description : Reading from a spinlock address will: +// - Return 0 if lock is already locked +// - Otherwise return nonzero, and simultaneously claim the lock +// +// Writing (any value) releases the lock. +// If core 0 and core 1 attempt to claim the same lock +// simultaneously, core 0 wins. +// The value returned on success is 0x1 << lock number. +// ============================================================================= + +// Marker for builds targeting the RP2040 +// PICO_CONFIG: PICO_STACK_SIZE, Stack Size, min=0x100, default=0x800, advanced=true, group=pico_platform +// PICO_CONFIG: PICO_HEAP_SIZE, Heap size to reserve, min=0x100, default=0x800, advanced=true, group=pico_platform +// PICO_CONFIG: PICO_NO_RAM_VECTOR_TABLE, Enable/disable the RAM vector table, type=bool, default=0, advanced=true, group=pico_platform +// PICO_CONFIG: PICO_RP2040_B0_SUPPORTED, Whether to include any specific software support for RP2040 B0 revision, type=bool, default=1, advanced=true, group=pico_platform +// PICO_CONFIG: PICO_FLOAT_SUPPORT_ROM_V1, Include float support code for RP2040 B0 when that chip revision is supported , type=bool, default=1, advanced=true, group=pico_platform +// PICO_CONFIG: PICO_DOUBLE_SUPPORT_ROM_V1, Include double support code for RP2040 B0 when that chip revision is supported , type=bool, default=1, advanced=true, group=pico_platform +// PICO_CONFIG: PICO_RP2040_B1_SUPPORTED, Whether to include any specific software support for RP2040 B1 revision, type=bool, default=1, advanced=true, group=pico_platform +// PICO_CONFIG: PICO_RP2040_B2_SUPPORTED, Whether to include any specific software support for RP2040 B2 revision, type=bool, default=1, advanced=true, group=pico_platform +// --- remainder of file is not included by assembly code --- +/*! \brief Marker for an interrupt handler + * \ingroup pico_platform + * For example an IRQ handler function called my_interrupt_handler: + * + * void __isr my_interrupt_handler(void) { + */ +/*! \brief Section attribute macro for placement in RAM after the `.data` section + * \ingroup pico_platform + * + * For example a 400 element `uint32_t` array placed after the .data section + * + * uint32_t __after_data("my_group_name") a_big_array[400]; + * + * The section attribute is `.after_data.` + * + * \param group a string suffix to use in the section name to distinguish groups that can be linker + * garbage-collected independently + */ +/*! \brief Section attribute macro for placement not in flash (i.e in RAM) + * \ingroup pico_platform + * + * For example a 3 element `uint32_t` array placed in RAM (even though it is `static const`) + * + * static const uint32_t __not_in_flash("my_group_name") an_array[3]; + * + * The section attribute is `.time_critical.` + * + * \param group a string suffix to use in the section name to distinguish groups that can be linker + * garbage-collected independently + */ +/*! \brief Section attribute macro for placement in the SRAM bank 4 (known as "scratch X") + * \ingroup pico_platform + * + * Scratch X is commonly used for critical data and functions accessed only by one core (when only + * one core is accessing the RAM bank, there is no opportunity for stalls) + * + * For example a `uint32_t` variable placed in "scratch X" + * + * uint32_t __scratch_x("my_group_name") foo = 23; + * + * The section attribute is `.scratch_x.` + * + * \param group a string suffix to use in the section name to distinguish groups that can be linker + * garbage-collected independently + */ +/*! \brief Section attribute macro for placement in the SRAM bank 5 (known as "scratch Y") + * \ingroup pico_platform + * + * Scratch Y is commonly used for critical data and functions accessed only by one core (when only + * one core is accessing the RAM bank, there is no opportunity for stalls) + * + * For example a `uint32_t` variable placed in "scratch Y" + * + * uint32_t __scratch_y("my_group_name") foo = 23; + * + * The section attribute is `.scratch_y.` + * + * \param group a string suffix to use in the section name to distinguish groups that can be linker + * garbage-collected independently + */ +/*! \brief Section attribute macro for data that is to be left uninitialized + * \ingroup pico_platform + * + * Data marked this way will retain its value across a reset (normally uninitialized data - in the .bss + * section) is initialized to zero during runtime initialization + * + * For example a `uint32_t` foo that will retain its value if the program is restarted by reset. + * + * uint32_t __uninitialized_ram("my_group_name") foo; + * + * The section attribute is `.uninitialized_ram.` + * + * \param group a string suffix to use in the section name to distinguish groups that can be linker + * garbage-collected independently + */ +/*! \brief Section attribute macro for placement in flash even in a COPY_TO_RAM binary + * \ingroup pico_platform + * + * For example a `uint32_t` variable explicitly placed in flash (it will hard fault if you attempt to write it!) + * + * uint32_t __in_flash("my_group_name") foo = 23; + * + * The section attribute is `.flashdata.` + * + * \param group a string suffix to use in the section name to distinguish groups that can be linker + * garbage-collected independently + */ +/*! \brief Indicates a function should not be stored in flash + * \ingroup pico_platform + * + * Decorates a function name, such that the function will execute from RAM (assuming it is not inlined + * into a flash function by the compiler) + * + * For example a function called my_func taking an int parameter: + * + * void __not_in_flash_func(my_func)(int some_arg) { + * + * The function is placed in the `.time_critical.` linker section + * + * \see __no_inline_not_in_flash_func + */ +/*! \brief Indicates a function is time/latency critical and should not run from flash + * \ingroup pico_platform + * + * Decorates a function name, such that the function will execute from RAM (assuming it is not inlined + * into a flash function by the compiler) to avoid possible flash latency. Currently this macro is identical + * in implementation to `__not_in_flash_func`, however the semantics are distinct and a `__time_critical_func` + * may in the future be treated more specially to reduce the overhead when calling such function from a flash + * function. + * + * For example a function called my_func taking an int parameter: + * + * void __time_critical(my_func)(int some_arg) { + * + * The function is placed in the `.time_critical.` linker section + * + * \see __not_in_flash_func + */ +/*! \brief Indicate a function should not be stored in flash and should not be inlined + * \ingroup pico_platform + * + * Decorates a function name, such that the function will execute from RAM, explicitly marking it as + * noinline to prevent it being inlined into a flash function by the compiler + * + * For example a function called my_func taking an int parameter: + * + * void __no_inline_not_in_flash_func(my_func)(int some_arg) { + * + * The function is placed in the `.time_critical.` linker section + */ +/*! \brief Attribute to force inlining of a function regardless of optimization level + * \ingroup pico_platform + * + * For example my_function here will always be inlined: + * + * int __force_inline my_function(int x) { + * + */ +/*! \brief Macro to determine the number of elements in an array + * \ingroup pico_platform + */ +/*! \brief Macro to return the maximum of two comparable values + * \ingroup pico_platform + */ +/*! \brief Macro to return the minimum of two comparable values + * \ingroup pico_platform + */ +/*! \brief Execute a breakpoint instruction + * \ingroup pico_platform + */ +static inline void __breakpoint(void) { + __asm__("bkpt #0"); +} +/*! \brief Ensure that the compiler does not move memory access across this method call + * \ingroup pico_platform + * + * For example in the following code: + * + * *some_memory_location = var_a; + * __compiler_memory_barrier(); + * uint32_t var_b = *some_other_memory_location + * + * The compiler will not move the load from `some_other_memory_location` above the memory barrier (which it otherwise + * might - even above the memory store!) + */ +inline __always_inline static void __compiler_memory_barrier(void) { + __asm__ volatile ("" : : : "memory"); +} +/*! \brief Macro for converting memory addresses to 32 bit addresses suitable for DMA + * \ingroup pico_platform + * + * This is just a cast to `uintptr_t` on the RP2040, however you may want to use this when developing code + * that also runs in "host" mode. If the host mode is 64 bit and you are embedding data pointers + * in other data (e.g. DMA chaining), then there is a need in "host" mode to convert a 64 bit native + * pointer to a 32 bit value for storage, which can be done using this macro. + */ +/*! \brief Panics with the message "Unsupported" + * \ingroup pico_platform + * \see panic + */ +void __attribute__((noreturn)) panic_unsupported(void); +/*! \brief Displays a panic message and halts execution + * \ingroup pico_platform + * + * An attempt is made to output the message to all registered STDOUT drivers + * after which this method executes a BKPT instruction. + * + * @param fmt format string (printf-like) + * @param ... printf-like arguments + */ +void __attribute__((noreturn)) panic(const char *fmt, ...); +// PICO_CONFIG: PICO_NO_FPGA_CHECK, Remove the FPGA platform check for small code size reduction, type=bool, default=0, advanced=true, group=pico_runtime +_Bool running_on_fpga(void); +/*! \brief Returns the RP2040 chip revision number + * \ingroup pico_platform + * @return the RP2040 chip revision number (1 for B0/B1, 2 for B2) + */ +uint8_t rp2040_chip_version(void); +/*! \brief Returns the RP2040 rom version number + * \ingroup pico_platform + * @return the RP2040 rom version number (1 for RP2040-B0, 2 for RP2040-B1, 3 for RP2040-B2) + */ +static inline uint8_t rp2040_rom_version(void) { +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Warray-bounds" + return *(uint8_t*)0x13; +#pragma GCC diagnostic pop +} +/*! \brief No-op function for the body of tight loops + * \ingroup pico_platform + * + * No-op function intended to be called by any tight hardware polling loop. Using this ubiquitously + * makes it much easier to find tight loops, but also in the future \#ifdef-ed support for lockup + * debugging might be added + */ +static inline __always_inline void tight_loop_contents(void) {} +/*! \brief Multiply two integers using an assembly `MUL` instruction + * \ingroup pico_platform + * + * This multiplies a by b using multiply instruction using the ARM mul instruction regardless of values (the compiler + * might otherwise choose to perform shifts/adds), i.e. this is a 1 cycle operation. + * + * \param a the first operand + * \param b the second operand + * \return a * b + */ +inline __always_inline static int32_t __mul_instruction(int32_t a, int32_t b) { + asm ("mul %0, %1" : "+l" (a) : "l" (b) : ); + return a; +} +/*! \brief multiply two integer values using the fastest method possible + * \ingroup pico_platform + * + * Efficiently multiplies value a by possibly constant value b. + * + * If b is known to be constant and not zero or a power of 2, then a mul instruction is used rather than gcc's default + * which is often a slow combination of shifts and adds. If b is a power of 2 then a single shift is of course preferable + * and will be used + * + * \param a the first operand + * \param b the second operand + * \return a * b + */ +/*! \brief Utility macro to assert two types are equivalent. + * \ingroup pico_platform + * + * This macro can be useful in other macros along with `typeof` to assert that two parameters are of equivalent type + * (or that a single parameter is of an expected type) + */ +/*! \brief Get the current exception level on this core + * \ingroup pico_platform + * + * \return the exception number if the CPU is handling an exception, or 0 otherwise + */ +uint __get_current_exception(void); +/*! \brief Helper method to busy-wait for at least the given number of cycles + * \ingroup pico_platform + * + * This method is useful for introducing very short delays. + * + * This method busy-waits in a tight loop for the given number of system clock cycles. The total wait time is only accurate to within 2 cycles, + * and this method uses a loop counter rather than a hardware timer, so the method will always take longer than expected if an + * interrupt is handled on the calling core during the busy-wait; you can of course disable interrupts to prevent this. + * + * You can use \ref clock_get_hz(clk_sys) to determine the number of clock cycles per second if you want to convert an actual + * time duration to a number of cycles. + * + * \param minimum_cycles the minimum number of system clock cycles to delay for + */ +static inline void busy_wait_at_least_cycles(uint32_t minimum_cycles) { + __asm volatile ( + ".syntax unified\n" + "1: subs %0, #3\n" + "bcs 1b\n" + : "+r" (minimum_cycles) : : "memory" + ); +} +/*! \brief Get the current core number + * \ingroup pico_platform + * + * \return The core number the call was made from + */ +inline __always_inline static uint get_core_num(void) { + return (*(uint32_t *) (0xd0000000u + 0x00000000u)); +} +/* + * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. + * + * SPDX-License-Identifier: BSD-3-Clause + */ +/*! + * \brief Common return codes from pico_sdk methods that return a status + * \ingroup pico_base + */ +enum pico_error_codes { + PICO_OK = 0, + PICO_ERROR_NONE = 0, + PICO_ERROR_TIMEOUT = -1, + PICO_ERROR_GENERIC = -2, + PICO_ERROR_NO_DATA = -3, + PICO_ERROR_NOT_PERMITTED = -4, + PICO_ERROR_INVALID_ARG = -5, + PICO_ERROR_IO = -6, +}; +/* + * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. + * + * SPDX-License-Identifier: BSD-3-Clause + */ +/* + * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. + * + * SPDX-License-Identifier: BSD-3-Clause + */ +/** \file address_mapped.h + * \defgroup hardware_base hardware_base + * + * Low-level types and (atomic) accessors for memory-mapped hardware registers + * + * `hardware_base` defines the low level types and access functions for memory mapped hardware registers. It is included + * by default by all other hardware libraries. + * + * The following register access typedefs codify the access type (read/write) and the bus size (8/16/32) of the hardware register. + * The register type names are formed by concatenating one from each of the 3 parts A, B, C + + * A | B | C | Meaning + * ------|---|---|-------- + * io_ | | | A Memory mapped IO register + *  |ro_| | read-only access + *  |rw_| | read-write access + *  |wo_| | write-only access (can't actually be enforced via C API) + *  | | 8| 8-bit wide access + *  | | 16| 16-bit wide access + *  | | 32| 32-bit wide access + * + * When dealing with these types, you will always use a pointer, i.e. `io_rw_32 *some_reg` is a pointer to a read/write + * 32 bit register that you can write with `*some_reg = value`, or read with `value = *some_reg`. + * + * RP2040 hardware is also aliased to provide atomic setting, clear or flipping of a subset of the bits within + * a hardware register so that concurrent access by two cores is always consistent with one atomic operation + * being performed first, followed by the second. + * + * See hw_set_bits(), hw_clear_bits() and hw_xor_bits() provide for atomic access via a pointer to a 32 bit register + * + * Additionally given a pointer to a structure representing a piece of hardware (e.g. `dma_hw_t *dma_hw` for the DMA controller), you can + * get an alias to the entire structure such that writing any member (register) within the structure is equivalent + * to an atomic operation via hw_set_alias(), hw_clear_alias() or hw_xor_alias()... + * + * For example `hw_set_alias(dma_hw)->inte1 = 0x80;` will set bit 7 of the INTE1 register of the DMA controller, + * leaving the other bits unchanged. + */ +// PICO_CONFIG: PARAM_ASSERTIONS_ENABLED_ADDRESS_ALIAS, Enable/disable assertions in memory address aliasing macros, type=bool, default=0, group=hardware_base +typedef volatile uint32_t io_rw_32; +typedef const volatile uint32_t io_ro_32; +typedef volatile uint32_t io_wo_32; +typedef volatile uint16_t io_rw_16; +typedef const volatile uint16_t io_ro_16; +typedef volatile uint16_t io_wo_16; +typedef volatile uint8_t io_rw_8; +typedef const volatile uint8_t io_ro_8; +typedef volatile uint8_t io_wo_8; +typedef volatile uint8_t *const ioptr; +typedef ioptr const const_ioptr; +// A non-functional (empty) helper macro to help IDEs follow links from the autogenerated +// hardware struct headers in hardware/structs/xxx.h to the raw register definitions +// in hardware/regs/xxx.h. A preprocessor define such as TIMER_TIMEHW_OFFSET (a timer register offset) +// is not generally clickable (in an IDE) if placed in a C comment, so _REG_(TIMER_TIMEHW_OFFSET) is +// included outside of a comment instead +// Helper method used by hw_alias macros to optionally check input validity +// can't use the following impl as it breaks existing static declarations using hw_alias, so would be a backwards incompatibility +//static __force_inline uint32_t hw_alias_check_addr(volatile void *addr) { +// uint32_t rc = (uintptr_t)addr; +// invalid_params_if(ADDRESS_ALIAS, rc < 0x40000000); // catch likely non HW pointer types +// return rc; +//} +// Helper method used by xip_alias macros to optionally check input validity +static inline __always_inline uint32_t xip_alias_check_addr(const void *addr) { + uint32_t rc = (uintptr_t)addr; + ({if (((0 || 0) && !0)) (__builtin_expect(!(rc >= 0x10000000u && rc < 0x11000000u), 0) ? __assert_rtn(__func__, "address_mapped.h", 95, "rc >= 0x10000000u && rc < 0x11000000u") : (void)0);}); + return rc; +} +// Untyped conversion alias pointer generation macros +// Typed conversion alias pointer generation macros +/*! \brief Atomically set the specified bits to 1 in a HW register + * \ingroup hardware_base + * + * \param addr Address of writable register + * \param mask Bit-mask specifying bits to set + */ +inline __always_inline static void hw_set_bits(io_rw_32 *addr, uint32_t mask) { + *(io_rw_32 *) ((void *)((0x2u << 12u) | ((uintptr_t)((volatile void *) addr)))) = mask; +} +/*! \brief Atomically clear the specified bits to 0 in a HW register + * \ingroup hardware_base + * + * \param addr Address of writable register + * \param mask Bit-mask specifying bits to clear + */ +inline __always_inline static void hw_clear_bits(io_rw_32 *addr, uint32_t mask) { + *(io_rw_32 *) ((void *)((0x3u << 12u) | ((uintptr_t)((volatile void *) addr)))) = mask; +} +/*! \brief Atomically flip the specified bits in a HW register + * \ingroup hardware_base + * + * \param addr Address of writable register + * \param mask Bit-mask specifying bits to invert + */ +inline __always_inline static void hw_xor_bits(io_rw_32 *addr, uint32_t mask) { + *(io_rw_32 *) ((void *)((0x1u << 12u) | ((uintptr_t)((volatile void *) addr)))) = mask; +} +/*! \brief Set new values for a sub-set of the bits in a HW register + * \ingroup hardware_base + * + * Sets destination bits to values specified in \p values, if and only if corresponding bit in \p write_mask is set + * + * Note: this method allows safe concurrent modification of *different* bits of + * a register, but multiple concurrent access to the same bits is still unsafe. + * + * \param addr Address of writable register + * \param values Bits values + * \param write_mask Mask of bits to change + */ +inline __always_inline static void hw_write_masked(io_rw_32 *addr, uint32_t values, uint32_t write_mask) { + hw_xor_bits(addr, (*addr ^ values) & write_mask); +} +/** \file hardware/sync.h + * \defgroup hardware_sync hardware_sync + * + * Low level hardware spin locks, barrier and processor event APIs + * + * Spin Locks + * ---------- + * + * The RP2040 provides 32 hardware spin locks, which can be used to manage mutually-exclusive access to shared software + * and hardware resources. + * + * Generally each spin lock itself is a shared resource, + * i.e. the same hardware spin lock can be used by multiple higher level primitives (as long as the spin locks are neither held for long periods, nor + * held concurrently with other spin locks by the same core - which could lead to deadlock). A hardware spin lock that is exclusively owned can be used + * individually without more flexibility and without regard to other software. Note that no hardware spin lock may + * be acquired re-entrantly (i.e. hardware spin locks are not on their own safe for use by both thread code and IRQs) however the default spinlock related + * methods here (e.g. \ref spin_lock_blocking) always disable interrupts while the lock is held as use by IRQ handlers and user code is common/desirable, + * and spin locks are only expected to be held for brief periods. + * + * The SDK uses the following default spin lock assignments, classifying which spin locks are reserved for exclusive/special purposes + * vs those suitable for more general shared use: + * + * Number (ID) | Description + * :---------: | ----------- + * 0-13 | Currently reserved for exclusive use by the SDK and other libraries. If you use these spin locks, you risk breaking SDK or other library functionality. Each reserved spin lock used individually has its own PICO_SPINLOCK_ID so you can search for those. + * 14,15 | (\ref PICO_SPINLOCK_ID_OS1 and \ref PICO_SPINLOCK_ID_OS2). Currently reserved for exclusive use by an operating system (or other system level software) co-existing with the SDK. + * 16-23 | (\ref PICO_SPINLOCK_ID_STRIPED_FIRST - \ref PICO_SPINLOCK_ID_STRIPED_LAST). Spin locks from this range are assigned in a round-robin fashion via \ref next_striped_spin_lock_num(). These spin locks are shared, but assigning numbers from a range reduces the probability that two higher level locking primitives using _striped_ spin locks will actually be using the same spin lock. + * 24-31 | (\ref PICO_SPINLOCK_ID_CLAIM_FREE_FIRST - \ref PICO_SPINLOCK_ID_CLAIM_FREE_LAST). These are reserved for exclusive use and are allocated on a first come first served basis at runtime via \ref spin_lock_claim_unused() + */ +// PICO_CONFIG: PARAM_ASSERTIONS_ENABLED_SYNC, Enable/disable assertions in the HW sync module, type=bool, default=0, group=hardware_sync +/** \brief A spin lock identifier + * \ingroup hardware_sync + */ +typedef volatile uint32_t spin_lock_t; +// PICO_CONFIG: PICO_SPINLOCK_ID_IRQ, Spinlock ID for IRQ protection, min=0, max=31, default=9, group=hardware_sync +// PICO_CONFIG: PICO_SPINLOCK_ID_TIMER, Spinlock ID for Timer protection, min=0, max=31, default=10, group=hardware_sync +// PICO_CONFIG: PICO_SPINLOCK_ID_HARDWARE_CLAIM, Spinlock ID for Hardware claim protection, min=0, max=31, default=11, group=hardware_sync +// PICO_CONFIG: PICO_SPINLOCK_ID_OS1, First Spinlock ID reserved for use by low level OS style software, min=0, max=31, default=14, group=hardware_sync +// PICO_CONFIG: PICO_SPINLOCK_ID_OS2, Second Spinlock ID reserved for use by low level OS style software, min=0, max=31, default=15, group=hardware_sync +// PICO_CONFIG: PICO_SPINLOCK_ID_STRIPED_FIRST, Lowest Spinlock ID in the 'striped' range, min=0, max=31, default=16, group=hardware_sync +// PICO_CONFIG: PICO_SPINLOCK_ID_STRIPED_LAST, Highest Spinlock ID in the 'striped' range, min=0, max=31, default=23, group=hardware_sync +// PICO_CONFIG: PICO_SPINLOCK_ID_CLAIM_FREE_FIRST, Lowest Spinlock ID in the 'claim free' range, min=0, max=31, default=24, group=hardware_sync +// PICO_CONFIG: PICO_SPINLOCK_ID_CLAIM_FREE_LAST, Highest Spinlock ID in the 'claim free' range, min=0, max=31, default=31, group=hardware_sync +/*! \brief Insert a SEV instruction in to the code path. + * \ingroup hardware_sync + + * The SEV (send event) instruction sends an event to both cores. + */ +inline __always_inline static void __sev(void) { + __asm volatile ("sev"); +} +/*! \brief Insert a WFE instruction in to the code path. + * \ingroup hardware_sync + * + * The WFE (wait for event) instruction waits until one of a number of + * events occurs, including events signalled by the SEV instruction on either core. + */ +inline __always_inline static void __wfe(void) { + __asm volatile ("wfe"); +} +/*! \brief Insert a WFI instruction in to the code path. + * \ingroup hardware_sync +* + * The WFI (wait for interrupt) instruction waits for a interrupt to wake up the core. + */ +inline __always_inline static void __wfi(void) { + __asm volatile ("wfi"); +} +/*! \brief Insert a DMB instruction in to the code path. + * \ingroup hardware_sync + * + * The DMB (data memory barrier) acts as a memory barrier, all memory accesses prior to this + * instruction will be observed before any explicit access after the instruction. + */ +inline __always_inline static void __dmb(void) { + __asm volatile ("dmb" : : : "memory"); +} +/*! \brief Insert a DSB instruction in to the code path. + * \ingroup hardware_sync + * + * The DSB (data synchronization barrier) acts as a special kind of data + * memory barrier (DMB). The DSB operation completes when all explicit memory + * accesses before this instruction complete. + */ +inline __always_inline static void __dsb(void) { + __asm volatile ("dsb" : : : "memory"); +} +/*! \brief Insert a ISB instruction in to the code path. + * \ingroup hardware_sync + * + * ISB acts as an instruction synchronization barrier. It flushes the pipeline of the processor, + * so that all instructions following the ISB are fetched from cache or memory again, after + * the ISB instruction has been completed. + */ +inline __always_inline static void __isb(void) { + __asm volatile ("isb"); +} +/*! \brief Acquire a memory fence + * \ingroup hardware_sync + */ +inline __always_inline static void __mem_fence_acquire(void) { + // the original code below makes it hard for us to be included from C++ via a header + // which itself is in an extern "C", so just use __dmb instead, which is what + // is required on Cortex M0+ + __dmb(); +//#ifndef __cplusplus +// atomic_thread_fence(memory_order_acquire); +//#else +// std::atomic_thread_fence(std::memory_order_acquire); +//#endif +} +/*! \brief Release a memory fence + * \ingroup hardware_sync + * + */ +inline __always_inline static void __mem_fence_release(void) { + // the original code below makes it hard for us to be included from C++ via a header + // which itself is in an extern "C", so just use __dmb instead, which is what + // is required on Cortex M0+ + __dmb(); +//#ifndef __cplusplus +// atomic_thread_fence(memory_order_release); +//#else +// std::atomic_thread_fence(std::memory_order_release); +//#endif +} +/*! \brief Save and disable interrupts + * \ingroup hardware_sync + * + * \return The prior interrupt enable status for restoration later via restore_interrupts() + */ +inline __always_inline static uint32_t save_and_disable_interrupts(void) { + uint32_t status; + __asm volatile ("mrs %0, PRIMASK" : "=r" (status)::); + __asm volatile ("cpsid i"); + return status; +} +/*! \brief Restore interrupts to a specified state + * \ingroup hardware_sync + * + * \param status Previous interrupt status from save_and_disable_interrupts() + */ +inline __always_inline static void restore_interrupts(uint32_t status) { + __asm volatile ("msr PRIMASK,%0"::"r" (status) : ); +} +/*! \brief Get HW Spinlock instance from number + * \ingroup hardware_sync + * + * \param lock_num Spinlock ID + * \return The spinlock instance + */ +inline __always_inline static spin_lock_t *spin_lock_instance(uint lock_num) { + ({if (((0 || 0) && !0)) (__builtin_expect(!(!(lock_num >= 32u)), 0) ? __assert_rtn(__func__, "sync.h", 226, "!(lock_num >= 32u)") : (void)0);}); + return (spin_lock_t *) (0xd0000000u + 0x00000100u + lock_num * 4); +} +/*! \brief Get HW Spinlock number from instance + * \ingroup hardware_sync + * + * \param lock The Spinlock instance + * \return The Spinlock ID + */ +inline __always_inline static uint spin_lock_get_num(spin_lock_t *lock) { + ({if (((0 || 0) && !0)) (__builtin_expect(!(!((uint) lock < 0xd0000000u + 0x00000100u || (uint) lock >= 32u * sizeof(spin_lock_t) + 0xd0000000u + 0x00000100u || ((uint) lock - 0xd0000000u + 0x00000100u) % sizeof(spin_lock_t) != 0)), 0) ? __assert_rtn(__func__, "sync.h", 239, "!((uint) lock < 0xd0000000u + 0x00000100u || (uint) lock >= 32u * sizeof(spin_lock_t) + 0xd0000000u + 0x00000100u || ((uint) lock - 0xd0000000u + 0x00000100u) % sizeof(spin_lock_t) != 0)") : (void)0);}); + return (uint) (lock - (spin_lock_t *) (0xd0000000u + 0x00000100u)); +} +/*! \brief Acquire a spin lock without disabling interrupts (hence unsafe) + * \ingroup hardware_sync + * + * \param lock Spinlock instance + */ +inline __always_inline static void spin_lock_unsafe_blocking(spin_lock_t *lock) { + // Note we don't do a wfe or anything, because by convention these spin_locks are VERY SHORT LIVED and NEVER BLOCK and run + // with INTERRUPTS disabled (to ensure that)... therefore nothing on our core could be blocking us, so we just need to wait on another core + // anyway which should be finished soon + while (__builtin_expect(!*lock, 0)); + __mem_fence_acquire(); +} +/*! \brief Release a spin lock without re-enabling interrupts + * \ingroup hardware_sync + * + * \param lock Spinlock instance + */ +inline __always_inline static void spin_unlock_unsafe(spin_lock_t *lock) { + __mem_fence_release(); + *lock = 0; +} +/*! \brief Acquire a spin lock safely + * \ingroup hardware_sync + * + * This function will disable interrupts prior to acquiring the spinlock + * + * \param lock Spinlock instance + * \return interrupt status to be used when unlocking, to restore to original state + */ +inline __always_inline static uint32_t spin_lock_blocking(spin_lock_t *lock) { + uint32_t save = save_and_disable_interrupts(); + spin_lock_unsafe_blocking(lock); + return save; +} +/*! \brief Check to see if a spinlock is currently acquired elsewhere. + * \ingroup hardware_sync + * + * \param lock Spinlock instance + */ +inline static _Bool is_spin_locked(spin_lock_t *lock) { + _Static_assert(sizeof(spin_lock_t) == (4), "hw size mismatch"); + uint lock_num = spin_lock_get_num(lock); + return 0 != (*(io_ro_32 *) (0xd0000000u + 0x0000005cu) & (1u << lock_num)); +} +/*! \brief Release a spin lock safely + * \ingroup hardware_sync + * + * This function will re-enable interrupts according to the parameters. + * + * \param lock Spinlock instance + * \param saved_irq Return value from the \ref spin_lock_blocking() function. + * \return interrupt status to be used when unlocking, to restore to original state + * + * \sa spin_lock_blocking() + */ +inline __always_inline static void spin_unlock(spin_lock_t *lock, uint32_t saved_irq) { + spin_unlock_unsafe(lock); + restore_interrupts(saved_irq); +} +/*! \brief Initialise a spin lock + * \ingroup hardware_sync + * + * The spin lock is initially unlocked + * + * \param lock_num The spin lock number + * \return The spin lock instance + */ +spin_lock_t *spin_lock_init(uint lock_num); +/*! \brief Release all spin locks + * \ingroup hardware_sync + */ +void spin_locks_reset(void); +/*! \brief Return a spin lock number from the _striped_ range + * \ingroup hardware_sync + * + * Returns a spin lock number in the range PICO_SPINLOCK_ID_STRIPED_FIRST to PICO_SPINLOCK_ID_STRIPED_LAST + * in a round robin fashion. This does not grant the caller exclusive access to the spin lock, so the caller + * must: + * + * -# Abide (with other callers) by the contract of only holding this spin lock briefly (and with IRQs disabled - the default via \ref spin_lock_blocking()), + * and not whilst holding other spin locks. + * -# Be OK with any contention caused by the - brief due to the above requirement - contention with other possible users of the spin lock. + * + * \return lock_num a spin lock number the caller may use (non exclusively) + * \see PICO_SPINLOCK_ID_STRIPED_FIRST + * \see PICO_SPINLOCK_ID_STRIPED_LAST + */ +uint next_striped_spin_lock_num(void); +/*! \brief Mark a spin lock as used + * \ingroup hardware_sync + * + * Method for cooperative claiming of hardware. Will cause a panic if the spin lock + * is already claimed. Use of this method by libraries detects accidental + * configurations that would fail in unpredictable ways. + * + * \param lock_num the spin lock number + */ +void spin_lock_claim(uint lock_num); +/*! \brief Mark multiple spin locks as used + * \ingroup hardware_sync + * + * Method for cooperative claiming of hardware. Will cause a panic if any of the spin locks + * are already claimed. Use of this method by libraries detects accidental + * configurations that would fail in unpredictable ways. + * + * \param lock_num_mask Bitfield of all required spin locks to claim (bit 0 == spin lock 0, bit 1 == spin lock 1 etc) + */ +void spin_lock_claim_mask(uint32_t lock_num_mask); +/*! \brief Mark a spin lock as no longer used + * \ingroup hardware_sync + * + * Method for cooperative claiming of hardware. + * + * \param lock_num the spin lock number to release + */ +void spin_lock_unclaim(uint lock_num); +/*! \brief Claim a free spin lock + * \ingroup hardware_sync + * + * \param required if true the function will panic if none are available + * \return the spin lock number or -1 if required was false, and none were free + */ +int spin_lock_claim_unused(_Bool required); +/*! \brief Determine if a spin lock is claimed + * \ingroup hardware_sync + * + * \param lock_num the spin lock number + * \return true if claimed, false otherwise + * \see spin_lock_claim + * \see spin_lock_claim_mask + */ +_Bool spin_lock_is_claimed(uint lock_num); + +/*----------------------------------------------------------- + * Port specific definitions. + * + * The settings in this file configure FreeRTOS correctly for the + * given hardware and compiler. + * + * These settings should not be altered. + *----------------------------------------------------------- + */ +/* Type definitions. */ + typedef uint32_t StackType_t; + typedef int32_t BaseType_t; + typedef uint32_t UBaseType_t; + typedef uint32_t TickType_t; +/* 32-bit tick type on a 32-bit architecture, so reads of the tick count do + * not need to be guarded with a critical section. */ +/*-----------------------------------------------------------*/ +/* Architecture specifics. */ + /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config, + * as our FreeRTOSConfig.h header cannot be included by ASM code - which is what this affects in the SDK */ +/*-----------------------------------------------------------*/ +/* Scheduler utilities. */ + extern void vPortYield( void ); +/*-----------------------------------------------------------*/ +/* Exception handlers */ +/*-----------------------------------------------------------*/ +/* Multi-core */ + /* Requires for SMP */ + /*-----------------------------------------------------------*/ + /* Check validity of number of cores specified in config */ + /* FreeRTOS core id is always zero based, so always 0 if we're running on only one core */ + void vYieldCore(int xCoreID); +/*-----------------------------------------------------------*/ +/* Critical section management. */ + extern void vPortEnableInterrupts(); + void vTaskEnterCritical(void); + void vTaskExitCritical(void); + /* Note this is a single method with uxAcquire parameter since we have + * static vars, the method is always called with a compile time constant for + * uxAcquire, and the compiler should dothe right thing! */ + static inline void vPortRecursiveLock(uint32_t ulLockNum, spin_lock_t *pxSpinLock, BaseType_t uxAcquire) { + static uint8_t ucOwnedByCore[ 2 ]; + static uint8_t ucRecursionCountByLock[ 2 ]; + (__builtin_expect(!(ulLockNum >= 0 && ulLockNum < 2), 0) ? __assert_rtn(__func__, "portmacro.h", 178, "ulLockNum >= 0 && ulLockNum < 2") : (void)0); + uint32_t ulCoreNum = get_core_num(); + uint32_t ulLockBit = 1u << ulLockNum; + (__builtin_expect(!(ulLockBit < 256u), 0) ? __assert_rtn(__func__, "portmacro.h", 181, "ulLockBit < 256u") : (void)0); + if( uxAcquire ) + { + if( __builtin_expect( !*pxSpinLock, 0 ) ) + { + if( ucOwnedByCore[ulCoreNum] & ulLockBit ) + { + (__builtin_expect(!(ucRecursionCountByLock[ulLockNum] != 255u), 0) ? __assert_rtn(__func__, "portmacro.h", 188, "ucRecursionCountByLock[ulLockNum] != 255u") : (void)0); + ucRecursionCountByLock[ulLockNum]++; + return; + } + while ( __builtin_expect( !*pxSpinLock, 0 ) ); + } + __mem_fence_acquire(); + (__builtin_expect(!(ucRecursionCountByLock[ulLockNum] == 0), 0) ? __assert_rtn(__func__, "portmacro.h", 195, "ucRecursionCountByLock[ulLockNum] == 0") : (void)0); + ucRecursionCountByLock[ulLockNum] = 1; + ucOwnedByCore[ulCoreNum] |= ulLockBit; + } else { + (__builtin_expect(!((ucOwnedByCore[ulCoreNum] & ulLockBit) != 0), 0) ? __assert_rtn(__func__, "portmacro.h", 199, "(ucOwnedByCore[ulCoreNum] & ulLockBit) != 0") : (void)0); + (__builtin_expect(!(ucRecursionCountByLock[ulLockNum] != 0), 0) ? __assert_rtn(__func__, "portmacro.h", 200, "ucRecursionCountByLock[ulLockNum] != 0") : (void)0); + if( !--ucRecursionCountByLock[ulLockNum] ) + { + ucOwnedByCore[ulCoreNum] &= ~ulLockBit; + __mem_fence_release(); + *pxSpinLock = 1; + } + } + } +/*-----------------------------------------------------------*/ +/* Tickless idle/low power functionality. */ + extern void vPortSuppressTicksAndSleep( TickType_t xExpectedIdleTime ); +/*-----------------------------------------------------------*/ +/* Task function macros as described on the FreeRTOS.org WEB site. */ +/* *INDENT-OFF* */ +/* *INDENT-ON* */ +/* + * FreeRTOS Kernel V10.4.3 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * https://www.FreeRTOS.org + * https://github.com/FreeRTOS + * + */ +/* This file redefines API functions to be called through a wrapper macro, but + * only for ports that are using the MPU. */ + +/* + * Setup the stack of a new task so it is ready to be placed under the + * scheduler control. The registers have to be placed on the stack in + * the order that the port expects to find them. + * + */ + StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack, + TaskFunction_t pxCode, + void * pvParameters ) ; +/* Used by heap_5.c to define the start address and size of each memory region + * that together comprise the total FreeRTOS heap space. */ +typedef struct HeapRegion +{ + uint8_t * pucStartAddress; + size_t xSizeInBytes; +} HeapRegion_t; +/* Used to pass information about the heap out of vPortGetHeapStats(). */ +typedef struct xHeapStats +{ + size_t xAvailableHeapSpaceInBytes; /* The total heap size currently available - this is the sum of all the free blocks, not the largest block that can be allocated. */ + size_t xSizeOfLargestFreeBlockInBytes; /* The maximum size, in bytes, of all the free blocks within the heap at the time vPortGetHeapStats() is called. */ + size_t xSizeOfSmallestFreeBlockInBytes; /* The minimum size, in bytes, of all the free blocks within the heap at the time vPortGetHeapStats() is called. */ + size_t xNumberOfFreeBlocks; /* The number of free memory blocks within the heap at the time vPortGetHeapStats() is called. */ + size_t xMinimumEverFreeBytesRemaining; /* The minimum amount of total free memory (sum of all free blocks) there has been in the heap since the system booted. */ + size_t xNumberOfSuccessfulAllocations; /* The number of calls to pvPortMalloc() that have returned a valid memory block. */ + size_t xNumberOfSuccessfulFrees; /* The number of calls to vPortFree() that has successfully freed a block of memory. */ +} HeapStats_t; +/* + * Used to define multiple heap regions for use by heap_5.c. This function + * must be called before any calls to pvPortMalloc() - not creating a task, + * queue, semaphore, mutex, software timer, event group, etc. will result in + * pvPortMalloc being called. + * + * pxHeapRegions passes in an array of HeapRegion_t structures - each of which + * defines a region of memory that can be used as the heap. The array is + * terminated by a HeapRegions_t structure that has a size of 0. The region + * with the lowest start address must appear first in the array. + */ +void vPortDefineHeapRegions( const HeapRegion_t * const pxHeapRegions ) ; +/* + * Returns a HeapStats_t structure filled with information about the current + * heap state. + */ +void vPortGetHeapStats( HeapStats_t * pxHeapStats ); +/* + * Map to the memory management routines required for the port. + */ +void * pvPortMalloc( size_t xSize ) ; +void vPortFree( void * pv ) ; +void vPortInitialiseBlocks( void ) ; +size_t xPortGetFreeHeapSize( void ) ; +size_t xPortGetMinimumEverFreeHeapSize( void ) ; +/* + * Setup the hardware ready for the scheduler to take control. This generally + * sets up a tick interrupt and sets timers for the correct tick frequency. + */ +BaseType_t xPortStartScheduler( void ) ; +/* + * Undo any hardware/ISR setup that was performed by xPortStartScheduler() so + * the hardware is left in its original condition after the scheduler stops + * executing. + */ +void vPortEndScheduler( void ) ; +/* + * The structures and methods of manipulating the MPU are contained within the + * port layer. + * + * Fills the xMPUSettings structure with the memory region information + * contained in xRegions. + */ +/* *INDENT-OFF* */ +/* *INDENT-ON* */ + +/* Must be defaulted before configUSE_NEWLIB_REENTRANT is used below. */ +/* Required if struct _reent is used. */ +/* + * Check all the required application specific macros have been defined. + * These macros are application specific and (as downloaded) are defined + * within FreeRTOSConfig.h. + */ + /* If INCLUDE_vTaskDelayUntil is set but INCLUDE_xTaskDelayUntil is not then + * the project's FreeRTOSConfig.h probably pre-dates the introduction of + * xTaskDelayUntil and setting INCLUDE_xTaskDelayUntil to whatever + * INCLUDE_vTaskDelayUntil is set to will ensure backward compatibility. + */ +/* configPRECONDITION should be defined as configASSERT. + * The CBMC proofs need a way to track assumptions and assertions. + * A configPRECONDITION statement should express an implicit invariant or + * assumption made. A configASSERT statement should express an invariant that must + * hold explicit before calling the code. */ +/* The timers module relies on xTaskGetSchedulerState(). */ +/* Remove any unused trace macros. */ +/* Used to perform any necessary initialisation - for example, open a file + * into which trace is to be written. */ +/* Use to close a trace, for example close a file into which trace has been + * written. */ +/* Called after a task has been selected to run. pxCurrentTCB holds a pointer + * to the task control block of the selected task. */ +/* Called before stepping the tick count after waking from tickless idle + * sleep. */ + /* Called immediately before entering tickless idle. */ + /* Called when returning to the Idle task after a tickless idle. */ +/* Called before a task has been selected to run. pxCurrentTCB holds a pointer + * to the task control block of the task being switched out. */ +/* Called when a task attempts to take a mutex that is already held by a + * lower priority task. pxTCBOfMutexHolder is a pointer to the TCB of the task + * that holds the mutex. uxInheritedPriority is the priority the mutex holder + * will inherit (the priority of the task that is attempting to obtain the + * muted. */ +/* Called when a task releases a mutex, the holding of which had resulted in + * the task inheriting the priority of a higher priority task. + * pxTCBOfMutexHolder is a pointer to the TCB of the task that is releasing the + * mutex. uxOriginalPriority is the task's configured (base) priority. */ +/* Task is about to block because it cannot read from a + * queue/mutex/semaphore. pxQueue is a pointer to the queue/mutex/semaphore + * upon which the read was attempted. pxCurrentTCB points to the TCB of the + * task that attempted the read. */ +/* Task is about to block because it cannot read from a + * queue/mutex/semaphore. pxQueue is a pointer to the queue/mutex/semaphore + * upon which the read was attempted. pxCurrentTCB points to the TCB of the + * task that attempted the read. */ +/* Task is about to block because it cannot write to a + * queue/mutex/semaphore. pxQueue is a pointer to the queue/mutex/semaphore + * upon which the write was attempted. pxCurrentTCB points to the TCB of the + * task that attempted the write. */ +/* The following event macros are embedded in the kernel API calls. */ + /* Defaults to 0 for backward compatibility. */ +/* Sanity check the configuration. */ +/* The tick type can be read atomically, so critical sections used when the + * tick count is returned can be defined away. */ +/* Definitions to allow backward compatibility with FreeRTOS versions prior to + * V8 if desired. */ +/* configPRINTF() was not defined, so define it away to nothing. To use + * configPRINTF() then define it as follows (where MyPrintFunction() is + * provided by the application writer): + * + * void MyPrintFunction(const char *pcFormat, ... ); + #define configPRINTF( X ) MyPrintFunction X + * + * Then call like a standard printf() function, but placing brackets around + * all parameters so they are passed as a single parameter. For example: + * configPRINTF( ("Value = %d", MyVariable) ); */ +/* The application writer has not provided their own MAX macro, so define + * the following generic implementation. */ +/* The application writer has not provided their own MIN macro, so define + * the following generic implementation. */ +/* Set configUSE_TASK_FPU_SUPPORT to 0 to omit floating point support even + * if floating point hardware is otherwise supported by the FreeRTOS port in use. + * This constant is not supported by all FreeRTOS ports that include floating + * point support. */ +/* Set configENABLE_MPU to 1 to enable MPU support and 0 to disable it. This is + * currently used in ARMv8M ports. */ +/* Set configENABLE_FPU to 1 to enable FPU support and 0 to disable it. This is + * currently used in ARMv8M ports. */ +/* Set configENABLE_TRUSTZONE to 1 enable TrustZone support and 0 to disable it. + * This is currently used in ARMv8M ports. */ +/* Set configRUN_FREERTOS_SECURE_ONLY to 1 to run the FreeRTOS ARMv8M port on + * the Secure Side only. */ +/* Sometimes the FreeRTOSConfig.h settings only allow a task to be created using + * dynamically allocated RAM, in which case when any task is deleted it is known + * that both the task's stack and TCB need to be freed. Sometimes the + * FreeRTOSConfig.h settings only allow a task to be created using statically + * allocated RAM, in which case when any task is deleted it is known that neither + * the task's stack or TCB should be freed. Sometimes the FreeRTOSConfig.h + * settings allow a task to be created using either statically or dynamically + * allocated RAM, in which case a member of the TCB is used to record whether the + * stack and/or TCB were allocated statically or dynamically, so when a task is + * deleted the RAM that was allocated dynamically is freed again and no attempt is + * made to free the RAM that was allocated statically. + * tskSTATIC_AND_DYNAMIC_ALLOCATION_POSSIBLE is only true if it is possible for a + * task to be created using either statically or dynamically allocated RAM. Note + * that if portUSING_MPU_WRAPPERS is 1 then a protected task can be created with + * a statically allocated stack and a dynamically allocated TCB. + * + * The following table lists various combinations of portUSING_MPU_WRAPPERS, + * configSUPPORT_DYNAMIC_ALLOCATION and configSUPPORT_STATIC_ALLOCATION and + * when it is possible to have both static and dynamic allocation: + * +-----+---------+--------+-----------------------------+-----------------------------------+------------------+-----------+ + * | MPU | Dynamic | Static | Available Functions | Possible Allocations | Both Dynamic and | Need Free | + * | | | | | | Static Possible | | + * +-----+---------+--------+-----------------------------+-----------------------------------+------------------+-----------+ + * | 0 | 0 | 1 | xTaskCreateStatic | TCB - Static, Stack - Static | No | No | + * +-----|---------|--------|-----------------------------|-----------------------------------|------------------|-----------| + * | 0 | 1 | 0 | xTaskCreate | TCB - Dynamic, Stack - Dynamic | No | Yes | + * +-----|---------|--------|-----------------------------|-----------------------------------|------------------|-----------| + * | 0 | 1 | 1 | xTaskCreate, | 1. TCB - Dynamic, Stack - Dynamic | Yes | Yes | + * | | | | xTaskCreateStatic | 2. TCB - Static, Stack - Static | | | + * +-----|---------|--------|-----------------------------|-----------------------------------|------------------|-----------| + * | 1 | 0 | 1 | xTaskCreateStatic, | TCB - Static, Stack - Static | No | No | + * | | | | xTaskCreateRestrictedStatic | | | | + * +-----|---------|--------|-----------------------------|-----------------------------------|------------------|-----------| + * | 1 | 1 | 0 | xTaskCreate, | 1. TCB - Dynamic, Stack - Dynamic | Yes | Yes | + * | | | | xTaskCreateRestricted | 2. TCB - Dynamic, Stack - Static | | | + * +-----|---------|--------|-----------------------------|-----------------------------------|------------------|-----------| + * | 1 | 1 | 1 | xTaskCreate, | 1. TCB - Dynamic, Stack - Dynamic | Yes | Yes | + * | | | | xTaskCreateStatic, | 2. TCB - Dynamic, Stack - Static | | | + * | | | | xTaskCreateRestricted, | 3. TCB - Static, Stack - Static | | | + * | | | | xTaskCreateRestrictedStatic | | | | + * +-----+---------+--------+-----------------------------+-----------------------------------+------------------+-----------+ + */ +/* + * In line with software engineering best practice, FreeRTOS implements a strict + * data hiding policy, so the real structures used by FreeRTOS to maintain the + * state of tasks, queues, semaphores, etc. are not accessible to the application + * code. However, if the application writer wants to statically allocate such + * an object then the size of the object needs to be known. Dummy structures + * that are guaranteed to have the same size and alignment requirements of the + * real objects are used for this purpose. The dummy list and list item + * structures below are used for inclusion in such a dummy structure. + */ +struct xSTATIC_LIST_ITEM +{ + TickType_t xDummy2; + void * pvDummy3[ 4 ]; +}; +typedef struct xSTATIC_LIST_ITEM StaticListItem_t; +/* See the comments above the struct xSTATIC_LIST_ITEM definition. */ +struct xSTATIC_MINI_LIST_ITEM +{ + TickType_t xDummy2; + void * pvDummy3[ 2 ]; +}; +typedef struct xSTATIC_MINI_LIST_ITEM StaticMiniListItem_t; +/* See the comments above the struct xSTATIC_LIST_ITEM definition. */ +typedef struct xSTATIC_LIST +{ + UBaseType_t uxDummy2; + void * pvDummy3; + StaticMiniListItem_t xDummy4; +} StaticList_t; +/* + * In line with software engineering best practice, especially when supplying a + * library that is likely to change in future versions, FreeRTOS implements a + * strict data hiding policy. This means the Task structure used internally by + * FreeRTOS is not accessible to application code. However, if the application + * writer wants to statically allocate the memory required to create a task then + * the size of the task object needs to be known. The StaticTask_t structure + * below is provided for this purpose. Its sizes and alignment requirements are + * guaranteed to match those of the genuine structure, no matter which + * architecture is being used, and no matter how the values in FreeRTOSConfig.h + * are set. Its contents are somewhat obfuscated in the hope users will + * recognise that it would be unwise to make direct use of the structure members. + */ +typedef struct xSTATIC_TCB +{ + void * pxDummy1; + StaticListItem_t xDummy3[ 2 ]; + UBaseType_t uxDummy5; + void * pxDummy6; + BaseType_t xDummy23[ 2 ]; + uint8_t ucDummy7[ 16 ]; + UBaseType_t uxDummy9; + UBaseType_t uxDummy10[ 2 ]; + UBaseType_t uxDummy12[ 2 ]; + void * pvDummy15[ 5 ]; + uint32_t ulDummy18[ 1 ]; + uint8_t ucDummy19[ 1 ]; + uint8_t ucDummy21; +} StaticTask_t; +/* + * In line with software engineering best practice, especially when supplying a + * library that is likely to change in future versions, FreeRTOS implements a + * strict data hiding policy. This means the Queue structure used internally by + * FreeRTOS is not accessible to application code. However, if the application + * writer wants to statically allocate the memory required to create a queue + * then the size of the queue object needs to be known. The StaticQueue_t + * structure below is provided for this purpose. Its sizes and alignment + * requirements are guaranteed to match those of the genuine structure, no + * matter which architecture is being used, and no matter how the values in + * FreeRTOSConfig.h are set. Its contents are somewhat obfuscated in the hope + * users will recognise that it would be unwise to make direct use of the + * structure members. + */ +typedef struct xSTATIC_QUEUE +{ + void * pvDummy1[ 3 ]; + union + { + void * pvDummy2; + UBaseType_t uxDummy2; + } u; + StaticList_t xDummy3[ 2 ]; + UBaseType_t uxDummy4[ 3 ]; + uint8_t ucDummy5[ 2 ]; + void * pvDummy7; + UBaseType_t uxDummy8; + uint8_t ucDummy9; +} StaticQueue_t; +typedef StaticQueue_t StaticSemaphore_t; +/* + * In line with software engineering best practice, especially when supplying a + * library that is likely to change in future versions, FreeRTOS implements a + * strict data hiding policy. This means the event group structure used + * internally by FreeRTOS is not accessible to application code. However, if + * the application writer wants to statically allocate the memory required to + * create an event group then the size of the event group object needs to be + * know. The StaticEventGroup_t structure below is provided for this purpose. + * Its sizes and alignment requirements are guaranteed to match those of the + * genuine structure, no matter which architecture is being used, and no matter + * how the values in FreeRTOSConfig.h are set. Its contents are somewhat + * obfuscated in the hope users will recognise that it would be unwise to make + * direct use of the structure members. + */ +typedef struct xSTATIC_EVENT_GROUP +{ + TickType_t xDummy1; + StaticList_t xDummy2; + UBaseType_t uxDummy3; +} StaticEventGroup_t; +/* + * In line with software engineering best practice, especially when supplying a + * library that is likely to change in future versions, FreeRTOS implements a + * strict data hiding policy. This means the software timer structure used + * internally by FreeRTOS is not accessible to application code. However, if + * the application writer wants to statically allocate the memory required to + * create a software timer then the size of the queue object needs to be known. + * The StaticTimer_t structure below is provided for this purpose. Its sizes + * and alignment requirements are guaranteed to match those of the genuine + * structure, no matter which architecture is being used, and no matter how the + * values in FreeRTOSConfig.h are set. Its contents are somewhat obfuscated in + * the hope users will recognise that it would be unwise to make direct use of + * the structure members. + */ +typedef struct xSTATIC_TIMER +{ + void * pvDummy1; + StaticListItem_t xDummy2; + TickType_t xDummy3; + void * pvDummy5; + TaskFunction_t pvDummy6; + UBaseType_t uxDummy7; + uint8_t ucDummy8; +} StaticTimer_t; +/* + * In line with software engineering best practice, especially when supplying a + * library that is likely to change in future versions, FreeRTOS implements a + * strict data hiding policy. This means the stream buffer structure used + * internally by FreeRTOS is not accessible to application code. However, if + * the application writer wants to statically allocate the memory required to + * create a stream buffer then the size of the stream buffer object needs to be + * known. The StaticStreamBuffer_t structure below is provided for this + * purpose. Its size and alignment requirements are guaranteed to match those + * of the genuine structure, no matter which architecture is being used, and + * no matter how the values in FreeRTOSConfig.h are set. Its contents are + * somewhat obfuscated in the hope users will recognise that it would be unwise + * to make direct use of the structure members. + */ +typedef struct xSTATIC_STREAM_BUFFER +{ + size_t uxDummy1[ 4 ]; + void * pvDummy2[ 3 ]; + uint8_t ucDummy3; + UBaseType_t uxDummy4; +} StaticStreamBuffer_t; +/* Message buffers are built on stream buffers. */ +typedef StaticStreamBuffer_t StaticMessageBuffer_t; +/* *INDENT-OFF* */ +/* *INDENT-ON* */ +/* + * FreeRTOS Kernel V10.4.3 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * https://www.FreeRTOS.org + * https://github.com/FreeRTOS + * + */ +/* + * FreeRTOS Kernel V10.4.3 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * https://www.FreeRTOS.org + * https://github.com/FreeRTOS + * + */ +/* + * This is the list implementation used by the scheduler. While it is tailored + * heavily for the schedulers needs, it is also available for use by + * application code. + * + * list_ts can only store pointers to list_item_ts. Each ListItem_t contains a + * numeric value (xItemValue). Most of the time the lists are sorted in + * descending item value order. + * + * Lists are created already containing one list item. The value of this + * item is the maximum possible that can be stored, it is therefore always at + * the end of the list and acts as a marker. The list member pxHead always + * points to this marker - even though it is at the tail of the list. This + * is because the tail contains a wrap back pointer to the true head of + * the list. + * + * In addition to it's value, each list item contains a pointer to the next + * item in the list (pxNext), a pointer to the list it is in (pxContainer) + * and a pointer to back to the object that contains it. These later two + * pointers are included for efficiency of list manipulation. There is + * effectively a two way link between the object containing the list item and + * the list item itself. + * + * + * \page ListIntroduction List Implementation + * \ingroup FreeRTOSIntro + */ +/* + * The list structure members are modified from within interrupts, and therefore + * by rights should be declared volatile. However, they are only modified in a + * functionally atomic way (within critical sections of with the scheduler + * suspended) and are either passed by reference into a function or indexed via + * a volatile variable. Therefore, in all use cases tested so far, the volatile + * qualifier can be omitted in order to provide a moderate performance + * improvement without adversely affecting functional behaviour. The assembly + * instructions generated by the IAR, ARM and GCC compilers when the respective + * compiler's options were set for maximum optimisation has been inspected and + * deemed to be as intended. That said, as compiler technology advances, and + * especially if aggressive cross module optimisation is used (a use case that + * has not been exercised to any great extend) then it is feasible that the + * volatile qualifier will be needed for correct optimisation. It is expected + * that a compiler removing essential code because, without the volatile + * qualifier on the list structure members and with aggressive cross module + * optimisation, the compiler deemed the code unnecessary will result in + * complete and obvious failure of the scheduler. If this is ever experienced + * then the volatile qualifier can be inserted in the relevant places within the + * list structures by simply defining configLIST_VOLATILE to volatile in + * FreeRTOSConfig.h (as per the example at the bottom of this comment block). + * If configLIST_VOLATILE is not defined then the preprocessor directives below + * will simply #define configLIST_VOLATILE away completely. + * + * To use volatile list structure members then add the following line to + * FreeRTOSConfig.h (without the quotes): + * "#define configLIST_VOLATILE volatile" + */ +/* *INDENT-OFF* */ +/* *INDENT-ON* */ +/* Macros that can be used to place known values within the list structures, + * then check that the known values do not get corrupted during the execution of + * the application. These may catch the list data structures being overwritten in + * memory. They will not catch data errors caused by incorrect configuration or + * use of FreeRTOS.*/ + /* Define the macros to do nothing. */ +/* + * Definition of the only type of object that a list can contain. + */ +struct xLIST; +struct xLIST_ITEM +{ + /*< Set to a known value if configUSE_LIST_DATA_INTEGRITY_CHECK_BYTES is set to 1. */ + TickType_t xItemValue; /*< The value being listed. In most cases this is used to sort the list in descending order. */ + struct xLIST_ITEM * pxNext; /*< Pointer to the next ListItem_t in the list. */ + struct xLIST_ITEM * pxPrevious; /*< Pointer to the previous ListItem_t in the list. */ + void * pvOwner; /*< Pointer to the object (normally a TCB) that contains the list item. There is therefore a two way link between the object containing the list item and the list item itself. */ + struct xLIST * pxContainer; /*< Pointer to the list in which this list item is placed (if any). */ + /*< Set to a known value if configUSE_LIST_DATA_INTEGRITY_CHECK_BYTES is set to 1. */ +}; +typedef struct xLIST_ITEM ListItem_t; /* For some reason lint wants this as two separate definitions. */ +struct xMINI_LIST_ITEM +{ + /*< Set to a known value if configUSE_LIST_DATA_INTEGRITY_CHECK_BYTES is set to 1. */ + TickType_t xItemValue; + struct xLIST_ITEM * pxNext; + struct xLIST_ITEM * pxPrevious; +}; +typedef struct xMINI_LIST_ITEM MiniListItem_t; +/* + * Definition of the type of queue used by the scheduler. + */ +typedef struct xLIST +{ + /*< Set to a known value if configUSE_LIST_DATA_INTEGRITY_CHECK_BYTES is set to 1. */ + volatile UBaseType_t uxNumberOfItems; + ListItem_t * pxIndex; /*< Used to walk through the list. Points to the last item returned by a call to listGET_OWNER_OF_NEXT_ENTRY (). */ + MiniListItem_t xListEnd; /*< List item that contains the maximum possible item value meaning it is always at the end of the list and is therefore used as a marker. */ + /*< Set to a known value if configUSE_LIST_DATA_INTEGRITY_CHECK_BYTES is set to 1. */ +} List_t; +/* + * Access macro to set the owner of a list item. The owner of a list item + * is the object (usually a TCB) that contains the list item. + * + * \page listSET_LIST_ITEM_OWNER listSET_LIST_ITEM_OWNER + * \ingroup LinkedList + */ +/* + * Access macro to get the owner of a list item. The owner of a list item + * is the object (usually a TCB) that contains the list item. + * + * \page listGET_LIST_ITEM_OWNER listSET_LIST_ITEM_OWNER + * \ingroup LinkedList + */ +/* + * Access macro to set the value of the list item. In most cases the value is + * used to sort the list in descending order. + * + * \page listSET_LIST_ITEM_VALUE listSET_LIST_ITEM_VALUE + * \ingroup LinkedList + */ +/* + * Access macro to retrieve the value of the list item. The value can + * represent anything - for example the priority of a task, or the time at + * which a task should be unblocked. + * + * \page listGET_LIST_ITEM_VALUE listGET_LIST_ITEM_VALUE + * \ingroup LinkedList + */ +/* + * Access macro to retrieve the value of the list item at the head of a given + * list. + * + * \page listGET_LIST_ITEM_VALUE listGET_LIST_ITEM_VALUE + * \ingroup LinkedList + */ +/* + * Return the list item at the head of the list. + * + * \page listGET_HEAD_ENTRY listGET_HEAD_ENTRY + * \ingroup LinkedList + */ +/* + * Return the next list item. + * + * \page listGET_NEXT listGET_NEXT + * \ingroup LinkedList + */ +/* + * Return the list item that marks the end of the list + * + * \page listGET_END_MARKER listGET_END_MARKER + * \ingroup LinkedList + */ +/* + * Access macro to determine if a list contains any items. The macro will + * only have the value true if the list is empty. + * + * \page listLIST_IS_EMPTY listLIST_IS_EMPTY + * \ingroup LinkedList + */ +/* + * Access macro to return the number of items in the list. + */ +/* + * Access function to obtain the owner of the next entry in a list. + * + * The list member pxIndex is used to walk through a list. Calling + * listGET_OWNER_OF_NEXT_ENTRY increments pxIndex to the next item in the list + * and returns that entry's pxOwner parameter. Using multiple calls to this + * function it is therefore possible to move through every item contained in + * a list. + * + * The pxOwner parameter of a list item is a pointer to the object that owns + * the list item. In the scheduler this is normally a task control block. + * The pxOwner parameter effectively creates a two way link between the list + * item and its owner. + * + * @param pxTCB pxTCB is set to the address of the owner of the next list item. + * @param pxList The list from which the next item owner is to be returned. + * + * \page listGET_OWNER_OF_NEXT_ENTRY listGET_OWNER_OF_NEXT_ENTRY + * \ingroup LinkedList + */ +/* + * Access function to obtain the owner of the first entry in a list. Lists + * are normally sorted in ascending item value order. + * + * This function returns the pxOwner member of the first item in the list. + * The pxOwner parameter of a list item is a pointer to the object that owns + * the list item. In the scheduler this is normally a task control block. + * The pxOwner parameter effectively creates a two way link between the list + * item and its owner. + * + * @param pxList The list from which the owner of the head item is to be + * returned. + * + * \page listGET_OWNER_OF_HEAD_ENTRY listGET_OWNER_OF_HEAD_ENTRY + * \ingroup LinkedList + */ +/* + * Check to see if a list item is within a list. The list item maintains a + * "container" pointer that points to the list it is in. All this macro does + * is check to see if the container and the list match. + * + * @param pxList The list we want to know if the list item is within. + * @param pxListItem The list item we want to know if is in the list. + * @return pdTRUE if the list item is in the list, otherwise pdFALSE. + */ +/* + * Return the list a list item is contained within (referenced from). + * + * @param pxListItem The list item being queried. + * @return A pointer to the List_t object that references the pxListItem + */ +/* + * This provides a crude means of knowing if a list has been initialised, as + * pxList->xListEnd.xItemValue is set to portMAX_DELAY by the vListInitialise() + * function. + */ +/* + * Must be called before a list is used! This initialises all the members + * of the list structure and inserts the xListEnd item into the list as a + * marker to the back of the list. + * + * @param pxList Pointer to the list being initialised. + * + * \page vListInitialise vListInitialise + * \ingroup LinkedList + */ +void vListInitialise( List_t * const pxList ) ; +/* + * Must be called before a list item is used. This sets the list container to + * null so the item does not think that it is already contained in a list. + * + * @param pxItem Pointer to the list item being initialised. + * + * \page vListInitialiseItem vListInitialiseItem + * \ingroup LinkedList + */ +void vListInitialiseItem( ListItem_t * const pxItem ) ; +/* + * Insert a list item into a list. The item will be inserted into the list in + * a position determined by its item value (descending item value order). + * + * @param pxList The list into which the item is to be inserted. + * + * @param pxNewListItem The item that is to be placed in the list. + * + * \page vListInsert vListInsert + * \ingroup LinkedList + */ +void vListInsert( List_t * const pxList, + ListItem_t * const pxNewListItem ) ; +/* + * Insert a list item into a list. The item will be inserted in a position + * such that it will be the last item within the list returned by multiple + * calls to listGET_OWNER_OF_NEXT_ENTRY. + * + * The list member pxIndex is used to walk through a list. Calling + * listGET_OWNER_OF_NEXT_ENTRY increments pxIndex to the next item in the list. + * Placing an item in a list using vListInsertEnd effectively places the item + * in the list position pointed to by pxIndex. This means that every other + * item within the list will be returned by listGET_OWNER_OF_NEXT_ENTRY before + * the pxIndex parameter again points to the item being inserted. + * + * @param pxList The list into which the item is to be inserted. + * + * @param pxNewListItem The list item to be inserted into the list. + * + * \page vListInsertEnd vListInsertEnd + * \ingroup LinkedList + */ +void vListInsertEnd( List_t * const pxList, + ListItem_t * const pxNewListItem ) ; +/* + * Remove an item from a list. The list item has a pointer to the list that + * it is in, so only the list item need be passed into the function. + * + * @param uxListRemove The item to be removed. The item will remove itself from + * the list pointed to by it's pxContainer parameter. + * + * @return The number of items that remain in the list after the list item has + * been removed. + * + * \page uxListRemove uxListRemove + * \ingroup LinkedList + */ +UBaseType_t uxListRemove( ListItem_t * const pxItemToRemove ) ; +/* *INDENT-OFF* */ +/* *INDENT-ON* */ + +/* *INDENT-OFF* */ +/* *INDENT-ON* */ +/*----------------------------------------------------------- +* MACROS AND DEFINITIONS +*----------------------------------------------------------*/ +/* MPU region parameters passed in ulParameters + * of MemoryRegion_t struct. */ +/* The direct to task notification feature used to have only a single notification + * per task. Now there is an array of notifications per task that is dimensioned by + * configTASK_NOTIFICATION_ARRAY_ENTRIES. For backward compatibility, any use of the + * original direct to task notification defaults to using the first index in the + * array. */ +/** + * task. h + * + * Type by which tasks are referenced. For example, a call to xTaskCreate + * returns (via a pointer parameter) an TaskHandle_t variable that can then + * be used as a parameter to vTaskDelete to delete the task. + * + * \defgroup TaskHandle_t TaskHandle_t + * \ingroup Tasks + */ +struct tskTaskControlBlock; /* The old naming convention is used to prevent breaking kernel aware debuggers. */ +typedef struct tskTaskControlBlock * TaskHandle_t; +/* + * Defines the prototype to which the application task hook function must + * conform. + */ +typedef BaseType_t (* TaskHookFunction_t)( void * ); +/* Task states returned by eTaskGetState. */ +typedef enum +{ + eRunning = 0, /* A task is querying the state of itself, so must be running. */ + eReady, /* The task being queried is in a ready or pending ready list. */ + eBlocked, /* The task being queried is in the Blocked state. */ + eSuspended, /* The task being queried is in the Suspended state, or is in the Blocked state with an infinite time out. */ + eDeleted, /* The task being queried has been deleted, but its TCB has not yet been freed. */ + eInvalid /* Used as an 'invalid state' value. */ +} eTaskState; +/* Actions that can be performed when vTaskNotify() is called. */ +typedef enum +{ + eNoAction = 0, /* Notify the task without updating its notify value. */ + eSetBits, /* Set bits in the task's notification value. */ + eIncrement, /* Increment the task's notification value. */ + eSetValueWithOverwrite, /* Set the task's notification value to a specific value even if the previous value has not yet been read by the task. */ + eSetValueWithoutOverwrite /* Set the task's notification value if the previous value has been read by the task. */ +} eNotifyAction; +/* + * Used internally only. + */ +typedef struct xTIME_OUT +{ + BaseType_t xOverflowCount; + TickType_t xTimeOnEntering; +} TimeOut_t; +/* + * Defines the memory ranges allocated to the task when an MPU is used. + */ +typedef struct xMEMORY_REGION +{ + void * pvBaseAddress; + uint32_t ulLengthInBytes; + uint32_t ulParameters; +} MemoryRegion_t; +/* + * Parameters required to create an MPU protected task. + */ +typedef struct xTASK_PARAMETERS +{ + TaskFunction_t pvTaskCode; + const char * pcName; /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + uint32_t usStackDepth; + void * pvParameters; + UBaseType_t uxPriority; + StackType_t * puxStackBuffer; + MemoryRegion_t xRegions[ 1 ]; +} TaskParameters_t; +/* Used with the uxTaskGetSystemState() function to return the state of each task + * in the system. */ +typedef struct xTASK_STATUS +{ + TaskHandle_t xHandle; /* The handle of the task to which the rest of the information in the structure relates. */ + const char * pcTaskName; /* A pointer to the task's name. This value will be invalid if the task was deleted since the structure was populated! */ /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + UBaseType_t xTaskNumber; /* A number unique to the task. */ + eTaskState eCurrentState; /* The state in which the task existed when the structure was populated. */ + UBaseType_t uxCurrentPriority; /* The priority at which the task was running (may be inherited) when the structure was populated. */ + UBaseType_t uxBasePriority; /* The priority to which the task will return if the task's current priority has been inherited to avoid unbounded priority inversion when obtaining a mutex. Only valid if configUSE_MUTEXES is defined as 1 in FreeRTOSConfig.h. */ + uint32_t ulRunTimeCounter; /* The total run time allocated to the task so far, as defined by the run time stats clock. See https://www.FreeRTOS.org/rtos-run-time-stats.html. Only valid when configGENERATE_RUN_TIME_STATS is defined as 1 in FreeRTOSConfig.h. */ + StackType_t * pxStackBase; /* Points to the lowest address of the task's stack area. */ + uint32_t usStackHighWaterMark; /* The minimum amount of stack space that has remained for the task since the task was created. The closer this value is to zero the closer the task has come to overflowing its stack. */ +} TaskStatus_t; +/* Possible return values for eTaskConfirmSleepModeStatus(). */ +typedef enum +{ + eAbortSleep = 0, /* A task has been made ready or a context switch pended since portSUPPRESS_TICKS_AND_SLEEP() was called - abort entering a sleep mode. */ + eStandardSleep, /* Enter a sleep mode that will not last any longer than the expected idle time. */ + eNoTasksWaitingTimeout /* No tasks are waiting for a timeout so it is safe to enter a sleep mode that can only be exited by an external interrupt. */ +} eSleepModeStatus; +/** + * Defines the priority used by the idle task. This must not be modified. + * + * \ingroup TaskUtils + */ +/** + * Defines affinity to all available cores. + * + */ +/** + * task. h + * + * Macro for forcing a context switch. + * + * \defgroup taskYIELD taskYIELD + * \ingroup SchedulerControl + */ +/** + * task. h + * + * Macro to mark the start of a critical code region. Preemptive context + * switches cannot occur when in a critical region. + * + * NOTE: This may alter the stack (depending on the portable implementation) + * so must be used with care! + * + * \defgroup taskENTER_CRITICAL taskENTER_CRITICAL + * \ingroup SchedulerControl + */ +/** + * task. h + * + * Macro to mark the end of a critical code region. Preemptive context + * switches cannot occur when in a critical region. + * + * NOTE: This may alter the stack (depending on the portable implementation) + * so must be used with care! + * + * \defgroup taskEXIT_CRITICAL taskEXIT_CRITICAL + * \ingroup SchedulerControl + */ +/** + * task. h + * + * Macro to disable all maskable interrupts. + * This also returns what the interrupt state was + * upon being called. This state may subsequently + * be passed to taskRESTORE_INTERRUPTS(). + * + * \defgroup taskDISABLE_INTERRUPTS taskDISABLE_INTERRUPTS + * \ingroup SchedulerControl + */ +/** + * task. h + * + * Macro to enable microcontroller interrupts. + * + * \defgroup taskENABLE_INTERRUPTS taskENABLE_INTERRUPTS + * \ingroup SchedulerControl + */ +/** + * task. h + * + * Macro to restore microcontroller interrupts to + * a previous state. + * + * \defgroup taskRESTORE_INTERRUPTS taskRESTORE_INTERRUPTS + * \ingroup SchedulerControl + */ +/** + * task. h + * + * Macro that determines if it is being called from within an ISR + * or a task. Returns non-zero if it is in an ISR. + * + * \defgroup taskCHECK_IF_IN_ISR taskCHECK_IF_IN_ISR + * \ingroup SchedulerControl + */ +/* Definitions returned by xTaskGetSchedulerState(). taskSCHEDULER_SUSPENDED is + * 0 to generate more optimal code when configASSERT() is defined as the constant + * is used in assert() statements. */ +/* Check if core value is valid */ +/*----------------------------------------------------------- +* TASK CREATION API +*----------------------------------------------------------*/ +/** + * task. h + *
+ * BaseType_t xTaskCreate(
+ *                            TaskFunction_t pxTaskCode,
+ *                            const char *pcName,
+ *                            configSTACK_DEPTH_TYPE usStackDepth,
+ *                            void *pvParameters,
+ *                            UBaseType_t uxPriority,
+ *                            TaskHandle_t *pxCreatedTask
+ *                        );
+ * 
+ * + * Create a new task and add it to the list of tasks that are ready to run. + * + * Internally, within the FreeRTOS implementation, tasks use two blocks of + * memory. The first block is used to hold the task's data structures. The + * second block is used by the task as its stack. If a task is created using + * xTaskCreate() then both blocks of memory are automatically dynamically + * allocated inside the xTaskCreate() function. (see + * https://www.FreeRTOS.org/a00111.html). If a task is created using + * xTaskCreateStatic() then the application writer must provide the required + * memory. xTaskCreateStatic() therefore allows a task to be created without + * using any dynamic memory allocation. + * + * See xTaskCreateStatic() for a version that does not use any dynamic memory + * allocation. + * + * xTaskCreate() can only be used to create a task that has unrestricted + * access to the entire microcontroller memory map. Systems that include MPU + * support can alternatively create an MPU constrained task using + * xTaskCreateRestricted(). + * + * @param pxTaskCode Pointer to the task entry function. Tasks + * must be implemented to never return (i.e. continuous loop). + * + * @param pcName A descriptive name for the task. This is mainly used to + * facilitate debugging. Max length defined by configMAX_TASK_NAME_LEN - default + * is 16. + * + * @param usStackDepth The size of the task stack specified as the number of + * variables the stack can hold - not the number of bytes. For example, if + * the stack is 16 bits wide and usStackDepth is defined as 100, 200 bytes + * will be allocated for stack storage. + * + * @param pvParameters Pointer that will be used as the parameter for the task + * being created. + * + * @param uxPriority The priority at which the task should run. Systems that + * include MPU support can optionally create tasks in a privileged (system) + * mode by setting bit portPRIVILEGE_BIT of the priority parameter. For + * example, to create a privileged task at priority 2 the uxPriority parameter + * should be set to ( 2 | portPRIVILEGE_BIT ). + * + * @param pxCreatedTask Used to pass back a handle by which the created task + * can be referenced. + * + * @return pdPASS if the task was successfully created and added to a ready + * list, otherwise an error code defined in the file projdefs.h + * + * Example usage: + *
+ * // Task to be created.
+ * void vTaskCode( void * pvParameters )
+ * {
+ *   for( ;; )
+ *   {
+ *       // Task code goes here.
+ *   }
+ * }
+ *
+ * // Function that creates a task.
+ * void vOtherFunction( void )
+ * {
+ * static uint8_t ucParameterToPass;
+ * TaskHandle_t xHandle = NULL;
+ *
+ *   // Create the task, storing the handle.  Note that the passed parameter ucParameterToPass
+ *   // must exist for the lifetime of the task, so in this case is declared static.  If it was just an
+ *   // an automatic stack variable it might no longer exist, or at least have been corrupted, by the time
+ *   // the new task attempts to access it.
+ *   xTaskCreate( vTaskCode, "NAME", STACK_SIZE, &ucParameterToPass, tskIDLE_PRIORITY, &xHandle );
+ *   configASSERT( xHandle );
+ *
+ *   // Use the handle to delete the task.
+ *   if( xHandle != NULL )
+ *   {
+ *      vTaskDelete( xHandle );
+ *   }
+ * }
+ * 
+ * \defgroup xTaskCreate xTaskCreate + * \ingroup Tasks + */ + BaseType_t xTaskCreate( TaskFunction_t pxTaskCode, + const char * const pcName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + const uint32_t usStackDepth, + void * const pvParameters, + UBaseType_t uxPriority, + TaskHandle_t * const pxCreatedTask ) ; +/** + * task. h + *
+* TaskHandle_t xTaskCreateStatic( TaskFunction_t pxTaskCode,
+ *                               const char *pcName,
+ *                               uint32_t ulStackDepth,
+ *                               void *pvParameters,
+ *                               UBaseType_t uxPriority,
+ *                               StackType_t *puxStackBuffer,
+ *                               StaticTask_t *pxTaskBuffer );
+ * 
+ * + * Create a new task and add it to the list of tasks that are ready to run. + * + * Internally, within the FreeRTOS implementation, tasks use two blocks of + * memory. The first block is used to hold the task's data structures. The + * second block is used by the task as its stack. If a task is created using + * xTaskCreate() then both blocks of memory are automatically dynamically + * allocated inside the xTaskCreate() function. (see + * https://www.FreeRTOS.org/a00111.html). If a task is created using + * xTaskCreateStatic() then the application writer must provide the required + * memory. xTaskCreateStatic() therefore allows a task to be created without + * using any dynamic memory allocation. + * + * @param pxTaskCode Pointer to the task entry function. Tasks + * must be implemented to never return (i.e. continuous loop). + * + * @param pcName A descriptive name for the task. This is mainly used to + * facilitate debugging. The maximum length of the string is defined by + * configMAX_TASK_NAME_LEN in FreeRTOSConfig.h. + * + * @param ulStackDepth The size of the task stack specified as the number of + * variables the stack can hold - not the number of bytes. For example, if + * the stack is 32-bits wide and ulStackDepth is defined as 100 then 400 bytes + * will be allocated for stack storage. + * + * @param pvParameters Pointer that will be used as the parameter for the task + * being created. + * + * @param uxPriority The priority at which the task will run. + * + * @param puxStackBuffer Must point to a StackType_t array that has at least + * ulStackDepth indexes - the array will then be used as the task's stack, + * removing the need for the stack to be allocated dynamically. + * + * @param pxTaskBuffer Must point to a variable of type StaticTask_t, which will + * then be used to hold the task's data structures, removing the need for the + * memory to be allocated dynamically. + * + * @return If neither puxStackBuffer nor pxTaskBuffer are NULL, then the task + * will be created and a handle to the created task is returned. If either + * puxStackBuffer or pxTaskBuffer are NULL then the task will not be created and + * NULL is returned. + * + * Example usage: + *
+ *
+ *  // Dimensions of the buffer that the task being created will use as its stack.
+ *  // NOTE:  This is the number of words the stack will hold, not the number of
+ *  // bytes.  For example, if each stack item is 32-bits, and this is set to 100,
+ *  // then 400 bytes (100 * 32-bits) will be allocated.
+ #define STACK_SIZE 200
+ *
+ *  // Structure that will hold the TCB of the task being created.
+ *  StaticTask_t xTaskBuffer;
+ *
+ *  // Buffer that the task being created will use as its stack.  Note this is
+ *  // an array of StackType_t variables.  The size of StackType_t is dependent on
+ *  // the RTOS port.
+ *  StackType_t xStack[ STACK_SIZE ];
+ *
+ *  // Function that implements the task being created.
+ *  void vTaskCode( void * pvParameters )
+ *  {
+ *      // The parameter value is expected to be 1 as 1 is passed in the
+ *      // pvParameters value in the call to xTaskCreateStatic().
+ *      configASSERT( ( uint32_t ) pvParameters == 1UL );
+ *
+ *      for( ;; )
+ *      {
+ *          // Task code goes here.
+ *      }
+ *  }
+ *
+ *  // Function that creates a task.
+ *  void vOtherFunction( void )
+ *  {
+ *      TaskHandle_t xHandle = NULL;
+ *
+ *      // Create the task without using any dynamic memory allocation.
+ *      xHandle = xTaskCreateStatic(
+ *                    vTaskCode,       // Function that implements the task.
+ *                    "NAME",          // Text name for the task.
+ *                    STACK_SIZE,      // Stack size in words, not bytes.
+ *                    ( void * ) 1,    // Parameter passed into the task.
+ *                    tskIDLE_PRIORITY,// Priority at which the task is created.
+ *                    xStack,          // Array to use as the task's stack.
+ *                    &xTaskBuffer );  // Variable to hold the task's data structure.
+ *
+ *      // puxStackBuffer and pxTaskBuffer were not NULL, so the task will have
+ *      // been created, and xHandle will be the task's handle.  Use the handle
+ *      // to suspend the task.
+ *      vTaskSuspend( xHandle );
+ *  }
+ * 
+ * \defgroup xTaskCreateStatic xTaskCreateStatic + * \ingroup Tasks + */ +/** + * task. h + *
+ * BaseType_t xTaskCreateRestricted( TaskParameters_t *pxTaskDefinition, TaskHandle_t *pxCreatedTask );
+ * 
+ * + * Only available when configSUPPORT_DYNAMIC_ALLOCATION is set to 1. + * + * xTaskCreateRestricted() should only be used in systems that include an MPU + * implementation. + * + * Create a new task and add it to the list of tasks that are ready to run. + * The function parameters define the memory regions and associated access + * permissions allocated to the task. + * + * See xTaskCreateRestrictedStatic() for a version that does not use any + * dynamic memory allocation. + * + * @param pxTaskDefinition Pointer to a structure that contains a member + * for each of the normal xTaskCreate() parameters (see the xTaskCreate() API + * documentation) plus an optional stack buffer and the memory region + * definitions. + * + * @param pxCreatedTask Used to pass back a handle by which the created task + * can be referenced. + * + * @return pdPASS if the task was successfully created and added to a ready + * list, otherwise an error code defined in the file projdefs.h + * + * Example usage: + *
+ * // Create an TaskParameters_t structure that defines the task to be created.
+ * static const TaskParameters_t xCheckTaskParameters =
+ * {
+ *  vATask,     // pvTaskCode - the function that implements the task.
+ *  "ATask",    // pcName - just a text name for the task to assist debugging.
+ *  100,        // usStackDepth - the stack size DEFINED IN WORDS.
+ *  NULL,       // pvParameters - passed into the task function as the function parameters.
+ *  ( 1UL | portPRIVILEGE_BIT ),// uxPriority - task priority, set the portPRIVILEGE_BIT if the task should run in a privileged state.
+ *  cStackBuffer,// puxStackBuffer - the buffer to be used as the task stack.
+ *
+ *  // xRegions - Allocate up to three separate memory regions for access by
+ *  // the task, with appropriate access permissions.  Different processors have
+ *  // different memory alignment requirements - refer to the FreeRTOS documentation
+ *  // for full information.
+ *  {
+ *      // Base address                 Length  Parameters
+ *      { cReadWriteArray,              32,     portMPU_REGION_READ_WRITE },
+ *      { cReadOnlyArray,               32,     portMPU_REGION_READ_ONLY },
+ *      { cPrivilegedOnlyAccessArray,   128,    portMPU_REGION_PRIVILEGED_READ_WRITE }
+ *  }
+ * };
+ *
+ * int main( void )
+ * {
+ * TaskHandle_t xHandle;
+ *
+ *  // Create a task from the const structure defined above.  The task handle
+ *  // is requested (the second parameter is not NULL) but in this case just for
+ *  // demonstration purposes as its not actually used.
+ *  xTaskCreateRestricted( &xRegTest1Parameters, &xHandle );
+ *
+ *  // Start the scheduler.
+ *  vTaskStartScheduler();
+ *
+ *  // Will only get here if there was insufficient memory to create the idle
+ *  // and/or timer task.
+ *  for( ;; );
+ * }
+ * 
+ * \defgroup xTaskCreateRestricted xTaskCreateRestricted + * \ingroup Tasks + */ +/** + * task. h + *
+ * BaseType_t xTaskCreateRestrictedStatic( TaskParameters_t *pxTaskDefinition, TaskHandle_t *pxCreatedTask );
+ * 
+ * + * Only available when configSUPPORT_STATIC_ALLOCATION is set to 1. + * + * xTaskCreateRestrictedStatic() should only be used in systems that include an + * MPU implementation. + * + * Internally, within the FreeRTOS implementation, tasks use two blocks of + * memory. The first block is used to hold the task's data structures. The + * second block is used by the task as its stack. If a task is created using + * xTaskCreateRestricted() then the stack is provided by the application writer, + * and the memory used to hold the task's data structure is automatically + * dynamically allocated inside the xTaskCreateRestricted() function. If a task + * is created using xTaskCreateRestrictedStatic() then the application writer + * must provide the memory used to hold the task's data structures too. + * xTaskCreateRestrictedStatic() therefore allows a memory protected task to be + * created without using any dynamic memory allocation. + * + * @param pxTaskDefinition Pointer to a structure that contains a member + * for each of the normal xTaskCreate() parameters (see the xTaskCreate() API + * documentation) plus an optional stack buffer and the memory region + * definitions. If configSUPPORT_STATIC_ALLOCATION is set to 1 the structure + * contains an additional member, which is used to point to a variable of type + * StaticTask_t - which is then used to hold the task's data structure. + * + * @param pxCreatedTask Used to pass back a handle by which the created task + * can be referenced. + * + * @return pdPASS if the task was successfully created and added to a ready + * list, otherwise an error code defined in the file projdefs.h + * + * Example usage: + *
+ * // Create an TaskParameters_t structure that defines the task to be created.
+ * // The StaticTask_t variable is only included in the structure when
+ * // configSUPPORT_STATIC_ALLOCATION is set to 1.  The PRIVILEGED_DATA macro can
+ * // be used to force the variable into the RTOS kernel's privileged data area.
+ * static PRIVILEGED_DATA StaticTask_t xTaskBuffer;
+ * static const TaskParameters_t xCheckTaskParameters =
+ * {
+ *  vATask,     // pvTaskCode - the function that implements the task.
+ *  "ATask",    // pcName - just a text name for the task to assist debugging.
+ *  100,        // usStackDepth - the stack size DEFINED IN WORDS.
+ *  NULL,       // pvParameters - passed into the task function as the function parameters.
+ *  ( 1UL | portPRIVILEGE_BIT ),// uxPriority - task priority, set the portPRIVILEGE_BIT if the task should run in a privileged state.
+ *  cStackBuffer,// puxStackBuffer - the buffer to be used as the task stack.
+ *
+ *  // xRegions - Allocate up to three separate memory regions for access by
+ *  // the task, with appropriate access permissions.  Different processors have
+ *  // different memory alignment requirements - refer to the FreeRTOS documentation
+ *  // for full information.
+ *  {
+ *      // Base address                 Length  Parameters
+ *      { cReadWriteArray,              32,     portMPU_REGION_READ_WRITE },
+ *      { cReadOnlyArray,               32,     portMPU_REGION_READ_ONLY },
+ *      { cPrivilegedOnlyAccessArray,   128,    portMPU_REGION_PRIVILEGED_READ_WRITE }
+ *  }
+ *
+ *  &xTaskBuffer; // Holds the task's data structure.
+ * };
+ *
+ * int main( void )
+ * {
+ * TaskHandle_t xHandle;
+ *
+ *  // Create a task from the const structure defined above.  The task handle
+ *  // is requested (the second parameter is not NULL) but in this case just for
+ *  // demonstration purposes as its not actually used.
+ *  xTaskCreateRestricted( &xRegTest1Parameters, &xHandle );
+ *
+ *  // Start the scheduler.
+ *  vTaskStartScheduler();
+ *
+ *  // Will only get here if there was insufficient memory to create the idle
+ *  // and/or timer task.
+ *  for( ;; );
+ * }
+ * 
+ * \defgroup xTaskCreateRestrictedStatic xTaskCreateRestrictedStatic + * \ingroup Tasks + */ +/** + * task. h + *
+ * void vTaskAllocateMPURegions( TaskHandle_t xTask, const MemoryRegion_t * const pxRegions );
+ * 
+ * + * Memory regions are assigned to a restricted task when the task is created by + * a call to xTaskCreateRestricted(). These regions can be redefined using + * vTaskAllocateMPURegions(). + * + * @param xTask The handle of the task being updated. + * + * @param xRegions A pointer to a MemoryRegion_t structure that contains the + * new memory region definitions. + * + * Example usage: + *
+ * // Define an array of MemoryRegion_t structures that configures an MPU region
+ * // allowing read/write access for 1024 bytes starting at the beginning of the
+ * // ucOneKByte array.  The other two of the maximum 3 definable regions are
+ * // unused so set to zero.
+ * static const MemoryRegion_t xAltRegions[ portNUM_CONFIGURABLE_REGIONS ] =
+ * {
+ *  // Base address     Length      Parameters
+ *  { ucOneKByte,       1024,       portMPU_REGION_READ_WRITE },
+ *  { 0,                0,          0 },
+ *  { 0,                0,          0 }
+ * };
+ *
+ * void vATask( void *pvParameters )
+ * {
+ *  // This task was created such that it has access to certain regions of
+ *  // memory as defined by the MPU configuration.  At some point it is
+ *  // desired that these MPU regions are replaced with that defined in the
+ *  // xAltRegions const struct above.  Use a call to vTaskAllocateMPURegions()
+ *  // for this purpose.  NULL is used as the task handle to indicate that this
+ *  // function should modify the MPU regions of the calling task.
+ *  vTaskAllocateMPURegions( NULL, xAltRegions );
+ *
+ *  // Now the task can continue its function, but from this point on can only
+ *  // access its stack and the ucOneKByte array (unless any other statically
+ *  // defined or shared regions have been declared elsewhere).
+ * }
+ * 
+ * \defgroup xTaskCreateRestricted xTaskCreateRestricted + * \ingroup Tasks + */ +void vTaskAllocateMPURegions( TaskHandle_t xTask, + const MemoryRegion_t * const pxRegions ) ; +/** + * task. h + *
+ * void vTaskDelete( TaskHandle_t xTaskToDelete );
+ * 
+ * + * INCLUDE_vTaskDelete must be defined as 1 for this function to be available. + * See the configuration section for more information. + * + * Remove a task from the RTOS real time kernel's management. The task being + * deleted will be removed from all ready, blocked, suspended and event lists. + * + * NOTE: The idle task is responsible for freeing the kernel allocated + * memory from tasks that have been deleted. It is therefore important that + * the idle task is not starved of microcontroller processing time if your + * application makes any calls to vTaskDelete (). Memory allocated by the + * task code is not automatically freed, and should be freed before the task + * is deleted. + * + * See the demo application file death.c for sample code that utilises + * vTaskDelete (). + * + * @param xTaskToDelete The handle of the task to be deleted. Passing NULL will + * cause the calling task to be deleted. + * + * Example usage: + *
+ * void vOtherFunction( void )
+ * {
+ * TaskHandle_t xHandle;
+ *
+ *   // Create the task, storing the handle.
+ *   xTaskCreate( vTaskCode, "NAME", STACK_SIZE, NULL, tskIDLE_PRIORITY, &xHandle );
+ *
+ *   // Use the handle to delete the task.
+ *   vTaskDelete( xHandle );
+ * }
+ * 
+ * \defgroup vTaskDelete vTaskDelete + * \ingroup Tasks + */ +void vTaskDelete( TaskHandle_t xTaskToDelete ) ; +/*----------------------------------------------------------- +* TASK CONTROL API +*----------------------------------------------------------*/ +/** + * task. h + *
+ * void vTaskDelay( const TickType_t xTicksToDelay );
+ * 
+ * + * Delay a task for a given number of ticks. The actual time that the + * task remains blocked depends on the tick rate. The constant + * portTICK_PERIOD_MS can be used to calculate real time from the tick + * rate - with the resolution of one tick period. + * + * INCLUDE_vTaskDelay must be defined as 1 for this function to be available. + * See the configuration section for more information. + * + * + * vTaskDelay() specifies a time at which the task wishes to unblock relative to + * the time at which vTaskDelay() is called. For example, specifying a block + * period of 100 ticks will cause the task to unblock 100 ticks after + * vTaskDelay() is called. vTaskDelay() does not therefore provide a good method + * of controlling the frequency of a periodic task as the path taken through the + * code, as well as other task and interrupt activity, will effect the frequency + * at which vTaskDelay() gets called and therefore the time at which the task + * next executes. See xTaskDelayUntil() for an alternative API function designed + * to facilitate fixed frequency execution. It does this by specifying an + * absolute time (rather than a relative time) at which the calling task should + * unblock. + * + * @param xTicksToDelay The amount of time, in tick periods, that + * the calling task should block. + * + * Example usage: + * + * void vTaskFunction( void * pvParameters ) + * { + * // Block for 500ms. + * const TickType_t xDelay = 500 / portTICK_PERIOD_MS; + * + * for( ;; ) + * { + * // Simply toggle the LED every 500ms, blocking between each toggle. + * vToggleLED(); + * vTaskDelay( xDelay ); + * } + * } + * + * \defgroup vTaskDelay vTaskDelay + * \ingroup TaskCtrl + */ +void vTaskDelay( const TickType_t xTicksToDelay ) ; +/** + * task. h + *
+ * BaseType_t xTaskDelayUntil( TickType_t *pxPreviousWakeTime, const TickType_t xTimeIncrement );
+ * 
+ * + * INCLUDE_xTaskDelayUntil must be defined as 1 for this function to be available. + * See the configuration section for more information. + * + * Delay a task until a specified time. This function can be used by periodic + * tasks to ensure a constant execution frequency. + * + * This function differs from vTaskDelay () in one important aspect: vTaskDelay () will + * cause a task to block for the specified number of ticks from the time vTaskDelay () is + * called. It is therefore difficult to use vTaskDelay () by itself to generate a fixed + * execution frequency as the time between a task starting to execute and that task + * calling vTaskDelay () may not be fixed [the task may take a different path though the + * code between calls, or may get interrupted or preempted a different number of times + * each time it executes]. + * + * Whereas vTaskDelay () specifies a wake time relative to the time at which the function + * is called, xTaskDelayUntil () specifies the absolute (exact) time at which it wishes to + * unblock. + * + * The macro pdMS_TO_TICKS() can be used to calculate the number of ticks from a + * time specified in milliseconds with a resolution of one tick period. + * + * @param pxPreviousWakeTime Pointer to a variable that holds the time at which the + * task was last unblocked. The variable must be initialised with the current time + * prior to its first use (see the example below). Following this the variable is + * automatically updated within xTaskDelayUntil (). + * + * @param xTimeIncrement The cycle time period. The task will be unblocked at + * time *pxPreviousWakeTime + xTimeIncrement. Calling xTaskDelayUntil with the + * same xTimeIncrement parameter value will cause the task to execute with + * a fixed interface period. + * + * @return Value which can be used to check whether the task was actually delayed. + * Will be pdTRUE if the task way delayed and pdFALSE otherwise. A task will not + * be delayed if the next expected wake time is in the past. + * + * Example usage: + *
+ * // Perform an action every 10 ticks.
+ * void vTaskFunction( void * pvParameters )
+ * {
+ * TickType_t xLastWakeTime;
+ * const TickType_t xFrequency = 10;
+ * BaseType_t xWasDelayed;
+ *
+ *     // Initialise the xLastWakeTime variable with the current time.
+ *     xLastWakeTime = xTaskGetTickCount ();
+ *     for( ;; )
+ *     {
+ *         // Wait for the next cycle.
+ *         xWasDelayed = xTaskDelayUntil( &xLastWakeTime, xFrequency );
+ *
+ *         // Perform action here. xWasDelayed value can be used to determine
+ *         // whether a deadline was missed if the code here took too long.
+ *     }
+ * }
+ * 
+ * \defgroup xTaskDelayUntil xTaskDelayUntil + * \ingroup TaskCtrl + */ +BaseType_t xTaskDelayUntil( TickType_t * const pxPreviousWakeTime, + const TickType_t xTimeIncrement ) ; +/* + * vTaskDelayUntil() is the older version of xTaskDelayUntil() and does not + * return a value. + */ +/** + * task. h + *
+ * BaseType_t xTaskAbortDelay( TaskHandle_t xTask );
+ * 
+ * + * INCLUDE_xTaskAbortDelay must be defined as 1 in FreeRTOSConfig.h for this + * function to be available. + * + * A task will enter the Blocked state when it is waiting for an event. The + * event it is waiting for can be a temporal event (waiting for a time), such + * as when vTaskDelay() is called, or an event on an object, such as when + * xQueueReceive() or ulTaskNotifyTake() is called. If the handle of a task + * that is in the Blocked state is used in a call to xTaskAbortDelay() then the + * task will leave the Blocked state, and return from whichever function call + * placed the task into the Blocked state. + * + * There is no 'FromISR' version of this function as an interrupt would need to + * know which object a task was blocked on in order to know which actions to + * take. For example, if the task was blocked on a queue the interrupt handler + * would then need to know if the queue was locked. + * + * @param xTask The handle of the task to remove from the Blocked state. + * + * @return If the task referenced by xTask was not in the Blocked state then + * pdFAIL is returned. Otherwise pdPASS is returned. + * + * \defgroup xTaskAbortDelay xTaskAbortDelay + * \ingroup TaskCtrl + */ +BaseType_t xTaskAbortDelay( TaskHandle_t xTask ) ; +/** + * task. h + *
+ * UBaseType_t uxTaskPriorityGet( const TaskHandle_t xTask );
+ * 
+ * + * INCLUDE_uxTaskPriorityGet must be defined as 1 for this function to be available. + * See the configuration section for more information. + * + * Obtain the priority of any task. + * + * @param xTask Handle of the task to be queried. Passing a NULL + * handle results in the priority of the calling task being returned. + * + * @return The priority of xTask. + * + * Example usage: + *
+ * void vAFunction( void )
+ * {
+ * TaskHandle_t xHandle;
+ *
+ *   // Create a task, storing the handle.
+ *   xTaskCreate( vTaskCode, "NAME", STACK_SIZE, NULL, tskIDLE_PRIORITY, &xHandle );
+ *
+ *   // ...
+ *
+ *   // Use the handle to obtain the priority of the created task.
+ *   // It was created with tskIDLE_PRIORITY, but may have changed
+ *   // it itself.
+ *   if( uxTaskPriorityGet( xHandle ) != tskIDLE_PRIORITY )
+ *   {
+ *       // The task has changed it's priority.
+ *   }
+ *
+ *   // ...
+ *
+ *   // Is our priority higher than the created task?
+ *   if( uxTaskPriorityGet( xHandle ) < uxTaskPriorityGet( NULL ) )
+ *   {
+ *       // Our priority (obtained using NULL handle) is higher.
+ *   }
+ * }
+ * 
+ * \defgroup uxTaskPriorityGet uxTaskPriorityGet + * \ingroup TaskCtrl + */ +UBaseType_t uxTaskPriorityGet( const TaskHandle_t xTask ) ; +/** + * task. h + *
+ * UBaseType_t uxTaskPriorityGetFromISR( const TaskHandle_t xTask );
+ * 
+ * + * A version of uxTaskPriorityGet() that can be used from an ISR. + */ +UBaseType_t uxTaskPriorityGetFromISR( const TaskHandle_t xTask ) ; +/** + * task. h + *
+ * eTaskState eTaskGetState( TaskHandle_t xTask );
+ * 
+ * + * INCLUDE_eTaskGetState must be defined as 1 for this function to be available. + * See the configuration section for more information. + * + * Obtain the state of any task. States are encoded by the eTaskState + * enumerated type. + * + * @param xTask Handle of the task to be queried. + * + * @return The state of xTask at the time the function was called. Note the + * state of the task might change between the function being called, and the + * functions return value being tested by the calling task. + */ +eTaskState eTaskGetState( TaskHandle_t xTask ) ; +/** + * task. h + *
+ * void vTaskGetInfo( TaskHandle_t xTask, TaskStatus_t *pxTaskStatus, BaseType_t xGetFreeStackSpace, eTaskState eState );
+ * 
+ * + * configUSE_TRACE_FACILITY must be defined as 1 for this function to be + * available. See the configuration section for more information. + * + * Populates a TaskStatus_t structure with information about a task. + * + * @param xTask Handle of the task being queried. If xTask is NULL then + * information will be returned about the calling task. + * + * @param pxTaskStatus A pointer to the TaskStatus_t structure that will be + * filled with information about the task referenced by the handle passed using + * the xTask parameter. + * + * @xGetFreeStackSpace The TaskStatus_t structure contains a member to report + * the stack high water mark of the task being queried. Calculating the stack + * high water mark takes a relatively long time, and can make the system + * temporarily unresponsive - so the xGetFreeStackSpace parameter is provided to + * allow the high water mark checking to be skipped. The high watermark value + * will only be written to the TaskStatus_t structure if xGetFreeStackSpace is + * not set to pdFALSE; + * + * @param eState The TaskStatus_t structure contains a member to report the + * state of the task being queried. Obtaining the task state is not as fast as + * a simple assignment - so the eState parameter is provided to allow the state + * information to be omitted from the TaskStatus_t structure. To obtain state + * information then set eState to eInvalid - otherwise the value passed in + * eState will be reported as the task state in the TaskStatus_t structure. + * + * Example usage: + *
+ * void vAFunction( void )
+ * {
+ * TaskHandle_t xHandle;
+ * TaskStatus_t xTaskDetails;
+ *
+ *  // Obtain the handle of a task from its name.
+ *  xHandle = xTaskGetHandle( "Task_Name" );
+ *
+ *  // Check the handle is not NULL.
+ *  configASSERT( xHandle );
+ *
+ *  // Use the handle to obtain further information about the task.
+ *  vTaskGetInfo( xHandle,
+ *                &xTaskDetails,
+ *                pdTRUE, // Include the high water mark in xTaskDetails.
+ *                eInvalid ); // Include the task state in xTaskDetails.
+ * }
+ * 
+ * \defgroup vTaskGetInfo vTaskGetInfo + * \ingroup TaskCtrl + */ +void vTaskGetInfo( TaskHandle_t xTask, + TaskStatus_t * pxTaskStatus, + BaseType_t xGetFreeStackSpace, + eTaskState eState ) ; +/** + * task. h + *
+ * void vTaskPrioritySet( TaskHandle_t xTask, UBaseType_t uxNewPriority );
+ * 
+ * + * INCLUDE_vTaskPrioritySet must be defined as 1 for this function to be available. + * See the configuration section for more information. + * + * Set the priority of any task. + * + * A context switch will occur before the function returns if the priority + * being set is higher than the currently executing task. + * + * @param xTask Handle to the task for which the priority is being set. + * Passing a NULL handle results in the priority of the calling task being set. + * + * @param uxNewPriority The priority to which the task will be set. + * + * Example usage: + *
+ * void vAFunction( void )
+ * {
+ * TaskHandle_t xHandle;
+ *
+ *   // Create a task, storing the handle.
+ *   xTaskCreate( vTaskCode, "NAME", STACK_SIZE, NULL, tskIDLE_PRIORITY, &xHandle );
+ *
+ *   // ...
+ *
+ *   // Use the handle to raise the priority of the created task.
+ *   vTaskPrioritySet( xHandle, tskIDLE_PRIORITY + 1 );
+ *
+ *   // ...
+ *
+ *   // Use a NULL handle to raise our priority to the same value.
+ *   vTaskPrioritySet( NULL, tskIDLE_PRIORITY + 1 );
+ * }
+ * 
+ * \defgroup vTaskPrioritySet vTaskPrioritySet + * \ingroup TaskCtrl + */ +void vTaskPrioritySet( TaskHandle_t xTask, + UBaseType_t uxNewPriority ) ; +/** + * task. h + *
+ * void vTaskSuspend( TaskHandle_t xTaskToSuspend );
+ * 
+ * + * INCLUDE_vTaskSuspend must be defined as 1 for this function to be available. + * See the configuration section for more information. + * + * Suspend any task. When suspended a task will never get any microcontroller + * processing time, no matter what its priority. + * + * Calls to vTaskSuspend are not accumulative - + * i.e. calling vTaskSuspend () twice on the same task still only requires one + * call to vTaskResume () to ready the suspended task. + * + * @param xTaskToSuspend Handle to the task being suspended. Passing a NULL + * handle will cause the calling task to be suspended. + * + * Example usage: + *
+ * void vAFunction( void )
+ * {
+ * TaskHandle_t xHandle;
+ *
+ *   // Create a task, storing the handle.
+ *   xTaskCreate( vTaskCode, "NAME", STACK_SIZE, NULL, tskIDLE_PRIORITY, &xHandle );
+ *
+ *   // ...
+ *
+ *   // Use the handle to suspend the created task.
+ *   vTaskSuspend( xHandle );
+ *
+ *   // ...
+ *
+ *   // The created task will not run during this period, unless
+ *   // another task calls vTaskResume( xHandle ).
+ *
+ *   //...
+ *
+ *
+ *   // Suspend ourselves.
+ *   vTaskSuspend( NULL );
+ *
+ *   // We cannot get here unless another task calls vTaskResume
+ *   // with our handle as the parameter.
+ * }
+ * 
+ * \defgroup vTaskSuspend vTaskSuspend + * \ingroup TaskCtrl + */ +void vTaskSuspend( TaskHandle_t xTaskToSuspend ) ; +/** + * task. h + *
+ * void vTaskResume( TaskHandle_t xTaskToResume );
+ * 
+ * + * INCLUDE_vTaskSuspend must be defined as 1 for this function to be available. + * See the configuration section for more information. + * + * Resumes a suspended task. + * + * A task that has been suspended by one or more calls to vTaskSuspend () + * will be made available for running again by a single call to + * vTaskResume (). + * + * @param xTaskToResume Handle to the task being readied. + * + * Example usage: + *
+ * void vAFunction( void )
+ * {
+ * TaskHandle_t xHandle;
+ *
+ *   // Create a task, storing the handle.
+ *   xTaskCreate( vTaskCode, "NAME", STACK_SIZE, NULL, tskIDLE_PRIORITY, &xHandle );
+ *
+ *   // ...
+ *
+ *   // Use the handle to suspend the created task.
+ *   vTaskSuspend( xHandle );
+ *
+ *   // ...
+ *
+ *   // The created task will not run during this period, unless
+ *   // another task calls vTaskResume( xHandle ).
+ *
+ *   //...
+ *
+ *
+ *   // Resume the suspended task ourselves.
+ *   vTaskResume( xHandle );
+ *
+ *   // The created task will once again get microcontroller processing
+ *   // time in accordance with its priority within the system.
+ * }
+ * 
+ * \defgroup vTaskResume vTaskResume + * \ingroup TaskCtrl + */ +void vTaskResume( TaskHandle_t xTaskToResume ) ; +/** + * task. h + *
+ * void xTaskResumeFromISR( TaskHandle_t xTaskToResume );
+ * 
+ * + * INCLUDE_xTaskResumeFromISR must be defined as 1 for this function to be + * available. See the configuration section for more information. + * + * An implementation of vTaskResume() that can be called from within an ISR. + * + * A task that has been suspended by one or more calls to vTaskSuspend () + * will be made available for running again by a single call to + * xTaskResumeFromISR (). + * + * xTaskResumeFromISR() should not be used to synchronise a task with an + * interrupt if there is a chance that the interrupt could arrive prior to the + * task being suspended - as this can lead to interrupts being missed. Use of a + * semaphore as a synchronisation mechanism would avoid this eventuality. + * + * @param xTaskToResume Handle to the task being readied. + * + * @return pdTRUE if resuming the task should result in a context switch, + * otherwise pdFALSE. This is used by the ISR to determine if a context switch + * may be required following the ISR. + * + * \defgroup vTaskResumeFromISR vTaskResumeFromISR + * \ingroup TaskCtrl + */ +BaseType_t xTaskResumeFromISR( TaskHandle_t xTaskToResume ) ; +/** + * @brief Disables preemption for a task. + * + * @param xTask The handle of the task to disable preemption. Passing NULL + * disables preemption for the calling task. + * + * Example usage: + * + * void vTaskCode( void *pvParameters ) + * { + * // Silence warnings about unused parameters. + * ( void ) pvParameters; + * + * for( ;; ) + * { + * // ... Perform some function here. + * + * // Disable preemption for this task. + * vTaskPreemptionDisable( NULL ); + * + * // The task will not be preempted when it is executing in this portion ... + * + * // ... until the preemption is enabled again. + * vTaskPreemptionEnable( NULL ); + * + * // The task can be preempted when it is executing in this portion. + * } + * } + */ +void vTaskPreemptionDisable( const TaskHandle_t xTask ); +/** + * @brief Enables preemption for a task. + * + * @param xTask The handle of the task to enable preemption. Passing NULL + * enables preemption for the calling task. + * + * Example usage: + * + * void vTaskCode( void *pvParameters ) + * { + * // Silence warnings about unused parameters. + * ( void ) pvParameters; + * + * for( ;; ) + * { + * // ... Perform some function here. + * + * // Disable preemption for this task. + * vTaskPreemptionDisable( NULL ); + * + * // The task will not be preempted when it is executing in this portion ... + * + * // ... until the preemption is enabled again. + * vTaskPreemptionEnable( NULL ); + * + * // The task can be preempted when it is executing in this portion. + * } + * } + */ +void vTaskPreemptionEnable( const TaskHandle_t xTask ); +/*----------------------------------------------------------- +* SCHEDULER CONTROL +*----------------------------------------------------------*/ +/** + * task. h + *
+ * void vTaskStartScheduler( void );
+ * 
+ * + * Starts the real time kernel tick processing. After calling the kernel + * has control over which tasks are executed and when. + * + * See the demo application file main.c for an example of creating + * tasks and starting the kernel. + * + * Example usage: + *
+ * void vAFunction( void )
+ * {
+ *   // Create at least one task before starting the kernel.
+ *   xTaskCreate( vTaskCode, "NAME", STACK_SIZE, NULL, tskIDLE_PRIORITY, NULL );
+ *
+ *   // Start the real time kernel with preemption.
+ *   vTaskStartScheduler ();
+ *
+ *   // Will not get here unless a task calls vTaskEndScheduler ()
+ * }
+ * 
+ * + * \defgroup vTaskStartScheduler vTaskStartScheduler + * \ingroup SchedulerControl + */ +void vTaskStartScheduler( void ) ; +/** + * task. h + *
+ * void vTaskEndScheduler( void );
+ * 
+ * + * NOTE: At the time of writing only the x86 real mode port, which runs on a PC + * in place of DOS, implements this function. + * + * Stops the real time kernel tick. All created tasks will be automatically + * deleted and multitasking (either preemptive or cooperative) will + * stop. Execution then resumes from the point where vTaskStartScheduler () + * was called, as if vTaskStartScheduler () had just returned. + * + * See the demo application file main. c in the demo/PC directory for an + * example that uses vTaskEndScheduler (). + * + * vTaskEndScheduler () requires an exit function to be defined within the + * portable layer (see vPortEndScheduler () in port. c for the PC port). This + * performs hardware specific operations such as stopping the kernel tick. + * + * vTaskEndScheduler () will cause all of the resources allocated by the + * kernel to be freed - but will not free resources allocated by application + * tasks. + * + * Example usage: + *
+ * void vTaskCode( void * pvParameters )
+ * {
+ *   for( ;; )
+ *   {
+ *       // Task code goes here.
+ *
+ *       // At some point we want to end the real time kernel processing
+ *       // so call ...
+ *       vTaskEndScheduler ();
+ *   }
+ * }
+ *
+ * void vAFunction( void )
+ * {
+ *   // Create at least one task before starting the kernel.
+ *   xTaskCreate( vTaskCode, "NAME", STACK_SIZE, NULL, tskIDLE_PRIORITY, NULL );
+ *
+ *   // Start the real time kernel with preemption.
+ *   vTaskStartScheduler ();
+ *
+ *   // Will only get here when the vTaskCode () task has called
+ *   // vTaskEndScheduler ().  When we get here we are back to single task
+ *   // execution.
+ * }
+ * 
+ * + * \defgroup vTaskEndScheduler vTaskEndScheduler + * \ingroup SchedulerControl + */ +void vTaskEndScheduler( void ) ; +/** + * task. h + *
+ * void vTaskSuspendAll( void );
+ * 
+ * + * Suspends the scheduler without disabling interrupts. Context switches will + * not occur while the scheduler is suspended. + * + * After calling vTaskSuspendAll () the calling task will continue to execute + * without risk of being swapped out until a call to xTaskResumeAll () has been + * made. + * + * API functions that have the potential to cause a context switch (for example, + * xTaskDelayUntil(), xQueueSend(), etc.) must not be called while the scheduler + * is suspended. + * + * Example usage: + *
+ * void vTask1( void * pvParameters )
+ * {
+ *   for( ;; )
+ *   {
+ *       // Task code goes here.
+ *
+ *       // ...
+ *
+ *       // At some point the task wants to perform a long operation during
+ *       // which it does not want to get swapped out.  It cannot use
+ *       // taskENTER_CRITICAL ()/taskEXIT_CRITICAL () as the length of the
+ *       // operation may cause interrupts to be missed - including the
+ *       // ticks.
+ *
+ *       // Prevent the real time kernel swapping out the task.
+ *       vTaskSuspendAll ();
+ *
+ *       // Perform the operation here.  There is no need to use critical
+ *       // sections as we have all the microcontroller processing time.
+ *       // During this time interrupts will still operate and the kernel
+ *       // tick count will be maintained.
+ *
+ *       // ...
+ *
+ *       // The operation is complete.  Restart the kernel.
+ *       xTaskResumeAll ();
+ *   }
+ * }
+ * 
+ * \defgroup vTaskSuspendAll vTaskSuspendAll + * \ingroup SchedulerControl + */ +void vTaskSuspendAll( void ) ; +/** + * task. h + *
+ * BaseType_t xTaskResumeAll( void );
+ * 
+ * + * Resumes scheduler activity after it was suspended by a call to + * vTaskSuspendAll(). + * + * xTaskResumeAll() only resumes the scheduler. It does not unsuspend tasks + * that were previously suspended by a call to vTaskSuspend(). + * + * @return If resuming the scheduler caused a context switch then pdTRUE is + * returned, otherwise pdFALSE is returned. + * + * Example usage: + *
+ * void vTask1( void * pvParameters )
+ * {
+ *   for( ;; )
+ *   {
+ *       // Task code goes here.
+ *
+ *       // ...
+ *
+ *       // At some point the task wants to perform a long operation during
+ *       // which it does not want to get swapped out.  It cannot use
+ *       // taskENTER_CRITICAL ()/taskEXIT_CRITICAL () as the length of the
+ *       // operation may cause interrupts to be missed - including the
+ *       // ticks.
+ *
+ *       // Prevent the real time kernel swapping out the task.
+ *       vTaskSuspendAll ();
+ *
+ *       // Perform the operation here.  There is no need to use critical
+ *       // sections as we have all the microcontroller processing time.
+ *       // During this time interrupts will still operate and the real
+ *       // time kernel tick count will be maintained.
+ *
+ *       // ...
+ *
+ *       // The operation is complete.  Restart the kernel.  We want to force
+ *       // a context switch - but there is no point if resuming the scheduler
+ *       // caused a context switch already.
+ *       if( !xTaskResumeAll () )
+ *       {
+ *            taskYIELD ();
+ *       }
+ *   }
+ * }
+ * 
+ * \defgroup xTaskResumeAll xTaskResumeAll + * \ingroup SchedulerControl + */ +BaseType_t xTaskResumeAll( void ) ; +/*----------------------------------------------------------- +* TASK UTILITIES +*----------------------------------------------------------*/ +/** + * task. h + *
TickType_t xTaskGetTickCount( void );
+ * + * @return The count of ticks since vTaskStartScheduler was called. + * + * \defgroup xTaskGetTickCount xTaskGetTickCount + * \ingroup TaskUtils + */ +TickType_t xTaskGetTickCount( void ) ; +/** + * task. h + *
TickType_t xTaskGetTickCountFromISR( void );
+ * + * @return The count of ticks since vTaskStartScheduler was called. + * + * This is a version of xTaskGetTickCount() that is safe to be called from an + * ISR - provided that TickType_t is the natural word size of the + * microcontroller being used or interrupt nesting is either not supported or + * not being used. + * + * \defgroup xTaskGetTickCountFromISR xTaskGetTickCountFromISR + * \ingroup TaskUtils + */ +TickType_t xTaskGetTickCountFromISR( void ) ; +/** + * task. h + *
uint16_t uxTaskGetNumberOfTasks( void );
+ * + * @return The number of tasks that the real time kernel is currently managing. + * This includes all ready, blocked and suspended tasks. A task that + * has been deleted but not yet freed by the idle task will also be + * included in the count. + * + * \defgroup uxTaskGetNumberOfTasks uxTaskGetNumberOfTasks + * \ingroup TaskUtils + */ +UBaseType_t uxTaskGetNumberOfTasks( void ) ; +/** + * task. h + *
char *pcTaskGetName( TaskHandle_t xTaskToQuery );
+ * + * @return The text (human readable) name of the task referenced by the handle + * xTaskToQuery. A task can query its own name by either passing in its own + * handle, or by setting xTaskToQuery to NULL. + * + * \defgroup pcTaskGetName pcTaskGetName + * \ingroup TaskUtils + */ +char * pcTaskGetName( TaskHandle_t xTaskToQuery ) ; /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ +/** + * task. h + *
TaskHandle_t xTaskGetHandle( const char *pcNameToQuery );
+ * + * NOTE: This function takes a relatively long time to complete and should be + * used sparingly. + * + * @return The handle of the task that has the human readable name pcNameToQuery. + * NULL is returned if no matching name is found. INCLUDE_xTaskGetHandle + * must be set to 1 in FreeRTOSConfig.h for pcTaskGetHandle() to be available. + * + * \defgroup pcTaskGetHandle pcTaskGetHandle + * \ingroup TaskUtils + */ +TaskHandle_t xTaskGetHandle( const char * pcNameToQuery ) ; /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ +/** + * task.h + *
UBaseType_t uxTaskGetStackHighWaterMark( TaskHandle_t xTask );
+ * + * INCLUDE_uxTaskGetStackHighWaterMark must be set to 1 in FreeRTOSConfig.h for + * this function to be available. + * + * Returns the high water mark of the stack associated with xTask. That is, + * the minimum free stack space there has been (in words, so on a 32 bit machine + * a value of 1 means 4 bytes) since the task started. The smaller the returned + * number the closer the task has come to overflowing its stack. + * + * uxTaskGetStackHighWaterMark() and uxTaskGetStackHighWaterMark2() are the + * same except for their return type. Using configSTACK_DEPTH_TYPE allows the + * user to determine the return type. It gets around the problem of the value + * overflowing on 8-bit types without breaking backward compatibility for + * applications that expect an 8-bit return type. + * + * @param xTask Handle of the task associated with the stack to be checked. + * Set xTask to NULL to check the stack of the calling task. + * + * @return The smallest amount of free stack space there has been (in words, so + * actual spaces on the stack rather than bytes) since the task referenced by + * xTask was created. + */ +UBaseType_t uxTaskGetStackHighWaterMark( TaskHandle_t xTask ) ; +/** + * task.h + *
configSTACK_DEPTH_TYPE uxTaskGetStackHighWaterMark2( TaskHandle_t xTask );
+ * + * INCLUDE_uxTaskGetStackHighWaterMark2 must be set to 1 in FreeRTOSConfig.h for + * this function to be available. + * + * Returns the high water mark of the stack associated with xTask. That is, + * the minimum free stack space there has been (in words, so on a 32 bit machine + * a value of 1 means 4 bytes) since the task started. The smaller the returned + * number the closer the task has come to overflowing its stack. + * + * uxTaskGetStackHighWaterMark() and uxTaskGetStackHighWaterMark2() are the + * same except for their return type. Using configSTACK_DEPTH_TYPE allows the + * user to determine the return type. It gets around the problem of the value + * overflowing on 8-bit types without breaking backward compatibility for + * applications that expect an 8-bit return type. + * + * @param xTask Handle of the task associated with the stack to be checked. + * Set xTask to NULL to check the stack of the calling task. + * + * @return The smallest amount of free stack space there has been (in words, so + * actual spaces on the stack rather than bytes) since the task referenced by + * xTask was created. + */ +uint32_t uxTaskGetStackHighWaterMark2( TaskHandle_t xTask ) ; +/* When using trace macros it is sometimes necessary to include task.h before + * FreeRTOS.h. When this is done TaskHookFunction_t will not yet have been defined, + * so the following two prototypes will cause a compilation error. This can be + * fixed by simply guarding against the inclusion of these two prototypes unless + * they are explicitly required by the configUSE_APPLICATION_TASK_TAG configuration + * constant. */ +/* Each task contains an array of pointers that is dimensioned by the + * configNUM_THREAD_LOCAL_STORAGE_POINTERS setting in FreeRTOSConfig.h. The + * kernel does not use the pointers itself, so the application writer can use + * the pointers for any purpose they wish. The following two functions are + * used to set and query a pointer respectively. */ + void vTaskSetThreadLocalStoragePointer( TaskHandle_t xTaskToSet, + BaseType_t xIndex, + void * pvValue ) ; + void * pvTaskGetThreadLocalStoragePointer( TaskHandle_t xTaskToQuery, + BaseType_t xIndex ) ; + /** + * task.h + *
void vApplicationStackOverflowHook( TaskHandle_t xTask char *pcTaskName); 
+ * + * The application stack overflow hook is called when a stack overflow is detected for a task. + * + * Details on stack overflow detection can be found here: https://www.FreeRTOS.org/Stacks-and-stack-overflow-checking.html + * + * @param xTask the task that just exceeded its stack boundaries. + * @param pcTaskName A character string containing the name of the offending task. + */ + void vApplicationStackOverflowHook( TaskHandle_t xTask, + char * pcTaskName ); + /** + * task.h + *
void vApplicationTickHook( void ); 
+ * + * This hook function is called in the system tick handler after any OS work is completed. + */ + void vApplicationTickHook( void ); /*lint !e526 Symbol not defined as it is an application callback. */ +/** + * task.h + *
+ * BaseType_t xTaskCallApplicationTaskHook( TaskHandle_t xTask, void *pvParameter );
+ * 
+ * + * Calls the hook function associated with xTask. Passing xTask as NULL has + * the effect of calling the Running tasks (the calling task) hook function. + * + * pvParameter is passed to the hook function for the task to interpret as it + * wants. The return value is the value returned by the task hook function + * registered by the user. + */ +BaseType_t xTaskCallApplicationTaskHook( TaskHandle_t xTask, + void * pvParameter ) ; +/** + * xTaskGetIdleTaskHandle() is only available if + * INCLUDE_xTaskGetIdleTaskHandle is set to 1 in FreeRTOSConfig.h. + * + * Simply returns a pointer to the array of idle task handles. + * It is not valid to call xTaskGetIdleTaskHandle() before the scheduler has been started. + */ +TaskHandle_t *xTaskGetIdleTaskHandle( void ) ; +/** + * configUSE_TRACE_FACILITY must be defined as 1 in FreeRTOSConfig.h for + * uxTaskGetSystemState() to be available. + * + * uxTaskGetSystemState() populates an TaskStatus_t structure for each task in + * the system. TaskStatus_t structures contain, among other things, members + * for the task handle, task name, task priority, task state, and total amount + * of run time consumed by the task. See the TaskStatus_t structure + * definition in this file for the full member list. + * + * NOTE: This function is intended for debugging use only as its use results in + * the scheduler remaining suspended for an extended period. + * + * @param pxTaskStatusArray A pointer to an array of TaskStatus_t structures. + * The array must contain at least one TaskStatus_t structure for each task + * that is under the control of the RTOS. The number of tasks under the control + * of the RTOS can be determined using the uxTaskGetNumberOfTasks() API function. + * + * @param uxArraySize The size of the array pointed to by the pxTaskStatusArray + * parameter. The size is specified as the number of indexes in the array, or + * the number of TaskStatus_t structures contained in the array, not by the + * number of bytes in the array. + * + * @param pulTotalRunTime If configGENERATE_RUN_TIME_STATS is set to 1 in + * FreeRTOSConfig.h then *pulTotalRunTime is set by uxTaskGetSystemState() to the + * total run time (as defined by the run time stats clock, see + * https://www.FreeRTOS.org/rtos-run-time-stats.html) since the target booted. + * pulTotalRunTime can be set to NULL to omit the total run time information. + * + * @return The number of TaskStatus_t structures that were populated by + * uxTaskGetSystemState(). This should equal the number returned by the + * uxTaskGetNumberOfTasks() API function, but will be zero if the value passed + * in the uxArraySize parameter was too small. + * + * Example usage: + *
+ *  // This example demonstrates how a human readable table of run time stats
+ *  // information is generated from raw data provided by uxTaskGetSystemState().
+ *  // The human readable table is written to pcWriteBuffer
+ *  void vTaskGetRunTimeStats( char *pcWriteBuffer )
+ *  {
+ *  TaskStatus_t *pxTaskStatusArray;
+ *  volatile UBaseType_t uxArraySize, x;
+ *  uint32_t ulTotalRunTime, ulStatsAsPercentage;
+ *
+ *      // Make sure the write buffer does not contain a string.
+ * pcWriteBuffer = 0x00;
+ *
+ *      // Take a snapshot of the number of tasks in case it changes while this
+ *      // function is executing.
+ *      uxArraySize = uxTaskGetNumberOfTasks();
+ *
+ *      // Allocate a TaskStatus_t structure for each task.  An array could be
+ *      // allocated statically at compile time.
+ *      pxTaskStatusArray = pvPortMalloc( uxArraySize * sizeof( TaskStatus_t ) );
+ *
+ *      if( pxTaskStatusArray != NULL )
+ *      {
+ *          // Generate raw status information about each task.
+ *          uxArraySize = uxTaskGetSystemState( pxTaskStatusArray, uxArraySize, &ulTotalRunTime );
+ *
+ *          // For percentage calculations.
+ *          ulTotalRunTime /= 100UL;
+ *
+ *          // Avoid divide by zero errors.
+ *          if( ulTotalRunTime > 0 )
+ *          {
+ *              // For each populated position in the pxTaskStatusArray array,
+ *              // format the raw data as human readable ASCII data
+ *              for( x = 0; x < uxArraySize; x++ )
+ *              {
+ *                  // What percentage of the total run time has the task used?
+ *                  // This will always be rounded down to the nearest integer.
+ *                  // ulTotalRunTimeDiv100 has already been divided by 100.
+ *                  ulStatsAsPercentage = pxTaskStatusArray[ x ].ulRunTimeCounter / ulTotalRunTime;
+ *
+ *                  if( ulStatsAsPercentage > 0UL )
+ *                  {
+ *                      sprintf( pcWriteBuffer, "%s\t\t%lu\t\t%lu%%\r\n", pxTaskStatusArray[ x ].pcTaskName, pxTaskStatusArray[ x ].ulRunTimeCounter, ulStatsAsPercentage );
+ *                  }
+ *                  else
+ *                  {
+ *                      // If the percentage is zero here then the task has
+ *                      // consumed less than 1% of the total run time.
+ *                      sprintf( pcWriteBuffer, "%s\t\t%lu\t\t<1%%\r\n", pxTaskStatusArray[ x ].pcTaskName, pxTaskStatusArray[ x ].ulRunTimeCounter );
+ *                  }
+ *
+ *                  pcWriteBuffer += strlen( ( char * ) pcWriteBuffer );
+ *              }
+ *          }
+ *
+ *          // The array is no longer needed, free the memory it consumes.
+ *          vPortFree( pxTaskStatusArray );
+ *      }
+ *  }
+ *  
+ */ +UBaseType_t uxTaskGetSystemState( TaskStatus_t * const pxTaskStatusArray, + const UBaseType_t uxArraySize, + uint32_t * const pulTotalRunTime ) ; +/** + * task. h + *
void vTaskList( char *pcWriteBuffer );
+ * + * configUSE_TRACE_FACILITY and configUSE_STATS_FORMATTING_FUNCTIONS must + * both be defined as 1 for this function to be available. See the + * configuration section of the FreeRTOS.org website for more information. + * + * NOTE 1: This function will disable interrupts for its duration. It is + * not intended for normal application runtime use but as a debug aid. + * + * Lists all the current tasks, along with their current state and stack + * usage high water mark. + * + * Tasks are reported as blocked ('B'), ready ('R'), deleted ('D') or + * suspended ('S'). + * + * PLEASE NOTE: + * + * This function is provided for convenience only, and is used by many of the + * demo applications. Do not consider it to be part of the scheduler. + * + * vTaskList() calls uxTaskGetSystemState(), then formats part of the + * uxTaskGetSystemState() output into a human readable table that displays task: + * names, states, priority, stack usage and task number. + * Stack usage specified as the number of unused StackType_t words stack can hold + * on top of stack - not the number of bytes. + * + * vTaskList() has a dependency on the sprintf() C library function that might + * bloat the code size, use a lot of stack, and provide different results on + * different platforms. An alternative, tiny, third party, and limited + * functionality implementation of sprintf() is provided in many of the + * FreeRTOS/Demo sub-directories in a file called printf-stdarg.c (note + * printf-stdarg.c does not provide a full snprintf() implementation!). + * + * It is recommended that production systems call uxTaskGetSystemState() + * directly to get access to raw stats data, rather than indirectly through a + * call to vTaskList(). + * + * @param pcWriteBuffer A buffer into which the above mentioned details + * will be written, in ASCII form. This buffer is assumed to be large + * enough to contain the generated report. Approximately 40 bytes per + * task should be sufficient. + * + * \defgroup vTaskList vTaskList + * \ingroup TaskUtils + */ +void vTaskList( char * pcWriteBuffer ) ; /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ +/** + * task. h + *
void vTaskGetRunTimeStats( char *pcWriteBuffer );
+ * + * configGENERATE_RUN_TIME_STATS and configUSE_STATS_FORMATTING_FUNCTIONS + * must both be defined as 1 for this function to be available. The application + * must also then provide definitions for + * portCONFIGURE_TIMER_FOR_RUN_TIME_STATS() and portGET_RUN_TIME_COUNTER_VALUE() + * to configure a peripheral timer/counter and return the timers current count + * value respectively. The counter should be at least 10 times the frequency of + * the tick count. + * + * NOTE 1: This function will disable interrupts for its duration. It is + * not intended for normal application runtime use but as a debug aid. + * + * Setting configGENERATE_RUN_TIME_STATS to 1 will result in a total + * accumulated execution time being stored for each task. The resolution + * of the accumulated time value depends on the frequency of the timer + * configured by the portCONFIGURE_TIMER_FOR_RUN_TIME_STATS() macro. + * Calling vTaskGetRunTimeStats() writes the total execution time of each + * task into a buffer, both as an absolute count value and as a percentage + * of the total system execution time. + * + * NOTE 2: + * + * This function is provided for convenience only, and is used by many of the + * demo applications. Do not consider it to be part of the scheduler. + * + * vTaskGetRunTimeStats() calls uxTaskGetSystemState(), then formats part of the + * uxTaskGetSystemState() output into a human readable table that displays the + * amount of time each task has spent in the Running state in both absolute and + * percentage terms. + * + * vTaskGetRunTimeStats() has a dependency on the sprintf() C library function + * that might bloat the code size, use a lot of stack, and provide different + * results on different platforms. An alternative, tiny, third party, and + * limited functionality implementation of sprintf() is provided in many of the + * FreeRTOS/Demo sub-directories in a file called printf-stdarg.c (note + * printf-stdarg.c does not provide a full snprintf() implementation!). + * + * It is recommended that production systems call uxTaskGetSystemState() directly + * to get access to raw stats data, rather than indirectly through a call to + * vTaskGetRunTimeStats(). + * + * @param pcWriteBuffer A buffer into which the execution times will be + * written, in ASCII form. This buffer is assumed to be large enough to + * contain the generated report. Approximately 40 bytes per task should + * be sufficient. + * + * \defgroup vTaskGetRunTimeStats vTaskGetRunTimeStats + * \ingroup TaskUtils + */ +void vTaskGetRunTimeStats( char * pcWriteBuffer ) ; /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ +/** + * task. h + *
uint32_t ulTaskGetIdleRunTimeCounter( void );
+ * + * configGENERATE_RUN_TIME_STATS and configUSE_STATS_FORMATTING_FUNCTIONS + * must both be defined as 1 for this function to be available. The application + * must also then provide definitions for + * portCONFIGURE_TIMER_FOR_RUN_TIME_STATS() and portGET_RUN_TIME_COUNTER_VALUE() + * to configure a peripheral timer/counter and return the timers current count + * value respectively. The counter should be at least 10 times the frequency of + * the tick count. + * + * Setting configGENERATE_RUN_TIME_STATS to 1 will result in a total + * accumulated execution time being stored for each task. The resolution + * of the accumulated time value depends on the frequency of the timer + * configured by the portCONFIGURE_TIMER_FOR_RUN_TIME_STATS() macro. + * While uxTaskGetSystemState() and vTaskGetRunTimeStats() writes the total + * execution time of each task into a buffer, ulTaskGetIdleRunTimeCounter() + * returns the total execution time of just the idle task. + * + * @return The total run time of the idle task. This is the amount of time the + * idle task has actually been executing. The unit of time is dependent on the + * frequency configured using the portCONFIGURE_TIMER_FOR_RUN_TIME_STATS() and + * portGET_RUN_TIME_COUNTER_VALUE() macros. + * + * \defgroup ulTaskGetIdleRunTimeCounter ulTaskGetIdleRunTimeCounter + * \ingroup TaskUtils + */ +uint32_t ulTaskGetIdleRunTimeCounter( void ) ; +/** + * task. h + *
BaseType_t xTaskNotifyIndexed( TaskHandle_t xTaskToNotify, UBaseType_t uxIndexToNotify, uint32_t ulValue, eNotifyAction eAction );
+ *
BaseType_t xTaskNotify( TaskHandle_t xTaskToNotify, uint32_t ulValue, eNotifyAction eAction );
+ * + * See https://www.FreeRTOS.org/RTOS-task-notifications.html for details. + * + * configUSE_TASK_NOTIFICATIONS must be undefined or defined as 1 for these + * functions to be available. + * + * Sends a direct to task notification to a task, with an optional value and + * action. + * + * Each task has a private array of "notification values" (or 'notifications'), + * each of which is a 32-bit unsigned integer (uint32_t). The constant + * configTASK_NOTIFICATION_ARRAY_ENTRIES sets the number of indexes in the + * array, and (for backward compatibility) defaults to 1 if left undefined. + * Prior to FreeRTOS V10.4.0 there was only one notification value per task. + * + * Events can be sent to a task using an intermediary object. Examples of such + * objects are queues, semaphores, mutexes and event groups. Task notifications + * are a method of sending an event directly to a task without the need for such + * an intermediary object. + * + * A notification sent to a task can optionally perform an action, such as + * update, overwrite or increment one of the task's notification values. In + * that way task notifications can be used to send data to a task, or be used as + * light weight and fast binary or counting semaphores. + * + * A task can use xTaskNotifyWaitIndexed() or ulTaskNotifyTakeIndexed() to + * [optionally] block to wait for a notification to be pending. The task does + * not consume any CPU time while it is in the Blocked state. + * + * A notification sent to a task will remain pending until it is cleared by the + * task calling xTaskNotifyWaitIndexed() or ulTaskNotifyTakeIndexed() (or their + * un-indexed equivalents). If the task was already in the Blocked state to + * wait for a notification when the notification arrives then the task will + * automatically be removed from the Blocked state (unblocked) and the + * notification cleared. + * + * **NOTE** Each notification within the array operates independently - a task + * can only block on one notification within the array at a time and will not be + * unblocked by a notification sent to any other array index. + * + * Backward compatibility information: + * Prior to FreeRTOS V10.4.0 each task had a single "notification value", and + * all task notification API functions operated on that value. Replacing the + * single notification value with an array of notification values necessitated a + * new set of API functions that could address specific notifications within the + * array. xTaskNotify() is the original API function, and remains backward + * compatible by always operating on the notification value at index 0 in the + * array. Calling xTaskNotify() is equivalent to calling xTaskNotifyIndexed() + * with the uxIndexToNotify parameter set to 0. + * + * @param xTaskToNotify The handle of the task being notified. The handle to a + * task can be returned from the xTaskCreate() API function used to create the + * task, and the handle of the currently running task can be obtained by calling + * xTaskGetCurrentTaskHandle(). + * + * @param uxIndexToNotify The index within the target task's array of + * notification values to which the notification is to be sent. uxIndexToNotify + * must be less than configTASK_NOTIFICATION_ARRAY_ENTRIES. xTaskNotify() does + * not have this parameter and always sends notifications to index 0. + * + * @param ulValue Data that can be sent with the notification. How the data is + * used depends on the value of the eAction parameter. + * + * @param eAction Specifies how the notification updates the task's notification + * value, if at all. Valid values for eAction are as follows: + * + * eSetBits - + * The target notification value is bitwise ORed with ulValue. + * xTaskNotifyIndexed() always returns pdPASS in this case. + * + * eIncrement - + * The target notification value is incremented. ulValue is not used and + * xTaskNotifyIndexed() always returns pdPASS in this case. + * + * eSetValueWithOverwrite - + * The target notification value is set to the value of ulValue, even if the + * task being notified had not yet processed the previous notification at the + * same array index (the task already had a notification pending at that index). + * xTaskNotifyIndexed() always returns pdPASS in this case. + * + * eSetValueWithoutOverwrite - + * If the task being notified did not already have a notification pending at the + * same array index then the target notification value is set to ulValue and + * xTaskNotifyIndexed() will return pdPASS. If the task being notified already + * had a notification pending at the same array index then no action is + * performed and pdFAIL is returned. + * + * eNoAction - + * The task receives a notification at the specified array index without the + * notification value at that index being updated. ulValue is not used and + * xTaskNotifyIndexed() always returns pdPASS in this case. + * + * pulPreviousNotificationValue - + * Can be used to pass out the subject task's notification value before any + * bits are modified by the notify function. + * + * @return Dependent on the value of eAction. See the description of the + * eAction parameter. + * + * \defgroup xTaskNotifyIndexed xTaskNotifyIndexed + * \ingroup TaskNotifications + */ +BaseType_t xTaskGenericNotify( TaskHandle_t xTaskToNotify, + UBaseType_t uxIndexToNotify, + uint32_t ulValue, + eNotifyAction eAction, + uint32_t * pulPreviousNotificationValue ) ; +/** + * task. h + *
BaseType_t xTaskNotifyAndQueryIndexed( TaskHandle_t xTaskToNotify, UBaseType_t uxIndexToNotify, uint32_t ulValue, eNotifyAction eAction, uint32_t *pulPreviousNotifyValue );
+ *
BaseType_t xTaskNotifyAndQuery( TaskHandle_t xTaskToNotify, uint32_t ulValue, eNotifyAction eAction, uint32_t *pulPreviousNotifyValue );
+ * + * See https://www.FreeRTOS.org/RTOS-task-notifications.html for details. + * + * xTaskNotifyAndQueryIndexed() performs the same operation as + * xTaskNotifyIndexed() with the addition that it also returns the subject + * task's prior notification value (the notification value at the time the + * function is called rather than when the function returns) in the additional + * pulPreviousNotifyValue parameter. + * + * xTaskNotifyAndQuery() performs the same operation as xTaskNotify() with the + * addition that it also returns the subject task's prior notification value + * (the notification value as it was at the time the function is called, rather + * than when the function returns) in the additional pulPreviousNotifyValue + * parameter. + * + * \defgroup xTaskNotifyAndQueryIndexed xTaskNotifyAndQueryIndexed + * \ingroup TaskNotifications + */ +/** + * task. h + *
BaseType_t xTaskNotifyIndexedFromISR( TaskHandle_t xTaskToNotify, UBaseType_t uxIndexToNotify, uint32_t ulValue, eNotifyAction eAction, BaseType_t *pxHigherPriorityTaskWoken );
+ *
BaseType_t xTaskNotifyFromISR( TaskHandle_t xTaskToNotify, uint32_t ulValue, eNotifyAction eAction, BaseType_t *pxHigherPriorityTaskWoken );
+ * + * See https://www.FreeRTOS.org/RTOS-task-notifications.html for details. + * + * configUSE_TASK_NOTIFICATIONS must be undefined or defined as 1 for these + * functions to be available. + * + * A version of xTaskNotifyIndexed() that can be used from an interrupt service + * routine (ISR). + * + * Each task has a private array of "notification values" (or 'notifications'), + * each of which is a 32-bit unsigned integer (uint32_t). The constant + * configTASK_NOTIFICATION_ARRAY_ENTRIES sets the number of indexes in the + * array, and (for backward compatibility) defaults to 1 if left undefined. + * Prior to FreeRTOS V10.4.0 there was only one notification value per task. + * + * Events can be sent to a task using an intermediary object. Examples of such + * objects are queues, semaphores, mutexes and event groups. Task notifications + * are a method of sending an event directly to a task without the need for such + * an intermediary object. + * + * A notification sent to a task can optionally perform an action, such as + * update, overwrite or increment one of the task's notification values. In + * that way task notifications can be used to send data to a task, or be used as + * light weight and fast binary or counting semaphores. + * + * A task can use xTaskNotifyWaitIndexed() to [optionally] block to wait for a + * notification to be pending, or ulTaskNotifyTakeIndexed() to [optionally] block + * to wait for a notification value to have a non-zero value. The task does + * not consume any CPU time while it is in the Blocked state. + * + * A notification sent to a task will remain pending until it is cleared by the + * task calling xTaskNotifyWaitIndexed() or ulTaskNotifyTakeIndexed() (or their + * un-indexed equivalents). If the task was already in the Blocked state to + * wait for a notification when the notification arrives then the task will + * automatically be removed from the Blocked state (unblocked) and the + * notification cleared. + * + * **NOTE** Each notification within the array operates independently - a task + * can only block on one notification within the array at a time and will not be + * unblocked by a notification sent to any other array index. + * + * Backward compatibility information: + * Prior to FreeRTOS V10.4.0 each task had a single "notification value", and + * all task notification API functions operated on that value. Replacing the + * single notification value with an array of notification values necessitated a + * new set of API functions that could address specific notifications within the + * array. xTaskNotifyFromISR() is the original API function, and remains + * backward compatible by always operating on the notification value at index 0 + * within the array. Calling xTaskNotifyFromISR() is equivalent to calling + * xTaskNotifyIndexedFromISR() with the uxIndexToNotify parameter set to 0. + * + * @param uxIndexToNotify The index within the target task's array of + * notification values to which the notification is to be sent. uxIndexToNotify + * must be less than configTASK_NOTIFICATION_ARRAY_ENTRIES. xTaskNotifyFromISR() + * does not have this parameter and always sends notifications to index 0. + * + * @param xTaskToNotify The handle of the task being notified. The handle to a + * task can be returned from the xTaskCreate() API function used to create the + * task, and the handle of the currently running task can be obtained by calling + * xTaskGetCurrentTaskHandle(). + * + * @param ulValue Data that can be sent with the notification. How the data is + * used depends on the value of the eAction parameter. + * + * @param eAction Specifies how the notification updates the task's notification + * value, if at all. Valid values for eAction are as follows: + * + * eSetBits - + * The task's notification value is bitwise ORed with ulValue. xTaskNotify() + * always returns pdPASS in this case. + * + * eIncrement - + * The task's notification value is incremented. ulValue is not used and + * xTaskNotify() always returns pdPASS in this case. + * + * eSetValueWithOverwrite - + * The task's notification value is set to the value of ulValue, even if the + * task being notified had not yet processed the previous notification (the + * task already had a notification pending). xTaskNotify() always returns + * pdPASS in this case. + * + * eSetValueWithoutOverwrite - + * If the task being notified did not already have a notification pending then + * the task's notification value is set to ulValue and xTaskNotify() will + * return pdPASS. If the task being notified already had a notification + * pending then no action is performed and pdFAIL is returned. + * + * eNoAction - + * The task receives a notification without its notification value being + * updated. ulValue is not used and xTaskNotify() always returns pdPASS in + * this case. + * + * @param pxHigherPriorityTaskWoken xTaskNotifyFromISR() will set + * *pxHigherPriorityTaskWoken to pdTRUE if sending the notification caused the + * task to which the notification was sent to leave the Blocked state, and the + * unblocked task has a priority higher than the currently running task. If + * xTaskNotifyFromISR() sets this value to pdTRUE then a context switch should + * be requested before the interrupt is exited. How a context switch is + * requested from an ISR is dependent on the port - see the documentation page + * for the port in use. + * + * @return Dependent on the value of eAction. See the description of the + * eAction parameter. + * + * \defgroup xTaskNotifyIndexedFromISR xTaskNotifyIndexedFromISR + * \ingroup TaskNotifications + */ +BaseType_t xTaskGenericNotifyFromISR( TaskHandle_t xTaskToNotify, + UBaseType_t uxIndexToNotify, + uint32_t ulValue, + eNotifyAction eAction, + uint32_t * pulPreviousNotificationValue, + BaseType_t * pxHigherPriorityTaskWoken ) ; +/** + * task. h + *
BaseType_t xTaskNotifyAndQueryIndexedFromISR( TaskHandle_t xTaskToNotify, UBaseType_t uxIndexToNotify, uint32_t ulValue, eNotifyAction eAction, uint32_t *pulPreviousNotificationValue, BaseType_t *pxHigherPriorityTaskWoken );
+ *
BaseType_t xTaskNotifyAndQueryFromISR( TaskHandle_t xTaskToNotify, uint32_t ulValue, eNotifyAction eAction, uint32_t *pulPreviousNotificationValue, BaseType_t *pxHigherPriorityTaskWoken );
+ * + * See https://www.FreeRTOS.org/RTOS-task-notifications.html for details. + * + * xTaskNotifyAndQueryIndexedFromISR() performs the same operation as + * xTaskNotifyIndexedFromISR() with the addition that it also returns the + * subject task's prior notification value (the notification value at the time + * the function is called rather than at the time the function returns) in the + * additional pulPreviousNotifyValue parameter. + * + * xTaskNotifyAndQueryFromISR() performs the same operation as + * xTaskNotifyFromISR() with the addition that it also returns the subject + * task's prior notification value (the notification value at the time the + * function is called rather than at the time the function returns) in the + * additional pulPreviousNotifyValue parameter. + * + * \defgroup xTaskNotifyAndQueryIndexedFromISR xTaskNotifyAndQueryIndexedFromISR + * \ingroup TaskNotifications + */ +/** + * task. h + *
+ * BaseType_t xTaskNotifyWaitIndexed( UBaseType_t uxIndexToWaitOn, uint32_t ulBitsToClearOnEntry, uint32_t ulBitsToClearOnExit, uint32_t *pulNotificationValue, TickType_t xTicksToWait );
+ *
+ * BaseType_t xTaskNotifyWait( uint32_t ulBitsToClearOnEntry, uint32_t ulBitsToClearOnExit, uint32_t *pulNotificationValue, TickType_t xTicksToWait );
+ * 
+ * + * Waits for a direct to task notification to be pending at a given index within + * an array of direct to task notifications. + * + * See https://www.FreeRTOS.org/RTOS-task-notifications.html for details. + * + * configUSE_TASK_NOTIFICATIONS must be undefined or defined as 1 for this + * function to be available. + * + * Each task has a private array of "notification values" (or 'notifications'), + * each of which is a 32-bit unsigned integer (uint32_t). The constant + * configTASK_NOTIFICATION_ARRAY_ENTRIES sets the number of indexes in the + * array, and (for backward compatibility) defaults to 1 if left undefined. + * Prior to FreeRTOS V10.4.0 there was only one notification value per task. + * + * Events can be sent to a task using an intermediary object. Examples of such + * objects are queues, semaphores, mutexes and event groups. Task notifications + * are a method of sending an event directly to a task without the need for such + * an intermediary object. + * + * A notification sent to a task can optionally perform an action, such as + * update, overwrite or increment one of the task's notification values. In + * that way task notifications can be used to send data to a task, or be used as + * light weight and fast binary or counting semaphores. + * + * A notification sent to a task will remain pending until it is cleared by the + * task calling xTaskNotifyWaitIndexed() or ulTaskNotifyTakeIndexed() (or their + * un-indexed equivalents). If the task was already in the Blocked state to + * wait for a notification when the notification arrives then the task will + * automatically be removed from the Blocked state (unblocked) and the + * notification cleared. + * + * A task can use xTaskNotifyWaitIndexed() to [optionally] block to wait for a + * notification to be pending, or ulTaskNotifyTakeIndexed() to [optionally] block + * to wait for a notification value to have a non-zero value. The task does + * not consume any CPU time while it is in the Blocked state. + * + * **NOTE** Each notification within the array operates independently - a task + * can only block on one notification within the array at a time and will not be + * unblocked by a notification sent to any other array index. + * + * Backward compatibility information: + * Prior to FreeRTOS V10.4.0 each task had a single "notification value", and + * all task notification API functions operated on that value. Replacing the + * single notification value with an array of notification values necessitated a + * new set of API functions that could address specific notifications within the + * array. xTaskNotifyWait() is the original API function, and remains backward + * compatible by always operating on the notification value at index 0 in the + * array. Calling xTaskNotifyWait() is equivalent to calling + * xTaskNotifyWaitIndexed() with the uxIndexToWaitOn parameter set to 0. + * + * @param uxIndexToWaitOn The index within the calling task's array of + * notification values on which the calling task will wait for a notification to + * be received. uxIndexToWaitOn must be less than + * configTASK_NOTIFICATION_ARRAY_ENTRIES. xTaskNotifyWait() does + * not have this parameter and always waits for notifications on index 0. + * + * @param ulBitsToClearOnEntry Bits that are set in ulBitsToClearOnEntry value + * will be cleared in the calling task's notification value before the task + * checks to see if any notifications are pending, and optionally blocks if no + * notifications are pending. Setting ulBitsToClearOnEntry to ULONG_MAX (if + * limits.h is included) or 0xffffffffUL (if limits.h is not included) will have + * the effect of resetting the task's notification value to 0. Setting + * ulBitsToClearOnEntry to 0 will leave the task's notification value unchanged. + * + * @param ulBitsToClearOnExit If a notification is pending or received before + * the calling task exits the xTaskNotifyWait() function then the task's + * notification value (see the xTaskNotify() API function) is passed out using + * the pulNotificationValue parameter. Then any bits that are set in + * ulBitsToClearOnExit will be cleared in the task's notification value (note + * *pulNotificationValue is set before any bits are cleared). Setting + * ulBitsToClearOnExit to ULONG_MAX (if limits.h is included) or 0xffffffffUL + * (if limits.h is not included) will have the effect of resetting the task's + * notification value to 0 before the function exits. Setting + * ulBitsToClearOnExit to 0 will leave the task's notification value unchanged + * when the function exits (in which case the value passed out in + * pulNotificationValue will match the task's notification value). + * + * @param pulNotificationValue Used to pass the task's notification value out + * of the function. Note the value passed out will not be effected by the + * clearing of any bits caused by ulBitsToClearOnExit being non-zero. + * + * @param xTicksToWait The maximum amount of time that the task should wait in + * the Blocked state for a notification to be received, should a notification + * not already be pending when xTaskNotifyWait() was called. The task + * will not consume any processing time while it is in the Blocked state. This + * is specified in kernel ticks, the macro pdMS_TO_TICKS( value_in_ms ) can be + * used to convert a time specified in milliseconds to a time specified in + * ticks. + * + * @return If a notification was received (including notifications that were + * already pending when xTaskNotifyWait was called) then pdPASS is + * returned. Otherwise pdFAIL is returned. + * + * \defgroup xTaskNotifyWaitIndexed xTaskNotifyWaitIndexed + * \ingroup TaskNotifications + */ +BaseType_t xTaskGenericNotifyWait( UBaseType_t uxIndexToWaitOn, + uint32_t ulBitsToClearOnEntry, + uint32_t ulBitsToClearOnExit, + uint32_t * pulNotificationValue, + TickType_t xTicksToWait ) ; +/** + * task. h + *
BaseType_t xTaskNotifyGiveIndexed( TaskHandle_t xTaskToNotify, UBaseType_t uxIndexToNotify );
+ *
BaseType_t xTaskNotifyGive( TaskHandle_t xTaskToNotify );
+ * + * Sends a direct to task notification to a particular index in the target + * task's notification array in a manner similar to giving a counting semaphore. + * + * See https://www.FreeRTOS.org/RTOS-task-notifications.html for more details. + * + * configUSE_TASK_NOTIFICATIONS must be undefined or defined as 1 for these + * macros to be available. + * + * Each task has a private array of "notification values" (or 'notifications'), + * each of which is a 32-bit unsigned integer (uint32_t). The constant + * configTASK_NOTIFICATION_ARRAY_ENTRIES sets the number of indexes in the + * array, and (for backward compatibility) defaults to 1 if left undefined. + * Prior to FreeRTOS V10.4.0 there was only one notification value per task. + * + * Events can be sent to a task using an intermediary object. Examples of such + * objects are queues, semaphores, mutexes and event groups. Task notifications + * are a method of sending an event directly to a task without the need for such + * an intermediary object. + * + * A notification sent to a task can optionally perform an action, such as + * update, overwrite or increment one of the task's notification values. In + * that way task notifications can be used to send data to a task, or be used as + * light weight and fast binary or counting semaphores. + * + * xTaskNotifyGiveIndexed() is a helper macro intended for use when task + * notifications are used as light weight and faster binary or counting + * semaphore equivalents. Actual FreeRTOS semaphores are given using the + * xSemaphoreGive() API function, the equivalent action that instead uses a task + * notification is xTaskNotifyGiveIndexed(). + * + * When task notifications are being used as a binary or counting semaphore + * equivalent then the task being notified should wait for the notification + * using the ulTaskNotificationTakeIndexed() API function rather than the + * xTaskNotifyWaitIndexed() API function. + * + * **NOTE** Each notification within the array operates independently - a task + * can only block on one notification within the array at a time and will not be + * unblocked by a notification sent to any other array index. + * + * Backward compatibility information: + * Prior to FreeRTOS V10.4.0 each task had a single "notification value", and + * all task notification API functions operated on that value. Replacing the + * single notification value with an array of notification values necessitated a + * new set of API functions that could address specific notifications within the + * array. xTaskNotifyGive() is the original API function, and remains backward + * compatible by always operating on the notification value at index 0 in the + * array. Calling xTaskNotifyGive() is equivalent to calling + * xTaskNotifyGiveIndexed() with the uxIndexToNotify parameter set to 0. + * + * @param xTaskToNotify The handle of the task being notified. The handle to a + * task can be returned from the xTaskCreate() API function used to create the + * task, and the handle of the currently running task can be obtained by calling + * xTaskGetCurrentTaskHandle(). + * + * @param uxIndexToNotify The index within the target task's array of + * notification values to which the notification is to be sent. uxIndexToNotify + * must be less than configTASK_NOTIFICATION_ARRAY_ENTRIES. xTaskNotifyGive() + * does not have this parameter and always sends notifications to index 0. + * + * @return xTaskNotifyGive() is a macro that calls xTaskNotify() with the + * eAction parameter set to eIncrement - so pdPASS is always returned. + * + * \defgroup xTaskNotifyGiveIndexed xTaskNotifyGiveIndexed + * \ingroup TaskNotifications + */ +/** + * task. h + *
void vTaskNotifyGiveIndexedFromISR( TaskHandle_t xTaskHandle, UBaseType_t uxIndexToNotify, BaseType_t *pxHigherPriorityTaskWoken );
+ *
void vTaskNotifyGiveFromISR( TaskHandle_t xTaskHandle, BaseType_t *pxHigherPriorityTaskWoken );
+ * + * A version of xTaskNotifyGiveIndexed() that can be called from an interrupt + * service routine (ISR). + * + * See https://www.FreeRTOS.org/RTOS-task-notifications.html for more details. + * + * configUSE_TASK_NOTIFICATIONS must be undefined or defined as 1 for this macro + * to be available. + * + * Each task has a private array of "notification values" (or 'notifications'), + * each of which is a 32-bit unsigned integer (uint32_t). The constant + * configTASK_NOTIFICATION_ARRAY_ENTRIES sets the number of indexes in the + * array, and (for backward compatibility) defaults to 1 if left undefined. + * Prior to FreeRTOS V10.4.0 there was only one notification value per task. + * + * Events can be sent to a task using an intermediary object. Examples of such + * objects are queues, semaphores, mutexes and event groups. Task notifications + * are a method of sending an event directly to a task without the need for such + * an intermediary object. + * + * A notification sent to a task can optionally perform an action, such as + * update, overwrite or increment one of the task's notification values. In + * that way task notifications can be used to send data to a task, or be used as + * light weight and fast binary or counting semaphores. + * + * vTaskNotifyGiveIndexedFromISR() is intended for use when task notifications + * are used as light weight and faster binary or counting semaphore equivalents. + * Actual FreeRTOS semaphores are given from an ISR using the + * xSemaphoreGiveFromISR() API function, the equivalent action that instead uses + * a task notification is vTaskNotifyGiveIndexedFromISR(). + * + * When task notifications are being used as a binary or counting semaphore + * equivalent then the task being notified should wait for the notification + * using the ulTaskNotificationTakeIndexed() API function rather than the + * xTaskNotifyWaitIndexed() API function. + * + * **NOTE** Each notification within the array operates independently - a task + * can only block on one notification within the array at a time and will not be + * unblocked by a notification sent to any other array index. + * + * Backward compatibility information: + * Prior to FreeRTOS V10.4.0 each task had a single "notification value", and + * all task notification API functions operated on that value. Replacing the + * single notification value with an array of notification values necessitated a + * new set of API functions that could address specific notifications within the + * array. xTaskNotifyFromISR() is the original API function, and remains + * backward compatible by always operating on the notification value at index 0 + * within the array. Calling xTaskNotifyGiveFromISR() is equivalent to calling + * xTaskNotifyGiveIndexedFromISR() with the uxIndexToNotify parameter set to 0. + * + * @param xTaskToNotify The handle of the task being notified. The handle to a + * task can be returned from the xTaskCreate() API function used to create the + * task, and the handle of the currently running task can be obtained by calling + * xTaskGetCurrentTaskHandle(). + * + * @param uxIndexToNotify The index within the target task's array of + * notification values to which the notification is to be sent. uxIndexToNotify + * must be less than configTASK_NOTIFICATION_ARRAY_ENTRIES. + * xTaskNotifyGiveFromISR() does not have this parameter and always sends + * notifications to index 0. + * + * @param pxHigherPriorityTaskWoken vTaskNotifyGiveFromISR() will set + * *pxHigherPriorityTaskWoken to pdTRUE if sending the notification caused the + * task to which the notification was sent to leave the Blocked state, and the + * unblocked task has a priority higher than the currently running task. If + * vTaskNotifyGiveFromISR() sets this value to pdTRUE then a context switch + * should be requested before the interrupt is exited. How a context switch is + * requested from an ISR is dependent on the port - see the documentation page + * for the port in use. + * + * \defgroup vTaskNotifyGiveIndexedFromISR vTaskNotifyGiveIndexedFromISR + * \ingroup TaskNotifications + */ +void vTaskGenericNotifyGiveFromISR( TaskHandle_t xTaskToNotify, + UBaseType_t uxIndexToNotify, + BaseType_t * pxHigherPriorityTaskWoken ) ; +/** + * task. h + *
+ * uint32_t ulTaskNotifyTakeIndexed( UBaseType_t uxIndexToWaitOn, BaseType_t xClearCountOnExit, TickType_t xTicksToWait );
+ *
+ * uint32_t ulTaskNotifyTake( BaseType_t xClearCountOnExit, TickType_t xTicksToWait );
+ * 
+ * + * Waits for a direct to task notification on a particular index in the calling + * task's notification array in a manner similar to taking a counting semaphore. + * + * See https://www.FreeRTOS.org/RTOS-task-notifications.html for details. + * + * configUSE_TASK_NOTIFICATIONS must be undefined or defined as 1 for this + * function to be available. + * + * Each task has a private array of "notification values" (or 'notifications'), + * each of which is a 32-bit unsigned integer (uint32_t). The constant + * configTASK_NOTIFICATION_ARRAY_ENTRIES sets the number of indexes in the + * array, and (for backward compatibility) defaults to 1 if left undefined. + * Prior to FreeRTOS V10.4.0 there was only one notification value per task. + * + * Events can be sent to a task using an intermediary object. Examples of such + * objects are queues, semaphores, mutexes and event groups. Task notifications + * are a method of sending an event directly to a task without the need for such + * an intermediary object. + * + * A notification sent to a task can optionally perform an action, such as + * update, overwrite or increment one of the task's notification values. In + * that way task notifications can be used to send data to a task, or be used as + * light weight and fast binary or counting semaphores. + * + * ulTaskNotifyTakeIndexed() is intended for use when a task notification is + * used as a faster and lighter weight binary or counting semaphore alternative. + * Actual FreeRTOS semaphores are taken using the xSemaphoreTake() API function, + * the equivalent action that instead uses a task notification is + * ulTaskNotifyTakeIndexed(). + * + * When a task is using its notification value as a binary or counting semaphore + * other tasks should send notifications to it using the xTaskNotifyGiveIndexed() + * macro, or xTaskNotifyIndex() function with the eAction parameter set to + * eIncrement. + * + * ulTaskNotifyTakeIndexed() can either clear the task's notification value at + * the array index specified by the uxIndexToWaitOn parameter to zero on exit, + * in which case the notification value acts like a binary semaphore, or + * decrement the notification value on exit, in which case the notification + * value acts like a counting semaphore. + * + * A task can use ulTaskNotifyTakeIndexed() to [optionally] block to wait for + * a notification. The task does not consume any CPU time while it is in the + * Blocked state. + * + * Where as xTaskNotifyWaitIndexed() will return when a notification is pending, + * ulTaskNotifyTakeIndexed() will return when the task's notification value is + * not zero. + * + * **NOTE** Each notification within the array operates independently - a task + * can only block on one notification within the array at a time and will not be + * unblocked by a notification sent to any other array index. + * + * Backward compatibility information: + * Prior to FreeRTOS V10.4.0 each task had a single "notification value", and + * all task notification API functions operated on that value. Replacing the + * single notification value with an array of notification values necessitated a + * new set of API functions that could address specific notifications within the + * array. ulTaskNotifyTake() is the original API function, and remains backward + * compatible by always operating on the notification value at index 0 in the + * array. Calling ulTaskNotifyTake() is equivalent to calling + * ulTaskNotifyTakeIndexed() with the uxIndexToWaitOn parameter set to 0. + * + * @param uxIndexToWaitOn The index within the calling task's array of + * notification values on which the calling task will wait for a notification to + * be non-zero. uxIndexToWaitOn must be less than + * configTASK_NOTIFICATION_ARRAY_ENTRIES. xTaskNotifyTake() does + * not have this parameter and always waits for notifications on index 0. + * + * @param xClearCountOnExit if xClearCountOnExit is pdFALSE then the task's + * notification value is decremented when the function exits. In this way the + * notification value acts like a counting semaphore. If xClearCountOnExit is + * not pdFALSE then the task's notification value is cleared to zero when the + * function exits. In this way the notification value acts like a binary + * semaphore. + * + * @param xTicksToWait The maximum amount of time that the task should wait in + * the Blocked state for the task's notification value to be greater than zero, + * should the count not already be greater than zero when + * ulTaskNotifyTake() was called. The task will not consume any processing + * time while it is in the Blocked state. This is specified in kernel ticks, + * the macro pdMS_TO_TICKS( value_in_ms ) can be used to convert a time + * specified in milliseconds to a time specified in ticks. + * + * @return The task's notification count before it is either cleared to zero or + * decremented (see the xClearCountOnExit parameter). + * + * \defgroup ulTaskNotifyTakeIndexed ulTaskNotifyTakeIndexed + * \ingroup TaskNotifications + */ +uint32_t ulTaskGenericNotifyTake( UBaseType_t uxIndexToWaitOn, + BaseType_t xClearCountOnExit, + TickType_t xTicksToWait ) ; +/** + * task. h + *
+ * BaseType_t xTaskNotifyStateClearIndexed( TaskHandle_t xTask, UBaseType_t uxIndexToCLear );
+ *
+ * BaseType_t xTaskNotifyStateClear( TaskHandle_t xTask );
+ * 
+ * + * See https://www.FreeRTOS.org/RTOS-task-notifications.html for details. + * + * configUSE_TASK_NOTIFICATIONS must be undefined or defined as 1 for these + * functions to be available. + * + * Each task has a private array of "notification values" (or 'notifications'), + * each of which is a 32-bit unsigned integer (uint32_t). The constant + * configTASK_NOTIFICATION_ARRAY_ENTRIES sets the number of indexes in the + * array, and (for backward compatibility) defaults to 1 if left undefined. + * Prior to FreeRTOS V10.4.0 there was only one notification value per task. + * + * If a notification is sent to an index within the array of notifications then + * the notification at that index is said to be 'pending' until it is read or + * explicitly cleared by the receiving task. xTaskNotifyStateClearIndexed() + * is the function that clears a pending notification without reading the + * notification value. The notification value at the same array index is not + * altered. Set xTask to NULL to clear the notification state of the calling + * task. + * + * Backward compatibility information: + * Prior to FreeRTOS V10.4.0 each task had a single "notification value", and + * all task notification API functions operated on that value. Replacing the + * single notification value with an array of notification values necessitated a + * new set of API functions that could address specific notifications within the + * array. xTaskNotifyStateClear() is the original API function, and remains + * backward compatible by always operating on the notification value at index 0 + * within the array. Calling xTaskNotifyStateClear() is equivalent to calling + * xTaskNotifyStateClearIndexed() with the uxIndexToNotify parameter set to 0. + * + * @param xTask The handle of the RTOS task that will have a notification state + * cleared. Set xTask to NULL to clear a notification state in the calling + * task. To obtain a task's handle create the task using xTaskCreate() and + * make use of the pxCreatedTask parameter, or create the task using + * xTaskCreateStatic() and store the returned value, or use the task's name in + * a call to xTaskGetHandle(). + * + * @param uxIndexToClear The index within the target task's array of + * notification values to act upon. For example, setting uxIndexToClear to 1 + * will clear the state of the notification at index 1 within the array. + * uxIndexToClear must be less than configTASK_NOTIFICATION_ARRAY_ENTRIES. + * ulTaskNotifyStateClear() does not have this parameter and always acts on the + * notification at index 0. + * + * @return pdTRUE if the task's notification state was set to + * eNotWaitingNotification, otherwise pdFALSE. + * + * \defgroup xTaskNotifyStateClearIndexed xTaskNotifyStateClearIndexed + * \ingroup TaskNotifications + */ +BaseType_t xTaskGenericNotifyStateClear( TaskHandle_t xTask, + UBaseType_t uxIndexToClear ) ; +/** + * task. h + *
+ * uint32_t ulTaskNotifyValueClearIndexed( TaskHandle_t xTask, UBaseType_t uxIndexToClear, uint32_t ulBitsToClear );
+ *
+ * uint32_t ulTaskNotifyValueClear( TaskHandle_t xTask, uint32_t ulBitsToClear );
+ * 
+ * + * See https://www.FreeRTOS.org/RTOS-task-notifications.html for details. + * + * configUSE_TASK_NOTIFICATIONS must be undefined or defined as 1 for these + * functions to be available. + * + * Each task has a private array of "notification values" (or 'notifications'), + * each of which is a 32-bit unsigned integer (uint32_t). The constant + * configTASK_NOTIFICATION_ARRAY_ENTRIES sets the number of indexes in the + * array, and (for backward compatibility) defaults to 1 if left undefined. + * Prior to FreeRTOS V10.4.0 there was only one notification value per task. + * + * ulTaskNotifyValueClearIndexed() clears the bits specified by the + * ulBitsToClear bit mask in the notification value at array index uxIndexToClear + * of the task referenced by xTask. + * + * Backward compatibility information: + * Prior to FreeRTOS V10.4.0 each task had a single "notification value", and + * all task notification API functions operated on that value. Replacing the + * single notification value with an array of notification values necessitated a + * new set of API functions that could address specific notifications within the + * array. ulTaskNotifyValueClear() is the original API function, and remains + * backward compatible by always operating on the notification value at index 0 + * within the array. Calling ulTaskNotifyValueClear() is equivalent to calling + * ulTaskNotifyValueClearIndexed() with the uxIndexToClear parameter set to 0. + * + * @param xTask The handle of the RTOS task that will have bits in one of its + * notification values cleared. Set xTask to NULL to clear bits in a + * notification value of the calling task. To obtain a task's handle create the + * task using xTaskCreate() and make use of the pxCreatedTask parameter, or + * create the task using xTaskCreateStatic() and store the returned value, or + * use the task's name in a call to xTaskGetHandle(). + * + * @param uxIndexToClear The index within the target task's array of + * notification values in which to clear the bits. uxIndexToClear + * must be less than configTASK_NOTIFICATION_ARRAY_ENTRIES. + * ulTaskNotifyValueClear() does not have this parameter and always clears bits + * in the notification value at index 0. + * + * @param ulBitsToClear Bit mask of the bits to clear in the notification value of + * xTask. Set a bit to 1 to clear the corresponding bits in the task's notification + * value. Set ulBitsToClear to 0xffffffff (UINT_MAX on 32-bit architectures) to clear + * the notification value to 0. Set ulBitsToClear to 0 to query the task's + * notification value without clearing any bits. + * + * + * @return The value of the target task's notification value before the bits + * specified by ulBitsToClear were cleared. + * \defgroup ulTaskNotifyValueClear ulTaskNotifyValueClear + * \ingroup TaskNotifications + */ +uint32_t ulTaskGenericNotifyValueClear( TaskHandle_t xTask, + UBaseType_t uxIndexToClear, + uint32_t ulBitsToClear ) ; +/** + * task.h + *
+ * void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut );
+ * 
+ * + * Capture the current time for future use with xTaskCheckForTimeOut(). + * + * @param pxTimeOut Pointer to a timeout object into which the current time + * is to be captured. The captured time includes the tick count and the number + * of times the tick count has overflowed since the system first booted. + * \defgroup vTaskSetTimeOutState vTaskSetTimeOutState + * \ingroup TaskCtrl + */ +void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut ) ; +/** + * task.h + *
+ * BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut, TickType_t * const pxTicksToWait );
+ * 
+ * + * Determines if pxTicksToWait ticks has passed since a time was captured + * using a call to vTaskSetTimeOutState(). The captured time includes the tick + * count and the number of times the tick count has overflowed. + * + * @param pxTimeOut The time status as captured previously using + * vTaskSetTimeOutState. If the timeout has not yet occurred, it is updated + * to reflect the current time status. + * @param pxTicksToWait The number of ticks to check for timeout i.e. if + * pxTicksToWait ticks have passed since pxTimeOut was last updated (either by + * vTaskSetTimeOutState() or xTaskCheckForTimeOut()), the timeout has occurred. + * If the timeout has not occurred, pxTicksToWait is updated to reflect the + * number of remaining ticks. + * + * @return If timeout has occurred, pdTRUE is returned. Otherwise pdFALSE is + * returned and pxTicksToWait is updated to reflect the number of remaining + * ticks. + * + * @see https://www.FreeRTOS.org/xTaskCheckForTimeOut.html + * + * Example Usage: + *
+ *  // Driver library function used to receive uxWantedBytes from an Rx buffer
+ *  // that is filled by a UART interrupt. If there are not enough bytes in the
+ *  // Rx buffer then the task enters the Blocked state until it is notified that
+ *  // more data has been placed into the buffer. If there is still not enough
+ *  // data then the task re-enters the Blocked state, and xTaskCheckForTimeOut()
+ *  // is used to re-calculate the Block time to ensure the total amount of time
+ *  // spent in the Blocked state does not exceed MAX_TIME_TO_WAIT. This
+ *  // continues until either the buffer contains at least uxWantedBytes bytes,
+ *  // or the total amount of time spent in the Blocked state reaches
+ *  // MAX_TIME_TO_WAIT – at which point the task reads however many bytes are
+ *  // available up to a maximum of uxWantedBytes.
+ *
+ *  size_t xUART_Receive( uint8_t *pucBuffer, size_t uxWantedBytes )
+ *  {
+ *  size_t uxReceived = 0;
+ *  TickType_t xTicksToWait = MAX_TIME_TO_WAIT;
+ *  TimeOut_t xTimeOut;
+ *
+ *      // Initialize xTimeOut.  This records the time at which this function
+ *      // was entered.
+ *      vTaskSetTimeOutState( &xTimeOut );
+ *
+ *      // Loop until the buffer contains the wanted number of bytes, or a
+ *      // timeout occurs.
+ *      while( UART_bytes_in_rx_buffer( pxUARTInstance ) < uxWantedBytes )
+ *      {
+ *          // The buffer didn't contain enough data so this task is going to
+ *          // enter the Blocked state. Adjusting xTicksToWait to account for
+ *          // any time that has been spent in the Blocked state within this
+ *          // function so far to ensure the total amount of time spent in the
+ *          // Blocked state does not exceed MAX_TIME_TO_WAIT.
+ *          if( xTaskCheckForTimeOut( &xTimeOut, &xTicksToWait ) != pdFALSE )
+ *          {
+ *              //Timed out before the wanted number of bytes were available,
+ *              // exit the loop.
+ *              break;
+ *          }
+ *
+ *          // Wait for a maximum of xTicksToWait ticks to be notified that the
+ *          // receive interrupt has placed more data into the buffer.
+ *          ulTaskNotifyTake( pdTRUE, xTicksToWait );
+ *      }
+ *
+ *      // Attempt to read uxWantedBytes from the receive buffer into pucBuffer.
+ *      // The actual number of bytes read (which might be less than
+ *      // uxWantedBytes) is returned.
+ *      uxReceived = UART_read_from_receive_buffer( pxUARTInstance,
+ *                                                  pucBuffer,
+ *                                                  uxWantedBytes );
+ *
+ *      return uxReceived;
+ *  }
+ * 
+ * \defgroup xTaskCheckForTimeOut xTaskCheckForTimeOut + * \ingroup TaskCtrl + */ +BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut, + TickType_t * const pxTicksToWait ) ; +/** + * task.h + *
+ * BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp );
+ * 
+ * + * This function corrects the tick count value after the application code has held + * interrupts disabled for an extended period resulting in tick interrupts having + * been missed. + * + * This function is similar to vTaskStepTick(), however, unlike + * vTaskStepTick(), xTaskCatchUpTicks() may move the tick count forward past a + * time at which a task should be removed from the blocked state. That means + * tasks may have to be removed from the blocked state as the tick count is + * moved. + * + * @param xTicksToCatchUp The number of tick interrupts that have been missed due to + * interrupts being disabled. Its value is not computed automatically, so must be + * computed by the application writer. + * + * @return pdTRUE if moving the tick count forward resulted in a task leaving the + * blocked state and a context switch being performed. Otherwise pdFALSE. + * + * \defgroup xTaskCatchUpTicks xTaskCatchUpTicks + * \ingroup TaskCtrl + */ +BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp ) ; +/*----------------------------------------------------------- +* SCHEDULER INTERNALS AVAILABLE FOR PORTING PURPOSES +*----------------------------------------------------------*/ +/* + * THIS FUNCTION MUST NOT BE USED FROM APPLICATION CODE. IT IS ONLY + * INTENDED FOR USE WHEN IMPLEMENTING A PORT OF THE SCHEDULER AND IS + * AN INTERFACE WHICH IS FOR THE EXCLUSIVE USE OF THE SCHEDULER. + * + * Called from the real time kernel tick (either preemptive or cooperative), + * this increments the tick count and checks if any tasks that are blocked + * for a finite period required removing from a blocked list and placing on + * a ready list. If a non-zero value is returned then a context switch is + * required because either: + * + A task was removed from a blocked list because its timeout had expired, + * or + * + Time slicing is in use and there is a task of equal priority to the + * currently running task. + */ +BaseType_t xTaskIncrementTick( void ) ; +/* + * THIS FUNCTION MUST NOT BE USED FROM APPLICATION CODE. IT IS AN + * INTERFACE WHICH IS FOR THE EXCLUSIVE USE OF THE SCHEDULER. + * + * THIS FUNCTION MUST BE CALLED WITH INTERRUPTS DISABLED. + * + * Removes the calling task from the ready list and places it both + * on the list of tasks waiting for a particular event, and the + * list of delayed tasks. The task will be removed from both lists + * and replaced on the ready list should either the event occur (and + * there be no higher priority tasks waiting on the same event) or + * the delay period expires. + * + * The 'unordered' version replaces the event list item value with the + * xItemValue value, and inserts the list item at the end of the list. + * + * The 'ordered' version uses the existing event list item value (which is the + * owning task's priority) to insert the list item into the event list in task + * priority order. + * + * @param pxEventList The list containing tasks that are blocked waiting + * for the event to occur. + * + * @param xItemValue The item value to use for the event list item when the + * event list is not ordered by task priority. + * + * @param xTicksToWait The maximum amount of time that the task should wait + * for the event to occur. This is specified in kernel ticks, the constant + * portTICK_PERIOD_MS can be used to convert kernel ticks into a real time + * period. + */ +void vTaskPlaceOnEventList( List_t * const pxEventList, + const TickType_t xTicksToWait ) ; +void vTaskPlaceOnUnorderedEventList( List_t * pxEventList, + const TickType_t xItemValue, + const TickType_t xTicksToWait ) ; +/* + * THIS FUNCTION MUST NOT BE USED FROM APPLICATION CODE. IT IS AN + * INTERFACE WHICH IS FOR THE EXCLUSIVE USE OF THE SCHEDULER. + * + * THIS FUNCTION MUST BE CALLED WITH INTERRUPTS DISABLED. + * + * This function performs nearly the same function as vTaskPlaceOnEventList(). + * The difference being that this function does not permit tasks to block + * indefinitely, whereas vTaskPlaceOnEventList() does. + * + */ +void vTaskPlaceOnEventListRestricted( List_t * const pxEventList, + TickType_t xTicksToWait, + const BaseType_t xWaitIndefinitely ) ; +/* + * THIS FUNCTION MUST NOT BE USED FROM APPLICATION CODE. IT IS AN + * INTERFACE WHICH IS FOR THE EXCLUSIVE USE OF THE SCHEDULER. + * + * THIS FUNCTION MUST BE CALLED WITH INTERRUPTS DISABLED. + * + * Removes a task from both the specified event list and the list of blocked + * tasks, and places it on a ready queue. + * + * xTaskRemoveFromEventList()/vTaskRemoveFromUnorderedEventList() will be called + * if either an event occurs to unblock a task, or the block timeout period + * expires. + * + * xTaskRemoveFromEventList() is used when the event list is in task priority + * order. It removes the list item from the head of the event list as that will + * have the highest priority owning task of all the tasks on the event list. + * vTaskRemoveFromUnorderedEventList() is used when the event list is not + * ordered and the event list items hold something other than the owning tasks + * priority. In this case the event list item value is updated to the value + * passed in the xItemValue parameter. + * + * @return pdTRUE if the task being removed has a higher priority than the task + * making the call, otherwise pdFALSE. + */ +BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList ) ; +void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem, + const TickType_t xItemValue ) ; +/* + * THIS FUNCTION MUST NOT BE USED FROM APPLICATION CODE. IT IS ONLY + * INTENDED FOR USE WHEN IMPLEMENTING A PORT OF THE SCHEDULER AND IS + * AN INTERFACE WHICH IS FOR THE EXCLUSIVE USE OF THE SCHEDULER. + * + * Sets the pointer to the current TCB to the TCB of the highest priority task + * that is ready to run. + */ +__attribute__( ( used ) ) void vTaskSwitchContext( BaseType_t xCoreID ) ; +/* + * THESE FUNCTIONS MUST NOT BE USED FROM APPLICATION CODE. THEY ARE USED BY + * THE EVENT BITS MODULE. + */ +TickType_t uxTaskResetEventItemValue( void ) ; +/* + * Return the handle of the calling task. + */ +TaskHandle_t xTaskGetCurrentTaskHandle( void ) ; +/* + * Return the handle of the task running on specified core. + */ +TaskHandle_t xTaskGetCurrentTaskHandleCPU( UBaseType_t xCoreID ) ; +/* + * Shortcut used by the queue implementation to prevent unnecessary call to + * taskYIELD(); + */ +void vTaskMissedYield( void ) ; +/* + * Returns the scheduler state as taskSCHEDULER_RUNNING, + * taskSCHEDULER_NOT_STARTED or taskSCHEDULER_SUSPENDED. + */ +BaseType_t xTaskGetSchedulerState( void ) ; +/* + * Raises the priority of the mutex holder to that of the calling task should + * the mutex holder have a priority less than the calling task. + */ +BaseType_t xTaskPriorityInherit( TaskHandle_t const pxMutexHolder ) ; +/* + * Set the priority of a task back to its proper priority in the case that it + * inherited a higher priority while it was holding a semaphore. + */ +BaseType_t xTaskPriorityDisinherit( TaskHandle_t const pxMutexHolder ) ; +/* + * If a higher priority task attempting to obtain a mutex caused a lower + * priority task to inherit the higher priority task's priority - but the higher + * priority task then timed out without obtaining the mutex, then the lower + * priority task will disinherit the priority again - but only down as far as + * the highest priority task that is still waiting for the mutex (if there were + * more than one task waiting for the mutex). + */ +void vTaskPriorityDisinheritAfterTimeout( TaskHandle_t const pxMutexHolder, + UBaseType_t uxHighestPriorityWaitingTask ) ; +/* + * Get the uxTCBNumber assigned to the task referenced by the xTask parameter. + */ +UBaseType_t uxTaskGetTaskNumber( TaskHandle_t xTask ) ; +/* + * Set the uxTaskNumber of the task referenced by the xTask parameter to + * uxHandle. + */ +void vTaskSetTaskNumber( TaskHandle_t xTask, + const UBaseType_t uxHandle ) ; +/* + * Only available when configUSE_TICKLESS_IDLE is set to 1. + * If tickless mode is being used, or a low power mode is implemented, then + * the tick interrupt will not execute during idle periods. When this is the + * case, the tick count value maintained by the scheduler needs to be kept up + * to date with the actual execution time by being skipped forward by a time + * equal to the idle period. + */ +void vTaskStepTick( const TickType_t xTicksToJump ) ; +/* + * Only available when configUSE_TICKLESS_IDLE is set to 1. + * Provided for use within portSUPPRESS_TICKS_AND_SLEEP() to allow the port + * specific sleep function to determine if it is ok to proceed with the sleep, + * and if it is ok to proceed, if it is ok to sleep indefinitely. + * + * This function is necessary because portSUPPRESS_TICKS_AND_SLEEP() is only + * called with the scheduler suspended, not from within a critical section. It + * is therefore possible for an interrupt to request a context switch between + * portSUPPRESS_TICKS_AND_SLEEP() and the low power mode actually being + * entered. eTaskConfirmSleepModeStatus() should be called from a short + * critical section between the timer being stopped and the sleep mode being + * entered to ensure it is ok to proceed into the sleep mode. + */ +eSleepModeStatus eTaskConfirmSleepModeStatus( void ) ; +/* + * For internal use only. Increment the mutex held count when a mutex is + * taken and return the handle of the task that has taken the mutex. + */ +TaskHandle_t pvTaskIncrementMutexHeldCount( void ) ; +/* + * For internal use only. Same as vTaskSetTimeOutState(), but without a critical + * section. + */ +void vTaskInternalSetTimeOutState( TimeOut_t * const pxTimeOut ) ; +/* + * For internal use only. Same as portYIELD_WITHIN_API() in single core FreeRTOS. + * For SMP this is not defined by the port. + */ +void vTaskYieldWithinAPI( void ); +/* *INDENT-OFF* */ +/* *INDENT-ON* */ +/* + * FreeRTOS Kernel V10.4.3 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * https://www.FreeRTOS.org + * https://github.com/FreeRTOS + * + */ +/*lint -save -e537 This headers are only multiply included if the application code + * happens to also be including task.h. */ +/*lint -restore */ +/* *INDENT-OFF* */ +/* *INDENT-ON* */ +/*----------------------------------------------------------- +* MACROS AND DEFINITIONS +*----------------------------------------------------------*/ +/* IDs for commands that can be sent/received on the timer queue. These are to + * be used solely through the macros that make up the public software timer API, + * as defined below. The commands that are sent from interrupts must use the + * highest numbers as tmrFIRST_FROM_ISR_COMMAND is used to determine if the task + * or interrupt version of the queue send function should be used. */ +/** + * Type by which software timers are referenced. For example, a call to + * xTimerCreate() returns an TimerHandle_t variable that can then be used to + * reference the subject timer in calls to other software timer API functions + * (for example, xTimerStart(), xTimerReset(), etc.). + */ +struct tmrTimerControl; /* The old naming convention is used to prevent breaking kernel aware debuggers. */ +typedef struct tmrTimerControl * TimerHandle_t; +/* + * Defines the prototype to which timer callback functions must conform. + */ +typedef void (* TimerCallbackFunction_t)( TimerHandle_t xTimer ); +/* + * Defines the prototype to which functions used with the + * xTimerPendFunctionCallFromISR() function must conform. + */ +typedef void (* PendedFunction_t)( void *, + uint32_t ); +/** + * TimerHandle_t xTimerCreate( const char * const pcTimerName, + * TickType_t xTimerPeriodInTicks, + * UBaseType_t uxAutoReload, + * void * pvTimerID, + * TimerCallbackFunction_t pxCallbackFunction ); + * + * Creates a new software timer instance, and returns a handle by which the + * created software timer can be referenced. + * + * Internally, within the FreeRTOS implementation, software timers use a block + * of memory, in which the timer data structure is stored. If a software timer + * is created using xTimerCreate() then the required memory is automatically + * dynamically allocated inside the xTimerCreate() function. (see + * https://www.FreeRTOS.org/a00111.html). If a software timer is created using + * xTimerCreateStatic() then the application writer must provide the memory that + * will get used by the software timer. xTimerCreateStatic() therefore allows a + * software timer to be created without using any dynamic memory allocation. + * + * Timers are created in the dormant state. The xTimerStart(), xTimerReset(), + * xTimerStartFromISR(), xTimerResetFromISR(), xTimerChangePeriod() and + * xTimerChangePeriodFromISR() API functions can all be used to transition a + * timer into the active state. + * + * @param pcTimerName A text name that is assigned to the timer. This is done + * purely to assist debugging. The kernel itself only ever references a timer + * by its handle, and never by its name. + * + * @param xTimerPeriodInTicks The timer period. The time is defined in tick + * periods so the constant portTICK_PERIOD_MS can be used to convert a time that + * has been specified in milliseconds. For example, if the timer must expire + * after 100 ticks, then xTimerPeriodInTicks should be set to 100. + * Alternatively, if the timer must expire after 500ms, then xPeriod can be set + * to ( 500 / portTICK_PERIOD_MS ) provided configTICK_RATE_HZ is less than or + * equal to 1000. Time timer period must be greater than 0. + * + * @param uxAutoReload If uxAutoReload is set to pdTRUE then the timer will + * expire repeatedly with a frequency set by the xTimerPeriodInTicks parameter. + * If uxAutoReload is set to pdFALSE then the timer will be a one-shot timer and + * enter the dormant state after it expires. + * + * @param pvTimerID An identifier that is assigned to the timer being created. + * Typically this would be used in the timer callback function to identify which + * timer expired when the same callback function is assigned to more than one + * timer. + * + * @param pxCallbackFunction The function to call when the timer expires. + * Callback functions must have the prototype defined by TimerCallbackFunction_t, + * which is "void vCallbackFunction( TimerHandle_t xTimer );". + * + * @return If the timer is successfully created then a handle to the newly + * created timer is returned. If the timer cannot be created because there is + * insufficient FreeRTOS heap remaining to allocate the timer + * structures then NULL is returned. + * + * Example usage: + * @verbatim + * #define NUM_TIMERS 5 + * + * // An array to hold handles to the created timers. + * TimerHandle_t xTimers[ NUM_TIMERS ]; + * + * // An array to hold a count of the number of times each timer expires. + * int32_t lExpireCounters[ NUM_TIMERS ] = { 0 }; + * + * // Define a callback function that will be used by multiple timer instances. + * // The callback function does nothing but count the number of times the + * // associated timer expires, and stop the timer once the timer has expired + * // 10 times. + * void vTimerCallback( TimerHandle_t pxTimer ) + * { + * int32_t lArrayIndex; + * const int32_t xMaxExpiryCountBeforeStopping = 10; + * + * // Optionally do something if the pxTimer parameter is NULL. + * configASSERT( pxTimer ); + * + * // Which timer expired? + * lArrayIndex = ( int32_t ) pvTimerGetTimerID( pxTimer ); + * + * // Increment the number of times that pxTimer has expired. + * lExpireCounters[ lArrayIndex ] += 1; + * + * // If the timer has expired 10 times then stop it from running. + * if( lExpireCounters[ lArrayIndex ] == xMaxExpiryCountBeforeStopping ) + * { + * // Do not use a block time if calling a timer API function from a + * // timer callback function, as doing so could cause a deadlock! + * xTimerStop( pxTimer, 0 ); + * } + * } + * + * void main( void ) + * { + * int32_t x; + * + * // Create then start some timers. Starting the timers before the scheduler + * // has been started means the timers will start running immediately that + * // the scheduler starts. + * for( x = 0; x < NUM_TIMERS; x++ ) + * { + * xTimers[ x ] = xTimerCreate( "Timer", // Just a text name, not used by the kernel. + * ( 100 * x ), // The timer period in ticks. + * pdTRUE, // The timers will auto-reload themselves when they expire. + * ( void * ) x, // Assign each timer a unique id equal to its array index. + * vTimerCallback // Each timer calls the same callback when it expires. + * ); + * + * if( xTimers[ x ] == NULL ) + * { + * // The timer was not created. + * } + * else + * { + * // Start the timer. No block time is specified, and even if one was + * // it would be ignored because the scheduler has not yet been + * // started. + * if( xTimerStart( xTimers[ x ], 0 ) != pdPASS ) + * { + * // The timer could not be set into the Active state. + * } + * } + * } + * + * // ... + * // Create tasks here. + * // ... + * + * // Starting the scheduler will start the timers running as they have already + * // been set into the active state. + * vTaskStartScheduler(); + * + * // Should not reach here. + * for( ;; ); + * } + * @endverbatim + */ + TimerHandle_t xTimerCreate( const char * const pcTimerName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + const TickType_t xTimerPeriodInTicks, + const UBaseType_t uxAutoReload, + void * const pvTimerID, + TimerCallbackFunction_t pxCallbackFunction ) ; +/** + * TimerHandle_t xTimerCreateStatic(const char * const pcTimerName, + * TickType_t xTimerPeriodInTicks, + * UBaseType_t uxAutoReload, + * void * pvTimerID, + * TimerCallbackFunction_t pxCallbackFunction, + * StaticTimer_t *pxTimerBuffer ); + * + * Creates a new software timer instance, and returns a handle by which the + * created software timer can be referenced. + * + * Internally, within the FreeRTOS implementation, software timers use a block + * of memory, in which the timer data structure is stored. If a software timer + * is created using xTimerCreate() then the required memory is automatically + * dynamically allocated inside the xTimerCreate() function. (see + * https://www.FreeRTOS.org/a00111.html). If a software timer is created using + * xTimerCreateStatic() then the application writer must provide the memory that + * will get used by the software timer. xTimerCreateStatic() therefore allows a + * software timer to be created without using any dynamic memory allocation. + * + * Timers are created in the dormant state. The xTimerStart(), xTimerReset(), + * xTimerStartFromISR(), xTimerResetFromISR(), xTimerChangePeriod() and + * xTimerChangePeriodFromISR() API functions can all be used to transition a + * timer into the active state. + * + * @param pcTimerName A text name that is assigned to the timer. This is done + * purely to assist debugging. The kernel itself only ever references a timer + * by its handle, and never by its name. + * + * @param xTimerPeriodInTicks The timer period. The time is defined in tick + * periods so the constant portTICK_PERIOD_MS can be used to convert a time that + * has been specified in milliseconds. For example, if the timer must expire + * after 100 ticks, then xTimerPeriodInTicks should be set to 100. + * Alternatively, if the timer must expire after 500ms, then xPeriod can be set + * to ( 500 / portTICK_PERIOD_MS ) provided configTICK_RATE_HZ is less than or + * equal to 1000. The timer period must be greater than 0. + * + * @param uxAutoReload If uxAutoReload is set to pdTRUE then the timer will + * expire repeatedly with a frequency set by the xTimerPeriodInTicks parameter. + * If uxAutoReload is set to pdFALSE then the timer will be a one-shot timer and + * enter the dormant state after it expires. + * + * @param pvTimerID An identifier that is assigned to the timer being created. + * Typically this would be used in the timer callback function to identify which + * timer expired when the same callback function is assigned to more than one + * timer. + * + * @param pxCallbackFunction The function to call when the timer expires. + * Callback functions must have the prototype defined by TimerCallbackFunction_t, + * which is "void vCallbackFunction( TimerHandle_t xTimer );". + * + * @param pxTimerBuffer Must point to a variable of type StaticTimer_t, which + * will be then be used to hold the software timer's data structures, removing + * the need for the memory to be allocated dynamically. + * + * @return If the timer is created then a handle to the created timer is + * returned. If pxTimerBuffer was NULL then NULL is returned. + * + * Example usage: + * @verbatim + * + * // The buffer used to hold the software timer's data structure. + * static StaticTimer_t xTimerBuffer; + * + * // A variable that will be incremented by the software timer's callback + * // function. + * UBaseType_t uxVariableToIncrement = 0; + * + * // A software timer callback function that increments a variable passed to + * // it when the software timer was created. After the 5th increment the + * // callback function stops the software timer. + * static void prvTimerCallback( TimerHandle_t xExpiredTimer ) + * { + * UBaseType_t *puxVariableToIncrement; + * BaseType_t xReturned; + * + * // Obtain the address of the variable to increment from the timer ID. + * puxVariableToIncrement = ( UBaseType_t * ) pvTimerGetTimerID( xExpiredTimer ); + * + * // Increment the variable to show the timer callback has executed. + * ( *puxVariableToIncrement )++; + * + * // If this callback has executed the required number of times, stop the + * // timer. + * if( *puxVariableToIncrement == 5 ) + * { + * // This is called from a timer callback so must not block. + * xTimerStop( xExpiredTimer, staticDONT_BLOCK ); + * } + * } + * + * + * void main( void ) + * { + * // Create the software time. xTimerCreateStatic() has an extra parameter + * // than the normal xTimerCreate() API function. The parameter is a pointer + * // to the StaticTimer_t structure that will hold the software timer + * // structure. If the parameter is passed as NULL then the structure will be + * // allocated dynamically, just as if xTimerCreate() had been called. + * xTimer = xTimerCreateStatic( "T1", // Text name for the task. Helps debugging only. Not used by FreeRTOS. + * xTimerPeriod, // The period of the timer in ticks. + * pdTRUE, // This is an auto-reload timer. + * ( void * ) &uxVariableToIncrement, // A variable incremented by the software timer's callback function + * prvTimerCallback, // The function to execute when the timer expires. + * &xTimerBuffer ); // The buffer that will hold the software timer structure. + * + * // The scheduler has not started yet so a block time is not used. + * xReturned = xTimerStart( xTimer, 0 ); + * + * // ... + * // Create tasks here. + * // ... + * + * // Starting the scheduler will start the timers running as they have already + * // been set into the active state. + * vTaskStartScheduler(); + * + * // Should not reach here. + * for( ;; ); + * } + * @endverbatim + */ +/** + * void *pvTimerGetTimerID( TimerHandle_t xTimer ); + * + * Returns the ID assigned to the timer. + * + * IDs are assigned to timers using the pvTimerID parameter of the call to + * xTimerCreated() that was used to create the timer, and by calling the + * vTimerSetTimerID() API function. + * + * If the same callback function is assigned to multiple timers then the timer + * ID can be used as time specific (timer local) storage. + * + * @param xTimer The timer being queried. + * + * @return The ID assigned to the timer being queried. + * + * Example usage: + * + * See the xTimerCreate() API function example usage scenario. + */ +void * pvTimerGetTimerID( const TimerHandle_t xTimer ) ; +/** + * void vTimerSetTimerID( TimerHandle_t xTimer, void *pvNewID ); + * + * Sets the ID assigned to the timer. + * + * IDs are assigned to timers using the pvTimerID parameter of the call to + * xTimerCreated() that was used to create the timer. + * + * If the same callback function is assigned to multiple timers then the timer + * ID can be used as time specific (timer local) storage. + * + * @param xTimer The timer being updated. + * + * @param pvNewID The ID to assign to the timer. + * + * Example usage: + * + * See the xTimerCreate() API function example usage scenario. + */ +void vTimerSetTimerID( TimerHandle_t xTimer, + void * pvNewID ) ; +/** + * BaseType_t xTimerIsTimerActive( TimerHandle_t xTimer ); + * + * Queries a timer to see if it is active or dormant. + * + * A timer will be dormant if: + * 1) It has been created but not started, or + * 2) It is an expired one-shot timer that has not been restarted. + * + * Timers are created in the dormant state. The xTimerStart(), xTimerReset(), + * xTimerStartFromISR(), xTimerResetFromISR(), xTimerChangePeriod() and + * xTimerChangePeriodFromISR() API functions can all be used to transition a timer into the + * active state. + * + * @param xTimer The timer being queried. + * + * @return pdFALSE will be returned if the timer is dormant. A value other than + * pdFALSE will be returned if the timer is active. + * + * Example usage: + * @verbatim + * // This function assumes xTimer has already been created. + * void vAFunction( TimerHandle_t xTimer ) + * { + * if( xTimerIsTimerActive( xTimer ) != pdFALSE ) // or more simply and equivalently "if( xTimerIsTimerActive( xTimer ) )" + * { + * // xTimer is active, do something. + * } + * else + * { + * // xTimer is not active, do something else. + * } + * } + * @endverbatim + */ +BaseType_t xTimerIsTimerActive( TimerHandle_t xTimer ) ; +/** + * TaskHandle_t xTimerGetTimerDaemonTaskHandle( void ); + * + * Simply returns the handle of the timer service/daemon task. It it not valid + * to call xTimerGetTimerDaemonTaskHandle() before the scheduler has been started. + */ +TaskHandle_t xTimerGetTimerDaemonTaskHandle( void ) ; +/** + * BaseType_t xTimerStart( TimerHandle_t xTimer, TickType_t xTicksToWait ); + * + * Timer functionality is provided by a timer service/daemon task. Many of the + * public FreeRTOS timer API functions send commands to the timer service task + * through a queue called the timer command queue. The timer command queue is + * private to the kernel itself and is not directly accessible to application + * code. The length of the timer command queue is set by the + * configTIMER_QUEUE_LENGTH configuration constant. + * + * xTimerStart() starts a timer that was previously created using the + * xTimerCreate() API function. If the timer had already been started and was + * already in the active state, then xTimerStart() has equivalent functionality + * to the xTimerReset() API function. + * + * Starting a timer ensures the timer is in the active state. If the timer + * is not stopped, deleted, or reset in the mean time, the callback function + * associated with the timer will get called 'n' ticks after xTimerStart() was + * called, where 'n' is the timers defined period. + * + * It is valid to call xTimerStart() before the scheduler has been started, but + * when this is done the timer will not actually start until the scheduler is + * started, and the timers expiry time will be relative to when the scheduler is + * started, not relative to when xTimerStart() was called. + * + * The configUSE_TIMERS configuration constant must be set to 1 for xTimerStart() + * to be available. + * + * @param xTimer The handle of the timer being started/restarted. + * + * @param xTicksToWait Specifies the time, in ticks, that the calling task should + * be held in the Blocked state to wait for the start command to be successfully + * sent to the timer command queue, should the queue already be full when + * xTimerStart() was called. xTicksToWait is ignored if xTimerStart() is called + * before the scheduler is started. + * + * @return pdFAIL will be returned if the start command could not be sent to + * the timer command queue even after xTicksToWait ticks had passed. pdPASS will + * be returned if the command was successfully sent to the timer command queue. + * When the command is actually processed will depend on the priority of the + * timer service/daemon task relative to other tasks in the system, although the + * timers expiry time is relative to when xTimerStart() is actually called. The + * timer service/daemon task priority is set by the configTIMER_TASK_PRIORITY + * configuration constant. + * + * Example usage: + * + * See the xTimerCreate() API function example usage scenario. + * + */ +/** + * BaseType_t xTimerStop( TimerHandle_t xTimer, TickType_t xTicksToWait ); + * + * Timer functionality is provided by a timer service/daemon task. Many of the + * public FreeRTOS timer API functions send commands to the timer service task + * through a queue called the timer command queue. The timer command queue is + * private to the kernel itself and is not directly accessible to application + * code. The length of the timer command queue is set by the + * configTIMER_QUEUE_LENGTH configuration constant. + * + * xTimerStop() stops a timer that was previously started using either of the + * The xTimerStart(), xTimerReset(), xTimerStartFromISR(), xTimerResetFromISR(), + * xTimerChangePeriod() or xTimerChangePeriodFromISR() API functions. + * + * Stopping a timer ensures the timer is not in the active state. + * + * The configUSE_TIMERS configuration constant must be set to 1 for xTimerStop() + * to be available. + * + * @param xTimer The handle of the timer being stopped. + * + * @param xTicksToWait Specifies the time, in ticks, that the calling task should + * be held in the Blocked state to wait for the stop command to be successfully + * sent to the timer command queue, should the queue already be full when + * xTimerStop() was called. xTicksToWait is ignored if xTimerStop() is called + * before the scheduler is started. + * + * @return pdFAIL will be returned if the stop command could not be sent to + * the timer command queue even after xTicksToWait ticks had passed. pdPASS will + * be returned if the command was successfully sent to the timer command queue. + * When the command is actually processed will depend on the priority of the + * timer service/daemon task relative to other tasks in the system. The timer + * service/daemon task priority is set by the configTIMER_TASK_PRIORITY + * configuration constant. + * + * Example usage: + * + * See the xTimerCreate() API function example usage scenario. + * + */ +/** + * BaseType_t xTimerChangePeriod( TimerHandle_t xTimer, + * TickType_t xNewPeriod, + * TickType_t xTicksToWait ); + * + * Timer functionality is provided by a timer service/daemon task. Many of the + * public FreeRTOS timer API functions send commands to the timer service task + * through a queue called the timer command queue. The timer command queue is + * private to the kernel itself and is not directly accessible to application + * code. The length of the timer command queue is set by the + * configTIMER_QUEUE_LENGTH configuration constant. + * + * xTimerChangePeriod() changes the period of a timer that was previously + * created using the xTimerCreate() API function. + * + * xTimerChangePeriod() can be called to change the period of an active or + * dormant state timer. + * + * The configUSE_TIMERS configuration constant must be set to 1 for + * xTimerChangePeriod() to be available. + * + * @param xTimer The handle of the timer that is having its period changed. + * + * @param xNewPeriod The new period for xTimer. Timer periods are specified in + * tick periods, so the constant portTICK_PERIOD_MS can be used to convert a time + * that has been specified in milliseconds. For example, if the timer must + * expire after 100 ticks, then xNewPeriod should be set to 100. Alternatively, + * if the timer must expire after 500ms, then xNewPeriod can be set to + * ( 500 / portTICK_PERIOD_MS ) provided configTICK_RATE_HZ is less than + * or equal to 1000. + * + * @param xTicksToWait Specifies the time, in ticks, that the calling task should + * be held in the Blocked state to wait for the change period command to be + * successfully sent to the timer command queue, should the queue already be + * full when xTimerChangePeriod() was called. xTicksToWait is ignored if + * xTimerChangePeriod() is called before the scheduler is started. + * + * @return pdFAIL will be returned if the change period command could not be + * sent to the timer command queue even after xTicksToWait ticks had passed. + * pdPASS will be returned if the command was successfully sent to the timer + * command queue. When the command is actually processed will depend on the + * priority of the timer service/daemon task relative to other tasks in the + * system. The timer service/daemon task priority is set by the + * configTIMER_TASK_PRIORITY configuration constant. + * + * Example usage: + * @verbatim + * // This function assumes xTimer has already been created. If the timer + * // referenced by xTimer is already active when it is called, then the timer + * // is deleted. If the timer referenced by xTimer is not active when it is + * // called, then the period of the timer is set to 500ms and the timer is + * // started. + * void vAFunction( TimerHandle_t xTimer ) + * { + * if( xTimerIsTimerActive( xTimer ) != pdFALSE ) // or more simply and equivalently "if( xTimerIsTimerActive( xTimer ) )" + * { + * // xTimer is already active - delete it. + * xTimerDelete( xTimer ); + * } + * else + * { + * // xTimer is not active, change its period to 500ms. This will also + * // cause the timer to start. Block for a maximum of 100 ticks if the + * // change period command cannot immediately be sent to the timer + * // command queue. + * if( xTimerChangePeriod( xTimer, 500 / portTICK_PERIOD_MS, 100 ) == pdPASS ) + * { + * // The command was successfully sent. + * } + * else + * { + * // The command could not be sent, even after waiting for 100 ticks + * // to pass. Take appropriate action here. + * } + * } + * } + * @endverbatim + */ +/** + * BaseType_t xTimerDelete( TimerHandle_t xTimer, TickType_t xTicksToWait ); + * + * Timer functionality is provided by a timer service/daemon task. Many of the + * public FreeRTOS timer API functions send commands to the timer service task + * through a queue called the timer command queue. The timer command queue is + * private to the kernel itself and is not directly accessible to application + * code. The length of the timer command queue is set by the + * configTIMER_QUEUE_LENGTH configuration constant. + * + * xTimerDelete() deletes a timer that was previously created using the + * xTimerCreate() API function. + * + * The configUSE_TIMERS configuration constant must be set to 1 for + * xTimerDelete() to be available. + * + * @param xTimer The handle of the timer being deleted. + * + * @param xTicksToWait Specifies the time, in ticks, that the calling task should + * be held in the Blocked state to wait for the delete command to be + * successfully sent to the timer command queue, should the queue already be + * full when xTimerDelete() was called. xTicksToWait is ignored if xTimerDelete() + * is called before the scheduler is started. + * + * @return pdFAIL will be returned if the delete command could not be sent to + * the timer command queue even after xTicksToWait ticks had passed. pdPASS will + * be returned if the command was successfully sent to the timer command queue. + * When the command is actually processed will depend on the priority of the + * timer service/daemon task relative to other tasks in the system. The timer + * service/daemon task priority is set by the configTIMER_TASK_PRIORITY + * configuration constant. + * + * Example usage: + * + * See the xTimerChangePeriod() API function example usage scenario. + */ +/** + * BaseType_t xTimerReset( TimerHandle_t xTimer, TickType_t xTicksToWait ); + * + * Timer functionality is provided by a timer service/daemon task. Many of the + * public FreeRTOS timer API functions send commands to the timer service task + * through a queue called the timer command queue. The timer command queue is + * private to the kernel itself and is not directly accessible to application + * code. The length of the timer command queue is set by the + * configTIMER_QUEUE_LENGTH configuration constant. + * + * xTimerReset() re-starts a timer that was previously created using the + * xTimerCreate() API function. If the timer had already been started and was + * already in the active state, then xTimerReset() will cause the timer to + * re-evaluate its expiry time so that it is relative to when xTimerReset() was + * called. If the timer was in the dormant state then xTimerReset() has + * equivalent functionality to the xTimerStart() API function. + * + * Resetting a timer ensures the timer is in the active state. If the timer + * is not stopped, deleted, or reset in the mean time, the callback function + * associated with the timer will get called 'n' ticks after xTimerReset() was + * called, where 'n' is the timers defined period. + * + * It is valid to call xTimerReset() before the scheduler has been started, but + * when this is done the timer will not actually start until the scheduler is + * started, and the timers expiry time will be relative to when the scheduler is + * started, not relative to when xTimerReset() was called. + * + * The configUSE_TIMERS configuration constant must be set to 1 for xTimerReset() + * to be available. + * + * @param xTimer The handle of the timer being reset/started/restarted. + * + * @param xTicksToWait Specifies the time, in ticks, that the calling task should + * be held in the Blocked state to wait for the reset command to be successfully + * sent to the timer command queue, should the queue already be full when + * xTimerReset() was called. xTicksToWait is ignored if xTimerReset() is called + * before the scheduler is started. + * + * @return pdFAIL will be returned if the reset command could not be sent to + * the timer command queue even after xTicksToWait ticks had passed. pdPASS will + * be returned if the command was successfully sent to the timer command queue. + * When the command is actually processed will depend on the priority of the + * timer service/daemon task relative to other tasks in the system, although the + * timers expiry time is relative to when xTimerStart() is actually called. The + * timer service/daemon task priority is set by the configTIMER_TASK_PRIORITY + * configuration constant. + * + * Example usage: + * @verbatim + * // When a key is pressed, an LCD back-light is switched on. If 5 seconds pass + * // without a key being pressed, then the LCD back-light is switched off. In + * // this case, the timer is a one-shot timer. + * + * TimerHandle_t xBacklightTimer = NULL; + * + * // The callback function assigned to the one-shot timer. In this case the + * // parameter is not used. + * void vBacklightTimerCallback( TimerHandle_t pxTimer ) + * { + * // The timer expired, therefore 5 seconds must have passed since a key + * // was pressed. Switch off the LCD back-light. + * vSetBacklightState( BACKLIGHT_OFF ); + * } + * + * // The key press event handler. + * void vKeyPressEventHandler( char cKey ) + * { + * // Ensure the LCD back-light is on, then reset the timer that is + * // responsible for turning the back-light off after 5 seconds of + * // key inactivity. Wait 10 ticks for the command to be successfully sent + * // if it cannot be sent immediately. + * vSetBacklightState( BACKLIGHT_ON ); + * if( xTimerReset( xBacklightTimer, 100 ) != pdPASS ) + * { + * // The reset command was not executed successfully. Take appropriate + * // action here. + * } + * + * // Perform the rest of the key processing here. + * } + * + * void main( void ) + * { + * int32_t x; + * + * // Create then start the one-shot timer that is responsible for turning + * // the back-light off if no keys are pressed within a 5 second period. + * xBacklightTimer = xTimerCreate( "BacklightTimer", // Just a text name, not used by the kernel. + * ( 5000 / portTICK_PERIOD_MS), // The timer period in ticks. + * pdFALSE, // The timer is a one-shot timer. + * 0, // The id is not used by the callback so can take any value. + * vBacklightTimerCallback // The callback function that switches the LCD back-light off. + * ); + * + * if( xBacklightTimer == NULL ) + * { + * // The timer was not created. + * } + * else + * { + * // Start the timer. No block time is specified, and even if one was + * // it would be ignored because the scheduler has not yet been + * // started. + * if( xTimerStart( xBacklightTimer, 0 ) != pdPASS ) + * { + * // The timer could not be set into the Active state. + * } + * } + * + * // ... + * // Create tasks here. + * // ... + * + * // Starting the scheduler will start the timer running as it has already + * // been set into the active state. + * vTaskStartScheduler(); + * + * // Should not reach here. + * for( ;; ); + * } + * @endverbatim + */ +/** + * BaseType_t xTimerStartFromISR( TimerHandle_t xTimer, + * BaseType_t *pxHigherPriorityTaskWoken ); + * + * A version of xTimerStart() that can be called from an interrupt service + * routine. + * + * @param xTimer The handle of the timer being started/restarted. + * + * @param pxHigherPriorityTaskWoken The timer service/daemon task spends most + * of its time in the Blocked state, waiting for messages to arrive on the timer + * command queue. Calling xTimerStartFromISR() writes a message to the timer + * command queue, so has the potential to transition the timer service/daemon + * task out of the Blocked state. If calling xTimerStartFromISR() causes the + * timer service/daemon task to leave the Blocked state, and the timer service/ + * daemon task has a priority equal to or greater than the currently executing + * task (the task that was interrupted), then *pxHigherPriorityTaskWoken will + * get set to pdTRUE internally within the xTimerStartFromISR() function. If + * xTimerStartFromISR() sets this value to pdTRUE then a context switch should + * be performed before the interrupt exits. + * + * @return pdFAIL will be returned if the start command could not be sent to + * the timer command queue. pdPASS will be returned if the command was + * successfully sent to the timer command queue. When the command is actually + * processed will depend on the priority of the timer service/daemon task + * relative to other tasks in the system, although the timers expiry time is + * relative to when xTimerStartFromISR() is actually called. The timer + * service/daemon task priority is set by the configTIMER_TASK_PRIORITY + * configuration constant. + * + * Example usage: + * @verbatim + * // This scenario assumes xBacklightTimer has already been created. When a + * // key is pressed, an LCD back-light is switched on. If 5 seconds pass + * // without a key being pressed, then the LCD back-light is switched off. In + * // this case, the timer is a one-shot timer, and unlike the example given for + * // the xTimerReset() function, the key press event handler is an interrupt + * // service routine. + * + * // The callback function assigned to the one-shot timer. In this case the + * // parameter is not used. + * void vBacklightTimerCallback( TimerHandle_t pxTimer ) + * { + * // The timer expired, therefore 5 seconds must have passed since a key + * // was pressed. Switch off the LCD back-light. + * vSetBacklightState( BACKLIGHT_OFF ); + * } + * + * // The key press interrupt service routine. + * void vKeyPressEventInterruptHandler( void ) + * { + * BaseType_t xHigherPriorityTaskWoken = pdFALSE; + * + * // Ensure the LCD back-light is on, then restart the timer that is + * // responsible for turning the back-light off after 5 seconds of + * // key inactivity. This is an interrupt service routine so can only + * // call FreeRTOS API functions that end in "FromISR". + * vSetBacklightState( BACKLIGHT_ON ); + * + * // xTimerStartFromISR() or xTimerResetFromISR() could be called here + * // as both cause the timer to re-calculate its expiry time. + * // xHigherPriorityTaskWoken was initialised to pdFALSE when it was + * // declared (in this function). + * if( xTimerStartFromISR( xBacklightTimer, &xHigherPriorityTaskWoken ) != pdPASS ) + * { + * // The start command was not executed successfully. Take appropriate + * // action here. + * } + * + * // Perform the rest of the key processing here. + * + * // If xHigherPriorityTaskWoken equals pdTRUE, then a context switch + * // should be performed. The syntax required to perform a context switch + * // from inside an ISR varies from port to port, and from compiler to + * // compiler. Inspect the demos for the port you are using to find the + * // actual syntax required. + * if( xHigherPriorityTaskWoken != pdFALSE ) + * { + * // Call the interrupt safe yield function here (actual function + * // depends on the FreeRTOS port being used). + * } + * } + * @endverbatim + */ +/** + * BaseType_t xTimerStopFromISR( TimerHandle_t xTimer, + * BaseType_t *pxHigherPriorityTaskWoken ); + * + * A version of xTimerStop() that can be called from an interrupt service + * routine. + * + * @param xTimer The handle of the timer being stopped. + * + * @param pxHigherPriorityTaskWoken The timer service/daemon task spends most + * of its time in the Blocked state, waiting for messages to arrive on the timer + * command queue. Calling xTimerStopFromISR() writes a message to the timer + * command queue, so has the potential to transition the timer service/daemon + * task out of the Blocked state. If calling xTimerStopFromISR() causes the + * timer service/daemon task to leave the Blocked state, and the timer service/ + * daemon task has a priority equal to or greater than the currently executing + * task (the task that was interrupted), then *pxHigherPriorityTaskWoken will + * get set to pdTRUE internally within the xTimerStopFromISR() function. If + * xTimerStopFromISR() sets this value to pdTRUE then a context switch should + * be performed before the interrupt exits. + * + * @return pdFAIL will be returned if the stop command could not be sent to + * the timer command queue. pdPASS will be returned if the command was + * successfully sent to the timer command queue. When the command is actually + * processed will depend on the priority of the timer service/daemon task + * relative to other tasks in the system. The timer service/daemon task + * priority is set by the configTIMER_TASK_PRIORITY configuration constant. + * + * Example usage: + * @verbatim + * // This scenario assumes xTimer has already been created and started. When + * // an interrupt occurs, the timer should be simply stopped. + * + * // The interrupt service routine that stops the timer. + * void vAnExampleInterruptServiceRoutine( void ) + * { + * BaseType_t xHigherPriorityTaskWoken = pdFALSE; + * + * // The interrupt has occurred - simply stop the timer. + * // xHigherPriorityTaskWoken was set to pdFALSE where it was defined + * // (within this function). As this is an interrupt service routine, only + * // FreeRTOS API functions that end in "FromISR" can be used. + * if( xTimerStopFromISR( xTimer, &xHigherPriorityTaskWoken ) != pdPASS ) + * { + * // The stop command was not executed successfully. Take appropriate + * // action here. + * } + * + * // If xHigherPriorityTaskWoken equals pdTRUE, then a context switch + * // should be performed. The syntax required to perform a context switch + * // from inside an ISR varies from port to port, and from compiler to + * // compiler. Inspect the demos for the port you are using to find the + * // actual syntax required. + * if( xHigherPriorityTaskWoken != pdFALSE ) + * { + * // Call the interrupt safe yield function here (actual function + * // depends on the FreeRTOS port being used). + * } + * } + * @endverbatim + */ +/** + * BaseType_t xTimerChangePeriodFromISR( TimerHandle_t xTimer, + * TickType_t xNewPeriod, + * BaseType_t *pxHigherPriorityTaskWoken ); + * + * A version of xTimerChangePeriod() that can be called from an interrupt + * service routine. + * + * @param xTimer The handle of the timer that is having its period changed. + * + * @param xNewPeriod The new period for xTimer. Timer periods are specified in + * tick periods, so the constant portTICK_PERIOD_MS can be used to convert a time + * that has been specified in milliseconds. For example, if the timer must + * expire after 100 ticks, then xNewPeriod should be set to 100. Alternatively, + * if the timer must expire after 500ms, then xNewPeriod can be set to + * ( 500 / portTICK_PERIOD_MS ) provided configTICK_RATE_HZ is less than + * or equal to 1000. + * + * @param pxHigherPriorityTaskWoken The timer service/daemon task spends most + * of its time in the Blocked state, waiting for messages to arrive on the timer + * command queue. Calling xTimerChangePeriodFromISR() writes a message to the + * timer command queue, so has the potential to transition the timer service/ + * daemon task out of the Blocked state. If calling xTimerChangePeriodFromISR() + * causes the timer service/daemon task to leave the Blocked state, and the + * timer service/daemon task has a priority equal to or greater than the + * currently executing task (the task that was interrupted), then + * *pxHigherPriorityTaskWoken will get set to pdTRUE internally within the + * xTimerChangePeriodFromISR() function. If xTimerChangePeriodFromISR() sets + * this value to pdTRUE then a context switch should be performed before the + * interrupt exits. + * + * @return pdFAIL will be returned if the command to change the timers period + * could not be sent to the timer command queue. pdPASS will be returned if the + * command was successfully sent to the timer command queue. When the command + * is actually processed will depend on the priority of the timer service/daemon + * task relative to other tasks in the system. The timer service/daemon task + * priority is set by the configTIMER_TASK_PRIORITY configuration constant. + * + * Example usage: + * @verbatim + * // This scenario assumes xTimer has already been created and started. When + * // an interrupt occurs, the period of xTimer should be changed to 500ms. + * + * // The interrupt service routine that changes the period of xTimer. + * void vAnExampleInterruptServiceRoutine( void ) + * { + * BaseType_t xHigherPriorityTaskWoken = pdFALSE; + * + * // The interrupt has occurred - change the period of xTimer to 500ms. + * // xHigherPriorityTaskWoken was set to pdFALSE where it was defined + * // (within this function). As this is an interrupt service routine, only + * // FreeRTOS API functions that end in "FromISR" can be used. + * if( xTimerChangePeriodFromISR( xTimer, &xHigherPriorityTaskWoken ) != pdPASS ) + * { + * // The command to change the timers period was not executed + * // successfully. Take appropriate action here. + * } + * + * // If xHigherPriorityTaskWoken equals pdTRUE, then a context switch + * // should be performed. The syntax required to perform a context switch + * // from inside an ISR varies from port to port, and from compiler to + * // compiler. Inspect the demos for the port you are using to find the + * // actual syntax required. + * if( xHigherPriorityTaskWoken != pdFALSE ) + * { + * // Call the interrupt safe yield function here (actual function + * // depends on the FreeRTOS port being used). + * } + * } + * @endverbatim + */ +/** + * BaseType_t xTimerResetFromISR( TimerHandle_t xTimer, + * BaseType_t *pxHigherPriorityTaskWoken ); + * + * A version of xTimerReset() that can be called from an interrupt service + * routine. + * + * @param xTimer The handle of the timer that is to be started, reset, or + * restarted. + * + * @param pxHigherPriorityTaskWoken The timer service/daemon task spends most + * of its time in the Blocked state, waiting for messages to arrive on the timer + * command queue. Calling xTimerResetFromISR() writes a message to the timer + * command queue, so has the potential to transition the timer service/daemon + * task out of the Blocked state. If calling xTimerResetFromISR() causes the + * timer service/daemon task to leave the Blocked state, and the timer service/ + * daemon task has a priority equal to or greater than the currently executing + * task (the task that was interrupted), then *pxHigherPriorityTaskWoken will + * get set to pdTRUE internally within the xTimerResetFromISR() function. If + * xTimerResetFromISR() sets this value to pdTRUE then a context switch should + * be performed before the interrupt exits. + * + * @return pdFAIL will be returned if the reset command could not be sent to + * the timer command queue. pdPASS will be returned if the command was + * successfully sent to the timer command queue. When the command is actually + * processed will depend on the priority of the timer service/daemon task + * relative to other tasks in the system, although the timers expiry time is + * relative to when xTimerResetFromISR() is actually called. The timer service/daemon + * task priority is set by the configTIMER_TASK_PRIORITY configuration constant. + * + * Example usage: + * @verbatim + * // This scenario assumes xBacklightTimer has already been created. When a + * // key is pressed, an LCD back-light is switched on. If 5 seconds pass + * // without a key being pressed, then the LCD back-light is switched off. In + * // this case, the timer is a one-shot timer, and unlike the example given for + * // the xTimerReset() function, the key press event handler is an interrupt + * // service routine. + * + * // The callback function assigned to the one-shot timer. In this case the + * // parameter is not used. + * void vBacklightTimerCallback( TimerHandle_t pxTimer ) + * { + * // The timer expired, therefore 5 seconds must have passed since a key + * // was pressed. Switch off the LCD back-light. + * vSetBacklightState( BACKLIGHT_OFF ); + * } + * + * // The key press interrupt service routine. + * void vKeyPressEventInterruptHandler( void ) + * { + * BaseType_t xHigherPriorityTaskWoken = pdFALSE; + * + * // Ensure the LCD back-light is on, then reset the timer that is + * // responsible for turning the back-light off after 5 seconds of + * // key inactivity. This is an interrupt service routine so can only + * // call FreeRTOS API functions that end in "FromISR". + * vSetBacklightState( BACKLIGHT_ON ); + * + * // xTimerStartFromISR() or xTimerResetFromISR() could be called here + * // as both cause the timer to re-calculate its expiry time. + * // xHigherPriorityTaskWoken was initialised to pdFALSE when it was + * // declared (in this function). + * if( xTimerResetFromISR( xBacklightTimer, &xHigherPriorityTaskWoken ) != pdPASS ) + * { + * // The reset command was not executed successfully. Take appropriate + * // action here. + * } + * + * // Perform the rest of the key processing here. + * + * // If xHigherPriorityTaskWoken equals pdTRUE, then a context switch + * // should be performed. The syntax required to perform a context switch + * // from inside an ISR varies from port to port, and from compiler to + * // compiler. Inspect the demos for the port you are using to find the + * // actual syntax required. + * if( xHigherPriorityTaskWoken != pdFALSE ) + * { + * // Call the interrupt safe yield function here (actual function + * // depends on the FreeRTOS port being used). + * } + * } + * @endverbatim + */ +/** + * BaseType_t xTimerPendFunctionCallFromISR( PendedFunction_t xFunctionToPend, + * void *pvParameter1, + * uint32_t ulParameter2, + * BaseType_t *pxHigherPriorityTaskWoken ); + * + * + * Used from application interrupt service routines to defer the execution of a + * function to the RTOS daemon task (the timer service task, hence this function + * is implemented in timers.c and is prefixed with 'Timer'). + * + * Ideally an interrupt service routine (ISR) is kept as short as possible, but + * sometimes an ISR either has a lot of processing to do, or needs to perform + * processing that is not deterministic. In these cases + * xTimerPendFunctionCallFromISR() can be used to defer processing of a function + * to the RTOS daemon task. + * + * A mechanism is provided that allows the interrupt to return directly to the + * task that will subsequently execute the pended callback function. This + * allows the callback function to execute contiguously in time with the + * interrupt - just as if the callback had executed in the interrupt itself. + * + * @param xFunctionToPend The function to execute from the timer service/ + * daemon task. The function must conform to the PendedFunction_t + * prototype. + * + * @param pvParameter1 The value of the callback function's first parameter. + * The parameter has a void * type to allow it to be used to pass any type. + * For example, unsigned longs can be cast to a void *, or the void * can be + * used to point to a structure. + * + * @param ulParameter2 The value of the callback function's second parameter. + * + * @param pxHigherPriorityTaskWoken As mentioned above, calling this function + * will result in a message being sent to the timer daemon task. If the + * priority of the timer daemon task (which is set using + * configTIMER_TASK_PRIORITY in FreeRTOSConfig.h) is higher than the priority of + * the currently running task (the task the interrupt interrupted) then + * *pxHigherPriorityTaskWoken will be set to pdTRUE within + * xTimerPendFunctionCallFromISR(), indicating that a context switch should be + * requested before the interrupt exits. For that reason + * *pxHigherPriorityTaskWoken must be initialised to pdFALSE. See the + * example code below. + * + * @return pdPASS is returned if the message was successfully sent to the + * timer daemon task, otherwise pdFALSE is returned. + * + * Example usage: + * @verbatim + * + * // The callback function that will execute in the context of the daemon task. + * // Note callback functions must all use this same prototype. + * void vProcessInterface( void *pvParameter1, uint32_t ulParameter2 ) + * { + * BaseType_t xInterfaceToService; + * + * // The interface that requires servicing is passed in the second + * // parameter. The first parameter is not used in this case. + * xInterfaceToService = ( BaseType_t ) ulParameter2; + * + * // ...Perform the processing here... + * } + * + * // An ISR that receives data packets from multiple interfaces + * void vAnISR( void ) + * { + * BaseType_t xInterfaceToService, xHigherPriorityTaskWoken; + * + * // Query the hardware to determine which interface needs processing. + * xInterfaceToService = prvCheckInterfaces(); + * + * // The actual processing is to be deferred to a task. Request the + * // vProcessInterface() callback function is executed, passing in the + * // number of the interface that needs processing. The interface to + * // service is passed in the second parameter. The first parameter is + * // not used in this case. + * xHigherPriorityTaskWoken = pdFALSE; + * xTimerPendFunctionCallFromISR( vProcessInterface, NULL, ( uint32_t ) xInterfaceToService, &xHigherPriorityTaskWoken ); + * + * // If xHigherPriorityTaskWoken is now set to pdTRUE then a context + * // switch should be requested. The macro used is port specific and will + * // be either portYIELD_FROM_ISR() or portEND_SWITCHING_ISR() - refer to + * // the documentation page for the port being used. + * portYIELD_FROM_ISR( xHigherPriorityTaskWoken ); + * + * } + * @endverbatim + */ +BaseType_t xTimerPendFunctionCallFromISR( PendedFunction_t xFunctionToPend, + void * pvParameter1, + uint32_t ulParameter2, + BaseType_t * pxHigherPriorityTaskWoken ) ; +/** + * BaseType_t xTimerPendFunctionCall( PendedFunction_t xFunctionToPend, + * void *pvParameter1, + * uint32_t ulParameter2, + * TickType_t xTicksToWait ); + * + * + * Used to defer the execution of a function to the RTOS daemon task (the timer + * service task, hence this function is implemented in timers.c and is prefixed + * with 'Timer'). + * + * @param xFunctionToPend The function to execute from the timer service/ + * daemon task. The function must conform to the PendedFunction_t + * prototype. + * + * @param pvParameter1 The value of the callback function's first parameter. + * The parameter has a void * type to allow it to be used to pass any type. + * For example, unsigned longs can be cast to a void *, or the void * can be + * used to point to a structure. + * + * @param ulParameter2 The value of the callback function's second parameter. + * + * @param xTicksToWait Calling this function will result in a message being + * sent to the timer daemon task on a queue. xTicksToWait is the amount of + * time the calling task should remain in the Blocked state (so not using any + * processing time) for space to become available on the timer queue if the + * queue is found to be full. + * + * @return pdPASS is returned if the message was successfully sent to the + * timer daemon task, otherwise pdFALSE is returned. + * + */ +BaseType_t xTimerPendFunctionCall( PendedFunction_t xFunctionToPend, + void * pvParameter1, + uint32_t ulParameter2, + TickType_t xTicksToWait ) ; +/** + * const char * const pcTimerGetName( TimerHandle_t xTimer ); + * + * Returns the name that was assigned to a timer when the timer was created. + * + * @param xTimer The handle of the timer being queried. + * + * @return The name assigned to the timer specified by the xTimer parameter. + */ +const char * pcTimerGetName( TimerHandle_t xTimer ) ; /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ +/** + * void vTimerSetReloadMode( TimerHandle_t xTimer, const UBaseType_t uxAutoReload ); + * + * Updates a timer to be either an auto-reload timer, in which case the timer + * automatically resets itself each time it expires, or a one-shot timer, in + * which case the timer will only expire once unless it is manually restarted. + * + * @param xTimer The handle of the timer being updated. + * + * @param uxAutoReload If uxAutoReload is set to pdTRUE then the timer will + * expire repeatedly with a frequency set by the timer's period (see the + * xTimerPeriodInTicks parameter of the xTimerCreate() API function). If + * uxAutoReload is set to pdFALSE then the timer will be a one-shot timer and + * enter the dormant state after it expires. + */ +void vTimerSetReloadMode( TimerHandle_t xTimer, + const UBaseType_t uxAutoReload ) ; +/** + * UBaseType_t uxTimerGetReloadMode( TimerHandle_t xTimer ); + * + * Queries a timer to determine if it is an auto-reload timer, in which case the timer + * automatically resets itself each time it expires, or a one-shot timer, in + * which case the timer will only expire once unless it is manually restarted. + * + * @param xTimer The handle of the timer being queried. + * + * @return If the timer is an auto-reload timer then pdTRUE is returned, otherwise + * pdFALSE is returned. + */ +UBaseType_t uxTimerGetReloadMode( TimerHandle_t xTimer ) ; +/** + * TickType_t xTimerGetPeriod( TimerHandle_t xTimer ); + * + * Returns the period of a timer. + * + * @param xTimer The handle of the timer being queried. + * + * @return The period of the timer in ticks. + */ +TickType_t xTimerGetPeriod( TimerHandle_t xTimer ) ; +/** + * TickType_t xTimerGetExpiryTime( TimerHandle_t xTimer ); + * + * Returns the time in ticks at which the timer will expire. If this is less + * than the current tick count then the expiry time has overflowed from the + * current time. + * + * @param xTimer The handle of the timer being queried. + * + * @return If the timer is running then the time in ticks at which the timer + * will next expire is returned. If the timer is not running then the return + * value is undefined. + */ +TickType_t xTimerGetExpiryTime( TimerHandle_t xTimer ) ; +/* + * Functions beyond this part are not part of the public API and are intended + * for use by the kernel only. + */ +BaseType_t xTimerCreateTimerTask( void ) ; +/* + * Splitting the xTimerGenericCommand into two sub functions and making it a macro + * removes a recursion path when called from ISRs. This is primarily for the XCore + * XCC port which detects the recursion path and throws an error during compilation + * when this is not split. + */ +BaseType_t xTimerGenericCommandFromTask( TimerHandle_t xTimer, + const BaseType_t xCommandID, + const TickType_t xOptionalValue, + BaseType_t * const pxHigherPriorityTaskWoken, + const TickType_t xTicksToWait ) ; +BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer, + const BaseType_t xCommandID, + const TickType_t xOptionalValue, + BaseType_t * const pxHigherPriorityTaskWoken, + const TickType_t xTicksToWait ) ; + void vTimerSetTimerNumber( TimerHandle_t xTimer, + UBaseType_t uxTimerNumber ) ; + UBaseType_t uxTimerGetTimerNumber( TimerHandle_t xTimer ) ; +/* *INDENT-OFF* */ +/* *INDENT-ON* */ +/* + * FreeRTOS Kernel V10.4.3 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * https://www.FreeRTOS.org + * https://github.com/FreeRTOS + * + */ +/* + * Call the stack overflow hook function if the stack of the task being swapped + * out is currently overflowed, or looks like it might have overflowed in the + * past. + * + * Setting configCHECK_FOR_STACK_OVERFLOW to 1 will cause the macro to check + * the current stack state only - comparing the current top of stack value to + * the stack limit. Setting configCHECK_FOR_STACK_OVERFLOW to greater than 1 + * will also cause the last few stack bytes to be checked to ensure the value + * to which the bytes were set when the task was created have not been + * overwritten. Note this second test does not guarantee that an overflowed + * stack will always be recognised. + */ +/*-----------------------------------------------------------*/ +/* + * portSTACK_LIMIT_PADDING is a number of extra words to consider to be in + * use on the stack. + */ +/*-----------------------------------------------------------*/ +/*-----------------------------------------------------------*/ +/*-----------------------------------------------------------*/ +/*-----------------------------------------------------------*/ +/* Remove stack overflow macro if not being used. */ + +/* Lint e9021, e961 and e750 are suppressed as a MISRA exception justified + * because the MPU ports require MPU_WRAPPERS_INCLUDED_FROM_API_FILE to be defined + * for the header files above, but not in this file, in order to generate the + * correct privileged Vs unprivileged linkage and placement. */ +/* Set configUSE_STATS_FORMATTING_FUNCTIONS to 2 to include the stats formatting + * functions but without including stdio.h here. */ +/* Values that can be assigned to the ucNotifyState member of the TCB. */ +/* + * The value used to fill the stack of a task when the task is created. This + * is used purely for checking the high water mark for tasks. + */ +/* Bits used to record how a task's stack and TCB were allocated. */ +/* If any of the following are set then task stacks are filled with a known + * value so the high water mark can be determined. If none of the following are + * set then don't fill the stack so there is no unnecessary dependency on memset. */ +/* + * Macros used by vListTask to indicate which state a task is in. + */ +/* + * Some kernel aware debuggers require the data the debugger needs access to to + * be global, rather than file scope. + */ +/* The name allocated to the Idle task. This can be overridden by defining + * configIDLE_TASK_NAME in FreeRTOSConfig.h. */ +/* If configUSE_PORT_OPTIMISED_TASK_SELECTION is 0 then task selection is + * performed in a generic way that is not optimised to any particular + * microcontroller architecture. */ +/* uxTopReadyPriority holds the priority of the highest priority ready + * state task. */ + /*-----------------------------------------------------------*/ +/* Define away taskRESET_READY_PRIORITY() and portRESET_READY_PRIORITY() as + * they are only required when a port optimised method of task selection is + * being used. */ +/*-----------------------------------------------------------*/ +/* pxDelayedTaskList and pxOverflowDelayedTaskList are switched when the tick + * count overflows. */ +/*-----------------------------------------------------------*/ +/* + * Place the task represented by pxTCB into the appropriate ready list for + * the task. It is inserted at the end of the list. + */ +/*-----------------------------------------------------------*/ +/* + * Several functions take a TaskHandle_t parameter that can optionally be NULL, + * where NULL is used to indicate that the handle of the currently executing + * task should be used in place of the parameter. This macro simply checks to + * see if the parameter is NULL and returns a pointer to the appropriate TCB. + */ +/* The item value of the event list item is normally used to hold the priority + * of the task to which it belongs (coded to allow it to be held in reverse + * priority order). However, it is occasionally borrowed for other purposes. It + * is important its value is not updated due to a task priority change while it is + * being used for another purpose. The following bit definition is used to inform + * the scheduler that the value should not be changed - in which case it is the + * responsibility of whichever module is using the value to ensure it gets set back + * to its original value when it is released. */ +/* Indicates that the task is not actively running on any core. */ +/* Indicates that the task is actively running but scheduled to yield. */ +/* Returns pdTRUE if the task is actively running and not scheduled to yield. */ +typedef BaseType_t TaskRunning_t; +/* + * Task control block. A task control block (TCB) is allocated for each task, + * and stores task state information, including a pointer to the task's context + * (the task's run time environment, including register values) + */ +typedef struct tskTaskControlBlock /* The old naming convention is used to prevent breaking kernel aware debuggers. */ +{ + volatile StackType_t * pxTopOfStack; /*< Points to the location of the last item placed on the tasks stack. THIS MUST BE THE FIRST MEMBER OF THE TCB STRUCT. */ + ListItem_t xStateListItem; /*< The list that the state list item of a task is reference from denotes the state of that task (Ready, Blocked, Suspended ). */ + ListItem_t xEventListItem; /*< Used to reference a task from an event list. */ + UBaseType_t uxPriority; /*< The priority of the task. 0 is the lowest priority. */ + StackType_t * pxStack; /*< Points to the start of the stack. */ + volatile TaskRunning_t xTaskRunState; /*< Used to identify the core the task is running on, if any. */ + BaseType_t xIsIdle; /*< Used to identify the idle tasks. */ + char pcTaskName[ 16 ]; /*< Descriptive name given to the task when created. Facilitates debugging only. */ /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + UBaseType_t uxCriticalNesting; /*< Holds the critical section nesting depth for ports that do not maintain their own count in the port layer. */ + UBaseType_t uxTCBNumber; /*< Stores a number that increments each time a TCB is created. It allows debuggers to determine when a task has been deleted and then recreated. */ + UBaseType_t uxTaskNumber; /*< Stores a number specifically for use by third party trace code. */ + UBaseType_t uxBasePriority; /*< The priority last assigned to the task - used by the priority inheritance mechanism. */ + UBaseType_t uxMutexesHeld; + void * pvThreadLocalStoragePointers[ 5 ]; + volatile uint32_t ulNotifiedValue[ 1 ]; + volatile uint8_t ucNotifyState[ 1 ]; + /* See the comments in FreeRTOS.h with the definition of + * tskSTATIC_AND_DYNAMIC_ALLOCATION_POSSIBLE. */ + uint8_t ucDelayAborted; +} tskTCB; +/* The old tskTCB name is maintained above then typedefed to the new TCB_t name + * below to enable the use of older kernel aware debuggers. */ +typedef tskTCB TCB_t; +/*lint -save -e956 A manual analysis and inspection has been used to determine + * which static variables must be declared volatile. */ + TCB_t * volatile pxCurrentTCBs[ 1 ] = { ((void*)0) }; +/* Lists for ready and blocked tasks. -------------------- + * xDelayedTaskList1 and xDelayedTaskList2 could be moved to function scope but + * doing so breaks some kernel aware debuggers and debuggers that rely on removing + * the static qualifier. */ + static List_t pxReadyTasksLists[ 32 ]; /*< Prioritised ready tasks. */ + static List_t xDelayedTaskList1; /*< Delayed tasks. */ + static List_t xDelayedTaskList2; /*< Delayed tasks (two lists are used - one for delays that have overflowed the current tick count. */ + static List_t * volatile pxDelayedTaskList; /*< Points to the delayed task list currently being used. */ + static List_t * volatile pxOverflowDelayedTaskList; /*< Points to the delayed task list currently being used to hold tasks that have overflowed the current tick count. */ + static List_t xPendingReadyList; /*< Tasks that have been readied while the scheduler was suspended. They will be moved to the ready list when the scheduler is resumed. */ + static List_t xTasksWaitingTermination; /*< Tasks that have been deleted - but their memory not yet freed. */ + static volatile UBaseType_t uxDeletedTasksWaitingCleanUp = ( UBaseType_t ) 0U; + static List_t xSuspendedTaskList; /*< Tasks that are currently suspended. */ +/* Global POSIX errno. Its value is changed upon context switching to match + * the errno of the currently running task. */ +/* Other file private variables. --------------------------------*/ + static volatile UBaseType_t uxCurrentNumberOfTasks = ( UBaseType_t ) 0U; + static volatile TickType_t xTickCount = ( TickType_t ) 0; + static volatile UBaseType_t uxTopReadyPriority = ( ( UBaseType_t ) 0U ); + static volatile BaseType_t xSchedulerRunning = ( ( BaseType_t ) 0 ); + static volatile TickType_t xPendedTicks = ( TickType_t ) 0U; + static volatile BaseType_t xYieldPendings[ 1 ] = { ( ( BaseType_t ) 0 ) }; + static volatile BaseType_t xNumOfOverflows = ( BaseType_t ) 0; + static UBaseType_t uxTaskNumber = ( UBaseType_t ) 0U; + static volatile TickType_t xNextTaskUnblockTime = ( TickType_t ) 0U; /* Initialised to portMAX_DELAY before the scheduler starts. */ + static TaskHandle_t xIdleTaskHandle[ 1 ] = { ((void*)0) }; /*< Holds the handle of the idle task. The idle task is created automatically when the scheduler is started. */ +/* Improve support for OpenOCD. The kernel tracks Ready tasks via priority lists. + * For tracking the state of remote threads, OpenOCD uses uxTopUsedPriority + * to determine the number of priority lists to read back from the remote target. */ +const volatile UBaseType_t uxTopUsedPriority = 32 - 1U; +/* Context switches are held pending while the scheduler is suspended. Also, + * interrupts must not manipulate the xStateListItem of a TCB, or any of the + * lists the xStateListItem can be referenced from, if the scheduler is suspended. + * If an interrupt needs to unblock a task while the scheduler is suspended then it + * moves the task's event list item into the xPendingReadyList, ready for the + * kernel to move the task from the pending ready list into the real ready list + * when the scheduler is unsuspended. The pending ready list itself can only be + * accessed from a critical section. + * + * Updates to uxSchedulerSuspended must be protected by both the task and ISR locks and + * must not be done by an ISR. Reads must be protected by either lock and may be done by + * either an ISR or a task. */ + static volatile UBaseType_t uxSchedulerSuspended = ( UBaseType_t ) ( ( BaseType_t ) 0 ); +/*lint -restore */ +/*-----------------------------------------------------------*/ +/* File private functions. --------------------------------*/ +/* + * Creates the idle tasks during scheduler start + */ +static BaseType_t prvCreateIdleTasks( void ); +/* + * Returns the yield pending count for the calling core. + */ +static BaseType_t prvGetCurrentYieldPending( void ); +/* + * Checks to see if another task moved the current task out of the ready + * list while it was waiting to enter a critical section and yields if so. + */ +static void prvCheckForRunStateChange( void ); +/* + * Yields the given core. + */ +static void prvYieldCore( BaseType_t xCoreID ); +/* + * Yields a core, or cores if multiple priorities are not allowed to run + * simultaneously, to allow the task pxTCB to run. + */ +static void prvYieldForTask( TCB_t * pxTCB, + const BaseType_t xPreemptEqualPriority ); +/* + * Selects the highest priority available task + */ +static BaseType_t prvSelectHighestPriorityTask( const BaseType_t xCoreID ); +/** + * Utility task that simply returns pdTRUE if the task referenced by xTask is + * currently in the Suspended state, or pdFALSE if the task referenced by xTask + * is in any other state. + */ + static BaseType_t prvTaskIsTaskSuspended( const TaskHandle_t xTask ) ; +/* + * Utility to ready all the lists used by the scheduler. This is called + * automatically upon the creation of the first task. + */ +static void prvInitialiseTaskLists( void ) ; +/* + * The idle task, which as all tasks is implemented as a never ending loop. + * The idle task is automatically created and added to the ready lists upon + * creation of the first user task. + * + */ +static void prvIdleTask( void * pvParameters ) ; +/* + * Utility to free all memory allocated by the scheduler to hold a TCB, + * including the stack pointed to by the TCB. + * + * This does not free memory allocated by the task itself (i.e. memory + * allocated by calls to pvPortMalloc from within the tasks application code). + */ + static void prvDeleteTCB( TCB_t * pxTCB ) ; +/* + * Used only by the idle task. This checks to see if anything has been placed + * in the list of tasks waiting to be deleted. If so the task is cleaned up + * and its TCB deleted. + */ +static void prvCheckTasksWaitingTermination( void ) ; +/* + * The currently executing task is entering the Blocked state. Add the task to + * either the current or the overflow delayed task list. + */ +static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait, + const BaseType_t xCanBlockIndefinitely ) ; +/* + * Fills an TaskStatus_t structure with information on each task that is + * referenced from the pxList list (which may be a ready list, a delayed list, + * a suspended list, etc.). + * + * THIS FUNCTION IS INTENDED FOR DEBUGGING ONLY, AND SHOULD NOT BE CALLED FROM + * NORMAL APPLICATION CODE. + */ + static UBaseType_t prvListTasksWithinSingleList( TaskStatus_t * pxTaskStatusArray, + List_t * pxList, + eTaskState eState ) ; +/* + * Searches pxList for a task with name pcNameToQuery - returning a handle to + * the task if it is found, or NULL if the task is not found. + */ + static TCB_t * prvSearchForNameWithinSingleList( List_t * pxList, + const char pcNameToQuery[] ) ; +/* + * When a task is created, the stack of the task is filled with a known value. + * This function determines the 'high water mark' of the task stack by + * determining how much of the stack remains at the original preset value. + */ + static uint32_t prvTaskCheckFreeStackSpace( const uint8_t * pucStackByte ) ; +/* + * Return the amount of time, in ticks, that will pass before the kernel will + * next move a task from the Blocked state to the Running state. + * + * This conditional compilation should use inequality to 0, not equality to 1. + * This is to ensure portSUPPRESS_TICKS_AND_SLEEP() can be called when user + * defined low power mode implementations require configUSE_TICKLESS_IDLE to be + * set to a value other than 1. + */ +/* + * Set xNextTaskUnblockTime to the time at which the next Blocked state task + * will exit the Blocked state. + */ +static void prvResetNextTaskUnblockTime( void ) ; +/* + * Called after a Task_t structure has been allocated either statically or + * dynamically to fill in the structure's members. + */ +static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, + const char * const pcName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + const uint32_t ulStackDepth, + void * const pvParameters, + UBaseType_t uxPriority, + TaskHandle_t * const pxCreatedTask, + TCB_t * pxNewTCB, + const MemoryRegion_t * const xRegions ) ; +/* + * Called after a new task has been created and initialised to place the task + * under the control of the scheduler. + */ +static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) ; +/* + * freertos_tasks_c_additions_init() should only be called if the user definable + * macro FREERTOS_TASKS_C_ADDITIONS_INIT() is defined, as that is the only macro + * called by the function. + */ +/*-----------------------------------------------------------*/ +static BaseType_t prvGetCurrentYieldPending( void ) +{ + BaseType_t xReturn; + UBaseType_t ulState; + ulState = ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;}); + xReturn = xYieldPendings[ 0 ]; + __asm volatile ("msr PRIMASK,%0"::"r" (ulState) : ); + return xReturn; +} +/*-----------------------------------------------------------*/ +static void prvCheckForRunStateChange( void ) +{ + UBaseType_t uxPrevCriticalNesting; + UBaseType_t uxPrevSchedulerSuspended; + TCB_t * pxThisTCB; + /* This should be skipped when entering a critical section within + * an ISR. If the task on the current core is no longer running, then + * vTaskSwitchContext() probably should be run before returning, but + * we don't have a way to force that to happen from here. */ + if( ({ uint32_t ulIPSR; __asm volatile ("mrs %0, IPSR" : "=r" (ulIPSR)::); ((uint8_t)ulIPSR)>0;}) == ( ( BaseType_t ) 0 ) ) + { + /* This function is always called with interrupts disabled + * so this is safe. */ + pxThisTCB = pxCurrentTCBs[ 0 ]; + while( pxThisTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) ) + { + /* We are only here if we just entered a critical section + * or if we just suspended the scheduler, and another task + * has requested that we yield. + * + * This is slightly complicated since we need to save and restore + * the suspension and critical nesting counts, as well as release + * and reacquire the correct locks. And then do it all over again + * if our state changed again during the reacquisition. */ + uxPrevCriticalNesting = pxThisTCB->uxCriticalNesting; + uxPrevSchedulerSuspended = uxSchedulerSuspended; + /* this must only be called the first time we enter into a critical + * section, otherwise it could context switch in the middle of a + * critical section. */ + (__builtin_expect(!(uxPrevCriticalNesting + uxPrevSchedulerSuspended == 1U), 0) ? __assert_rtn(__func__, "tasks.c", 647, "uxPrevCriticalNesting + uxPrevSchedulerSuspended == 1U") : (void)0); + uxSchedulerSuspended = 0U; + if( uxPrevCriticalNesting > 0U ) + { + pxThisTCB->uxCriticalNesting = 0U; + vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 0 )); + vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 0 )); + } + else + { + /* uxPrevSchedulerSuspended must be 1 */ + vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 0 )); + } + __asm volatile ( "" ::: "memory" ); + (__builtin_expect(!(pxThisTCB->xTaskRunState == ( TaskRunning_t ) ( -2 )), 0) ? __assert_rtn(__func__, "tasks.c", 664, "pxThisTCB->xTaskRunState == ( TaskRunning_t ) ( -2 )") : (void)0); + vPortEnableInterrupts(); + /* Enabling interrupts should cause this core to immediately + * service the pending interrupt and yield. If the run state is still + * yielding here then that is a problem. */ + (__builtin_expect(!(pxThisTCB->xTaskRunState != ( TaskRunning_t ) ( -2 )), 0) ? __assert_rtn(__func__, "tasks.c", 671, "pxThisTCB->xTaskRunState != ( TaskRunning_t ) ( -2 )") : (void)0); + ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;}); + vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 1 )); + vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 1 )); + xTaskGetCurrentTaskHandle()->uxCriticalNesting = uxPrevCriticalNesting; + uxSchedulerSuspended = uxPrevSchedulerSuspended; + if( uxPrevCriticalNesting == 0U ) + { + /* uxPrevSchedulerSuspended must be 1 */ + (__builtin_expect(!(uxPrevSchedulerSuspended != ( UBaseType_t ) ( ( BaseType_t ) 0 )), 0) ? __assert_rtn(__func__, "tasks.c", 682, "uxPrevSchedulerSuspended != ( UBaseType_t ) ( ( BaseType_t ) 0 )") : (void)0); + vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 0 )); + } + } + } +} +/*-----------------------------------------------------------*/ +static void prvYieldCore( BaseType_t xCoreID ) +{ + /* This must be called from a critical section and + * xCoreID must be valid. */ + if( ({ uint32_t ulIPSR; __asm volatile ("mrs %0, IPSR" : "=r" (ulIPSR)::); ((uint8_t)ulIPSR)>0;}) && ( xCoreID == 0 ) ) + { + xYieldPendings[ xCoreID ] = ( ( BaseType_t ) 1 ); + } + else if( pxCurrentTCBs[ xCoreID ]->xTaskRunState != ( TaskRunning_t ) ( -2 ) ) + { + if( xCoreID == 0 ) + { + xYieldPendings[ xCoreID ] = ( ( BaseType_t ) 1 ); + } + else + { + vYieldCore(xCoreID); + pxCurrentTCBs[ xCoreID ]->xTaskRunState = ( TaskRunning_t ) ( -2 ); + } + } +} +/*-----------------------------------------------------------*/ +static void prvYieldForTask( TCB_t * pxTCB, + const BaseType_t xPreemptEqualPriority ) +{ + BaseType_t xLowestPriority; + BaseType_t xTaskPriority; + BaseType_t xLowestPriorityCore = -1; + BaseType_t xYieldCount = 0; + BaseType_t x; + TaskRunning_t xTaskRunState; + /* THIS FUNCTION MUST BE CALLED FROM A CRITICAL SECTION */ + (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn(__func__, "tasks.c", 728, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0); + xLowestPriority = ( BaseType_t ) pxTCB->uxPriority; + if( xPreemptEqualPriority == ( ( BaseType_t ) 0 ) ) + { + /* xLowestPriority will be decremented to -1 if the priority of pxTCB + * is 0. This is ok as we will give system idle tasks a priority of -1 below. */ + --xLowestPriority; + } + for( x = ( BaseType_t ) 0; x < ( BaseType_t ) 1; x++ ) + { + /* System idle tasks are being assigned a priority of tskIDLE_PRIORITY - 1 here */ + xTaskPriority = ( BaseType_t ) pxCurrentTCBs[ x ]->uxPriority - pxCurrentTCBs[ x ]->xIsIdle; + xTaskRunState = pxCurrentTCBs[ x ]->xTaskRunState; + if( ( ( ( 0 <= xTaskRunState ) && ( xTaskRunState < 1 ) ) != ( ( BaseType_t ) 0 ) ) && ( xYieldPendings[ x ] == ( ( BaseType_t ) 0 ) ) ) + { + if( xTaskPriority <= xLowestPriority ) + { + { + { + xLowestPriority = xTaskPriority; + xLowestPriorityCore = x; + } + } + } + else + { + ; + } + } + else + { + ; + } + } + if( ( xYieldCount == 0 ) && ( ( BaseType_t ) ( ( 0 <= xLowestPriorityCore ) && ( xLowestPriorityCore < 1 ) ) ) ) + { + prvYieldCore( xLowestPriorityCore ); + xYieldCount++; + } +} +/*-----------------------------------------------------------*/ + static BaseType_t prvSelectHighestPriorityTask( const BaseType_t xCoreID ) + { + UBaseType_t uxCurrentPriority = uxTopReadyPriority; + BaseType_t xTaskScheduled = ( ( BaseType_t ) 0 ); + BaseType_t xDecrementTopPriority = ( ( BaseType_t ) 1 ); + while( xTaskScheduled == ( ( BaseType_t ) 0 ) ) + { + if( ( ( ( &( pxReadyTasksLists[ uxCurrentPriority ] ) )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) == ( ( BaseType_t ) 0 ) ) + { + List_t * const pxReadyList = &( pxReadyTasksLists[ uxCurrentPriority ] ); + ListItem_t * pxLastTaskItem = pxReadyList->pxIndex->pxPrevious; + ListItem_t * pxTaskItem = pxLastTaskItem; + if( ( void * ) pxLastTaskItem == ( void * ) &( pxReadyList->xListEnd ) ) + { + pxLastTaskItem = pxLastTaskItem->pxPrevious; + } + /* The ready task list for uxCurrentPriority is not empty, so uxTopReadyPriority + * must not be decremented any further */ + xDecrementTopPriority = ( ( BaseType_t ) 0 ); + do + { + TCB_t * pxTCB; + pxTaskItem = pxTaskItem->pxNext; + if( ( void * ) pxTaskItem == ( void * ) &( pxReadyList->xListEnd ) ) + { + pxTaskItem = pxTaskItem->pxNext; + } + pxTCB = pxTaskItem->pvOwner; + /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */ + if( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -1 ) ) + { + { + /* If the task is not being executed by any core swap it in */ + pxCurrentTCBs[ xCoreID ]->xTaskRunState = ( TaskRunning_t ) ( -1 ); + pxTCB->xTaskRunState = ( TaskRunning_t ) xCoreID; + pxCurrentTCBs[ xCoreID ] = pxTCB; + xTaskScheduled = ( ( BaseType_t ) 1 ); + } + } + else if( pxTCB == pxCurrentTCBs[ xCoreID ] ) + { + (__builtin_expect(!(( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )), 0) ? __assert_rtn(__func__, "tasks.c", 912, "( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )") : (void)0); + { + /* The task is already running on this core, mark it as scheduled */ + pxTCB->xTaskRunState = ( TaskRunning_t ) xCoreID; + xTaskScheduled = ( ( BaseType_t ) 1 ); + } + } + if( xTaskScheduled != ( ( BaseType_t ) 0 ) ) + { + /* Once a task has been selected to run on this core, + * move it to the end of the ready task list. */ + uxListRemove( pxTaskItem ); + vListInsertEnd( pxReadyList, pxTaskItem ); + break; + } + } while( pxTaskItem != pxLastTaskItem ); + } + else + { + if( xDecrementTopPriority != ( ( BaseType_t ) 0 ) ) + { + uxTopReadyPriority--; + } + } + /* This function can get called by vTaskSuspend() before the scheduler is started. + * In that case, since the idle tasks have not yet been created it is possible that we + * won't find a new task to schedule. Return pdFALSE in this case. */ + if( ( xSchedulerRunning == ( ( BaseType_t ) 0 ) ) && ( uxCurrentPriority == ( ( UBaseType_t ) 0U ) ) && ( xTaskScheduled == ( ( BaseType_t ) 0 ) ) ) + { + return ( ( BaseType_t ) 0 ); + } + (__builtin_expect(!(( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )), 0) ? __assert_rtn(__func__, "tasks.c", 956, "( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )") : (void)0); + uxCurrentPriority--; + } + (__builtin_expect(!(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )), 0) ? __assert_rtn(__func__, "tasks.c", 960, "( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )") : (void)0); + return ( ( BaseType_t ) 1 ); + } +/*-----------------------------------------------------------*/ +/*-----------------------------------------------------------*/ +/*-----------------------------------------------------------*/ +/*-----------------------------------------------------------*/ + BaseType_t xTaskCreate( TaskFunction_t pxTaskCode, + const char * const pcName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + const uint32_t usStackDepth, + void * const pvParameters, + UBaseType_t uxPriority, + TaskHandle_t * const pxCreatedTask ) + { + TCB_t * pxNewTCB; + BaseType_t xReturn; + /* If the stack grows down then allocate the stack then the TCB so the stack + * does not grow into the TCB. Likewise if the stack grows up then allocate + * the TCB then the stack. */ + { + StackType_t * pxStack; + /* Allocate space for the stack used by the task being created. */ + pxStack = pvPortMalloc( ( ( ( size_t ) usStackDepth ) * sizeof( StackType_t ) ) ); /*lint !e9079 All values returned by pvPortMalloc() have at least the alignment required by the MCU's stack and this allocation is the stack. */ + if( pxStack != ((void*)0) ) + { + /* Allocate space for the TCB. */ + pxNewTCB = ( TCB_t * ) pvPortMalloc( sizeof( TCB_t ) ); /*lint !e9087 !e9079 All values returned by pvPortMalloc() have at least the alignment required by the MCU's stack, and the first member of TCB_t is always a pointer to the task's stack. */ + if( pxNewTCB != ((void*)0) ) + { + /* Store the stack location in the TCB. */ + pxNewTCB->pxStack = pxStack; + } + else + { + /* The stack cannot be used as the TCB was not created. Free + * it again. */ + vPortFree( pxStack ); + } + } + else + { + pxNewTCB = ((void*)0); + } + } + if( pxNewTCB != ((void*)0) ) + { + prvInitialiseNewTask( pxTaskCode, pcName, ( uint32_t ) usStackDepth, pvParameters, uxPriority, pxCreatedTask, pxNewTCB, ((void*)0) ); + prvAddNewTaskToReadyList( pxNewTCB ); + xReturn = ( ( ( BaseType_t ) 1 ) ); + } + else + { + xReturn = ( -1 ); + } + return xReturn; + } +/*-----------------------------------------------------------*/ +static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, + const char * const pcName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + const uint32_t ulStackDepth, + void * const pvParameters, + UBaseType_t uxPriority, + TaskHandle_t * const pxCreatedTask, + TCB_t * pxNewTCB, + const MemoryRegion_t * const xRegions ) +{ + StackType_t * pxTopOfStack; + UBaseType_t x; + /* Avoid dependency on memset() if it is not required. */ + { + /* Fill the stack with a known value to assist debugging. */ + ( void ) __builtin___memset_chk (pxNewTCB->pxStack, ( int ) ( 0xa5U ), ( size_t ) ulStackDepth * sizeof( StackType_t ), __builtin_object_size (pxNewTCB->pxStack, 0)); + } + /* Calculate the top of stack address. This depends on whether the stack + * grows from high memory to low (as per the 80x86) or vice versa. + * portSTACK_GROWTH is used to make the result positive or negative as required + * by the port. */ + { + pxTopOfStack = &( pxNewTCB->pxStack[ ulStackDepth - ( uint32_t ) 1 ] ); + pxTopOfStack = ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception. Avoiding casts between pointers and integers is not practical. Size differences accounted for using portPOINTER_SIZE_TYPE type. Checked by assert(). */ + /* Check the alignment of the calculated top of stack is correct. */ + (__builtin_expect(!(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )), 0) ? __assert_rtn(__func__, "tasks.c", 1345, "( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )") : (void)0); + } + /* Store the task name in the TCB. */ + if( pcName != ((void*)0) ) + { + for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) 16; x++ ) + { + pxNewTCB->pcTaskName[ x ] = pcName[ x ]; + /* Don't copy all configMAX_TASK_NAME_LEN if the string is shorter than + * configMAX_TASK_NAME_LEN characters just in case the memory after the + * string is not accessible (extremely unlikely). */ + if( pcName[ x ] == ( char ) 0x00 ) + { + break; + } + else + { + ; + } + } + /* Ensure the name string is terminated in the case that the string length + * was greater or equal to configMAX_TASK_NAME_LEN. */ + pxNewTCB->pcTaskName[ 16 - 1 ] = '\0'; + } + else + { + /* The task has not been given a name, so just ensure there is a NULL + * terminator when it is read out. */ + pxNewTCB->pcTaskName[ 0 ] = 0x00; + } + /* This is used as an array index so must ensure it's not too large. First + * remove the privilege bit if one is present. */ + if( uxPriority >= ( UBaseType_t ) 32 ) + { + uxPriority = ( UBaseType_t ) 32 - ( UBaseType_t ) 1U; + } + else + { + ; + } + pxNewTCB->uxPriority = uxPriority; + { + pxNewTCB->uxBasePriority = uxPriority; + pxNewTCB->uxMutexesHeld = 0; + } + vListInitialiseItem( &( pxNewTCB->xStateListItem ) ); + vListInitialiseItem( &( pxNewTCB->xEventListItem ) ); + /* Set the pxNewTCB as a link back from the ListItem_t. This is so we can get + * back to the containing TCB from a generic item in a list. */ + ( ( &( pxNewTCB->xStateListItem ) )->pvOwner = ( void * ) ( pxNewTCB ) ); + /* Event lists are always in priority order. */ + ( ( &( pxNewTCB->xEventListItem ) )->xItemValue = ( ( TickType_t ) 32 - ( TickType_t ) uxPriority ) ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ + ( ( &( pxNewTCB->xEventListItem ) )->pvOwner = ( void * ) ( pxNewTCB ) ); + { + pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U; + } + { + /* Avoid compiler warning about unreferenced parameter. */ + ( void ) xRegions; + } + { + __builtin___memset_chk (( void * ) &( pxNewTCB->pvThreadLocalStoragePointers[ 0 ] ), 0x00, sizeof( pxNewTCB->pvThreadLocalStoragePointers ), __builtin_object_size (( void * ) &( pxNewTCB->pvThreadLocalStoragePointers[ 0 ] ), 0)); + } + { + __builtin___memset_chk (( void * ) &( pxNewTCB->ulNotifiedValue[ 0 ] ), 0x00, sizeof( pxNewTCB->ulNotifiedValue ), __builtin_object_size (( void * ) &( pxNewTCB->ulNotifiedValue[ 0 ] ), 0)); + __builtin___memset_chk (( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ), __builtin_object_size (( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0)); + } + { + pxNewTCB->ucDelayAborted = ( ( BaseType_t ) 0 ); + } + /* Initialize the TCB stack to look as if the task was already running, + * but had been interrupted by the scheduler. The return address is set + * to the start of the task function. Once the stack has been initialised + * the top of stack variable is updated. */ + { + /* If the port has capability to detect stack overflow, + * pass the stack end address to the stack initialization + * function as well. */ + { + pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters ); + } + } + /* Initialize to not running */ + pxNewTCB->xTaskRunState = ( TaskRunning_t ) ( -1 ); + /* Is this an idle task? */ + if( pxTaskCode == prvIdleTask ) + { + pxNewTCB->xIsIdle = ( ( BaseType_t ) 1 ); + } + else + { + pxNewTCB->xIsIdle = ( ( BaseType_t ) 0 ); + } + if( pxCreatedTask != ((void*)0) ) + { + /* Pass the handle out in an anonymous way. The handle can be used to + * change the created task's priority, delete the created task, etc.*/ + *pxCreatedTask = ( TaskHandle_t ) pxNewTCB; + } + else + { + ; + } +} +/*-----------------------------------------------------------*/ +static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) +{ + /* Ensure interrupts don't access the task lists while the lists are being + * updated. */ + vTaskEnterCritical(); + { + uxCurrentNumberOfTasks++; + if( xSchedulerRunning == ( ( BaseType_t ) 0 ) ) + { + if( uxCurrentNumberOfTasks == ( UBaseType_t ) 1 ) + { + /* This is the first task to be created so do the preliminary + * initialisation required. We will not recover if this call + * fails, but we will report the failure. */ + prvInitialiseTaskLists(); + } + else + { + ; + } + if( pxNewTCB->xIsIdle != ( ( BaseType_t ) 0 ) ) + { + BaseType_t xCoreID; + /* Check if a core is free. */ + for( xCoreID = ( UBaseType_t ) 0; xCoreID < ( UBaseType_t ) 1; xCoreID++ ) + { + if( pxCurrentTCBs[ xCoreID ] == ((void*)0) ) + { + pxNewTCB->xTaskRunState = xCoreID; + pxCurrentTCBs[ xCoreID ] = pxNewTCB; + break; + } + } + } + } + else + { + ; + } + uxTaskNumber++; + { + /* Add a counter into the TCB for tracing only. */ + pxNewTCB->uxTCBNumber = uxTaskNumber; + } + ; + ; { if( ( ( pxNewTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxNewTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxNewTCB )->uxPriority ] ), &( ( pxNewTCB )->xStateListItem ) ); ; + ( void ) pxNewTCB; + if( xSchedulerRunning != ( ( BaseType_t ) 0 ) ) + { + /* If the created task is of a higher priority than another + * currently running task and preemption is on then it should + * run now. */ + prvYieldForTask( pxNewTCB, ( ( BaseType_t ) 0 ) ); + } + else + { + ; + } + } + vTaskExitCritical(); +} +/*-----------------------------------------------------------*/ + void vTaskDelete( TaskHandle_t xTaskToDelete ) + { + TCB_t * pxTCB; + TaskRunning_t xTaskRunningOnCore; + vTaskEnterCritical(); + { + /* If null is passed in here then it is the calling task that is + * being deleted. */ + pxTCB = ( ( ( xTaskToDelete ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTaskToDelete ) ); + xTaskRunningOnCore = pxTCB->xTaskRunState; + /* Remove task from the ready/delayed list. */ + if( uxListRemove( &( pxTCB->xStateListItem ) ) == ( UBaseType_t ) 0 ) + { + ; + } + else + { + ; + } + /* Is the task waiting on an event also? */ + if( ( ( &( pxTCB->xEventListItem ) )->pxContainer ) != ((void*)0) ) + { + ( void ) uxListRemove( &( pxTCB->xEventListItem ) ); + } + else + { + ; + } + /* Increment the uxTaskNumber also so kernel aware debuggers can + * detect that the task lists need re-generating. This is done before + * portPRE_TASK_DELETE_HOOK() as in the Windows port that macro will + * not return. */ + uxTaskNumber++; + /* If the task is running (or yielding), we must add it to the + * termination list so that an idle task can delete it when it is + * no longer running. */ + if( xTaskRunningOnCore != ( TaskRunning_t ) ( -1 ) ) + { + /* A running task is being deleted. This cannot complete within the + * task itself, as a context switch to another task is required. + * Place the task in the termination list. The idle task will + * check the termination list and free up any memory allocated by + * the scheduler for the TCB and stack of the deleted task. */ + vListInsertEnd( &xTasksWaitingTermination, &( pxTCB->xStateListItem ) ); + /* Increment the ucTasksDeleted variable so the idle task knows + * there is a task that has been deleted and that it should therefore + * check the xTasksWaitingTermination list. */ + ++uxDeletedTasksWaitingCleanUp; + /* Call the delete hook before portPRE_TASK_DELETE_HOOK() as + * portPRE_TASK_DELETE_HOOK() does not return in the Win32 port. */ + ; + /* The pre-delete hook is primarily for the Windows simulator, + * in which Windows specific clean up operations are performed, + * after which it is not possible to yield away from this task - + * hence xYieldPending is used to latch that a context switch is + * required. */ + ; + } + else + { + --uxCurrentNumberOfTasks; + ; + prvDeleteTCB( pxTCB ); + /* Reset the next expected unblock time in case it referred to + * the task that has just been deleted. */ + prvResetNextTaskUnblockTime(); + } + /* Force a reschedule if the task that has just been deleted was running. */ + if( ( xSchedulerRunning != ( ( BaseType_t ) 0 ) ) && ( ( ( 0 <= xTaskRunningOnCore ) && ( xTaskRunningOnCore < 1 ) ) ) ) + { + BaseType_t xCoreID; + xCoreID = 0; + if( xTaskRunningOnCore == xCoreID ) + { + (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn(__func__, "tasks.c", 1748, "uxSchedulerSuspended == 0") : (void)0); + vTaskYieldWithinAPI(); + } + else + { + prvYieldCore( xTaskRunningOnCore ); + } + } + } + vTaskExitCritical(); + } +/*-----------------------------------------------------------*/ + BaseType_t xTaskDelayUntil( TickType_t * const pxPreviousWakeTime, + const TickType_t xTimeIncrement ) + { + TickType_t xTimeToWake; + BaseType_t xAlreadyYielded, xShouldDelay = ( ( BaseType_t ) 0 ); + (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn(__func__, "tasks.c", 1771, "pxPreviousWakeTime") : (void)0); + (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn(__func__, "tasks.c", 1772, "( xTimeIncrement > 0U )") : (void)0); + vTaskSuspendAll(); + { + (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn(__func__, "tasks.c", 1776, "uxSchedulerSuspended == 1") : (void)0); + /* Minor optimisation. The tick count cannot change in this + * block. */ + const TickType_t xConstTickCount = xTickCount; + /* Generate the tick time at which the task wants to wake. */ + xTimeToWake = *pxPreviousWakeTime + xTimeIncrement; + if( xConstTickCount < *pxPreviousWakeTime ) + { + /* The tick count has overflowed since this function was + * lasted called. In this case the only time we should ever + * actually delay is if the wake time has also overflowed, + * and the wake time is greater than the tick time. When this + * is the case it is as if neither time had overflowed. */ + if( ( xTimeToWake < *pxPreviousWakeTime ) && ( xTimeToWake > xConstTickCount ) ) + { + xShouldDelay = ( ( BaseType_t ) 1 ); + } + else + { + ; + } + } + else + { + /* The tick time has not overflowed. In this case we will + * delay if either the wake time has overflowed, and/or the + * tick time is less than the wake time. */ + if( ( xTimeToWake < *pxPreviousWakeTime ) || ( xTimeToWake > xConstTickCount ) ) + { + xShouldDelay = ( ( BaseType_t ) 1 ); + } + else + { + ; + } + } + /* Update the wake time ready for the next call. */ + *pxPreviousWakeTime = xTimeToWake; + if( xShouldDelay != ( ( BaseType_t ) 0 ) ) + { + ; + /* prvAddCurrentTaskToDelayedList() needs the block time, not + * the time to wake, so subtract the current tick count. */ + prvAddCurrentTaskToDelayedList( xTimeToWake - xConstTickCount, ( ( BaseType_t ) 0 ) ); + } + else + { + ; + } + } + xAlreadyYielded = xTaskResumeAll(); + /* Force a reschedule if xTaskResumeAll has not already done so, we may + * have put ourselves to sleep. */ + if( xAlreadyYielded == ( ( BaseType_t ) 0 ) ) + { + vTaskYieldWithinAPI(); + } + else + { + ; + } + return xShouldDelay; + } +/*-----------------------------------------------------------*/ + void vTaskDelay( const TickType_t xTicksToDelay ) + { + BaseType_t xAlreadyYielded = ( ( BaseType_t ) 0 ); + /* A delay time of zero just forces a reschedule. */ + if( xTicksToDelay > ( TickType_t ) 0U ) + { + vTaskSuspendAll(); + { + (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn(__func__, "tasks.c", 1862, "uxSchedulerSuspended == 1") : (void)0); + ; + /* A task that is removed from the event list while the + * scheduler is suspended will not get placed in the ready + * list or removed from the blocked list until the scheduler + * is resumed. + * + * This task cannot be in an event list as it is the currently + * executing task. */ + prvAddCurrentTaskToDelayedList( xTicksToDelay, ( ( BaseType_t ) 0 ) ); + } + xAlreadyYielded = xTaskResumeAll(); + } + else + { + ; + } + /* Force a reschedule if xTaskResumeAll has not already done so, we may + * have put ourselves to sleep. */ + if( xAlreadyYielded == ( ( BaseType_t ) 0 ) ) + { + vTaskYieldWithinAPI(); + } + else + { + ; + } + } +/*-----------------------------------------------------------*/ + eTaskState eTaskGetState( TaskHandle_t xTask ) + { + eTaskState eReturn; + List_t const * pxStateList, * pxDelayedList, * pxOverflowedDelayedList; + const TCB_t * const pxTCB = xTask; + (__builtin_expect(!(pxTCB), 0) ? __assert_rtn(__func__, "tasks.c", 1904, "pxTCB") : (void)0); + vTaskEnterCritical(); + { + pxStateList = ( ( &( pxTCB->xStateListItem ) )->pxContainer ); + pxDelayedList = pxDelayedTaskList; + pxOverflowedDelayedList = pxOverflowDelayedTaskList; + } + vTaskExitCritical(); + if( ( pxStateList == pxDelayedList ) || ( pxStateList == pxOverflowedDelayedList ) ) + { + /* The task being queried is referenced from one of the Blocked + * lists. */ + eReturn = eBlocked; + } + else if( pxStateList == &xSuspendedTaskList ) + { + /* The task being queried is referenced from the suspended + * list. Is it genuinely suspended or is it blocked + * indefinitely? */ + if( ( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0) ) + { + { + BaseType_t x; + /* The task does not appear on the event list item of + * and of the RTOS objects, but could still be in the + * blocked state if it is waiting on its notification + * rather than waiting on an object. If not, is + * suspended. */ + eReturn = eSuspended; + for( x = 0; x < 1; x++ ) + { + if( pxTCB->ucNotifyState[ x ] == ( ( uint8_t ) 1 ) ) + { + eReturn = eBlocked; + break; + } + } + } + } + else + { + eReturn = eBlocked; + } + } + else if( ( pxStateList == &xTasksWaitingTermination ) || ( pxStateList == ((void*)0) ) ) + { + /* The task being queried is referenced from the deleted + * tasks list, or it is not referenced from any lists at + * all. */ + eReturn = eDeleted; + } + else /*lint !e525 Negative indentation is intended to make use of pre-processor clearer. */ + { + /* If the task is not in any other state, it must be in the + * Ready (including pending ready) state. */ + if( ( ( 0 <= pxTCB->xTaskRunState ) && ( pxTCB->xTaskRunState < 1 ) ) ) + { + /* Is it actively running on a core? */ + eReturn = eRunning; + } + else + { + eReturn = eReady; + } + } + return eReturn; + } /*lint !e818 xTask cannot be a pointer to const because it is a typedef. */ +/*-----------------------------------------------------------*/ + UBaseType_t uxTaskPriorityGet( const TaskHandle_t xTask ) + { + TCB_t const * pxTCB; + UBaseType_t uxReturn; + vTaskEnterCritical(); + { + /* If null is passed in here then it is the priority of the task + * that called uxTaskPriorityGet() that is being queried. */ + pxTCB = ( ( ( xTask ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTask ) ); + uxReturn = pxTCB->uxPriority; + } + vTaskExitCritical(); + return uxReturn; + } +/*-----------------------------------------------------------*/ + UBaseType_t uxTaskPriorityGetFromISR( const TaskHandle_t xTask ) + { + TCB_t const * pxTCB; + UBaseType_t uxReturn, uxSavedInterruptState; + /* RTOS ports that support interrupt nesting have the concept of a + * maximum system call (or maximum API call) interrupt priority. + * Interrupts that are above the maximum system call priority are keep + * permanently enabled, even when the RTOS kernel is in a critical section, + * but cannot make any calls to FreeRTOS API functions. If configASSERT() + * is defined in FreeRTOSConfig.h then + * portASSERT_IF_INTERRUPT_PRIORITY_INVALID() will result in an assertion + * failure if a FreeRTOS API function is called from an interrupt that has + * been assigned a priority above the configured maximum system call + * priority. Only FreeRTOS functions that end in FromISR can be called + * from interrupts that have been assigned a priority at or (logically) + * below the maximum system call interrupt priority. FreeRTOS maintains a + * separate interrupt safe API to ensure interrupt entry is as fast and as + * simple as possible. More information (albeit Cortex-M specific) is + * provided on the following link: + * https://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html */ + ; + uxSavedInterruptState = ({ uint32_t ulStateISR = ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;}); vTaskEnterCritical(); ulStateISR; }); + { + /* If null is passed in here then it is the priority of the calling + * task that is being queried. */ + pxTCB = ( ( ( xTask ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTask ) ); + uxReturn = pxTCB->uxPriority; + } + do { vTaskExitCritical(); __asm volatile ("msr PRIMASK,%0"::"r" (uxSavedInterruptState) : ); } while (0); + return uxReturn; + } +/*-----------------------------------------------------------*/ + void vTaskPrioritySet( TaskHandle_t xTask, + UBaseType_t uxNewPriority ) + { + TCB_t * pxTCB; + UBaseType_t uxCurrentBasePriority, uxPriorityUsedOnEntry; + BaseType_t xYieldRequired = ( ( BaseType_t ) 0 ); + BaseType_t xYieldForTask = ( ( BaseType_t ) 0 ); + BaseType_t xCoreID; + (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn(__func__, "tasks.c", 2066, "( uxNewPriority < 32 )") : (void)0); + /* Ensure the new priority is valid. */ + if( uxNewPriority >= ( UBaseType_t ) 32 ) + { + uxNewPriority = ( UBaseType_t ) 32 - ( UBaseType_t ) 1U; + } + else + { + ; + } + vTaskEnterCritical(); + { + /* If null is passed in here then it is the priority of the calling + * task that is being changed. */ + pxTCB = ( ( ( xTask ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTask ) ); + ; + { + uxCurrentBasePriority = pxTCB->uxBasePriority; + } + if( uxCurrentBasePriority != uxNewPriority ) + { + /* The priority change may have readied a task of higher + * priority than a running task. */ + if( uxNewPriority > uxCurrentBasePriority ) + { + /* The priority of a task is being raised so + * perform a yield for this task later. */ + xYieldForTask = ( ( BaseType_t ) 1 ); + } + else if( ( ( 0 <= pxTCB->xTaskRunState ) && ( pxTCB->xTaskRunState < 1 ) ) ) + { + /* Setting the priority of a running task down means + * there may now be another task of higher priority that + * is ready to execute. */ + { + xCoreID = ( BaseType_t ) pxTCB->xTaskRunState; + xYieldRequired = ( ( BaseType_t ) 1 ); + } + } + else + { + /* Setting the priority of any other task down does not + * require a yield as the running task must be above the + * new priority of the task being modified. */ + } + /* Remember the ready list the task might be referenced from + * before its uxPriority member is changed so the + * taskRESET_READY_PRIORITY() macro can function correctly. */ + uxPriorityUsedOnEntry = pxTCB->uxPriority; + { + /* Only change the priority being used if the task is not + * currently using an inherited priority. */ + if( pxTCB->uxBasePriority == pxTCB->uxPriority ) + { + pxTCB->uxPriority = uxNewPriority; + } + else + { + ; + } + /* The base priority gets set whatever. */ + pxTCB->uxBasePriority = uxNewPriority; + } + /* Only reset the event list item value if the value is not + * being used for anything else. */ + if( ( ( ( &( pxTCB->xEventListItem ) )->xItemValue ) & 0x80000000UL ) == 0UL ) + { + ( ( &( pxTCB->xEventListItem ) )->xItemValue = ( ( ( TickType_t ) 32 - ( TickType_t ) uxNewPriority ) ) ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ + } + else + { + ; + } + /* If the task is in the blocked or suspended list we need do + * nothing more than change its priority variable. However, if + * the task is in a ready list it needs to be removed and placed + * in the list appropriate to its new priority. */ + if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &( pxReadyTasksLists[ uxPriorityUsedOnEntry ] ) ) ) ? ( ( ( BaseType_t ) 1 ) ) : ( ( ( BaseType_t ) 0 ) ) ) != ( ( BaseType_t ) 0 ) ) + { + /* The task is currently in its ready list - remove before + * adding it to its new ready list. As we are in a critical + * section we can do this even if the scheduler is suspended. */ + if( uxListRemove( &( pxTCB->xStateListItem ) ) == ( UBaseType_t ) 0 ) + { + /* It is known that the task is in its ready list so + * there is no need to check again and the port level + * reset macro can be called directly. */ + ; + } + else + { + ; + } + ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ; + } + else + { + /* It's possible that xYieldForTask was already set to pdTRUE because + * its priority is being raised. However, since it is not in a ready list + * we don't actually need to yield for it. */ + xYieldForTask = ( ( BaseType_t ) 0 ); + } + if( xYieldRequired != ( ( BaseType_t ) 0 ) ) + { + prvYieldCore( xCoreID ); + } + else if( xYieldForTask != ( ( BaseType_t ) 0 ) ) + { + prvYieldForTask( pxTCB, ( ( BaseType_t ) 1 ) ); + } + else + { + ; + } + /* Remove compiler warning about unused variables when the port + * optimised task selection is not being used. */ + ( void ) uxPriorityUsedOnEntry; + } + } + vTaskExitCritical(); + } +/*-----------------------------------------------------------*/ +/*-----------------------------------------------------------*/ +/*-----------------------------------------------------------*/ +/*-----------------------------------------------------------*/ +/*-----------------------------------------------------------*/ + void vTaskSuspend( TaskHandle_t xTaskToSuspend ) + { + TCB_t * pxTCB; + TaskRunning_t xTaskRunningOnCore; + vTaskEnterCritical(); + { + /* If null is passed in here then it is the running task that is + * being suspended. */ + pxTCB = ( ( ( xTaskToSuspend ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSuspend ) ); + ; + xTaskRunningOnCore = pxTCB->xTaskRunState; + /* Remove task from the ready/delayed list and place in the + * suspended list. */ + if( uxListRemove( &( pxTCB->xStateListItem ) ) == ( UBaseType_t ) 0 ) + { + ; + } + else + { + ; + } + /* Is the task waiting on an event also? */ + if( ( ( &( pxTCB->xEventListItem ) )->pxContainer ) != ((void*)0) ) + { + ( void ) uxListRemove( &( pxTCB->xEventListItem ) ); + } + else + { + ; + } + vListInsertEnd( &xSuspendedTaskList, &( pxTCB->xStateListItem ) ); + { + BaseType_t x; + for( x = 0; x < 1; x++ ) + { + if( pxTCB->ucNotifyState[ x ] == ( ( uint8_t ) 1 ) ) + { + /* The task was blocked to wait for a notification, but is + * now suspended, so no notification was received. */ + pxTCB->ucNotifyState[ x ] = ( ( uint8_t ) 0 ); + } + } + } + if( xSchedulerRunning != ( ( BaseType_t ) 0 ) ) + { + /* Reset the next expected unblock time in case it referred to the + * task that is now in the Suspended state. */ + prvResetNextTaskUnblockTime(); + } + else + { + ; + } + if( ( ( 0 <= xTaskRunningOnCore ) && ( xTaskRunningOnCore < 1 ) ) ) + { + if( xSchedulerRunning != ( ( BaseType_t ) 0 ) ) + { + if( xTaskRunningOnCore == 0 ) + { + /* The current task has just been suspended. */ + (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn(__func__, "tasks.c", 2399, "uxSchedulerSuspended == 0") : (void)0); + vTaskYieldWithinAPI(); + } + else + { + prvYieldCore( xTaskRunningOnCore ); + } + vTaskExitCritical(); + } + else + { + vTaskExitCritical(); + (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn(__func__, "tasks.c", 2413, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0); + /* The scheduler is not running, but the task that was pointed + * to by pxCurrentTCB has just been suspended and pxCurrentTCB + * must be adjusted to point to a different task. */ + if( ( ( &xSuspendedTaskList )->uxNumberOfItems ) == uxCurrentNumberOfTasks ) /*lint !e931 Right has no side effect, just volatile. */ + { + /* No other tasks are ready, so set the core's TCB back to + * NULL so when the next task is created the core's TCB will + * be able to be set to point to it no matter what its relative + * priority is. */ + pxTCB->xTaskRunState = ( TaskRunning_t ) ( -1 ); + pxCurrentTCBs[ xTaskRunningOnCore ] = ((void*)0); + } + else + { + /* Attempt to switch in a new task. This could fail since the idle tasks + * haven't been created yet. If it does then set the core's TCB back to + * NULL. */ + if( prvSelectHighestPriorityTask( xTaskRunningOnCore ) == ( ( BaseType_t ) 0 ) ) + { + pxTCB->xTaskRunState = ( TaskRunning_t ) ( -1 ); + pxCurrentTCBs[ xTaskRunningOnCore ] = ((void*)0); + } + } + } + } + else + { + vTaskExitCritical(); + } + } /* taskEXIT_CRITICAL() - already exited in one of three cases above */ + } +/*-----------------------------------------------------------*/ + static BaseType_t prvTaskIsTaskSuspended( const TaskHandle_t xTask ) + { + BaseType_t xReturn = ( ( BaseType_t ) 0 ); + const TCB_t * const pxTCB = xTask; + /* Accesses xPendingReadyList so must be called from a critical section. */ + /* It does not make sense to check if the calling task is suspended. */ + (__builtin_expect(!(xTask), 0) ? __assert_rtn(__func__, "tasks.c", 2460, "xTask") : (void)0); + /* Is the task being resumed actually in the suspended list? */ + if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &xSuspendedTaskList ) ) ? ( ( ( BaseType_t ) 1 ) ) : ( ( ( BaseType_t ) 0 ) ) ) != ( ( BaseType_t ) 0 ) ) + { + /* Has the task already been resumed from within an ISR? */ + if( ( ( ( &( pxTCB->xEventListItem ) )->pxContainer == ( &xPendingReadyList ) ) ? ( ( ( BaseType_t ) 1 ) ) : ( ( ( BaseType_t ) 0 ) ) ) == ( ( BaseType_t ) 0 ) ) + { + /* Is it in the suspended list because it is in the Suspended + * state, or because is is blocked with no timeout? */ + if( ( ( ( &( pxTCB->xEventListItem ) )->pxContainer == ( ((void*)0) ) ) ? ( ( ( BaseType_t ) 1 ) ) : ( ( ( BaseType_t ) 0 ) ) ) != ( ( BaseType_t ) 0 ) ) /*lint !e961. The cast is only redundant when NULL is used. */ + { + xReturn = ( ( BaseType_t ) 1 ); + } + else + { + ; + } + } + else + { + ; + } + } + else + { + ; + } + return xReturn; + } /*lint !e818 xTask cannot be a pointer to const because it is a typedef. */ +/*-----------------------------------------------------------*/ + void vTaskResume( TaskHandle_t xTaskToResume ) + { + TCB_t * const pxTCB = xTaskToResume; + /* It does not make sense to resume the calling task. */ + (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn(__func__, "tasks.c", 2502, "xTaskToResume") : (void)0); + /* The parameter cannot be NULL as it is impossible to resume the + * currently executing task. It is also impossible to resume a task + * that is actively running on another core but it is too dangerous + * to check their run state here. Safer to get into a critical section + * and check if it is actually suspended or not below. */ + if( pxTCB != ((void*)0) ) + { + vTaskEnterCritical(); + { + if( prvTaskIsTaskSuspended( pxTCB ) != ( ( BaseType_t ) 0 ) ) + { + ; + /* The ready list can be accessed even if the scheduler is + * suspended because this is inside a critical section. */ + ( void ) uxListRemove( &( pxTCB->xStateListItem ) ); + ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ; + /* A higher priority task may have just been resumed. */ + { + prvYieldForTask( pxTCB, ( ( BaseType_t ) 1 ) ); + } + } + else + { + ; + } + } + vTaskExitCritical(); + } + else + { + ; + } + } +/*-----------------------------------------------------------*/ + BaseType_t xTaskResumeFromISR( TaskHandle_t xTaskToResume ) + { + BaseType_t xYieldRequired = ( ( BaseType_t ) 0 ); + TCB_t * const pxTCB = xTaskToResume; + UBaseType_t uxSavedInterruptStatus; + (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn(__func__, "tasks.c", 2554, "xTaskToResume") : (void)0); + /* RTOS ports that support interrupt nesting have the concept of a + * maximum system call (or maximum API call) interrupt priority. + * Interrupts that are above the maximum system call priority are keep + * permanently enabled, even when the RTOS kernel is in a critical section, + * but cannot make any calls to FreeRTOS API functions. If configASSERT() + * is defined in FreeRTOSConfig.h then + * portASSERT_IF_INTERRUPT_PRIORITY_INVALID() will result in an assertion + * failure if a FreeRTOS API function is called from an interrupt that has + * been assigned a priority above the configured maximum system call + * priority. Only FreeRTOS functions that end in FromISR can be called + * from interrupts that have been assigned a priority at or (logically) + * below the maximum system call interrupt priority. FreeRTOS maintains a + * separate interrupt safe API to ensure interrupt entry is as fast and as + * simple as possible. More information (albeit Cortex-M specific) is + * provided on the following link: + * https://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html */ + ; + uxSavedInterruptStatus = ({ uint32_t ulStateISR = ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;}); vTaskEnterCritical(); ulStateISR; }); + { + if( prvTaskIsTaskSuspended( pxTCB ) != ( ( BaseType_t ) 0 ) ) + { + ; + /* Check the ready lists can be accessed. */ + if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) ) + { + /* Ready lists can be accessed so move the task from the + * suspended list to the ready list directly. */ + ( void ) uxListRemove( &( pxTCB->xStateListItem ) ); + ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ; + } + else + { + /* The delayed or ready lists cannot be accessed so the task + * is held in the pending ready list until the scheduler is + * unsuspended. */ + vListInsertEnd( &( xPendingReadyList ), &( pxTCB->xEventListItem ) ); + } + prvYieldForTask( pxTCB, ( ( BaseType_t ) 1 ) ); + if( xYieldPendings[ 0 ] != ( ( BaseType_t ) 0 ) ) + { + xYieldRequired = ( ( BaseType_t ) 1 ); + } + } + else + { + ; + } + } + do { vTaskExitCritical(); __asm volatile ("msr PRIMASK,%0"::"r" (uxSavedInterruptStatus) : ); } while (0); + return xYieldRequired; + } +/*-----------------------------------------------------------*/ +static BaseType_t prvCreateIdleTasks( void ) +{ + BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) ); + BaseType_t xCoreID; + char cIdleName[ 16 ]; + /* Add each idle task at the lowest priority. */ + for( xCoreID = ( BaseType_t ) 0; xCoreID < ( BaseType_t ) 1; xCoreID++ ) + { + BaseType_t x; + if( xReturn == ( ( ( BaseType_t ) 0 ) ) ) + { + break; + } + else + { + ; + } + for( x = ( BaseType_t ) 0; x < ( BaseType_t ) 16; x++ ) + { + cIdleName[ x ] = "IDLE"[ x ]; + /* Don't copy all configMAX_TASK_NAME_LEN if the string is shorter than + * configMAX_TASK_NAME_LEN characters just in case the memory after the + * string is not accessible (extremely unlikely). */ + if( cIdleName[ x ] == ( char ) 0x00 ) + { + break; + } + else + { + ; + } + } + /* Append the idle task number to the end of the name if there is space */ + if( x < 16 ) + { + cIdleName[ x++ ] = xCoreID + '0'; + /* And append a null character if there is space */ + if( x < 16 ) + { + cIdleName[ x ] = '\0'; + } + else + { + ; + } + } + else + { + ; + } + { + if( xCoreID == 0 ) + { + /* The Idle task is being created using dynamically allocated RAM. */ + xReturn = xTaskCreate( prvIdleTask, + cIdleName, + ( uint32_t ) 256, + ( void * ) ((void*)0), + ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */ + &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */ + } + } + } + return xReturn; +} +void vTaskStartScheduler( void ) +{ + BaseType_t xReturn; + { + xReturn = xTimerCreateTimerTask(); + } + xReturn = prvCreateIdleTasks(); + if( xReturn == ( ( ( BaseType_t ) 1 ) ) ) + { + /* freertos_tasks_c_additions_init() should only be called if the user + * definable macro FREERTOS_TASKS_C_ADDITIONS_INIT() is defined, as that is + * the only macro called by the function. */ + /* Interrupts are turned off here, to ensure a tick does not occur + * before or during the call to xPortStartScheduler(). The stacks of + * the created tasks contain a status word with interrupts switched on + * so interrupts will automatically get re-enabled when the first task + * starts to run. */ + ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;}); + xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL; + xSchedulerRunning = ( ( BaseType_t ) 1 ); + xTickCount = ( TickType_t ) 0; + /* If configGENERATE_RUN_TIME_STATS is defined then the following + * macro must be defined to configure the timer/counter used to generate + * the run time counter time base. NOTE: If configGENERATE_RUN_TIME_STATS + * is set to 0 and the following line fails to build then ensure you do not + * have portCONFIGURE_TIMER_FOR_RUN_TIME_STATS() defined in your + * FreeRTOSConfig.h file. */ + ; + ; + /* Setting up the timer tick is hardware specific and thus in the + * portable interface. */ + if( xPortStartScheduler() != ( ( BaseType_t ) 0 ) ) + { + /* Should not reach here as if the scheduler is running the + * function will not return. */ + } + else + { + /* Should only reach here if a task calls xTaskEndScheduler(). */ + } + } + else + { + /* This line will only be reached if the kernel could not be started, + * because there was not enough FreeRTOS heap to create the idle task + * or the timer task. */ + (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn(__func__, "tasks.c", 2823, "xReturn != ( -1 )") : (void)0); + } + /* Prevent compiler warnings if INCLUDE_xTaskGetIdleTaskHandle is set to 0, + * meaning xIdleTaskHandle is not used anywhere else. */ + ( void ) xIdleTaskHandle; + /* OpenOCD makes use of uxTopUsedPriority for thread debugging. Prevent uxTopUsedPriority + * from getting optimized out as it is no longer used by the kernel. */ + ( void ) uxTopUsedPriority; +} +/*-----------------------------------------------------------*/ +void vTaskEndScheduler( void ) +{ + /* Stop the scheduler interrupts and call the portable scheduler end + * routine so the original ISRs can be restored if necessary. The port + * layer must ensure interrupts enable bit is left in the correct state. */ + ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;}); + xSchedulerRunning = ( ( BaseType_t ) 0 ); + vPortEndScheduler(); +} +/*----------------------------------------------------------*/ +void vTaskSuspendAll( void ) +{ + UBaseType_t ulState; + /* This must only be called from within a task */ + ; + if( xSchedulerRunning != ( ( BaseType_t ) 0 ) ) + { + /* writes to uxSchedulerSuspended must be protected by both the task AND ISR locks. + * We must disable interrupts before we grab the locks in the event that this task is + * interrupted and switches context before incrementing uxSchedulerSuspended. + * It is safe to re-enable interrupts after releasing the ISR lock and incrementing + * uxSchedulerSuspended since that will prevent context switches. */ + ulState = ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;}); + /* portSOFRWARE_BARRIER() is only implemented for emulated/simulated ports that + * do not otherwise exhibit real time behaviour. */ + ; + vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 1 )); + vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 1 )); + /* The scheduler is suspended if uxSchedulerSuspended is non-zero. An increment + * is used to allow calls to vTaskSuspendAll() to nest. */ + ++uxSchedulerSuspended; + vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 0 )); + if( ( uxSchedulerSuspended == 1U ) && ( xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0U ) ) + { + prvCheckForRunStateChange(); + } + __asm volatile ("msr PRIMASK,%0"::"r" (ulState) : ); + } + else + { + ; + } +} +/*----------------------------------------------------------*/ +/*----------------------------------------------------------*/ +BaseType_t xTaskResumeAll( void ) +{ + TCB_t * pxTCB = ((void*)0); + BaseType_t xAlreadyYielded = ( ( BaseType_t ) 0 ); + if( xSchedulerRunning != ( ( BaseType_t ) 0 ) ) + { + /* It is possible that an ISR caused a task to be removed from an event + * list while the scheduler was suspended. If this was the case then the + * removed task will have been added to the xPendingReadyList. Once the + * scheduler has been resumed it is safe to move all the pending ready + * tasks from this list into their appropriate ready list. */ + vTaskEnterCritical(); + { + BaseType_t xCoreID; + xCoreID = 0; + /* If uxSchedulerSuspended is zero then this function does not match a + * previous call to vTaskSuspendAll(). */ + (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn(__func__, "tasks.c", 2972, "uxSchedulerSuspended") : (void)0); + --uxSchedulerSuspended; + vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 0 )); + if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) ) + { + if( uxCurrentNumberOfTasks > ( UBaseType_t ) 0U ) + { + /* Move any readied tasks from the pending list into the + * appropriate ready list. */ + while( ( ( ( &xPendingReadyList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) == ( ( BaseType_t ) 0 ) ) + { + pxTCB = ( ( &( ( ( &xPendingReadyList ) )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ + ( void ) uxListRemove( &( pxTCB->xEventListItem ) ); + ( void ) uxListRemove( &( pxTCB->xStateListItem ) ); + ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ; + /* All appropriate tasks yield at the moment a task is added to xPendingReadyList. + * If the current core yielded then vTaskSwitchContext() has already been called + * which sets xYieldPendings for the current core to pdTRUE. */ + } + if( pxTCB != ((void*)0) ) + { + /* A task was unblocked while the scheduler was suspended, + * which may have prevented the next unblock time from being + * re-calculated, in which case re-calculate it now. Mainly + * important for low power tickless implementations, where + * this can prevent an unnecessary exit from low power + * state. */ + prvResetNextTaskUnblockTime(); + } + /* If any ticks occurred while the scheduler was suspended then + * they should be processed now. This ensures the tick count does + * not slip, and that any delayed tasks are resumed at the correct + * time. + * + * It should be safe to call xTaskIncrementTick here from any core + * since we are in a critical section and xTaskIncrementTick itself + * protects itself within a critical section. Suspending the scheduler + * from any core causes xTaskIncrementTick to increment uxPendedCounts.*/ + { + TickType_t xPendedCounts = xPendedTicks; /* Non-volatile copy. */ + if( xPendedCounts > ( TickType_t ) 0U ) + { + do + { + if( xTaskIncrementTick() != ( ( BaseType_t ) 0 ) ) + { + /* other cores are interrupted from + * within xTaskIncrementTick(). */ + xYieldPendings[ xCoreID ] = ( ( BaseType_t ) 1 ); + } + else + { + ; + } + --xPendedCounts; + } while( xPendedCounts > ( TickType_t ) 0U ); + xPendedTicks = 0; + } + else + { + ; + } + } + if( xYieldPendings[ xCoreID ] != ( ( BaseType_t ) 0 ) ) + { + /* If xYieldPendings is true then taskEXIT_CRITICAL() + * will yield, so make sure we return true to let the + * caller know a yield has already happened. */ + xAlreadyYielded = ( ( BaseType_t ) 1 ); + } + } + } + else + { + ; + } + } + vTaskExitCritical(); + } + else + { + ; + } + return xAlreadyYielded; +} +/*-----------------------------------------------------------*/ +TickType_t xTaskGetTickCount( void ) +{ + TickType_t xTicks; + /* Critical section required if running on a 16 bit processor. */ + ; + { + xTicks = xTickCount; + } + ; + return xTicks; +} +/*-----------------------------------------------------------*/ +TickType_t xTaskGetTickCountFromISR( void ) +{ + TickType_t xReturn; + UBaseType_t uxSavedInterruptStatus; + /* RTOS ports that support interrupt nesting have the concept of a maximum + * system call (or maximum API call) interrupt priority. Interrupts that are + * above the maximum system call priority are kept permanently enabled, even + * when the RTOS kernel is in a critical section, but cannot make any calls to + * FreeRTOS API functions. If configASSERT() is defined in FreeRTOSConfig.h + * then portASSERT_IF_INTERRUPT_PRIORITY_INVALID() will result in an assertion + * failure if a FreeRTOS API function is called from an interrupt that has been + * assigned a priority above the configured maximum system call priority. + * Only FreeRTOS functions that end in FromISR can be called from interrupts + * that have been assigned a priority at or (logically) below the maximum + * system call interrupt priority. FreeRTOS maintains a separate interrupt + * safe API to ensure interrupt entry is as fast and as simple as possible. + * More information (albeit Cortex-M specific) is provided on the following + * link: https://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html */ + ; + uxSavedInterruptStatus = 0; + { + xReturn = xTickCount; + } + ( void ) uxSavedInterruptStatus; + return xReturn; +} +/*-----------------------------------------------------------*/ +UBaseType_t uxTaskGetNumberOfTasks( void ) +{ + /* A critical section is not required because the variables are of type + * BaseType_t. */ + return uxCurrentNumberOfTasks; +} +/*-----------------------------------------------------------*/ +char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ +{ + TCB_t * pxTCB; + /* If null is passed in here then the name of the calling task is being + * queried. */ + pxTCB = ( ( ( xTaskToQuery ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTaskToQuery ) ); + (__builtin_expect(!(pxTCB), 0) ? __assert_rtn(__func__, "tasks.c", 3130, "pxTCB") : (void)0); + return &( pxTCB->pcTaskName[ 0 ] ); +} +/*-----------------------------------------------------------*/ + static TCB_t * prvSearchForNameWithinSingleList( List_t * pxList, + const char pcNameToQuery[] ) + { + TCB_t * pxNextTCB, * pxFirstTCB, * pxReturn = ((void*)0); + UBaseType_t x; + char cNextChar; + BaseType_t xBreakLoop; + /* This function is called with the scheduler suspended. */ + if( ( ( pxList )->uxNumberOfItems ) > ( UBaseType_t ) 0 ) + { + { List_t * const pxConstList = ( pxList ); ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; if( ( void * ) ( pxConstList )->pxIndex == ( void * ) &( ( pxConstList )->xListEnd ) ) { ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; } ( pxFirstTCB ) = ( pxConstList )->pxIndex->pvOwner; }; /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ + do + { + { List_t * const pxConstList = ( pxList ); ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; if( ( void * ) ( pxConstList )->pxIndex == ( void * ) &( ( pxConstList )->xListEnd ) ) { ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; } ( pxNextTCB ) = ( pxConstList )->pxIndex->pvOwner; }; /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ + /* Check each character in the name looking for a match or + * mismatch. */ + xBreakLoop = ( ( BaseType_t ) 0 ); + for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) 16; x++ ) + { + cNextChar = pxNextTCB->pcTaskName[ x ]; + if( cNextChar != pcNameToQuery[ x ] ) + { + /* Characters didn't match. */ + xBreakLoop = ( ( BaseType_t ) 1 ); + } + else if( cNextChar == ( char ) 0x00 ) + { + /* Both strings terminated, a match must have been + * found. */ + pxReturn = pxNextTCB; + xBreakLoop = ( ( BaseType_t ) 1 ); + } + else + { + ; + } + if( xBreakLoop != ( ( BaseType_t ) 0 ) ) + { + break; + } + } + if( pxReturn != ((void*)0) ) + { + /* The handle has been found. */ + break; + } + } while( pxNextTCB != pxFirstTCB ); + } + else + { + ; + } + return pxReturn; + } +/*-----------------------------------------------------------*/ + TaskHandle_t xTaskGetHandle( const char * pcNameToQuery ) /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + { + UBaseType_t uxQueue = 32; + TCB_t * pxTCB; + /* Task names will be truncated to configMAX_TASK_NAME_LEN - 1 bytes. */ + (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn(__func__, "tasks.c", 3212, "strlen( pcNameToQuery ) < 16") : (void)0); + vTaskSuspendAll(); + { + /* Search the ready lists. */ + do + { + uxQueue--; + pxTCB = prvSearchForNameWithinSingleList( ( List_t * ) &( pxReadyTasksLists[ uxQueue ] ), pcNameToQuery ); + if( pxTCB != ((void*)0) ) + { + /* Found the handle. */ + break; + } + } while( uxQueue > ( UBaseType_t ) ( ( UBaseType_t ) 0U ) ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ + /* Search the delayed lists. */ + if( pxTCB == ((void*)0) ) + { + pxTCB = prvSearchForNameWithinSingleList( ( List_t * ) pxDelayedTaskList, pcNameToQuery ); + } + if( pxTCB == ((void*)0) ) + { + pxTCB = prvSearchForNameWithinSingleList( ( List_t * ) pxOverflowDelayedTaskList, pcNameToQuery ); + } + { + if( pxTCB == ((void*)0) ) + { + /* Search the suspended list. */ + pxTCB = prvSearchForNameWithinSingleList( &xSuspendedTaskList, pcNameToQuery ); + } + } + { + if( pxTCB == ((void*)0) ) + { + /* Search the deleted list. */ + pxTCB = prvSearchForNameWithinSingleList( &xTasksWaitingTermination, pcNameToQuery ); + } + } + } + ( void ) xTaskResumeAll(); + return pxTCB; + } +/*-----------------------------------------------------------*/ + UBaseType_t uxTaskGetSystemState( TaskStatus_t * const pxTaskStatusArray, + const UBaseType_t uxArraySize, + uint32_t * const pulTotalRunTime ) + { + UBaseType_t uxTask = 0, uxQueue = 32; + vTaskSuspendAll(); + { + /* Is there a space in the array for each task in the system? */ + if( uxArraySize >= uxCurrentNumberOfTasks ) + { + /* Fill in an TaskStatus_t structure with information on each + * task in the Ready state. */ + do + { + uxQueue--; + uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &( pxReadyTasksLists[ uxQueue ] ), eReady ); + } while( uxQueue > ( UBaseType_t ) ( ( UBaseType_t ) 0U ) ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ + /* Fill in an TaskStatus_t structure with information on each + * task in the Blocked state. */ + uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), ( List_t * ) pxDelayedTaskList, eBlocked ); + uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), ( List_t * ) pxOverflowDelayedTaskList, eBlocked ); + { + /* Fill in an TaskStatus_t structure with information on + * each task that has been deleted but not yet cleaned up. */ + uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xTasksWaitingTermination, eDeleted ); + } + { + /* Fill in an TaskStatus_t structure with information on + * each task in the Suspended state. */ + uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended ); + } + { + if( pulTotalRunTime != ((void*)0) ) + { + *pulTotalRunTime = 0; + } + } + } + else + { + ; + } + } + ( void ) xTaskResumeAll(); + return uxTask; + } +/*----------------------------------------------------------*/ + TaskHandle_t * xTaskGetIdleTaskHandle( void ) + { + /* If xTaskGetIdleTaskHandle() is called before the scheduler has been + * started, then xIdleTaskHandle will be NULL. */ + (__builtin_expect(!(( xIdleTaskHandle != ((void*)0) )), 0) ? __assert_rtn(__func__, "tasks.c", 3349, "( xIdleTaskHandle != ((void*)0) )") : (void)0); + return &( xIdleTaskHandle[ 0 ] ); + } +/*----------------------------------------------------------*/ +/* This conditional compilation should use inequality to 0, not equality to 1. + * This is to ensure vTaskStepTick() is available when user defined low power mode + * implementations require configUSE_TICKLESS_IDLE to be set to a value other than + * 1. */ +/*----------------------------------------------------------*/ +BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp ) +{ + BaseType_t xYieldOccurred; + /* Must not be called with the scheduler suspended as the implementation + * relies on xPendedTicks being wound down to 0 in xTaskResumeAll(). */ + (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn(__func__, "tasks.c", 3381, "uxSchedulerSuspended == 0") : (void)0); + /* Use xPendedTicks to mimic xTicksToCatchUp number of ticks occurring when + * the scheduler is suspended so the ticks are executed in xTaskResumeAll(). */ + vTaskSuspendAll(); + xPendedTicks += xTicksToCatchUp; + xYieldOccurred = xTaskResumeAll(); + return xYieldOccurred; +} +/*----------------------------------------------------------*/ + BaseType_t xTaskAbortDelay( TaskHandle_t xTask ) + { + TCB_t * pxTCB = xTask; + BaseType_t xReturn; + (__builtin_expect(!(pxTCB), 0) ? __assert_rtn(__func__, "tasks.c", 3400, "pxTCB") : (void)0); + vTaskSuspendAll(); + { + /* A task can only be prematurely removed from the Blocked state if + * it is actually in the Blocked state. */ + if( eTaskGetState( xTask ) == eBlocked ) + { + xReturn = ( ( ( BaseType_t ) 1 ) ); + /* Remove the reference to the task from the blocked list. An + * interrupt won't touch the xStateListItem because the + * scheduler is suspended. */ + ( void ) uxListRemove( &( pxTCB->xStateListItem ) ); + /* Is the task waiting on an event also? If so remove it from + * the event list too. Interrupts can touch the event list item, + * even though the scheduler is suspended, so a critical section + * is used. */ + vTaskEnterCritical(); + { + if( ( ( &( pxTCB->xEventListItem ) )->pxContainer ) != ((void*)0) ) + { + ( void ) uxListRemove( &( pxTCB->xEventListItem ) ); + /* This lets the task know it was forcibly removed from the + * blocked state so it should not re-evaluate its block time and + * then block again. */ + pxTCB->ucDelayAborted = ( ( BaseType_t ) 1 ); + } + else + { + ; + } + } + vTaskExitCritical(); + /* Place the unblocked task into the appropriate ready list. */ + ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ; + /* A task being unblocked cannot cause an immediate context + * switch if preemption is turned off. */ + { + vTaskEnterCritical(); + { + prvYieldForTask( pxTCB, ( ( BaseType_t ) 0 ) ); + } + vTaskExitCritical(); + } + } + else + { + xReturn = ( ( ( BaseType_t ) 0 ) ); + } + } + ( void ) xTaskResumeAll(); + return xReturn; + } +/*----------------------------------------------------------*/ +BaseType_t xTaskIncrementTick( void ) +{ + TCB_t * pxTCB; + TickType_t xItemValue; + BaseType_t xSwitchRequired = ( ( BaseType_t ) 0 ); + UBaseType_t x; + BaseType_t xCoreYieldList[ 1 ] = { ( ( BaseType_t ) 0 ) }; + vTaskEnterCritical(); + { + /* Called by the portable layer each time a tick interrupt occurs. + * Increments the tick then checks to see if the new tick value will cause any + * tasks to be unblocked. */ + ; + /* Tick increment should occur on every kernel timer event. Core 0 has the + * responsibility to increment the tick, or increment the pended ticks if the + * scheduler is suspended. If pended ticks is greater than zero, the core that + * calls xTaskResumeAll has the responsibility to increment the tick. */ + if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) ) + { + /* Minor optimisation. The tick count cannot change in this + * block. */ + const TickType_t xConstTickCount = xTickCount + ( TickType_t ) 1; + /* Increment the RTOS tick, switching the delayed and overflowed + * delayed lists if it wraps to 0. */ + xTickCount = xConstTickCount; + if( xConstTickCount == ( TickType_t ) 0U ) /*lint !e774 'if' does not always evaluate to false as it is looking for an overflow. */ + { + { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn(__func__, "tasks.c", 3499, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); }; + } + else + { + ; + } + /* See if this tick has made a timeout expire. Tasks are stored in + * the queue in the order of their wake time - meaning once one task + * has been found whose block time has not expired there is no need to + * look any further down the list. */ + if( xConstTickCount >= xNextTaskUnblockTime ) + { + for( ; ; ) + { + if( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) != ( ( BaseType_t ) 0 ) ) + { + /* The delayed list is empty. Set xNextTaskUnblockTime + * to the maximum possible value so it is extremely + * unlikely that the + * if( xTickCount >= xNextTaskUnblockTime ) test will pass + * next time through. */ + xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL; /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ + break; + } + else + { + /* The delayed list is not empty, get the value of the + * item at the head of the delayed list. This is the time + * at which the task at the head of the delayed list must + * be removed from the Blocked state. */ + pxTCB = ( ( &( ( pxDelayedTaskList )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ + xItemValue = ( ( &( pxTCB->xStateListItem ) )->xItemValue ); + if( xConstTickCount < xItemValue ) + { + /* It is not time to unblock this item yet, but the + * item value is the time at which the task at the head + * of the blocked list must be removed from the Blocked + * state - so record the item value in + * xNextTaskUnblockTime. */ + xNextTaskUnblockTime = xItemValue; + break; /*lint !e9011 Code structure here is deemed easier to understand with multiple breaks. */ + } + else + { + ; + } + /* It is time to remove the item from the Blocked state. */ + ( void ) uxListRemove( &( pxTCB->xStateListItem ) ); + /* Is the task waiting on an event also? If so remove + * it from the event list. */ + if( ( ( &( pxTCB->xEventListItem ) )->pxContainer ) != ((void*)0) ) + { + ( void ) uxListRemove( &( pxTCB->xEventListItem ) ); + } + else + { + ; + } + /* Place the unblocked task into the appropriate ready + * list. */ + ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ; + /* A task being unblocked cannot cause an immediate + * context switch if preemption is turned off. */ + { + prvYieldForTask( pxTCB, ( ( BaseType_t ) 1 ) ); + } + } + } + } + /* Tasks of equal priority to the currently running task will share + * processing time (time slice) if preemption is on, and the application + * writer has not explicitly turned time slicing off. */ + { + /* TODO: If there are fewer "non-IDLE" READY tasks than cores, do not + * force a context switch that would just shuffle tasks around cores */ + /* TODO: There are certainly better ways of doing this that would reduce + * the number of interrupts and also potentially help prevent tasks from + * moving between cores as often. This, however, works for now. */ + for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) 1; x++ ) + { + if( ( ( &( pxReadyTasksLists[ pxCurrentTCBs[ x ]->uxPriority ] ) )->uxNumberOfItems ) > ( UBaseType_t ) 1 ) + { + xCoreYieldList[ x ] = ( ( BaseType_t ) 1 ); + } + else + { + ; + } + } + } + { + /* Guard against the tick hook being called when the pended tick + * count is being unwound (when the scheduler is being unlocked). */ + if( xPendedTicks == ( TickType_t ) 0 ) + { + vApplicationTickHook(); + } + else + { + ; + } + } + { + for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) 1; x++ ) + { + if( xYieldPendings[ x ] != ( ( BaseType_t ) 0 ) ) + { + xCoreYieldList[ x ] = ( ( BaseType_t ) 1 ); + } + else + { + ; + } + } + } + { + BaseType_t xCoreID; + xCoreID = 0; + for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) 1; x++ ) + { + { + if( xCoreYieldList[ x ] != ( ( BaseType_t ) 0 ) ) + { + if( x == xCoreID ) + { + xSwitchRequired = ( ( BaseType_t ) 1 ); + } + else + { + prvYieldCore( x ); + } + } + else + { + ; + } + } + } + } + } + else + { + ++xPendedTicks; + /* The tick hook gets called at regular intervals, even if the + * scheduler is locked. */ + { + vApplicationTickHook(); + } + } + } + vTaskExitCritical(); + return xSwitchRequired; +} +/*-----------------------------------------------------------*/ +/*-----------------------------------------------------------*/ +/*-----------------------------------------------------------*/ +/*-----------------------------------------------------------*/ +/*-----------------------------------------------------------*/ +void vTaskSwitchContext( BaseType_t xCoreID ) +{ + /* Acquire both locks: + * - The ISR lock protects the ready list from simultaneous access by + * both other ISRs and tasks. + * - We also take the task lock to pause here in case another core has + * suspended the scheduler. We don't want to simply set xYieldPending + * and move on if another core suspended the scheduler. We should only + * do that if the current core has suspended the scheduler. */ + vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 1 )); /* Must always acquire the task lock first */ + vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 1 )); + { + /* vTaskSwitchContext() must never be called from within a critical section. + * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */ + (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn(__func__, "tasks.c", 3810, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0); + if( uxSchedulerSuspended != ( UBaseType_t ) ( ( BaseType_t ) 0 ) ) + { + /* The scheduler is currently suspended - do not allow a context + * switch. */ + xYieldPendings[ xCoreID ] = ( ( BaseType_t ) 1 ); + } + else + { + xYieldPendings[ xCoreID ] = ( ( BaseType_t ) 0 ); + ; + /* Check for stack overflow, if configured. */ + { const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } }; + /* Before the currently running task is switched out, save its errno. */ + /* Select a new task to run using either the generic C or port + * optimised asm code. */ + ( void ) prvSelectHighestPriorityTask( xCoreID ); + ; + /* After the new task is switched in, update the global errno. */ + } + } + vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 0 )); + vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 0 )); +} +/*-----------------------------------------------------------*/ +void vTaskPlaceOnEventList( List_t * const pxEventList, + const TickType_t xTicksToWait ) +{ + (__builtin_expect(!(pxEventList), 0) ? __assert_rtn(__func__, "tasks.c", 3892, "pxEventList") : (void)0); + /* THIS FUNCTION MUST BE CALLED WITH EITHER INTERRUPTS DISABLED OR THE + * SCHEDULER SUSPENDED AND THE QUEUE BEING ACCESSED LOCKED. */ + /* Place the event list item of the TCB in the appropriate event list. + * This is placed in the list in priority order so the highest priority task + * is the first to be woken by the event. The queue that contains the event + * list is locked, preventing simultaneous access from interrupts. */ + vListInsert( pxEventList, &( xTaskGetCurrentTaskHandle()->xEventListItem ) ); + prvAddCurrentTaskToDelayedList( xTicksToWait, ( ( BaseType_t ) 1 ) ); +} +/*-----------------------------------------------------------*/ +void vTaskPlaceOnUnorderedEventList( List_t * pxEventList, + const TickType_t xItemValue, + const TickType_t xTicksToWait ) +{ + (__builtin_expect(!(pxEventList), 0) ? __assert_rtn(__func__, "tasks.c", 3911, "pxEventList") : (void)0); + /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED. It is used by + * the event groups implementation. */ + (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn(__func__, "tasks.c", 3915, "uxSchedulerSuspended != 0") : (void)0); + /* Store the item value in the event list item. It is safe to access the + * event list item here as interrupts won't access the event list item of a + * task that is not in the Blocked state. */ + ( ( &( xTaskGetCurrentTaskHandle()->xEventListItem ) )->xItemValue = ( xItemValue | 0x80000000UL ) ); + /* Place the event list item of the TCB at the end of the appropriate event + * list. It is safe to access the event list here because it is part of an + * event group implementation - and interrupts don't access event groups + * directly (instead they access them indirectly by pending function calls to + * the task level). */ + vListInsertEnd( pxEventList, &( xTaskGetCurrentTaskHandle()->xEventListItem ) ); + prvAddCurrentTaskToDelayedList( xTicksToWait, ( ( BaseType_t ) 1 ) ); +} +/*-----------------------------------------------------------*/ + void vTaskPlaceOnEventListRestricted( List_t * const pxEventList, + TickType_t xTicksToWait, + const BaseType_t xWaitIndefinitely ) + { + (__builtin_expect(!(pxEventList), 0) ? __assert_rtn(__func__, "tasks.c", 3939, "pxEventList") : (void)0); + /* This function should not be called by application code hence the + * 'Restricted' in its name. It is not part of the public API. It is + * designed for use by kernel code, and has special calling requirements - + * it should be called with the scheduler suspended. */ + /* Place the event list item of the TCB in the appropriate event list. + * In this case it is assume that this is the only task that is going to + * be waiting on this event list, so the faster vListInsertEnd() function + * can be used in place of vListInsert. */ + vListInsertEnd( pxEventList, &( xTaskGetCurrentTaskHandle()->xEventListItem ) ); + /* If the task should block indefinitely then set the block time to a + * value that will be recognised as an indefinite delay inside the + * prvAddCurrentTaskToDelayedList() function. */ + if( xWaitIndefinitely != ( ( BaseType_t ) 0 ) ) + { + xTicksToWait = ( TickType_t ) 0xffffffffUL; + } + ; + prvAddCurrentTaskToDelayedList( xTicksToWait, xWaitIndefinitely ); + } +/*-----------------------------------------------------------*/ +BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList ) +{ + TCB_t * pxUnblockedTCB; + BaseType_t xReturn; + /* THIS FUNCTION MUST BE CALLED FROM A CRITICAL SECTION. It can also be + * called from a critical section within an ISR. */ + /* The event list is sorted in priority order, so the first in the list can + * be removed as it is known to be the highest priority. Remove the TCB from + * the delayed list, and add it to the ready list. + * + * If an event is for a queue that is locked then this function will never + * get called - the lock count on the queue will get modified instead. This + * means exclusive access to the event list is guaranteed here. + * + * This function assumes that a check has already been made to ensure that + * pxEventList is not empty. */ + pxUnblockedTCB = ( ( &( ( pxEventList )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ + (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn(__func__, "tasks.c", 3987, "pxUnblockedTCB") : (void)0); + ( void ) uxListRemove( &( pxUnblockedTCB->xEventListItem ) ); + if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) ) + { + ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) ); + ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ; + } + else + { + /* The delayed and ready lists cannot be accessed, so hold this task + * pending until the scheduler is resumed. */ + vListInsertEnd( &( xPendingReadyList ), &( pxUnblockedTCB->xEventListItem ) ); + } + xReturn = ( ( BaseType_t ) 0 ); + prvYieldForTask( pxUnblockedTCB, ( ( BaseType_t ) 0 ) ); + if( xYieldPendings[ 0 ] != ( ( BaseType_t ) 0 ) ) + { + xReturn = ( ( BaseType_t ) 1 ); + } + return xReturn; +} +/*-----------------------------------------------------------*/ +void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem, + const TickType_t xItemValue ) +{ + TCB_t * pxUnblockedTCB; + /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED. It is used by + * the event flags implementation. */ + (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn(__func__, "tasks.c", 4037, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0); + /* Store the new item value in the event list. */ + ( ( pxEventListItem )->xItemValue = ( xItemValue | 0x80000000UL ) ); + /* Remove the event list form the event flag. Interrupts do not access + * event flags. */ + pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ + (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn(__func__, "tasks.c", 4045, "pxUnblockedTCB") : (void)0); + ( void ) uxListRemove( pxEventListItem ); + /* Remove the task from the delayed list and add it to the ready list. The + * scheduler is suspended so interrupts will not be accessing the ready + * lists. */ + ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) ); + ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ; + vTaskEnterCritical(); + { + prvYieldForTask( pxUnblockedTCB, ( ( BaseType_t ) 0 ) ); + } + vTaskExitCritical(); +} +/*-----------------------------------------------------------*/ +void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut ) +{ + (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn(__func__, "tasks.c", 4080, "pxTimeOut") : (void)0); + vTaskEnterCritical(); + { + pxTimeOut->xOverflowCount = xNumOfOverflows; + pxTimeOut->xTimeOnEntering = xTickCount; + } + vTaskExitCritical(); +} +/*-----------------------------------------------------------*/ +void vTaskInternalSetTimeOutState( TimeOut_t * const pxTimeOut ) +{ + /* For internal use only as it does not use a critical section. */ + pxTimeOut->xOverflowCount = xNumOfOverflows; + pxTimeOut->xTimeOnEntering = xTickCount; +} +/*-----------------------------------------------------------*/ +BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut, + TickType_t * const pxTicksToWait ) +{ + BaseType_t xReturn; + (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn(__func__, "tasks.c", 4103, "pxTimeOut") : (void)0); + (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn(__func__, "tasks.c", 4104, "pxTicksToWait") : (void)0); + vTaskEnterCritical(); + { + /* Minor optimisation. The tick count cannot change in this block. */ + const TickType_t xConstTickCount = xTickCount; + const TickType_t xElapsedTime = xConstTickCount - pxTimeOut->xTimeOnEntering; + if( xTaskGetCurrentTaskHandle()->ucDelayAborted != ( uint8_t ) ( ( BaseType_t ) 0 ) ) + { + /* The delay was aborted, which is not the same as a time out, + * but has the same result. */ + xTaskGetCurrentTaskHandle()->ucDelayAborted = ( ( BaseType_t ) 0 ); + xReturn = ( ( BaseType_t ) 1 ); + } + else + if( *pxTicksToWait == ( TickType_t ) 0xffffffffUL ) + { + /* If INCLUDE_vTaskSuspend is set to 1 and the block time + * specified is the maximum block time then the task should block + * indefinitely, and therefore never time out. */ + xReturn = ( ( BaseType_t ) 0 ); + } + else + if( ( xNumOfOverflows != pxTimeOut->xOverflowCount ) && ( xConstTickCount >= pxTimeOut->xTimeOnEntering ) ) /*lint !e525 Indentation preferred as is to make code within pre-processor directives clearer. */ + { + /* The tick count is greater than the time at which + * vTaskSetTimeout() was called, but has also overflowed since + * vTaskSetTimeOut() was called. It must have wrapped all the way + * around and gone past again. This passed since vTaskSetTimeout() + * was called. */ + xReturn = ( ( BaseType_t ) 1 ); + *pxTicksToWait = ( TickType_t ) 0; + } + else if( xElapsedTime < *pxTicksToWait ) /*lint !e961 Explicit casting is only redundant with some compilers, whereas others require it to prevent integer conversion errors. */ + { + /* Not a genuine timeout. Adjust parameters for time remaining. */ + *pxTicksToWait -= xElapsedTime; + vTaskInternalSetTimeOutState( pxTimeOut ); + xReturn = ( ( BaseType_t ) 0 ); + } + else + { + *pxTicksToWait = ( TickType_t ) 0; + xReturn = ( ( BaseType_t ) 1 ); + } + } + vTaskExitCritical(); + return xReturn; +} +/*-----------------------------------------------------------*/ +void vTaskMissedYield( void ) +{ + /* Must be called from within a critical section */ + xYieldPendings[ 0 ] = ( ( BaseType_t ) 1 ); +} +/*-----------------------------------------------------------*/ + UBaseType_t uxTaskGetTaskNumber( TaskHandle_t xTask ) + { + UBaseType_t uxReturn; + TCB_t const * pxTCB; + if( xTask != ((void*)0) ) + { + pxTCB = xTask; + uxReturn = pxTCB->uxTaskNumber; + } + else + { + uxReturn = 0U; + } + return uxReturn; + } +/*-----------------------------------------------------------*/ + void vTaskSetTaskNumber( TaskHandle_t xTask, + const UBaseType_t uxHandle ) + { + TCB_t * pxTCB; + if( xTask != ((void*)0) ) + { + pxTCB = xTask; + pxTCB->uxTaskNumber = uxHandle; + } + } +/* + * ----------------------------------------------------------- + * The MinimalIdle task. + * ---------------------------------------------------------- + * + * The minimal idle task is used for all the additional Cores in a SMP system. + * There must be only 1 idle task and the rest are minimal idle tasks. + * + * @todo additional conditional compiles to remove this function. + */ +/* + * ----------------------------------------------------------- + * The Idle task. + * ---------------------------------------------------------- + * + * + */ +static void prvIdleTask( void * pvParameters ) +{ + /* Stop warnings. */ + ( void ) pvParameters; + /** THIS IS THE RTOS IDLE TASK - WHICH IS CREATED AUTOMATICALLY WHEN THE + * SCHEDULER IS STARTED. **/ + /* In case a task that has a secure context deletes itself, in which case + * the idle task is responsible for deleting the task's secure context, if + * any. */ + ; + /* All cores start up in the idle task. This initial yield gets the application + * tasks started. */ + vPortYield(); + for( ; ; ) + { + /* See if any tasks have deleted themselves - if so then the idle task + * is responsible for freeing the deleted task's TCB and stack. */ + prvCheckTasksWaitingTermination(); + { + /* When using preemption tasks of equal priority will be + * timesliced. If a task that is sharing the idle priority is ready + * to run then the idle task should yield before the end of the + * timeslice. + * + * A critical region is not required here as we are just reading from + * the list, and an occasional incorrect value will not matter. If + * the ready list at the idle priority contains one more task than the + * number of idle tasks, which is equal to the configured numbers of cores + * then a task other than the idle task is ready to execute. */ + if( ( ( &( pxReadyTasksLists[ ( ( UBaseType_t ) 0U ) ] ) )->uxNumberOfItems ) > ( UBaseType_t ) 1 ) + { + vPortYield(); + } + else + { + ; + } + } + /* This conditional compilation should use inequality to 0, not equality + * to 1. This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when + * user defined low power mode implementations require + * configUSE_TICKLESS_IDLE to be set to a value other than 1. */ + } +} +/*-----------------------------------------------------------*/ +/*-----------------------------------------------------------*/ + void vTaskSetThreadLocalStoragePointer( TaskHandle_t xTaskToSet, + BaseType_t xIndex, + void * pvValue ) + { + TCB_t * pxTCB; + if( xIndex < 5 ) + { + pxTCB = ( ( ( xTaskToSet ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSet ) ); + (__builtin_expect(!(pxTCB != ((void*)0)), 0) ? __assert_rtn(__func__, "tasks.c", 4484, "pxTCB != ((void*)0)") : (void)0); + pxTCB->pvThreadLocalStoragePointers[ xIndex ] = pvValue; + } + } +/*-----------------------------------------------------------*/ + void * pvTaskGetThreadLocalStoragePointer( TaskHandle_t xTaskToQuery, + BaseType_t xIndex ) + { + void * pvReturn = ((void*)0); + TCB_t * pxTCB; + if( xIndex < 5 ) + { + pxTCB = ( ( ( xTaskToQuery ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTaskToQuery ) ); + pvReturn = pxTCB->pvThreadLocalStoragePointers[ xIndex ]; + } + else + { + pvReturn = ((void*)0); + } + return pvReturn; + } +/*-----------------------------------------------------------*/ +/*-----------------------------------------------------------*/ +static void prvInitialiseTaskLists( void ) +{ + UBaseType_t uxPriority; + for( uxPriority = ( UBaseType_t ) 0U; uxPriority < ( UBaseType_t ) 32; uxPriority++ ) + { + vListInitialise( &( pxReadyTasksLists[ uxPriority ] ) ); + } + vListInitialise( &xDelayedTaskList1 ); + vListInitialise( &xDelayedTaskList2 ); + vListInitialise( &xPendingReadyList ); + { + vListInitialise( &xTasksWaitingTermination ); + } + { + vListInitialise( &xSuspendedTaskList ); + } + /* Start with pxDelayedTaskList using list1 and the pxOverflowDelayedTaskList + * using list2. */ + pxDelayedTaskList = &xDelayedTaskList1; + pxOverflowDelayedTaskList = &xDelayedTaskList2; +} +/*-----------------------------------------------------------*/ +static void prvCheckTasksWaitingTermination( void ) +{ + /** THIS FUNCTION IS CALLED FROM THE RTOS IDLE TASK **/ + { + TCB_t * pxTCB; + /* uxDeletedTasksWaitingCleanUp is used to prevent taskENTER_CRITICAL() + * being called too often in the idle task. */ + while( uxDeletedTasksWaitingCleanUp > ( UBaseType_t ) 0U ) + { + vTaskEnterCritical(); + { + /* Since we are SMP, multiple idles can be running simultaneously + * and we need to check that other idles did not cleanup while we were + * waiting to enter the critical section */ + if( uxDeletedTasksWaitingCleanUp > ( UBaseType_t ) 0U ) + { + pxTCB = ( ( &( ( ( &xTasksWaitingTermination ) )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ + if( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -1 ) ) + { + ( void ) uxListRemove( &( pxTCB->xStateListItem ) ); + --uxCurrentNumberOfTasks; + --uxDeletedTasksWaitingCleanUp; + prvDeleteTCB( pxTCB ); + } + else + { + /* The TCB to be deleted still has not yet been switched out + * by the scheduler, so we will just exit this loop early and + * try again next time. */ + vTaskExitCritical(); + break; + } + } + } + vTaskExitCritical(); + } + } +} +/*-----------------------------------------------------------*/ + void vTaskGetInfo( TaskHandle_t xTask, + TaskStatus_t * pxTaskStatus, + BaseType_t xGetFreeStackSpace, + eTaskState eState ) + { + TCB_t * pxTCB; + /* xTask is NULL then get the state of the calling task. */ + pxTCB = ( ( ( xTask ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTask ) ); + pxTaskStatus->xHandle = ( TaskHandle_t ) pxTCB; + pxTaskStatus->pcTaskName = ( const char * ) &( pxTCB->pcTaskName[ 0 ] ); + pxTaskStatus->uxCurrentPriority = pxTCB->uxPriority; + pxTaskStatus->pxStackBase = pxTCB->pxStack; + pxTaskStatus->xTaskNumber = pxTCB->uxTCBNumber; + { + pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority; + } + { + pxTaskStatus->ulRunTimeCounter = 0; + } + /* Obtaining the task state is a little fiddly, so is only done if the + * value of eState passed into this function is eInvalid - otherwise the + * state is just set to whatever is passed in. */ + if( eState != eInvalid ) + { + if( ( ( 0 <= pxTCB->xTaskRunState ) && ( pxTCB->xTaskRunState < 1 ) ) ) + { + pxTaskStatus->eCurrentState = eRunning; + } + else + { + pxTaskStatus->eCurrentState = eState; + { + /* If the task is in the suspended list then there is a + * chance it is actually just blocked indefinitely - so really + * it should be reported as being in the Blocked state. */ + if( eState == eSuspended ) + { + vTaskSuspendAll(); + { + if( ( ( &( pxTCB->xEventListItem ) )->pxContainer ) != ((void*)0) ) + { + pxTaskStatus->eCurrentState = eBlocked; + } + } + ( void ) xTaskResumeAll(); + } + } + } + } + else + { + pxTaskStatus->eCurrentState = eTaskGetState( pxTCB ); + } + /* Obtaining the stack space takes some time, so the xGetFreeStackSpace + * parameter is provided to allow it to be skipped. */ + if( xGetFreeStackSpace != ( ( BaseType_t ) 0 ) ) + { + { + pxTaskStatus->usStackHighWaterMark = prvTaskCheckFreeStackSpace( ( uint8_t * ) pxTCB->pxStack ); + } + } + else + { + pxTaskStatus->usStackHighWaterMark = 0; + } + } +/*-----------------------------------------------------------*/ + static UBaseType_t prvListTasksWithinSingleList( TaskStatus_t * pxTaskStatusArray, + List_t * pxList, + eTaskState eState ) + { + TCB_t * pxNextTCB, * pxFirstTCB; + UBaseType_t uxTask = 0; + if( ( ( pxList )->uxNumberOfItems ) > ( UBaseType_t ) 0 ) + { + { List_t * const pxConstList = ( pxList ); ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; if( ( void * ) ( pxConstList )->pxIndex == ( void * ) &( ( pxConstList )->xListEnd ) ) { ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; } ( pxFirstTCB ) = ( pxConstList )->pxIndex->pvOwner; }; /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ + /* Populate an TaskStatus_t structure within the + * pxTaskStatusArray array for each task that is referenced from + * pxList. See the definition of TaskStatus_t in task.h for the + * meaning of each TaskStatus_t structure member. */ + do + { + { List_t * const pxConstList = ( pxList ); ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; if( ( void * ) ( pxConstList )->pxIndex == ( void * ) &( ( pxConstList )->xListEnd ) ) { ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; } ( pxNextTCB ) = ( pxConstList )->pxIndex->pvOwner; }; /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ + vTaskGetInfo( ( TaskHandle_t ) pxNextTCB, &( pxTaskStatusArray[ uxTask ] ), ( ( BaseType_t ) 1 ), eState ); + uxTask++; + } while( pxNextTCB != pxFirstTCB ); + } + else + { + ; + } + return uxTask; + } +/*-----------------------------------------------------------*/ + static uint32_t prvTaskCheckFreeStackSpace( const uint8_t * pucStackByte ) + { + uint32_t ulCount = 0U; + while( *pucStackByte == ( uint8_t ) ( 0xa5U ) ) + { + pucStackByte -= ( -1 ); + ulCount++; + } + ulCount /= ( uint32_t ) sizeof( StackType_t ); /*lint !e961 Casting is not redundant on smaller architectures. */ + return ( uint32_t ) ulCount; + } +/*-----------------------------------------------------------*/ +/*-----------------------------------------------------------*/ + UBaseType_t uxTaskGetStackHighWaterMark( TaskHandle_t xTask ) + { + TCB_t * pxTCB; + uint8_t * pucEndOfStack; + UBaseType_t uxReturn; + pxTCB = ( ( ( xTask ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTask ) ); + { + pucEndOfStack = ( uint8_t * ) pxTCB->pxStack; + } + uxReturn = ( UBaseType_t ) prvTaskCheckFreeStackSpace( pucEndOfStack ); + return uxReturn; + } +/*-----------------------------------------------------------*/ + static void prvDeleteTCB( TCB_t * pxTCB ) + { + /* This call is required specifically for the TriCore port. It must be + * above the vPortFree() calls. The call is also used by ports/demos that + * want to allocate and clean RAM statically. */ + ( void ) pxTCB; + /* Free up the memory allocated by the scheduler for the task. It is up + * to the task to free any memory allocated at the application level. + * See the third party link http://www.nadler.com/embedded/newlibAndFreeRTOS.html + * for additional information. */ + { + /* The task can only have been allocated dynamically - free both + * the stack and TCB. */ + vPortFree( pxTCB->pxStack ); + vPortFree( pxTCB ); + } + } +/*-----------------------------------------------------------*/ +static void prvResetNextTaskUnblockTime( void ) +{ + if( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) != ( ( BaseType_t ) 0 ) ) + { + /* The new current delayed list is empty. Set xNextTaskUnblockTime to + * the maximum possible value so it is extremely unlikely that the + * if( xTickCount >= xNextTaskUnblockTime ) test will pass until + * there is an item in the delayed list. */ + xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL; + } + else + { + /* The new current delayed list is not empty, get the value of + * the item at the head of the delayed list. This is the time at + * which the task at the head of the delayed list should be removed + * from the Blocked state. */ + xNextTaskUnblockTime = ( ( ( pxDelayedTaskList )->xListEnd ).pxNext->xItemValue ); + } +} +/*-----------------------------------------------------------*/ + TaskHandle_t xTaskGetCurrentTaskHandle( void ) + { + TaskHandle_t xReturn; + uint32_t ulState; + ulState = ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;}); + xReturn = pxCurrentTCBs[ 0 ]; + __asm volatile ("msr PRIMASK,%0"::"r" (ulState) : ); + return xReturn; + } + TaskHandle_t xTaskGetCurrentTaskHandleCPU( UBaseType_t xCoreID ) + { + TaskHandle_t xReturn = ((void*)0); + if( ( ( BaseType_t ) ( ( 0 <= xCoreID ) && ( xCoreID < 1 ) ) ) != ( ( BaseType_t ) 0 ) ) + { + xReturn = pxCurrentTCBs[ xCoreID ]; + } + return xReturn; + } +/*-----------------------------------------------------------*/ + BaseType_t xTaskGetSchedulerState( void ) + { + BaseType_t xReturn; + if( xSchedulerRunning == ( ( BaseType_t ) 0 ) ) + { + xReturn = ( ( BaseType_t ) 1 ); + } + else + { + vTaskEnterCritical(); + { + if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) ) + { + xReturn = ( ( BaseType_t ) 2 ); + } + else + { + xReturn = ( ( BaseType_t ) 0 ); + } + } + vTaskExitCritical(); + } + return xReturn; + } +/*-----------------------------------------------------------*/ + BaseType_t xTaskPriorityInherit( TaskHandle_t const pxMutexHolder ) + { + TCB_t * const pxMutexHolderTCB = pxMutexHolder; + BaseType_t xReturn = ( ( BaseType_t ) 0 ); + /* If the mutex was given back by an interrupt while the queue was + * locked then the mutex holder might now be NULL. _RB_ Is this still + * needed as interrupts can no longer use mutexes? */ + if( pxMutexHolder != ((void*)0) ) + { + /* If the holder of the mutex has a priority below the priority of + * the task attempting to obtain the mutex then it will temporarily + * inherit the priority of the task attempting to obtain the mutex. */ + if( pxMutexHolderTCB->uxPriority < xTaskGetCurrentTaskHandle()->uxPriority ) + { + /* Adjust the mutex holder state to account for its new + * priority. Only reset the event list item value if the value is + * not being used for anything else. */ + if( ( ( ( &( pxMutexHolderTCB->xEventListItem ) )->xItemValue ) & 0x80000000UL ) == 0UL ) + { + ( ( &( pxMutexHolderTCB->xEventListItem ) )->xItemValue = ( ( TickType_t ) 32 - ( TickType_t ) xTaskGetCurrentTaskHandle()->uxPriority ) ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ + } + else + { + ; + } + /* If the task being modified is in the ready state it will need + * to be moved into a new list. */ + if( ( ( ( &( pxMutexHolderTCB->xStateListItem ) )->pxContainer == ( &( pxReadyTasksLists[ pxMutexHolderTCB->uxPriority ] ) ) ) ? ( ( ( BaseType_t ) 1 ) ) : ( ( ( BaseType_t ) 0 ) ) ) != ( ( BaseType_t ) 0 ) ) + { + if( uxListRemove( &( pxMutexHolderTCB->xStateListItem ) ) == ( UBaseType_t ) 0 ) + { + /* It is known that the task is in its ready list so + * there is no need to check again and the port level + * reset macro can be called directly. */ + ; + } + else + { + ; + } + /* Inherit the priority before being moved into the new list. */ + pxMutexHolderTCB->uxPriority = xTaskGetCurrentTaskHandle()->uxPriority; + ; { if( ( ( pxMutexHolderTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxMutexHolderTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxMutexHolderTCB )->uxPriority ] ), &( ( pxMutexHolderTCB )->xStateListItem ) ); ; + } + else + { + /* Just inherit the priority. */ + pxMutexHolderTCB->uxPriority = xTaskGetCurrentTaskHandle()->uxPriority; + } + ; + /* Inheritance occurred. */ + xReturn = ( ( BaseType_t ) 1 ); + } + else + { + if( pxMutexHolderTCB->uxBasePriority < xTaskGetCurrentTaskHandle()->uxPriority ) + { + /* The base priority of the mutex holder is lower than the + * priority of the task attempting to take the mutex, but the + * current priority of the mutex holder is not lower than the + * priority of the task attempting to take the mutex. + * Therefore the mutex holder must have already inherited a + * priority, but inheritance would have occurred if that had + * not been the case. */ + xReturn = ( ( BaseType_t ) 1 ); + } + else + { + ; + } + } + } + else + { + ; + } + return xReturn; + } +/*-----------------------------------------------------------*/ + BaseType_t xTaskPriorityDisinherit( TaskHandle_t const pxMutexHolder ) + { + TCB_t * const pxTCB = pxMutexHolder; + BaseType_t xReturn = ( ( BaseType_t ) 0 ); + if( pxMutexHolder != ((void*)0) ) + { + /* A task can only have an inherited priority if it holds the mutex. + * If the mutex is held by a task then it cannot be given from an + * interrupt, and if a mutex is given by the holding task then it must + * be the running state task. */ + (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn(__func__, "tasks.c", 5075, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0); + (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn(__func__, "tasks.c", 5076, "pxTCB->uxMutexesHeld") : (void)0); + ( pxTCB->uxMutexesHeld )--; + /* Has the holder of the mutex inherited the priority of another + * task? */ + if( pxTCB->uxPriority != pxTCB->uxBasePriority ) + { + /* Only disinherit if no other mutexes are held. */ + if( pxTCB->uxMutexesHeld == ( UBaseType_t ) 0 ) + { + /* A task can only have an inherited priority if it holds + * the mutex. If the mutex is held by a task then it cannot be + * given from an interrupt, and if a mutex is given by the + * holding task then it must be the running state task. Remove + * the holding task from the ready list. */ + if( uxListRemove( &( pxTCB->xStateListItem ) ) == ( UBaseType_t ) 0 ) + { + ; + } + else + { + ; + } + /* Disinherit the priority before adding the task into the + * new ready list. */ + ; + pxTCB->uxPriority = pxTCB->uxBasePriority; + /* Reset the event list item value. It cannot be in use for + * any other purpose if this task is running, and it must be + * running to give back the mutex. */ + ( ( &( pxTCB->xEventListItem ) )->xItemValue = ( ( TickType_t ) 32 - ( TickType_t ) pxTCB->uxPriority ) ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ + ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ; + /* Return true to indicate that a context switch is required. + * This is only actually required in the corner case whereby + * multiple mutexes were held and the mutexes were given back + * in an order different to that in which they were taken. + * If a context switch did not occur when the first mutex was + * returned, even if a task was waiting on it, then a context + * switch should occur when the last mutex is returned whether + * a task is waiting on it or not. */ + xReturn = ( ( BaseType_t ) 1 ); + } + else + { + ; + } + } + else + { + ; + } + } + else + { + ; + } + return xReturn; + } +/*-----------------------------------------------------------*/ + void vTaskPriorityDisinheritAfterTimeout( TaskHandle_t const pxMutexHolder, + UBaseType_t uxHighestPriorityWaitingTask ) + { + TCB_t * const pxTCB = pxMutexHolder; + UBaseType_t uxPriorityUsedOnEntry, uxPriorityToUse; + const UBaseType_t uxOnlyOneMutexHeld = ( UBaseType_t ) 1; + if( pxMutexHolder != ((void*)0) ) + { + /* If pxMutexHolder is not NULL then the holder must hold at least + * one mutex. */ + (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn(__func__, "tasks.c", 5155, "pxTCB->uxMutexesHeld") : (void)0); + /* Determine the priority to which the priority of the task that + * holds the mutex should be set. This will be the greater of the + * holding task's base priority and the priority of the highest + * priority task that is waiting to obtain the mutex. */ + if( pxTCB->uxBasePriority < uxHighestPriorityWaitingTask ) + { + uxPriorityToUse = uxHighestPriorityWaitingTask; + } + else + { + uxPriorityToUse = pxTCB->uxBasePriority; + } + /* Does the priority need to change? */ + if( pxTCB->uxPriority != uxPriorityToUse ) + { + /* Only disinherit if no other mutexes are held. This is a + * simplification in the priority inheritance implementation. If + * the task that holds the mutex is also holding other mutexes then + * the other mutexes may have caused the priority inheritance. */ + if( pxTCB->uxMutexesHeld == uxOnlyOneMutexHeld ) + { + /* If a task has timed out because it already holds the + * mutex it was trying to obtain then it cannot of inherited + * its own priority. */ + (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn(__func__, "tasks.c", 5182, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0); + /* Disinherit the priority, remembering the previous + * priority to facilitate determining the subject task's + * state. */ + ; + uxPriorityUsedOnEntry = pxTCB->uxPriority; + pxTCB->uxPriority = uxPriorityToUse; + /* Only reset the event list item value if the value is not + * being used for anything else. */ + if( ( ( ( &( pxTCB->xEventListItem ) )->xItemValue ) & 0x80000000UL ) == 0UL ) + { + ( ( &( pxTCB->xEventListItem ) )->xItemValue = ( ( TickType_t ) 32 - ( TickType_t ) uxPriorityToUse ) ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ + } + else + { + ; + } + /* If the running task is not the task that holds the mutex + * then the task that holds the mutex could be in either the + * Ready, Blocked or Suspended states. Only remove the task + * from its current state list if it is in the Ready state as + * the task's priority is going to change and there is one + * Ready list per priority. */ + if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &( pxReadyTasksLists[ uxPriorityUsedOnEntry ] ) ) ) ? ( ( ( BaseType_t ) 1 ) ) : ( ( ( BaseType_t ) 0 ) ) ) != ( ( BaseType_t ) 0 ) ) + { + if( uxListRemove( &( pxTCB->xStateListItem ) ) == ( UBaseType_t ) 0 ) + { + /* It is known that the task is in its ready list so + * there is no need to check again and the port level + * reset macro can be called directly. */ + ; + } + else + { + ; + } + ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ; + } + else + { + ; + } + } + else + { + ; + } + } + else + { + ; + } + } + else + { + ; + } + } +/*-----------------------------------------------------------*/ +/* + * If not in a critical section then yield immediately. + * Otherwise set xYieldPending to true to wait to + * yield until exiting the critical section. + */ +void vTaskYieldWithinAPI( void ) +{ + if( xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0U ) + { + vPortYield(); + } + else + { + xYieldPendings[ 0 ] = ( ( BaseType_t ) 1 ); + } +} +/*-----------------------------------------------------------*/ + void vTaskEnterCritical( void ) + { + ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;}); + if( xSchedulerRunning != ( ( BaseType_t ) 0 ) ) + { + if( xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0U ) + { + if( ({ uint32_t ulIPSR; __asm volatile ("mrs %0, IPSR" : "=r" (ulIPSR)::); ((uint8_t)ulIPSR)>0;}) == ( ( BaseType_t ) 0 ) ) + { + vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 1 )); + } + vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 1 )); + } + ( xTaskGetCurrentTaskHandle()->uxCriticalNesting )++; + /* This should now be interrupt safe. The only time there would be + * a problem is if this is called before a context switch and + * vTaskExitCritical() is called after pxCurrentTCB changes. Therefore + * this should not be used within vTaskSwitchContext(). */ + if( ( uxSchedulerSuspended == 0U ) && ( xTaskGetCurrentTaskHandle()->uxCriticalNesting == 1U ) ) + { + prvCheckForRunStateChange(); + } + } + else + { + ; + } + } +/*-----------------------------------------------------------*/ + void vTaskExitCritical( void ) + { + if( xSchedulerRunning != ( ( BaseType_t ) 0 ) ) + { + /* If pxCurrentTCB->uxCriticalNesting is zero then this function + * does not match a previous call to vTaskEnterCritical(). */ + (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn(__func__, "tasks.c", 5313, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0); + if( xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U ) + { + ( xTaskGetCurrentTaskHandle()->uxCriticalNesting )--; + if( xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0U ) + { + vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 0 )); + if( ({ uint32_t ulIPSR; __asm volatile ("mrs %0, IPSR" : "=r" (ulIPSR)::); ((uint8_t)ulIPSR)>0;}) == ( ( BaseType_t ) 0 ) ) + { + vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 0 )); + vPortEnableInterrupts(); + /* When a task yields in a critical section it just sets + * xYieldPending to true. So now that we have exited the + * critical section check if xYieldPending is true, and + * if so yield. */ + if( prvGetCurrentYieldPending() != ( ( BaseType_t ) 0 ) ) + { + vPortYield(); + } + } + else + { + /* In an ISR we don't hold the task lock and don't + * need to yield. Yield will happen if necessary when + * the application ISR calls portEND_SWITCHING_ISR() */ + ; + } + } + else + { + ; + } + } + else + { + ; + } + } + else + { + ; + } + } +/*-----------------------------------------------------------*/ +/*-----------------------------------------------------------*/ +/*----------------------------------------------------------*/ +/*-----------------------------------------------------------*/ +TickType_t uxTaskResetEventItemValue( void ) +{ + TickType_t uxReturn; + uxReturn = ( ( &( xTaskGetCurrentTaskHandle()->xEventListItem ) )->xItemValue ); + /* Reset the event list item to its normal value - so it can be used with + * queues and semaphores. */ + ( ( &( xTaskGetCurrentTaskHandle()->xEventListItem ) )->xItemValue = ( ( ( TickType_t ) 32 - ( TickType_t ) xTaskGetCurrentTaskHandle()->uxPriority ) ) ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ + return uxReturn; +} +/*-----------------------------------------------------------*/ + TaskHandle_t pvTaskIncrementMutexHeldCount( void ) + { + /* If xSemaphoreCreateMutex() is called before any tasks have been created + * then pxCurrentTCB will be NULL. */ + if( xTaskGetCurrentTaskHandle() != ((void*)0) ) + { + ( xTaskGetCurrentTaskHandle()->uxMutexesHeld )++; + } + return xTaskGetCurrentTaskHandle(); + } +/*-----------------------------------------------------------*/ + uint32_t ulTaskGenericNotifyTake( UBaseType_t uxIndexToWait, + BaseType_t xClearCountOnExit, + TickType_t xTicksToWait ) + { + uint32_t ulReturn; + (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn(__func__, "tasks.c", 5663, "uxIndexToWait < 1") : (void)0); + vTaskEnterCritical(); + { + /* Only block if the notification count is not already non-zero. */ + if( xTaskGetCurrentTaskHandle()->ulNotifiedValue[ uxIndexToWait ] == 0UL ) + { + /* Mark this task as waiting for a notification. */ + xTaskGetCurrentTaskHandle()->ucNotifyState[ uxIndexToWait ] = ( ( uint8_t ) 1 ); + if( xTicksToWait > ( TickType_t ) 0 ) + { + prvAddCurrentTaskToDelayedList( xTicksToWait, ( ( BaseType_t ) 1 ) ); + ; + /* All ports are written to allow a yield in a critical + * section (some will yield immediately, others wait until the + * critical section exits) - but it is not something that + * application code should ever do. */ + vTaskYieldWithinAPI(); + } + else + { + ; + } + } + else + { + ; + } + } + vTaskExitCritical(); + vTaskEnterCritical(); + { + ; + ulReturn = xTaskGetCurrentTaskHandle()->ulNotifiedValue[ uxIndexToWait ]; + if( ulReturn != 0UL ) + { + if( xClearCountOnExit != ( ( BaseType_t ) 0 ) ) + { + xTaskGetCurrentTaskHandle()->ulNotifiedValue[ uxIndexToWait ] = 0UL; + } + else + { + xTaskGetCurrentTaskHandle()->ulNotifiedValue[ uxIndexToWait ] = ulReturn - ( uint32_t ) 1; + } + } + else + { + ; + } + xTaskGetCurrentTaskHandle()->ucNotifyState[ uxIndexToWait ] = ( ( uint8_t ) 0 ); + } + vTaskExitCritical(); + return ulReturn; + } +/*-----------------------------------------------------------*/ + BaseType_t xTaskGenericNotifyWait( UBaseType_t uxIndexToWait, + uint32_t ulBitsToClearOnEntry, + uint32_t ulBitsToClearOnExit, + uint32_t * pulNotificationValue, + TickType_t xTicksToWait ) + { + BaseType_t xReturn; + (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn(__func__, "tasks.c", 5737, "uxIndexToWait < 1") : (void)0); + vTaskEnterCritical(); + { + /* Only block if a notification is not already pending. */ + if( xTaskGetCurrentTaskHandle()->ucNotifyState[ uxIndexToWait ] != ( ( uint8_t ) 2 ) ) + { + /* Clear bits in the task's notification value as bits may get + * set by the notifying task or interrupt. This can be used to + * clear the value to zero. */ + xTaskGetCurrentTaskHandle()->ulNotifiedValue[ uxIndexToWait ] &= ~ulBitsToClearOnEntry; + /* Mark this task as waiting for a notification. */ + xTaskGetCurrentTaskHandle()->ucNotifyState[ uxIndexToWait ] = ( ( uint8_t ) 1 ); + if( xTicksToWait > ( TickType_t ) 0 ) + { + prvAddCurrentTaskToDelayedList( xTicksToWait, ( ( BaseType_t ) 1 ) ); + ; + /* All ports are written to allow a yield in a critical + * section (some will yield immediately, others wait until the + * critical section exits) - but it is not something that + * application code should ever do. */ + vTaskYieldWithinAPI(); + } + else + { + ; + } + } + else + { + ; + } + } + vTaskExitCritical(); + vTaskEnterCritical(); + { + ; + if( pulNotificationValue != ((void*)0) ) + { + /* Output the current notification value, which may or may not + * have changed. */ + *pulNotificationValue = xTaskGetCurrentTaskHandle()->ulNotifiedValue[ uxIndexToWait ]; + } + /* If ucNotifyValue is set then either the task never entered the + * blocked state (because a notification was already pending) or the + * task unblocked because of a notification. Otherwise the task + * unblocked because of a timeout. */ + if( xTaskGetCurrentTaskHandle()->ucNotifyState[ uxIndexToWait ] != ( ( uint8_t ) 2 ) ) + { + /* A notification was not received. */ + xReturn = ( ( BaseType_t ) 0 ); + } + else + { + /* A notification was already pending or a notification was + * received while the task was waiting. */ + xTaskGetCurrentTaskHandle()->ulNotifiedValue[ uxIndexToWait ] &= ~ulBitsToClearOnExit; + xReturn = ( ( BaseType_t ) 1 ); + } + xTaskGetCurrentTaskHandle()->ucNotifyState[ uxIndexToWait ] = ( ( uint8_t ) 0 ); + } + vTaskExitCritical(); + return xReturn; + } +/*-----------------------------------------------------------*/ + BaseType_t xTaskGenericNotify( TaskHandle_t xTaskToNotify, + UBaseType_t uxIndexToNotify, + uint32_t ulValue, + eNotifyAction eAction, + uint32_t * pulPreviousNotificationValue ) + { + TCB_t * pxTCB; + BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) ); + uint8_t ucOriginalNotifyState; + (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn(__func__, "tasks.c", 5825, "uxIndexToNotify < 1") : (void)0); + (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn(__func__, "tasks.c", 5826, "xTaskToNotify") : (void)0); + pxTCB = xTaskToNotify; + vTaskEnterCritical(); + { + if( pulPreviousNotificationValue != ((void*)0) ) + { + *pulPreviousNotificationValue = pxTCB->ulNotifiedValue[ uxIndexToNotify ]; + } + ucOriginalNotifyState = pxTCB->ucNotifyState[ uxIndexToNotify ]; + pxTCB->ucNotifyState[ uxIndexToNotify ] = ( ( uint8_t ) 2 ); + switch( eAction ) + { + case eSetBits: + pxTCB->ulNotifiedValue[ uxIndexToNotify ] |= ulValue; + break; + case eIncrement: + ( pxTCB->ulNotifiedValue[ uxIndexToNotify ] )++; + break; + case eSetValueWithOverwrite: + pxTCB->ulNotifiedValue[ uxIndexToNotify ] = ulValue; + break; + case eSetValueWithoutOverwrite: + if( ucOriginalNotifyState != ( ( uint8_t ) 2 ) ) + { + pxTCB->ulNotifiedValue[ uxIndexToNotify ] = ulValue; + } + else + { + /* The value could not be written to the task. */ + xReturn = ( ( ( BaseType_t ) 0 ) ); + } + break; + case eNoAction: + /* The task is being notified without its notify value being + * updated. */ + break; + default: + /* Should not get here if all enums are handled. + * Artificially force an assert by testing a value the + * compiler can't assume is const. */ + (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn(__func__, "tasks.c", 5879, "xTickCount == ( TickType_t ) 0") : (void)0); + break; + } + ; + /* If the task is in the blocked state specifically to wait for a + * notification then unblock it now. */ + if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) ) + { + ( void ) uxListRemove( &( pxTCB->xStateListItem ) ); + ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ; + /* The task should not have been on an event list. */ + (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0)), 0) ? __assert_rtn(__func__, "tasks.c", 5894, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0)") : (void)0); + { + prvYieldForTask( pxTCB, ( ( BaseType_t ) 0 ) ); + } + } + else + { + ; + } + } + vTaskExitCritical(); + return xReturn; + } +/*-----------------------------------------------------------*/ + BaseType_t xTaskGenericNotifyFromISR( TaskHandle_t xTaskToNotify, + UBaseType_t uxIndexToNotify, + uint32_t ulValue, + eNotifyAction eAction, + uint32_t * pulPreviousNotificationValue, + BaseType_t * pxHigherPriorityTaskWoken ) + { + TCB_t * pxTCB; + uint8_t ucOriginalNotifyState; + BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) ); + UBaseType_t uxSavedInterruptStatus; + (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn(__func__, "tasks.c", 5945, "xTaskToNotify") : (void)0); + (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn(__func__, "tasks.c", 5946, "uxIndexToNotify < 1") : (void)0); + /* RTOS ports that support interrupt nesting have the concept of a + * maximum system call (or maximum API call) interrupt priority. + * Interrupts that are above the maximum system call priority are keep + * permanently enabled, even when the RTOS kernel is in a critical section, + * but cannot make any calls to FreeRTOS API functions. If configASSERT() + * is defined in FreeRTOSConfig.h then + * portASSERT_IF_INTERRUPT_PRIORITY_INVALID() will result in an assertion + * failure if a FreeRTOS API function is called from an interrupt that has + * been assigned a priority above the configured maximum system call + * priority. Only FreeRTOS functions that end in FromISR can be called + * from interrupts that have been assigned a priority at or (logically) + * below the maximum system call interrupt priority. FreeRTOS maintains a + * separate interrupt safe API to ensure interrupt entry is as fast and as + * simple as possible. More information (albeit Cortex-M specific) is + * provided on the following link: + * https://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html */ + ; + pxTCB = xTaskToNotify; + uxSavedInterruptStatus = ({ uint32_t ulStateISR = ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;}); vTaskEnterCritical(); ulStateISR; }); + { + if( pulPreviousNotificationValue != ((void*)0) ) + { + *pulPreviousNotificationValue = pxTCB->ulNotifiedValue[ uxIndexToNotify ]; + } + ucOriginalNotifyState = pxTCB->ucNotifyState[ uxIndexToNotify ]; + pxTCB->ucNotifyState[ uxIndexToNotify ] = ( ( uint8_t ) 2 ); + switch( eAction ) + { + case eSetBits: + pxTCB->ulNotifiedValue[ uxIndexToNotify ] |= ulValue; + break; + case eIncrement: + ( pxTCB->ulNotifiedValue[ uxIndexToNotify ] )++; + break; + case eSetValueWithOverwrite: + pxTCB->ulNotifiedValue[ uxIndexToNotify ] = ulValue; + break; + case eSetValueWithoutOverwrite: + if( ucOriginalNotifyState != ( ( uint8_t ) 2 ) ) + { + pxTCB->ulNotifiedValue[ uxIndexToNotify ] = ulValue; + } + else + { + /* The value could not be written to the task. */ + xReturn = ( ( ( BaseType_t ) 0 ) ); + } + break; + case eNoAction: + /* The task is being notified without its notify value being + * updated. */ + break; + default: + /* Should not get here if all enums are handled. + * Artificially force an assert by testing a value the + * compiler can't assume is const. */ + (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn(__func__, "tasks.c", 6017, "xTickCount == ( TickType_t ) 0") : (void)0); + break; + } + ; + /* If the task is in the blocked state specifically to wait for a + * notification then unblock it now. */ + if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) ) + { + /* The task should not have been on an event list. */ + (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0)), 0) ? __assert_rtn(__func__, "tasks.c", 6028, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0)") : (void)0); + if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) ) + { + ( void ) uxListRemove( &( pxTCB->xStateListItem ) ); + ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ; + } + else + { + /* The delayed and ready lists cannot be accessed, so hold + * this task pending until the scheduler is resumed. */ + vListInsertEnd( &( xPendingReadyList ), &( pxTCB->xEventListItem ) ); + } + prvYieldForTask( pxTCB, ( ( BaseType_t ) 0 ) ); + if( xYieldPendings[ 0 ] == ( ( BaseType_t ) 1 ) ) + { + if( pxHigherPriorityTaskWoken != ((void*)0) ) + { + *pxHigherPriorityTaskWoken = ( ( BaseType_t ) 1 ); + } + } + } + } + do { vTaskExitCritical(); __asm volatile ("msr PRIMASK,%0"::"r" (uxSavedInterruptStatus) : ); } while (0); + return xReturn; + } +/*-----------------------------------------------------------*/ + void vTaskGenericNotifyGiveFromISR( TaskHandle_t xTaskToNotify, + UBaseType_t uxIndexToNotify, + BaseType_t * pxHigherPriorityTaskWoken ) + { + TCB_t * pxTCB; + uint8_t ucOriginalNotifyState; + UBaseType_t uxSavedInterruptStatus; + (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn(__func__, "tasks.c", 6073, "xTaskToNotify") : (void)0); + (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn(__func__, "tasks.c", 6074, "uxIndexToNotify < 1") : (void)0); + /* RTOS ports that support interrupt nesting have the concept of a + * maximum system call (or maximum API call) interrupt priority. + * Interrupts that are above the maximum system call priority are keep + * permanently enabled, even when the RTOS kernel is in a critical section, + * but cannot make any calls to FreeRTOS API functions. If configASSERT() + * is defined in FreeRTOSConfig.h then + * portASSERT_IF_INTERRUPT_PRIORITY_INVALID() will result in an assertion + * failure if a FreeRTOS API function is called from an interrupt that has + * been assigned a priority above the configured maximum system call + * priority. Only FreeRTOS functions that end in FromISR can be called + * from interrupts that have been assigned a priority at or (logically) + * below the maximum system call interrupt priority. FreeRTOS maintains a + * separate interrupt safe API to ensure interrupt entry is as fast and as + * simple as possible. More information (albeit Cortex-M specific) is + * provided on the following link: + * https://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html */ + ; + pxTCB = xTaskToNotify; + uxSavedInterruptStatus = ({ uint32_t ulStateISR = ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;}); vTaskEnterCritical(); ulStateISR; }); + { + ucOriginalNotifyState = pxTCB->ucNotifyState[ uxIndexToNotify ]; + pxTCB->ucNotifyState[ uxIndexToNotify ] = ( ( uint8_t ) 2 ); + /* 'Giving' is equivalent to incrementing a count in a counting + * semaphore. */ + ( pxTCB->ulNotifiedValue[ uxIndexToNotify ] )++; + ; + /* If the task is in the blocked state specifically to wait for a + * notification then unblock it now. */ + if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) ) + { + /* The task should not have been on an event list. */ + (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0)), 0) ? __assert_rtn(__func__, "tasks.c", 6112, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0)") : (void)0); + if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) ) + { + ( void ) uxListRemove( &( pxTCB->xStateListItem ) ); + ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ; + } + else + { + /* The delayed and ready lists cannot be accessed, so hold + * this task pending until the scheduler is resumed. */ + vListInsertEnd( &( xPendingReadyList ), &( pxTCB->xEventListItem ) ); + } + prvYieldForTask( pxTCB, ( ( BaseType_t ) 0 ) ); + if( xYieldPendings[ 0 ] == ( ( BaseType_t ) 1 ) ) + { + if( pxHigherPriorityTaskWoken != ((void*)0) ) + { + *pxHigherPriorityTaskWoken = ( ( BaseType_t ) 1 ); + } + } + } + } + do { vTaskExitCritical(); __asm volatile ("msr PRIMASK,%0"::"r" (uxSavedInterruptStatus) : ); } while (0); + } +/*-----------------------------------------------------------*/ + BaseType_t xTaskGenericNotifyStateClear( TaskHandle_t xTask, + UBaseType_t uxIndexToClear ) + { + TCB_t * pxTCB; + BaseType_t xReturn; + (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn(__func__, "tasks.c", 6153, "uxIndexToClear < 1") : (void)0); + /* If null is passed in here then it is the calling task that is having + * its notification state cleared. */ + pxTCB = ( ( ( xTask ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTask ) ); + vTaskEnterCritical(); + { + if( pxTCB->ucNotifyState[ uxIndexToClear ] == ( ( uint8_t ) 2 ) ) + { + pxTCB->ucNotifyState[ uxIndexToClear ] = ( ( uint8_t ) 0 ); + xReturn = ( ( ( BaseType_t ) 1 ) ); + } + else + { + xReturn = ( ( ( BaseType_t ) 0 ) ); + } + } + vTaskExitCritical(); + return xReturn; + } +/*-----------------------------------------------------------*/ + uint32_t ulTaskGenericNotifyValueClear( TaskHandle_t xTask, + UBaseType_t uxIndexToClear, + uint32_t ulBitsToClear ) + { + TCB_t * pxTCB; + uint32_t ulReturn; + /* If null is passed in here then it is the calling task that is having + * its notification state cleared. */ + pxTCB = ( ( ( xTask ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTask ) ); + vTaskEnterCritical(); + { + /* Return the notification as it was before the bits were cleared, + * then clear the bit mask. */ + ulReturn = pxTCB->ulNotifiedValue[ uxIndexToClear ]; + pxTCB->ulNotifiedValue[ uxIndexToClear ] &= ~ulBitsToClear; + } + vTaskExitCritical(); + return ulReturn; + } +/*-----------------------------------------------------------*/ +/*-----------------------------------------------------------*/ +static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait, + const BaseType_t xCanBlockIndefinitely ) +{ + TickType_t xTimeToWake; + const TickType_t xConstTickCount = xTickCount; + { + /* About to enter a delayed list, so ensure the ucDelayAborted flag is + * reset to pdFALSE so it can be detected as having been set to pdTRUE + * when the task leaves the Blocked state. */ + xTaskGetCurrentTaskHandle()->ucDelayAborted = ( ( BaseType_t ) 0 ); + } + /* Remove the task from the ready list before adding it to the blocked list + * as the same list item is used for both lists. */ + if( uxListRemove( &( xTaskGetCurrentTaskHandle()->xStateListItem ) ) == ( UBaseType_t ) 0 ) + { + /* The current task must be in a ready list, so there is no need to + * check, and the port reset macro can be called directly. */ + ; /*lint !e931 pxCurrentTCB cannot change as it is the calling task. pxCurrentTCB->uxPriority and uxTopReadyPriority cannot change as called with scheduler suspended or in a critical section. */ + } + else + { + ; + } + { + if( ( xTicksToWait == ( TickType_t ) 0xffffffffUL ) && ( xCanBlockIndefinitely != ( ( BaseType_t ) 0 ) ) ) + { + /* Add the task to the suspended task list instead of a delayed task + * list to ensure it is not woken by a timing event. It will block + * indefinitely. */ + vListInsertEnd( &xSuspendedTaskList, &( xTaskGetCurrentTaskHandle()->xStateListItem ) ); + } + else + { + /* Calculate the time at which the task should be woken if the event + * does not occur. This may overflow but this doesn't matter, the + * kernel will manage it correctly. */ + xTimeToWake = xConstTickCount + xTicksToWait; + /* The list item will be inserted in wake time order. */ + ( ( &( xTaskGetCurrentTaskHandle()->xStateListItem ) )->xItemValue = ( xTimeToWake ) ); + if( xTimeToWake < xConstTickCount ) + { + /* Wake time has overflowed. Place this item in the overflow + * list. */ + vListInsert( pxOverflowDelayedTaskList, &( xTaskGetCurrentTaskHandle()->xStateListItem ) ); + } + else + { + /* The wake time has not overflowed, so the current block list + * is used. */ + vListInsert( pxDelayedTaskList, &( xTaskGetCurrentTaskHandle()->xStateListItem ) ); + /* If the task entering the blocked state was placed at the + * head of the list of blocked tasks then xNextTaskUnblockTime + * needs to be updated too. */ + if( xTimeToWake < xNextTaskUnblockTime ) + { + xNextTaskUnblockTime = xTimeToWake; + } + else + { + ; + } + } + } + } +} +/* Code below here allows additional code to be inserted into this source file, + * especially where access to file scope functions and data is needed (for example + * when performing module tests). */ diff --git a/verification/verifast/start-vfide.sh b/verification/verifast/start-vfide--original.sh similarity index 100% rename from verification/verifast/start-vfide.sh rename to verification/verifast/start-vfide--original.sh diff --git a/verification/verifast/start-vfide--preprocessed.sh b/verification/verifast/start-vfide--preprocessed.sh new file mode 100755 index 00000000000..9b903eac3af --- /dev/null +++ b/verification/verifast/start-vfide--preprocessed.sh @@ -0,0 +1,14 @@ +# This script must be run from the directory in which it resides, +# i.e., `FreeRTOS-Kernel/verification/verifast`. + + + + +VFIDE="$1" +echo Path to vfide binary : "\'$VFIDE\'" + +PP_SCRIPT="custom_build_scripts_RP2040/preprocess_tasks_c.sh" +PP_TASK_C="preprocessed_files/tasks--pp.c" + + +$VFIDE $PP_TASK_C From cf9b1e9aae62c697f29d3076e77c40c8cd6d00f5 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 14 Oct 2022 15:22:57 -0400 Subject: [PATCH 026/289] Preprocessing script replaces comments out line/file pragmas. --- .../preprocess_tasks_c.sh | 36 +++++++++++++++---- .../verifast/start-vfide--preprocessed.sh | 13 +++++-- 2 files changed, 40 insertions(+), 9 deletions(-) diff --git a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh index eaf7fe8b616..c007259cc80 100755 --- a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh +++ b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh @@ -1,23 +1,45 @@ #!/bin/zsh ps -o comm= -p $$ -CURRENT_DIR=`pwd` -DEMO_DIR="../FreeRTOS/Demo/CORTEX_M0+_RP2040/" +PP_SCRIPT_WD=`pwd` +DEMO_DIR="$PP_SCRIPT_WD/../FreeRTOS/Demo/CORTEX_M0+_RP2040/" #LOG_DIR="`pwd`/build_logs" #BUILD_LOG="$LOG_DIR/build_log--`date +'%y_%m_%d--%H_%M'`.txt" TIMESTAMP=`date +'%y_%m_%d--%H_%M'` -LOG_PP_OUT_DIR="preprocessed_files" +LOG_PP_OUT_DIR="$PP_SCRIPT_WD/log_preprocessed_files" LOG_PP_TASK_C="$LOG_PP_OUT_DIR/tasks--pp--$TIMESTAMP.c" +LOG_PP_TASK_C_PRAGMA_COMMENTS="$LOG_PP_OUT_DIR/tasks--pp--pragma_comments--$TIMESTAMP.c" -PP_OUT_DIR="../preprocessed_files" +PP_OUT_DIR="$PP_SCRIPT_WD/../preprocessed_files" PP_TASK_C="$PP_OUT_DIR/tasks--pp.c" - +pwd mkdir $LOG_PP_OUT_DIR +# Relevant clang flags: +# -E +# -C +# -P : surpresses line/file pragmas + + +clang -E -C -DFREE_RTOS_KERNEL_SMP=1 -DLIB_FREERTOS_KERNEL=1 -DLIB_PICO_BIT_OPS=1 -DLIB_PICO_BIT_OPS_PICO=1 -DLIB_PICO_DIVIDER=1 -DLIB_PICO_DIVIDER_HARDWARE=1 -DLIB_PICO_DOUBLE=1 -DLIB_PICO_DOUBLE_PICO=1 -DLIB_PICO_FLOAT=1 -DLIB_PICO_FLOAT_PICO=1 -DLIB_PICO_INT64_OPS=1 -DLIB_PICO_INT64_OPS_PICO=1 -DLIB_PICO_MALLOC=1 -DLIB_PICO_MEM_OPS=1 -DLIB_PICO_MEM_OPS_PICO=1 -DLIB_PICO_MULTICORE=1 -DLIB_PICO_PLATFORM=1 -DLIB_PICO_PRINTF=1 -DLIB_PICO_PRINTF_PICO=1 -DLIB_PICO_RUNTIME=1 -DLIB_PICO_STANDARD_LINK=1 -DLIB_PICO_STDIO=1 -DLIB_PICO_STDIO_UART=1 -DLIB_PICO_STDLIB=1 -DLIB_PICO_SYNC=1 -DLIB_PICO_SYNC_CORE=1 -DLIB_PICO_SYNC_CRITICAL_SECTION=1 -DLIB_PICO_SYNC_MUTEX=1 -DLIB_PICO_SYNC_SEM=1 -DLIB_PICO_TIME=1 -DLIB_PICO_UTIL=1 -DPICO_BOARD=\"pico\" -DPICO_BUILD=1 -DPICO_CMAKE_BUILD_TYPE=\"Release\" -DPICO_COPY_TO_RAM=0 -DPICO_CXX_ENABLE_EXCEPTIONS=0 -DPICO_NO_FLASH=0 -DPICO_NO_HARDWARE=0 -DPICO_ON_DEVICE=1 -DPICO_STACK_SIZE=0x1000 -DPICO_TARGET_NAME=\"on_core_one\" -DPICO_USE_BLOCKED_RAM=0 -DmainRUN_FREE_RTOS_ON_CORE=1 -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_base/include -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base -I/Users/reitobia/programs/pico-sdk/src/boards/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_platform/include -I/Users/reitobia/programs/pico-sdk/src/rp2040/hardware_regs/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_base/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_clocks/include -I/Users/reitobia/programs/pico-sdk/src/rp2040/hardware_structs/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_claim/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_sync/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_gpio/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_irq/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_sync/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_time/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_timer/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_util/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_resets/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_pll/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_vreg/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_watchdog/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_xosc/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_exception/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_multicore/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_stdlib/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_uart/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_divider/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_runtime/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_printf/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_bootrom/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_bit_ops/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_divider/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_double/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_int64_ops/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_float/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_malloc/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/boot_stage2/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_binary_info/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_stdio/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_stdio_uart/include -c /Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c &>$LOG_PP_TASK_C + +echo Preprocessed output with pragmas written to: +echo $LOG_PP_TASK_C -clang -E -C -P -DFREE_RTOS_KERNEL_SMP=1 -DLIB_FREERTOS_KERNEL=1 -DLIB_PICO_BIT_OPS=1 -DLIB_PICO_BIT_OPS_PICO=1 -DLIB_PICO_DIVIDER=1 -DLIB_PICO_DIVIDER_HARDWARE=1 -DLIB_PICO_DOUBLE=1 -DLIB_PICO_DOUBLE_PICO=1 -DLIB_PICO_FLOAT=1 -DLIB_PICO_FLOAT_PICO=1 -DLIB_PICO_INT64_OPS=1 -DLIB_PICO_INT64_OPS_PICO=1 -DLIB_PICO_MALLOC=1 -DLIB_PICO_MEM_OPS=1 -DLIB_PICO_MEM_OPS_PICO=1 -DLIB_PICO_MULTICORE=1 -DLIB_PICO_PLATFORM=1 -DLIB_PICO_PRINTF=1 -DLIB_PICO_PRINTF_PICO=1 -DLIB_PICO_RUNTIME=1 -DLIB_PICO_STANDARD_LINK=1 -DLIB_PICO_STDIO=1 -DLIB_PICO_STDIO_UART=1 -DLIB_PICO_STDLIB=1 -DLIB_PICO_SYNC=1 -DLIB_PICO_SYNC_CORE=1 -DLIB_PICO_SYNC_CRITICAL_SECTION=1 -DLIB_PICO_SYNC_MUTEX=1 -DLIB_PICO_SYNC_SEM=1 -DLIB_PICO_TIME=1 -DLIB_PICO_UTIL=1 -DPICO_BOARD=\"pico\" -DPICO_BUILD=1 -DPICO_CMAKE_BUILD_TYPE=\"Release\" -DPICO_COPY_TO_RAM=0 -DPICO_CXX_ENABLE_EXCEPTIONS=0 -DPICO_NO_FLASH=0 -DPICO_NO_HARDWARE=0 -DPICO_ON_DEVICE=1 -DPICO_STACK_SIZE=0x1000 -DPICO_TARGET_NAME=\"on_core_one\" -DPICO_USE_BLOCKED_RAM=0 -DmainRUN_FREE_RTOS_ON_CORE=1 -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_base/include -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base -I/Users/reitobia/programs/pico-sdk/src/boards/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_platform/include -I/Users/reitobia/programs/pico-sdk/src/rp2040/hardware_regs/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_base/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_clocks/include -I/Users/reitobia/programs/pico-sdk/src/rp2040/hardware_structs/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_claim/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_sync/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_gpio/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_irq/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_sync/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_time/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_timer/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_util/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_resets/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_pll/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_vreg/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_watchdog/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_xosc/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_exception/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_multicore/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_stdlib/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_uart/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_divider/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_runtime/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_printf/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_bootrom/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_bit_ops/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_divider/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_double/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_int64_ops/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_float/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_malloc/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/boot_stage2/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_binary_info/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_stdio/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_stdio_uart/include -c /Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c &>$LOG_PP_TASK_C +ls $LOG_PP_OUT_DIR +echo +sed 's|^#|// &|g' $LOG_PP_TASK_C > $LOG_PP_TASK_C_PRAGMA_COMMENTS +echo +ls $LOG_PP_OUT_DIR +echo Preprocessed output with pragma comments written to: +echo $LOG_PP_TASK_C_PRAGMA_COMMENTS +pwd mkdir "$PP_OUT_DIR" -cp "$LOG_PP_TASK_C" "$PP_TASK_C" +echo Copying preprocessed `tasks.c` file with pragma comments +echo "$LOG_PP_TASK_C_PRAGMA_COMMENTS" +echo to +echo "$PP_TASK_C" +cp "$LOG_PP_TASK_C_PRAGMA_COMMENTS" "$PP_TASK_C" diff --git a/verification/verifast/start-vfide--preprocessed.sh b/verification/verifast/start-vfide--preprocessed.sh index 9b903eac3af..2b1f972c57e 100755 --- a/verification/verifast/start-vfide--preprocessed.sh +++ b/verification/verifast/start-vfide--preprocessed.sh @@ -7,8 +7,17 @@ VFIDE="$1" echo Path to vfide binary : "\'$VFIDE\'" -PP_SCRIPT="custom_build_scripts_RP2040/preprocess_tasks_c.sh" -PP_TASK_C="preprocessed_files/tasks--pp.c" +START_WD=`pwd` +PP_SCRIPT_DIR="$START_WD/custom_build_scripts_RP2040" +PP_SCRIPT="./preprocess_tasks_c.sh" +PP_TASK_C="$START_WD/preprocessed_files/tasks--pp.c" +cd "$PP_SCRIPT_DIR" +pwd +ls +"$PP_SCRIPT" +cd "$START_WD" + +echo "\n\nPreprocessing script finished\n\n" $VFIDE $PP_TASK_C From 95440b41be21ec588852dba488e4d0565e11fd18 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 14 Oct 2022 15:25:17 -0400 Subject: [PATCH 027/289] Added preprocessing log directory to .gitignore. --- verification/verifast/.gitignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 verification/verifast/.gitignore diff --git a/verification/verifast/.gitignore b/verification/verifast/.gitignore new file mode 100644 index 00000000000..1c0ce748b40 --- /dev/null +++ b/verification/verifast/.gitignore @@ -0,0 +1 @@ +custom_build_scripts_RP2040/log_preprocessed_files From 8ca47345d451f6a4ce68c81c2093568ec693531b Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 14 Oct 2022 16:19:50 -0400 Subject: [PATCH 028/289] Added script to rewrite preprocessed source file into a format VeriFast understands. --- .../preprocess_tasks_c.sh | 24 +- .../custom_build_scripts_RP2040/vf_rewrite.sh | 12 + .../verifast/preprocessed_files/tasks--pp.c | 4304 ++++++++++++++++- 3 files changed, 4313 insertions(+), 27 deletions(-) create mode 100755 verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh diff --git a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh index c007259cc80..1e840c7b008 100755 --- a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh +++ b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh @@ -10,6 +10,8 @@ LOG_PP_OUT_DIR="$PP_SCRIPT_WD/log_preprocessed_files" LOG_PP_TASK_C="$LOG_PP_OUT_DIR/tasks--pp--$TIMESTAMP.c" LOG_PP_TASK_C_PRAGMA_COMMENTS="$LOG_PP_OUT_DIR/tasks--pp--pragma_comments--$TIMESTAMP.c" +LOG_VF_RW_TASK_C="$LOG_PP_OUT_DIR/tasks--vf_rw--$TIMESTAMP.c" + PP_OUT_DIR="$PP_SCRIPT_WD/../preprocessed_files" PP_TASK_C="$PP_OUT_DIR/tasks--pp.c" @@ -24,22 +26,26 @@ mkdir $LOG_PP_OUT_DIR clang -E -C -DFREE_RTOS_KERNEL_SMP=1 -DLIB_FREERTOS_KERNEL=1 -DLIB_PICO_BIT_OPS=1 -DLIB_PICO_BIT_OPS_PICO=1 -DLIB_PICO_DIVIDER=1 -DLIB_PICO_DIVIDER_HARDWARE=1 -DLIB_PICO_DOUBLE=1 -DLIB_PICO_DOUBLE_PICO=1 -DLIB_PICO_FLOAT=1 -DLIB_PICO_FLOAT_PICO=1 -DLIB_PICO_INT64_OPS=1 -DLIB_PICO_INT64_OPS_PICO=1 -DLIB_PICO_MALLOC=1 -DLIB_PICO_MEM_OPS=1 -DLIB_PICO_MEM_OPS_PICO=1 -DLIB_PICO_MULTICORE=1 -DLIB_PICO_PLATFORM=1 -DLIB_PICO_PRINTF=1 -DLIB_PICO_PRINTF_PICO=1 -DLIB_PICO_RUNTIME=1 -DLIB_PICO_STANDARD_LINK=1 -DLIB_PICO_STDIO=1 -DLIB_PICO_STDIO_UART=1 -DLIB_PICO_STDLIB=1 -DLIB_PICO_SYNC=1 -DLIB_PICO_SYNC_CORE=1 -DLIB_PICO_SYNC_CRITICAL_SECTION=1 -DLIB_PICO_SYNC_MUTEX=1 -DLIB_PICO_SYNC_SEM=1 -DLIB_PICO_TIME=1 -DLIB_PICO_UTIL=1 -DPICO_BOARD=\"pico\" -DPICO_BUILD=1 -DPICO_CMAKE_BUILD_TYPE=\"Release\" -DPICO_COPY_TO_RAM=0 -DPICO_CXX_ENABLE_EXCEPTIONS=0 -DPICO_NO_FLASH=0 -DPICO_NO_HARDWARE=0 -DPICO_ON_DEVICE=1 -DPICO_STACK_SIZE=0x1000 -DPICO_TARGET_NAME=\"on_core_one\" -DPICO_USE_BLOCKED_RAM=0 -DmainRUN_FREE_RTOS_ON_CORE=1 -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_base/include -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base -I/Users/reitobia/programs/pico-sdk/src/boards/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_platform/include -I/Users/reitobia/programs/pico-sdk/src/rp2040/hardware_regs/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_base/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_clocks/include -I/Users/reitobia/programs/pico-sdk/src/rp2040/hardware_structs/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_claim/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_sync/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_gpio/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_irq/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_sync/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_time/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_timer/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_util/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_resets/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_pll/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_vreg/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_watchdog/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_xosc/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_exception/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_multicore/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_stdlib/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_uart/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_divider/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_runtime/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_printf/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_bootrom/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_bit_ops/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_divider/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_double/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_int64_ops/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_float/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_malloc/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/boot_stage2/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_binary_info/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_stdio/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_stdio_uart/include -c /Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c &>$LOG_PP_TASK_C -echo Preprocessed output with pragmas written to: +echo "\n\nPreprocessed output with pragmas written to:" echo $LOG_PP_TASK_C -ls $LOG_PP_OUT_DIR -echo + sed 's|^#|// &|g' $LOG_PP_TASK_C > $LOG_PP_TASK_C_PRAGMA_COMMENTS -echo -ls $LOG_PP_OUT_DIR -echo Preprocessed output with pragma comments written to: +echo "\n\nPreprocessed output with pragma comments written to:" echo $LOG_PP_TASK_C_PRAGMA_COMMENTS + +echo "\n\nApplying VeriFast rewrites. Result written to:" +echo $LOG_VF_RW_TASK_C +cp "$LOG_PP_TASK_C_PRAGMA_COMMENTS" "$LOG_VF_RW_TASK_C" +./vf_rewrite.sh "$LOG_VF_RW_TASK_C" + + pwd mkdir "$PP_OUT_DIR" -echo Copying preprocessed `tasks.c` file with pragma comments -echo "$LOG_PP_TASK_C_PRAGMA_COMMENTS" +echo "\n\nCopying preprocessed tasks.c file with pragma comments and VF rewrites" +echo "$LOG_VF_RW_TASK_C" echo to echo "$PP_TASK_C" -cp "$LOG_PP_TASK_C_PRAGMA_COMMENTS" "$PP_TASK_C" +cp "$LOG_VF_RW_TASK_C" "$PP_TASK_C" diff --git a/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh b/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh new file mode 100755 index 00000000000..220ab4d9df9 --- /dev/null +++ b/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh @@ -0,0 +1,12 @@ +ps -o comm= -p $$ + +VF_RW_WD=`pwd` +SOURCE_FILE="$1" +BACKUP_IDX=0 + +echo "VF RW: 'long unsigned int' -> 'unsinged long int'" +echo "backup : $VF_RW_WD/$SOURCE_FILE.backup-$BACKUP_IDX" +echo backup index $BACKUP_IDX +sed -i."backup-$BACKUP_IDX" 's|long unsigned int|unsigned long int|g' $SOURCE_FILE +((BACKUP_IDX=BACKUP_IDX+1)) +echo backup index $BACKUP_IDX diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c index f4e28f0ea96..00ecbd4a724 100644 --- a/verification/verifast/preprocessed_files/tasks--pp.c +++ b/verification/verifast/preprocessed_files/tasks--pp.c @@ -1,3 +1,10 @@ +// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c" +// # 1 "" 1 +// # 1 "" 3 +// # 400 "" 3 +// # 1 "" 1 +// # 1 "" 2 +// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c" 2 /* * FreeRTOS Kernel V10.4.3 * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. @@ -23,7 +30,9 @@ * https://github.com/FreeRTOS * */ + /* Standard includes. */ +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 1 3 4 /* * Copyright (c) 2000, 2002 - 2008 Apple Inc. All rights reserved. * @@ -80,6 +89,11 @@ * * @(#)stdlib.h 8.5 (Berkeley) 5/19/95 */ + + + + +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/Availability.h" 1 3 4 /* * Copyright (c) 2007-2016 by Apple Inc.. All rights reserved. * @@ -102,6 +116,9 @@ * * @APPLE_LICENSE_HEADER_END@ */ + + + /* These macros are for use in OS header files. They enable function prototypes and Objective-C methods to be tagged with the OS version in which they @@ -194,6 +211,7 @@ */ + /* * __API_TO_BE_DEPRECATED is used as a version number in API that will be deprecated * in an upcoming release. This soft deprecation is an intermediate step before formal @@ -205,6 +223,12 @@ * (iOS) * clang -D__API_TO_BE_DEPRECATED=11.0 */ + + + + + +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/AvailabilityVersions.h" 1 3 4 /* * Copyright (c) 2019 by Apple Inc.. All rights reserved. * @@ -227,11 +251,16 @@ * * @APPLE_LICENSE_HEADER_END@ */ +// # 70 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/AvailabilityVersions.h" 3 4 /* __MAC_NA is not defined to a value but is used as a token by macros to indicate that the API is unavailable */ +// # 132 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/AvailabilityVersions.h" 3 4 /* __IPHONE_NA is not defined to a value but is used as a token by macros to indicate that the API is unavailable */ +// # 200 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/AvailabilityVersions.h" 3 4 /* * Set up standard Mac OS X versions */ +// # 136 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/Availability.h" 2 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/AvailabilityInternal.h" 1 3 4 /* * Copyright (c) 2007-2016 by Apple Inc.. All rights reserved. * @@ -254,20 +283,26 @@ * * @APPLE_LICENSE_HEADER_END@ */ + /* File: AvailabilityInternal.h Contains: implementation details of __OSX_AVAILABLE_* macros from */ +// # 39 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/AvailabilityInternal.h" 3 4 /* compiler for Mac OS X sets __ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ */ +// # 91 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/AvailabilityInternal.h" 3 4 /* make sure a default max version is set */ +// # 2921 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/AvailabilityInternal.h" 3 4 /* use better attributes if possible */ +// # 4435 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/AvailabilityInternal.h" 3 4 /* Macros for defining which versions/platform a given symbol can be used. @see http://clang.llvm.org/docs/AttributeReference.html#availability */ +// # 4566 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/AvailabilityInternal.h" 3 4 /* * API Unavailability * Use to specify that an API is unavailable for a particular platform. @@ -276,6 +311,7 @@ * __API_UNAVAILABLE(macos) * __API_UNAVAILABLE(watchos, tvos) */ +// # 4647 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/AvailabilityInternal.h" 3 4 /* * Swift compiler version * Allows for project-agnostic "epochs" for frameworks imported into Swift via the Clang importer, like #if _compiler_version for Swift @@ -287,15 +323,24 @@ * - (NSString *)description; * #endif */ +// # 4667 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/AvailabilityInternal.h" 3 4 /* * If __SPI_AVAILABLE has not been defined elsewhere, disable it. */ +// # 137 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/Availability.h" 2 3 4 +// # 213 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/Availability.h" 3 4 /* for use to document app extension usage */ +// # 231 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/Availability.h" 3 4 /* for use marking APIs available info for Mac OSX */ +// # 253 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/Availability.h" 3 4 /* for use marking APIs available info for iOS */ +// # 280 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/Availability.h" 3 4 /* for use marking APIs available info for tvOS */ +// # 307 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/Availability.h" 3 4 /* for use marking APIs available info for Watch OS */ +// # 334 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/Availability.h" 3 4 /* for use marking APIs unavailable for swift */ +// # 350 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/Availability.h" 3 4 /* Macros for defining which versions/platform a given symbol can be used. @@ -309,6 +354,10 @@ * -mwatchos-version-min * -mtvos-version-min */ + + + + /* * API Introductions * @@ -323,6 +372,11 @@ * __API_AVAILABLE(macos(10.4), ios(8.0), watchos(2.0), tvos(10.0)) * __API_AVAILABLE(driverkit(19.0)) */ + + + + + /* * API Deprecations * @@ -339,6 +393,7 @@ * __API_DEPRECATED_WITH_REPLACEMENT("-setName:", tvos(10.0, 10.4), ios(9.0, 10.0)) * __API_DEPRECATED_WITH_REPLACEMENT("SomeClassName", macos(10.4, 10.6), watchos(2.0, 3.0)) */ +// # 411 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/Availability.h" 3 4 /* * API Unavailability * Use to specify that an API is unavailable for a particular platform. @@ -347,9 +402,12 @@ * __API_UNAVAILABLE(macos) * __API_UNAVAILABLE(watchos, tvos) */ +// # 466 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/Availability.h" 3 4 /* * If SPI decorations have not been defined elsewhere, disable them. */ +// # 62 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 2 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 1 3 4 /* * Copyright (c) 2000-2018 Apple Inc. All rights reserved. * @@ -415,12 +473,18 @@ * * @(#)cdefs.h 8.8 (Berkeley) 1/9/95 */ +// # 78 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4 /* This SDK is designed to work with clang and specific versions of * gcc >= 4.0 with Apple's patch sets */ + + + + /* * Compatibility with compilers and environments that don't support compiler * feature checking function-like macros. */ +// # 104 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4 /* * The __CONCAT macro is used to concatenate parts of symbol names, e.g. * with "#define OLD(foo) __CONCAT(old,foo)", OLD(foo) produces oldfoo. @@ -428,6 +492,7 @@ * in between its arguments. __CONCAT can also concatenate double-quoted * strings produced by the __STRING macro, but this only works with ANSI C. */ +// # 155 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4 /* * __pure2 can be used for functions that are only a function of their scalar * arguments (meaning they can't dereference pointers). @@ -435,20 +500,38 @@ * __stateful_pure can be used for functions that have no side effects, * but depend on the state of the memory. */ + + + + /* __unused denotes variables and functions that may not be used, preventing * the compiler from warning about it if not used. */ + + /* __used forces variables and functions to be included even if it appears * to the compiler that they are not used (and would thust be discarded). */ + + /* __cold marks code used for debugging or that is rarely taken * and tells the compiler to optimize for size and outline code. */ + + + + + + /* __exported denotes symbols that should be exported even when symbols * are hidden by default. * __exported_push/_exported_pop are pragmas used to delimit a range of * symbols that should be exported even when symbols are hidden by default. */ + + + + /* __deprecated causes the compiler to produce a warning when encountering * code using the deprecated functionality. * __deprecated_msg() does the same, and compilers that support it will print @@ -459,41 +542,83 @@ * __kpi_deprecated() specifically indicates deprecation of kernel programming * interfaces in Kernel.framework used by KEXTs. */ +// # 221 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4 /* __unavailable causes the compiler to error out when encountering * code using the tagged function */ +// # 234 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4 /* Delete pseudo-keywords wherever they are not available or needed. */ + + + + + /* * We use `__restrict' as a way to define the `restrict' type qualifier * without disturbing older software that is unaware of C99 keywords. */ + + + + + + /* Compatibility with compilers and environments that don't support the * nullability feature. */ +// # 275 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4 /* * __disable_tail_calls causes the compiler to not perform tail call * optimization inside the marked function. */ + + + + + + /* * __not_tail_called causes the compiler to prevent tail call optimization * on statically bound calls to the function. It has no effect on indirect * calls. Virtual functions, objective-c methods, and functions marked as * "always_inline" cannot be marked as __not_tail_called. */ + + + + + + /* * __result_use_check warns callers of a function that not using the function * return value is a bug, i.e. dismissing malloc() return value results in a * memory leak. */ + + + + + + /* * __swift_unavailable causes the compiler to mark a symbol as specifically * unavailable in Swift, regardless of any other availability in C. */ + + + + + + /* * __abortlike is the attribute to put on functions like abort() that are * typically used to mark assertions. These optimize the codegen * for outlining while still maintaining debugability. */ + + + + /* Declaring inline functions within headers is error-prone due to differences * across various versions of the C language and extensions. __header_inline * can be used to declare inline functions within system headers. In cases @@ -509,10 +634,12 @@ * support c99 inline in some cases: * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55965 */ +// # 368 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4 /* * Compiler-dependent macros that bracket portions of code where the * "-Wunreachable-code" warning should be ignored. Please use sparingly. */ +// # 389 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4 /* * Compiler-dependent macros to declare that functions take printf-like * or scanf-like arguments. They are null except for versions of gcc @@ -521,7 +648,9 @@ * mismatch between the format string and subsequent function parameter * types. */ +// # 424 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4 /* Source compatibility only, ID string not emitted in object file */ +// # 441 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4 /* * __alloc_size can be used to label function arguments that represent the * size of memory that the function allocates and returns. The one-argument @@ -535,6 +664,7 @@ * * void *calloc(size_t __count, size_t __size) __alloc_size(1,2); */ +// # 462 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4 /* * COMPILATION ENVIRONMENTS -- see compat(5) for additional detail * @@ -571,8 +701,10 @@ * compiler flags to their projects to be warned when a function is being * used without a prototype in scope. */ + /* These settings are particular to each product. */ /* Platform: MacOSX */ +// # 515 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4 /* * The __DARWIN_ALIAS macros are used to do symbol renaming; they allow * legacy code to use the old symbol, thus maintaining binary compatibility @@ -591,15 +723,19 @@ * pre-10.5, and it is the default compilation environment, revert the * compilation environment to pre-__DARWIN_UNIX03. */ +// # 593 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4 /* * symbol suffixes used for symbol versioning */ +// # 638 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4 /* * symbol versioning macros */ +// # 656 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4 /* * symbol release macros */ +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_symbol_aliasing.h" 1 3 4 /* Copyright (c) 2010 Apple Inc. All rights reserved. * * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ @@ -626,6 +762,8 @@ * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ +// # 660 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 2 3 4 +// # 670 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4 /* * POSIX.1 requires that the macros we test be defined before any standard * header file is included. This permits us to convert values for feature @@ -645,14 +783,31 @@ * Specification, defines a feature-test macro which indicates the version of * that specification, and which subsumes _POSIX_C_SOURCE. */ + /* Deal with IEEE Std. 1003.1-1990, in which _POSIX_C_SOURCE == 1L. */ + + + + + /* Deal with IEEE Std. 1003.2-1992, in which _POSIX_C_SOURCE == 2L. */ + + + + + /* Deal with various X/Open Portability Guides and Single UNIX Spec. */ +// # 716 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4 /* * Deal with all versions of POSIX. The ordering relative to the tests above is * important. */ + + + + /* POSIX C deprecation macros */ +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_posix_availability.h" 1 3 4 /* Copyright (c) 2010 Apple Inc. All rights reserved. * * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ @@ -679,61 +834,116 @@ * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ +// # 726 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 2 3 4 + + + /* * Set a single macro which will always be defined and can be used to determine * the appropriate namespace. For POSIX, these values will correspond to * _POSIX_C_SOURCE value. Currently there are two additional levels corresponding * to ANSI (_ANSI_SOURCE) and Darwin extensions (_DARWIN_C_SOURCE) */ +// # 746 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4 /* If the developer has neither requested a strict language mode nor a version * of POSIX, turn on functionality provided by __STDC_WANT_LIB_EXT1__ as part * of __DARWIN_C_FULL. */ + + + + /* * long long is not supported in c89 (__STRICT_ANSI__), but g++ -ansi and * c99 still want long longs. While not perfect, we allow long longs for * g++. */ + + + + + + /***************************************** * Public darwin-specific feature macros *****************************************/ + /* * _DARWIN_FEATURE_64_BIT_INODE indicates that the ino_t type is 64-bit, and * structures modified for 64-bit inodes (like struct stat) will be used. */ + + + + /* * _DARWIN_FEATURE_64_ONLY_BIT_INODE indicates that the ino_t type may only * be 64-bit; there is no support for 32-bit ino_t when this macro is defined * (and non-zero). There is no struct stat64 either, as the regular * struct stat will already be the 64-bit version. */ + + + + /* * _DARWIN_FEATURE_ONLY_VERS_1050 indicates that only those APIs updated * in 10.5 exists; no pre-10.5 variants are available. */ + + + + /* * _DARWIN_FEATURE_ONLY_UNIX_CONFORMANCE indicates only UNIX conforming API * are available (the legacy BSD APIs are not available) */ + + + + /* * _DARWIN_FEATURE_UNIX_CONFORMANCE indicates whether UNIX conformance is on, * and specifies the conformance level (3 is SUSv3) */ + + + + + /* * This macro casts away the qualifier from the variable * * Note: use at your own risk, removing qualifiers can result in * catastrophic run-time failures. */ + + + + /* * __XNU_PRIVATE_EXTERN is a linkage decoration indicating that a symbol can be * used from other compilation units, but not other libraries or executables. */ + + + + + + + /* * We intentionally define to nothing pointer attributes which do not have an * impact on the ABI. __indexable and __bidi_indexable are not defined because * of the ABI incompatibility that makes the diagnostic preferable. */ + + + + + + + /* * Similarly, we intentionally define to nothing the * __ptrcheck_abi_assume_single and __ptrcheck_abi_assume_unsafe_indexable @@ -741,18 +951,28 @@ * define the indexable and unsafe_indexable ones because the diagnostic is * better than the silent ABI break. */ + + + /* __unsafe_forge intrinsics are defined as regular C casts. */ + + + /* decay operates normally; attribute is meaningless without pointer checks. */ +// # 874 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4 /* * Architecture validation for current SDK */ +// # 903 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4 /* * Similar to OS_ENUM/OS_CLOSED_ENUM/OS_OPTIONS/OS_CLOSED_OPTIONS * * This provides more advanced type checking on compilers supporting * the proper extensions, even in C. */ +// # 63 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 2 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/_types.h" 1 3 4 /* * Copyright (c) 2004, 2008, 2009 Apple Inc. All rights reserved. * @@ -775,6 +995,11 @@ * * @APPLE_LICENSE_HEADER_END@ */ + + + + +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types.h" 1 3 4 /* * Copyright (c) 2003-2007 Apple Inc. All rights reserved. * @@ -802,6 +1027,12 @@ * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + + + + +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/machine/_types.h" 1 3 4 /* * Copyright (c) 2003-2007 Apple Inc. All rights reserved. * @@ -829,14 +1060,31 @@ * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + + + + + +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/_types.h" 1 3 4 /* * Copyright (c) 2000-2007 Apple Inc. All rights reserved. */ + + + + + /* * This header file contains integer types. It's intended to also contain * flotaing point and other arithmetic types, as needed, later. */ + + typedef signed char __int8_t; + + + typedef unsigned char __uint8_t; typedef short __int16_t; typedef unsigned short __uint16_t; @@ -844,8 +1092,10 @@ typedef int __int32_t; typedef unsigned int __uint32_t; typedef long long __int64_t; typedef unsigned long long __uint64_t; + typedef long __darwin_intptr_t; typedef unsigned int __darwin_natural_t; + /* * The rune type below is declared to be an ``int'' instead of the more natural * ``unsigned long'' or ``long''. Two things are happening here. It is not @@ -863,7 +1113,9 @@ typedef unsigned int __darwin_natural_t; * wchar_t, and should also be able to hold all members of the largest * character set plus one extra value (WEOF). wint_t must be at least 16 bits. */ + typedef int __darwin_ct_rune_t; /* ct_rune_t */ + /* * mbstate_t is an opaque object to keep conversion state, during multibyte * stream conversions. The content must not be referenced by user programs. @@ -872,23 +1124,56 @@ typedef union { char __mbstate8[128]; long long _mbstateL; /* for alignment */ } __mbstate_t; + typedef __mbstate_t __darwin_mbstate_t; /* mbstate_t */ + + typedef long int __darwin_ptrdiff_t; /* ptr1 - ptr2 */ -typedef long unsigned int __darwin_size_t; /* sizeof() */ + + + + + + + +typedef unsigned long int __darwin_size_t; /* sizeof() */ + + + + + typedef __builtin_va_list __darwin_va_list; /* va_list */ + + + + + typedef int __darwin_wchar_t; /* wchar_t */ + + + + typedef __darwin_wchar_t __darwin_rune_t; /* rune_t */ + + typedef int __darwin_wint_t; /* wint_t */ + + + + typedef unsigned long __darwin_clock_t; /* clock() */ typedef __uint32_t __darwin_socklen_t; /* socklen_t (duh) */ typedef long __darwin_ssize_t; /* byte count or error */ typedef long __darwin_time_t; /* time() */ +// # 35 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/machine/_types.h" 2 3 4 +// # 34 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types.h" 2 3 4 /* * Type definitions; takes common type definitions that must be used * in multiple header files due to [XSI], removes them from the system * space, and puts them in the implementation space. */ +// # 55 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types.h" 3 4 typedef __int64_t __darwin_blkcnt_t; /* total blocks */ typedef __int32_t __darwin_blksize_t; /* preferred block size */ typedef __int32_t __darwin_dev_t; /* dev_t */ @@ -897,7 +1182,11 @@ typedef unsigned int __darwin_fsfilcnt_t; /* Used by statvfs and fstatvfs */ typedef __uint32_t __darwin_gid_t; /* [???] process and group IDs */ typedef __uint32_t __darwin_id_t; /* [XSI] pid_t, uid_t, or gid_t*/ typedef __uint64_t __darwin_ino64_t; /* [???] Used for 64 bit inodes */ + typedef __darwin_ino64_t __darwin_ino_t; /* [???] Used for inodes */ + + + typedef __darwin_natural_t __darwin_mach_port_name_t; /* Used by mach */ typedef __darwin_mach_port_name_t __darwin_mach_port_t; /* Used by mach */ typedef __uint16_t __darwin_mode_t; /* [???] Some file attributes */ @@ -909,6 +1198,8 @@ typedef __uint32_t __darwin_uid_t; /* [???] user IDs */ typedef __uint32_t __darwin_useconds_t; /* [???] microseconds */ typedef unsigned char __darwin_uuid_t[16]; typedef char __darwin_uuid_string_t[37]; + +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_pthread/_pthread_types.h" 1 3 4 /* * Copyright (c) 2003-2013 Apple Inc. All rights reserved. * @@ -936,49 +1227,66 @@ typedef char __darwin_uuid_string_t[37]; * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + + + + + // pthread opaque structures +// # 57 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_pthread/_pthread_types.h" 3 4 struct __darwin_pthread_handler_rec { void (*__routine)(void *); // Routine to call void *__arg; // Argument to pass struct __darwin_pthread_handler_rec *__next; }; + struct _opaque_pthread_attr_t { long __sig; char __opaque[56]; }; + struct _opaque_pthread_cond_t { long __sig; char __opaque[40]; }; + struct _opaque_pthread_condattr_t { long __sig; char __opaque[8]; }; + struct _opaque_pthread_mutex_t { long __sig; char __opaque[56]; }; + struct _opaque_pthread_mutexattr_t { long __sig; char __opaque[8]; }; + struct _opaque_pthread_once_t { long __sig; char __opaque[8]; }; + struct _opaque_pthread_rwlock_t { long __sig; char __opaque[192]; }; + struct _opaque_pthread_rwlockattr_t { long __sig; char __opaque[16]; }; + struct _opaque_pthread_t { long __sig; struct __darwin_pthread_handler_rec *__cleanup_stack; char __opaque[8176]; }; + typedef struct _opaque_pthread_attr_t __darwin_pthread_attr_t; typedef struct _opaque_pthread_cond_t __darwin_pthread_cond_t; typedef struct _opaque_pthread_condattr_t __darwin_pthread_condattr_t; @@ -989,10 +1297,16 @@ typedef struct _opaque_pthread_once_t __darwin_pthread_once_t; typedef struct _opaque_pthread_rwlock_t __darwin_pthread_rwlock_t; typedef struct _opaque_pthread_rwlockattr_t __darwin_pthread_rwlockattr_t; typedef struct _opaque_pthread_t *__darwin_pthread_t; +// # 81 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types.h" 2 3 4 +// # 28 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/_types.h" 2 3 4 +// # 40 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/_types.h" 3 4 typedef int __darwin_nl_item; typedef int __darwin_wctrans_t; + typedef __uint32_t __darwin_wctype_t; +// # 65 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 2 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/wait.h" 1 3 4 /* * Copyright (c) 2000 Apple Computer, Inc. All rights reserved. * @@ -1055,10 +1369,18 @@ typedef __uint32_t __darwin_wctype_t; * * @(#)wait.h 8.2 (Berkeley) 7/10/94 */ + + + + + + + /* * This file holds definitions relevent to the wait4 system call * and the alternate interfaces that use it (wait, wait3, waitpid). */ + /* * [XSI] The type idtype_t shall be defined as an enumeration type whose * possible values shall include at least P_ALL, P_PID, and P_PGID. @@ -1068,10 +1390,12 @@ typedef enum { P_PID, P_PGID } idtype_t; + /* * [XSI] The id_t and pid_t types shall be defined as described * in */ +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_pid_t.h" 1 3 4 /* * Copyright (c) 2003-2012 Apple Inc. All rights reserved. * @@ -1099,7 +1423,12 @@ typedef enum { * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + + typedef __darwin_pid_t pid_t; +// # 90 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/wait.h" 2 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_id_t.h" 1 3 4 /* * Copyright (c) 2003-2012 Apple Inc. All rights reserved. * @@ -1127,7 +1456,11 @@ typedef __darwin_pid_t pid_t; * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + + typedef __darwin_id_t id_t; /* can hold pid_t, gid_t, or uid_t */ +// # 91 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/wait.h" 2 3 4 /* * [XSI] The siginfo_t type shall be defined as described in @@ -1146,6 +1479,7 @@ typedef __darwin_id_t id_t; /* can hold pid_t, gid_t, or uid_t */ * well, or in future releases your stware may not compile * without modification. */ +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 1 3 4 /* * Copyright (c) 2000-2006 Apple Computer, Inc. All rights reserved. * @@ -1213,6 +1547,12 @@ typedef __darwin_id_t id_t; /* can hold pid_t, gid_t, or uid_t */ * * @(#)signal.h 8.2 (Berkeley) 1/21/94 */ + + + + + +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/appleapiopts.h" 1 3 4 /* * Copyright (c) 2002 Apple Computer, Inc. All rights reserved. * @@ -1240,6 +1580,16 @@ typedef __darwin_id_t id_t; /* can hold pid_t, gid_t, or uid_t */ * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ +// # 74 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 2 3 4 + + + + + + + + +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/machine/signal.h" 1 3 4 /* * Copyright (c) 2000-2007 Apple Inc. All rights reserved. * @@ -1267,6 +1617,13 @@ typedef __darwin_id_t id_t; /* can hold pid_t, gid_t, or uid_t */ * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + + + + + +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/signal.h" 1 3 4 /* * Copyright (c) 2000-2009 Apple, Inc. All rights reserved. */ @@ -1274,12 +1631,18 @@ typedef __darwin_id_t id_t; /* can hold pid_t, gid_t, or uid_t */ * Copyright (c) 1992 NeXT Computer, Inc. * */ +// # 17 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/signal.h" 3 4 typedef int sig_atomic_t; +// # 35 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/machine/signal.h" 2 3 4 +// # 83 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 2 3 4 +// # 126 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 3 4 /* * Language spec sez we must list exactly one parameter, even though we * actually supply three. Ugh! * SIG_HOLD is chosen to avoid KERN_SIG_* values in */ +// # 146 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/machine/_mcontext.h" 1 3 4 /* * Copyright (c) 2003-2012 Apple Inc. All rights reserved. * @@ -1307,6 +1670,13 @@ typedef int sig_atomic_t; * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + + + + + +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/_mcontext.h" 1 3 4 /* * Copyright (c) 2003-2012 Apple Inc. All rights reserved. * @@ -1334,6 +1704,8 @@ typedef int sig_atomic_t; * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ +// # 36 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/_mcontext.h" 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/machine/_structs.h" 1 3 4 /* * Copyright (c) 2017 Apple Inc. All rights reserved. * @@ -1361,6 +1733,14 @@ typedef int sig_atomic_t; * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + + + + + + +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 1 3 4 /* * Copyright (c) 2004-2007 Apple Inc. All rights reserved. * @@ -1391,6 +1771,13 @@ typedef int sig_atomic_t; /* * @OSF_COPYRIGHT@ */ + + + + + + +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/machine/types.h" 1 3 4 /* * Copyright (c) 2000-2007 Apple Inc. All rights reserved. * @@ -1421,6 +1808,13 @@ typedef int sig_atomic_t; /* * Copyright 1995 NeXT Computer, Inc. All rights reserved. */ + + + + + + +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/types.h" 1 3 4 /* * Copyright (c) 2000-2008 Apple Inc. All rights reserved. */ @@ -1461,10 +1855,12 @@ typedef int sig_atomic_t; * * @(#)types.h 8.3 (Berkeley) 1/5/94 */ +// # 51 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/types.h" 3 4 /* * Basic integral types. Omit the typedef if * not possible for a machine/compiler combination. */ +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_int8_t.h" 1 3 4 /* * Copyright (c) 2012 Apple Inc. All rights reserved. * @@ -1492,7 +1888,11 @@ typedef int sig_atomic_t; * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + typedef signed char int8_t; +// # 56 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/types.h" 2 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_int16_t.h" 1 3 4 /* * Copyright (c) 2012 Apple Inc. All rights reserved. * @@ -1520,7 +1920,11 @@ typedef signed char int8_t; * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + typedef short int16_t; +// # 57 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/types.h" 2 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_int32_t.h" 1 3 4 /* * Copyright (c) 2012 Apple Inc. All rights reserved. * @@ -1548,7 +1952,11 @@ typedef short int16_t; * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + typedef int int32_t; +// # 58 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/types.h" 2 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_int64_t.h" 1 3 4 /* * Copyright (c) 2012 Apple Inc. All rights reserved. * @@ -1576,8 +1984,12 @@ typedef int int32_t; * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + typedef long long int64_t; +// # 59 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/types.h" 2 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_u_int8_t.h" 1 3 4 /* * Copyright (c) 2016 Apple Inc. All rights reserved. * @@ -1605,7 +2017,11 @@ typedef long long int64_t; * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + typedef unsigned char u_int8_t; +// # 61 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/types.h" 2 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_u_int16_t.h" 1 3 4 /* * Copyright (c) 2012 Apple Inc. All rights reserved. * @@ -1633,7 +2049,11 @@ typedef unsigned char u_int8_t; * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + typedef unsigned short u_int16_t; +// # 62 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/types.h" 2 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_u_int32_t.h" 1 3 4 /* * Copyright (c) 2012 Apple Inc. All rights reserved. * @@ -1661,7 +2081,11 @@ typedef unsigned short u_int16_t; * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + typedef unsigned int u_int32_t; +// # 63 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/types.h" 2 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_u_int64_t.h" 1 3 4 /* * Copyright (c) 2012 Apple Inc. All rights reserved. * @@ -1689,8 +2113,18 @@ typedef unsigned int u_int32_t; * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + typedef unsigned long long u_int64_t; +// # 64 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/types.h" 2 3 4 + + typedef int64_t register_t; + + + + +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_intptr_t.h" 1 3 4 /* * Copyright (c) 2003-2012 Apple Inc. All rights reserved. * @@ -1718,6 +2152,9 @@ typedef int64_t register_t; * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/machine/types.h" 1 3 4 /* * Copyright (c) 2000-2007 Apple Inc. All rights reserved. * @@ -1748,8 +2185,11 @@ typedef int64_t register_t; /* * Copyright 1995 NeXT Computer, Inc. All rights reserved. */ +// # 31 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_intptr_t.h" 2 3 4 typedef __darwin_intptr_t intptr_t; +// # 72 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/types.h" 2 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_uintptr_t.h" 1 3 4 /* * Copyright (c) 2003-2012 Apple Inc. All rights reserved. * @@ -1777,8 +2217,18 @@ typedef __darwin_intptr_t intptr_t; * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + + + + + typedef unsigned long uintptr_t; +// # 73 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/types.h" 2 3 4 + + /* These types are used for reserving the largest possible size. */ + typedef u_int64_t user_addr_t; typedef u_int64_t user_size_t; typedef int64_t user_ssize_t; @@ -1786,20 +2236,31 @@ typedef int64_t user_long_t; typedef u_int64_t user_ulong_t; typedef int64_t user_time_t; typedef int64_t user_off_t; +// # 100 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/types.h" 3 4 /* This defines the size of syscall arguments after copying into the kernel: */ + + + typedef u_int64_t syscall_arg_t; +// # 38 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/machine/types.h" 2 3 4 +// # 38 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 2 3 4 + + + struct __darwin_arm_exception_state { __uint32_t __exception; /* number of arm exception taken */ __uint32_t __fsr; /* Fault status */ __uint32_t __far; /* Virtual Fault Address */ }; +// # 59 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4 struct __darwin_arm_exception_state64 { __uint64_t __far; /* Virtual Fault Address */ __uint32_t __esr; /* Exception syndrome */ __uint32_t __exception; /* number of arm exception taken */ }; +// # 77 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4 struct __darwin_arm_thread_state { __uint32_t __r[13]; /* General purpose register r0-r12 */ @@ -1808,12 +2269,14 @@ struct __darwin_arm_thread_state __uint32_t __pc; /* Program counter r15 */ __uint32_t __cpsr; /* Current program status register */ }; +// # 98 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4 /* * By default, the pointer fields in the arm_thread_state64_t structure are * opaque on the arm64e architecture and require the use of accessor macros. * This mode can also be enabled on the arm64 architecture by building with * -D__DARWIN_OPAQUE_ARM_THREAD_STATE64=1. */ +// # 136 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4 struct __darwin_arm_thread_state64 { __uint64_t __x[29]; /* General purpose registers x0-x28 */ @@ -1824,43 +2287,74 @@ struct __darwin_arm_thread_state64 __uint32_t __cpsr; /* Current program status register */ __uint32_t __pad; /* Same size for 32-bit or 64-bit clients */ }; +// # 176 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4 /* Accessor macros for arm_thread_state64_t pointer fields */ +// # 355 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4 /* Return pc field of arm_thread_state64_t as a data pointer value */ + + /* Return pc field of arm_thread_state64_t as a function pointer */ + + /* Set pc field of arm_thread_state64_t to a function pointer */ + + /* Return lr field of arm_thread_state64_t as a data pointer value */ + + /* Return lr field of arm_thread_state64_t as a function pointer */ + + /* Set lr field of arm_thread_state64_t to a function pointer */ + + /* Return sp field of arm_thread_state64_t as a data pointer value */ + + /* Set sp field of arm_thread_state64_t to a data pointer value */ + + /* Return fp field of arm_thread_state64_t as a data pointer value */ + + /* Set fp field of arm_thread_state64_t to a data pointer value */ + + /* Strip ptr auth bits from pc, lr, sp and fp field of arm_thread_state64_t */ +// # 433 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4 struct __darwin_arm_vfp_state { __uint32_t __r[64]; __uint32_t __fpscr; }; +// # 452 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4 struct __darwin_arm_neon_state64 { __uint128_t __v[32]; __uint32_t __fpsr; __uint32_t __fpcr; }; + struct __darwin_arm_neon_state { __uint128_t __v[16]; __uint32_t __fpsr; __uint32_t __fpcr; }; +// # 523 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4 struct __arm_pagein_state { int __pagein_error; }; + /* * Debug State */ +// # 556 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4 /* ARM's arm_debug_state is ARM64's arm_legacy_debug_state */ + + + struct __arm_legacy_debug_state { __uint32_t __bvr[16]; @@ -1868,6 +2362,7 @@ struct __arm_legacy_debug_state __uint32_t __wvr[16]; __uint32_t __wcr[16]; }; +// # 583 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4 struct __darwin_arm_debug_state32 { __uint32_t __bvr[16]; @@ -1876,6 +2371,8 @@ struct __darwin_arm_debug_state32 __uint32_t __wcr[16]; __uint64_t __mdscr_el1; /* Bit 0 is SS (Hardware Single Step) */ }; + + struct __darwin_arm_debug_state64 { __uint64_t __bvr[16]; @@ -1884,24 +2381,36 @@ struct __darwin_arm_debug_state64 __uint64_t __wcr[16]; __uint64_t __mdscr_el1; /* Bit 0 is SS (Hardware Single Step) */ }; +// # 625 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4 struct __darwin_arm_cpmu_state64 { __uint64_t __ctrs[16]; }; +// # 36 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/machine/_structs.h" 2 3 4 +// # 37 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/_mcontext.h" 2 3 4 + + + + struct __darwin_mcontext32 { struct __darwin_arm_exception_state __es; struct __darwin_arm_thread_state __ss; struct __darwin_arm_vfp_state __fs; }; +// # 64 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/_mcontext.h" 3 4 struct __darwin_mcontext64 { struct __darwin_arm_exception_state64 __es; struct __darwin_arm_thread_state64 __ss; struct __darwin_arm_neon_state64 __ns; }; +// # 85 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/_mcontext.h" 3 4 typedef struct __darwin_mcontext64 *mcontext_t; +// # 35 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/machine/_mcontext.h" 2 3 4 +// # 147 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 2 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_pthread/_pthread_attr_t.h" 1 3 4 /* * Copyright (c) 2003-2012 Apple Inc. All rights reserved. * @@ -1929,8 +2438,13 @@ typedef struct __darwin_mcontext64 *mcontext_t; * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + + typedef __darwin_pthread_attr_t pthread_attr_t; +// # 149 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 2 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_sigaltstack.h" 1 3 4 /* * Copyright (c) 2003-2012 Apple Inc. All rights reserved. * @@ -1958,7 +2472,9 @@ typedef __darwin_pthread_attr_t pthread_attr_t; * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + /* Structure used in sigaltstack call. */ +// # 42 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_sigaltstack.h" 3 4 struct __darwin_sigaltstack { void *ss_sp; /* signal stack base */ @@ -1966,6 +2482,8 @@ struct __darwin_sigaltstack int ss_flags; /* SA_DISABLE and/or SA_ONSTACK */ }; typedef struct __darwin_sigaltstack stack_t; /* [???] signal stack */ +// # 151 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 2 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_ucontext.h" 1 3 4 /* * Copyright (c) 2003-2012 Apple Inc. All rights reserved. * @@ -1993,6 +2511,7 @@ typedef struct __darwin_sigaltstack stack_t; /* [???] signal stack */ * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ +// # 43 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_ucontext.h" 3 4 struct __darwin_ucontext { int uc_onstack; @@ -2001,9 +2520,17 @@ struct __darwin_ucontext struct __darwin_ucontext *uc_link; /* pointer to resuming context */ __darwin_size_t uc_mcsize; /* size of the machine context passed in */ struct __darwin_mcontext64 *uc_mcontext; /* pointer to machine specific context */ + + + }; + /* user context */ typedef struct __darwin_ucontext ucontext_t; /* [???] user context */ +// # 152 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 2 3 4 + + +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_sigset_t.h" 1 3 4 /* * Copyright (c) 2003-2012 Apple Inc. All rights reserved. * @@ -2031,7 +2558,12 @@ typedef struct __darwin_ucontext ucontext_t; /* [???] user context */ * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + + typedef __darwin_sigset_t sigset_t; +// # 155 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 2 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_size_t.h" 1 3 4 /* * Copyright (c) 2003-2012 Apple Inc. All rights reserved. * @@ -2059,7 +2591,12 @@ typedef __darwin_sigset_t sigset_t; * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + + typedef __darwin_size_t size_t; +// # 156 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 2 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_uid_t.h" 1 3 4 /* * Copyright (c) 2003-2012 Apple Inc. All rights reserved. * @@ -2087,13 +2624,22 @@ typedef __darwin_size_t size_t; * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + + typedef __darwin_uid_t uid_t; +// # 157 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 2 3 4 union sigval { /* Members as suggested by Annex C of POSIX 1003.1b. */ int sival_int; void *sival_ptr; }; + + + + + struct sigevent { int sigev_notify; /* Notification type */ int sigev_signo; /* Signal number */ @@ -2101,6 +2647,8 @@ struct sigevent { void (*sigev_notify_function)(union sigval); /* Notification function */ pthread_attr_t *sigev_notify_attributes; /* Notification attributes */ }; + + typedef struct __siginfo { int si_signo; /* signal number */ int si_errno; /* errno association */ @@ -2113,6 +2661,8 @@ typedef struct __siginfo { long si_band; /* band event for SIGPOLL */ unsigned long __pad[7]; /* Reserved for Future Use */ } siginfo_t; + + /* * When the signal is SIGILL or SIGFPE, si_addr contains the address of * the faulting instruction. @@ -2123,20 +2673,49 @@ typedef struct __siginfo { * si_status contains the exit value or signal and * si_uid contains the real user ID of the process that sent the signal. */ + /* Values for si_code */ + /* Codes for SIGILL */ +// # 217 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 3 4 /* Codes for SIGFPE */ +// # 230 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 3 4 /* Codes for SIGSEGV */ + + + + + + /* Codes for SIGBUS */ + + + + + + + /* Codes for SIGTRAP */ + + + /* Codes for SIGCHLD */ +// # 260 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 3 4 /* Codes for SIGPOLL */ + + + + + + + /* union for signal handlers */ union __sigaction_u { void (*__sa_handler)(int); void (*__sa_sigaction)(int, struct __siginfo *, void *); }; + /* Signal vector template for Kernel user boundary */ struct __sigaction { union __sigaction_u __sigaction_u; /* signal handler */ @@ -2144,6 +2723,7 @@ struct __sigaction { sigset_t sa_mask; /* signal mask to apply */ int sa_flags; /* see signal options below */ }; + /* * Signal vector "template" used in sigaction call. */ @@ -2152,19 +2732,48 @@ struct sigaction { sigset_t sa_mask; /* signal mask to apply */ int sa_flags; /* see signal options below */ }; + + + /* if SA_SIGINFO is set, sa_sigaction is to be used instead of sa_handler. */ +// # 307 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 3 4 /* This will provide 64bit register set in a 32bit user address space */ + + + /* the following are the only bits we support from user space, the * rest are for kernel use only. */ + + /* * Flags for sigprocmask: */ + + + + /* POSIX 1003.1b required values. */ + + + + + + + typedef void (*sig_t)(int); /* type of signal function */ + + /* * Structure used in sigaltstack call. */ + + + + + + + /* * 4.3 compatibility: * Signal vector "template" used in sigvec call. @@ -2174,6 +2783,7 @@ struct sigvec { int sv_mask; /* signal mask to apply */ int sv_flags; /* see signal options below */ }; +// # 364 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 3 4 /* * Structure used in sigstack call. */ @@ -2181,15 +2791,21 @@ struct sigstack { char *ss_sp; /* signal stack pointer */ int ss_onstack; /* current status */ }; + + /* * Macro for converting signal number to a mask suitable for * sigblock(). */ +// # 385 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 3 4 /* * For historical reasons; programs expect signal's return value to be * defined by . */ + void(*signal(int, void (*)(int)))(int); +// # 110 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/wait.h" 2 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/resource.h" 1 3 4 /* * Copyright (c) 2000-2018 Apple Inc. All rights reserved. * @@ -2252,6 +2868,8 @@ struct sigstack { * * @(#)resource.h 8.2 (Berkeley) 1/4/94 */ +// # 72 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/resource.h" 3 4 +// # 1 "/Library/Developer/CommandLineTools/usr/lib/clang/14.0.0/include/stdint.h" 1 3 4 /*===---- stdint.h - Standard header for sized integer types --------------===*\ * * Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. @@ -2259,12 +2877,20 @@ struct sigstack { * SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception * \*===----------------------------------------------------------------------===*/ + + // AIX system headers need stdint.h to be re-enterable while _STD_TYPES_T // is defined until an inclusion of it without _STD_TYPES_T occurs, in which // case the header guard macro is defined. + + + + /* If we're hosted, fall back to the system's stdint.h, which might have * additional definitions. */ + + // C99 7.18.3 Limits of other integer types // // Footnote 219, 220: C++ implementations should define these macros only when @@ -2284,12 +2910,22 @@ struct sigstack { // Work around this inconsistency by always defining those macros in C++ mode, // so that a C library implementation which follows the C99 standard can be // used in C++. +// # 52 "/Library/Developer/CommandLineTools/usr/lib/clang/14.0.0/include/stdint.h" 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdint.h" 1 3 4 /* * Copyright (c) 2000-2010 Apple Inc. * All rights reserved. */ +// # 15 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdint.h" 3 4 /* from ISO/IEC 988:1999 spec */ + /* 7.18.1.1 Exact-width integer types */ + + + + + +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/_types/_uint8_t.h" 1 3 4 /* * Copyright (c) 2012 Apple Inc. All rights reserved. * @@ -2317,7 +2953,12 @@ struct sigstack { * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + + typedef unsigned char uint8_t; +// # 24 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdint.h" 2 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/_types/_uint16_t.h" 1 3 4 /* * Copyright (c) 2012 Apple Inc. All rights reserved. * @@ -2345,7 +2986,12 @@ typedef unsigned char uint8_t; * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + + typedef unsigned short uint16_t; +// # 25 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdint.h" 2 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/_types/_uint32_t.h" 1 3 4 /* * Copyright (c) 2012 Apple Inc. All rights reserved. * @@ -2373,7 +3019,12 @@ typedef unsigned short uint16_t; * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + + typedef unsigned int uint32_t; +// # 26 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdint.h" 2 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/_types/_uint64_t.h" 1 3 4 /* * Copyright (c) 2012 Apple Inc. All rights reserved. * @@ -2401,7 +3052,11 @@ typedef unsigned int uint32_t; * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + + typedef unsigned long long uint64_t; +// # 27 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdint.h" 2 3 4 /* 7.18.1.2 Minimum-width integer types */ typedef int8_t int_least8_t; @@ -2412,6 +3067,8 @@ typedef uint8_t uint_least8_t; typedef uint16_t uint_least16_t; typedef uint32_t uint_least32_t; typedef uint64_t uint_least64_t; + + /* 7.18.1.3 Fastest-width integer types */ typedef int8_t int_fast8_t; typedef int16_t int_fast16_t; @@ -2421,8 +3078,17 @@ typedef uint8_t uint_fast8_t; typedef uint16_t uint_fast16_t; typedef uint32_t uint_fast32_t; typedef uint64_t uint_fast64_t; + + /* 7.18.1.4 Integer types capable of holding object pointers */ + + + + + + /* 7.18.1.5 Greatest-width integer types */ +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/_types/_intmax_t.h" 1 3 4 /* * Copyright (c) 2012 Apple Inc. All rights reserved. * @@ -2450,7 +3116,13 @@ typedef uint64_t uint_fast64_t; * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + + + typedef long int intmax_t; +// # 59 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdint.h" 2 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/_types/_uintmax_t.h" 1 3 4 /* * Copyright (c) 2012 Apple Inc. All rights reserved. * @@ -2478,9 +3150,15 @@ typedef long int intmax_t; * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ -typedef long unsigned int uintmax_t; + + + + +typedef unsigned long int uintmax_t; +// # 60 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdint.h" 2 3 4 /* 7.18.4 Macros for integer constants */ +// # 80 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdint.h" 3 4 /* 7.18.2 Limits of specified-width integer types: * These #defines specify the minimum and maximum limits * of each of the types declared above. @@ -2489,25 +3167,50 @@ typedef long unsigned int uintmax_t; * object of the corresponding type converted according to the integer * promotion". */ + + /* 7.18.2.1 Limits of exact-width integer types */ + + + + + + + /* Note: the literal "most negative int" cannot be written in C -- the rules in the standard (section 6.4.4.1 in C99) will give it an unsigned type, so INT32_MIN (and the most negative member of any larger signed type) must be written via a constant expression. */ +// # 112 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdint.h" 3 4 /* 7.18.2.2 Limits of minimum-width integer types */ +// # 128 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdint.h" 3 4 /* 7.18.2.3 Limits of fastest minimum-width integer types */ +// # 144 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdint.h" 3 4 /* 7.18.2.4 Limits of integer types capable of holding object pointers */ +// # 159 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdint.h" 3 4 /* 7.18.2.5 Limits of greatest-width integer types */ -/* 7.18.3 "Other" */ -/* WCHAR_MIN should be 0 if wchar_t is an unsigned type and - (-WCHAR_MAX-1) if wchar_t is a signed type. Unfortunately, + + + + +/* 7.18.3 "Other" */ +// # 187 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdint.h" 3 4 +/* WCHAR_MIN should be 0 if wchar_t is an unsigned type and + (-WCHAR_MAX-1) if wchar_t is a signed type. Unfortunately, it turns out that -fshort-wchar changes the signedness of the type. */ +// # 53 "/Library/Developer/CommandLineTools/usr/lib/clang/14.0.0/include/stdint.h" 2 3 4 +// # 73 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/resource.h" 2 3 4 + + + + /* [XSI] The timeval structure shall be defined as described in * */ +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_timeval.h" 1 3 4 /* * Copyright (c) 2003-2012 Apple Inc. All rights reserved. * @@ -2535,43 +3238,72 @@ typedef long unsigned int uintmax_t; * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + + + + + struct timeval { __darwin_time_t tv_sec; /* seconds */ __darwin_suseconds_t tv_usec; /* and microseconds */ }; +// # 81 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/resource.h" 2 3 4 /* The id_t type shall be defined as described in */ + + + /* * Resource limit type (low 63 bits, excluding the sign bit) */ typedef __uint64_t rlim_t; + + /***** * PRIORITY */ + /* * Possible values of the first parameter to getpriority()/setpriority(), * used to indicate the type of the second parameter. */ +// # 109 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/resource.h" 3 4 /* * Range limitations for the value of the third parameter to setpriority(). */ + + + /* * use PRIO_DARWIN_BG to set the current thread into "background" state * which lowers CPU, disk IO, and networking priorites until thread terminates * or "background" state is revoked */ + + /* * use PRIO_DARWIN_NONUI to restrict a process's ability to make calls to * the GPU. (deprecated) */ + + + + + + /***** * RESOURCE USAGE */ + /* * Possible values of the first parameter to getrusage(), used to indicate * the scope of the information to be returned. */ + + + /* * A structure representing an accounting of resource utilization. The * address of an instance of this structure is the second parameter to @@ -2584,12 +3316,16 @@ typedef __uint64_t rlim_t; struct rusage { struct timeval ru_utime; /* user time used (PL) */ struct timeval ru_stime; /* system time used (PL) */ + + + /* * Informational aliases for source compatibility with programs * that need more information than that provided by standards, * and which do not mind being OS-dependent. */ long ru_maxrss; /* max resident set size (PL) */ + long ru_ixrss; /* integral shared memory size (NU) */ long ru_idrss; /* integral unshared data (NU) */ long ru_isrss; /* integral unshared stack (NU) */ @@ -2603,14 +3339,22 @@ struct rusage { long ru_nsignals; /* signals received (atomic) */ long ru_nvcsw; /* voluntary context switches (atomic) */ long ru_nivcsw; /* involuntary " */ + + }; + + /* * Flavors for proc_pid_rusage(). */ +// # 194 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/resource.h" 3 4 /* * Flags for RUSAGE_INFO_V5 */ + + typedef void *rusage_info_t; + struct rusage_info_v0 { uint8_t ri_uuid[16]; uint64_t ri_user_time; @@ -2624,6 +3368,7 @@ struct rusage_info_v0 { uint64_t ri_proc_start_abstime; uint64_t ri_proc_exit_abstime; }; + struct rusage_info_v1 { uint8_t ri_uuid[16]; uint64_t ri_user_time; @@ -2643,6 +3388,7 @@ struct rusage_info_v1 { uint64_t ri_child_pageins; uint64_t ri_child_elapsed_abstime; }; + struct rusage_info_v2 { uint8_t ri_uuid[16]; uint64_t ri_user_time; @@ -2664,6 +3410,7 @@ struct rusage_info_v2 { uint64_t ri_diskio_bytesread; uint64_t ri_diskio_byteswritten; }; + struct rusage_info_v3 { uint8_t ri_uuid[16]; uint64_t ri_user_time; @@ -2694,6 +3441,7 @@ struct rusage_info_v3 { uint64_t ri_billed_system_time; uint64_t ri_serviced_system_time; }; + struct rusage_info_v4 { uint8_t ri_uuid[16]; uint64_t ri_user_time; @@ -2732,6 +3480,7 @@ struct rusage_info_v4 { uint64_t ri_interval_max_phys_footprint; uint64_t ri_runnable_time; }; + struct rusage_info_v5 { uint8_t ri_uuid[16]; uint64_t ri_user_time; @@ -2771,19 +3520,31 @@ struct rusage_info_v5 { uint64_t ri_runnable_time; uint64_t ri_flags; }; + typedef struct rusage_info_v5 rusage_info_current; + + + + + /***** * RESOURCE LIMITS */ + /* * Symbolic constants for resource limits; since all limits are representable * as a type rlim_t, we are permitted to define RLIM_SAVED_* in terms of * RLIM_INFINITY. */ + + + + /* * Possible values of the first parameter to getrlimit()/setrlimit(), to * indicate for which resource the operation is being performed. */ +// # 407 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/resource.h" 3 4 /* * A structure representing a resource limit. The address of an instance * of this structure is the second parameter to getrlimit()/setrlimit(). @@ -2792,35 +3553,73 @@ struct rlimit { rlim_t rlim_cur; /* current (soft) limit */ rlim_t rlim_max; /* maximum value for rlim_cur */ }; + + /* * proc_rlimit_control() * * Resource limit flavors */ + + + + + /* * Flags for wakeups monitor control. */ + + + + + + /* * Flags for CPU usage monitor control. */ + + /* * Flags for memory footprint interval tracking. */ + + struct proc_rlimit_control_wakeupmon { uint32_t wm_flags; int32_t wm_rate; }; + + + /* I/O type */ +// # 464 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/resource.h" 3 4 /* scope */ + + + + /* I/O Priority */ + + + + + + + /* compatibility with older names */ +// # 511 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/resource.h" 3 4 int getpriority(int, id_t); + int getiopolicy_np(int, int) __attribute__((availability(macosx,introduced=10.5))); + int getrlimit(int, struct rlimit *) __asm("_" "getrlimit" ); int getrusage(int, struct rusage *); int setpriority(int, id_t, int); + int setiopolicy_np(int, int, int) __attribute__((availability(macosx,introduced=10.5))); + int setrlimit(int, const struct rlimit *) __asm("_" "setrlimit" ); +// # 111 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/wait.h" 2 3 4 /* * Option bits for the third argument of wait4. WNOHANG causes the @@ -2831,27 +3630,60 @@ int setrlimit(int, const struct rlimit *) __asm("_" "setrlimit" ); * this option is done, it is as though they were still running... nothing * about them is returned. */ + + + /* * Macros to test the exit status returned by wait * and extract the relevant values. */ + + + + + + + /* These macros are permited, as they are in the implementation namespace */ + + + /* * [XSI] The header shall define the following macros for * analysis of process status values */ + + + + + /* 0x13 == SIGCONT */ +// # 162 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/wait.h" 3 4 /* * [XSI] The following symbolic constants shall be defined as possible * values for the fourth argument to waitid(). */ /* WNOHANG already defined for wait4() */ /* WUNTRACED defined for wait4() but not for waitid() */ + + /* waitid() parameter */ + + + + + + + /* POSIX extensions and 4.2/4.3 compatability: */ + /* * Tokens for special values of the "pid" parameter to wait4. */ + + + +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/machine/endian.h" 1 3 4 /* * Copyright (c) 2000-2007 Apple Inc. All rights reserved. * @@ -2882,6 +3714,13 @@ int setrlimit(int, const struct rlimit *) __asm("_" "setrlimit" ); /* * Copyright 1995 NeXT Computer, Inc. All rights reserved. */ + + + + + + +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/endian.h" 1 3 4 /* * Copyright (c) 2000-2007 Apple Inc. All rights reserved. */ @@ -2922,17 +3761,30 @@ int setrlimit(int, const struct rlimit *) __asm("_" "setrlimit" ); * * @(#)endian.h 8.1 (Berkeley) 6/11/93 */ + + + + + + + /* * Define _NOQUAD if the compiler does NOT support 64-bit integers. */ /* #define _NOQUAD */ + /* * Define the order of 32-bit words in 64-bit words. */ + + + /* * Definitions for byte order, according to byte significance from low * address to high. */ +// # 77 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/endian.h" 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_endian.h" 1 3 4 /* * Copyright (c) 2004, 2006 Apple Computer, Inc. All rights reserved. * @@ -2960,6 +3812,7 @@ int setrlimit(int, const struct rlimit *) __asm("_" "setrlimit" ); * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + /* * Copyright (c) 1995 NeXT Computer, Inc. All rights reserved. * Copyright (c) 2000-2002 Apple Computer, Inc. All rights reserved. @@ -3020,9 +3873,17 @@ int setrlimit(int, const struct rlimit *) __asm("_" "setrlimit" ); * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ + + + + + + /* * Macros for network/external number representation conversion. */ +// # 130 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_endian.h" 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/libkern/_OSByteOrder.h" 1 3 4 /* * Copyright (c) 2006 Apple Computer, Inc. All rights reserved. * @@ -3050,6 +3911,10 @@ int setrlimit(int, const struct rlimit *) __asm("_" "setrlimit" ); * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + + + /* * This header is normally included from . However, * also includes this in the case of little-endian @@ -3057,10 +3922,21 @@ int setrlimit(int, const struct rlimit *) __asm("_" "setrlimit" ); * macros. This results in the asymmetry below; we only include * for little-endian architectures. */ + + + /* Macros for swapping constant values in the preprocessing stage. */ +// # 80 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/libkern/_OSByteOrder.h" 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/libkern/arm/OSByteOrder.h" 1 3 4 /* * Copyright (c) 1999-2007 Apple Inc. All rights reserved. */ + + + + + +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/arch.h" 1 3 4 /* * Copyright (c) 2007 Apple Inc. All rights reserved. * @@ -3088,9 +3964,16 @@ int setrlimit(int, const struct rlimit *) __asm("_" "setrlimit" ); * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + + + + /* Collect the __ARM_ARCH_*__ compiler flags into something easier to use. */ +// # 10 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/libkern/arm/OSByteOrder.h" 2 3 4 /* Generic byte swapping functions. */ + static inline uint16_t _OSSwapInt16( @@ -3100,33 +3983,48 @@ _OSSwapInt16( /* Reduces to 'rev16' with clang */ return (uint16_t)(_data << 8 | _data >> 8); } + static inline uint32_t _OSSwapInt32( uint32_t _data ) { + _data = __builtin_bswap32(_data); + + + + + return _data; } + static inline uint64_t _OSSwapInt64( uint64_t _data ) { + return __builtin_bswap64(_data); +// # 60 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/libkern/arm/OSByteOrder.h" 3 4 } + /* Functions for byte reversed loads. */ + struct _OSUnalignedU16 { volatile uint16_t __val; } __attribute__((__packed__)); + struct _OSUnalignedU32 { volatile uint32_t __val; } __attribute__((__packed__)); + struct _OSUnalignedU64 { volatile uint64_t __val; } __attribute__((__packed__)); +// # 87 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/libkern/arm/OSByteOrder.h" 3 4 static inline uint16_t OSReadSwapInt16( @@ -3136,6 +4034,7 @@ OSReadSwapInt16( { return _OSSwapInt16(((struct _OSUnalignedU16 *)((uintptr_t)_base + _offset))->__val); } +// # 109 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/libkern/arm/OSByteOrder.h" 3 4 static inline uint32_t OSReadSwapInt32( @@ -3145,6 +4044,7 @@ OSReadSwapInt32( { return _OSSwapInt32(((struct _OSUnalignedU32 *)((uintptr_t)_base + _offset))->__val); } +// # 131 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/libkern/arm/OSByteOrder.h" 3 4 static inline uint64_t OSReadSwapInt64( @@ -3154,7 +4054,10 @@ OSReadSwapInt64( { return _OSSwapInt64(((struct _OSUnalignedU64 *)((uintptr_t)_base + _offset))->__val); } + + /* Functions for byte reversed stores. */ +// # 156 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/libkern/arm/OSByteOrder.h" 3 4 static inline void OSWriteSwapInt16( @@ -3165,6 +4068,7 @@ OSWriteSwapInt16( { ((struct _OSUnalignedU16 *)((uintptr_t)_base + _offset))->__val = _OSSwapInt16(_data); } +// # 180 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/libkern/arm/OSByteOrder.h" 3 4 static inline void OSWriteSwapInt32( @@ -3175,6 +4079,7 @@ OSWriteSwapInt32( { ((struct _OSUnalignedU32 *)((uintptr_t)_base + _offset))->__val = _OSSwapInt32(_data); } +// # 204 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/libkern/arm/OSByteOrder.h" 3 4 static inline void OSWriteSwapInt64( @@ -3185,6 +4090,11 @@ OSWriteSwapInt64( { ((struct _OSUnalignedU64 *)((uintptr_t)_base + _offset))->__val = _OSSwapInt64(_data); } +// # 81 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/libkern/_OSByteOrder.h" 2 3 4 +// # 131 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_endian.h" 2 3 4 +// # 78 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/endian.h" 2 3 4 +// # 38 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/machine/endian.h" 2 3 4 +// # 187 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/wait.h" 2 3 4 /* * Deprecated: @@ -3198,10 +4108,18 @@ union wait { * Terminated process status. */ struct { + unsigned int w_Termsig:7, /* termination signal */ w_Coredump:1, /* core dump indicator */ w_Retcode:8, /* exit code if w_termsig==0 */ w_Filler:16; /* upper bits filler */ + + + + + + + } w_T; /* * Stopped process status. Returned @@ -3209,17 +4127,30 @@ union wait { * with the WUNTRACED option bit. */ struct { + unsigned int w_Stopval:8, /* == W_STOPPED if stopped */ w_Stopsig:8, /* signal that stopped us */ w_Filler:16; /* upper bits filler */ + + + + + + } w_S; }; +// # 248 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/wait.h" 3 4 pid_t wait(int *) __asm("_" "wait" ); pid_t waitpid(pid_t, int *, int) __asm("_" "waitpid" ); + int waitid(idtype_t, id_t, siginfo_t *, int) __asm("_" "waitid" ); + + pid_t wait3(int *, int, struct rusage *); pid_t wait4(pid_t, int *, int, struct rusage *); +// # 67 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 2 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/alloca.h" 1 3 4 /* * Copyright (c) 2003 Apple Computer, Inc. All rights reserved. * @@ -3242,10 +4173,22 @@ pid_t wait4(pid_t, int *, int, struct rusage *); * * @APPLE_LICENSE_HEADER_END@ */ +// # 32 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/alloca.h" 3 4 void *alloca(size_t); /* built-in for gcc */ + + + /* built-in for gcc 3 */ +// # 69 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 2 3 4 + + + /* DO NOT REMOVE THIS COMMENT: fixincludes needs to see: * _GCC_SIZE_T */ + + + +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_ct_rune_t.h" 1 3 4 /* * Copyright (c) 2012 Apple Inc. All rights reserved. * @@ -3273,7 +4216,13 @@ void *alloca(size_t); /* built-in for gcc */ * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + + + typedef __darwin_ct_rune_t ct_rune_t; +// # 78 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 2 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_rune_t.h" 1 3 4 /* * Copyright (c) 2012 Apple Inc. All rights reserved. * @@ -3301,7 +4250,14 @@ typedef __darwin_ct_rune_t ct_rune_t; * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + + typedef __darwin_rune_t rune_t; +// # 79 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 2 3 4 + + +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_wchar_t.h" 1 3 4 /* * Copyright (c) 2012 Apple Inc. All rights reserved. * @@ -3329,21 +4285,33 @@ typedef __darwin_rune_t rune_t; * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + /* wchar_t is a built-in type in C++ */ + + + + typedef __darwin_wchar_t wchar_t; +// # 82 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 2 3 4 typedef struct { int quot; /* quotient */ int rem; /* remainder */ } div_t; + typedef struct { long quot; /* quotient */ long rem; /* remainder */ } ldiv_t; + + typedef struct { long long quot; long long rem; } lldiv_t; + + +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_null.h" 1 3 4 /* * Copyright (c) 2003-2012 Apple Inc. All rights reserved. * @@ -3371,7 +4339,11 @@ typedef struct { * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ +// # 101 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 2 3 4 +// # 118 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 3 4 extern int __mb_cur_max; +// # 128 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/malloc/_malloc.h" 1 3 4 /* * Copyright (c) 2018 Apple Computer, Inc. All rights reserved. * @@ -3394,26 +4366,42 @@ extern int __mb_cur_max; * * @APPLE_LICENSE_HEADER_END@ */ + + + + /* * This header is included from , so the contents of this file have * broad source compatibility and POSIX conformance implications. * Be cautious about what is included and declared here. */ +// # 40 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/malloc/_malloc.h" 3 4 void *malloc(size_t __size) __attribute__((__warn_unused_result__)) __attribute__((alloc_size(1))); void *calloc(size_t __count, size_t __size) __attribute__((__warn_unused_result__)) __attribute__((alloc_size(1,2))); void free(void *); void *realloc(void *__ptr, size_t __size) __attribute__((__warn_unused_result__)) __attribute__((alloc_size(2))); + void *valloc(size_t) __attribute__((alloc_size(1))); + + + + void *aligned_alloc(size_t __alignment, size_t __size) __attribute__((__warn_unused_result__)) __attribute__((alloc_size(2))) __attribute__((availability(macosx,introduced=10.15))) __attribute__((availability(ios,introduced=13.0))) __attribute__((availability(tvos,introduced=13.0))) __attribute__((availability(watchos,introduced=6.0))); + int posix_memalign(void **__memptr, size_t __alignment, size_t __size) __attribute__((availability(macosx,introduced=10.6))); +// # 129 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 2 3 4 + + void abort(void) __attribute__((__cold__)) __attribute__((__noreturn__)); int abs(int) __attribute__((__const__)); int atexit(void (* _Nonnull)(void)); double atof(const char *); int atoi(const char *); long atol(const char *); + long long atoll(const char *); + void *bsearch(const void *__key, const void *__base, size_t __nel, size_t __width, int (* _Nonnull __compar)(const void *, const void *)); /* calloc is now declared in _malloc.h */ @@ -3423,9 +4411,11 @@ void exit(int) __attribute__((__noreturn__)); char *getenv(const char *); long labs(long) __attribute__((__const__)); ldiv_t ldiv(long, long) __attribute__((__const__)); + long long llabs(long long); lldiv_t lldiv(long long, long long); + /* malloc is now declared in _malloc.h */ int mblen(const char *__s, size_t __n); size_t mbstowcs(wchar_t * restrict , const char * restrict, size_t); @@ -3441,18 +4431,27 @@ float strtof(const char *, char **) __asm("_" "strtof" ); long strtol(const char *__str, char **__endptr, int __base); long double strtold(const char *, char **); + long long strtoll(const char *__str, char **__endptr, int __base); + unsigned long strtoul(const char *__str, char **__endptr, int __base); + unsigned long long strtoull(const char *__str, char **__endptr, int __base); + + __attribute__((__availability__(swift, unavailable, message="Use posix_spawn APIs or NSTask instead. (On iOS, process spawning is unavailable.)"))) __attribute__((availability(macos,introduced=10.0))) __attribute__((availability(ios,unavailable))) __attribute__((availability(watchos,unavailable))) __attribute__((availability(tvos,unavailable))) int system(const char *) __asm("_" "system" ); -size_t wcstombs(char * restrict, const wchar_t * restrict, size_t); + + +size_t wcstombs(char * restrict, const wchar_t * restrict, size_t); int wctomb(char *, wchar_t); + + void _Exit(int) __attribute__((__noreturn__)); long a64l(const char *); double drand48(void); @@ -3462,7 +4461,11 @@ char *fcvt(double, int, int *restrict, int *restrict); /* LEGACY */ char *gcvt(double, int, char *); /* LEGACY */ int getsubopt(char **, char * const *, char **); int grantpt(int); + char *initstate(unsigned, char *, size_t); /* no __DARWIN_ALIAS needed */ + + + long jrand48(unsigned short[3]) __attribute__((__availability__(swift, unavailable, message="Use arc4random instead."))); char *l64a(long); void lcong48(unsigned short[7]); @@ -3473,20 +4476,45 @@ long mrand48(void) __attribute__((__availability__(swift, unavailable, message=" long nrand48(unsigned short[3]) __attribute__((__availability__(swift, unavailable, message="Use arc4random instead."))); int posix_openpt(int); char *ptsname(int); + + int ptsname_r(int fildes, char *buffer, size_t buflen) __attribute__((availability(macos,introduced=10.13.4))) __attribute__((availability(ios,introduced=11.3))) __attribute__((availability(tvos,introduced=11.3))) __attribute__((availability(watchos,introduced=4.3))); + + int putenv(char *) __asm("_" "putenv" ); long random(void) __attribute__((__availability__(swift, unavailable, message="Use arc4random instead."))); int rand_r(unsigned *) __attribute__((__availability__(swift, unavailable, message="Use arc4random instead."))); + char *realpath(const char * restrict, char * restrict) __asm("_" "realpath" "$DARWIN_EXTSN"); + + + unsigned short *seed48(unsigned short[3]); int setenv(const char * __name, const char * __value, int __overwrite) __asm("_" "setenv" ); + void setkey(const char *) __asm("_" "setkey" ); + + + char *setstate(const char *); void srand48(long); + void srandom(unsigned); + + + int unlockpt(int); + int unsetenv(const char *) __asm("_" "unsetenv" ); + + + + + + + +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_dev_t.h" 1 3 4 /* * Copyright (c) 2003-2012 Apple Inc. All rights reserved. * @@ -3514,7 +4542,12 @@ int unsetenv(const char *) __asm("_" "unsetenv" ); * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + + typedef __darwin_dev_t dev_t; /* device number */ +// # 254 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 2 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_mode_t.h" 1 3 4 /* * Copyright (c) 2003-2012 Apple Inc. All rights reserved. * @@ -3542,7 +4575,13 @@ typedef __darwin_dev_t dev_t; /* device number */ * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + + typedef __darwin_mode_t mode_t; +// # 255 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 2 3 4 + + uint32_t arc4random(void); void arc4random_addrandom(unsigned char * /*dat*/, int /*datlen*/) __attribute__((availability(macosx,introduced=10.0))) __attribute__((availability(macosx,deprecated=10.12,message="use arc4random_stir"))) @@ -3553,10 +4592,14 @@ void arc4random_buf(void * __buf, size_t __nbytes) __attribute__((availability(m void arc4random_stir(void); uint32_t arc4random_uniform(uint32_t __upper_bound) __attribute__((availability(macosx,introduced=10.7))); + int atexit_b(void (^ _Nonnull)(void)) __attribute__((availability(macosx,introduced=10.6))); +// # 277 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 3 4 void *bsearch_b(const void *__key, const void *__base, size_t __nel, size_t __width, int (^ _Nonnull __compar)(const void *, const void *) __attribute__((__noescape__))) __attribute__((availability(macosx,introduced=10.6))); + + /* getcap(3) functions */ char *cgetcap(char *, const char *, int); int cgetclose(void); @@ -3568,6 +4611,7 @@ int cgetnum(char *, const char *, long *); int cgetset(const char *); int cgetstr(char *, const char *, char **); int cgetustr(char *, const char *, char **); + int daemon(int, int) __asm("_" "daemon" ) __attribute__((availability(macosx,introduced=10.0,deprecated=10.5,message="Use posix_spawn APIs instead."))) __attribute__((availability(watchos,unavailable))) __attribute__((availability(tvos,unavailable))); char *devname(dev_t, mode_t); char *devname_r(dev_t, mode_t, char *buf, int len); @@ -3576,28 +4620,37 @@ int getloadavg(double [], int); const char *getprogname(void); void setprogname(const char *); +// # 311 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 3 4 int heapsort(void *__base, size_t __nel, size_t __width, int (* _Nonnull __compar)(const void *, const void *)); + int heapsort_b(void *__base, size_t __nel, size_t __width, int (^ _Nonnull __compar)(const void *, const void *) __attribute__((__noescape__))) __attribute__((availability(macosx,introduced=10.6))); + int mergesort(void *__base, size_t __nel, size_t __width, int (* _Nonnull __compar)(const void *, const void *)); + int mergesort_b(void *__base, size_t __nel, size_t __width, int (^ _Nonnull __compar)(const void *, const void *) __attribute__((__noescape__))) __attribute__((availability(macosx,introduced=10.6))); + void psort(void *__base, size_t __nel, size_t __width, int (* _Nonnull __compar)(const void *, const void *)) __attribute__((availability(macosx,introduced=10.6))); + void psort_b(void *__base, size_t __nel, size_t __width, int (^ _Nonnull __compar)(const void *, const void *) __attribute__((__noescape__))) __attribute__((availability(macosx,introduced=10.6))); + void psort_r(void *__base, size_t __nel, size_t __width, void *, int (* _Nonnull __compar)(void *, const void *, const void *)) __attribute__((availability(macosx,introduced=10.6))); + void qsort_b(void *__base, size_t __nel, size_t __width, int (^ _Nonnull __compar)(const void *, const void *) __attribute__((__noescape__))) __attribute__((availability(macosx,introduced=10.6))); + void qsort_r(void *__base, size_t __nel, size_t __width, void *, int (* _Nonnull __compar)(void *, const void *, const void *)); int radixsort(const unsigned char **__base, int __nel, const unsigned char *__table, @@ -3612,13 +4665,19 @@ void *reallocf(void *__ptr, size_t __size) __attribute__((alloc_size(2))); long long strtonum(const char *__numstr, long long __minval, long long __maxval, const char **__errstrp) __attribute__((availability(macos,introduced=11.0))) __attribute__((availability(ios,introduced=14.0))) __attribute__((availability(tvos,introduced=14.0))) __attribute__((availability(watchos,introduced=7.0))); + long long strtoq(const char *__str, char **__endptr, int __base); unsigned long long strtouq(const char *__str, char **__endptr, int __base); + extern char *suboptarg; /* getsubopt(3) external variable */ /* valloc is now declared in _malloc.h */ + + /* Poison the following routines if -fshort-wchar is set */ +// # 29 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c" 2 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/string.h" 1 3 4 /* * Copyright (c) 2000, 2007, 2010 Apple Inc. All rights reserved. * @@ -3675,7 +4734,10 @@ extern char *suboptarg; /* getsubopt(3) external variable */ * * @(#)string.h 8.1 (Berkeley) 6/2/93 */ +// # 67 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/string.h" 3 4 /* ANSI-C */ + + void *memchr(const void *__s, int __c, size_t __n); int memcmp(const void *__s1, const void *__s2, size_t __n); void *memcpy(void *__dst, const void *__src, size_t __n); @@ -3698,27 +4760,56 @@ size_t strspn(const char *__s, const char *__charset); char *strstr(const char *__big, const char *__little); char *strtok(char *__str, const char *__sep); size_t strxfrm(char *__s1, const char *__s2, size_t __n); + + + + /* Additional functionality provided by: * POSIX.1c-1995, * POSIX.1i-1995, * and the omnibus ISO/IEC 9945-1: 1996 */ + + + char *strtok_r(char *__str, const char *__sep, char **__lasts); + + + + + /* Additional functionality provided by: * POSIX.1-2001 */ + + + int strerror_r(int __errnum, char *__strerrbuf, size_t __buflen); char *strdup(const char *__s1); void *memccpy(void *__dst, const void *__src, int __c, size_t __n); + + + + + /* Additional functionality provided by: * POSIX.1-2008 */ + + + char *stpcpy(char *__dst, const char *__src); char *stpncpy(char *__dst, const char *__src, size_t __n) __attribute__((availability(macosx,introduced=10.7))); char *strndup(const char *__s1, size_t __n) __attribute__((availability(macosx,introduced=10.7))); size_t strnlen(const char *__s1, size_t __n) __attribute__((availability(macosx,introduced=10.7))); char *strsignal(int __sig); + + + /* C11 Annex K */ + + +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_rsize_t.h" 1 3 4 /* * Copyright (c) 2003-2012 Apple Inc. All rights reserved. * @@ -3746,7 +4837,12 @@ char *strsignal(int __sig); * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + + typedef __darwin_size_t rsize_t; +// # 142 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/string.h" 2 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_errno_t.h" 1 3 4 /* * Copyright (c) 2003-2012 Apple Inc. All rights reserved. * @@ -3774,9 +4870,20 @@ typedef __darwin_size_t rsize_t; * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + typedef int errno_t; +// # 143 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/string.h" 2 3 4 + + errno_t memset_s(void *__s, rsize_t __smax, int __c, rsize_t __n) __attribute__((availability(macosx,introduced=10.9))); + + + /* Darwin extensions */ + + +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_ssize_t.h" 1 3 4 /* * Copyright (c) 2003-2012 Apple Inc. All rights reserved. * @@ -3804,30 +4911,43 @@ errno_t memset_s(void *__s, rsize_t __smax, int __c, rsize_t __n) __attribute__( * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ + + + typedef __darwin_ssize_t ssize_t; +// # 153 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/string.h" 2 3 4 + + void *memmem(const void *__big, size_t __big_len, const void *__little, size_t __little_len) __attribute__((availability(macosx,introduced=10.7))); void memset_pattern4(void *__b, const void *__pattern4, size_t __len) __attribute__((availability(macosx,introduced=10.5))); void memset_pattern8(void *__b, const void *__pattern8, size_t __len) __attribute__((availability(macosx,introduced=10.5))); void memset_pattern16(void *__b, const void *__pattern16, size_t __len) __attribute__((availability(macosx,introduced=10.5))); + char *strcasestr(const char *__big, const char *__little); char *strnstr(const char *__big, const char *__little, size_t __len); size_t strlcat(char *__dst, const char *__source, size_t __size); size_t strlcpy(char *__dst, const char *__source, size_t __size); void strmode(int __mode, char *__bp); char *strsep(char **__stringp, const char *__delim); + /* SUS places swab() in unistd.h. It is listed here for source compatibility */ void swab(const void * restrict, void * restrict, ssize_t); + __attribute__((availability(macosx,introduced=10.12.1))) __attribute__((availability(ios,introduced=10.1))) __attribute__((availability(tvos,introduced=10.0.1))) __attribute__((availability(watchos,introduced=3.1))) int timingsafe_bcmp(const void *__b1, const void *__b2, size_t __len); + __attribute__((availability(macosx,introduced=11.0))) __attribute__((availability(ios,introduced=14.0))) __attribute__((availability(tvos,introduced=14.0))) __attribute__((availability(watchos,introduced=7.0))) int strsignal_r(int __sig, char *__strsignalbuf, size_t __buflen); + + /* Some functions historically defined in string.h were placed in strings.h * by SUS. We are using "strings.h" instead of to avoid an issue * where /Developer/Headers/FlatCarbon/Strings.h could be included instead on * case-insensitive file systems. */ +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/strings.h" 1 3 4 /* * Copyright (c) 2000, 2007, 2010 Apple Inc. All rights reserved. * @@ -3884,21 +5004,32 @@ int strsignal_r(int __sig, char *__strsignalbuf, size_t __buflen); * * @(#)strings.h 8.1 (Berkeley) 6/2/93 */ +// # 68 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/strings.h" 3 4 /* Removed in Issue 7 */ + int bcmp(const void *, const void *, size_t) ; void bcopy(const void *, void *, size_t) ; void bzero(void *, size_t) ; char *index(const char *, int) ; char *rindex(const char *, int) ; + + int ffs(int); int strcasecmp(const char *, const char *); int strncasecmp(const char *, const char *, size_t); + + /* Darwin extensions */ + + int ffsl(long) __attribute__((availability(macosx,introduced=10.5))); int ffsll(long long) __attribute__((availability(macosx,introduced=10.9))); int fls(int) __attribute__((availability(macosx,introduced=10.5))); int flsl(long) __attribute__((availability(macosx,introduced=10.5))); int flsll(long long) __attribute__((availability(macosx,introduced=10.9))); + + +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/string.h" 1 3 4 /* * Copyright (c) 2000, 2007, 2010 Apple Inc. All rights reserved. * @@ -3955,7 +5086,12 @@ int flsll(long long) __attribute__((availability(macosx,introduced=10.9))); * * @(#)string.h 8.1 (Berkeley) 6/2/93 */ +// # 93 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/strings.h" 2 3 4 + + + /* Security checking functions. */ +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/secure/_strings.h" 1 3 4 /* * Copyright (c) 2017 Apple Inc. All rights reserved. * @@ -3978,6 +5114,8 @@ int flsll(long long) __attribute__((availability(macosx,introduced=10.9))); * * @APPLE_LICENSE_HEADER_END@ */ +// # 33 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/secure/_strings.h" 3 4 +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/secure/_common.h" 1 3 4 /* * Copyright (c) 2007, 2008 Apple Inc. All rights reserved. * @@ -4000,11 +5138,37 @@ int flsll(long long) __attribute__((availability(macosx,introduced=10.9))); * * @APPLE_LICENSE_HEADER_END@ */ +// # 34 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/secure/_strings.h" 2 3 4 + + + /* bcopy and bzero */ + /* Removed in Issue 7 */ + + + + /* void bcopy(const void *src, void *dst, size_t len) */ + + + + + + /* void bzero(void *s, size_t n) */ +// # 98 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/strings.h" 2 3 4 +// # 185 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/string.h" 2 3 4 + + + + + + + + /* Security checking functions. */ +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/secure/_string.h" 1 3 4 /* * Copyright (c) 2007,2017 Apple Inc. All rights reserved. * @@ -4027,26 +5191,92 @@ int flsll(long long) __attribute__((availability(macosx,introduced=10.9))); * * @APPLE_LICENSE_HEADER_END@ */ +// # 37 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/secure/_string.h" 3 4 /* */ +// # 46 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/secure/_string.h" 3 4 /* memccpy, memcpy, mempcpy, memmove, memset, strcpy, strlcpy, stpcpy, strncpy, stpncpy, strcat, strlcat, and strncat */ + + + + + /* void *memccpy(void *dst, const void *src, int c, size_t n) */ + + + + + + + /* void *memcpy(void *dst, const void *src, size_t n) */ + + + + + + /* void *memmove(void *dst, const void *src, size_t len) */ + + + + + + /* void *memset(void *b, int c, size_t len) */ + + + + + + /* char *strcpy(char *dst, const char *src) */ + + + + + + + /* char *stpcpy(char *dst, const char *src) */ +// # 99 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/secure/_string.h" 3 4 /* char *stpncpy(char *dst, const char *src, size_t n) */ +// # 110 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/secure/_string.h" 3 4 /* size_t strlcpy(char *dst, const char *source, size_t size) */ + + + + + + /* size_t strlcat(char *dst, const char *source, size_t size) */ +// # 126 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/secure/_string.h" 3 4 /* char *strncpy(char *dst, const char *src, size_t n) */ + + + + + + /* char *strcat(char *s1, const char *s2) */ + + + + + + + /* char *strncat(char *s1, const char *s2, size_t n) */ +// # 195 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/string.h" 2 3 4 +// # 30 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c" 2 /* Defining MPU_WRAPPERS_INCLUDED_FROM_API_FILE prevents task.h from redefining * all the API functions to use the MPU wrappers. That should only be done when * task.h is included from an application file. */ + + /* FreeRTOS includes. */ +// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 1 /* * FreeRTOS Kernel V10.4.3 * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. @@ -4072,9 +5302,14 @@ int flsll(long long) __attribute__((availability(macosx,introduced=10.9))); * https://github.com/FreeRTOS * */ + + + + /* * Include the generic headers required for the FreeRTOS port being used. */ +// # 1 "/Library/Developer/CommandLineTools/usr/lib/clang/14.0.0/include/stddef.h" 1 3 /*===---- stddef.h - Basic type definitions --------------------------------=== * * Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. @@ -4083,13 +5318,26 @@ int flsll(long long) __attribute__((availability(macosx,introduced=10.9))); * *===-----------------------------------------------------------------------=== */ +// # 17 "/Library/Developer/CommandLineTools/usr/lib/clang/14.0.0/include/stddef.h" 3 /* Always define miscellaneous pieces when modules are available. */ +// # 26 "/Library/Developer/CommandLineTools/usr/lib/clang/14.0.0/include/stddef.h" 3 /* __need_wint_t is intentionally not defined here. */ + + + + /* Always define ptrdiff_t when modules are available. */ + + + typedef long int ptrdiff_t; +// # 52 "/Library/Developer/CommandLineTools/usr/lib/clang/14.0.0/include/stddef.h" 3 /* ISO9899:2011 7.20 (C11 Annex K): Define rsize_t if __STDC_WANT_LIB_EXT1__ is * enabled. */ +// # 66 "/Library/Developer/CommandLineTools/usr/lib/clang/14.0.0/include/stddef.h" 3 /* Always define wchar_t when modules are available. */ +// # 102 "/Library/Developer/CommandLineTools/usr/lib/clang/14.0.0/include/stddef.h" 3 +// # 1 "/Library/Developer/CommandLineTools/usr/lib/clang/14.0.0/include/__stddef_max_align_t.h" 1 3 /*===---- __stddef_max_align_t.h - Definition of max_align_t for modules ---=== * * Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. @@ -4098,9 +5346,23 @@ typedef long int ptrdiff_t; * *===-----------------------------------------------------------------------=== */ + + + + + + + typedef long double max_align_t; +// # 103 "/Library/Developer/CommandLineTools/usr/lib/clang/14.0.0/include/stddef.h" 2 3 + + + + + /* Some C libraries expect to see a wint_t here. Others (notably MinGW) will use __WINT_TYPE__ directly; accommodate both by requiring __need_wint_t */ +// # 34 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 2 /* * If stdint.h cannot be located then: @@ -4115,9 +5377,16 @@ __WINT_TYPE__ directly; accommodate both by requiring __need_wint_t */ * contains the typedefs required to build FreeRTOS. Read the instructions * in FreeRTOS/source/stdint.readme for more information. */ + + /* *INDENT-OFF* */ + + + /* *INDENT-ON* */ + /* Application specific configuration options. */ +// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore/FreeRTOSConfig.h" 1 /* * FreeRTOS V202107.00 * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. @@ -4144,6 +5413,10 @@ __WINT_TYPE__ directly; accommodate both by requiring __need_wint_t */ * * 1 tab == 4 spaces! */ + + + + /*----------------------------------------------------------- * Application specific definitions. * @@ -4155,22 +5428,58 @@ __WINT_TYPE__ directly; accommodate both by requiring __need_wint_t */ * * See http://www.freertos.org/a00110.html *----------------------------------------------------------*/ + /* Scheduler Related */ +// # 55 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore/FreeRTOSConfig.h" /* Synchronization Related */ +// # 67 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore/FreeRTOSConfig.h" /* System */ + + + /* Memory allocation related definitions. */ + + + + + /* Hook function related definitions. */ + + + + /* Run time and task stats gathering related definitions. */ + + + + /* Co-routine related definitions. */ + + + /* Software timer related definitions. */ -/* Interrupt nesting behaviour configuration. */ + + + + + +/* Interrupt nesting behaviour configuration. */ /* -#define configKERNEL_INTERRUPT_PRIORITY [dependent of processor] -#define configMAX_SYSCALL_INTERRUPT_PRIORITY [dependent on processor and application] -#define configMAX_API_CALL_INTERRUPT_PRIORITY [dependent on processor and application] +// #define configKERNEL_INTERRUPT_PRIORITY [dependent of processor] +// #define configMAX_SYSCALL_INTERRUPT_PRIORITY [dependent on processor and application] +// #define configMAX_API_CALL_INTERRUPT_PRIORITY [dependent on processor and application] */ + /* SMP port only */ + + + + /* RP2040 specific */ + + + +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/assert.h" 1 3 4 /*- * Copyright (c) 1992, 1993 * The Regents of the University of California. All rights reserved. @@ -4211,18 +5520,32 @@ __WINT_TYPE__ directly; accommodate both by requiring __need_wint_t */ * @(#)assert.h 8.2 (Berkeley) 1/21/94 * $FreeBSD: src/include/assert.h,v 1.4 2002/03/23 17:24:53 imp Exp $ */ + + + + + + /* * Unlike other ANSI header files, may usefully be included * multiple times, with and without NDEBUG defined. */ +// # 82 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/assert.h" 3 4 void __assert_rtn(const char *, const char *, int, const char *) __attribute__((__noreturn__)) __attribute__((__cold__)) __attribute__((__disable_tail_calls__)); +// # 92 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/assert.h" 3 4 /* 8462256: modified __assert_rtn() replaces deprecated __eprintf() */ +// # 114 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore/FreeRTOSConfig.h" 2 /* Define to trap errors during development. */ + + /* Set the following definitions to 1 to include the API function, or zero to exclude the API function. */ +// # 136 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore/FreeRTOSConfig.h" /* A header file that defines trace macro can be included here. */ +// # 58 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 2 /* Basic FreeRTOS definitions. */ +// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/projdefs.h" 1 /* * FreeRTOS Kernel V10.4.3 * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. @@ -4248,23 +5571,40 @@ to exclude the API function. */ * https://github.com/FreeRTOS * */ + + + + /* * Defines the prototype to which task functions must conform. Defined in this * file to ensure the type is known before portable.h is included. */ typedef void (* TaskFunction_t)( void * ); + /* Converts a time in milliseconds to a time in ticks. This macro can be * overridden by a macro of the same name defined in FreeRTOSConfig.h in case the * definition here is not suitable for your application. */ +// # 51 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/projdefs.h" /* FreeRTOS error definitions. */ + + + + /* Macros used for basic data corruption checks. */ +// # 67 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/projdefs.h" /* The following errno values are used by FreeRTOS+ components, not FreeRTOS * itself. */ +// # 110 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/projdefs.h" /* The following endian values are used by FreeRTOS+ components, not FreeRTOS * itself. */ + + + /* Re-defining endian values for generic naming. */ +// # 61 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 2 /* Definitions specific to the port being used. */ +// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h" 1 /* * FreeRTOS Kernel V10.4.3 * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. @@ -4290,9 +5630,14 @@ typedef void (* TaskFunction_t)( void * ); * https://github.com/FreeRTOS * */ + /*----------------------------------------------------------- * Portable layer API. Each function must be defined for each port. *----------------------------------------------------------*/ + + + + /* Each FreeRTOS port has a unique portmacro.h header file. Originally a * pre-processor definition was used to ensure the pre-processor found the correct * portmacro.h file for the port being used. That scheme was deprecated in favour @@ -4303,6 +5648,7 @@ typedef void (* TaskFunction_t)( void * ); * to make it clear that new projects should not use it, support for the port * specific constants has been moved into the deprecated_definitions.h header * file. */ +// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/deprecated_definitions.h" 1 /* * FreeRTOS Kernel V10.4.3 * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. @@ -4328,6 +5674,11 @@ typedef void (* TaskFunction_t)( void * ); * https://github.com/FreeRTOS * */ + + + + + /* Each FreeRTOS port has a unique portmacro.h header file. Originally a * pre-processor definition was used to ensure the pre-processor found the correct * portmacro.h file for the port being used. That scheme was deprecated in favour @@ -4336,11 +5687,14 @@ typedef void (* TaskFunction_t)( void * ); * portmacro.h file to be located anywhere in relation to the port being used. The * definitions below remain in the code for backward compatibility only. New * projects should not use them. */ +// # 45 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h" 2 /* If portENTER_CRITICAL is not defined then including deprecated_definitions.h * did not result in a portmacro.h header file being included - and it should be * included here. In this case the path to the correct portmacro.h header file * must be set in the compiler's include path. */ + +// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 1 /* * FreeRTOS Kernel V10.4.3 * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. @@ -4369,11 +5723,17 @@ typedef void (* TaskFunction_t)( void * ); * https://github.com/FreeRTOS * */ +// # 37 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h" +// # 1 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico.h" 1 /* * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. * * SPDX-License-Identifier: BSD-3-Clause */ + + + + /** \file pico.h * \defgroup pico_base pico_base * @@ -4382,16 +5742,33 @@ typedef void (* TaskFunction_t)( void * ); * * This header may be included by assembly code */ + + + + +// # 1 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico/types.h" 1 /* * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. * * SPDX-License-Identifier: BSD-3-Clause */ + + + + + + +// # 1 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico/assert.h" 1 /* * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. * * SPDX-License-Identifier: BSD-3-Clause */ + + + + +// # 1 "/Library/Developer/CommandLineTools/usr/lib/clang/14.0.0/include/stdbool.h" 1 3 /*===---- stdbool.h - Standard header for booleans -------------------------=== * * Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. @@ -4400,7 +5777,20 @@ typedef void (* TaskFunction_t)( void * ); * *===-----------------------------------------------------------------------=== */ + + + + /* Don't define bool, true, and false in C++, except as a GNU extension. */ +// # 11 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico/assert.h" 2 + + + + + + + +// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/assert.h" 1 3 4 /*- * Copyright (c) 1992, 1993 * The Regents of the University of California. All rights reserved. @@ -4441,14 +5831,30 @@ typedef void (* TaskFunction_t)( void * ); * @(#)assert.h 8.2 (Berkeley) 1/21/94 * $FreeBSD: src/include/assert.h,v 1.4 2002/03/23 17:24:53 imp Exp $ */ + + + + + + /* * Unlike other ANSI header files, may usefully be included * multiple times, with and without NDEBUG defined. */ +// # 82 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/assert.h" 3 4 void __assert_rtn(const char *, const char *, int, const char *) __attribute__((__noreturn__)) __attribute__((__cold__)) __attribute__((__disable_tail_calls__)); +// # 92 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/assert.h" 3 4 /* 8462256: modified __assert_rtn() replaces deprecated __eprintf() */ +// # 19 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico/assert.h" 2 + + // PICO_CONFIG: PARAM_ASSERTIONS_ENABLE_ALL, Global assert enable, type=bool, default=0, group=pico_base // PICO_CONFIG: PARAM_ASSERTIONS_DISABLE_ALL, Global assert disable, type=bool, default=0, group=pico_base +// # 13 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico/types.h" 2 + + + +// # 1 "/Library/Developer/CommandLineTools/usr/lib/clang/14.0.0/include/stddef.h" 1 3 /*===---- stddef.h - Basic type definitions --------------------------------=== * * Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. @@ -4457,8 +5863,10 @@ void __assert_rtn(const char *, const char *, int, const char *) __attribute__(( * *===-----------------------------------------------------------------------=== */ +// # 17 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico/types.h" 2 typedef unsigned int uint; + /*! \typedef absolute_time_t \brief An opaque 64 bit timestamp in microseconds @@ -4469,9 +5877,14 @@ typedef unsigned int uint; \see update_us_since_boot() \ingroup timestamp */ + + + typedef struct { uint64_t _private_us_since_boot; } absolute_time_t; + + /*! fn to_us_since_boot * \brief convert an absolute_time_t into a number of microseconds since boot. * \param t the absolute time to convert @@ -4479,8 +5892,13 @@ typedef struct { * \ingroup timestamp */ static inline uint64_t to_us_since_boot(absolute_time_t t) { + + + return t._private_us_since_boot; + } + /*! fn update_us_since_boot * \brief update an absolute_time_t value to represent a given number of microseconds since boot * \param t the absolute time value to update @@ -4489,9 +5907,20 @@ static inline uint64_t to_us_since_boot(absolute_time_t t) { * \ingroup timestamp */ static inline void update_us_since_boot(absolute_time_t *t, uint64_t us_since_boot) { + + + (__builtin_expect(!(us_since_boot <= 9223372036854775807LL), 0) ? __assert_rtn(__func__, "types.h", 63, "us_since_boot <= INT64_MAX") : (void)0); t->_private_us_since_boot = us_since_boot; + } + + + + + + + /** \struct datetime_t * \ingroup util_datetime * \brief Structure containing date and time information @@ -4508,31 +5937,50 @@ typedef struct { int8_t min; ///< 0..59 int8_t sec; ///< 0..59 } datetime_t; +// # 23 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico.h" 2 +// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base/pico/version.h" 1 /* * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. * * SPDX-License-Identifier: BSD-3-Clause */ + // --------------------------------------- // THIS FILE IS AUTOGENERATED; DO NOT EDIT // --------------------------------------- +// # 24 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico.h" 2 // PICO_CONFIG: PICO_CONFIG_HEADER, unquoted path to header include in place of the default pico/config.h which may be desirable for build systems which can't easily generate the config_autogen header, group=pico_base + + + +// # 1 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico/config.h" 1 /* * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. * * SPDX-License-Identifier: BSD-3-Clause */ + + + + // ----------------------------------------------------- // NOTE: THIS HEADER IS ALSO INCLUDED BY ASSEMBLY CODE SO // SHOULD ONLY CONSIST OF PREPROCESSOR DIRECTIVES // OR USE #ifndef __ASSEMBLER__ guards // ------------- + // PICO_CONFIG_HEADER_FILES and then PICO_SDK__CONFIG_INCLUDE_FILES // entries are dumped in order at build time into this generated header + +// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base/pico/config_autogen.h" 1 // AUTOGENERATED FROM PICO_CONFIG_HEADER_FILES and then PICO__CONFIG_HEADER_FILES // DO NOT EDIT! + + // based on PICO_CONFIG_HEADER_FILES: + +// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/freertos_sdk_config.h" 1 /* * FreeRTOS Kernel V10.4.3 * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. @@ -4560,6 +6008,13 @@ typedef struct { * https://www.FreeRTOS.org * https://github.com/FreeRTOS */ + + + + + + +// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/rp2040_config.h" 1 /* * FreeRTOS Kernel V10.4.3 * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. @@ -4587,59 +6042,123 @@ typedef struct { * https://www.FreeRTOS.org * https://github.com/FreeRTOS */ +// # 36 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/rp2040_config.h" /* configUSE_DYNAMIC_EXCEPTION_HANDLERS == 1 means set the exception handlers dynamically on cores * that need them in case the user has set up distinct vector table offsets per core */ +// # 47 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/rp2040_config.h" /* configSUPPORT_PICO_SYNC_INTEROP == 1 means that SDK pico_sync * sem/mutex/queue etc. will work correctly when called from FreeRTOS tasks */ + + + + + + /* configSUPPORT_PICO_SYNC_INTEROP == 1 means that SDK pico_time * sleep_ms/sleep_us/sleep_until will work correctly when called from FreeRTOS * tasks, and will actually block at the FreeRTOS level */ +// # 74 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/rp2040_config.h" /* This SMP port requires two spin locks, which are claimed from the SDK. * the spin lock numbers to be used are defined statically and defaulted here * to the values nominally set aside for RTOS by the SDK */ - // increase the amount of time it may reasonably take to wake us up +// # 35 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/freertos_sdk_config.h" 2 + + + // increase the amount of time it may reasonably take to wake us up + + + + + extern uint32_t ulPortLockGetCurrentOwnerId(void); + + + struct lock_core; + extern void vPortLockInternalSpinUnlockWithWait( struct lock_core *pxLock, uint32_t ulSave); + + + + extern void vPortLockInternalSpinUnlockWithNotify( struct lock_core *pxLock, uint32_t save); + + + + extern _Bool xPortLockInternalSpinUnlockWithBestEffortWaitOrTimeout( struct lock_core *pxLock, uint32_t ulSave, absolute_time_t uxUntil); + + + + + + extern void xPortSyncInternalYieldUntilBefore(absolute_time_t t); +// # 8 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base/pico/config_autogen.h" 2 +// # 1 "/Users/reitobia/programs/pico-sdk/src/boards/include/boards/pico.h" 1 /* * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. * * SPDX-License-Identifier: BSD-3-Clause */ + // ----------------------------------------------------- // NOTE: THIS HEADER IS ALSO INCLUDED BY ASSEMBLER SO // SHOULD ONLY CONSIST OF PREPROCESSOR DIRECTIVES // ----------------------------------------------------- + // This header may be included by other board headers as "boards/pico.h" + + + + // For board detection + + // --- UART --- +// # 31 "/Users/reitobia/programs/pico-sdk/src/boards/include/boards/pico.h" // --- LED --- + + + // no PICO_DEFAULT_WS2812_PIN + // --- I2C --- +// # 48 "/Users/reitobia/programs/pico-sdk/src/boards/include/boards/pico.h" // --- SPI --- +// # 65 "/Users/reitobia/programs/pico-sdk/src/boards/include/boards/pico.h" // --- FLASH --- +// # 77 "/Users/reitobia/programs/pico-sdk/src/boards/include/boards/pico.h" // Drive high to force power supply into PWM mode (lower ripple on 3V3 at light loads) +// # 9 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base/pico/config_autogen.h" 2 // based on PICO_RP2040_CONFIG_HEADER_FILES: + +// # 1 "/Users/reitobia/programs/pico-sdk/src/rp2_common/cmsis/include/cmsis/rename_exceptions.h" 1 /* * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. * * SPDX-License-Identifier: BSD-3-Clause */ +// # 12 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base/pico/config_autogen.h" 2 +// # 20 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico/config.h" 2 // PICO_CONFIG: PICO_CONFIG_RTOS_ADAPTER_HEADER, unquoted path to header include in the default pico/config.h for RTOS integration defines that must be included in all sources, group=pico_base +// # 30 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico.h" 2 +// # 1 "/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h" 1 /* * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. * * SPDX-License-Identifier: BSD-3-Clause */ + + + + /** \file platform.h * \defgroup pico_platform pico_platform * @@ -4648,19 +6167,35 @@ typedef struct { * * This header may be included by assembly code */ + +// # 1 "/Users/reitobia/programs/pico-sdk/src/rp2040/hardware_regs/include/hardware/platform_defs.h" 1 /* * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. * * SPDX-License-Identifier: BSD-3-Clause */ + + + + // This header is included from C and assembler - intended mostly for #defines; guard other stuff with #ifdef __ASSEMBLER__ +// # 40 "/Users/reitobia/programs/pico-sdk/src/rp2040/hardware_regs/include/hardware/platform_defs.h" // PICO_CONFIG: XOSC_MHZ, The crystal oscillator frequency in Mhz, type=int, default=12, advanced=true, group=hardware_base +// # 20 "/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h" 2 +// # 1 "/Users/reitobia/programs/pico-sdk/src/rp2040/hardware_regs/include/hardware/regs/addressmap.h" 1 /** * Copyright (c) 2021 Raspberry Pi (Trading) Ltd. * * SPDX-License-Identifier: BSD-3-Clause */ + + + + + // Register address offsets for atomic RMW aliases +// # 21 "/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h" 2 +// # 1 "/Users/reitobia/programs/pico-sdk/src/rp2040/hardware_regs/include/hardware/regs/sio.h" 1 /** * Copyright (c) 2022 Raspberry Pi (Trading) Ltd. * @@ -4674,20 +6209,40 @@ typedef struct { // Provides core-local and inter-core hardware for the two // processors, with single-cycle access. // ============================================================================= + + // ============================================================================= // Register : SIO_CPUID // Description : Processor core identifier // Value is 0 when read from processor core 0, and 1 when read // from processor core 1. + + + + + + // ============================================================================= // Register : SIO_GPIO_IN // Description : Input value for GPIO pins // Input value for GPIO0...29 + + + + + + // ============================================================================= // Register : SIO_GPIO_HI_IN // Description : Input value for QSPI pins // Input value on QSPI IO in order 0..5: SCLK, SSn, SD0, SD1, SD2, // SD3 + + + + + + // ============================================================================= // Register : SIO_GPIO_OUT // Description : GPIO output value @@ -4699,20 +6254,44 @@ typedef struct { // the result is as though the write from core 0 took place first, // and the write from core 1 was then applied to that intermediate // result. + + + + + + // ============================================================================= // Register : SIO_GPIO_OUT_SET // Description : GPIO output value set // Perform an atomic bit-set on GPIO_OUT, i.e. `GPIO_OUT |= wdata` + + + + + + // ============================================================================= // Register : SIO_GPIO_OUT_CLR // Description : GPIO output value clear // Perform an atomic bit-clear on GPIO_OUT, i.e. `GPIO_OUT &= // ~wdata` + + + + + + // ============================================================================= // Register : SIO_GPIO_OUT_XOR // Description : GPIO output value XOR // Perform an atomic bitwise XOR on GPIO_OUT, i.e. `GPIO_OUT ^= // wdata` + + + + + + // ============================================================================= // Register : SIO_GPIO_OE // Description : GPIO output enable @@ -4723,20 +6302,44 @@ typedef struct { // the result is as though the write from core 0 took place first, // and the write from core 1 was then applied to that intermediate // result. + + + + + + // ============================================================================= // Register : SIO_GPIO_OE_SET // Description : GPIO output enable set // Perform an atomic bit-set on GPIO_OE, i.e. `GPIO_OE |= wdata` + + + + + + // ============================================================================= // Register : SIO_GPIO_OE_CLR // Description : GPIO output enable clear // Perform an atomic bit-clear on GPIO_OE, i.e. `GPIO_OE &= // ~wdata` + + + + + + // ============================================================================= // Register : SIO_GPIO_OE_XOR // Description : GPIO output enable XOR // Perform an atomic bitwise XOR on GPIO_OE, i.e. `GPIO_OE ^= // wdata` + + + + + + // ============================================================================= // Register : SIO_GPIO_HI_OUT // Description : QSPI output value @@ -4748,21 +6351,45 @@ typedef struct { // the result is as though the write from core 0 took place first, // and the write from core 1 was then applied to that intermediate // result. -// ============================================================================= -// Register : SIO_GPIO_HI_OUT_SET -// Description : QSPI output value set -// Perform an atomic bit-set on GPIO_HI_OUT, i.e. `GPIO_HI_OUT |= + + + + + + +// ============================================================================= +// Register : SIO_GPIO_HI_OUT_SET +// Description : QSPI output value set +// Perform an atomic bit-set on GPIO_HI_OUT, i.e. `GPIO_HI_OUT |= // wdata` + + + + + + // ============================================================================= // Register : SIO_GPIO_HI_OUT_CLR // Description : QSPI output value clear // Perform an atomic bit-clear on GPIO_HI_OUT, i.e. `GPIO_HI_OUT // &= ~wdata` + + + + + + // ============================================================================= // Register : SIO_GPIO_HI_OUT_XOR // Description : QSPI output value XOR // Perform an atomic bitwise XOR on GPIO_HI_OUT, i.e. `GPIO_HI_OUT // ^= wdata` + + + + + + // ============================================================================= // Register : SIO_GPIO_HI_OE // Description : QSPI output enable @@ -4773,21 +6400,45 @@ typedef struct { // the result is as though the write from core 0 took place first, // and the write from core 1 was then applied to that intermediate // result. + + + + + + // ============================================================================= // Register : SIO_GPIO_HI_OE_SET // Description : QSPI output enable set // Perform an atomic bit-set on GPIO_HI_OE, i.e. `GPIO_HI_OE |= // wdata` + + + + + + // ============================================================================= // Register : SIO_GPIO_HI_OE_CLR // Description : QSPI output enable clear // Perform an atomic bit-clear on GPIO_HI_OE, i.e. `GPIO_HI_OE &= // ~wdata` + + + + + + // ============================================================================= // Register : SIO_GPIO_HI_OE_XOR // Description : QSPI output enable XOR // Perform an atomic bitwise XOR on GPIO_HI_OE, i.e. `GPIO_HI_OE // ^= wdata` + + + + + + // ============================================================================= // Register : SIO_FIFO_ST // Description : Status register for inter-core FIFOs (mailboxes). @@ -4799,33 +6450,74 @@ typedef struct { // write side of 1->0 FIFO (TX). // The SIO IRQ for each core is the logical OR of the VLD, WOF and // ROE fields of its FIFO_ST register. + + + // ----------------------------------------------------------------------------- // Field : SIO_FIFO_ST_ROE // Description : Sticky flag indicating the RX FIFO was read when empty. This // read was ignored by the FIFO. + + + + + // ----------------------------------------------------------------------------- // Field : SIO_FIFO_ST_WOF // Description : Sticky flag indicating the TX FIFO was written when full. This // write was ignored by the FIFO. + + + + + // ----------------------------------------------------------------------------- // Field : SIO_FIFO_ST_RDY // Description : Value is 1 if this core's TX FIFO is not full (i.e. if FIFO_WR // is ready for more data) + + + + + // ----------------------------------------------------------------------------- // Field : SIO_FIFO_ST_VLD // Description : Value is 1 if this core's RX FIFO is not empty (i.e. if FIFO_RD // is valid) + + + + + // ============================================================================= // Register : SIO_FIFO_WR // Description : Write access to this core's TX FIFO + + + + + + // ============================================================================= // Register : SIO_FIFO_RD // Description : Read access to this core's RX FIFO + + + + + + // ============================================================================= // Register : SIO_SPINLOCK_ST // Description : Spinlock state // A bitmap containing the state of all 32 spinlocks (1=locked). // Mainly intended for debugging. + + + + + + // ============================================================================= // Register : SIO_DIV_UDIVIDEND // Description : Divider unsigned dividend @@ -4837,6 +6529,12 @@ typedef struct { // The U alias starts an // unsigned calculation, and the S alias starts a signed // calculation. + + + + + + // ============================================================================= // Register : SIO_DIV_UDIVISOR // Description : Divider unsigned divisor @@ -4848,16 +6546,34 @@ typedef struct { // The U alias starts an // unsigned calculation, and the S alias starts a signed // calculation. + + + + + + // ============================================================================= // Register : SIO_DIV_SDIVIDEND // Description : Divider signed dividend // The same as UDIVIDEND, but starts a signed calculation, rather // than unsigned. + + + + + + // ============================================================================= // Register : SIO_DIV_SDIVISOR // Description : Divider signed divisor // The same as UDIVISOR, but starts a signed calculation, rather // than unsigned. + + + + + + // ============================================================================= // Register : SIO_DIV_QUOTIENT // Description : Divider result quotient @@ -4872,6 +6588,12 @@ typedef struct { // Reading from QUOTIENT clears the CSR_DIRTY flag, so should read // results in the order // REMAINDER, QUOTIENT if CSR_DIRTY is used. + + + + + + // ============================================================================= // Register : SIO_DIV_REMAINDER // Description : Divider result remainder @@ -4883,9 +6605,18 @@ typedef struct { // save/restore purposes. This halts any // in-progress calculation and sets the CSR_READY and CSR_DIRTY // flags. + + + + + + // ============================================================================= // Register : SIO_DIV_CSR // Description : Control and status register for divider. + + + // ----------------------------------------------------------------------------- // Field : SIO_DIV_CSR_DIRTY // Description : Changes to 1 when any register is written, and back to 0 when @@ -4896,6 +6627,11 @@ typedef struct { // read QUOTIENT only, // or REMAINDER and then QUOTIENT, to prevent data loss on context // switch. + + + + + // ----------------------------------------------------------------------------- // Field : SIO_DIV_CSR_READY // Description : Reads as 0 when a calculation is in progress, 1 otherwise. @@ -4905,54 +6641,143 @@ typedef struct { // Writing to a result register will immediately terminate any // in-progress calculation // and set the READY and DIRTY flags. + + + + + // ============================================================================= // Register : SIO_INTERP0_ACCUM0 // Description : Read/write access to accumulator 0 + + + + + + // ============================================================================= // Register : SIO_INTERP0_ACCUM1 // Description : Read/write access to accumulator 1 + + + + + + // ============================================================================= // Register : SIO_INTERP0_BASE0 // Description : Read/write access to BASE0 register. + + + + + + // ============================================================================= // Register : SIO_INTERP0_BASE1 // Description : Read/write access to BASE1 register. + + + + + + // ============================================================================= // Register : SIO_INTERP0_BASE2 // Description : Read/write access to BASE2 register. + + + + + + // ============================================================================= // Register : SIO_INTERP0_POP_LANE0 // Description : Read LANE0 result, and simultaneously write lane results to // both accumulators (POP). + + + + + + // ============================================================================= // Register : SIO_INTERP0_POP_LANE1 // Description : Read LANE1 result, and simultaneously write lane results to // both accumulators (POP). + + + + + + // ============================================================================= // Register : SIO_INTERP0_POP_FULL // Description : Read FULL result, and simultaneously write lane results to both // accumulators (POP). + + + + + + // ============================================================================= // Register : SIO_INTERP0_PEEK_LANE0 // Description : Read LANE0 result, without altering any internal state (PEEK). + + + + + + // ============================================================================= // Register : SIO_INTERP0_PEEK_LANE1 // Description : Read LANE1 result, without altering any internal state (PEEK). + + + + + + // ============================================================================= // Register : SIO_INTERP0_PEEK_FULL // Description : Read FULL result, without altering any internal state (PEEK). + + + + + + // ============================================================================= // Register : SIO_INTERP0_CTRL_LANE0 // Description : Control register for lane 0 + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP0_CTRL_LANE0_OVERF // Description : Set if either OVERF0 or OVERF1 is set. + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP0_CTRL_LANE0_OVERF1 // Description : Indicates if any masked-off MSBs in ACCUM1 are set. + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP0_CTRL_LANE0_OVERF0 // Description : Indicates if any masked-off MSBs in ACCUM0 are set. + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP0_CTRL_LANE0_BLEND // Description : Only present on INTERP0 on each core. If BLEND mode is enabled: @@ -4967,6 +6792,11 @@ typedef struct { // (BASE2 + lane 0 shift+mask) // LANE1 SIGNED flag controls whether the interpolation is signed // or unsigned. + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP0_CTRL_LANE0_FORCE_MSB // Description : ORed into bits 29:28 of the lane result presented to the @@ -4974,41 +6804,84 @@ typedef struct { // No effect on the internal 32-bit datapath. Handy for using a // lane to generate sequence // of pointers into flash or SRAM. + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP0_CTRL_LANE0_ADD_RAW // Description : If 1, mask + shift is bypassed for LANE0 result. This does not // affect FULL result. + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP0_CTRL_LANE0_CROSS_RESULT // Description : If 1, feed the opposite lane's result into this lane's // accumulator on POP. + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP0_CTRL_LANE0_CROSS_INPUT // Description : If 1, feed the opposite lane's accumulator into this lane's // shift + mask hardware. // Takes effect even if ADD_RAW is set (the CROSS_INPUT mux is // before the shift+mask bypass) + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP0_CTRL_LANE0_SIGNED // Description : If SIGNED is set, the shifted and masked accumulator value is // sign-extended to 32 bits // before adding to BASE0, and LANE0 PEEK/POP appear extended to // 32 bits when read by processor. + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP0_CTRL_LANE0_MASK_MSB // Description : The most-significant bit allowed to pass by the mask // (inclusive) // Setting MSB < LSB may cause chip to turn inside-out + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP0_CTRL_LANE0_MASK_LSB // Description : The least-significant bit allowed to pass by the mask // (inclusive) + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP0_CTRL_LANE0_SHIFT // Description : Logical right-shift applied to accumulator before masking + + + + + // ============================================================================= // Register : SIO_INTERP0_CTRL_LANE1 // Description : Control register for lane 1 + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP0_CTRL_LANE1_FORCE_MSB // Description : ORed into bits 29:28 of the lane result presented to the @@ -5016,102 +6889,244 @@ typedef struct { // No effect on the internal 32-bit datapath. Handy for using a // lane to generate sequence // of pointers into flash or SRAM. + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP0_CTRL_LANE1_ADD_RAW // Description : If 1, mask + shift is bypassed for LANE1 result. This does not // affect FULL result. + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP0_CTRL_LANE1_CROSS_RESULT // Description : If 1, feed the opposite lane's result into this lane's // accumulator on POP. + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP0_CTRL_LANE1_CROSS_INPUT // Description : If 1, feed the opposite lane's accumulator into this lane's // shift + mask hardware. // Takes effect even if ADD_RAW is set (the CROSS_INPUT mux is // before the shift+mask bypass) + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP0_CTRL_LANE1_SIGNED // Description : If SIGNED is set, the shifted and masked accumulator value is // sign-extended to 32 bits // before adding to BASE1, and LANE1 PEEK/POP appear extended to // 32 bits when read by processor. + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP0_CTRL_LANE1_MASK_MSB // Description : The most-significant bit allowed to pass by the mask // (inclusive) // Setting MSB < LSB may cause chip to turn inside-out + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP0_CTRL_LANE1_MASK_LSB // Description : The least-significant bit allowed to pass by the mask // (inclusive) + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP0_CTRL_LANE1_SHIFT // Description : Logical right-shift applied to accumulator before masking + + + + + // ============================================================================= // Register : SIO_INTERP0_ACCUM0_ADD // Description : Values written here are atomically added to ACCUM0 // Reading yields lane 0's raw shift and mask value (BASE0 not // added). + + + + + + // ============================================================================= // Register : SIO_INTERP0_ACCUM1_ADD // Description : Values written here are atomically added to ACCUM1 // Reading yields lane 1's raw shift and mask value (BASE1 not // added). + + + + + + // ============================================================================= // Register : SIO_INTERP0_BASE_1AND0 // Description : On write, the lower 16 bits go to BASE0, upper bits to BASE1 // simultaneously. // Each half is sign-extended to 32 bits if that lane's SIGNED // flag is set. + + + + + + // ============================================================================= // Register : SIO_INTERP1_ACCUM0 // Description : Read/write access to accumulator 0 + + + + + + // ============================================================================= // Register : SIO_INTERP1_ACCUM1 // Description : Read/write access to accumulator 1 + + + + + + // ============================================================================= // Register : SIO_INTERP1_BASE0 // Description : Read/write access to BASE0 register. + + + + + + // ============================================================================= // Register : SIO_INTERP1_BASE1 // Description : Read/write access to BASE1 register. + + + + + + // ============================================================================= // Register : SIO_INTERP1_BASE2 // Description : Read/write access to BASE2 register. + + + + + + // ============================================================================= // Register : SIO_INTERP1_POP_LANE0 // Description : Read LANE0 result, and simultaneously write lane results to // both accumulators (POP). + + + + + + // ============================================================================= // Register : SIO_INTERP1_POP_LANE1 // Description : Read LANE1 result, and simultaneously write lane results to // both accumulators (POP). + + + + + + // ============================================================================= // Register : SIO_INTERP1_POP_FULL // Description : Read FULL result, and simultaneously write lane results to both // accumulators (POP). + + + + + + // ============================================================================= // Register : SIO_INTERP1_PEEK_LANE0 // Description : Read LANE0 result, without altering any internal state (PEEK). + + + + + + // ============================================================================= // Register : SIO_INTERP1_PEEK_LANE1 // Description : Read LANE1 result, without altering any internal state (PEEK). + + + + + + // ============================================================================= // Register : SIO_INTERP1_PEEK_FULL // Description : Read FULL result, without altering any internal state (PEEK). + + + + + + // ============================================================================= // Register : SIO_INTERP1_CTRL_LANE0 // Description : Control register for lane 0 + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP1_CTRL_LANE0_OVERF // Description : Set if either OVERF0 or OVERF1 is set. + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP1_CTRL_LANE0_OVERF1 // Description : Indicates if any masked-off MSBs in ACCUM1 are set. + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP1_CTRL_LANE0_OVERF0 // Description : Indicates if any masked-off MSBs in ACCUM0 are set. + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP1_CTRL_LANE0_CLAMP // Description : Only present on INTERP1 on each core. If CLAMP mode is enabled: @@ -5120,6 +7135,11 @@ typedef struct { // BASE0 and an upper bound of BASE1. // - Signedness of these comparisons is determined by // LANE0_CTRL_SIGNED + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP1_CTRL_LANE0_FORCE_MSB // Description : ORed into bits 29:28 of the lane result presented to the @@ -5127,41 +7147,84 @@ typedef struct { // No effect on the internal 32-bit datapath. Handy for using a // lane to generate sequence // of pointers into flash or SRAM. + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP1_CTRL_LANE0_ADD_RAW // Description : If 1, mask + shift is bypassed for LANE0 result. This does not // affect FULL result. + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP1_CTRL_LANE0_CROSS_RESULT // Description : If 1, feed the opposite lane's result into this lane's // accumulator on POP. + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP1_CTRL_LANE0_CROSS_INPUT // Description : If 1, feed the opposite lane's accumulator into this lane's // shift + mask hardware. // Takes effect even if ADD_RAW is set (the CROSS_INPUT mux is // before the shift+mask bypass) + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP1_CTRL_LANE0_SIGNED // Description : If SIGNED is set, the shifted and masked accumulator value is // sign-extended to 32 bits // before adding to BASE0, and LANE0 PEEK/POP appear extended to // 32 bits when read by processor. + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP1_CTRL_LANE0_MASK_MSB // Description : The most-significant bit allowed to pass by the mask // (inclusive) // Setting MSB < LSB may cause chip to turn inside-out + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP1_CTRL_LANE0_MASK_LSB // Description : The least-significant bit allowed to pass by the mask // (inclusive) + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP1_CTRL_LANE0_SHIFT // Description : Logical right-shift applied to accumulator before masking + + + + + // ============================================================================= // Register : SIO_INTERP1_CTRL_LANE1 // Description : Control register for lane 1 + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP1_CTRL_LANE1_FORCE_MSB // Description : ORed into bits 29:28 of the lane result presented to the @@ -5169,54 +7232,112 @@ typedef struct { // No effect on the internal 32-bit datapath. Handy for using a // lane to generate sequence // of pointers into flash or SRAM. + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP1_CTRL_LANE1_ADD_RAW // Description : If 1, mask + shift is bypassed for LANE1 result. This does not // affect FULL result. + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP1_CTRL_LANE1_CROSS_RESULT // Description : If 1, feed the opposite lane's result into this lane's // accumulator on POP. + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP1_CTRL_LANE1_CROSS_INPUT // Description : If 1, feed the opposite lane's accumulator into this lane's // shift + mask hardware. // Takes effect even if ADD_RAW is set (the CROSS_INPUT mux is // before the shift+mask bypass) + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP1_CTRL_LANE1_SIGNED // Description : If SIGNED is set, the shifted and masked accumulator value is // sign-extended to 32 bits // before adding to BASE1, and LANE1 PEEK/POP appear extended to // 32 bits when read by processor. + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP1_CTRL_LANE1_MASK_MSB // Description : The most-significant bit allowed to pass by the mask // (inclusive) // Setting MSB < LSB may cause chip to turn inside-out + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP1_CTRL_LANE1_MASK_LSB // Description : The least-significant bit allowed to pass by the mask // (inclusive) + + + + + // ----------------------------------------------------------------------------- // Field : SIO_INTERP1_CTRL_LANE1_SHIFT // Description : Logical right-shift applied to accumulator before masking + + + + + // ============================================================================= // Register : SIO_INTERP1_ACCUM0_ADD // Description : Values written here are atomically added to ACCUM0 // Reading yields lane 0's raw shift and mask value (BASE0 not // added). + + + + + + // ============================================================================= // Register : SIO_INTERP1_ACCUM1_ADD // Description : Values written here are atomically added to ACCUM1 // Reading yields lane 1's raw shift and mask value (BASE1 not // added). + + + + + + // ============================================================================= // Register : SIO_INTERP1_BASE_1AND0 // Description : On write, the lower 16 bits go to BASE0, upper bits to BASE1 // simultaneously. // Each half is sign-extended to 32 bits if that lane's SIGNED // flag is set. + + + + + + // ============================================================================= // Register : SIO_SPINLOCK0 // Description : Reading from a spinlock address will: @@ -5227,6 +7348,12 @@ typedef struct { // If core 0 and core 1 attempt to claim the same lock // simultaneously, core 0 wins. // The value returned on success is 0x1 << lock number. + + + + + + // ============================================================================= // Register : SIO_SPINLOCK1 // Description : Reading from a spinlock address will: @@ -5237,6 +7364,12 @@ typedef struct { // If core 0 and core 1 attempt to claim the same lock // simultaneously, core 0 wins. // The value returned on success is 0x1 << lock number. + + + + + + // ============================================================================= // Register : SIO_SPINLOCK2 // Description : Reading from a spinlock address will: @@ -5247,6 +7380,12 @@ typedef struct { // If core 0 and core 1 attempt to claim the same lock // simultaneously, core 0 wins. // The value returned on success is 0x1 << lock number. + + + + + + // ============================================================================= // Register : SIO_SPINLOCK3 // Description : Reading from a spinlock address will: @@ -5257,6 +7396,12 @@ typedef struct { // If core 0 and core 1 attempt to claim the same lock // simultaneously, core 0 wins. // The value returned on success is 0x1 << lock number. + + + + + + // ============================================================================= // Register : SIO_SPINLOCK4 // Description : Reading from a spinlock address will: @@ -5267,6 +7412,12 @@ typedef struct { // If core 0 and core 1 attempt to claim the same lock // simultaneously, core 0 wins. // The value returned on success is 0x1 << lock number. + + + + + + // ============================================================================= // Register : SIO_SPINLOCK5 // Description : Reading from a spinlock address will: @@ -5277,6 +7428,12 @@ typedef struct { // If core 0 and core 1 attempt to claim the same lock // simultaneously, core 0 wins. // The value returned on success is 0x1 << lock number. + + + + + + // ============================================================================= // Register : SIO_SPINLOCK6 // Description : Reading from a spinlock address will: @@ -5287,6 +7444,12 @@ typedef struct { // If core 0 and core 1 attempt to claim the same lock // simultaneously, core 0 wins. // The value returned on success is 0x1 << lock number. + + + + + + // ============================================================================= // Register : SIO_SPINLOCK7 // Description : Reading from a spinlock address will: @@ -5297,6 +7460,12 @@ typedef struct { // If core 0 and core 1 attempt to claim the same lock // simultaneously, core 0 wins. // The value returned on success is 0x1 << lock number. + + + + + + // ============================================================================= // Register : SIO_SPINLOCK8 // Description : Reading from a spinlock address will: @@ -5307,6 +7476,12 @@ typedef struct { // If core 0 and core 1 attempt to claim the same lock // simultaneously, core 0 wins. // The value returned on success is 0x1 << lock number. + + + + + + // ============================================================================= // Register : SIO_SPINLOCK9 // Description : Reading from a spinlock address will: @@ -5317,6 +7492,12 @@ typedef struct { // If core 0 and core 1 attempt to claim the same lock // simultaneously, core 0 wins. // The value returned on success is 0x1 << lock number. + + + + + + // ============================================================================= // Register : SIO_SPINLOCK10 // Description : Reading from a spinlock address will: @@ -5327,6 +7508,12 @@ typedef struct { // If core 0 and core 1 attempt to claim the same lock // simultaneously, core 0 wins. // The value returned on success is 0x1 << lock number. + + + + + + // ============================================================================= // Register : SIO_SPINLOCK11 // Description : Reading from a spinlock address will: @@ -5337,6 +7524,12 @@ typedef struct { // If core 0 and core 1 attempt to claim the same lock // simultaneously, core 0 wins. // The value returned on success is 0x1 << lock number. + + + + + + // ============================================================================= // Register : SIO_SPINLOCK12 // Description : Reading from a spinlock address will: @@ -5347,6 +7540,12 @@ typedef struct { // If core 0 and core 1 attempt to claim the same lock // simultaneously, core 0 wins. // The value returned on success is 0x1 << lock number. + + + + + + // ============================================================================= // Register : SIO_SPINLOCK13 // Description : Reading from a spinlock address will: @@ -5357,6 +7556,12 @@ typedef struct { // If core 0 and core 1 attempt to claim the same lock // simultaneously, core 0 wins. // The value returned on success is 0x1 << lock number. + + + + + + // ============================================================================= // Register : SIO_SPINLOCK14 // Description : Reading from a spinlock address will: @@ -5367,6 +7572,12 @@ typedef struct { // If core 0 and core 1 attempt to claim the same lock // simultaneously, core 0 wins. // The value returned on success is 0x1 << lock number. + + + + + + // ============================================================================= // Register : SIO_SPINLOCK15 // Description : Reading from a spinlock address will: @@ -5377,6 +7588,12 @@ typedef struct { // If core 0 and core 1 attempt to claim the same lock // simultaneously, core 0 wins. // The value returned on success is 0x1 << lock number. + + + + + + // ============================================================================= // Register : SIO_SPINLOCK16 // Description : Reading from a spinlock address will: @@ -5387,6 +7604,12 @@ typedef struct { // If core 0 and core 1 attempt to claim the same lock // simultaneously, core 0 wins. // The value returned on success is 0x1 << lock number. + + + + + + // ============================================================================= // Register : SIO_SPINLOCK17 // Description : Reading from a spinlock address will: @@ -5397,6 +7620,12 @@ typedef struct { // If core 0 and core 1 attempt to claim the same lock // simultaneously, core 0 wins. // The value returned on success is 0x1 << lock number. + + + + + + // ============================================================================= // Register : SIO_SPINLOCK18 // Description : Reading from a spinlock address will: @@ -5407,6 +7636,12 @@ typedef struct { // If core 0 and core 1 attempt to claim the same lock // simultaneously, core 0 wins. // The value returned on success is 0x1 << lock number. + + + + + + // ============================================================================= // Register : SIO_SPINLOCK19 // Description : Reading from a spinlock address will: @@ -5417,6 +7652,12 @@ typedef struct { // If core 0 and core 1 attempt to claim the same lock // simultaneously, core 0 wins. // The value returned on success is 0x1 << lock number. + + + + + + // ============================================================================= // Register : SIO_SPINLOCK20 // Description : Reading from a spinlock address will: @@ -5427,6 +7668,12 @@ typedef struct { // If core 0 and core 1 attempt to claim the same lock // simultaneously, core 0 wins. // The value returned on success is 0x1 << lock number. + + + + + + // ============================================================================= // Register : SIO_SPINLOCK21 // Description : Reading from a spinlock address will: @@ -5437,6 +7684,12 @@ typedef struct { // If core 0 and core 1 attempt to claim the same lock // simultaneously, core 0 wins. // The value returned on success is 0x1 << lock number. + + + + + + // ============================================================================= // Register : SIO_SPINLOCK22 // Description : Reading from a spinlock address will: @@ -5447,6 +7700,12 @@ typedef struct { // If core 0 and core 1 attempt to claim the same lock // simultaneously, core 0 wins. // The value returned on success is 0x1 << lock number. + + + + + + // ============================================================================= // Register : SIO_SPINLOCK23 // Description : Reading from a spinlock address will: @@ -5457,6 +7716,12 @@ typedef struct { // If core 0 and core 1 attempt to claim the same lock // simultaneously, core 0 wins. // The value returned on success is 0x1 << lock number. + + + + + + // ============================================================================= // Register : SIO_SPINLOCK24 // Description : Reading from a spinlock address will: @@ -5467,6 +7732,12 @@ typedef struct { // If core 0 and core 1 attempt to claim the same lock // simultaneously, core 0 wins. // The value returned on success is 0x1 << lock number. + + + + + + // ============================================================================= // Register : SIO_SPINLOCK25 // Description : Reading from a spinlock address will: @@ -5477,6 +7748,12 @@ typedef struct { // If core 0 and core 1 attempt to claim the same lock // simultaneously, core 0 wins. // The value returned on success is 0x1 << lock number. + + + + + + // ============================================================================= // Register : SIO_SPINLOCK26 // Description : Reading from a spinlock address will: @@ -5487,6 +7764,12 @@ typedef struct { // If core 0 and core 1 attempt to claim the same lock // simultaneously, core 0 wins. // The value returned on success is 0x1 << lock number. + + + + + + // ============================================================================= // Register : SIO_SPINLOCK27 // Description : Reading from a spinlock address will: @@ -5497,6 +7780,12 @@ typedef struct { // If core 0 and core 1 attempt to claim the same lock // simultaneously, core 0 wins. // The value returned on success is 0x1 << lock number. + + + + + + // ============================================================================= // Register : SIO_SPINLOCK28 // Description : Reading from a spinlock address will: @@ -5507,6 +7796,12 @@ typedef struct { // If core 0 and core 1 attempt to claim the same lock // simultaneously, core 0 wins. // The value returned on success is 0x1 << lock number. + + + + + + // ============================================================================= // Register : SIO_SPINLOCK29 // Description : Reading from a spinlock address will: @@ -5517,6 +7812,12 @@ typedef struct { // If core 0 and core 1 attempt to claim the same lock // simultaneously, core 0 wins. // The value returned on success is 0x1 << lock number. + + + + + + // ============================================================================= // Register : SIO_SPINLOCK30 // Description : Reading from a spinlock address will: @@ -5527,6 +7828,12 @@ typedef struct { // If core 0 and core 1 attempt to claim the same lock // simultaneously, core 0 wins. // The value returned on success is 0x1 << lock number. + + + + + + // ============================================================================= // Register : SIO_SPINLOCK31 // Description : Reading from a spinlock address will: @@ -5537,24 +7844,69 @@ typedef struct { // If core 0 and core 1 attempt to claim the same lock // simultaneously, core 0 wins. // The value returned on success is 0x1 << lock number. + + + + + + // ============================================================================= +// # 22 "/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h" 2 // Marker for builds targeting the RP2040 + + // PICO_CONFIG: PICO_STACK_SIZE, Stack Size, min=0x100, default=0x800, advanced=true, group=pico_platform + + + + // PICO_CONFIG: PICO_HEAP_SIZE, Heap size to reserve, min=0x100, default=0x800, advanced=true, group=pico_platform + + + + // PICO_CONFIG: PICO_NO_RAM_VECTOR_TABLE, Enable/disable the RAM vector table, type=bool, default=0, advanced=true, group=pico_platform + + + + // PICO_CONFIG: PICO_RP2040_B0_SUPPORTED, Whether to include any specific software support for RP2040 B0 revision, type=bool, default=1, advanced=true, group=pico_platform + + + + // PICO_CONFIG: PICO_FLOAT_SUPPORT_ROM_V1, Include float support code for RP2040 B0 when that chip revision is supported , type=bool, default=1, advanced=true, group=pico_platform + + + + // PICO_CONFIG: PICO_DOUBLE_SUPPORT_ROM_V1, Include double support code for RP2040 B0 when that chip revision is supported , type=bool, default=1, advanced=true, group=pico_platform + + + + + // PICO_CONFIG: PICO_RP2040_B1_SUPPORTED, Whether to include any specific software support for RP2040 B1 revision, type=bool, default=1, advanced=true, group=pico_platform + + + + // PICO_CONFIG: PICO_RP2040_B2_SUPPORTED, Whether to include any specific software support for RP2040 B2 revision, type=bool, default=1, advanced=true, group=pico_platform + + + + // --- remainder of file is not included by assembly code --- +// # 78 "/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h" /*! \brief Marker for an interrupt handler * \ingroup pico_platform * For example an IRQ handler function called my_interrupt_handler: * * void __isr my_interrupt_handler(void) { */ + + /*! \brief Section attribute macro for placement in RAM after the `.data` section * \ingroup pico_platform * @@ -5567,6 +7919,8 @@ typedef struct { * \param group a string suffix to use in the section name to distinguish groups that can be linker * garbage-collected independently */ + + /*! \brief Section attribute macro for placement not in flash (i.e in RAM) * \ingroup pico_platform * @@ -5579,6 +7933,8 @@ typedef struct { * \param group a string suffix to use in the section name to distinguish groups that can be linker * garbage-collected independently */ + + /*! \brief Section attribute macro for placement in the SRAM bank 4 (known as "scratch X") * \ingroup pico_platform * @@ -5594,6 +7950,8 @@ typedef struct { * \param group a string suffix to use in the section name to distinguish groups that can be linker * garbage-collected independently */ + + /*! \brief Section attribute macro for placement in the SRAM bank 5 (known as "scratch Y") * \ingroup pico_platform * @@ -5609,6 +7967,8 @@ typedef struct { * \param group a string suffix to use in the section name to distinguish groups that can be linker * garbage-collected independently */ + + /*! \brief Section attribute macro for data that is to be left uninitialized * \ingroup pico_platform * @@ -5624,6 +7984,8 @@ typedef struct { * \param group a string suffix to use in the section name to distinguish groups that can be linker * garbage-collected independently */ + + /*! \brief Section attribute macro for placement in flash even in a COPY_TO_RAM binary * \ingroup pico_platform * @@ -5636,6 +7998,8 @@ typedef struct { * \param group a string suffix to use in the section name to distinguish groups that can be linker * garbage-collected independently */ + + /*! \brief Indicates a function should not be stored in flash * \ingroup pico_platform * @@ -5650,6 +8014,8 @@ typedef struct { * * \see __no_inline_not_in_flash_func */ + + /*! \brief Indicates a function is time/latency critical and should not run from flash * \ingroup pico_platform * @@ -5667,6 +8033,8 @@ typedef struct { * * \see __not_in_flash_func */ + + /*! \brief Indicate a function should not be stored in flash and should not be inlined * \ingroup pico_platform * @@ -5679,6 +8047,10 @@ typedef struct { * * The function is placed in the `.time_critical.` linker section */ + + + + /*! \brief Attribute to force inlining of a function regardless of optimization level * \ingroup pico_platform * @@ -5687,21 +8059,40 @@ typedef struct { * int __force_inline my_function(int x) { * */ + + + + + + /*! \brief Macro to determine the number of elements in an array * \ingroup pico_platform */ + + + + /*! \brief Macro to return the maximum of two comparable values * \ingroup pico_platform */ + + + + /*! \brief Macro to return the minimum of two comparable values * \ingroup pico_platform */ + + + + /*! \brief Execute a breakpoint instruction * \ingroup pico_platform */ static inline void __breakpoint(void) { __asm__("bkpt #0"); } + /*! \brief Ensure that the compiler does not move memory access across this method call * \ingroup pico_platform * @@ -5717,6 +8108,7 @@ static inline void __breakpoint(void) { inline __always_inline static void __compiler_memory_barrier(void) { __asm__ volatile ("" : : : "memory"); } + /*! \brief Macro for converting memory addresses to 32 bit addresses suitable for DMA * \ingroup pico_platform * @@ -5725,11 +8117,16 @@ inline __always_inline static void __compiler_memory_barrier(void) { * in other data (e.g. DMA chaining), then there is a need in "host" mode to convert a 64 bit native * pointer to a 32 bit value for storage, which can be done using this macro. */ + + + + /*! \brief Panics with the message "Unsupported" * \ingroup pico_platform * \see panic */ void __attribute__((noreturn)) panic_unsupported(void); + /*! \brief Displays a panic message and halts execution * \ingroup pico_platform * @@ -5740,23 +8137,35 @@ void __attribute__((noreturn)) panic_unsupported(void); * @param ... printf-like arguments */ void __attribute__((noreturn)) panic(const char *fmt, ...); + // PICO_CONFIG: PICO_NO_FPGA_CHECK, Remove the FPGA platform check for small code size reduction, type=bool, default=0, advanced=true, group=pico_runtime + + + + + + + _Bool running_on_fpga(void); + + /*! \brief Returns the RP2040 chip revision number * \ingroup pico_platform * @return the RP2040 chip revision number (1 for B0/B1, 2 for B2) */ uint8_t rp2040_chip_version(void); + /*! \brief Returns the RP2040 rom version number * \ingroup pico_platform * @return the RP2040 rom version number (1 for RP2040-B0, 2 for RP2040-B1, 3 for RP2040-B2) */ static inline uint8_t rp2040_rom_version(void) { -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Warray-bounds" +// #pragma GCC diagnostic push +// #pragma GCC diagnostic ignored "-Warray-bounds" return *(uint8_t*)0x13; -#pragma GCC diagnostic pop +// #pragma GCC diagnostic pop } + /*! \brief No-op function for the body of tight loops * \ingroup pico_platform * @@ -5765,6 +8174,7 @@ static inline uint8_t rp2040_rom_version(void) { * debugging might be added */ static inline __always_inline void tight_loop_contents(void) {} + /*! \brief Multiply two integers using an assembly `MUL` instruction * \ingroup pico_platform * @@ -5779,6 +8189,7 @@ inline __always_inline static int32_t __mul_instruction(int32_t a, int32_t b) { asm ("mul %0, %1" : "+l" (a) : "l" (b) : ); return a; } + /*! \brief multiply two integer values using the fastest method possible * \ingroup pico_platform * @@ -5792,18 +8203,25 @@ inline __always_inline static int32_t __mul_instruction(int32_t a, int32_t b) { * \param b the second operand * \return a * b */ + + + + /*! \brief Utility macro to assert two types are equivalent. * \ingroup pico_platform * * This macro can be useful in other macros along with `typeof` to assert that two parameters are of equivalent type * (or that a single parameter is of an expected type) */ + + /*! \brief Get the current exception level on this core * \ingroup pico_platform * * \return the exception number if the CPU is handling an exception, or 0 otherwise */ uint __get_current_exception(void); +// # 408 "/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h" /*! \brief Helper method to busy-wait for at least the given number of cycles * \ingroup pico_platform * @@ -5826,6 +8244,7 @@ static inline void busy_wait_at_least_cycles(uint32_t minimum_cycles) { : "+r" (minimum_cycles) : : "memory" ); } + /*! \brief Get the current core number * \ingroup pico_platform * @@ -5834,11 +8253,19 @@ static inline void busy_wait_at_least_cycles(uint32_t minimum_cycles) { inline __always_inline static uint get_core_num(void) { return (*(uint32_t *) (0xd0000000u + 0x00000000u)); } +// # 32 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico.h" 2 +// # 1 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico/error.h" 1 /* * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. * * SPDX-License-Identifier: BSD-3-Clause */ + + + + + + /*! * \brief Common return codes from pico_sdk methods that return a status * \ingroup pico_base @@ -5853,16 +8280,32 @@ enum pico_error_codes { PICO_ERROR_INVALID_ARG = -5, PICO_ERROR_IO = -6, }; +// # 33 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico.h" 2 +// # 38 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 2 +// # 1 "/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_sync/include/hardware/sync.h" 1 /* * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. * * SPDX-License-Identifier: BSD-3-Clause */ + + + + + +// # 1 "/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_base/include/hardware/address_mapped.h" 1 /* * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. * * SPDX-License-Identifier: BSD-3-Clause */ + + + + + + + /** \file address_mapped.h * \defgroup hardware_base hardware_base * @@ -5900,7 +8343,12 @@ enum pico_error_codes { * For example `hw_set_alias(dma_hw)->inte1 = 0x80;` will set bit 7 of the INTE1 register of the DMA controller, * leaving the other bits unchanged. */ +// # 58 "/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_base/include/hardware/address_mapped.h" // PICO_CONFIG: PARAM_ASSERTIONS_ENABLED_ADDRESS_ALIAS, Enable/disable assertions in memory address aliasing macros, type=bool, default=0, group=hardware_base + + + + typedef volatile uint32_t io_rw_32; typedef const volatile uint32_t io_ro_32; typedef volatile uint32_t io_wo_32; @@ -5910,28 +8358,49 @@ typedef volatile uint16_t io_wo_16; typedef volatile uint8_t io_rw_8; typedef const volatile uint8_t io_ro_8; typedef volatile uint8_t io_wo_8; + typedef volatile uint8_t *const ioptr; typedef ioptr const const_ioptr; + // A non-functional (empty) helper macro to help IDEs follow links from the autogenerated // hardware struct headers in hardware/structs/xxx.h to the raw register definitions // in hardware/regs/xxx.h. A preprocessor define such as TIMER_TIMEHW_OFFSET (a timer register offset) // is not generally clickable (in an IDE) if placed in a C comment, so _REG_(TIMER_TIMEHW_OFFSET) is // included outside of a comment instead + + // Helper method used by hw_alias macros to optionally check input validity + // can't use the following impl as it breaks existing static declarations using hw_alias, so would be a backwards incompatibility //static __force_inline uint32_t hw_alias_check_addr(volatile void *addr) { // uint32_t rc = (uintptr_t)addr; // invalid_params_if(ADDRESS_ALIAS, rc < 0x40000000); // catch likely non HW pointer types // return rc; //} + // Helper method used by xip_alias macros to optionally check input validity static inline __always_inline uint32_t xip_alias_check_addr(const void *addr) { uint32_t rc = (uintptr_t)addr; ({if (((0 || 0) && !0)) (__builtin_expect(!(rc >= 0x10000000u && rc < 0x11000000u), 0) ? __assert_rtn(__func__, "address_mapped.h", 95, "rc >= 0x10000000u && rc < 0x11000000u") : (void)0);}); return rc; } + // Untyped conversion alias pointer generation macros + + + + + + + // Typed conversion alias pointer generation macros + + + + + + + /*! \brief Atomically set the specified bits to 1 in a HW register * \ingroup hardware_base * @@ -5941,6 +8410,7 @@ static inline __always_inline uint32_t xip_alias_check_addr(const void *addr) { inline __always_inline static void hw_set_bits(io_rw_32 *addr, uint32_t mask) { *(io_rw_32 *) ((void *)((0x2u << 12u) | ((uintptr_t)((volatile void *) addr)))) = mask; } + /*! \brief Atomically clear the specified bits to 0 in a HW register * \ingroup hardware_base * @@ -5950,6 +8420,7 @@ inline __always_inline static void hw_set_bits(io_rw_32 *addr, uint32_t mask) { inline __always_inline static void hw_clear_bits(io_rw_32 *addr, uint32_t mask) { *(io_rw_32 *) ((void *)((0x3u << 12u) | ((uintptr_t)((volatile void *) addr)))) = mask; } + /*! \brief Atomically flip the specified bits in a HW register * \ingroup hardware_base * @@ -5959,6 +8430,7 @@ inline __always_inline static void hw_clear_bits(io_rw_32 *addr, uint32_t mask) inline __always_inline static void hw_xor_bits(io_rw_32 *addr, uint32_t mask) { *(io_rw_32 *) ((void *)((0x1u << 12u) | ((uintptr_t)((volatile void *) addr)))) = mask; } + /*! \brief Set new values for a sub-set of the bits in a HW register * \ingroup hardware_base * @@ -5974,6 +8446,13 @@ inline __always_inline static void hw_xor_bits(io_rw_32 *addr, uint32_t mask) { inline __always_inline static void hw_write_masked(io_rw_32 *addr, uint32_t values, uint32_t write_mask) { hw_xor_bits(addr, (*addr ^ values) & write_mask); } +// # 12 "/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_sync/include/hardware/sync.h" 2 + + + + + + /** \file hardware/sync.h * \defgroup hardware_sync hardware_sync * @@ -6003,20 +8482,66 @@ inline __always_inline static void hw_write_masked(io_rw_32 *addr, uint32_t valu * 16-23 | (\ref PICO_SPINLOCK_ID_STRIPED_FIRST - \ref PICO_SPINLOCK_ID_STRIPED_LAST). Spin locks from this range are assigned in a round-robin fashion via \ref next_striped_spin_lock_num(). These spin locks are shared, but assigning numbers from a range reduces the probability that two higher level locking primitives using _striped_ spin locks will actually be using the same spin lock. * 24-31 | (\ref PICO_SPINLOCK_ID_CLAIM_FREE_FIRST - \ref PICO_SPINLOCK_ID_CLAIM_FREE_LAST). These are reserved for exclusive use and are allocated on a first come first served basis at runtime via \ref spin_lock_claim_unused() */ + // PICO_CONFIG: PARAM_ASSERTIONS_ENABLED_SYNC, Enable/disable assertions in the HW sync module, type=bool, default=0, group=hardware_sync + + + + /** \brief A spin lock identifier * \ingroup hardware_sync */ typedef volatile uint32_t spin_lock_t; + // PICO_CONFIG: PICO_SPINLOCK_ID_IRQ, Spinlock ID for IRQ protection, min=0, max=31, default=9, group=hardware_sync + + + + // PICO_CONFIG: PICO_SPINLOCK_ID_TIMER, Spinlock ID for Timer protection, min=0, max=31, default=10, group=hardware_sync + + + + // PICO_CONFIG: PICO_SPINLOCK_ID_HARDWARE_CLAIM, Spinlock ID for Hardware claim protection, min=0, max=31, default=11, group=hardware_sync + + + + // PICO_CONFIG: PICO_SPINLOCK_ID_OS1, First Spinlock ID reserved for use by low level OS style software, min=0, max=31, default=14, group=hardware_sync + + + + // PICO_CONFIG: PICO_SPINLOCK_ID_OS2, Second Spinlock ID reserved for use by low level OS style software, min=0, max=31, default=15, group=hardware_sync + + + + // PICO_CONFIG: PICO_SPINLOCK_ID_STRIPED_FIRST, Lowest Spinlock ID in the 'striped' range, min=0, max=31, default=16, group=hardware_sync + + + + // PICO_CONFIG: PICO_SPINLOCK_ID_STRIPED_LAST, Highest Spinlock ID in the 'striped' range, min=0, max=31, default=23, group=hardware_sync + + + + // PICO_CONFIG: PICO_SPINLOCK_ID_CLAIM_FREE_FIRST, Lowest Spinlock ID in the 'claim free' range, min=0, max=31, default=24, group=hardware_sync + + + + + + + + // PICO_CONFIG: PICO_SPINLOCK_ID_CLAIM_FREE_LAST, Highest Spinlock ID in the 'claim free' range, min=0, max=31, default=31, group=hardware_sync + + + + /*! \brief Insert a SEV instruction in to the code path. * \ingroup hardware_sync @@ -6025,6 +8550,7 @@ typedef volatile uint32_t spin_lock_t; inline __always_inline static void __sev(void) { __asm volatile ("sev"); } + /*! \brief Insert a WFE instruction in to the code path. * \ingroup hardware_sync * @@ -6034,6 +8560,7 @@ inline __always_inline static void __sev(void) { inline __always_inline static void __wfe(void) { __asm volatile ("wfe"); } + /*! \brief Insert a WFI instruction in to the code path. * \ingroup hardware_sync * @@ -6042,6 +8569,7 @@ inline __always_inline static void __wfe(void) { inline __always_inline static void __wfi(void) { __asm volatile ("wfi"); } + /*! \brief Insert a DMB instruction in to the code path. * \ingroup hardware_sync * @@ -6051,6 +8579,7 @@ inline __always_inline static void __wfi(void) { inline __always_inline static void __dmb(void) { __asm volatile ("dmb" : : : "memory"); } + /*! \brief Insert a DSB instruction in to the code path. * \ingroup hardware_sync * @@ -6061,6 +8590,7 @@ inline __always_inline static void __dmb(void) { inline __always_inline static void __dsb(void) { __asm volatile ("dsb" : : : "memory"); } + /*! \brief Insert a ISB instruction in to the code path. * \ingroup hardware_sync * @@ -6071,6 +8601,7 @@ inline __always_inline static void __dsb(void) { inline __always_inline static void __isb(void) { __asm volatile ("isb"); } + /*! \brief Acquire a memory fence * \ingroup hardware_sync */ @@ -6085,6 +8616,7 @@ inline __always_inline static void __mem_fence_acquire(void) { // std::atomic_thread_fence(std::memory_order_acquire); //#endif } + /*! \brief Release a memory fence * \ingroup hardware_sync * @@ -6100,6 +8632,7 @@ inline __always_inline static void __mem_fence_release(void) { // std::atomic_thread_fence(std::memory_order_release); //#endif } + /*! \brief Save and disable interrupts * \ingroup hardware_sync * @@ -6111,6 +8644,7 @@ inline __always_inline static uint32_t save_and_disable_interrupts(void) { __asm volatile ("cpsid i"); return status; } + /*! \brief Restore interrupts to a specified state * \ingroup hardware_sync * @@ -6119,6 +8653,7 @@ inline __always_inline static uint32_t save_and_disable_interrupts(void) { inline __always_inline static void restore_interrupts(uint32_t status) { __asm volatile ("msr PRIMASK,%0"::"r" (status) : ); } + /*! \brief Get HW Spinlock instance from number * \ingroup hardware_sync * @@ -6129,6 +8664,7 @@ inline __always_inline static spin_lock_t *spin_lock_instance(uint lock_num) { ({if (((0 || 0) && !0)) (__builtin_expect(!(!(lock_num >= 32u)), 0) ? __assert_rtn(__func__, "sync.h", 226, "!(lock_num >= 32u)") : (void)0);}); return (spin_lock_t *) (0xd0000000u + 0x00000100u + lock_num * 4); } + /*! \brief Get HW Spinlock number from instance * \ingroup hardware_sync * @@ -6137,8 +8673,11 @@ inline __always_inline static spin_lock_t *spin_lock_instance(uint lock_num) { */ inline __always_inline static uint spin_lock_get_num(spin_lock_t *lock) { ({if (((0 || 0) && !0)) (__builtin_expect(!(!((uint) lock < 0xd0000000u + 0x00000100u || (uint) lock >= 32u * sizeof(spin_lock_t) + 0xd0000000u + 0x00000100u || ((uint) lock - 0xd0000000u + 0x00000100u) % sizeof(spin_lock_t) != 0)), 0) ? __assert_rtn(__func__, "sync.h", 239, "!((uint) lock < 0xd0000000u + 0x00000100u || (uint) lock >= 32u * sizeof(spin_lock_t) + 0xd0000000u + 0x00000100u || ((uint) lock - 0xd0000000u + 0x00000100u) % sizeof(spin_lock_t) != 0)") : (void)0);}); + + return (uint) (lock - (spin_lock_t *) (0xd0000000u + 0x00000100u)); } + /*! \brief Acquire a spin lock without disabling interrupts (hence unsafe) * \ingroup hardware_sync * @@ -6151,6 +8690,7 @@ inline __always_inline static void spin_lock_unsafe_blocking(spin_lock_t *lock) while (__builtin_expect(!*lock, 0)); __mem_fence_acquire(); } + /*! \brief Release a spin lock without re-enabling interrupts * \ingroup hardware_sync * @@ -6160,6 +8700,7 @@ inline __always_inline static void spin_unlock_unsafe(spin_lock_t *lock) { __mem_fence_release(); *lock = 0; } + /*! \brief Acquire a spin lock safely * \ingroup hardware_sync * @@ -6173,6 +8714,7 @@ inline __always_inline static uint32_t spin_lock_blocking(spin_lock_t *lock) { spin_lock_unsafe_blocking(lock); return save; } + /*! \brief Check to see if a spinlock is currently acquired elsewhere. * \ingroup hardware_sync * @@ -6183,6 +8725,7 @@ inline static _Bool is_spin_locked(spin_lock_t *lock) { uint lock_num = spin_lock_get_num(lock); return 0 != (*(io_ro_32 *) (0xd0000000u + 0x0000005cu) & (1u << lock_num)); } + /*! \brief Release a spin lock safely * \ingroup hardware_sync * @@ -6198,6 +8741,7 @@ inline __always_inline static void spin_unlock(spin_lock_t *lock, uint32_t saved spin_unlock_unsafe(lock); restore_interrupts(saved_irq); } + /*! \brief Initialise a spin lock * \ingroup hardware_sync * @@ -6207,10 +8751,12 @@ inline __always_inline static void spin_unlock(spin_lock_t *lock, uint32_t saved * \return The spin lock instance */ spin_lock_t *spin_lock_init(uint lock_num); + /*! \brief Release all spin locks * \ingroup hardware_sync */ void spin_locks_reset(void); + /*! \brief Return a spin lock number from the _striped_ range * \ingroup hardware_sync * @@ -6227,6 +8773,7 @@ void spin_locks_reset(void); * \see PICO_SPINLOCK_ID_STRIPED_LAST */ uint next_striped_spin_lock_num(void); + /*! \brief Mark a spin lock as used * \ingroup hardware_sync * @@ -6237,6 +8784,7 @@ uint next_striped_spin_lock_num(void); * \param lock_num the spin lock number */ void spin_lock_claim(uint lock_num); + /*! \brief Mark multiple spin locks as used * \ingroup hardware_sync * @@ -6247,6 +8795,7 @@ void spin_lock_claim(uint lock_num); * \param lock_num_mask Bitfield of all required spin locks to claim (bit 0 == spin lock 0, bit 1 == spin lock 1 etc) */ void spin_lock_claim_mask(uint32_t lock_num_mask); + /*! \brief Mark a spin lock as no longer used * \ingroup hardware_sync * @@ -6255,6 +8804,7 @@ void spin_lock_claim_mask(uint32_t lock_num_mask); * \param lock_num the spin lock number to release */ void spin_lock_unclaim(uint lock_num); + /*! \brief Claim a free spin lock * \ingroup hardware_sync * @@ -6262,6 +8812,7 @@ void spin_lock_unclaim(uint lock_num); * \return the spin lock number or -1 if required was false, and none were free */ int spin_lock_claim_unused(_Bool required); + /*! \brief Determine if a spin lock is claimed * \ingroup hardware_sync * @@ -6271,6 +8822,7 @@ int spin_lock_claim_unused(_Bool required); * \see spin_lock_claim_mask */ _Bool spin_lock_is_claimed(uint lock_num); +// # 39 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 2 /*----------------------------------------------------------- * Port specific definitions. @@ -6281,34 +8833,96 @@ _Bool spin_lock_is_claimed(uint lock_num); * These settings should not be altered. *----------------------------------------------------------- */ + /* Type definitions. */ +// # 59 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h" typedef uint32_t StackType_t; typedef int32_t BaseType_t; typedef uint32_t UBaseType_t; + + + + + typedef uint32_t TickType_t; + + /* 32-bit tick type on a 32-bit architecture, so reads of the tick count do * not need to be guarded with a critical section. */ + + /*-----------------------------------------------------------*/ + /* Architecture specifics. */ + + + + /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config, * as our FreeRTOSConfig.h header cannot be included by ASM code - which is what this affects in the SDK */ + + + + + /*-----------------------------------------------------------*/ + + /* Scheduler utilities. */ extern void vPortYield( void ); + + + + + + /*-----------------------------------------------------------*/ + /* Exception handlers */ + + + + + + + /*-----------------------------------------------------------*/ + /* Multi-core */ + + + + + + /* Requires for SMP */ + + /*-----------------------------------------------------------*/ + + /* Check validity of number of cores specified in config */ +// # 133 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h" /* FreeRTOS core id is always zero based, so always 0 if we're running on only one core */ +// # 145 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h" void vYieldCore(int xCoreID); + + + /*-----------------------------------------------------------*/ + /* Critical section management. */ +// # 162 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h" extern void vPortEnableInterrupts(); + + void vTaskEnterCritical(void); void vTaskExitCritical(void); + + + + + /* Note this is a single method with uxAcquire parameter since we have * static vars, the method is always called with a compile time constant for * uxAcquire, and the compiler should dothe right thing! */ @@ -6346,13 +8960,31 @@ _Bool spin_lock_is_claimed(uint lock_num); } } } + + + + + + /*-----------------------------------------------------------*/ + /* Tickless idle/low power functionality. */ + extern void vPortSuppressTicksAndSleep( TickType_t xExpectedIdleTime ); + + /*-----------------------------------------------------------*/ + /* Task function macros as described on the FreeRTOS.org WEB site. */ +// # 52 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h" 2 +// # 94 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h" /* *INDENT-OFF* */ + + + /* *INDENT-ON* */ + +// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/mpu_wrappers.h" 1 /* * FreeRTOS Kernel V10.4.3 * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. @@ -6378,8 +9010,13 @@ _Bool spin_lock_is_claimed(uint lock_num); * https://github.com/FreeRTOS * */ + + + + /* This file redefines API functions to be called through a wrapper macro, but * only for ports that are using the MPU. */ +// # 101 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h" 2 /* * Setup the stack of a new task so it is ready to be placed under the @@ -6387,9 +9024,13 @@ _Bool spin_lock_is_claimed(uint lock_num); * the order that the port expects to find them. * */ +// # 128 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h" StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack, TaskFunction_t pxCode, void * pvParameters ) ; + + + /* Used by heap_5.c to define the start address and size of each memory region * that together comprise the total FreeRTOS heap space. */ typedef struct HeapRegion @@ -6397,6 +9038,7 @@ typedef struct HeapRegion uint8_t * pucStartAddress; size_t xSizeInBytes; } HeapRegion_t; + /* Used to pass information about the heap out of vPortGetHeapStats(). */ typedef struct xHeapStats { @@ -6408,6 +9050,7 @@ typedef struct xHeapStats size_t xNumberOfSuccessfulAllocations; /* The number of calls to pvPortMalloc() that have returned a valid memory block. */ size_t xNumberOfSuccessfulFrees; /* The number of calls to vPortFree() that has successfully freed a block of memory. */ } HeapStats_t; + /* * Used to define multiple heap regions for use by heap_5.c. This function * must be called before any calls to pvPortMalloc() - not creating a task, @@ -6420,11 +9063,13 @@ typedef struct xHeapStats * with the lowest start address must appear first in the array. */ void vPortDefineHeapRegions( const HeapRegion_t * const pxHeapRegions ) ; + /* * Returns a HeapStats_t structure filled with information about the current * heap state. */ void vPortGetHeapStats( HeapStats_t * pxHeapStats ); + /* * Map to the memory management routines required for the port. */ @@ -6433,17 +9078,20 @@ void vPortFree( void * pv ) ; void vPortInitialiseBlocks( void ) ; size_t xPortGetFreeHeapSize( void ) ; size_t xPortGetMinimumEverFreeHeapSize( void ) ; +// # 190 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h" /* * Setup the hardware ready for the scheduler to take control. This generally * sets up a tick interrupt and sets timers for the correct tick frequency. */ BaseType_t xPortStartScheduler( void ) ; + /* * Undo any hardware/ISR setup that was performed by xPortStartScheduler() so * the hardware is left in its original condition after the scheduler stops * executing. */ void vPortEndScheduler( void ) ; + /* * The structures and methods of manipulating the MPU are contained within the * port layer. @@ -6451,68 +9099,156 @@ void vPortEndScheduler( void ) ; * Fills the xMPUSettings structure with the memory region information * contained in xRegions. */ +// # 218 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h" /* *INDENT-OFF* */ + + + /* *INDENT-ON* */ +// # 64 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 2 /* Must be defaulted before configUSE_NEWLIB_REENTRANT is used below. */ + + + + /* Required if struct _reent is used. */ + + + + /* * Check all the required application specific macros have been defined. * These macros are application specific and (as downloaded) are defined * within FreeRTOSConfig.h. */ +// # 140 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" /* If INCLUDE_vTaskDelayUntil is set but INCLUDE_xTaskDelayUntil is not then * the project's FreeRTOSConfig.h probably pre-dates the introduction of * xTaskDelayUntil and setting INCLUDE_xTaskDelayUntil to whatever * INCLUDE_vTaskDelayUntil is set to will ensure backward compatibility. */ +// # 274 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" /* configPRECONDITION should be defined as configASSERT. * The CBMC proofs need a way to track assumptions and assertions. * A configPRECONDITION statement should express an implicit invariant or * assumption made. A configASSERT statement should express an invariant that must * hold explicit before calling the code. */ +// # 303 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" /* The timers module relies on xTaskGetSchedulerState(). */ +// # 358 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" /* Remove any unused trace macros. */ + + /* Used to perform any necessary initialisation - for example, open a file * into which trace is to be written. */ + + + + + /* Use to close a trace, for example close a file into which trace has been * written. */ + + + + + /* Called after a task has been selected to run. pxCurrentTCB holds a pointer * to the task control block of the selected task. */ + + + + + /* Called before stepping the tick count after waking from tickless idle * sleep. */ + + + + /* Called immediately before entering tickless idle. */ + + + + /* Called when returning to the Idle task after a tickless idle. */ + + + + + /* Called before a task has been selected to run. pxCurrentTCB holds a pointer * to the task control block of the task being switched out. */ + + + + + /* Called when a task attempts to take a mutex that is already held by a * lower priority task. pxTCBOfMutexHolder is a pointer to the TCB of the task * that holds the mutex. uxInheritedPriority is the priority the mutex holder * will inherit (the priority of the task that is attempting to obtain the * muted. */ + + + + + /* Called when a task releases a mutex, the holding of which had resulted in * the task inheriting the priority of a higher priority task. * pxTCBOfMutexHolder is a pointer to the TCB of the task that is releasing the * mutex. uxOriginalPriority is the task's configured (base) priority. */ + + + + + /* Task is about to block because it cannot read from a * queue/mutex/semaphore. pxQueue is a pointer to the queue/mutex/semaphore * upon which the read was attempted. pxCurrentTCB points to the TCB of the * task that attempted the read. */ + + + + + /* Task is about to block because it cannot read from a * queue/mutex/semaphore. pxQueue is a pointer to the queue/mutex/semaphore * upon which the read was attempted. pxCurrentTCB points to the TCB of the * task that attempted the read. */ + + + + + /* Task is about to block because it cannot write to a * queue/mutex/semaphore. pxQueue is a pointer to the queue/mutex/semaphore * upon which the write was attempted. pxCurrentTCB points to the TCB of the * task that attempted the write. */ +// # 462 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" /* The following event macros are embedded in the kernel API calls. */ +// # 917 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" /* Defaults to 0 for backward compatibility. */ +// # 936 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" /* Sanity check the configuration. */ +// # 978 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" /* The tick type can be read atomically, so critical sections used when the * tick count is returned can be defined away. */ + + + + + + /* Definitions to allow backward compatibility with FreeRTOS versions prior to * V8 if desired. */ + + + + + + /* configPRINTF() was not defined, so define it away to nothing. To use * configPRINTF() then define it as follows (where MyPrintFunction() is * provided by the application writer): @@ -6523,22 +9259,53 @@ void vPortEndScheduler( void ) ; * Then call like a standard printf() function, but placing brackets around * all parameters so they are passed as a single parameter. For example: * configPRINTF( ("Value = %d", MyVariable) ); */ + + + + + /* The application writer has not provided their own MAX macro, so define * the following generic implementation. */ + + + + + /* The application writer has not provided their own MIN macro, so define * the following generic implementation. */ +// # 1059 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" /* Set configUSE_TASK_FPU_SUPPORT to 0 to omit floating point support even * if floating point hardware is otherwise supported by the FreeRTOS port in use. * This constant is not supported by all FreeRTOS ports that include floating * point support. */ + + + + /* Set configENABLE_MPU to 1 to enable MPU support and 0 to disable it. This is * currently used in ARMv8M ports. */ + + + + /* Set configENABLE_FPU to 1 to enable FPU support and 0 to disable it. This is * currently used in ARMv8M ports. */ + + + + /* Set configENABLE_TRUSTZONE to 1 enable TrustZone support and 0 to disable it. * This is currently used in ARMv8M ports. */ + + + + /* Set configRUN_FREERTOS_SECURE_ONLY to 1 to run the FreeRTOS ARMv8M port on * the Secure Side only. */ + + + + /* Sometimes the FreeRTOSConfig.h settings only allow a task to be created using * dynamically allocated RAM, in which case when any task is deleted it is known * that both the task's stack and TCB need to be freed. Sometimes the @@ -6581,6 +9348,10 @@ void vPortEndScheduler( void ) ; * | | | | xTaskCreateRestrictedStatic | | | | * +-----+---------+--------+-----------------------------+-----------------------------------+------------------+-----------+ */ + + + + /* * In line with software engineering best practice, FreeRTOS implements a strict * data hiding policy, so the real structures used by FreeRTOS to maintain the @@ -6593,24 +9364,42 @@ void vPortEndScheduler( void ) ; */ struct xSTATIC_LIST_ITEM { + + + TickType_t xDummy2; void * pvDummy3[ 4 ]; + + + }; typedef struct xSTATIC_LIST_ITEM StaticListItem_t; + /* See the comments above the struct xSTATIC_LIST_ITEM definition. */ struct xSTATIC_MINI_LIST_ITEM { + + + TickType_t xDummy2; void * pvDummy3[ 2 ]; }; typedef struct xSTATIC_MINI_LIST_ITEM StaticMiniListItem_t; + /* See the comments above the struct xSTATIC_LIST_ITEM definition. */ typedef struct xSTATIC_LIST { + + + UBaseType_t uxDummy2; void * pvDummy3; StaticMiniListItem_t xDummy4; + + + } StaticList_t; + /* * In line with software engineering best practice, especially when supplying a * library that is likely to change in future versions, FreeRTOS implements a @@ -6627,19 +9416,53 @@ typedef struct xSTATIC_LIST typedef struct xSTATIC_TCB { void * pxDummy1; + + + + + + StaticListItem_t xDummy3[ 2 ]; UBaseType_t uxDummy5; void * pxDummy6; BaseType_t xDummy23[ 2 ]; uint8_t ucDummy7[ 16 ]; + + + + + + + UBaseType_t uxDummy9; + + UBaseType_t uxDummy10[ 2 ]; + + UBaseType_t uxDummy12[ 2 ]; + + + + + void * pvDummy15[ 5 ]; +// # 1240 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" uint32_t ulDummy18[ 1 ]; uint8_t ucDummy19[ 1 ]; + + + + + + uint8_t ucDummy21; + + + + } StaticTask_t; + /* * In line with software engineering best practice, especially when supplying a * library that is likely to change in future versions, FreeRTOS implements a @@ -6657,19 +9480,32 @@ typedef struct xSTATIC_TCB typedef struct xSTATIC_QUEUE { void * pvDummy1[ 3 ]; + union { void * pvDummy2; UBaseType_t uxDummy2; } u; + StaticList_t xDummy3[ 2 ]; UBaseType_t uxDummy4[ 3 ]; uint8_t ucDummy5[ 2 ]; + + + + + + void * pvDummy7; + + + UBaseType_t uxDummy8; uint8_t ucDummy9; + } StaticQueue_t; typedef StaticQueue_t StaticSemaphore_t; + /* * In line with software engineering best practice, especially when supplying a * library that is likely to change in future versions, FreeRTOS implements a @@ -6688,8 +9524,16 @@ typedef struct xSTATIC_EVENT_GROUP { TickType_t xDummy1; StaticList_t xDummy2; + + UBaseType_t uxDummy3; + + + + + } StaticEventGroup_t; + /* * In line with software engineering best practice, especially when supplying a * library that is likely to change in future versions, FreeRTOS implements a @@ -6711,9 +9555,12 @@ typedef struct xSTATIC_TIMER TickType_t xDummy3; void * pvDummy5; TaskFunction_t pvDummy6; + UBaseType_t uxDummy7; + uint8_t ucDummy8; } StaticTimer_t; + /* * In line with software engineering best practice, especially when supplying a * library that is likely to change in future versions, FreeRTOS implements a @@ -6733,12 +9580,21 @@ typedef struct xSTATIC_STREAM_BUFFER size_t uxDummy1[ 4 ]; void * pvDummy2[ 3 ]; uint8_t ucDummy3; + UBaseType_t uxDummy4; + } StaticStreamBuffer_t; + /* Message buffers are built on stream buffers. */ typedef StaticStreamBuffer_t StaticMessageBuffer_t; + /* *INDENT-OFF* */ + + + /* *INDENT-ON* */ +// # 38 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c" 2 +// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h" 1 /* * FreeRTOS Kernel V10.4.3 * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. @@ -6764,6 +9620,8 @@ typedef StaticStreamBuffer_t StaticMessageBuffer_t; * https://github.com/FreeRTOS * */ +// # 35 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h" +// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/list.h" 1 /* * FreeRTOS Kernel V10.4.3 * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. @@ -6789,6 +9647,7 @@ typedef StaticStreamBuffer_t StaticMessageBuffer_t; * https://github.com/FreeRTOS * */ + /* * This is the list implementation used by the scheduler. While it is tailored * heavily for the schedulers needs, it is also available for use by @@ -6816,6 +9675,7 @@ typedef StaticStreamBuffer_t StaticMessageBuffer_t; * \page ListIntroduction List Implementation * \ingroup FreeRTOSIntro */ +// # 63 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/list.h" /* * The list structure members are modified from within interrupts, and therefore * by rights should be declared volatile. However, they are only modified in a @@ -6844,14 +9704,24 @@ typedef StaticStreamBuffer_t StaticMessageBuffer_t; * FreeRTOSConfig.h (without the quotes): * "#define configLIST_VOLATILE volatile" */ + + + + /* *INDENT-OFF* */ + + + /* *INDENT-ON* */ + /* Macros that can be used to place known values within the list structures, * then check that the known values do not get corrupted during the execution of * the application. These may catch the list data structures being overwritten in * memory. They will not catch data errors caused by incorrect configuration or * use of FreeRTOS.*/ + /* Define the macros to do nothing. */ +// # 138 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/list.h" /* * Definition of the only type of object that a list can contain. */ @@ -6867,6 +9737,7 @@ struct xLIST_ITEM /*< Set to a known value if configUSE_LIST_DATA_INTEGRITY_CHECK_BYTES is set to 1. */ }; typedef struct xLIST_ITEM ListItem_t; /* For some reason lint wants this as two separate definitions. */ + struct xMINI_LIST_ITEM { /*< Set to a known value if configUSE_LIST_DATA_INTEGRITY_CHECK_BYTES is set to 1. */ @@ -6875,6 +9746,7 @@ struct xMINI_LIST_ITEM struct xLIST_ITEM * pxPrevious; }; typedef struct xMINI_LIST_ITEM MiniListItem_t; + /* * Definition of the type of queue used by the scheduler. */ @@ -6886,6 +9758,7 @@ typedef struct xLIST MiniListItem_t xListEnd; /*< List item that contains the maximum possible item value meaning it is always at the end of the list and is therefore used as a marker. */ /*< Set to a known value if configUSE_LIST_DATA_INTEGRITY_CHECK_BYTES is set to 1. */ } List_t; + /* * Access macro to set the owner of a list item. The owner of a list item * is the object (usually a TCB) that contains the list item. @@ -6893,6 +9766,8 @@ typedef struct xLIST * \page listSET_LIST_ITEM_OWNER listSET_LIST_ITEM_OWNER * \ingroup LinkedList */ + + /* * Access macro to get the owner of a list item. The owner of a list item * is the object (usually a TCB) that contains the list item. @@ -6900,6 +9775,8 @@ typedef struct xLIST * \page listGET_LIST_ITEM_OWNER listSET_LIST_ITEM_OWNER * \ingroup LinkedList */ + + /* * Access macro to set the value of the list item. In most cases the value is * used to sort the list in descending order. @@ -6907,6 +9784,8 @@ typedef struct xLIST * \page listSET_LIST_ITEM_VALUE listSET_LIST_ITEM_VALUE * \ingroup LinkedList */ + + /* * Access macro to retrieve the value of the list item. The value can * represent anything - for example the priority of a task, or the time at @@ -6915,6 +9794,8 @@ typedef struct xLIST * \page listGET_LIST_ITEM_VALUE listGET_LIST_ITEM_VALUE * \ingroup LinkedList */ + + /* * Access macro to retrieve the value of the list item at the head of a given * list. @@ -6922,24 +9803,32 @@ typedef struct xLIST * \page listGET_LIST_ITEM_VALUE listGET_LIST_ITEM_VALUE * \ingroup LinkedList */ + + /* * Return the list item at the head of the list. * * \page listGET_HEAD_ENTRY listGET_HEAD_ENTRY * \ingroup LinkedList */ + + /* * Return the next list item. * * \page listGET_NEXT listGET_NEXT * \ingroup LinkedList */ + + /* * Return the list item that marks the end of the list * * \page listGET_END_MARKER listGET_END_MARKER * \ingroup LinkedList */ + + /* * Access macro to determine if a list contains any items. The macro will * only have the value true if the list is empty. @@ -6947,9 +9836,13 @@ typedef struct xLIST * \page listLIST_IS_EMPTY listLIST_IS_EMPTY * \ingroup LinkedList */ + + /* * Access macro to return the number of items in the list. */ + + /* * Access function to obtain the owner of the next entry in a list. * @@ -6970,6 +9863,7 @@ typedef struct xLIST * \page listGET_OWNER_OF_NEXT_ENTRY listGET_OWNER_OF_NEXT_ENTRY * \ingroup LinkedList */ +// # 293 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/list.h" /* * Access function to obtain the owner of the first entry in a list. Lists * are normally sorted in ascending item value order. @@ -6986,6 +9880,8 @@ typedef struct xLIST * \page listGET_OWNER_OF_HEAD_ENTRY listGET_OWNER_OF_HEAD_ENTRY * \ingroup LinkedList */ + + /* * Check to see if a list item is within a list. The list item maintains a * "container" pointer that points to the list it is in. All this macro does @@ -6995,17 +9891,23 @@ typedef struct xLIST * @param pxListItem The list item we want to know if is in the list. * @return pdTRUE if the list item is in the list, otherwise pdFALSE. */ + + /* * Return the list a list item is contained within (referenced from). * * @param pxListItem The list item being queried. * @return A pointer to the List_t object that references the pxListItem */ + + /* * This provides a crude means of knowing if a list has been initialised, as * pxList->xListEnd.xItemValue is set to portMAX_DELAY by the vListInitialise() * function. */ + + /* * Must be called before a list is used! This initialises all the members * of the list structure and inserts the xListEnd item into the list as a @@ -7017,6 +9919,7 @@ typedef struct xLIST * \ingroup LinkedList */ void vListInitialise( List_t * const pxList ) ; + /* * Must be called before a list item is used. This sets the list container to * null so the item does not think that it is already contained in a list. @@ -7027,6 +9930,7 @@ void vListInitialise( List_t * const pxList ) ; * \ingroup LinkedList */ void vListInitialiseItem( ListItem_t * const pxItem ) ; + /* * Insert a list item into a list. The item will be inserted into the list in * a position determined by its item value (descending item value order). @@ -7040,6 +9944,7 @@ void vListInitialiseItem( ListItem_t * const pxItem ) ; */ void vListInsert( List_t * const pxList, ListItem_t * const pxNewListItem ) ; + /* * Insert a list item into a list. The item will be inserted in a position * such that it will be the last item within the list returned by multiple @@ -7061,6 +9966,7 @@ void vListInsert( List_t * const pxList, */ void vListInsertEnd( List_t * const pxList, ListItem_t * const pxNewListItem ) ; + /* * Remove an item from a list. The list item has a pointer to the list that * it is in, so only the list item need be passed into the function. @@ -7075,21 +9981,44 @@ void vListInsertEnd( List_t * const pxList, * \ingroup LinkedList */ UBaseType_t uxListRemove( ListItem_t * const pxItemToRemove ) ; + /* *INDENT-OFF* */ + + + /* *INDENT-ON* */ +// # 36 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h" 2 /* *INDENT-OFF* */ + + + /* *INDENT-ON* */ + /*----------------------------------------------------------- * MACROS AND DEFINITIONS *----------------------------------------------------------*/ + + + + + + /* MPU region parameters passed in ulParameters * of MemoryRegion_t struct. */ + + + + + + /* The direct to task notification feature used to have only a single notification * per task. Now there is an array of notifications per task that is dimensioned by * configTASK_NOTIFICATION_ARRAY_ENTRIES. For backward compatibility, any use of the * original direct to task notification defaults to using the first index in the * array. */ + + /** * task. h * @@ -7102,11 +10031,13 @@ UBaseType_t uxListRemove( ListItem_t * const pxItemToRemove ) ; */ struct tskTaskControlBlock; /* The old naming convention is used to prevent breaking kernel aware debuggers. */ typedef struct tskTaskControlBlock * TaskHandle_t; + /* * Defines the prototype to which the application task hook function must * conform. */ typedef BaseType_t (* TaskHookFunction_t)( void * ); + /* Task states returned by eTaskGetState. */ typedef enum { @@ -7117,6 +10048,7 @@ typedef enum eDeleted, /* The task being queried has been deleted, but its TCB has not yet been freed. */ eInvalid /* Used as an 'invalid state' value. */ } eTaskState; + /* Actions that can be performed when vTaskNotify() is called. */ typedef enum { @@ -7126,6 +10058,7 @@ typedef enum eSetValueWithOverwrite, /* Set the task's notification value to a specific value even if the previous value has not yet been read by the task. */ eSetValueWithoutOverwrite /* Set the task's notification value if the previous value has been read by the task. */ } eNotifyAction; + /* * Used internally only. */ @@ -7134,6 +10067,7 @@ typedef struct xTIME_OUT BaseType_t xOverflowCount; TickType_t xTimeOnEntering; } TimeOut_t; + /* * Defines the memory ranges allocated to the task when an MPU is used. */ @@ -7143,6 +10077,7 @@ typedef struct xMEMORY_REGION uint32_t ulLengthInBytes; uint32_t ulParameters; } MemoryRegion_t; + /* * Parameters required to create an MPU protected task. */ @@ -7155,7 +10090,11 @@ typedef struct xTASK_PARAMETERS UBaseType_t uxPriority; StackType_t * puxStackBuffer; MemoryRegion_t xRegions[ 1 ]; + + + } TaskParameters_t; + /* Used with the uxTaskGetSystemState() function to return the state of each task * in the system. */ typedef struct xTASK_STATUS @@ -7170,6 +10109,7 @@ typedef struct xTASK_STATUS StackType_t * pxStackBase; /* Points to the lowest address of the task's stack area. */ uint32_t usStackHighWaterMark; /* The minimum amount of stack space that has remained for the task since the task was created. The closer this value is to zero the closer the task has come to overflowing its stack. */ } TaskStatus_t; + /* Possible return values for eTaskConfirmSleepModeStatus(). */ typedef enum { @@ -7177,15 +10117,22 @@ typedef enum eStandardSleep, /* Enter a sleep mode that will not last any longer than the expected idle time. */ eNoTasksWaitingTimeout /* No tasks are waiting for a timeout so it is safe to enter a sleep mode that can only be exited by an external interrupt. */ } eSleepModeStatus; + /** * Defines the priority used by the idle task. This must not be modified. * * \ingroup TaskUtils */ + + /** * Defines affinity to all available cores. * */ + + + + /** * task. h * @@ -7194,6 +10141,8 @@ typedef enum * \defgroup taskYIELD taskYIELD * \ingroup SchedulerControl */ + + /** * task. h * @@ -7206,6 +10155,9 @@ typedef enum * \defgroup taskENTER_CRITICAL taskENTER_CRITICAL * \ingroup SchedulerControl */ + + + /** * task. h * @@ -7218,6 +10170,9 @@ typedef enum * \defgroup taskEXIT_CRITICAL taskEXIT_CRITICAL * \ingroup SchedulerControl */ + + + /** * task. h * @@ -7229,6 +10184,8 @@ typedef enum * \defgroup taskDISABLE_INTERRUPTS taskDISABLE_INTERRUPTS * \ingroup SchedulerControl */ + + /** * task. h * @@ -7237,6 +10194,8 @@ typedef enum * \defgroup taskENABLE_INTERRUPTS taskENABLE_INTERRUPTS * \ingroup SchedulerControl */ + + /** * task. h * @@ -7246,6 +10205,8 @@ typedef enum * \defgroup taskRESTORE_INTERRUPTS taskRESTORE_INTERRUPTS * \ingroup SchedulerControl */ + + /** * task. h * @@ -7255,13 +10216,22 @@ typedef enum * \defgroup taskCHECK_IF_IN_ISR taskCHECK_IF_IN_ISR * \ingroup SchedulerControl */ + + /* Definitions returned by xTaskGetSchedulerState(). taskSCHEDULER_SUSPENDED is * 0 to generate more optimal code when configASSERT() is defined as the constant * is used in assert() statements. */ + + + + /* Check if core value is valid */ + + /*----------------------------------------------------------- * TASK CREATION API *----------------------------------------------------------*/ + /** * task. h *
@@ -7356,12 +10326,15 @@ typedef enum
  * \defgroup xTaskCreate xTaskCreate
  * \ingroup Tasks
  */
+
     BaseType_t xTaskCreate( TaskFunction_t pxTaskCode,
                             const char * const pcName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */
                             const uint32_t usStackDepth,
                             void * const pvParameters,
                             UBaseType_t uxPriority,
                             TaskHandle_t * const pxCreatedTask ) ;
+
+
 /**
  * task. h
  * 
@@ -7470,6 +10443,7 @@ typedef enum
  * \defgroup xTaskCreateStatic xTaskCreateStatic
  * \ingroup Tasks
  */
+// # 501 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h"
 /**
  * task. h
  * 
@@ -7543,6 +10517,11 @@ typedef enum
  * \defgroup xTaskCreateRestricted xTaskCreateRestricted
  * \ingroup Tasks
  */
+
+
+
+
+
 /**
  * task. h
  * 
@@ -7628,6 +10607,11 @@ typedef enum
  * \defgroup xTaskCreateRestrictedStatic xTaskCreateRestrictedStatic
  * \ingroup Tasks
  */
+
+
+
+
+
 /**
  * task. h
  * 
@@ -7677,6 +10661,7 @@ typedef enum
  */
 void vTaskAllocateMPURegions( TaskHandle_t xTask,
                               const MemoryRegion_t * const pxRegions ) ;
+
 /**
  * task. h
  * 
@@ -7719,9 +10704,11 @@ void vTaskAllocateMPURegions( TaskHandle_t xTask,
  * \ingroup Tasks
  */
 void vTaskDelete( TaskHandle_t xTaskToDelete ) ;
+
 /*-----------------------------------------------------------
 * TASK CONTROL API
 *----------------------------------------------------------*/
+
 /**
  * task. h
  * 
@@ -7771,6 +10758,7 @@ void vTaskDelete( TaskHandle_t xTaskToDelete ) ;
  * \ingroup TaskCtrl
  */
 void vTaskDelay( const TickType_t xTicksToDelay ) ;
+
 /**
  * task. h
  * 
@@ -7838,10 +10826,17 @@ void vTaskDelay( const TickType_t xTicksToDelay ) ;
  */
 BaseType_t xTaskDelayUntil( TickType_t * const pxPreviousWakeTime,
                             const TickType_t xTimeIncrement ) ;
+
 /*
  * vTaskDelayUntil() is the older version of xTaskDelayUntil() and does not
  * return a value.
  */
+
+
+
+
+
+
 /**
  * task. h
  * 
@@ -7873,6 +10868,7 @@ BaseType_t xTaskDelayUntil( TickType_t * const pxPreviousWakeTime,
  * \ingroup TaskCtrl
  */
 BaseType_t xTaskAbortDelay( TaskHandle_t xTask ) ;
+
 /**
  * task. h
  * 
@@ -7921,6 +10917,7 @@ BaseType_t xTaskAbortDelay( TaskHandle_t xTask ) ;
  * \ingroup TaskCtrl
  */
 UBaseType_t uxTaskPriorityGet( const TaskHandle_t xTask ) ;
+
 /**
  * task. h
  * 
@@ -7930,6 +10927,7 @@ UBaseType_t uxTaskPriorityGet( const TaskHandle_t xTask ) ;
  * A version of uxTaskPriorityGet() that can be used from an ISR.
  */
 UBaseType_t uxTaskPriorityGetFromISR( const TaskHandle_t xTask ) ;
+
 /**
  * task. h
  * 
@@ -7949,6 +10947,7 @@ UBaseType_t uxTaskPriorityGetFromISR( const TaskHandle_t xTask ) ;
  * functions return value being tested by the calling task.
  */
 eTaskState eTaskGetState( TaskHandle_t xTask ) ;
+
 /**
  * task. h
  * 
@@ -8009,6 +11008,7 @@ void vTaskGetInfo( TaskHandle_t xTask,
                    TaskStatus_t * pxTaskStatus,
                    BaseType_t xGetFreeStackSpace,
                    eTaskState eState ) ;
+
 /**
  * task. h
  * 
@@ -8053,6 +11053,7 @@ void vTaskGetInfo( TaskHandle_t xTask,
  */
 void vTaskPrioritySet( TaskHandle_t xTask,
                        UBaseType_t uxNewPriority ) ;
+
 /**
  * task. h
  * 
@@ -8105,6 +11106,7 @@ void vTaskPrioritySet( TaskHandle_t xTask,
  * \ingroup TaskCtrl
  */
 void vTaskSuspend( TaskHandle_t xTaskToSuspend ) ;
+
 /**
  * task. h
  * 
@@ -8155,6 +11157,7 @@ void vTaskSuspend( TaskHandle_t xTaskToSuspend ) ;
  * \ingroup TaskCtrl
  */
 void vTaskResume( TaskHandle_t xTaskToResume ) ;
+
 /**
  * task. h
  * 
@@ -8185,6 +11188,7 @@ void vTaskResume( TaskHandle_t xTaskToResume ) ;
  * \ingroup TaskCtrl
  */
 BaseType_t xTaskResumeFromISR( TaskHandle_t xTaskToResume ) ;
+// # 1333 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h"
 /**
  * @brief Disables preemption for a task.
  *
@@ -8215,6 +11219,7 @@ BaseType_t xTaskResumeFromISR( TaskHandle_t xTaskToResume ) ;
  * }
  */
 void vTaskPreemptionDisable( const TaskHandle_t xTask );
+
 /**
  * @brief Enables preemption for a task.
  *
@@ -8245,9 +11250,11 @@ void vTaskPreemptionDisable( const TaskHandle_t xTask );
  * }
  */
 void vTaskPreemptionEnable( const TaskHandle_t xTask );
+
 /*-----------------------------------------------------------
 * SCHEDULER CONTROL
 *----------------------------------------------------------*/
+
 /**
  * task. h
  * 
@@ -8278,6 +11285,7 @@ void vTaskPreemptionEnable( const TaskHandle_t xTask );
  * \ingroup SchedulerControl
  */
 void vTaskStartScheduler( void ) ;
+
 /**
  * task. h
  * 
@@ -8335,6 +11343,7 @@ void vTaskStartScheduler( void ) ;
  * \ingroup SchedulerControl
  */
 void vTaskEndScheduler( void ) ;
+
 /**
  * task. h
  * 
@@ -8387,6 +11396,7 @@ void vTaskEndScheduler( void ) ;
  * \ingroup SchedulerControl
  */
 void vTaskSuspendAll( void ) ;
+
 /**
  * task. h
  * 
@@ -8442,9 +11452,11 @@ void vTaskSuspendAll( void ) ;
  * \ingroup SchedulerControl
  */
 BaseType_t xTaskResumeAll( void ) ;
+
 /*-----------------------------------------------------------
 * TASK UTILITIES
 *----------------------------------------------------------*/
+
 /**
  * task. h
  * 
TickType_t xTaskGetTickCount( void );
@@ -8455,6 +11467,7 @@ BaseType_t xTaskResumeAll( void ) ; * \ingroup TaskUtils */ TickType_t xTaskGetTickCount( void ) ; + /** * task. h *
TickType_t xTaskGetTickCountFromISR( void );
@@ -8470,6 +11483,7 @@ TickType_t xTaskGetTickCount( void ) ; * \ingroup TaskUtils */ TickType_t xTaskGetTickCountFromISR( void ) ; + /** * task. h *
uint16_t uxTaskGetNumberOfTasks( void );
@@ -8483,6 +11497,7 @@ TickType_t xTaskGetTickCountFromISR( void ) ; * \ingroup TaskUtils */ UBaseType_t uxTaskGetNumberOfTasks( void ) ; + /** * task. h *
char *pcTaskGetName( TaskHandle_t xTaskToQuery );
@@ -8495,6 +11510,7 @@ UBaseType_t uxTaskGetNumberOfTasks( void ) ; * \ingroup TaskUtils */ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) ; /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + /** * task. h *
TaskHandle_t xTaskGetHandle( const char *pcNameToQuery );
@@ -8510,6 +11526,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) ; /*lint !e971 Unqualified cha * \ingroup TaskUtils */ TaskHandle_t xTaskGetHandle( const char * pcNameToQuery ) ; /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + /** * task.h *
UBaseType_t uxTaskGetStackHighWaterMark( TaskHandle_t xTask );
@@ -8536,6 +11553,7 @@ TaskHandle_t xTaskGetHandle( const char * pcNameToQuery ) ; /*lint !e971 Unquali * xTask was created. */ UBaseType_t uxTaskGetStackHighWaterMark( TaskHandle_t xTask ) ; + /** * task.h *
configSTACK_DEPTH_TYPE uxTaskGetStackHighWaterMark2( TaskHandle_t xTask );
@@ -8562,12 +11580,14 @@ UBaseType_t uxTaskGetStackHighWaterMark( TaskHandle_t xTask ) ; * xTask was created. */ uint32_t uxTaskGetStackHighWaterMark2( TaskHandle_t xTask ) ; + /* When using trace macros it is sometimes necessary to include task.h before * FreeRTOS.h. When this is done TaskHookFunction_t will not yet have been defined, * so the following two prototypes will cause a compilation error. This can be * fixed by simply guarding against the inclusion of these two prototypes unless * they are explicitly required by the configUSE_APPLICATION_TASK_TAG configuration * constant. */ +// # 1774 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h" /* Each task contains an array of pointers that is dimensioned by the * configNUM_THREAD_LOCAL_STORAGE_POINTERS setting in FreeRTOSConfig.h. The * kernel does not use the pointers itself, so the application writer can use @@ -8578,6 +11598,11 @@ uint32_t uxTaskGetStackHighWaterMark2( TaskHandle_t xTask ) ; void * pvValue ) ; void * pvTaskGetThreadLocalStoragePointer( TaskHandle_t xTaskToQuery, BaseType_t xIndex ) ; + + + + + /** * task.h *
void vApplicationStackOverflowHook( TaskHandle_t xTask char *pcTaskName); 
@@ -8591,6 +11616,10 @@ uint32_t uxTaskGetStackHighWaterMark2( TaskHandle_t xTask ) ; */ void vApplicationStackOverflowHook( TaskHandle_t xTask, char * pcTaskName ); + + + + /** * task.h *
void vApplicationTickHook( void ); 
@@ -8598,6 +11627,7 @@ uint32_t uxTaskGetStackHighWaterMark2( TaskHandle_t xTask ) ; * This hook function is called in the system tick handler after any OS work is completed. */ void vApplicationTickHook( void ); /*lint !e526 Symbol not defined as it is an application callback. */ +// # 1833 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h" /** * task.h *
@@ -8613,6 +11643,7 @@ uint32_t uxTaskGetStackHighWaterMark2( TaskHandle_t xTask ) ;
  */
 BaseType_t xTaskCallApplicationTaskHook( TaskHandle_t xTask,
                                          void * pvParameter ) ;
+
 /**
  * xTaskGetIdleTaskHandle() is only available if
  * INCLUDE_xTaskGetIdleTaskHandle is set to 1 in FreeRTOSConfig.h.
@@ -8621,6 +11652,7 @@ BaseType_t xTaskCallApplicationTaskHook( TaskHandle_t xTask,
  * It is not valid to call xTaskGetIdleTaskHandle() before the scheduler has been started.
  */
 TaskHandle_t *xTaskGetIdleTaskHandle( void ) ;
+
 /**
  * configUSE_TRACE_FACILITY must be defined as 1 in FreeRTOSConfig.h for
  * uxTaskGetSystemState() to be available.
@@ -8721,6 +11753,7 @@ TaskHandle_t *xTaskGetIdleTaskHandle( void ) ;
 UBaseType_t uxTaskGetSystemState( TaskStatus_t * const pxTaskStatusArray,
                                   const UBaseType_t uxArraySize,
                                   uint32_t * const pulTotalRunTime ) ;
+
 /**
  * task. h
  * 
void vTaskList( char *pcWriteBuffer );
@@ -8769,6 +11802,7 @@ UBaseType_t uxTaskGetSystemState( TaskStatus_t * const pxTaskStatusArray, * \ingroup TaskUtils */ void vTaskList( char * pcWriteBuffer ) ; /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + /** * task. h *
void vTaskGetRunTimeStats( char *pcWriteBuffer );
@@ -8822,6 +11856,7 @@ void vTaskList( char * pcWriteBuffer ) ; /*lint !e971 Unqualified char types are * \ingroup TaskUtils */ void vTaskGetRunTimeStats( char * pcWriteBuffer ) ; /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + /** * task. h *
uint32_t ulTaskGetIdleRunTimeCounter( void );
@@ -8851,6 +11886,7 @@ void vTaskGetRunTimeStats( char * pcWriteBuffer ) ; /*lint !e971 Unqualified cha * \ingroup TaskUtils */ uint32_t ulTaskGetIdleRunTimeCounter( void ) ; + /** * task. h *
BaseType_t xTaskNotifyIndexed( TaskHandle_t xTaskToNotify, UBaseType_t uxIndexToNotify, uint32_t ulValue, eNotifyAction eAction );
@@ -8962,6 +11998,11 @@ BaseType_t xTaskGenericNotify( TaskHandle_t xTaskToNotify, uint32_t ulValue, eNotifyAction eAction, uint32_t * pulPreviousNotificationValue ) ; + + + + + /** * task. h *
BaseType_t xTaskNotifyAndQueryIndexed( TaskHandle_t xTaskToNotify, UBaseType_t uxIndexToNotify, uint32_t ulValue, eNotifyAction eAction, uint32_t *pulPreviousNotifyValue );
@@ -8984,6 +12025,11 @@ BaseType_t xTaskGenericNotify( TaskHandle_t xTaskToNotify, * \defgroup xTaskNotifyAndQueryIndexed xTaskNotifyAndQueryIndexed * \ingroup TaskNotifications */ + + + + + /** * task. h *
BaseType_t xTaskNotifyIndexedFromISR( TaskHandle_t xTaskToNotify, UBaseType_t uxIndexToNotify, uint32_t ulValue, eNotifyAction eAction, BaseType_t *pxHigherPriorityTaskWoken );
@@ -9101,6 +12147,11 @@ BaseType_t xTaskGenericNotifyFromISR( TaskHandle_t xTaskToNotify, eNotifyAction eAction, uint32_t * pulPreviousNotificationValue, BaseType_t * pxHigherPriorityTaskWoken ) ; + + + + + /** * task. h *
BaseType_t xTaskNotifyAndQueryIndexedFromISR( TaskHandle_t xTaskToNotify, UBaseType_t uxIndexToNotify, uint32_t ulValue, eNotifyAction eAction, uint32_t *pulPreviousNotificationValue, BaseType_t *pxHigherPriorityTaskWoken );
@@ -9123,6 +12174,11 @@ BaseType_t xTaskGenericNotifyFromISR( TaskHandle_t xTaskToNotify, * \defgroup xTaskNotifyAndQueryIndexedFromISR xTaskNotifyAndQueryIndexedFromISR * \ingroup TaskNotifications */ + + + + + /** * task. h *
@@ -9232,6 +12288,11 @@ BaseType_t xTaskGenericNotifyWait( UBaseType_t uxIndexToWaitOn,
                                    uint32_t ulBitsToClearOnExit,
                                    uint32_t * pulNotificationValue,
                                    TickType_t xTicksToWait ) ;
+
+
+
+
+
 /**
  * task. h
  * 
BaseType_t xTaskNotifyGiveIndexed( TaskHandle_t xTaskToNotify, UBaseType_t uxIndexToNotify );
@@ -9302,6 +12363,11 @@ BaseType_t xTaskGenericNotifyWait( UBaseType_t uxIndexToWaitOn, * \defgroup xTaskNotifyGiveIndexed xTaskNotifyGiveIndexed * \ingroup TaskNotifications */ + + + + + /** * task. h *
void vTaskNotifyGiveIndexedFromISR( TaskHandle_t xTaskHandle, UBaseType_t uxIndexToNotify, BaseType_t *pxHigherPriorityTaskWoken );
@@ -9382,6 +12448,11 @@ BaseType_t xTaskGenericNotifyWait( UBaseType_t uxIndexToWaitOn, void vTaskGenericNotifyGiveFromISR( TaskHandle_t xTaskToNotify, UBaseType_t uxIndexToNotify, BaseType_t * pxHigherPriorityTaskWoken ) ; + + + + + /** * task. h *
@@ -9483,6 +12554,11 @@ void vTaskGenericNotifyGiveFromISR( TaskHandle_t xTaskToNotify,
 uint32_t ulTaskGenericNotifyTake( UBaseType_t uxIndexToWaitOn,
                                   BaseType_t xClearCountOnExit,
                                   TickType_t xTicksToWait ) ;
+
+
+
+
+
 /**
  * task. h
  * 
@@ -9542,6 +12618,11 @@ uint32_t ulTaskGenericNotifyTake( UBaseType_t uxIndexToWaitOn,
  */
 BaseType_t xTaskGenericNotifyStateClear( TaskHandle_t xTask,
                                          UBaseType_t uxIndexToClear ) ;
+
+
+
+
+
 /**
  * task. h
  * 
@@ -9603,6 +12684,11 @@ BaseType_t xTaskGenericNotifyStateClear( TaskHandle_t xTask,
 uint32_t ulTaskGenericNotifyValueClear( TaskHandle_t xTask,
                                         UBaseType_t uxIndexToClear,
                                         uint32_t ulBitsToClear ) ;
+
+
+
+
+
 /**
  * task.h
  * 
@@ -9618,6 +12704,7 @@ uint32_t ulTaskGenericNotifyValueClear( TaskHandle_t xTask,
  * \ingroup TaskCtrl
  */
 void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut ) ;
+
 /**
  * task.h
  * 
@@ -9703,6 +12790,7 @@ void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut ) ;
  */
 BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
                                  TickType_t * const pxTicksToWait ) ;
+
 /**
  * task.h
  * 
@@ -9730,9 +12818,12 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
  * \ingroup TaskCtrl
  */
 BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp ) ;
+
+
 /*-----------------------------------------------------------
 * SCHEDULER INTERNALS AVAILABLE FOR PORTING PURPOSES
 *----------------------------------------------------------*/
+
 /*
  * THIS FUNCTION MUST NOT BE USED FROM APPLICATION CODE.  IT IS ONLY
  * INTENDED FOR USE WHEN IMPLEMENTING A PORT OF THE SCHEDULER AND IS
@@ -9749,6 +12840,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp ) ;
  *     currently running task.
  */
 BaseType_t xTaskIncrementTick( void ) ;
+
 /*
  * THIS FUNCTION MUST NOT BE USED FROM APPLICATION CODE.  IT IS AN
  * INTERFACE WHICH IS FOR THE EXCLUSIVE USE OF THE SCHEDULER.
@@ -9785,6 +12877,7 @@ void vTaskPlaceOnEventList( List_t * const pxEventList,
 void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                      const TickType_t xItemValue,
                                      const TickType_t xTicksToWait ) ;
+
 /*
  * THIS FUNCTION MUST NOT BE USED FROM APPLICATION CODE.  IT IS AN
  * INTERFACE WHICH IS FOR THE EXCLUSIVE USE OF THE SCHEDULER.
@@ -9799,6 +12892,7 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
 void vTaskPlaceOnEventListRestricted( List_t * const pxEventList,
                                       TickType_t xTicksToWait,
                                       const BaseType_t xWaitIndefinitely ) ;
+
 /*
  * THIS FUNCTION MUST NOT BE USED FROM APPLICATION CODE.  IT IS AN
  * INTERFACE WHICH IS FOR THE EXCLUSIVE USE OF THE SCHEDULER.
@@ -9826,6 +12920,7 @@ void vTaskPlaceOnEventListRestricted( List_t * const pxEventList,
 BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList ) ;
 void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
                                         const TickType_t xItemValue ) ;
+
 /*
  * THIS FUNCTION MUST NOT BE USED FROM APPLICATION CODE.  IT IS ONLY
  * INTENDED FOR USE WHEN IMPLEMENTING A PORT OF THE SCHEDULER AND IS
@@ -9835,39 +12930,47 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
  * that is ready to run.
  */
 __attribute__( ( used ) ) void vTaskSwitchContext( BaseType_t xCoreID ) ;
+
 /*
  * THESE FUNCTIONS MUST NOT BE USED FROM APPLICATION CODE.  THEY ARE USED BY
  * THE EVENT BITS MODULE.
  */
 TickType_t uxTaskResetEventItemValue( void ) ;
+
 /*
  * Return the handle of the calling task.
  */
 TaskHandle_t xTaskGetCurrentTaskHandle( void ) ;
+
 /*
  * Return the handle of the task running on specified core.
  */
 TaskHandle_t xTaskGetCurrentTaskHandleCPU( UBaseType_t xCoreID ) ;
+
 /*
  * Shortcut used by the queue implementation to prevent unnecessary call to
  * taskYIELD();
  */
 void vTaskMissedYield( void ) ;
+
 /*
  * Returns the scheduler state as taskSCHEDULER_RUNNING,
  * taskSCHEDULER_NOT_STARTED or taskSCHEDULER_SUSPENDED.
  */
 BaseType_t xTaskGetSchedulerState( void ) ;
+
 /*
  * Raises the priority of the mutex holder to that of the calling task should
  * the mutex holder have a priority less than the calling task.
  */
 BaseType_t xTaskPriorityInherit( TaskHandle_t const pxMutexHolder ) ;
+
 /*
  * Set the priority of a task back to its proper priority in the case that it
  * inherited a higher priority while it was holding a semaphore.
  */
 BaseType_t xTaskPriorityDisinherit( TaskHandle_t const pxMutexHolder ) ;
+
 /*
  * If a higher priority task attempting to obtain a mutex caused a lower
  * priority task to inherit the higher priority task's priority - but the higher
@@ -9878,16 +12981,19 @@ BaseType_t xTaskPriorityDisinherit( TaskHandle_t const pxMutexHolder ) ;
  */
 void vTaskPriorityDisinheritAfterTimeout( TaskHandle_t const pxMutexHolder,
                                           UBaseType_t uxHighestPriorityWaitingTask ) ;
+
 /*
  * Get the uxTCBNumber assigned to the task referenced by the xTask parameter.
  */
 UBaseType_t uxTaskGetTaskNumber( TaskHandle_t xTask ) ;
+
 /*
  * Set the uxTaskNumber of the task referenced by the xTask parameter to
  * uxHandle.
  */
 void vTaskSetTaskNumber( TaskHandle_t xTask,
                          const UBaseType_t uxHandle ) ;
+
 /*
  * Only available when configUSE_TICKLESS_IDLE is set to 1.
  * If tickless mode is being used, or a low power mode is implemented, then
@@ -9897,6 +13003,7 @@ void vTaskSetTaskNumber( TaskHandle_t xTask,
  * equal to the idle period.
  */
 void vTaskStepTick( const TickType_t xTicksToJump ) ;
+
 /*
  * Only available when configUSE_TICKLESS_IDLE is set to 1.
  * Provided for use within portSUPPRESS_TICKS_AND_SLEEP() to allow the port
@@ -9912,23 +13019,32 @@ void vTaskStepTick( const TickType_t xTicksToJump ) ;
  * entered to ensure it is ok to proceed into the sleep mode.
  */
 eSleepModeStatus eTaskConfirmSleepModeStatus( void ) ;
+
 /*
  * For internal use only.  Increment the mutex held count when a mutex is
  * taken and return the handle of the task that has taken the mutex.
  */
 TaskHandle_t pvTaskIncrementMutexHeldCount( void ) ;
+
 /*
  * For internal use only.  Same as vTaskSetTimeOutState(), but without a critical
  * section.
  */
 void vTaskInternalSetTimeOutState( TimeOut_t * const pxTimeOut ) ;
+
 /*
  * For internal use only. Same as portYIELD_WITHIN_API() in single core FreeRTOS.
  * For SMP this is not defined by the port.
  */
 void vTaskYieldWithinAPI( void );
+
 /* *INDENT-OFF* */
+
+
+
 /* *INDENT-ON* */
+// # 39 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c" 2
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
@@ -9954,19 +13070,28 @@ void vTaskYieldWithinAPI( void );
  * https://github.com/FreeRTOS
  *
  */
+// # 35 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h"
 /*lint -save -e537 This headers are only multiply included if the application code
  * happens to also be including task.h. */
+
 /*lint -restore */
+
 /* *INDENT-OFF* */
+
+
+
 /* *INDENT-ON* */
+
 /*-----------------------------------------------------------
 * MACROS AND DEFINITIONS
 *----------------------------------------------------------*/
+
 /* IDs for commands that can be sent/received on the timer queue.  These are to
  * be used solely through the macros that make up the public software timer API,
  * as defined below.  The commands that are sent from interrupts must use the
  * highest numbers as tmrFIRST_FROM_ISR_COMMAND is used to determine if the task
  * or interrupt version of the queue send function should be used. */
+// # 71 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h"
 /**
  * Type by which software timers are referenced.  For example, a call to
  * xTimerCreate() returns an TimerHandle_t variable that can then be used to
@@ -9975,16 +13100,19 @@ void vTaskYieldWithinAPI( void );
  */
 struct tmrTimerControl; /* The old naming convention is used to prevent breaking kernel aware debuggers. */
 typedef struct tmrTimerControl * TimerHandle_t;
+
 /*
  * Defines the prototype to which timer callback functions must conform.
  */
 typedef void (* TimerCallbackFunction_t)( TimerHandle_t xTimer );
+
 /*
  * Defines the prototype to which functions used with the
  * xTimerPendFunctionCallFromISR() function must conform.
  */
 typedef void (* PendedFunction_t)( void *,
                                    uint32_t );
+
 /**
  * TimerHandle_t xTimerCreate(  const char * const pcTimerName,
  *                              TickType_t xTimerPeriodInTicks,
@@ -10122,11 +13250,14 @@ typedef void (* PendedFunction_t)( void *,
  * }
  * @endverbatim
  */
+
     TimerHandle_t xTimerCreate( const char * const pcTimerName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */
                                 const TickType_t xTimerPeriodInTicks,
                                 const UBaseType_t uxAutoReload,
                                 void * const pvTimerID,
                                 TimerCallbackFunction_t pxCallbackFunction ) ;
+
+
 /**
  * TimerHandle_t xTimerCreateStatic(const char * const pcTimerName,
  *                                  TickType_t xTimerPeriodInTicks,
@@ -10249,6 +13380,7 @@ typedef void (* PendedFunction_t)( void *,
  * }
  * @endverbatim
  */
+// # 368 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h"
 /**
  * void *pvTimerGetTimerID( TimerHandle_t xTimer );
  *
@@ -10270,6 +13402,7 @@ typedef void (* PendedFunction_t)( void *,
  * See the xTimerCreate() API function example usage scenario.
  */
 void * pvTimerGetTimerID( const TimerHandle_t xTimer ) ;
+
 /**
  * void vTimerSetTimerID( TimerHandle_t xTimer, void *pvNewID );
  *
@@ -10291,6 +13424,7 @@ void * pvTimerGetTimerID( const TimerHandle_t xTimer ) ;
  */
 void vTimerSetTimerID( TimerHandle_t xTimer,
                        void * pvNewID ) ;
+
 /**
  * BaseType_t xTimerIsTimerActive( TimerHandle_t xTimer );
  *
@@ -10327,6 +13461,7 @@ void vTimerSetTimerID( TimerHandle_t xTimer,
  * @endverbatim
  */
 BaseType_t xTimerIsTimerActive( TimerHandle_t xTimer ) ;
+
 /**
  * TaskHandle_t xTimerGetTimerDaemonTaskHandle( void );
  *
@@ -10334,6 +13469,7 @@ BaseType_t xTimerIsTimerActive( TimerHandle_t xTimer ) ;
  * to call xTimerGetTimerDaemonTaskHandle() before the scheduler has been started.
  */
 TaskHandle_t xTimerGetTimerDaemonTaskHandle( void ) ;
+
 /**
  * BaseType_t xTimerStart( TimerHandle_t xTimer, TickType_t xTicksToWait );
  *
@@ -10384,6 +13520,9 @@ TaskHandle_t xTimerGetTimerDaemonTaskHandle( void ) ;
  * See the xTimerCreate() API function example usage scenario.
  *
  */
+
+
+
 /**
  * BaseType_t xTimerStop( TimerHandle_t xTimer, TickType_t xTicksToWait );
  *
@@ -10424,6 +13563,9 @@ TaskHandle_t xTimerGetTimerDaemonTaskHandle( void ) ;
  * See the xTimerCreate() API function example usage scenario.
  *
  */
+
+
+
 /**
  * BaseType_t xTimerChangePeriod(   TimerHandle_t xTimer,
  *                                  TickType_t xNewPeriod,
@@ -10502,6 +13644,9 @@ TaskHandle_t xTimerGetTimerDaemonTaskHandle( void ) ;
  * }
  * @endverbatim
  */
+
+
+
 /**
  * BaseType_t xTimerDelete( TimerHandle_t xTimer, TickType_t xTicksToWait );
  *
@@ -10538,6 +13683,9 @@ TaskHandle_t xTimerGetTimerDaemonTaskHandle( void ) ;
  *
  * See the xTimerChangePeriod() API function example usage scenario.
  */
+
+
+
 /**
  * BaseType_t xTimerReset( TimerHandle_t xTimer, TickType_t xTicksToWait );
  *
@@ -10660,6 +13808,9 @@ TaskHandle_t xTimerGetTimerDaemonTaskHandle( void ) ;
  * }
  * @endverbatim
  */
+
+
+
 /**
  * BaseType_t xTimerStartFromISR(   TimerHandle_t xTimer,
  *                                  BaseType_t *pxHigherPriorityTaskWoken );
@@ -10744,6 +13895,9 @@ TaskHandle_t xTimerGetTimerDaemonTaskHandle( void ) ;
  * }
  * @endverbatim
  */
+
+
+
 /**
  * BaseType_t xTimerStopFromISR(    TimerHandle_t xTimer,
  *                                  BaseType_t *pxHigherPriorityTaskWoken );
@@ -10805,6 +13959,9 @@ TaskHandle_t xTimerGetTimerDaemonTaskHandle( void ) ;
  * }
  * @endverbatim
  */
+
+
+
 /**
  * BaseType_t xTimerChangePeriodFromISR( TimerHandle_t xTimer,
  *                                       TickType_t xNewPeriod,
@@ -10876,6 +14033,9 @@ TaskHandle_t xTimerGetTimerDaemonTaskHandle( void ) ;
  * }
  * @endverbatim
  */
+
+
+
 /**
  * BaseType_t xTimerResetFromISR(   TimerHandle_t xTimer,
  *                                  BaseType_t *pxHigherPriorityTaskWoken );
@@ -10960,6 +14120,10 @@ TaskHandle_t xTimerGetTimerDaemonTaskHandle( void ) ;
  * }
  * @endverbatim
  */
+
+
+
+
 /**
  * BaseType_t xTimerPendFunctionCallFromISR( PendedFunction_t xFunctionToPend,
  *                                          void *pvParameter1,
@@ -11052,6 +14216,7 @@ BaseType_t xTimerPendFunctionCallFromISR( PendedFunction_t xFunctionToPend,
                                           void * pvParameter1,
                                           uint32_t ulParameter2,
                                           BaseType_t * pxHigherPriorityTaskWoken ) ;
+
 /**
  * BaseType_t xTimerPendFunctionCall( PendedFunction_t xFunctionToPend,
  *                                    void *pvParameter1,
@@ -11088,6 +14253,7 @@ BaseType_t xTimerPendFunctionCall( PendedFunction_t xFunctionToPend,
                                    void * pvParameter1,
                                    uint32_t ulParameter2,
                                    TickType_t xTicksToWait ) ;
+
 /**
  * const char * const pcTimerGetName( TimerHandle_t xTimer );
  *
@@ -11098,6 +14264,7 @@ BaseType_t xTimerPendFunctionCall( PendedFunction_t xFunctionToPend,
  * @return The name assigned to the timer specified by the xTimer parameter.
  */
 const char * pcTimerGetName( TimerHandle_t xTimer ) ; /*lint !e971 Unqualified char types are allowed for strings and single characters only. */
+
 /**
  * void vTimerSetReloadMode( TimerHandle_t xTimer, const UBaseType_t uxAutoReload );
  *
@@ -11115,6 +14282,7 @@ const char * pcTimerGetName( TimerHandle_t xTimer ) ; /*lint !e971 Unqualified c
  */
 void vTimerSetReloadMode( TimerHandle_t xTimer,
                           const UBaseType_t uxAutoReload ) ;
+
 /**
  * UBaseType_t uxTimerGetReloadMode( TimerHandle_t xTimer );
  *
@@ -11128,6 +14296,7 @@ void vTimerSetReloadMode( TimerHandle_t xTimer,
  * pdFALSE is returned.
  */
 UBaseType_t uxTimerGetReloadMode( TimerHandle_t xTimer ) ;
+
 /**
  * TickType_t xTimerGetPeriod( TimerHandle_t xTimer );
  *
@@ -11138,6 +14307,7 @@ UBaseType_t uxTimerGetReloadMode( TimerHandle_t xTimer ) ;
  * @return The period of the timer in ticks.
  */
 TickType_t xTimerGetPeriod( TimerHandle_t xTimer ) ;
+
 /**
  * TickType_t xTimerGetExpiryTime( TimerHandle_t xTimer );
  *
@@ -11152,11 +14322,13 @@ TickType_t xTimerGetPeriod( TimerHandle_t xTimer ) ;
  * value is undefined.
  */
 TickType_t xTimerGetExpiryTime( TimerHandle_t xTimer ) ;
+
 /*
  * Functions beyond this part are not part of the public API and are intended
  * for use by the kernel only.
  */
 BaseType_t xTimerCreateTimerTask( void ) ;
+
 /*
  * Splitting the xTimerGenericCommand into two sub functions and making it a macro
  * removes a recursion path when called from ISRs. This is primarily for the XCore
@@ -11168,16 +14340,30 @@ BaseType_t xTimerGenericCommandFromTask( TimerHandle_t xTimer,
                                          const TickType_t xOptionalValue,
                                          BaseType_t * const pxHigherPriorityTaskWoken,
                                          const TickType_t xTicksToWait ) ;
+
 BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
                                         const BaseType_t xCommandID,
                                         const TickType_t xOptionalValue,
                                         BaseType_t * const pxHigherPriorityTaskWoken,
                                         const TickType_t xTicksToWait ) ;
+
+
+
+
+
+
+
     void vTimerSetTimerNumber( TimerHandle_t xTimer,
                                UBaseType_t uxTimerNumber ) ;
     UBaseType_t uxTimerGetTimerNumber( TimerHandle_t xTimer ) ;
+// # 1364 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h"
 /* *INDENT-OFF* */
+
+
+
 /* *INDENT-ON* */
+// # 40 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c" 2
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
@@ -11203,6 +14389,10 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
  * https://github.com/FreeRTOS
  *
  */
+
+
+
+
 /*
  * Call the stack overflow hook function if the stack of the task being swapped
  * out is currently overflowed, or looks like it might have overflowed in the
@@ -11216,65 +14406,123 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
  * overwritten.  Note this second test does not guarantee that an overflowed
  * stack will always be recognised.
  */
+
 /*-----------------------------------------------------------*/
+
 /*
  * portSTACK_LIMIT_PADDING is a number of extra words to consider to be in
  * use on the stack.
  */
+// # 67 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h"
 /*-----------------------------------------------------------*/
+// # 83 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h"
 /*-----------------------------------------------------------*/
+// # 102 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h"
 /*-----------------------------------------------------------*/
+// # 126 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h"
 /*-----------------------------------------------------------*/
+
 /* Remove stack overflow macro if not being used. */
+// # 41 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c" 2
 
 /* Lint e9021, e961 and e750 are suppressed as a MISRA exception justified
  * because the MPU ports require MPU_WRAPPERS_INCLUDED_FROM_API_FILE to be defined
  * for the header files above, but not in this file, in order to generate the
  * correct privileged Vs unprivileged linkage and placement. */
+
+
 /* Set configUSE_STATS_FORMATTING_FUNCTIONS to 2 to include the stats formatting
  * functions but without including stdio.h here. */
+// # 68 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
 /* Values that can be assigned to the ucNotifyState member of the TCB. */
+
+
+
+
 /*
  * The value used to fill the stack of a task when the task is created.  This
  * is used purely for checking the high water mark for tasks.
  */
+
+
 /* Bits used to record how a task's stack and TCB were allocated. */
+
+
+
+
 /* If any of the following are set then task stacks are filled with a known
  * value so the high water mark can be determined.  If none of the following are
  * set then don't fill the stack so there is no unnecessary dependency on memset. */
+
+
+
+
+
+
 /*
  * Macros used by vListTask to indicate which state a task is in.
  */
+
+
+
+
+
+
 /*
  * Some kernel aware debuggers require the data the debugger needs access to to
  * be global, rather than file scope.
  */
+
+
+
+
 /* The name allocated to the Idle task.  This can be overridden by defining
  * configIDLE_TASK_NAME in FreeRTOSConfig.h. */
+
+
+
+
+
+
 /* If configUSE_PORT_OPTIMISED_TASK_SELECTION is 0 then task selection is
  * performed in a generic way that is not optimised to any particular
  * microcontroller architecture. */
+
 /* uxTopReadyPriority holds the priority of the highest priority ready
  * state task. */
+// # 132 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
     /*-----------------------------------------------------------*/
+
 /* Define away taskRESET_READY_PRIORITY() and portRESET_READY_PRIORITY() as
  * they are only required when a port optimised method of task selection is
  * being used. */
+// # 166 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
 /*-----------------------------------------------------------*/
+
 /* pxDelayedTaskList and pxOverflowDelayedTaskList are switched when the tick
  * count overflows. */
+// # 184 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
 /*-----------------------------------------------------------*/
+
 /*
  * Place the task represented by pxTCB into the appropriate ready list for
  * the task.  It is inserted at the end of the list.
  */
+
+
+
+
+
 /*-----------------------------------------------------------*/
+
 /*
  * Several functions take a TaskHandle_t parameter that can optionally be NULL,
  * where NULL is used to indicate that the handle of the currently executing
  * task should be used in place of the parameter.  This macro simply checks to
  * see if the parameter is NULL and returns a pointer to the appropriate TCB.
  */
+
+
 /* The item value of the event list item is normally used to hold the priority
  * of the task to which it belongs (coded to allow it to be held in reverse
  * priority order).  However, it is occasionally borrowed for other purposes.  It
@@ -11283,10 +14531,23 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
  * the scheduler that the value should not be changed - in which case it is the
  * responsibility of whichever module is using the value to ensure it gets set back
  * to its original value when it is released. */
+
+
+
+
+
+
 /* Indicates that the task is not actively running on any core. */
+
+
 /* Indicates that the task is actively running but scheduled to yield. */
+
+
 /* Returns pdTRUE if the task is actively running and not scheduled to yield. */
+
+
 typedef BaseType_t TaskRunning_t;
+
 /*
  * Task control block.  A task control block (TCB) is allocated for each task,
  * and stores task state information, including a pointer to the task's context
@@ -11295,6 +14556,7 @@ typedef BaseType_t TaskRunning_t;
 typedef struct tskTaskControlBlock /* The old naming convention is used to prevent breaking kernel aware debuggers. */
 {
     volatile StackType_t * pxTopOfStack; /*< Points to the location of the last item placed on the tasks stack.  THIS MUST BE THE FIRST MEMBER OF THE TCB STRUCT. */
+// # 247 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
     ListItem_t xStateListItem; /*< The list that the state list item of a task is reference from denotes the state of that task (Ready, Blocked, Suspended ). */
     ListItem_t xEventListItem; /*< Used to reference a task from an event list. */
     UBaseType_t uxPriority; /*< The priority of the task.  0 is the lowest priority. */
@@ -11302,24 +14564,55 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve
     volatile TaskRunning_t xTaskRunState; /*< Used to identify the core the task is running on, if any. */
     BaseType_t xIsIdle; /*< Used to identify the idle tasks. */
     char pcTaskName[ 16 ]; /*< Descriptive name given to the task when created.  Facilitates debugging only. */ /*lint !e971 Unqualified char types are allowed for strings and single characters only. */
+// # 264 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
         UBaseType_t uxCriticalNesting; /*< Holds the critical section nesting depth for ports that do not maintain their own count in the port layer. */
+
+
+
         UBaseType_t uxTCBNumber; /*< Stores a number that increments each time a TCB is created.  It allows debuggers to determine when a task has been deleted and then recreated. */
         UBaseType_t uxTaskNumber; /*< Stores a number specifically for use by third party trace code. */
+
+
+
         UBaseType_t uxBasePriority; /*< The priority last assigned to the task - used by the priority inheritance mechanism. */
         UBaseType_t uxMutexesHeld;
+
+
+
+
+
+
+
         void * pvThreadLocalStoragePointers[ 5 ];
+// # 304 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
         volatile uint32_t ulNotifiedValue[ 1 ];
         volatile uint8_t ucNotifyState[ 1 ];
+
+
     /* See the comments in FreeRTOS.h with the definition of
      * tskSTATIC_AND_DYNAMIC_ALLOCATION_POSSIBLE. */
+
+
+
+
+
         uint8_t ucDelayAborted;
+
+
+
+
+
 } tskTCB;
+
 /* The old tskTCB name is maintained above then typedefed to the new TCB_t name
  * below to enable the use of older kernel aware debuggers. */
 typedef tskTCB TCB_t;
+
 /*lint -save -e956 A manual analysis and inspection has been used to determine
  * which static variables must be declared volatile. */
                 TCB_t * volatile pxCurrentTCBs[ 1 ] = { ((void*)0) };
+
+
 /* Lists for ready and blocked tasks. --------------------
  * xDelayedTaskList1 and xDelayedTaskList2 could be moved to function scope but
  * doing so breaks some kernel aware debuggers and debuggers that rely on removing
@@ -11330,11 +14623,26 @@ typedef tskTCB TCB_t;
                 static List_t * volatile pxDelayedTaskList; /*< Points to the delayed task list currently being used. */
                 static List_t * volatile pxOverflowDelayedTaskList; /*< Points to the delayed task list currently being used to hold tasks that have overflowed the current tick count. */
                 static List_t xPendingReadyList; /*< Tasks that have been readied while the scheduler was suspended.  They will be moved to the ready list when the scheduler is resumed. */
+
+
+
                     static List_t xTasksWaitingTermination; /*< Tasks that have been deleted - but their memory not yet freed. */
                     static volatile UBaseType_t uxDeletedTasksWaitingCleanUp = ( UBaseType_t ) 0U;
+
+
+
+
+
                     static List_t xSuspendedTaskList; /*< Tasks that are currently suspended. */
+
+
+
 /* Global POSIX errno. Its value is changed upon context switching to match
  * the errno of the currently running task. */
+
+
+
+
 /* Other file private variables. --------------------------------*/
                 static volatile UBaseType_t uxCurrentNumberOfTasks = ( UBaseType_t ) 0U;
                 static volatile TickType_t xTickCount = ( TickType_t ) 0;
@@ -11346,10 +14654,14 @@ typedef tskTCB TCB_t;
                 static UBaseType_t uxTaskNumber = ( UBaseType_t ) 0U;
                 static volatile TickType_t xNextTaskUnblockTime = ( TickType_t ) 0U; /* Initialised to portMAX_DELAY before the scheduler starts. */
                 static TaskHandle_t xIdleTaskHandle[ 1 ] = { ((void*)0) }; /*< Holds the handle of the idle task.  The idle task is created automatically when the scheduler is started. */
+
+
+
 /* Improve support for OpenOCD. The kernel tracks Ready tasks via priority lists.
  * For tracking the state of remote threads, OpenOCD uses uxTopUsedPriority
  * to determine the number of priority lists to read back from the remote target. */
 const volatile UBaseType_t uxTopUsedPriority = 32 - 1U;
+
 /* Context switches are held pending while the scheduler is suspended.  Also,
  * interrupts must not manipulate the xStateListItem of a TCB, or any of the
  * lists the xStateListItem can be referenced from, if the scheduler is suspended.
@@ -11363,47 +14675,63 @@ const volatile UBaseType_t uxTopUsedPriority = 32 - 1U;
  * must not be done by an ISR. Reads must be protected by either lock and may be done by
  * either an ISR or a task. */
                 static volatile UBaseType_t uxSchedulerSuspended = ( UBaseType_t ) ( ( BaseType_t ) 0 );
+// # 404 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
 /*lint -restore */
+
 /*-----------------------------------------------------------*/
+
 /* File private functions. --------------------------------*/
+
 /*
  * Creates the idle tasks during scheduler start
  */
 static BaseType_t prvCreateIdleTasks( void );
+
 /*
  * Returns the yield pending count for the calling core.
  */
 static BaseType_t prvGetCurrentYieldPending( void );
+
 /*
  * Checks to see if another task moved the current task out of the ready
  * list while it was waiting to enter a critical section and yields if so.
  */
 static void prvCheckForRunStateChange( void );
+
 /*
  * Yields the given core.
  */
 static void prvYieldCore( BaseType_t xCoreID );
+
 /*
  * Yields a core, or cores if multiple priorities are not allowed to run
  * simultaneously, to allow the task pxTCB to run.
  */
 static void prvYieldForTask( TCB_t * pxTCB,
                              const BaseType_t xPreemptEqualPriority );
+
 /*
  * Selects the highest priority available task
  */
 static BaseType_t prvSelectHighestPriorityTask( const BaseType_t xCoreID );
+
 /**
  * Utility task that simply returns pdTRUE if the task referenced by xTask is
  * currently in the Suspended state, or pdFALSE if the task referenced by xTask
  * is in any other state.
  */
+
+
     static BaseType_t prvTaskIsTaskSuspended( const TaskHandle_t xTask ) ;
+
+
+
 /*
  * Utility to ready all the lists used by the scheduler.  This is called
  * automatically upon the creation of the first task.
  */
 static void prvInitialiseTaskLists( void ) ;
+
 /*
  * The idle task, which as all tasks is implemented as a never ending loop.
  * The idle task is automatically created and added to the ready lists upon
@@ -11411,6 +14739,10 @@ static void prvInitialiseTaskLists( void ) ;
  *
  */
 static void prvIdleTask( void * pvParameters ) ;
+
+
+
+
 /*
  * Utility to free all memory allocated by the scheduler to hold a TCB,
  * including the stack pointed to by the TCB.
@@ -11418,19 +14750,26 @@ static void prvIdleTask( void * pvParameters ) ;
  * This does not free memory allocated by the task itself (i.e. memory
  * allocated by calls to pvPortMalloc from within the tasks application code).
  */
+
+
     static void prvDeleteTCB( TCB_t * pxTCB ) ;
+
+
+
 /*
  * Used only by the idle task.  This checks to see if anything has been placed
  * in the list of tasks waiting to be deleted.  If so the task is cleaned up
  * and its TCB deleted.
  */
 static void prvCheckTasksWaitingTermination( void ) ;
+
 /*
  * The currently executing task is entering the Blocked state.  Add the task to
  * either the current or the overflow delayed task list.
  */
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                                             const BaseType_t xCanBlockIndefinitely ) ;
+
 /*
  * Fills an TaskStatus_t structure with information on each task that is
  * referenced from the pxList list (which may be a ready list, a delayed list,
@@ -11439,21 +14778,36 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
  * THIS FUNCTION IS INTENDED FOR DEBUGGING ONLY, AND SHOULD NOT BE CALLED FROM
  * NORMAL APPLICATION CODE.
  */
+
+
     static UBaseType_t prvListTasksWithinSingleList( TaskStatus_t * pxTaskStatusArray,
                                                      List_t * pxList,
                                                      eTaskState eState ) ;
+
+
+
 /*
  * Searches pxList for a task with name pcNameToQuery - returning a handle to
  * the task if it is found, or NULL if the task is not found.
  */
+
+
     static TCB_t * prvSearchForNameWithinSingleList( List_t * pxList,
                                                      const char pcNameToQuery[] ) ;
+
+
+
 /*
  * When a task is created, the stack of the task is filled with a known value.
  * This function determines the 'high water mark' of the task stack by
  * determining how much of the stack remains at the original preset value.
  */
+
+
     static uint32_t prvTaskCheckFreeStackSpace( const uint8_t * pucStackByte ) ;
+
+
+
 /*
  * Return the amount of time, in ticks, that will pass before the kernel will
  * next move a task from the Blocked state to the Running state.
@@ -11463,11 +14817,18 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
  * defined low power mode implementations require configUSE_TICKLESS_IDLE to be
  * set to a value other than 1.
  */
+
+
+
+
+
+
 /*
  * Set xNextTaskUnblockTime to the time at which the next Blocked state task
  * will exit the Blocked state.
  */
 static void prvResetNextTaskUnblockTime( void ) ;
+// # 568 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
 /*
  * Called after a Task_t structure has been allocated either statically or
  * dynamically to fill in the structure's members.
@@ -11480,32 +14841,46 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
                                   TaskHandle_t * const pxCreatedTask,
                                   TCB_t * pxNewTCB,
                                   const MemoryRegion_t * const xRegions ) ;
+
 /*
  * Called after a new task has been created and initialised to place the task
  * under the control of the scheduler.
  */
 static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) ;
+
 /*
  * freertos_tasks_c_additions_init() should only be called if the user definable
  * macro FREERTOS_TASKS_C_ADDITIONS_INIT() is defined, as that is the only macro
  * called by the function.
  */
+
+
+
+
+
+
 /*-----------------------------------------------------------*/
+
 static BaseType_t prvGetCurrentYieldPending( void )
 {
     BaseType_t xReturn;
     UBaseType_t ulState;
+
     ulState = ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;});
     xReturn = xYieldPendings[ 0 ];
     __asm volatile ("msr PRIMASK,%0"::"r" (ulState) : );
+
     return xReturn;
 }
+
 /*-----------------------------------------------------------*/
+
 static void prvCheckForRunStateChange( void )
 {
     UBaseType_t uxPrevCriticalNesting;
     UBaseType_t uxPrevSchedulerSuspended;
     TCB_t * pxThisTCB;
+
     /* This should be skipped when entering a critical section within
      * an ISR. If the task on the current core is no longer running, then
      * vTaskSwitchContext() probably should be run before returning, but
@@ -11515,6 +14890,7 @@ static void prvCheckForRunStateChange( void )
         /* This function is always called with interrupts disabled
          * so this is safe. */
         pxThisTCB = pxCurrentTCBs[ 0 ];
+
         while( pxThisTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )
         {
             /* We are only here if we just entered a critical section
@@ -11525,13 +14901,17 @@ static void prvCheckForRunStateChange( void )
             * the suspension and critical nesting counts, as well as release
             * and reacquire the correct locks. And then do it all over again
             * if our state changed again during the reacquisition. */
+
             uxPrevCriticalNesting = pxThisTCB->uxCriticalNesting;
             uxPrevSchedulerSuspended = uxSchedulerSuspended;
+
             /* this must only be called the first time we enter into a critical
              * section, otherwise it could context switch in the middle of a
              * critical section. */
             (__builtin_expect(!(uxPrevCriticalNesting + uxPrevSchedulerSuspended == 1U), 0) ? __assert_rtn(__func__, "tasks.c", 647, "uxPrevCriticalNesting + uxPrevSchedulerSuspended == 1U") : (void)0);
+
             uxSchedulerSuspended = 0U;
+
             if( uxPrevCriticalNesting > 0U )
             {
                 pxThisTCB->uxCriticalNesting = 0U;
@@ -11543,18 +14923,23 @@ static void prvCheckForRunStateChange( void )
                 /* uxPrevSchedulerSuspended must be 1 */
                 vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 0 ));
             }
+
             __asm volatile ( "" ::: "memory" );
             (__builtin_expect(!(pxThisTCB->xTaskRunState == ( TaskRunning_t ) ( -2 )), 0) ? __assert_rtn(__func__, "tasks.c", 664, "pxThisTCB->xTaskRunState == ( TaskRunning_t ) ( -2 )") : (void)0);
+
             vPortEnableInterrupts();
+
             /* Enabling interrupts should cause this core to immediately
              * service the pending interrupt and yield. If the run state is still
              * yielding here then that is a problem. */
             (__builtin_expect(!(pxThisTCB->xTaskRunState != ( TaskRunning_t ) ( -2 )), 0) ? __assert_rtn(__func__, "tasks.c", 671, "pxThisTCB->xTaskRunState != ( TaskRunning_t ) ( -2 )") : (void)0);
+
             ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;});
             vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 1 ));
             vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 1 ));
             xTaskGetCurrentTaskHandle()->uxCriticalNesting = uxPrevCriticalNesting;
             uxSchedulerSuspended = uxPrevSchedulerSuspended;
+
             if( uxPrevCriticalNesting == 0U )
             {
                 /* uxPrevSchedulerSuspended must be 1 */
@@ -11564,11 +14949,14 @@ static void prvCheckForRunStateChange( void )
         }
     }
 }
+
 /*-----------------------------------------------------------*/
+
 static void prvYieldCore( BaseType_t xCoreID )
 {
     /* This must be called from a critical section and
      * xCoreID must be valid. */
+
     if( ({ uint32_t ulIPSR; __asm volatile ("mrs %0, IPSR" : "=r" (ulIPSR)::); ((uint8_t)ulIPSR)>0;}) && ( xCoreID == 0 ) )
     {
         xYieldPendings[ xCoreID ] = ( ( BaseType_t ) 1 );
@@ -11586,7 +14974,9 @@ static void prvYieldCore( BaseType_t xCoreID )
         }
     }
 }
+
 /*-----------------------------------------------------------*/
+
 static void prvYieldForTask( TCB_t * pxTCB,
                              const BaseType_t xPreemptEqualPriority )
 {
@@ -11596,25 +14986,39 @@ static void prvYieldForTask( TCB_t * pxTCB,
     BaseType_t xYieldCount = 0;
     BaseType_t x;
     TaskRunning_t xTaskRunState;
+
     /* THIS FUNCTION MUST BE CALLED FROM A CRITICAL SECTION */
+
     (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn(__func__, "tasks.c", 728, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+// # 741 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
     xLowestPriority = ( BaseType_t ) pxTCB->uxPriority;
+
     if( xPreemptEqualPriority == ( ( BaseType_t ) 0 ) )
     {
         /* xLowestPriority will be decremented to -1 if the priority of pxTCB
          * is 0. This is ok as we will give system idle tasks a priority of -1 below. */
         --xLowestPriority;
     }
+
     for( x = ( BaseType_t ) 0; x < ( BaseType_t ) 1; x++ )
     {
         /* System idle tasks are being assigned a priority of tskIDLE_PRIORITY - 1 here */
         xTaskPriority = ( BaseType_t ) pxCurrentTCBs[ x ]->uxPriority - pxCurrentTCBs[ x ]->xIsIdle;
         xTaskRunState = pxCurrentTCBs[ x ]->xTaskRunState;
+
         if( ( ( ( 0 <= xTaskRunState ) && ( xTaskRunState < 1 ) ) != ( ( BaseType_t ) 0 ) ) && ( xYieldPendings[ x ] == ( ( BaseType_t ) 0 ) ) )
         {
             if( xTaskPriority <= xLowestPriority )
             {
+
+
+
+
+
                 {
+
+
+
                     {
                         xLowestPriority = xTaskPriority;
                         xLowestPriorityCore = x;
@@ -11625,53 +15029,77 @@ static void prvYieldForTask( TCB_t * pxTCB,
             {
                                         ;
             }
+// # 795 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
         }
         else
         {
                                     ;
         }
     }
+
     if( ( xYieldCount == 0 ) && ( ( BaseType_t ) ( ( 0 <= xLowestPriorityCore ) && ( xLowestPriorityCore < 1 ) ) ) )
     {
         prvYieldCore( xLowestPriorityCore );
         xYieldCount++;
     }
+// # 815 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
 }
 /*-----------------------------------------------------------*/
+
+
+
     static BaseType_t prvSelectHighestPriorityTask( const BaseType_t xCoreID )
     {
         UBaseType_t uxCurrentPriority = uxTopReadyPriority;
         BaseType_t xTaskScheduled = ( ( BaseType_t ) 0 );
         BaseType_t xDecrementTopPriority = ( ( BaseType_t ) 1 );
+// # 833 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
         while( xTaskScheduled == ( ( BaseType_t ) 0 ) )
         {
+// # 847 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
             if( ( ( ( &( pxReadyTasksLists[ uxCurrentPriority ] ) )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) == ( ( BaseType_t ) 0 ) )
             {
                 List_t * const pxReadyList = &( pxReadyTasksLists[ uxCurrentPriority ] );
                 ListItem_t * pxLastTaskItem = pxReadyList->pxIndex->pxPrevious;
                 ListItem_t * pxTaskItem = pxLastTaskItem;
+
                 if( ( void * ) pxLastTaskItem == ( void * ) &( pxReadyList->xListEnd ) )
                 {
                     pxLastTaskItem = pxLastTaskItem->pxPrevious;
                 }
+
                 /* The ready task list for uxCurrentPriority is not empty, so uxTopReadyPriority
                  * must not be decremented any further */
                 xDecrementTopPriority = ( ( BaseType_t ) 0 );
+
                 do
                 {
                     TCB_t * pxTCB;
+
                     pxTaskItem = pxTaskItem->pxNext;
+
                     if( ( void * ) pxTaskItem == ( void * ) &( pxReadyList->xListEnd ) )
                     {
                         pxTaskItem = pxTaskItem->pxNext;
                     }
+
                     pxTCB = pxTaskItem->pvOwner;
+
                     /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */
+// # 892 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
                     if( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -1 ) )
                     {
+
+
+
+
+
                         {
                             /* If the task is not being executed by any core swap it in */
                             pxCurrentTCBs[ xCoreID ]->xTaskRunState = ( TaskRunning_t ) ( -1 );
+
+
+
                             pxTCB->xTaskRunState = ( TaskRunning_t ) xCoreID;
                             pxCurrentTCBs[ xCoreID ] = pxTCB;
                             xTaskScheduled = ( ( BaseType_t ) 1 );
@@ -11680,12 +15108,18 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     else if( pxTCB == pxCurrentTCBs[ xCoreID ] )
                     {
                         (__builtin_expect(!(( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )), 0) ? __assert_rtn(__func__, "tasks.c", 912, "( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )") : (void)0);
+
+
+
+
+
                         {
                             /* The task is already running on this core, mark it as scheduled */
                             pxTCB->xTaskRunState = ( TaskRunning_t ) xCoreID;
                             xTaskScheduled = ( ( BaseType_t ) 1 );
                         }
                     }
+
                     if( xTaskScheduled != ( ( BaseType_t ) 0 ) )
                     {
                         /* Once a task has been selected to run on this core,
@@ -11701,8 +15135,14 @@ static void prvYieldForTask( TCB_t * pxTCB,
                 if( xDecrementTopPriority != ( ( BaseType_t ) 0 ) )
                 {
                     uxTopReadyPriority--;
+
+
+
+
+
                 }
             }
+
             /* This function can get called by vTaskSuspend() before the scheduler is started.
              * In that case, since the idle tasks have not yet been created it is possible that we
              * won't find a new task to schedule. Return pdFALSE in this case. */
@@ -11710,16 +15150,26 @@ static void prvYieldForTask( TCB_t * pxTCB,
             {
                 return ( ( BaseType_t ) 0 );
             }
+
             (__builtin_expect(!(( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )), 0) ? __assert_rtn(__func__, "tasks.c", 956, "( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )") : (void)0);
             uxCurrentPriority--;
         }
+
         (__builtin_expect(!(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )), 0) ? __assert_rtn(__func__, "tasks.c", 960, "( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )") : (void)0);
+// # 1036 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
         return ( ( BaseType_t ) 1 );
     }
+// # 1052 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
 /*-----------------------------------------------------------*/
+// # 1108 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
 /*-----------------------------------------------------------*/
+// # 1155 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
 /*-----------------------------------------------------------*/
+// # 1205 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
 /*-----------------------------------------------------------*/
+
+
+
     BaseType_t xTaskCreate( TaskFunction_t pxTaskCode,
                             const char * const pcName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */
                             const uint32_t usStackDepth,
@@ -11729,17 +15179,22 @@ static void prvYieldForTask( TCB_t * pxTCB,
     {
         TCB_t * pxNewTCB;
         BaseType_t xReturn;
+
         /* If the stack grows down then allocate the stack then the TCB so the stack
          * does not grow into the TCB.  Likewise if the stack grows up then allocate
          * the TCB then the stack. */
+// # 1245 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
             {
                 StackType_t * pxStack;
+
                 /* Allocate space for the stack used by the task being created. */
                 pxStack = pvPortMalloc( ( ( ( size_t ) usStackDepth ) * sizeof( StackType_t ) ) ); /*lint !e9079 All values returned by pvPortMalloc() have at least the alignment required by the MCU's stack and this allocation is the stack. */
+
                 if( pxStack != ((void*)0) )
                 {
                     /* Allocate space for the TCB. */
                     pxNewTCB = ( TCB_t * ) pvPortMalloc( sizeof( TCB_t ) ); /*lint !e9087 !e9079 All values returned by pvPortMalloc() have at least the alignment required by the MCU's stack, and the first member of TCB_t is always a pointer to the task's stack. */
+
                     if( pxNewTCB != ((void*)0) )
                     {
                         /* Store the stack location in the TCB. */
@@ -11757,8 +15212,11 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     pxNewTCB = ((void*)0);
                 }
             }
+
+
         if( pxNewTCB != ((void*)0) )
         {
+// # 1285 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
             prvInitialiseNewTask( pxTaskCode, pcName, ( uint32_t ) usStackDepth, pvParameters, uxPriority, pxCreatedTask, pxNewTCB, ((void*)0) );
             prvAddNewTaskToReadyList( pxNewTCB );
             xReturn = ( ( ( BaseType_t ) 1 ) );
@@ -11767,9 +15225,13 @@ static void prvYieldForTask( TCB_t * pxTCB,
         {
             xReturn = ( -1 );
         }
+
         return xReturn;
     }
+
+
 /*-----------------------------------------------------------*/
+
 static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
                                   const char * const pcName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */
                                   const uint32_t ulStackDepth,
@@ -11781,27 +15243,36 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 {
     StackType_t * pxTopOfStack;
     UBaseType_t x;
+// # 1327 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
     /* Avoid dependency on memset() if it is not required. */
+
         {
             /* Fill the stack with a known value to assist debugging. */
             ( void ) __builtin___memset_chk (pxNewTCB->pxStack, ( int ) ( 0xa5U ), ( size_t ) ulStackDepth * sizeof( StackType_t ), __builtin_object_size (pxNewTCB->pxStack, 0));
         }
+
+
     /* Calculate the top of stack address.  This depends on whether the stack
      * grows from high memory to low (as per the 80x86) or vice versa.
      * portSTACK_GROWTH is used to make the result positive or negative as required
      * by the port. */
+
         {
             pxTopOfStack = &( pxNewTCB->pxStack[ ulStackDepth - ( uint32_t ) 1 ] );
             pxTopOfStack = ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception.  Avoiding casts between pointers and integers is not practical.  Size differences accounted for using portPOINTER_SIZE_TYPE type.  Checked by assert(). */
+
             /* Check the alignment of the calculated top of stack is correct. */
             (__builtin_expect(!(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )), 0) ? __assert_rtn(__func__, "tasks.c", 1345, "( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )") : (void)0);
+// # 1354 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
         }
+// # 1368 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
     /* Store the task name in the TCB. */
     if( pcName != ((void*)0) )
     {
         for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) 16; x++ )
         {
             pxNewTCB->pcTaskName[ x ] = pcName[ x ];
+
             /* Don't copy all configMAX_TASK_NAME_LEN if the string is shorter than
              * configMAX_TASK_NAME_LEN characters just in case the memory after the
              * string is not accessible (extremely unlikely). */
@@ -11814,6 +15285,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
                                         ;
             }
         }
+
         /* Ensure the name string is terminated in the case that the string length
          * was greater or equal to configMAX_TASK_NAME_LEN. */
         pxNewTCB->pcTaskName[ 16 - 1 ] = '\0';
@@ -11824,6 +15296,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
          * terminator when it is read out. */
         pxNewTCB->pcTaskName[ 0 ] = 0x00;
     }
+
     /* This is used as an array index so must ensure it's not too large.  First
      * remove the privilege bit if one is present. */
     if( uxPriority >= ( UBaseType_t ) 32 )
@@ -11834,59 +15307,90 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
     {
                                 ;
     }
+
     pxNewTCB->uxPriority = uxPriority;
+
         {
             pxNewTCB->uxBasePriority = uxPriority;
             pxNewTCB->uxMutexesHeld = 0;
         }
+
+
     vListInitialiseItem( &( pxNewTCB->xStateListItem ) );
     vListInitialiseItem( &( pxNewTCB->xEventListItem ) );
+
     /* Set the pxNewTCB as a link back from the ListItem_t.  This is so we can get
      * back to  the containing TCB from a generic item in a list. */
     ( ( &( pxNewTCB->xStateListItem ) )->pvOwner = ( void * ) ( pxNewTCB ) );
+
     /* Event lists are always in priority order. */
     ( ( &( pxNewTCB->xEventListItem ) )->xItemValue = ( ( TickType_t ) 32 - ( TickType_t ) uxPriority ) ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */
     ( ( &( pxNewTCB->xEventListItem ) )->pvOwner = ( void * ) ( pxNewTCB ) );
+
+
         {
             pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U;
         }
+// # 1452 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
         {
             /* Avoid compiler warning about unreferenced parameter. */
             ( void ) xRegions;
         }
+
+
+
         {
             __builtin___memset_chk (( void * ) &( pxNewTCB->pvThreadLocalStoragePointers[ 0 ] ), 0x00, sizeof( pxNewTCB->pvThreadLocalStoragePointers ), __builtin_object_size (( void * ) &( pxNewTCB->pvThreadLocalStoragePointers[ 0 ] ), 0));
         }
+
+
+
         {
             __builtin___memset_chk (( void * ) &( pxNewTCB->ulNotifiedValue[ 0 ] ), 0x00, sizeof( pxNewTCB->ulNotifiedValue ), __builtin_object_size (( void * ) &( pxNewTCB->ulNotifiedValue[ 0 ] ), 0));
             __builtin___memset_chk (( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ), __builtin_object_size (( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0));
         }
+// # 1481 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
         {
             pxNewTCB->ucDelayAborted = ( ( BaseType_t ) 0 );
         }
+// # 1499 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
     /* Initialize the TCB stack to look as if the task was already running,
      * but had been interrupted by the scheduler.  The return address is set
      * to the start of the task function. Once the stack has been initialised
      * the top of stack variable is updated. */
+// # 1527 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
         {
             /* If the port has capability to detect stack overflow,
              * pass the stack end address to the stack initialization
              * function as well. */
+// # 1544 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
                 {
                     pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters );
                 }
+
         }
+
+
     /* Initialize to not running */
     pxNewTCB->xTaskRunState = ( TaskRunning_t ) ( -1 );
+
     /* Is this an idle task? */
     if( pxTaskCode == prvIdleTask )
     {
         pxNewTCB->xIsIdle = ( ( BaseType_t ) 1 );
     }
+
+
+
+
+
+
+
     else
     {
         pxNewTCB->xIsIdle = ( ( BaseType_t ) 0 );
     }
+
     if( pxCreatedTask != ((void*)0) )
     {
         /* Pass the handle out in an anonymous way.  The handle can be used to
@@ -11899,6 +15403,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
     }
 }
 /*-----------------------------------------------------------*/
+
 static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 {
     /* Ensure interrupts don't access the task lists while the lists are being
@@ -11906,6 +15411,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
     vTaskEnterCritical();
     {
         uxCurrentNumberOfTasks++;
+
         if( xSchedulerRunning == ( ( BaseType_t ) 0 ) )
         {
             if( uxCurrentNumberOfTasks == ( UBaseType_t ) 1 )
@@ -11919,9 +15425,11 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
             {
                                         ;
             }
+
             if( pxNewTCB->xIsIdle != ( ( BaseType_t ) 0 ) )
             {
                 BaseType_t xCoreID;
+
                 /* Check if a core is free. */
                 for( xCoreID = ( UBaseType_t ) 0; xCoreID < ( UBaseType_t ) 1; xCoreID++ )
                 {
@@ -11938,20 +15446,29 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         {
                                     ;
         }
+
         uxTaskNumber++;
+
+
             {
                 /* Add a counter into the TCB for tracing only. */
                 pxNewTCB->uxTCBNumber = uxTaskNumber;
             }
+
                                     ;
+
         ; { if( ( ( pxNewTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxNewTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxNewTCB )->uxPriority ] ), &( ( pxNewTCB )->xStateListItem ) ); ;
+
         ( void ) pxNewTCB;
+
         if( xSchedulerRunning != ( ( BaseType_t ) 0 ) )
         {
             /* If the created task is of a higher priority than another
              * currently running task and preemption is on then it should
              * run now. */
+
                 prvYieldForTask( pxNewTCB, ( ( BaseType_t ) 0 ) );
+
         }
         else
         {
@@ -11961,16 +15478,22 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
     vTaskExitCritical();
 }
 /*-----------------------------------------------------------*/
+
+
+
     void vTaskDelete( TaskHandle_t xTaskToDelete )
     {
         TCB_t * pxTCB;
         TaskRunning_t xTaskRunningOnCore;
+
         vTaskEnterCritical();
         {
             /* If null is passed in here then it is the calling task that is
              * being deleted. */
             pxTCB = ( ( ( xTaskToDelete ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTaskToDelete ) );
+
             xTaskRunningOnCore = pxTCB->xTaskRunState;
+
             /* Remove task from the ready/delayed list. */
             if( uxListRemove( &( pxTCB->xStateListItem ) ) == ( UBaseType_t ) 0 )
             {
@@ -11980,6 +15503,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
             {
                                         ;
             }
+
             /* Is the task waiting on an event also? */
             if( ( ( &( pxTCB->xEventListItem ) )->pxContainer ) != ((void*)0) )
             {
@@ -11989,11 +15513,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
             {
                                         ;
             }
+
             /* Increment the uxTaskNumber also so kernel aware debuggers can
              * detect that the task lists need re-generating.  This is done before
              * portPRE_TASK_DELETE_HOOK() as in the Windows port that macro will
              * not return. */
             uxTaskNumber++;
+
             /* If the task is running (or yielding), we must add it to the
              * termination list so that an idle task can delete it when it is
              * no longer running. */
@@ -12005,13 +15531,16 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                  * check the termination list and free up any memory allocated by
                  * the scheduler for the TCB and stack of the deleted task. */
                 vListInsertEnd( &xTasksWaitingTermination, &( pxTCB->xStateListItem ) );
+
                 /* Increment the ucTasksDeleted variable so the idle task knows
                  * there is a task that has been deleted and that it should therefore
                  * check the xTasksWaitingTermination list. */
                 ++uxDeletedTasksWaitingCleanUp;
+
                 /* Call the delete hook before portPRE_TASK_DELETE_HOOK() as
                  * portPRE_TASK_DELETE_HOOK() does not return in the Win32 port. */
                                          ;
+
                 /* The pre-delete hook is primarily for the Windows simulator,
                  * in which Windows specific clean up operations are performed,
                  * after which it is not possible to yield away from this task -
@@ -12024,15 +15553,19 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                 --uxCurrentNumberOfTasks;
                                          ;
                 prvDeleteTCB( pxTCB );
+
                 /* Reset the next expected unblock time in case it referred to
                  * the task that has just been deleted. */
                 prvResetNextTaskUnblockTime();
             }
+
             /* Force a reschedule if the task that has just been deleted was running. */
             if( ( xSchedulerRunning != ( ( BaseType_t ) 0 ) ) && ( ( ( 0 <= xTaskRunningOnCore ) && ( xTaskRunningOnCore < 1 ) ) ) )
             {
                 BaseType_t xCoreID;
+
                 xCoreID = 0;
+
                 if( xTaskRunningOnCore == xCoreID )
                 {
                     (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn(__func__, "tasks.c", 1748, "uxSchedulerSuspended == 0") : (void)0);
@@ -12046,22 +15579,32 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         }
         vTaskExitCritical();
     }
+
+
 /*-----------------------------------------------------------*/
+
+
+
     BaseType_t xTaskDelayUntil( TickType_t * const pxPreviousWakeTime,
                                 const TickType_t xTimeIncrement )
     {
         TickType_t xTimeToWake;
         BaseType_t xAlreadyYielded, xShouldDelay = ( ( BaseType_t ) 0 );
+
         (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn(__func__, "tasks.c", 1771, "pxPreviousWakeTime") : (void)0);
         (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn(__func__, "tasks.c", 1772, "( xTimeIncrement > 0U )") : (void)0);
+
         vTaskSuspendAll();
         {
             (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn(__func__, "tasks.c", 1776, "uxSchedulerSuspended == 1") : (void)0);
+
             /* Minor optimisation.  The tick count cannot change in this
              * block. */
             const TickType_t xConstTickCount = xTickCount;
+
             /* Generate the tick time at which the task wants to wake. */
             xTimeToWake = *pxPreviousWakeTime + xTimeIncrement;
+
             if( xConstTickCount < *pxPreviousWakeTime )
             {
                 /* The tick count has overflowed since this function was
@@ -12092,11 +15635,14 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                                             ;
                 }
             }
+
             /* Update the wake time ready for the next call. */
             *pxPreviousWakeTime = xTimeToWake;
+
             if( xShouldDelay != ( ( BaseType_t ) 0 ) )
             {
                                                     ;
+
                 /* prvAddCurrentTaskToDelayedList() needs the block time, not
                  * the time to wake, so subtract the current tick count. */
                 prvAddCurrentTaskToDelayedList( xTimeToWake - xConstTickCount, ( ( BaseType_t ) 0 ) );
@@ -12107,6 +15653,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
             }
         }
         xAlreadyYielded = xTaskResumeAll();
+
         /* Force a reschedule if xTaskResumeAll has not already done so, we may
          * have put ourselves to sleep. */
         if( xAlreadyYielded == ( ( BaseType_t ) 0 ) )
@@ -12117,12 +15664,19 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         {
                                     ;
         }
+
         return xShouldDelay;
     }
+
+
 /*-----------------------------------------------------------*/
+
+
+
     void vTaskDelay( const TickType_t xTicksToDelay )
     {
         BaseType_t xAlreadyYielded = ( ( BaseType_t ) 0 );
+
         /* A delay time of zero just forces a reschedule. */
         if( xTicksToDelay > ( TickType_t ) 0U )
         {
@@ -12130,6 +15684,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
             {
                 (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn(__func__, "tasks.c", 1862, "uxSchedulerSuspended == 1") : (void)0);
                                  ;
+
                 /* A task that is removed from the event list while the
                  * scheduler is suspended will not get placed in the ready
                  * list or removed from the blocked list until the scheduler
@@ -12145,6 +15700,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         {
                                     ;
         }
+
         /* Force a reschedule if xTaskResumeAll has not already done so, we may
          * have put ourselves to sleep. */
         if( xAlreadyYielded == ( ( BaseType_t ) 0 ) )
@@ -12156,13 +15712,20 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                                     ;
         }
     }
+
+
 /*-----------------------------------------------------------*/
+
+
+
     eTaskState eTaskGetState( TaskHandle_t xTask )
     {
         eTaskState eReturn;
         List_t const * pxStateList, * pxDelayedList, * pxOverflowedDelayedList;
         const TCB_t * const pxTCB = xTask;
+
         (__builtin_expect(!(pxTCB), 0) ? __assert_rtn(__func__, "tasks.c", 1904, "pxTCB") : (void)0);
+
         vTaskEnterCritical();
         {
             pxStateList = ( ( &( pxTCB->xStateListItem ) )->pxContainer );
@@ -12170,12 +15733,15 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
             pxOverflowedDelayedList = pxOverflowDelayedTaskList;
         }
         vTaskExitCritical();
+
         if( ( pxStateList == pxDelayedList ) || ( pxStateList == pxOverflowedDelayedList ) )
         {
             /* The task being queried is referenced from one of the Blocked
              * lists. */
             eReturn = eBlocked;
         }
+
+
             else if( pxStateList == &xSuspendedTaskList )
             {
                 /* The task being queried is referenced from the suspended
@@ -12183,14 +15749,17 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                  * indefinitely? */
                 if( ( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0) )
                 {
+
                         {
                             BaseType_t x;
+
                             /* The task does not appear on the event list item of
                              * and of the RTOS objects, but could still be in the
                              * blocked state if it is waiting on its notification
                              * rather than waiting on an object.  If not, is
                              * suspended. */
                             eReturn = eSuspended;
+
                             for( x = 0; x < 1; x++ )
                             {
                                 if( pxTCB->ucNotifyState[ x ] == ( ( uint8_t ) 1 ) )
@@ -12200,12 +15769,20 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                                 }
                             }
                         }
+
+
+
+
+
                 }
                 else
                 {
                     eReturn = eBlocked;
                 }
             }
+
+
+
             else if( ( pxStateList == &xTasksWaitingTermination ) || ( pxStateList == ((void*)0) ) )
             {
                 /* The task being queried is referenced from the deleted
@@ -12213,6 +15790,8 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                  * all. */
                 eReturn = eDeleted;
             }
+
+
         else /*lint !e525 Negative indentation is intended to make use of pre-processor clearer. */
         {
             /* If the task is not in any other state, it must be in the
@@ -12227,13 +15806,20 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                 eReturn = eReady;
             }
         }
+
         return eReturn;
     } /*lint !e818 xTask cannot be a pointer to const because it is a typedef. */
+
+
 /*-----------------------------------------------------------*/
+
+
+
     UBaseType_t uxTaskPriorityGet( const TaskHandle_t xTask )
     {
         TCB_t const * pxTCB;
         UBaseType_t uxReturn;
+
         vTaskEnterCritical();
         {
             /* If null is passed in here then it is the priority of the task
@@ -12242,13 +15828,20 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
             uxReturn = pxTCB->uxPriority;
         }
         vTaskExitCritical();
+
         return uxReturn;
     }
+
+
 /*-----------------------------------------------------------*/
+
+
+
     UBaseType_t uxTaskPriorityGetFromISR( const TaskHandle_t xTask )
     {
         TCB_t const * pxTCB;
         UBaseType_t uxReturn, uxSavedInterruptState;
+
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
          * Interrupts that are  above the maximum system call priority are keep
@@ -12266,6 +15859,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
          * provided on the following link:
          * https://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html */
                                                   ;
+
         uxSavedInterruptState = ({ uint32_t ulStateISR = ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;}); vTaskEnterCritical(); ulStateISR; });
         {
             /* If null is passed in here then it is the priority of the calling
@@ -12274,9 +15868,15 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
             uxReturn = pxTCB->uxPriority;
         }
         do { vTaskExitCritical(); __asm volatile ("msr PRIMASK,%0"::"r" (uxSavedInterruptState) : ); } while (0);
+
         return uxReturn;
     }
+
+
 /*-----------------------------------------------------------*/
+
+
+
     void vTaskPrioritySet( TaskHandle_t xTask,
                            UBaseType_t uxNewPriority )
     {
@@ -12285,7 +15885,9 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         BaseType_t xYieldRequired = ( ( BaseType_t ) 0 );
         BaseType_t xYieldForTask = ( ( BaseType_t ) 0 );
         BaseType_t xCoreID;
+
         (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn(__func__, "tasks.c", 2066, "( uxNewPriority < 32 )") : (void)0);
+
         /* Ensure the new priority is valid. */
         if( uxNewPriority >= ( UBaseType_t ) 32 )
         {
@@ -12295,15 +15897,25 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         {
                                     ;
         }
+
         vTaskEnterCritical();
         {
             /* If null is passed in here then it is the priority of the calling
              * task that is being changed. */
             pxTCB = ( ( ( xTask ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTask ) );
+
                                                           ;
+
+
                 {
                     uxCurrentBasePriority = pxTCB->uxBasePriority;
                 }
+
+
+
+
+
+
             if( uxCurrentBasePriority != uxNewPriority )
             {
                 /* The priority change may have readied a task of higher
@@ -12319,6 +15931,9 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                     /* Setting the priority of a running task down means
                      * there may now be another task of higher priority that
                      * is ready to execute. */
+
+
+
                     {
                         xCoreID = ( BaseType_t ) pxTCB->xTaskRunState;
                         xYieldRequired = ( ( BaseType_t ) 1 );
@@ -12330,10 +15945,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                      * require a yield as the running task must be above the
                      * new priority of the task being modified. */
                 }
+
                 /* Remember the ready list the task might be referenced from
                  * before its uxPriority member is changed so the
                  * taskRESET_READY_PRIORITY() macro can function correctly. */
                 uxPriorityUsedOnEntry = pxTCB->uxPriority;
+
+
                     {
                         /* Only change the priority being used if the task is not
                          * currently using an inherited priority. */
@@ -12345,9 +15963,16 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                         {
                                                     ;
                         }
+
                         /* The base priority gets set whatever. */
                         pxTCB->uxBasePriority = uxNewPriority;
                     }
+
+
+
+
+
+
                 /* Only reset the event list item value if the value is not
                  * being used for anything else. */
                 if( ( ( ( &( pxTCB->xEventListItem ) )->xItemValue ) & 0x80000000UL ) == 0UL )
@@ -12358,6 +15983,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                 {
                                             ;
                 }
+
                 /* If the task is in the blocked or suspended list we need do
                  * nothing more than change its priority variable. However, if
                  * the task is in a ready list it needs to be removed and placed
@@ -12378,6 +16004,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                     {
                                                 ;
                     }
+
                     ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
                 }
                 else
@@ -12387,6 +16014,8 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                      * we don't actually need to yield for it. */
                     xYieldForTask = ( ( BaseType_t ) 0 );
                 }
+
+
                     if( xYieldRequired != ( ( BaseType_t ) 0 ) )
                     {
                         prvYieldCore( xCoreID );
@@ -12399,6 +16028,8 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                     {
                                                 ;
                     }
+
+
                 /* Remove compiler warning about unused variables when the port
                  * optimised task selection is not being used. */
                 ( void ) uxPriorityUsedOnEntry;
@@ -12406,22 +16037,35 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         }
         vTaskExitCritical();
     }
+
+
 /*-----------------------------------------------------------*/
+// # 2254 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
 /*-----------------------------------------------------------*/
+// # 2277 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
 /*-----------------------------------------------------------*/
+// # 2295 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
 /*-----------------------------------------------------------*/
+// # 2323 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
 /*-----------------------------------------------------------*/
+
+
+
     void vTaskSuspend( TaskHandle_t xTaskToSuspend )
     {
         TCB_t * pxTCB;
         TaskRunning_t xTaskRunningOnCore;
+
         vTaskEnterCritical();
         {
             /* If null is passed in here then it is the running task that is
              * being suspended. */
             pxTCB = ( ( ( xTaskToSuspend ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSuspend ) );
+
                                       ;
+
             xTaskRunningOnCore = pxTCB->xTaskRunState;
+
             /* Remove task from the ready/delayed list and place in the
              * suspended list. */
             if( uxListRemove( &( pxTCB->xStateListItem ) ) == ( UBaseType_t ) 0 )
@@ -12432,6 +16076,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
             {
                                         ;
             }
+
             /* Is the task waiting on an event also? */
             if( ( ( &( pxTCB->xEventListItem ) )->pxContainer ) != ((void*)0) )
             {
@@ -12441,9 +16086,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
             {
                                         ;
             }
+
             vListInsertEnd( &xSuspendedTaskList, &( pxTCB->xStateListItem ) );
+
+
                 {
                     BaseType_t x;
+
                     for( x = 0; x < 1; x++ )
                     {
                         if( pxTCB->ucNotifyState[ x ] == ( ( uint8_t ) 1 ) )
@@ -12454,6 +16103,8 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                         }
                     }
                 }
+
+
             if( xSchedulerRunning != ( ( BaseType_t ) 0 ) )
             {
                 /* Reset the next expected unblock time in case it referred to the
@@ -12464,6 +16115,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
             {
                                         ;
             }
+
             if( ( ( 0 <= xTaskRunningOnCore ) && ( xTaskRunningOnCore < 1 ) ) )
             {
                 if( xSchedulerRunning != ( ( BaseType_t ) 0 ) )
@@ -12478,12 +16130,15 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                     {
                         prvYieldCore( xTaskRunningOnCore );
                     }
+
                     vTaskExitCritical();
                 }
                 else
                 {
                     vTaskExitCritical();
+
                     (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn(__func__, "tasks.c", 2413, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
+
                     /* The scheduler is not running, but the task that was pointed
                      * to by pxCurrentTCB has just been suspended and pxCurrentTCB
                      * must be adjusted to point to a different task. */
@@ -12515,14 +16170,22 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
             }
         } /* taskEXIT_CRITICAL() - already exited in one of three cases above */
     }
+
+
 /*-----------------------------------------------------------*/
+
+
+
     static BaseType_t prvTaskIsTaskSuspended( const TaskHandle_t xTask )
     {
         BaseType_t xReturn = ( ( BaseType_t ) 0 );
         const TCB_t * const pxTCB = xTask;
+
         /* Accesses xPendingReadyList so must be called from a critical section. */
+
         /* It does not make sense to check if the calling task is suspended. */
         (__builtin_expect(!(xTask), 0) ? __assert_rtn(__func__, "tasks.c", 2460, "xTask") : (void)0);
+
         /* Is the task being resumed actually in the suspended list? */
         if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &xSuspendedTaskList ) ) ? ( ( ( BaseType_t ) 1 ) ) : ( ( ( BaseType_t ) 0 ) ) ) != ( ( BaseType_t ) 0 ) )
         {
@@ -12549,14 +16212,22 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         {
                                     ;
         }
+
         return xReturn;
     } /*lint !e818 xTask cannot be a pointer to const because it is a typedef. */
+
+
 /*-----------------------------------------------------------*/
+
+
+
     void vTaskResume( TaskHandle_t xTaskToResume )
     {
         TCB_t * const pxTCB = xTaskToResume;
+
         /* It does not make sense to resume the calling task. */
         (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn(__func__, "tasks.c", 2502, "xTaskToResume") : (void)0);
+
         /* The parameter cannot be NULL as it is impossible to resume the
          * currently executing task. It is also impossible to resume a task
          * that is actively running on another core but it is too dangerous
@@ -12569,14 +16240,18 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                 if( prvTaskIsTaskSuspended( pxTCB ) != ( ( BaseType_t ) 0 ) )
                 {
                                              ;
+
                     /* The ready list can be accessed even if the scheduler is
                      * suspended because this is inside a critical section. */
                     ( void ) uxListRemove( &( pxTCB->xStateListItem ) );
                     ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
+
                     /* A higher priority task may have just been resumed. */
+
                         {
                             prvYieldForTask( pxTCB, ( ( BaseType_t ) 1 ) );
                         }
+
                 }
                 else
                 {
@@ -12590,13 +16265,21 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                                     ;
         }
     }
+
+
+
 /*-----------------------------------------------------------*/
+
+
+
     BaseType_t xTaskResumeFromISR( TaskHandle_t xTaskToResume )
     {
         BaseType_t xYieldRequired = ( ( BaseType_t ) 0 );
         TCB_t * const pxTCB = xTaskToResume;
         UBaseType_t uxSavedInterruptStatus;
+
         (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn(__func__, "tasks.c", 2554, "xTaskToResume") : (void)0);
+
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
          * Interrupts that are  above the maximum system call priority are keep
@@ -12614,16 +16297,19 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
          * provided on the following link:
          * https://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html */
                                                   ;
+
         uxSavedInterruptStatus = ({ uint32_t ulStateISR = ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;}); vTaskEnterCritical(); ulStateISR; });
         {
             if( prvTaskIsTaskSuspended( pxTCB ) != ( ( BaseType_t ) 0 ) )
             {
                                                   ;
+
                 /* Check the ready lists can be accessed. */
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
                     /* Ready lists can be accessed so move the task from the
                      * suspended list to the ready list directly. */
+
                     ( void ) uxListRemove( &( pxTCB->xStateListItem ) );
                     ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
                 }
@@ -12634,11 +16320,15 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                      * unsuspended. */
                     vListInsertEnd( &( xPendingReadyList ), &( pxTCB->xEventListItem ) );
                 }
+
+
                     prvYieldForTask( pxTCB, ( ( BaseType_t ) 1 ) );
+
                     if( xYieldPendings[ 0 ] != ( ( BaseType_t ) 0 ) )
                     {
                         xYieldRequired = ( ( BaseType_t ) 1 );
                     }
+
             }
             else
             {
@@ -12646,18 +16336,24 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
             }
         }
         do { vTaskExitCritical(); __asm volatile ("msr PRIMASK,%0"::"r" (uxSavedInterruptStatus) : ); } while (0);
+
         return xYieldRequired;
     }
+
+
 /*-----------------------------------------------------------*/
+
 static BaseType_t prvCreateIdleTasks( void )
 {
     BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
     BaseType_t xCoreID;
     char cIdleName[ 16 ];
+
     /* Add each idle task at the lowest priority. */
     for( xCoreID = ( BaseType_t ) 0; xCoreID < ( BaseType_t ) 1; xCoreID++ )
     {
         BaseType_t x;
+
         if( xReturn == ( ( ( BaseType_t ) 0 ) ) )
         {
             break;
@@ -12666,9 +16362,11 @@ static BaseType_t prvCreateIdleTasks( void )
         {
                                     ;
         }
+
         for( x = ( BaseType_t ) 0; x < ( BaseType_t ) 16; x++ )
         {
             cIdleName[ x ] = "IDLE"[ x ];
+
             /* Don't copy all configMAX_TASK_NAME_LEN if the string is shorter than
              * configMAX_TASK_NAME_LEN characters just in case the memory after the
              * string is not accessible (extremely unlikely). */
@@ -12681,10 +16379,12 @@ static BaseType_t prvCreateIdleTasks( void )
                                         ;
             }
         }
+
         /* Append the idle task number to the end of the name if there is space */
         if( x < 16 )
         {
             cIdleName[ x++ ] = xCoreID + '0';
+
             /* And append a null character if there is space */
             if( x < 16 )
             {
@@ -12699,6 +16399,7 @@ static BaseType_t prvCreateIdleTasks( void )
         {
                                     ;
         }
+// # 2722 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
             {
                 if( xCoreID == 0 )
                 {
@@ -12710,31 +16411,48 @@ static BaseType_t prvCreateIdleTasks( void )
                                            ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */
                                            &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */
                 }
+// # 2745 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
             }
+
     }
+
     return xReturn;
 }
+
 void vTaskStartScheduler( void )
 {
     BaseType_t xReturn;
+
+
         {
             xReturn = xTimerCreateTimerTask();
         }
+
+
     xReturn = prvCreateIdleTasks();
+
     if( xReturn == ( ( ( BaseType_t ) 1 ) ) )
     {
         /* freertos_tasks_c_additions_init() should only be called if the user
          * definable macro FREERTOS_TASKS_C_ADDITIONS_INIT() is defined, as that is
          * the only macro called by the function. */
+
+
+
+
+
+
         /* Interrupts are turned off here, to ensure a tick does not occur
          * before or during the call to xPortStartScheduler().  The stacks of
          * the created tasks contain a status word with interrupts switched on
          * so interrupts will automatically get re-enabled when the first task
          * starts to run. */
         ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;});
+// # 2792 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
         xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL;
         xSchedulerRunning = ( ( BaseType_t ) 1 );
         xTickCount = ( TickType_t ) 0;
+
         /* If configGENERATE_RUN_TIME_STATS is defined then the following
          * macro must be defined to configure the timer/counter used to generate
          * the run time counter time base.   NOTE:  If configGENERATE_RUN_TIME_STATS
@@ -12742,7 +16460,9 @@ void vTaskStartScheduler( void )
          * have portCONFIGURE_TIMER_FOR_RUN_TIME_STATS() defined in your
          * FreeRTOSConfig.h file. */
                                                 ;
+
                                ;
+
         /* Setting up the timer tick is hardware specific and thus in the
          * portable interface. */
         if( xPortStartScheduler() != ( ( BaseType_t ) 0 ) )
@@ -12762,14 +16482,17 @@ void vTaskStartScheduler( void )
          * or the timer task. */
         (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn(__func__, "tasks.c", 2823, "xReturn != ( -1 )") : (void)0);
     }
+
     /* Prevent compiler warnings if INCLUDE_xTaskGetIdleTaskHandle is set to 0,
      * meaning xIdleTaskHandle is not used anywhere else. */
     ( void ) xIdleTaskHandle;
+
     /* OpenOCD makes use of uxTopUsedPriority for thread debugging. Prevent uxTopUsedPriority
      * from getting optimized out as it is no longer used by the kernel. */
     ( void ) uxTopUsedPriority;
 }
 /*-----------------------------------------------------------*/
+
 void vTaskEndScheduler( void )
 {
     /* Stop the scheduler interrupts and call the portable scheduler end
@@ -12780,11 +16503,14 @@ void vTaskEndScheduler( void )
     vPortEndScheduler();
 }
 /*----------------------------------------------------------*/
+
 void vTaskSuspendAll( void )
 {
     UBaseType_t ulState;
+
     /* This must only be called from within a task */
                           ;
+
     if( xSchedulerRunning != ( ( BaseType_t ) 0 ) )
     {
         /* writes to uxSchedulerSuspended must be protected by both the task AND ISR locks.
@@ -12793,19 +16519,24 @@ void vTaskSuspendAll( void )
          * It is safe to re-enable interrupts after releasing the ISR lock and incrementing
          * uxSchedulerSuspended since that will prevent context switches. */
         ulState = ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;});
+
         /* portSOFRWARE_BARRIER() is only implemented for emulated/simulated ports that
          * do not otherwise exhibit real time behaviour. */
                               ;
+
         vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 1 ));
         vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 1 ));
+
         /* The scheduler is suspended if uxSchedulerSuspended is non-zero.  An increment
          * is used to allow calls to vTaskSuspendAll() to nest. */
         ++uxSchedulerSuspended;
         vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 0 ));
+
         if( ( uxSchedulerSuspended == 1U ) && ( xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0U ) )
         {
             prvCheckForRunStateChange();
         }
+
         __asm volatile ("msr PRIMASK,%0"::"r" (ulState) : );
     }
     else
@@ -12814,11 +16545,14 @@ void vTaskSuspendAll( void )
     }
 }
 /*----------------------------------------------------------*/
+// # 2950 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
 /*----------------------------------------------------------*/
+
 BaseType_t xTaskResumeAll( void )
 {
     TCB_t * pxTCB = ((void*)0);
     BaseType_t xAlreadyYielded = ( ( BaseType_t ) 0 );
+
     if( xSchedulerRunning != ( ( BaseType_t ) 0 ) )
     {
         /* It is possible that an ISR caused a task to be removed from an event
@@ -12829,12 +16563,16 @@ BaseType_t xTaskResumeAll( void )
         vTaskEnterCritical();
         {
             BaseType_t xCoreID;
+
             xCoreID = 0;
+
             /* If uxSchedulerSuspended is zero then this function does not match a
              * previous call to vTaskSuspendAll(). */
             (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn(__func__, "tasks.c", 2972, "uxSchedulerSuspended") : (void)0);
+
             --uxSchedulerSuspended;
             vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 0 ));
+
             if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
             {
                 if( uxCurrentNumberOfTasks > ( UBaseType_t ) 0U )
@@ -12847,10 +16585,12 @@ BaseType_t xTaskResumeAll( void )
                         ( void ) uxListRemove( &( pxTCB->xEventListItem ) );
                         ( void ) uxListRemove( &( pxTCB->xStateListItem ) );
                         ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
+
                         /* All appropriate tasks yield at the moment a task is added to xPendingReadyList.
                          * If the current core yielded then vTaskSwitchContext() has already been called
                          * which sets xYieldPendings for the current core to pdTRUE. */
                     }
+
                     if( pxTCB != ((void*)0) )
                     {
                         /* A task was unblocked while the scheduler was suspended,
@@ -12861,6 +16601,7 @@ BaseType_t xTaskResumeAll( void )
                          * state. */
                         prvResetNextTaskUnblockTime();
                     }
+
                     /* If any ticks occurred while the scheduler was suspended then
                      * they should be processed now.  This ensures the tick count does
                      * not	slip, and that any delayed tasks are resumed at the correct
@@ -12872,6 +16613,7 @@ BaseType_t xTaskResumeAll( void )
                      * from any core causes xTaskIncrementTick to increment uxPendedCounts.*/
                     {
                         TickType_t xPendedCounts = xPendedTicks; /* Non-volatile copy. */
+
                         if( xPendedCounts > ( TickType_t ) 0U )
                         {
                             do
@@ -12886,8 +16628,10 @@ BaseType_t xTaskResumeAll( void )
                                 {
                                                             ;
                                 }
+
                                 --xPendedCounts;
                             } while( xPendedCounts > ( TickType_t ) 0U );
+
                             xPendedTicks = 0;
                         }
                         else
@@ -12895,6 +16639,7 @@ BaseType_t xTaskResumeAll( void )
                                                     ;
                         }
                     }
+
                     if( xYieldPendings[ xCoreID ] != ( ( BaseType_t ) 0 ) )
                     {
                         /* If xYieldPendings is true then taskEXIT_CRITICAL()
@@ -12915,25 +16660,31 @@ BaseType_t xTaskResumeAll( void )
     {
                                 ;
     }
+
     return xAlreadyYielded;
 }
 /*-----------------------------------------------------------*/
+
 TickType_t xTaskGetTickCount( void )
 {
     TickType_t xTicks;
+
     /* Critical section required if running on a 16 bit processor. */
                                   ;
     {
         xTicks = xTickCount;
     }
                                  ;
+
     return xTicks;
 }
 /*-----------------------------------------------------------*/
+
 TickType_t xTaskGetTickCountFromISR( void )
 {
     TickType_t xReturn;
     UBaseType_t uxSavedInterruptStatus;
+
     /* RTOS ports that support interrupt nesting have the concept of a maximum
      * system call (or maximum API call) interrupt priority.  Interrupts that are
      * above the maximum system call priority are kept permanently enabled, even
@@ -12949,14 +16700,17 @@ TickType_t xTaskGetTickCountFromISR( void )
      * More information (albeit Cortex-M specific) is provided on the following
      * link: https://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html */
                                               ;
+
     uxSavedInterruptStatus = 0;
     {
         xReturn = xTickCount;
     }
     ( void ) uxSavedInterruptStatus;
+
     return xReturn;
 }
 /*-----------------------------------------------------------*/
+
 UBaseType_t uxTaskGetNumberOfTasks( void )
 {
     /* A critical section is not required because the variables are of type
@@ -12964,9 +16718,11 @@ UBaseType_t uxTaskGetNumberOfTasks( void )
     return uxCurrentNumberOfTasks;
 }
 /*-----------------------------------------------------------*/
+
 char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char types are allowed for strings and single characters only. */
 {
     TCB_t * pxTCB;
+
     /* If null is passed in here then the name of the calling task is being
      * queried. */
     pxTCB = ( ( ( xTaskToQuery ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTaskToQuery ) );
@@ -12974,6 +16730,9 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     return &( pxTCB->pcTaskName[ 0 ] );
 }
 /*-----------------------------------------------------------*/
+
+
+
     static TCB_t * prvSearchForNameWithinSingleList( List_t * pxList,
                                                      const char pcNameToQuery[] )
     {
@@ -12981,19 +16740,25 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
         UBaseType_t x;
         char cNextChar;
         BaseType_t xBreakLoop;
+
         /* This function is called with the scheduler suspended. */
+
         if( ( ( pxList )->uxNumberOfItems ) > ( UBaseType_t ) 0 )
         {
             { List_t * const pxConstList = ( pxList ); ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; if( ( void * ) ( pxConstList )->pxIndex == ( void * ) &( ( pxConstList )->xListEnd ) ) { ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; } ( pxFirstTCB ) = ( pxConstList )->pxIndex->pvOwner; }; /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
+
             do
             {
                 { List_t * const pxConstList = ( pxList ); ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; if( ( void * ) ( pxConstList )->pxIndex == ( void * ) &( ( pxConstList )->xListEnd ) ) { ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; } ( pxNextTCB ) = ( pxConstList )->pxIndex->pvOwner; }; /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
+
                 /* Check each character in the name looking for a match or
                  * mismatch. */
                 xBreakLoop = ( ( BaseType_t ) 0 );
+
                 for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) 16; x++ )
                 {
                     cNextChar = pxNextTCB->pcTaskName[ x ];
+
                     if( cNextChar != pcNameToQuery[ x ] )
                     {
                         /* Characters didn't match. */
@@ -13010,11 +16775,13 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                     {
                                                 ;
                     }
+
                     if( xBreakLoop != ( ( BaseType_t ) 0 ) )
                     {
                         break;
                     }
                 }
+
                 if( pxReturn != ((void*)0) )
                 {
                     /* The handle has been found. */
@@ -13026,15 +16793,23 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
         {
                                     ;
         }
+
         return pxReturn;
     }
+
+
 /*-----------------------------------------------------------*/
+
+
+
     TaskHandle_t xTaskGetHandle( const char * pcNameToQuery ) /*lint !e971 Unqualified char types are allowed for strings and single characters only. */
     {
         UBaseType_t uxQueue = 32;
         TCB_t * pxTCB;
+
         /* Task names will be truncated to configMAX_TASK_NAME_LEN - 1 bytes. */
         (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn(__func__, "tasks.c", 3212, "strlen( pcNameToQuery ) < 16") : (void)0);
+
         vTaskSuspendAll();
         {
             /* Search the ready lists. */
@@ -13042,21 +16817,26 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
             {
                 uxQueue--;
                 pxTCB = prvSearchForNameWithinSingleList( ( List_t * ) &( pxReadyTasksLists[ uxQueue ] ), pcNameToQuery );
+
                 if( pxTCB != ((void*)0) )
                 {
                     /* Found the handle. */
                     break;
                 }
             } while( uxQueue > ( UBaseType_t ) ( ( UBaseType_t ) 0U ) ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */
+
             /* Search the delayed lists. */
             if( pxTCB == ((void*)0) )
             {
                 pxTCB = prvSearchForNameWithinSingleList( ( List_t * ) pxDelayedTaskList, pcNameToQuery );
             }
+
             if( pxTCB == ((void*)0) )
             {
                 pxTCB = prvSearchForNameWithinSingleList( ( List_t * ) pxOverflowDelayedTaskList, pcNameToQuery );
             }
+
+
                 {
                     if( pxTCB == ((void*)0) )
                     {
@@ -13064,6 +16844,9 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                         pxTCB = prvSearchForNameWithinSingleList( &xSuspendedTaskList, pcNameToQuery );
                     }
                 }
+
+
+
                 {
                     if( pxTCB == ((void*)0) )
                     {
@@ -13071,16 +16854,24 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                         pxTCB = prvSearchForNameWithinSingleList( &xTasksWaitingTermination, pcNameToQuery );
                     }
                 }
+
         }
         ( void ) xTaskResumeAll();
+
         return pxTCB;
     }
+
+
 /*-----------------------------------------------------------*/
+
+
+
     UBaseType_t uxTaskGetSystemState( TaskStatus_t * const pxTaskStatusArray,
                                       const UBaseType_t uxArraySize,
                                       uint32_t * const pulTotalRunTime )
     {
         UBaseType_t uxTask = 0, uxQueue = 32;
+
         vTaskSuspendAll();
         {
             /* Is there a space in the array for each task in the system? */
@@ -13093,26 +16884,34 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                     uxQueue--;
                     uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &( pxReadyTasksLists[ uxQueue ] ), eReady );
                 } while( uxQueue > ( UBaseType_t ) ( ( UBaseType_t ) 0U ) ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */
+
                 /* Fill in an TaskStatus_t structure with information on each
                  * task in the Blocked state. */
                 uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), ( List_t * ) pxDelayedTaskList, eBlocked );
                 uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), ( List_t * ) pxOverflowDelayedTaskList, eBlocked );
+
+
                     {
                         /* Fill in an TaskStatus_t structure with information on
                          * each task that has been deleted but not yet cleaned up. */
                         uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xTasksWaitingTermination, eDeleted );
                     }
+
+
+
                     {
                         /* Fill in an TaskStatus_t structure with information on
                          * each task in the Suspended state. */
                         uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended );
                     }
+// # 3322 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
                     {
                         if( pulTotalRunTime != ((void*)0) )
                         {
                             *pulTotalRunTime = 0;
                         }
                     }
+
             }
             else
             {
@@ -13120,9 +16919,15 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
             }
         }
         ( void ) xTaskResumeAll();
+
         return uxTask;
     }
+
+
 /*----------------------------------------------------------*/
+
+
+
     TaskHandle_t * xTaskGetIdleTaskHandle( void )
     {
         /* If xTaskGetIdleTaskHandle() is called before the scheduler has been
@@ -13130,31 +16935,44 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
         (__builtin_expect(!(( xIdleTaskHandle != ((void*)0) )), 0) ? __assert_rtn(__func__, "tasks.c", 3349, "( xIdleTaskHandle != ((void*)0) )") : (void)0);
         return &( xIdleTaskHandle[ 0 ] );
     }
+
+
 /*----------------------------------------------------------*/
+
 /* This conditional compilation should use inequality to 0, not equality to 1.
  * This is to ensure vTaskStepTick() is available when user defined low power mode
  * implementations require configUSE_TICKLESS_IDLE to be set to a value other than
  * 1. */
+// # 3373 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
 /*----------------------------------------------------------*/
+
 BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
 {
     BaseType_t xYieldOccurred;
+
     /* Must not be called with the scheduler suspended as the implementation
      * relies on xPendedTicks being wound down to 0 in xTaskResumeAll(). */
     (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn(__func__, "tasks.c", 3381, "uxSchedulerSuspended == 0") : (void)0);
+
     /* Use xPendedTicks to mimic xTicksToCatchUp number of ticks occurring when
      * the scheduler is suspended so the ticks are executed in xTaskResumeAll(). */
     vTaskSuspendAll();
     xPendedTicks += xTicksToCatchUp;
     xYieldOccurred = xTaskResumeAll();
+
     return xYieldOccurred;
 }
 /*----------------------------------------------------------*/
+
+
+
     BaseType_t xTaskAbortDelay( TaskHandle_t xTask )
     {
         TCB_t * pxTCB = xTask;
         BaseType_t xReturn;
+
         (__builtin_expect(!(pxTCB), 0) ? __assert_rtn(__func__, "tasks.c", 3400, "pxTCB") : (void)0);
+
         vTaskSuspendAll();
         {
             /* A task can only be prematurely removed from the Blocked state if
@@ -13162,10 +16980,12 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
             if( eTaskGetState( xTask ) == eBlocked )
             {
                 xReturn = ( ( ( BaseType_t ) 1 ) );
+
                 /* Remove the reference to the task from the blocked list.  An
                  * interrupt won't touch the xStateListItem because the
                  * scheduler is suspended. */
                 ( void ) uxListRemove( &( pxTCB->xStateListItem ) );
+
                 /* Is the task waiting on an event also?  If so remove it from
                  * the event list too.  Interrupts can touch the event list item,
                  * even though the scheduler is suspended, so a critical section
@@ -13175,6 +16995,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
                     if( ( ( &( pxTCB->xEventListItem ) )->pxContainer ) != ((void*)0) )
                     {
                         ( void ) uxListRemove( &( pxTCB->xEventListItem ) );
+
                         /* This lets the task know it was forcibly removed from the
                          * blocked state so it should not re-evaluate its block time and
                          * then block again. */
@@ -13186,10 +17007,13 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
                     }
                 }
                 vTaskExitCritical();
+
                 /* Place the unblocked task into the appropriate ready list. */
                 ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
+
                 /* A task being unblocked cannot cause an immediate context
                  * switch if preemption is turned off. */
+
                     {
                         vTaskEnterCritical();
                         {
@@ -13197,6 +17021,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
                         }
                         vTaskExitCritical();
                     }
+
             }
             else
             {
@@ -13204,22 +17029,31 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
             }
         }
         ( void ) xTaskResumeAll();
+
         return xReturn;
     }
+
+
 /*----------------------------------------------------------*/
+
 BaseType_t xTaskIncrementTick( void )
 {
     TCB_t * pxTCB;
     TickType_t xItemValue;
     BaseType_t xSwitchRequired = ( ( BaseType_t ) 0 );
+
+
         UBaseType_t x;
         BaseType_t xCoreYieldList[ 1 ] = { ( ( BaseType_t ) 0 ) };
+
+
     vTaskEnterCritical();
     {
         /* Called by the portable layer each time a tick interrupt occurs.
          * Increments the tick then checks to see if the new tick value will cause any
          * tasks to be unblocked. */
                                               ;
+
         /* Tick increment should occur on every kernel timer event. Core 0 has the
          * responsibility to increment the tick, or increment the pended ticks if the
          * scheduler is suspended.  If pended ticks is greater than zero, the core that
@@ -13229,9 +17063,11 @@ BaseType_t xTaskIncrementTick( void )
             /* Minor optimisation.  The tick count cannot change in this
              * block. */
             const TickType_t xConstTickCount = xTickCount + ( TickType_t ) 1;
+
             /* Increment the RTOS tick, switching the delayed and overflowed
              * delayed lists if it wraps to 0. */
             xTickCount = xConstTickCount;
+
             if( xConstTickCount == ( TickType_t ) 0U ) /*lint !e774 'if' does not always evaluate to false as it is looking for an overflow. */
             {
                 { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn(__func__, "tasks.c", 3499, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
@@ -13240,6 +17076,7 @@ BaseType_t xTaskIncrementTick( void )
             {
                                         ;
             }
+
             /* See if this tick has made a timeout expire.  Tasks are stored in
              * the	queue in the order of their wake time - meaning once one task
              * has been found whose block time has not expired there is no need to
@@ -13266,6 +17103,7 @@ BaseType_t xTaskIncrementTick( void )
                          * be removed from the Blocked state. */
                         pxTCB = ( ( &( ( pxDelayedTaskList )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
                         xItemValue = ( ( &( pxTCB->xStateListItem ) )->xItemValue );
+
                         if( xConstTickCount < xItemValue )
                         {
                             /* It is not time to unblock this item yet, but the
@@ -13280,8 +17118,10 @@ BaseType_t xTaskIncrementTick( void )
                         {
                                                     ;
                         }
+
                         /* It is time to remove the item from the Blocked state. */
                         ( void ) uxListRemove( &( pxTCB->xStateListItem ) );
+
                         /* Is the task waiting on an event also?  If so remove
                          * it from the event list. */
                         if( ( ( &( pxTCB->xEventListItem ) )->pxContainer ) != ((void*)0) )
@@ -13292,20 +17132,26 @@ BaseType_t xTaskIncrementTick( void )
                         {
                                                     ;
                         }
+
                         /* Place the unblocked task into the appropriate ready
                          * list. */
                         ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
+
                         /* A task being unblocked cannot cause an immediate
                          * context switch if preemption is turned off. */
+
                             {
                                 prvYieldForTask( pxTCB, ( ( BaseType_t ) 1 ) );
                             }
+
                     }
                 }
             }
+
             /* Tasks of equal priority to the currently running task will share
              * processing time (time slice) if preemption is on, and the application
              * writer has not explicitly turned time slicing off. */
+
                 {
                     /* TODO: If there are fewer "non-IDLE" READY tasks than cores, do not
                      * force a context switch that would just shuffle tasks around cores */
@@ -13324,6 +17170,9 @@ BaseType_t xTaskIncrementTick( void )
                         }
                     }
                 }
+
+
+
                 {
                     /* Guard against the tick hook being called when the pended tick
                      * count is being unwound (when the scheduler is being unlocked). */
@@ -13336,6 +17185,9 @@ BaseType_t xTaskIncrementTick( void )
                                                 ;
                     }
                 }
+
+
+
                 {
                     for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) 1; x++ )
                     {
@@ -13349,11 +17201,19 @@ BaseType_t xTaskIncrementTick( void )
                         }
                     }
                 }
+
+
+
                 {
                     BaseType_t xCoreID;
+
                     xCoreID = 0;
+
                     for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) 1; x++ )
                     {
+
+
+
                         {
                             if( xCoreYieldList[ x ] != ( ( BaseType_t ) 0 ) )
                             {
@@ -13373,25 +17233,35 @@ BaseType_t xTaskIncrementTick( void )
                         }
                     }
                 }
+
         }
         else
         {
             ++xPendedTicks;
+
             /* The tick hook gets called at regular intervals, even if the
              * scheduler is locked. */
+
                 {
                     vApplicationTickHook();
                 }
+
         }
     }
     vTaskExitCritical();
+
     return xSwitchRequired;
 }
 /*-----------------------------------------------------------*/
+// # 3711 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
 /*-----------------------------------------------------------*/
+// # 3735 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
 /*-----------------------------------------------------------*/
+// # 3760 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
 /*-----------------------------------------------------------*/
+// # 3793 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
 /*-----------------------------------------------------------*/
+
 void vTaskSwitchContext( BaseType_t xCoreID )
 {
     /* Acquire both locks:
@@ -13401,12 +17271,14 @@ void vTaskSwitchContext( BaseType_t xCoreID )
      *  suspended the scheduler. We don't want to simply set xYieldPending
      *  and move on if another core suspended the scheduler. We should only
      *  do that if the current core has suspended the scheduler. */
+
     vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 1 )); /* Must always acquire the task lock first */
     vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 1 ));
     {
         /* vTaskSwitchContext() must never be called from within a critical section.
          * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */
         (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn(__func__, "tasks.c", 3810, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
+
         if( uxSchedulerSuspended != ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
         {
             /* The scheduler is currently suspended - do not allow a context
@@ -13417,69 +17289,95 @@ void vTaskSwitchContext( BaseType_t xCoreID )
         {
             xYieldPendings[ xCoreID ] = ( ( BaseType_t ) 0 );
                                     ;
+// # 3851 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
             /* Check for stack overflow, if configured. */
             { const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } };
+
             /* Before the currently running task is switched out, save its errno. */
+
+
+
+
+
+
             /* Select a new task to run using either the generic C or port
              * optimised asm code. */
             ( void ) prvSelectHighestPriorityTask( xCoreID );
                                    ;
+
             /* After the new task is switched in, update the global errno. */
+// # 3882 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
         }
     }
     vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 0 ));
     vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 0 ));
 }
 /*-----------------------------------------------------------*/
+
 void vTaskPlaceOnEventList( List_t * const pxEventList,
                             const TickType_t xTicksToWait )
 {
     (__builtin_expect(!(pxEventList), 0) ? __assert_rtn(__func__, "tasks.c", 3892, "pxEventList") : (void)0);
+
     /* THIS FUNCTION MUST BE CALLED WITH EITHER INTERRUPTS DISABLED OR THE
      * SCHEDULER SUSPENDED AND THE QUEUE BEING ACCESSED LOCKED. */
+
     /* Place the event list item of the TCB in the appropriate event list.
      * This is placed in the list in priority order so the highest priority task
      * is the first to be woken by the event.  The queue that contains the event
      * list is locked, preventing simultaneous access from interrupts. */
     vListInsert( pxEventList, &( xTaskGetCurrentTaskHandle()->xEventListItem ) );
+
     prvAddCurrentTaskToDelayedList( xTicksToWait, ( ( BaseType_t ) 1 ) );
 }
 /*-----------------------------------------------------------*/
+
 void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                      const TickType_t xItemValue,
                                      const TickType_t xTicksToWait )
 {
     (__builtin_expect(!(pxEventList), 0) ? __assert_rtn(__func__, "tasks.c", 3911, "pxEventList") : (void)0);
+
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event groups implementation. */
     (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn(__func__, "tasks.c", 3915, "uxSchedulerSuspended != 0") : (void)0);
+
     /* Store the item value in the event list item.  It is safe to access the
      * event list item here as interrupts won't access the event list item of a
      * task that is not in the Blocked state. */
     ( ( &( xTaskGetCurrentTaskHandle()->xEventListItem ) )->xItemValue = ( xItemValue | 0x80000000UL ) );
+
     /* Place the event list item of the TCB at the end of the appropriate event
      * list.  It is safe to access the event list here because it is part of an
      * event group implementation - and interrupts don't access event groups
      * directly (instead they access them indirectly by pending function calls to
      * the task level). */
     vListInsertEnd( pxEventList, &( xTaskGetCurrentTaskHandle()->xEventListItem ) );
+
     prvAddCurrentTaskToDelayedList( xTicksToWait, ( ( BaseType_t ) 1 ) );
 }
 /*-----------------------------------------------------------*/
+
+
+
     void vTaskPlaceOnEventListRestricted( List_t * const pxEventList,
                                           TickType_t xTicksToWait,
                                           const BaseType_t xWaitIndefinitely )
     {
         (__builtin_expect(!(pxEventList), 0) ? __assert_rtn(__func__, "tasks.c", 3939, "pxEventList") : (void)0);
+
         /* This function should not be called by application code hence the
          * 'Restricted' in its name.  It is not part of the public API.  It is
          * designed for use by kernel code, and has special calling requirements -
          * it should be called with the scheduler suspended. */
+
+
         /* Place the event list item of the TCB in the appropriate event list.
          * In this case it is assume that this is the only task that is going to
          * be waiting on this event list, so the faster vListInsertEnd() function
          * can be used in place of vListInsert. */
         vListInsertEnd( pxEventList, &( xTaskGetCurrentTaskHandle()->xEventListItem ) );
+
         /* If the task should block indefinitely then set the block time to a
          * value that will be recognised as an indefinite delay inside the
          * prvAddCurrentTaskToDelayedList() function. */
@@ -13487,16 +17385,22 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
         {
             xTicksToWait = ( TickType_t ) 0xffffffffUL;
         }
+
                                                               ;
         prvAddCurrentTaskToDelayedList( xTicksToWait, xWaitIndefinitely );
     }
+
+
 /*-----------------------------------------------------------*/
+
 BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
 {
     TCB_t * pxUnblockedTCB;
     BaseType_t xReturn;
+
     /* THIS FUNCTION MUST BE CALLED FROM A CRITICAL SECTION.  It can also be
      * called from a critical section within an ISR. */
+
     /* The event list is sorted in priority order, so the first in the list can
      * be removed as it is known to be the highest priority.  Remove the TCB from
      * the delayed list, and add it to the ready list.
@@ -13510,10 +17414,12 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
     pxUnblockedTCB = ( ( &( ( pxEventList )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
     (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn(__func__, "tasks.c", 3987, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( &( pxUnblockedTCB->xEventListItem ) );
+
     if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
     {
         ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) );
         ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ;
+// # 4008 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
     }
     else
     {
@@ -13521,41 +17427,55 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
          * pending until the scheduler is resumed. */
         vListInsertEnd( &( xPendingReadyList ), &( pxUnblockedTCB->xEventListItem ) );
     }
+
     xReturn = ( ( BaseType_t ) 0 );
+
         prvYieldForTask( pxUnblockedTCB, ( ( BaseType_t ) 0 ) );
+
         if( xYieldPendings[ 0 ] != ( ( BaseType_t ) 0 ) )
         {
             xReturn = ( ( BaseType_t ) 1 );
         }
+
+
     return xReturn;
 }
 /*-----------------------------------------------------------*/
+
 void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
                                         const TickType_t xItemValue )
 {
     TCB_t * pxUnblockedTCB;
+
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event flags implementation. */
     (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn(__func__, "tasks.c", 4037, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
+
     /* Store the new item value in the event list. */
     ( ( pxEventListItem )->xItemValue = ( xItemValue | 0x80000000UL ) );
+
     /* Remove the event list form the event flag.  Interrupts do not access
      * event flags. */
     pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
     (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn(__func__, "tasks.c", 4045, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( pxEventListItem );
+// # 4062 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
     /* Remove the task from the delayed list and add it to the ready list.  The
      * scheduler is suspended so interrupts will not be accessing the ready
      * lists. */
     ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) );
     ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ;
+
+
         vTaskEnterCritical();
         {
             prvYieldForTask( pxUnblockedTCB, ( ( BaseType_t ) 0 ) );
         }
         vTaskExitCritical();
+
 }
 /*-----------------------------------------------------------*/
+
 void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut )
 {
     (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn(__func__, "tasks.c", 4080, "pxTimeOut") : (void)0);
@@ -13567,6 +17487,7 @@ void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut )
     vTaskExitCritical();
 }
 /*-----------------------------------------------------------*/
+
 void vTaskInternalSetTimeOutState( TimeOut_t * const pxTimeOut )
 {
     /* For internal use only as it does not use a critical section. */
@@ -13574,17 +17495,22 @@ void vTaskInternalSetTimeOutState( TimeOut_t * const pxTimeOut )
     pxTimeOut->xTimeOnEntering = xTickCount;
 }
 /*-----------------------------------------------------------*/
+
 BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
                                  TickType_t * const pxTicksToWait )
 {
     BaseType_t xReturn;
+
     (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn(__func__, "tasks.c", 4103, "pxTimeOut") : (void)0);
     (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn(__func__, "tasks.c", 4104, "pxTicksToWait") : (void)0);
+
     vTaskEnterCritical();
     {
         /* Minor optimisation.  The tick count cannot change in this block. */
         const TickType_t xConstTickCount = xTickCount;
         const TickType_t xElapsedTime = xConstTickCount - pxTimeOut->xTimeOnEntering;
+
+
             if( xTaskGetCurrentTaskHandle()->ucDelayAborted != ( uint8_t ) ( ( BaseType_t ) 0 ) )
             {
                 /* The delay was aborted, which is not the same as a time out,
@@ -13593,6 +17519,9 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
                 xReturn = ( ( BaseType_t ) 1 );
             }
             else
+
+
+
             if( *pxTicksToWait == ( TickType_t ) 0xffffffffUL )
             {
                 /* If INCLUDE_vTaskSuspend is set to 1 and the block time
@@ -13601,6 +17530,8 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
                 xReturn = ( ( BaseType_t ) 0 );
             }
             else
+
+
         if( ( xNumOfOverflows != pxTimeOut->xOverflowCount ) && ( xConstTickCount >= pxTimeOut->xTimeOnEntering ) ) /*lint !e525 Indentation preferred as is to make code within pre-processor directives clearer. */
         {
             /* The tick count is greater than the time at which
@@ -13625,19 +17556,25 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
         }
     }
     vTaskExitCritical();
+
     return xReturn;
 }
 /*-----------------------------------------------------------*/
+
 void vTaskMissedYield( void )
 {
     /* Must be called from within a critical section */
     xYieldPendings[ 0 ] = ( ( BaseType_t ) 1 );
 }
 /*-----------------------------------------------------------*/
+
+
+
     UBaseType_t uxTaskGetTaskNumber( TaskHandle_t xTask )
     {
         UBaseType_t uxReturn;
         TCB_t const * pxTCB;
+
         if( xTask != ((void*)0) )
         {
             pxTCB = xTask;
@@ -13647,19 +17584,29 @@ void vTaskMissedYield( void )
         {
             uxReturn = 0U;
         }
+
         return uxReturn;
     }
+
+
 /*-----------------------------------------------------------*/
+
+
+
     void vTaskSetTaskNumber( TaskHandle_t xTask,
                              const UBaseType_t uxHandle )
     {
         TCB_t * pxTCB;
+
         if( xTask != ((void*)0) )
         {
             pxTCB = xTask;
             pxTCB->uxTaskNumber = uxHandle;
         }
     }
+
+
+
 /*
  * -----------------------------------------------------------
  * The MinimalIdle task.
@@ -13670,6 +17617,7 @@ void vTaskMissedYield( void )
  *
  * @todo additional conditional compiles to remove this function.
  */
+// # 4279 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
 /*
  * -----------------------------------------------------------
  * The Idle task.
@@ -13681,20 +17629,25 @@ static void prvIdleTask( void * pvParameters )
 {
     /* Stop warnings. */
     ( void ) pvParameters;
+
     /** THIS IS THE RTOS IDLE TASK - WHICH IS CREATED AUTOMATICALLY WHEN THE
      * SCHEDULER IS STARTED. **/
+
     /* In case a task that has a secure context deletes itself, in which case
      * the idle task is responsible for deleting the task's secure context, if
      * any. */
                                                                   ;
+
     /* All cores start up in the idle task. This initial yield gets the application
      * tasks started. */
     vPortYield();
+
     for( ; ; )
     {
         /* See if any tasks have deleted themselves - if so then the idle task
          * is responsible for freeing the deleted task's TCB and stack. */
         prvCheckTasksWaitingTermination();
+// # 4320 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
             {
                 /* When using preemption tasks of equal priority will be
                  * timesliced.  If a task that is sharing the idle priority is ready
@@ -13715,19 +17668,26 @@ static void prvIdleTask( void * pvParameters )
                                             ;
                 }
             }
+// # 4356 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
         /* This conditional compilation should use inequality to 0, not equality
          * to 1.  This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when
          * user defined low power mode  implementations require
          * configUSE_TICKLESS_IDLE to be set to a value other than 1. */
+// # 4421 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
     }
 }
 /*-----------------------------------------------------------*/
+// # 4471 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
 /*-----------------------------------------------------------*/
+
+
+
     void vTaskSetThreadLocalStoragePointer( TaskHandle_t xTaskToSet,
                                             BaseType_t xIndex,
                                             void * pvValue )
     {
         TCB_t * pxTCB;
+
         if( xIndex < 5 )
         {
             pxTCB = ( ( ( xTaskToSet ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSet ) );
@@ -13735,12 +17695,18 @@ static void prvIdleTask( void * pvParameters )
             pxTCB->pvThreadLocalStoragePointers[ xIndex ] = pvValue;
         }
     }
+
+
 /*-----------------------------------------------------------*/
+
+
+
     void * pvTaskGetThreadLocalStoragePointer( TaskHandle_t xTaskToQuery,
                                                BaseType_t xIndex )
     {
         void * pvReturn = ((void*)0);
         TCB_t * pxTCB;
+
         if( xIndex < 5 )
         {
             pxTCB = ( ( ( xTaskToQuery ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTaskToQuery ) );
@@ -13750,37 +17716,55 @@ static void prvIdleTask( void * pvParameters )
         {
             pvReturn = ((void*)0);
         }
+
         return pvReturn;
     }
+
+
 /*-----------------------------------------------------------*/
+// # 4531 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
 /*-----------------------------------------------------------*/
+
 static void prvInitialiseTaskLists( void )
 {
     UBaseType_t uxPriority;
+
     for( uxPriority = ( UBaseType_t ) 0U; uxPriority < ( UBaseType_t ) 32; uxPriority++ )
     {
         vListInitialise( &( pxReadyTasksLists[ uxPriority ] ) );
     }
+
     vListInitialise( &xDelayedTaskList1 );
     vListInitialise( &xDelayedTaskList2 );
     vListInitialise( &xPendingReadyList );
+
+
         {
             vListInitialise( &xTasksWaitingTermination );
         }
+
+
+
         {
             vListInitialise( &xSuspendedTaskList );
         }
+
+
     /* Start with pxDelayedTaskList using list1 and the pxOverflowDelayedTaskList
      * using list2. */
     pxDelayedTaskList = &xDelayedTaskList1;
     pxOverflowDelayedTaskList = &xDelayedTaskList2;
 }
 /*-----------------------------------------------------------*/
+
 static void prvCheckTasksWaitingTermination( void )
 {
     /** THIS FUNCTION IS CALLED FROM THE RTOS IDLE TASK **/
+
+
         {
             TCB_t * pxTCB;
+
             /* uxDeletedTasksWaitingCleanUp is used to prevent taskENTER_CRITICAL()
              * being called too often in the idle task. */
             while( uxDeletedTasksWaitingCleanUp > ( UBaseType_t ) 0U )
@@ -13793,6 +17777,7 @@ static void prvCheckTasksWaitingTermination( void )
                     if( uxDeletedTasksWaitingCleanUp > ( UBaseType_t ) 0U )
                     {
                         pxTCB = ( ( &( ( ( &xTasksWaitingTermination ) )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
+
                         if( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -1 ) )
                         {
                             ( void ) uxListRemove( &( pxTCB->xStateListItem ) );
@@ -13813,27 +17798,38 @@ static void prvCheckTasksWaitingTermination( void )
                 vTaskExitCritical();
             }
         }
+
 }
 /*-----------------------------------------------------------*/
+
+
+
     void vTaskGetInfo( TaskHandle_t xTask,
                        TaskStatus_t * pxTaskStatus,
                        BaseType_t xGetFreeStackSpace,
                        eTaskState eState )
     {
         TCB_t * pxTCB;
+
         /* xTask is NULL then get the state of the calling task. */
         pxTCB = ( ( ( xTask ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTask ) );
+
         pxTaskStatus->xHandle = ( TaskHandle_t ) pxTCB;
         pxTaskStatus->pcTaskName = ( const char * ) &( pxTCB->pcTaskName[ 0 ] );
         pxTaskStatus->uxCurrentPriority = pxTCB->uxPriority;
         pxTaskStatus->pxStackBase = pxTCB->pxStack;
         pxTaskStatus->xTaskNumber = pxTCB->uxTCBNumber;
+
+
             {
                 pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority;
             }
+// # 4643 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
             {
                 pxTaskStatus->ulRunTimeCounter = 0;
             }
+
+
         /* Obtaining the task state is a little fiddly, so is only done if the
          * value of eState passed into this function is eInvalid - otherwise the
          * state is just set to whatever is passed in. */
@@ -13846,6 +17842,8 @@ static void prvCheckTasksWaitingTermination( void )
             else
             {
                 pxTaskStatus->eCurrentState = eState;
+
+
                     {
                         /* If the task is in the suspended list then there is a
                          *  chance it is actually just blocked indefinitely - so really
@@ -13862,35 +17860,50 @@ static void prvCheckTasksWaitingTermination( void )
                             ( void ) xTaskResumeAll();
                         }
                     }
+
             }
         }
         else
         {
             pxTaskStatus->eCurrentState = eTaskGetState( pxTCB );
         }
+
         /* Obtaining the stack space takes some time, so the xGetFreeStackSpace
          * parameter is provided to allow it to be skipped. */
         if( xGetFreeStackSpace != ( ( BaseType_t ) 0 ) )
         {
+
+
+
+
+
                 {
                     pxTaskStatus->usStackHighWaterMark = prvTaskCheckFreeStackSpace( ( uint8_t * ) pxTCB->pxStack );
                 }
+
         }
         else
         {
             pxTaskStatus->usStackHighWaterMark = 0;
         }
     }
+
+
 /*-----------------------------------------------------------*/
+
+
+
     static UBaseType_t prvListTasksWithinSingleList( TaskStatus_t * pxTaskStatusArray,
                                                      List_t * pxList,
                                                      eTaskState eState )
     {
                             TCB_t * pxNextTCB, * pxFirstTCB;
         UBaseType_t uxTask = 0;
+
         if( ( ( pxList )->uxNumberOfItems ) > ( UBaseType_t ) 0 )
         {
             { List_t * const pxConstList = ( pxList ); ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; if( ( void * ) ( pxConstList )->pxIndex == ( void * ) &( ( pxConstList )->xListEnd ) ) { ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; } ( pxFirstTCB ) = ( pxConstList )->pxIndex->pvOwner; }; /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
+
             /* Populate an TaskStatus_t structure within the
              * pxTaskStatusArray array for each task that is referenced from
              * pxList.  See the definition of TaskStatus_t in task.h for the
@@ -13906,53 +17919,95 @@ static void prvCheckTasksWaitingTermination( void )
         {
                                     ;
         }
+
         return uxTask;
     }
+
+
 /*-----------------------------------------------------------*/
+
+
+
     static uint32_t prvTaskCheckFreeStackSpace( const uint8_t * pucStackByte )
     {
         uint32_t ulCount = 0U;
+
         while( *pucStackByte == ( uint8_t ) ( 0xa5U ) )
         {
             pucStackByte -= ( -1 );
             ulCount++;
         }
+
         ulCount /= ( uint32_t ) sizeof( StackType_t ); /*lint !e961 Casting is not redundant on smaller architectures. */
+
         return ( uint32_t ) ulCount;
     }
+
+
 /*-----------------------------------------------------------*/
+// # 4802 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
 /*-----------------------------------------------------------*/
+
+
+
     UBaseType_t uxTaskGetStackHighWaterMark( TaskHandle_t xTask )
     {
         TCB_t * pxTCB;
         uint8_t * pucEndOfStack;
         UBaseType_t uxReturn;
+
         pxTCB = ( ( ( xTask ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTask ) );
+
+
             {
                 pucEndOfStack = ( uint8_t * ) pxTCB->pxStack;
             }
+
+
+
+
+
+
         uxReturn = ( UBaseType_t ) prvTaskCheckFreeStackSpace( pucEndOfStack );
+
         return uxReturn;
     }
+
+
 /*-----------------------------------------------------------*/
+
+
+
     static void prvDeleteTCB( TCB_t * pxTCB )
     {
         /* This call is required specifically for the TriCore port.  It must be
          * above the vPortFree() calls.  The call is also used by ports/demos that
          * want to allocate and clean RAM statically. */
         ( void ) pxTCB;
+
         /* Free up the memory allocated by the scheduler for the task.  It is up
          * to the task to free any memory allocated at the application level.
          * See the third party link http://www.nadler.com/embedded/newlibAndFreeRTOS.html
          * for additional information. */
+
+
+
+
+
+
+
             {
                 /* The task can only have been allocated dynamically - free both
                  * the stack and TCB. */
                 vPortFree( pxTCB->pxStack );
                 vPortFree( pxTCB );
             }
+// # 4885 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
     }
+
+
 /*-----------------------------------------------------------*/
+
 static void prvResetNextTaskUnblockTime( void )
 {
     if( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) != ( ( BaseType_t ) 0 ) )
@@ -13973,28 +18028,42 @@ static void prvResetNextTaskUnblockTime( void )
     }
 }
 /*-----------------------------------------------------------*/
+
+
+
     TaskHandle_t xTaskGetCurrentTaskHandle( void )
     {
         TaskHandle_t xReturn;
         uint32_t ulState;
+
         ulState = ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;});
         xReturn = pxCurrentTCBs[ 0 ];
         __asm volatile ("msr PRIMASK,%0"::"r" (ulState) : );
+
         return xReturn;
     }
+
     TaskHandle_t xTaskGetCurrentTaskHandleCPU( UBaseType_t xCoreID )
     {
         TaskHandle_t xReturn = ((void*)0);
+
         if( ( ( BaseType_t ) ( ( 0 <= xCoreID ) && ( xCoreID < 1 ) ) ) != ( ( BaseType_t ) 0 ) )
         {
             xReturn = pxCurrentTCBs[ xCoreID ];
         }
+
         return xReturn;
     }
+
+
 /*-----------------------------------------------------------*/
+
+
+
     BaseType_t xTaskGetSchedulerState( void )
     {
         BaseType_t xReturn;
+
         if( xSchedulerRunning == ( ( BaseType_t ) 0 ) )
         {
             xReturn = ( ( BaseType_t ) 1 );
@@ -14014,13 +18083,20 @@ static void prvResetNextTaskUnblockTime( void )
             }
             vTaskExitCritical();
         }
+
         return xReturn;
     }
+
+
 /*-----------------------------------------------------------*/
+
+
+
     BaseType_t xTaskPriorityInherit( TaskHandle_t const pxMutexHolder )
     {
         TCB_t * const pxMutexHolderTCB = pxMutexHolder;
         BaseType_t xReturn = ( ( BaseType_t ) 0 );
+
         /* If the mutex was given back by an interrupt while the queue was
          * locked then the mutex holder might now be NULL.  _RB_ Is this still
          * needed as interrupts can no longer use mutexes? */
@@ -14042,6 +18118,7 @@ static void prvResetNextTaskUnblockTime( void )
                 {
                                             ;
                 }
+
                 /* If the task being modified is in the ready state it will need
                  * to be moved into a new list. */
                 if( ( ( ( &( pxMutexHolderTCB->xStateListItem ) )->pxContainer == ( &( pxReadyTasksLists[ pxMutexHolderTCB->uxPriority ] ) ) ) ? ( ( ( BaseType_t ) 1 ) ) : ( ( ( BaseType_t ) 0 ) ) ) != ( ( BaseType_t ) 0 ) )
@@ -14057,6 +18134,7 @@ static void prvResetNextTaskUnblockTime( void )
                     {
                                                 ;
                     }
+
                     /* Inherit the priority before being moved into the new list. */
                     pxMutexHolderTCB->uxPriority = xTaskGetCurrentTaskHandle()->uxPriority;
                     ; { if( ( ( pxMutexHolderTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxMutexHolderTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxMutexHolderTCB )->uxPriority ] ), &( ( pxMutexHolderTCB )->xStateListItem ) ); ;
@@ -14066,7 +18144,9 @@ static void prvResetNextTaskUnblockTime( void )
                     /* Just inherit the priority. */
                     pxMutexHolderTCB->uxPriority = xTaskGetCurrentTaskHandle()->uxPriority;
                 }
+
                                                                                         ;
+
                 /* Inheritance occurred. */
                 xReturn = ( ( BaseType_t ) 1 );
             }
@@ -14093,13 +18173,20 @@ static void prvResetNextTaskUnblockTime( void )
         {
                                     ;
         }
+
         return xReturn;
     }
+
+
 /*-----------------------------------------------------------*/
+
+
+
     BaseType_t xTaskPriorityDisinherit( TaskHandle_t const pxMutexHolder )
     {
         TCB_t * const pxTCB = pxMutexHolder;
         BaseType_t xReturn = ( ( BaseType_t ) 0 );
+
         if( pxMutexHolder != ((void*)0) )
         {
             /* A task can only have an inherited priority if it holds the mutex.
@@ -14109,6 +18196,7 @@ static void prvResetNextTaskUnblockTime( void )
             (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn(__func__, "tasks.c", 5075, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
             (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn(__func__, "tasks.c", 5076, "pxTCB->uxMutexesHeld") : (void)0);
             ( pxTCB->uxMutexesHeld )--;
+
             /* Has the holder of the mutex inherited the priority of another
              * task? */
             if( pxTCB->uxPriority != pxTCB->uxBasePriority )
@@ -14129,15 +18217,18 @@ static void prvResetNextTaskUnblockTime( void )
                     {
                                                 ;
                     }
+
                     /* Disinherit the priority before adding the task into the
                      * new  ready list. */
                                                                                  ;
                     pxTCB->uxPriority = pxTCB->uxBasePriority;
+
                     /* Reset the event list item value.  It cannot be in use for
                      * any other purpose if this task is running, and it must be
                      * running to give back the mutex. */
                     ( ( &( pxTCB->xEventListItem ) )->xItemValue = ( ( TickType_t ) 32 - ( TickType_t ) pxTCB->uxPriority ) ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */
                     ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
+
                     /* Return true to indicate that a context switch is required.
                      * This is only actually required in the corner case whereby
                      * multiple mutexes were held and the mutexes were given back
@@ -14162,20 +18253,28 @@ static void prvResetNextTaskUnblockTime( void )
         {
                                     ;
         }
+
         return xReturn;
     }
+
+
 /*-----------------------------------------------------------*/
+
+
+
     void vTaskPriorityDisinheritAfterTimeout( TaskHandle_t const pxMutexHolder,
                                               UBaseType_t uxHighestPriorityWaitingTask )
     {
         TCB_t * const pxTCB = pxMutexHolder;
         UBaseType_t uxPriorityUsedOnEntry, uxPriorityToUse;
         const UBaseType_t uxOnlyOneMutexHeld = ( UBaseType_t ) 1;
+
         if( pxMutexHolder != ((void*)0) )
         {
             /* If pxMutexHolder is not NULL then the holder must hold at least
              * one mutex. */
             (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn(__func__, "tasks.c", 5155, "pxTCB->uxMutexesHeld") : (void)0);
+
             /* Determine the priority to which the priority of the task that
              * holds the mutex should be set.  This will be the greater of the
              * holding task's base priority and the priority of the highest
@@ -14188,6 +18287,7 @@ static void prvResetNextTaskUnblockTime( void )
             {
                 uxPriorityToUse = pxTCB->uxBasePriority;
             }
+
             /* Does the priority need to change? */
             if( pxTCB->uxPriority != uxPriorityToUse )
             {
@@ -14201,12 +18301,14 @@ static void prvResetNextTaskUnblockTime( void )
                      * mutex it was trying to obtain then it cannot of inherited
                      * its own priority. */
                     (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn(__func__, "tasks.c", 5182, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
+
                     /* Disinherit the priority, remembering the previous
                      * priority to facilitate determining the subject task's
                      * state. */
                                                                            ;
                     uxPriorityUsedOnEntry = pxTCB->uxPriority;
                     pxTCB->uxPriority = uxPriorityToUse;
+
                     /* Only reset the event list item value if the value is not
                      * being used for anything else. */
                     if( ( ( ( &( pxTCB->xEventListItem ) )->xItemValue ) & 0x80000000UL ) == 0UL )
@@ -14217,6 +18319,7 @@ static void prvResetNextTaskUnblockTime( void )
                     {
                                                 ;
                     }
+
                     /* If the running task is not the task that holds the mutex
                      * then the task that holds the mutex could be in either the
                      * Ready, Blocked or Suspended states.  Only remove the task
@@ -14236,6 +18339,7 @@ static void prvResetNextTaskUnblockTime( void )
                         {
                                                     ;
                         }
+
                         ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
                     }
                     else
@@ -14258,7 +18362,10 @@ static void prvResetNextTaskUnblockTime( void )
                                     ;
         }
     }
+
+
 /*-----------------------------------------------------------*/
+
 /*
  * If not in a critical section then yield immediately.
  * Otherwise set xYieldPending to true to wait to
@@ -14276,9 +18383,13 @@ void vTaskYieldWithinAPI( void )
     }
 }
 /*-----------------------------------------------------------*/
+
+
+
     void vTaskEnterCritical( void )
     {
         ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;});
+
         if( xSchedulerRunning != ( ( BaseType_t ) 0 ) )
         {
             if( xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0U )
@@ -14287,13 +18398,17 @@ void vTaskYieldWithinAPI( void )
                 {
                     vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 1 ));
                 }
+
                 vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 1 ));
             }
+
             ( xTaskGetCurrentTaskHandle()->uxCriticalNesting )++;
+
             /* This should now be interrupt safe. The only time there would be
              * a problem is if this is called before a context switch and
              * vTaskExitCritical() is called after pxCurrentTCB changes. Therefore
              * this should not be used within vTaskSwitchContext(). */
+
             if( ( uxSchedulerSuspended == 0U ) && ( xTaskGetCurrentTaskHandle()->uxCriticalNesting == 1U ) )
             {
                 prvCheckForRunStateChange();
@@ -14304,7 +18419,12 @@ void vTaskYieldWithinAPI( void )
                                     ;
         }
     }
+
+
 /*-----------------------------------------------------------*/
+
+
+
     void vTaskExitCritical( void )
     {
         if( xSchedulerRunning != ( ( BaseType_t ) 0 ) )
@@ -14312,16 +18432,20 @@ void vTaskYieldWithinAPI( void )
             /* If pxCurrentTCB->uxCriticalNesting is zero then this function
              * does not match a previous call to vTaskEnterCritical(). */
             (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn(__func__, "tasks.c", 5313, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+
             if( xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U )
             {
                 ( xTaskGetCurrentTaskHandle()->uxCriticalNesting )--;
+
                 if( xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0U )
                 {
                     vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 0 ));
+
                     if( ({ uint32_t ulIPSR; __asm volatile ("mrs %0, IPSR" : "=r" (ulIPSR)::); ((uint8_t)ulIPSR)>0;}) == ( ( BaseType_t ) 0 ) )
                     {
                         vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 0 ));
                         vPortEnableInterrupts();
+
                         /* When a task yields in a critical section it just sets
                          * xYieldPending to true. So now that we have exited the
                          * critical section check if xYieldPending is true, and
@@ -14354,20 +18478,32 @@ void vTaskYieldWithinAPI( void )
                                     ;
         }
     }
+
+
 /*-----------------------------------------------------------*/
+// # 5389 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
 /*-----------------------------------------------------------*/
+// # 5495 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
 /*----------------------------------------------------------*/
+// # 5622 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
 /*-----------------------------------------------------------*/
+
 TickType_t uxTaskResetEventItemValue( void )
 {
     TickType_t uxReturn;
+
     uxReturn = ( ( &( xTaskGetCurrentTaskHandle()->xEventListItem ) )->xItemValue );
+
     /* Reset the event list item to its normal value - so it can be used with
      * queues and semaphores. */
     ( ( &( xTaskGetCurrentTaskHandle()->xEventListItem ) )->xItemValue = ( ( ( TickType_t ) 32 - ( TickType_t ) xTaskGetCurrentTaskHandle()->uxPriority ) ) ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */
+
     return uxReturn;
 }
 /*-----------------------------------------------------------*/
+
+
+
     TaskHandle_t pvTaskIncrementMutexHeldCount( void )
     {
         /* If xSemaphoreCreateMutex() is called before any tasks have been created
@@ -14376,15 +18512,23 @@ TickType_t uxTaskResetEventItemValue( void )
         {
             ( xTaskGetCurrentTaskHandle()->uxMutexesHeld )++;
         }
+
         return xTaskGetCurrentTaskHandle();
     }
+
+
 /*-----------------------------------------------------------*/
+
+
+
     uint32_t ulTaskGenericNotifyTake( UBaseType_t uxIndexToWait,
                                       BaseType_t xClearCountOnExit,
                                       TickType_t xTicksToWait )
     {
         uint32_t ulReturn;
+
         (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn(__func__, "tasks.c", 5663, "uxIndexToWait < 1") : (void)0);
+
         vTaskEnterCritical();
         {
             /* Only block if the notification count is not already non-zero. */
@@ -14392,10 +18536,12 @@ TickType_t uxTaskResetEventItemValue( void )
             {
                 /* Mark this task as waiting for a notification. */
                 xTaskGetCurrentTaskHandle()->ucNotifyState[ uxIndexToWait ] = ( ( uint8_t ) 1 );
+
                 if( xTicksToWait > ( TickType_t ) 0 )
                 {
                     prvAddCurrentTaskToDelayedList( xTicksToWait, ( ( BaseType_t ) 1 ) );
                                                                 ;
+
                     /* All ports are written to allow a yield in a critical
                      * section (some will yield immediately, others wait until the
                      * critical section exits) - but it is not something that
@@ -14413,10 +18559,12 @@ TickType_t uxTaskResetEventItemValue( void )
             }
         }
         vTaskExitCritical();
+
         vTaskEnterCritical();
         {
                                                   ;
             ulReturn = xTaskGetCurrentTaskHandle()->ulNotifiedValue[ uxIndexToWait ];
+
             if( ulReturn != 0UL )
             {
                 if( xClearCountOnExit != ( ( BaseType_t ) 0 ) )
@@ -14432,12 +18580,19 @@ TickType_t uxTaskResetEventItemValue( void )
             {
                                         ;
             }
+
             xTaskGetCurrentTaskHandle()->ucNotifyState[ uxIndexToWait ] = ( ( uint8_t ) 0 );
         }
         vTaskExitCritical();
+
         return ulReturn;
     }
+
+
 /*-----------------------------------------------------------*/
+
+
+
     BaseType_t xTaskGenericNotifyWait( UBaseType_t uxIndexToWait,
                                        uint32_t ulBitsToClearOnEntry,
                                        uint32_t ulBitsToClearOnExit,
@@ -14445,7 +18600,9 @@ TickType_t uxTaskResetEventItemValue( void )
                                        TickType_t xTicksToWait )
     {
         BaseType_t xReturn;
+
         (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn(__func__, "tasks.c", 5737, "uxIndexToWait < 1") : (void)0);
+
         vTaskEnterCritical();
         {
             /* Only block if a notification is not already pending. */
@@ -14455,12 +18612,15 @@ TickType_t uxTaskResetEventItemValue( void )
                  * set  by the notifying task or interrupt.  This can be used to
                  * clear the value to zero. */
                 xTaskGetCurrentTaskHandle()->ulNotifiedValue[ uxIndexToWait ] &= ~ulBitsToClearOnEntry;
+
                 /* Mark this task as waiting for a notification. */
                 xTaskGetCurrentTaskHandle()->ucNotifyState[ uxIndexToWait ] = ( ( uint8_t ) 1 );
+
                 if( xTicksToWait > ( TickType_t ) 0 )
                 {
                     prvAddCurrentTaskToDelayedList( xTicksToWait, ( ( BaseType_t ) 1 ) );
                                                                 ;
+
                     /* All ports are written to allow a yield in a critical
                      * section (some will yield immediately, others wait until the
                      * critical section exits) - but it is not something that
@@ -14478,15 +18638,18 @@ TickType_t uxTaskResetEventItemValue( void )
             }
         }
         vTaskExitCritical();
+
         vTaskEnterCritical();
         {
                                                   ;
+
             if( pulNotificationValue != ((void*)0) )
             {
                 /* Output the current notification value, which may or may not
                  * have changed. */
                 *pulNotificationValue = xTaskGetCurrentTaskHandle()->ulNotifiedValue[ uxIndexToWait ];
             }
+
             /* If ucNotifyValue is set then either the task never entered the
              * blocked state (because a notification was already pending) or the
              * task unblocked because of a notification.  Otherwise the task
@@ -14503,12 +18666,19 @@ TickType_t uxTaskResetEventItemValue( void )
                 xTaskGetCurrentTaskHandle()->ulNotifiedValue[ uxIndexToWait ] &= ~ulBitsToClearOnExit;
                 xReturn = ( ( BaseType_t ) 1 );
             }
+
             xTaskGetCurrentTaskHandle()->ucNotifyState[ uxIndexToWait ] = ( ( uint8_t ) 0 );
         }
         vTaskExitCritical();
+
         return xReturn;
     }
+
+
 /*-----------------------------------------------------------*/
+
+
+
     BaseType_t xTaskGenericNotify( TaskHandle_t xTaskToNotify,
                                    UBaseType_t uxIndexToNotify,
                                    uint32_t ulValue,
@@ -14518,29 +18688,38 @@ TickType_t uxTaskResetEventItemValue( void )
         TCB_t * pxTCB;
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         uint8_t ucOriginalNotifyState;
+
         (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn(__func__, "tasks.c", 5825, "uxIndexToNotify < 1") : (void)0);
         (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn(__func__, "tasks.c", 5826, "xTaskToNotify") : (void)0);
         pxTCB = xTaskToNotify;
+
         vTaskEnterCritical();
         {
             if( pulPreviousNotificationValue != ((void*)0) )
             {
                 *pulPreviousNotificationValue = pxTCB->ulNotifiedValue[ uxIndexToNotify ];
             }
+
             ucOriginalNotifyState = pxTCB->ucNotifyState[ uxIndexToNotify ];
+
             pxTCB->ucNotifyState[ uxIndexToNotify ] = ( ( uint8_t ) 2 );
+
             switch( eAction )
             {
                 case eSetBits:
                     pxTCB->ulNotifiedValue[ uxIndexToNotify ] |= ulValue;
                     break;
+
                 case eIncrement:
                     ( pxTCB->ulNotifiedValue[ uxIndexToNotify ] )++;
                     break;
+
                 case eSetValueWithOverwrite:
                     pxTCB->ulNotifiedValue[ uxIndexToNotify ] = ulValue;
                     break;
+
                 case eSetValueWithoutOverwrite:
+
                     if( ucOriginalNotifyState != ( ( uint8_t ) 2 ) )
                     {
                         pxTCB->ulNotifiedValue[ uxIndexToNotify ] = ulValue;
@@ -14550,30 +18729,41 @@ TickType_t uxTaskResetEventItemValue( void )
                         /* The value could not be written to the task. */
                         xReturn = ( ( ( BaseType_t ) 0 ) );
                     }
+
                     break;
+
                 case eNoAction:
+
                     /* The task is being notified without its notify value being
                      * updated. */
                     break;
+
                 default:
+
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
                     (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn(__func__, "tasks.c", 5879, "xTickCount == ( TickType_t ) 0") : (void)0);
+
                     break;
             }
+
                                                ;
+
             /* If the task is in the blocked state specifically to wait for a
              * notification then unblock it now. */
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 ( void ) uxListRemove( &( pxTCB->xStateListItem ) );
                 ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
+
                 /* The task should not have been on an event list. */
                 (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0)), 0) ? __assert_rtn(__func__, "tasks.c", 5894, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0)") : (void)0);
+// # 5913 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
                     {
                         prvYieldForTask( pxTCB, ( ( BaseType_t ) 0 ) );
                     }
+
             }
             else
             {
@@ -14581,9 +18771,15 @@ TickType_t uxTaskResetEventItemValue( void )
             }
         }
         vTaskExitCritical();
+
         return xReturn;
     }
+
+
 /*-----------------------------------------------------------*/
+
+
+
     BaseType_t xTaskGenericNotifyFromISR( TaskHandle_t xTaskToNotify,
                                           UBaseType_t uxIndexToNotify,
                                           uint32_t ulValue,
@@ -14595,8 +18791,10 @@ TickType_t uxTaskResetEventItemValue( void )
         uint8_t ucOriginalNotifyState;
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         UBaseType_t uxSavedInterruptStatus;
+
         (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn(__func__, "tasks.c", 5945, "xTaskToNotify") : (void)0);
         (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn(__func__, "tasks.c", 5946, "uxIndexToNotify < 1") : (void)0);
+
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
          * Interrupts that are  above the maximum system call priority are keep
@@ -14614,27 +18812,35 @@ TickType_t uxTaskResetEventItemValue( void )
          * provided on the following link:
          * https://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html */
                                                   ;
+
         pxTCB = xTaskToNotify;
+
         uxSavedInterruptStatus = ({ uint32_t ulStateISR = ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;}); vTaskEnterCritical(); ulStateISR; });
         {
             if( pulPreviousNotificationValue != ((void*)0) )
             {
                 *pulPreviousNotificationValue = pxTCB->ulNotifiedValue[ uxIndexToNotify ];
             }
+
             ucOriginalNotifyState = pxTCB->ucNotifyState[ uxIndexToNotify ];
             pxTCB->ucNotifyState[ uxIndexToNotify ] = ( ( uint8_t ) 2 );
+
             switch( eAction )
             {
                 case eSetBits:
                     pxTCB->ulNotifiedValue[ uxIndexToNotify ] |= ulValue;
                     break;
+
                 case eIncrement:
                     ( pxTCB->ulNotifiedValue[ uxIndexToNotify ] )++;
                     break;
+
                 case eSetValueWithOverwrite:
                     pxTCB->ulNotifiedValue[ uxIndexToNotify ] = ulValue;
                     break;
+
                 case eSetValueWithoutOverwrite:
+
                     if( ucOriginalNotifyState != ( ( uint8_t ) 2 ) )
                     {
                         pxTCB->ulNotifiedValue[ uxIndexToNotify ] = ulValue;
@@ -14644,25 +18850,33 @@ TickType_t uxTaskResetEventItemValue( void )
                         /* The value could not be written to the task. */
                         xReturn = ( ( ( BaseType_t ) 0 ) );
                     }
+
                     break;
+
                 case eNoAction:
+
                     /* The task is being notified without its notify value being
                      * updated. */
                     break;
+
                 default:
+
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
                     (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn(__func__, "tasks.c", 6017, "xTickCount == ( TickType_t ) 0") : (void)0);
                     break;
             }
+
                                                         ;
+
             /* If the task is in the blocked state specifically to wait for a
              * notification then unblock it now. */
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
                 (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0)), 0) ? __assert_rtn(__func__, "tasks.c", 6028, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0)") : (void)0);
+
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
                     ( void ) uxListRemove( &( pxTCB->xStateListItem ) );
@@ -14674,7 +18888,10 @@ TickType_t uxTaskResetEventItemValue( void )
                      * this task pending until the scheduler is resumed. */
                     vListInsertEnd( &( xPendingReadyList ), &( pxTCB->xEventListItem ) );
                 }
+
+
                     prvYieldForTask( pxTCB, ( ( BaseType_t ) 0 ) );
+
                     if( xYieldPendings[ 0 ] == ( ( BaseType_t ) 1 ) )
                     {
                         if( pxHigherPriorityTaskWoken != ((void*)0) )
@@ -14682,12 +18899,19 @@ TickType_t uxTaskResetEventItemValue( void )
                             *pxHigherPriorityTaskWoken = ( ( BaseType_t ) 1 );
                         }
                     }
+
             }
         }
         do { vTaskExitCritical(); __asm volatile ("msr PRIMASK,%0"::"r" (uxSavedInterruptStatus) : ); } while (0);
+
         return xReturn;
     }
+
+
 /*-----------------------------------------------------------*/
+
+
+
     void vTaskGenericNotifyGiveFromISR( TaskHandle_t xTaskToNotify,
                                         UBaseType_t uxIndexToNotify,
                                         BaseType_t * pxHigherPriorityTaskWoken )
@@ -14695,8 +18919,10 @@ TickType_t uxTaskResetEventItemValue( void )
         TCB_t * pxTCB;
         uint8_t ucOriginalNotifyState;
         UBaseType_t uxSavedInterruptStatus;
+
         (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn(__func__, "tasks.c", 6073, "xTaskToNotify") : (void)0);
         (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn(__func__, "tasks.c", 6074, "uxIndexToNotify < 1") : (void)0);
+
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
          * Interrupts that are  above the maximum system call priority are keep
@@ -14714,21 +18940,27 @@ TickType_t uxTaskResetEventItemValue( void )
          * provided on the following link:
          * https://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html */
                                                   ;
+
         pxTCB = xTaskToNotify;
+
         uxSavedInterruptStatus = ({ uint32_t ulStateISR = ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;}); vTaskEnterCritical(); ulStateISR; });
         {
             ucOriginalNotifyState = pxTCB->ucNotifyState[ uxIndexToNotify ];
             pxTCB->ucNotifyState[ uxIndexToNotify ] = ( ( uint8_t ) 2 );
+
             /* 'Giving' is equivalent to incrementing a count in a counting
              * semaphore. */
             ( pxTCB->ulNotifiedValue[ uxIndexToNotify ] )++;
+
                                                              ;
+
             /* If the task is in the blocked state specifically to wait for a
              * notification then unblock it now. */
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
                 (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0)), 0) ? __assert_rtn(__func__, "tasks.c", 6112, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0)") : (void)0);
+
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
                     ( void ) uxListRemove( &( pxTCB->xStateListItem ) );
@@ -14740,7 +18972,10 @@ TickType_t uxTaskResetEventItemValue( void )
                      * this task pending until the scheduler is resumed. */
                     vListInsertEnd( &( xPendingReadyList ), &( pxTCB->xEventListItem ) );
                 }
+
+
                     prvYieldForTask( pxTCB, ( ( BaseType_t ) 0 ) );
+
                     if( xYieldPendings[ 0 ] == ( ( BaseType_t ) 1 ) )
                     {
                         if( pxHigherPriorityTaskWoken != ((void*)0) )
@@ -14748,20 +18983,29 @@ TickType_t uxTaskResetEventItemValue( void )
                             *pxHigherPriorityTaskWoken = ( ( BaseType_t ) 1 );
                         }
                     }
+
             }
         }
         do { vTaskExitCritical(); __asm volatile ("msr PRIMASK,%0"::"r" (uxSavedInterruptStatus) : ); } while (0);
     }
+
+
 /*-----------------------------------------------------------*/
+
+
+
     BaseType_t xTaskGenericNotifyStateClear( TaskHandle_t xTask,
                                              UBaseType_t uxIndexToClear )
     {
         TCB_t * pxTCB;
         BaseType_t xReturn;
+
         (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn(__func__, "tasks.c", 6153, "uxIndexToClear < 1") : (void)0);
+
         /* If null is passed in here then it is the calling task that is having
          * its notification state cleared. */
         pxTCB = ( ( ( xTask ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTask ) );
+
         vTaskEnterCritical();
         {
             if( pxTCB->ucNotifyState[ uxIndexToClear ] == ( ( uint8_t ) 2 ) )
@@ -14775,18 +19019,26 @@ TickType_t uxTaskResetEventItemValue( void )
             }
         }
         vTaskExitCritical();
+
         return xReturn;
     }
+
+
 /*-----------------------------------------------------------*/
+
+
+
     uint32_t ulTaskGenericNotifyValueClear( TaskHandle_t xTask,
                                             UBaseType_t uxIndexToClear,
                                             uint32_t ulBitsToClear )
     {
         TCB_t * pxTCB;
         uint32_t ulReturn;
+
         /* If null is passed in here then it is the calling task that is having
          * its notification state cleared. */
         pxTCB = ( ( ( xTask ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTask ) );
+
         vTaskEnterCritical();
         {
             /* Return the notification as it was before the bits were cleared,
@@ -14795,21 +19047,30 @@ TickType_t uxTaskResetEventItemValue( void )
             pxTCB->ulNotifiedValue[ uxIndexToClear ] &= ~ulBitsToClear;
         }
         vTaskExitCritical();
+
         return ulReturn;
     }
+
+
 /*-----------------------------------------------------------*/
+// # 6222 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
 /*-----------------------------------------------------------*/
+
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                                             const BaseType_t xCanBlockIndefinitely )
 {
     TickType_t xTimeToWake;
     const TickType_t xConstTickCount = xTickCount;
+
+
         {
             /* About to enter a delayed list, so ensure the ucDelayAborted flag is
              * reset to pdFALSE so it can be detected as having been set to pdTRUE
              * when the task leaves the Blocked state. */
             xTaskGetCurrentTaskHandle()->ucDelayAborted = ( ( BaseType_t ) 0 );
         }
+
+
     /* Remove the task from the ready list before adding it to the blocked list
      * as the same list item is used for both lists. */
     if( uxListRemove( &( xTaskGetCurrentTaskHandle()->xStateListItem ) ) == ( UBaseType_t ) 0 )
@@ -14822,6 +19083,8 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
     {
                                 ;
     }
+
+
         {
             if( ( xTicksToWait == ( TickType_t ) 0xffffffffUL ) && ( xCanBlockIndefinitely != ( ( BaseType_t ) 0 ) ) )
             {
@@ -14836,8 +19099,10 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                  * does not occur.  This may overflow but this doesn't matter, the
                  * kernel will manage it correctly. */
                 xTimeToWake = xConstTickCount + xTicksToWait;
+
                 /* The list item will be inserted in wake time order. */
                 ( ( &( xTaskGetCurrentTaskHandle()->xStateListItem ) )->xItemValue = ( xTimeToWake ) );
+
                 if( xTimeToWake < xConstTickCount )
                 {
                     /* Wake time has overflowed.  Place this item in the overflow
@@ -14849,6 +19114,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                     /* The wake time has not overflowed, so the current block list
                      * is used. */
                     vListInsert( pxDelayedTaskList, &( xTaskGetCurrentTaskHandle()->xStateListItem ) );
+
                     /* If the task entering the blocked state was placed at the
                      * head of the list of blocked tasks then xNextTaskUnblockTime
                      * needs to be updated too. */
@@ -14863,7 +19129,9 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                 }
             }
         }
+// # 6334 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
 }
+
 /* Code below here allows additional code to be inserted into this source file,
  * especially where access to file scope functions and data is needed (for example
  * when performing module tests). */

From e9302f35acfb3a2d7684addbccb6d0553c35faa9 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Fri, 14 Oct 2022 16:41:48 -0400
Subject: [PATCH 029/289] Moved pragma rewrites to vf_rewrites.sh.

---
 .../preprocess_tasks_c.sh                     |  9 +----
 .../custom_build_scripts_RP2040/vf_rewrite.sh | 34 +++++++++++++++----
 2 files changed, 29 insertions(+), 14 deletions(-)

diff --git a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
index 1e840c7b008..9a3d0e85768 100755
--- a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
+++ b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
@@ -8,7 +8,6 @@ DEMO_DIR="$PP_SCRIPT_WD/../FreeRTOS/Demo/CORTEX_M0+_RP2040/"
 TIMESTAMP=`date +'%y_%m_%d--%H_%M'`
 LOG_PP_OUT_DIR="$PP_SCRIPT_WD/log_preprocessed_files"
 LOG_PP_TASK_C="$LOG_PP_OUT_DIR/tasks--pp--$TIMESTAMP.c"
-LOG_PP_TASK_C_PRAGMA_COMMENTS="$LOG_PP_OUT_DIR/tasks--pp--pragma_comments--$TIMESTAMP.c"
 
 LOG_VF_RW_TASK_C="$LOG_PP_OUT_DIR/tasks--vf_rw--$TIMESTAMP.c"
 
@@ -30,15 +29,9 @@ echo "\n\nPreprocessed output with pragmas written to:"
 echo $LOG_PP_TASK_C
 
 
-sed 's|^#|// &|g' $LOG_PP_TASK_C  >  $LOG_PP_TASK_C_PRAGMA_COMMENTS
-
-echo "\n\nPreprocessed output with pragma comments written to:"
-echo $LOG_PP_TASK_C_PRAGMA_COMMENTS
-
-
 echo "\n\nApplying VeriFast rewrites. Result written to:"
 echo $LOG_VF_RW_TASK_C
-cp "$LOG_PP_TASK_C_PRAGMA_COMMENTS" "$LOG_VF_RW_TASK_C"
+cp "$LOG_PP_TASK_C" "$LOG_VF_RW_TASK_C"
 ./vf_rewrite.sh "$LOG_VF_RW_TASK_C"
 
 
diff --git a/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh b/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh
index 220ab4d9df9..e325203a909 100755
--- a/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh
+++ b/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh
@@ -4,9 +4,31 @@ VF_RW_WD=`pwd`
 SOURCE_FILE="$1"
 BACKUP_IDX=0
 
-echo "VF RW: 'long unsigned int' -> 'unsinged long int'"
-echo "backup : $VF_RW_WD/$SOURCE_FILE.backup-$BACKUP_IDX"
-echo backup index $BACKUP_IDX
-sed -i."backup-$BACKUP_IDX" 's|long unsigned int|unsigned long int|g' $SOURCE_FILE
-((BACKUP_IDX=BACKUP_IDX+1))
-echo backup index $BACKUP_IDX
+
+# IMPORTANT:
+# None of the provided regexes must contain the unescaped character '|'
+#
+# $1 : sed 'find' regex
+# $2 : sed 'replace' regex
+rewrite()
+{
+  FIND_REGEX=$1
+  REPLACE_REGEX=$2
+  echo "VF RW: \"$FIND_REGEX\" -> \"$REPLACE_REGEX\""
+  echo "backup : $VF_RW_WD/$SOURCE_FILE.backup-$BACKUP_IDX"
+  sed -i."backup-$BACKUP_IDX" "s|$FIND_REGEX|$REPLACE_REGEX|g" $SOURCE_FILE
+  ((BACKUP_IDX=BACKUP_IDX+1))
+  echo "\n"
+}
+
+echo "Commenting out line/file pragmas"
+rewrite "^#" "// &"
+
+rewrite "long unsigned int" "unsigned long int"
+
+#echo "VF RW: 'long unsigned int' -> 'unsinged long int'"
+#echo "backup : $VF_RW_WD/$SOURCE_FILE.backup-$BACKUP_IDX"
+#echo backup index $BACKUP_IDX
+#sed -i."backup-$BACKUP_IDX" 's|long unsigned int|unsigned long int|g' $SOURCE_FILE
+#((BACKUP_IDX=BACKUP_IDX+1))
+#echo backup index $BACKUP_IDX

From 6000cbd3bd0aa1bf197473c60f3d37d482d3b275 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Fri, 21 Oct 2022 10:22:52 -0400
Subject: [PATCH 030/289] Reordered include directives.

---
 .../preprocess_tasks_c.sh                     | 46 ++++++++++++++++++-
 1 file changed, 45 insertions(+), 1 deletion(-)

diff --git a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
index 9a3d0e85768..37cebdf5e37 100755
--- a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
+++ b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
@@ -23,7 +23,51 @@ mkdir $LOG_PP_OUT_DIR
 # -P : surpresses line/file pragmas
 
 
-clang -E -C  -DFREE_RTOS_KERNEL_SMP=1 -DLIB_FREERTOS_KERNEL=1 -DLIB_PICO_BIT_OPS=1 -DLIB_PICO_BIT_OPS_PICO=1 -DLIB_PICO_DIVIDER=1 -DLIB_PICO_DIVIDER_HARDWARE=1 -DLIB_PICO_DOUBLE=1 -DLIB_PICO_DOUBLE_PICO=1 -DLIB_PICO_FLOAT=1 -DLIB_PICO_FLOAT_PICO=1 -DLIB_PICO_INT64_OPS=1 -DLIB_PICO_INT64_OPS_PICO=1 -DLIB_PICO_MALLOC=1 -DLIB_PICO_MEM_OPS=1 -DLIB_PICO_MEM_OPS_PICO=1 -DLIB_PICO_MULTICORE=1 -DLIB_PICO_PLATFORM=1 -DLIB_PICO_PRINTF=1 -DLIB_PICO_PRINTF_PICO=1 -DLIB_PICO_RUNTIME=1 -DLIB_PICO_STANDARD_LINK=1 -DLIB_PICO_STDIO=1 -DLIB_PICO_STDIO_UART=1 -DLIB_PICO_STDLIB=1 -DLIB_PICO_SYNC=1 -DLIB_PICO_SYNC_CORE=1 -DLIB_PICO_SYNC_CRITICAL_SECTION=1 -DLIB_PICO_SYNC_MUTEX=1 -DLIB_PICO_SYNC_SEM=1 -DLIB_PICO_TIME=1 -DLIB_PICO_UTIL=1 -DPICO_BOARD=\"pico\" -DPICO_BUILD=1 -DPICO_CMAKE_BUILD_TYPE=\"Release\" -DPICO_COPY_TO_RAM=0 -DPICO_CXX_ENABLE_EXCEPTIONS=0 -DPICO_NO_FLASH=0 -DPICO_NO_HARDWARE=0 -DPICO_ON_DEVICE=1 -DPICO_STACK_SIZE=0x1000 -DPICO_TARGET_NAME=\"on_core_one\" -DPICO_USE_BLOCKED_RAM=0 -DmainRUN_FREE_RTOS_ON_CORE=1 -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_base/include -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base -I/Users/reitobia/programs/pico-sdk/src/boards/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_platform/include -I/Users/reitobia/programs/pico-sdk/src/rp2040/hardware_regs/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_base/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_clocks/include -I/Users/reitobia/programs/pico-sdk/src/rp2040/hardware_structs/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_claim/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_sync/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_gpio/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_irq/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_sync/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_time/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_timer/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_util/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_resets/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_pll/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_vreg/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_watchdog/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_xosc/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_exception/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_multicore/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_stdlib/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_uart/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_divider/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_runtime/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_printf/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_bootrom/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_bit_ops/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_divider/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_double/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_int64_ops/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_float/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_malloc/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/boot_stage2/include -I/Users/reitobia/programs/pico-sdk/src/common/pico_binary_info/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_stdio/include -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_stdio_uart/include    -c /Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c   &>$LOG_PP_TASK_C
+clang -E -C  -DFREE_RTOS_KERNEL_SMP=1 -DLIB_FREERTOS_KERNEL=1 -DLIB_PICO_BIT_OPS=1 -DLIB_PICO_BIT_OPS_PICO=1 -DLIB_PICO_DIVIDER=1 -DLIB_PICO_DIVIDER_HARDWARE=1 -DLIB_PICO_DOUBLE=1 -DLIB_PICO_DOUBLE_PICO=1 -DLIB_PICO_FLOAT=1 -DLIB_PICO_FLOAT_PICO=1 -DLIB_PICO_INT64_OPS=1 -DLIB_PICO_INT64_OPS_PICO=1 -DLIB_PICO_MALLOC=1 -DLIB_PICO_MEM_OPS=1 -DLIB_PICO_MEM_OPS_PICO=1 -DLIB_PICO_MULTICORE=1 -DLIB_PICO_PLATFORM=1 -DLIB_PICO_PRINTF=1 -DLIB_PICO_PRINTF_PICO=1 -DLIB_PICO_RUNTIME=1 -DLIB_PICO_STANDARD_LINK=1 -DLIB_PICO_STDIO=1 -DLIB_PICO_STDIO_UART=1 -DLIB_PICO_STDLIB=1 -DLIB_PICO_SYNC=1 -DLIB_PICO_SYNC_CORE=1 -DLIB_PICO_SYNC_CRITICAL_SECTION=1 -DLIB_PICO_SYNC_MUTEX=1 -DLIB_PICO_SYNC_SEM=1 -DLIB_PICO_TIME=1 -DLIB_PICO_UTIL=1 -DPICO_BOARD=\"pico\" -DPICO_BUILD=1 -DPICO_CMAKE_BUILD_TYPE=\"Release\" -DPICO_COPY_TO_RAM=0 -DPICO_CXX_ENABLE_EXCEPTIONS=0 -DPICO_NO_FLASH=0 -DPICO_NO_HARDWARE=0 -DPICO_ON_DEVICE=1 -DPICO_STACK_SIZE=0x1000 -DPICO_TARGET_NAME=\"on_core_one\" -DPICO_USE_BLOCKED_RAM=0 -DmainRUN_FREE_RTOS_ON_CORE=1 \
+-I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore \
+-I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include \
+-I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include \
+-I/Users/reitobia/programs/pico-sdk/src/common/pico_base/include \
+-I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base \
+-I/Users/reitobia/programs/pico-sdk/src/boards/include \
+-I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_platform/include \
+-I/Users/reitobia/programs/pico-sdk/src/rp2040/hardware_regs/include \
+-I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_base/include \
+-I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_clocks/include \
+-I/Users/reitobia/programs/pico-sdk/src/rp2040/hardware_structs/include \
+-I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_claim/include \
+-I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_sync/include \
+-I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_gpio/include \
+-I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_irq/include \
+-I/Users/reitobia/programs/pico-sdk/src/common/pico_sync/include \
+-I/Users/reitobia/programs/pico-sdk/src/common/pico_time/include \
+-I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_timer/include \
+-I/Users/reitobia/programs/pico-sdk/src/common/pico_util/include \
+-I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_resets/include \
+-I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_pll/include \
+-I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_vreg/include \
+-I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_watchdog/include \
+-I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_xosc/include \
+-I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_exception/include \
+-I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_multicore/include \
+-I/Users/reitobia/programs/pico-sdk/src/common/pico_stdlib/include \
+-I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_uart/include \
+-I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_divider/include \
+-I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_runtime/include \
+-I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_printf/include \
+-I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_bootrom/include \
+-I/Users/reitobia/programs/pico-sdk/src/common/pico_bit_ops/include \
+-I/Users/reitobia/programs/pico-sdk/src/common/pico_divider/include \
+-I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_double/include \
+-I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_int64_ops/include \
+-I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_float/include \
+-I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_malloc/include \
+-I/Users/reitobia/programs/pico-sdk/src/rp2_common/boot_stage2/include \
+-I/Users/reitobia/programs/pico-sdk/src/common/pico_binary_info/include \
+-I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_stdio/include \
+-I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_stdio_uart/include \
+-c /Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c \
+&>$LOG_PP_TASK_C
 
 echo "\n\nPreprocessed output with pragmas written to:"
 echo $LOG_PP_TASK_C

From 2c493715f40dc3d2848f3b618bbd70d11dd8d815 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Fri, 21 Oct 2022 10:56:47 -0400
Subject: [PATCH 031/289] Configured preprocessing script to process tasks.c
 file with verifast config.

---
 .../preprocess_tasks_c.sh                       |  4 +++-
 .../verifast/proof_setup/verifast_proof_defs.h  | 17 +----------------
 2 files changed, 4 insertions(+), 17 deletions(-)

diff --git a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
index 37cebdf5e37..df3c6796adf 100755
--- a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
+++ b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
@@ -24,6 +24,8 @@ mkdir $LOG_PP_OUT_DIR
 
 
 clang -E -C  -DFREE_RTOS_KERNEL_SMP=1 -DLIB_FREERTOS_KERNEL=1 -DLIB_PICO_BIT_OPS=1 -DLIB_PICO_BIT_OPS_PICO=1 -DLIB_PICO_DIVIDER=1 -DLIB_PICO_DIVIDER_HARDWARE=1 -DLIB_PICO_DOUBLE=1 -DLIB_PICO_DOUBLE_PICO=1 -DLIB_PICO_FLOAT=1 -DLIB_PICO_FLOAT_PICO=1 -DLIB_PICO_INT64_OPS=1 -DLIB_PICO_INT64_OPS_PICO=1 -DLIB_PICO_MALLOC=1 -DLIB_PICO_MEM_OPS=1 -DLIB_PICO_MEM_OPS_PICO=1 -DLIB_PICO_MULTICORE=1 -DLIB_PICO_PLATFORM=1 -DLIB_PICO_PRINTF=1 -DLIB_PICO_PRINTF_PICO=1 -DLIB_PICO_RUNTIME=1 -DLIB_PICO_STANDARD_LINK=1 -DLIB_PICO_STDIO=1 -DLIB_PICO_STDIO_UART=1 -DLIB_PICO_STDLIB=1 -DLIB_PICO_SYNC=1 -DLIB_PICO_SYNC_CORE=1 -DLIB_PICO_SYNC_CRITICAL_SECTION=1 -DLIB_PICO_SYNC_MUTEX=1 -DLIB_PICO_SYNC_SEM=1 -DLIB_PICO_TIME=1 -DLIB_PICO_UTIL=1 -DPICO_BOARD=\"pico\" -DPICO_BUILD=1 -DPICO_CMAKE_BUILD_TYPE=\"Release\" -DPICO_COPY_TO_RAM=0 -DPICO_CXX_ENABLE_EXCEPTIONS=0 -DPICO_NO_FLASH=0 -DPICO_NO_HARDWARE=0 -DPICO_ON_DEVICE=1 -DPICO_STACK_SIZE=0x1000 -DPICO_TARGET_NAME=\"on_core_one\" -DPICO_USE_BLOCKED_RAM=0 -DmainRUN_FREE_RTOS_ON_CORE=1 \
+-DVERIFAST \
+-I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup \
 -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore \
 -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include \
 -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include \
@@ -66,7 +68,7 @@ clang -E -C  -DFREE_RTOS_KERNEL_SMP=1 -DLIB_FREERTOS_KERNEL=1 -DLIB_PICO_BIT_OPS
 -I/Users/reitobia/programs/pico-sdk/src/common/pico_binary_info/include \
 -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_stdio/include \
 -I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_stdio_uart/include \
--c /Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c \
+-c /Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c \
 &>$LOG_PP_TASK_C
 
 echo "\n\nPreprocessed output with pragmas written to:"
diff --git a/verification/verifast/proof_setup/verifast_proof_defs.h b/verification/verifast/proof_setup/verifast_proof_defs.h
index 77c2a9184fb..61aa629c742 100644
--- a/verification/verifast/proof_setup/verifast_proof_defs.h
+++ b/verification/verifast/proof_setup/verifast_proof_defs.h
@@ -1,24 +1,9 @@
 /*
- * This file contains defines to configure the VeriFast proof setup which are
- * not already handled in `port.c` or `portmacro.h`.
+ * This file contains defines to configure the VeriFast proof setup.
  *
  */
 
-// /Users/reitobia/repos/forked/FreeRTOS-Kernel/verification/verifast/proof_setup_incremental/verifast_proof_defs.h
-
 
 #ifndef VERIFAST_DEFS_H
-    // The following defines are required by `FRTOS.h`
-    // line 93
-    #define configMAX_PRIORITIES 100
-
-    // The following defines are required by `cdefs.h`
-    #define __GNUC__ 10
-    #define __STDC__ 1
-
-    // line 827
-    // This proof setup assumes an RP2040 processor (Raspberry Pi Pico).
-    #define __arm__
-
 
 #endif /* VERIFAST_DEFS_H */

From 23539193c0b3cb7e28d1be1cd20a0aa4ca6eec32 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Fri, 21 Oct 2022 11:03:34 -0400
Subject: [PATCH 032/289] Rewrite script: Deleted fixed-sized array typedefs
 from preprocessed file.

---
 .../verifast/custom_build_scripts_RP2040/vf_rewrite.sh         | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh b/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh
index e325203a909..b1bb6ee995c 100755
--- a/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh
+++ b/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh
@@ -26,6 +26,9 @@ rewrite "^#" "// &"
 
 rewrite "long unsigned int" "unsigned long int"
 
+echo "Delete fixed-sized array typedefs"
+rewrite "typedef .*\[[0-9]*\];" ""
+
 #echo "VF RW: 'long unsigned int' -> 'unsinged long int'"
 #echo "backup : $VF_RW_WD/$SOURCE_FILE.backup-$BACKUP_IDX"
 #echo backup index $BACKUP_IDX

From dfce64bd18c5830d9b5248c2a7e22650e74f674b Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Fri, 21 Oct 2022 11:18:28 -0400
Subject: [PATCH 033/289] Dump preprocessed tasks.c file.

---
 .../verifast/preprocessed_files/tasks--pp.c   | 757 ++++++++----------
 1 file changed, 327 insertions(+), 430 deletions(-)

diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index 00ecbd4a724..744b5301ce2 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -1,12 +1,12 @@
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 // # 1 "" 1
 // # 1 "" 3
 // # 400 "" 3
 // # 1 "" 1
 // # 1 "" 2
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c" 2
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 /*
- * FreeRTOS Kernel V10.4.3
+ * FreeRTOS SMP Kernel V202110.00
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy of
@@ -31,6 +31,16 @@
  *
  */
 
+/* Verifast proof setup */
+
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_proof_defs.h" 1
+/*
+ * This file contains defines to configure the VeriFast proof setup.
+ *
+ */
+// # 30 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+
+
 /* Standard includes. */
 // # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 1 3 4
 /*
@@ -407,7 +417,9 @@
  * If SPI decorations have not been defined elsewhere, disable them.
  */
 // # 62 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 2 3 4
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 1 3 4
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 1 3 4
+/* This is a stub used for the VeriFast proof. */
+
 /*
  * Copyright (c) 2000-2018 Apple Inc. All rights reserved.
  *
@@ -473,7 +485,24 @@
  *
  *	@(#)cdefs.h	8.8 (Berkeley) 1/9/95
  */
-// # 78 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4
+
+
+
+
+/* Verifast proof setup */
+
+    /*
+     * The proof setup header is already included at the top of the proof target,
+     * e.g., `tasks.c`. But it seems like the contained defines are not propagated
+     * to this file.
+     */
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_proof_defs.h" 1 3 4
+/*
+ * This file contains defines to configure the VeriFast proof setup.
+ *
+ */
+// # 80 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 2 3 4
+// # 90 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /* This SDK is designed to work with clang and specific versions of
  * gcc >= 4.0 with Apple's patch sets */
 
@@ -484,7 +513,7 @@
  * Compatibility with compilers and environments that don't support compiler
  * feature checking function-like macros.
  */
-// # 104 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4
+// # 116 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /*
  * The __CONCAT macro is used to concatenate parts of symbol names, e.g.
  * with "#define OLD(foo) __CONCAT(old,foo)", OLD(foo) produces oldfoo.
@@ -492,7 +521,7 @@
  * in between its arguments.  __CONCAT can also concatenate double-quoted
  * strings produced by the __STRING macro, but this only works with ANSI C.
  */
-// # 155 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4
+// # 167 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /*
  * __pure2 can be used for functions that are only a function of their scalar
  * arguments (meaning they can't dereference pointers).
@@ -542,11 +571,11 @@
  * __kpi_deprecated() specifically indicates deprecation of kernel programming
  * interfaces in Kernel.framework used by KEXTs.
  */
-// # 221 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4
+// # 233 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /* __unavailable causes the compiler to error out when encountering
  * code using the tagged function
  */
-// # 234 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4
+// # 250 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /* Delete pseudo-keywords wherever they are not available or needed. */
 
 
@@ -566,7 +595,7 @@
 /* Compatibility with compilers and environments that don't support the
  * nullability feature.
  */
-// # 275 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4
+// # 291 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /*
  * __disable_tail_calls causes the compiler to not perform tail call
  * optimization inside the marked function.
@@ -634,12 +663,12 @@
  * support c99 inline in some cases:
  * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55965
  */
-// # 368 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4
+// # 384 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /*
  * Compiler-dependent macros that bracket portions of code where the
  * "-Wunreachable-code" warning should be ignored. Please use sparingly.
  */
-// # 389 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4
+// # 405 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /*
  * Compiler-dependent macros to declare that functions take printf-like
  * or scanf-like arguments.  They are null except for versions of gcc
@@ -648,9 +677,9 @@
  * mismatch between the format string and subsequent function parameter
  * types.
  */
-// # 424 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4
+// # 440 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /* Source compatibility only, ID string not emitted in object file */
-// # 441 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4
+// # 457 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /*
  * __alloc_size can be used to label function arguments that represent the
  * size of memory that the function allocates and returns. The one-argument
@@ -664,7 +693,7 @@
  *
  * void	*calloc(size_t __count, size_t __size) __alloc_size(1,2);
  */
-// # 462 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4
+// # 478 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /*
  * COMPILATION ENVIRONMENTS -- see compat(5) for additional detail
  *
@@ -703,8 +732,7 @@
  */
 
 /* These settings are particular to each product. */
-/* Platform: MacOSX */
-// # 515 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4
+// # 526 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /*
  * The __DARWIN_ALIAS macros are used to do symbol renaming; they allow
  * legacy code to use the old symbol, thus maintaining binary compatibility
@@ -723,47 +751,21 @@
  * pre-10.5, and it is the default compilation environment, revert the
  * compilation environment to pre-__DARWIN_UNIX03.
  */
-// # 593 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4
+// # 560 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /*
  * symbol suffixes used for symbol versioning
  */
-// # 638 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4
+// # 605 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /*
  * symbol versioning macros
  */
-// # 656 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4
+// # 623 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /*
  * symbol release macros
  */
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_symbol_aliasing.h" 1 3 4
-/* Copyright (c) 2010 Apple Inc. All rights reserved.
- * 
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- * 
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- * 
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- * 
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- * 
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-// # 660 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 2 3 4
-// # 670 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4
+
+
+
 /*
  * POSIX.1 requires that the macros we test be defined before any standard
  * header file is included.  This permits us to convert values for feature
@@ -797,7 +799,7 @@
 
 
 /* Deal with various X/Open Portability Guides and Single UNIX Spec. */
-// # 716 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4
+// # 675 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /*
  * Deal with all versions of POSIX.  The ordering relative to the tests above is
  * important.
@@ -807,35 +809,6 @@
 
 
 /* POSIX C deprecation macros */
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_posix_availability.h" 1 3 4
-/* Copyright (c) 2010 Apple Inc. All rights reserved.
- * 
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- * 
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- * 
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- * 
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- * 
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-// # 726 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 2 3 4
-
 
 
 /*
@@ -844,7 +817,7 @@
  * _POSIX_C_SOURCE value.  Currently there are two additional levels corresponding
  * to ANSI (_ANSI_SOURCE) and Darwin extensions (_DARWIN_C_SOURCE)
  */
-// # 746 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4
+// # 703 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /* If the developer has neither requested a strict language mode nor a version
  * of POSIX, turn on functionality provided by __STDC_WANT_LIB_EXT1__ as part
  * of __DARWIN_C_FULL.
@@ -959,11 +932,17 @@
 
 
 /* decay operates normally; attribute is meaningless without pointer checks. */
-// # 874 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4
+// # 831 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /*
  * Architecture validation for current SDK
  */
-// # 903 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/cdefs.h" 3 4
+// # 843 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+/*
+ * Check if __probable and __improbable have already been defined elsewhere.
+ * These macros inform the compiler (and humans) about which branches are likely
+ * to be taken.
+ */
+// # 875 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /*
  * Similar to OS_ENUM/OS_CLOSED_ENUM/OS_OPTIONS/OS_CLOSED_OPTIONS
  *
@@ -1183,9 +1162,9 @@ typedef __uint32_t __darwin_gid_t; /* [???] process and group IDs */
 typedef __uint32_t __darwin_id_t; /* [XSI] pid_t, uid_t, or gid_t*/
 typedef __uint64_t __darwin_ino64_t; /* [???] Used for 64 bit inodes */
 
-typedef __darwin_ino64_t __darwin_ino_t; /* [???] Used for inodes */
 
 
+typedef __uint32_t __darwin_ino_t; /* [???] Used for inodes */
 
 typedef __darwin_natural_t __darwin_mach_port_name_t; /* Used by mach */
 typedef __darwin_mach_port_name_t __darwin_mach_port_t; /* Used by mach */
@@ -1196,8 +1175,8 @@ typedef __uint32_t __darwin_sigset_t; /* [???] signal set */
 typedef __int32_t __darwin_suseconds_t; /* [???] microseconds */
 typedef __uint32_t __darwin_uid_t; /* [???] user IDs */
 typedef __uint32_t __darwin_useconds_t; /* [???] microseconds */
-typedef unsigned char __darwin_uuid_t[16];
-typedef char __darwin_uuid_string_t[37];
+
+
 
 // # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_pthread/_pthread_types.h" 1 3 4
 /*
@@ -1635,12 +1614,8 @@ typedef __darwin_id_t id_t; /* can hold pid_t, gid_t, or uid_t */
 typedef int sig_atomic_t;
 // # 35 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/machine/signal.h" 2 3 4
 // # 83 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 2 3 4
-// # 126 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 3 4
-/*
- * Language spec sez we must list exactly one parameter, even though we
- * actually supply three.  Ugh!
- * SIG_HOLD is chosen to avoid KERN_SIG_* values in 
- */
+// # 136 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 3 4
+/* DO NOT REMOVE THE COMMENTED OUT int: fixincludes needs to see them */
 // # 146 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 3 4
 // # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/machine/_mcontext.h" 1 3 4
 /*
@@ -2244,52 +2219,56 @@ typedef int64_t user_off_t;
 typedef u_int64_t syscall_arg_t;
 // # 38 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/machine/types.h" 2 3 4
 // # 38 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 2 3 4
-
-
-
-struct __darwin_arm_exception_state
+// # 49 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
+struct arm_exception_state
 {
- __uint32_t __exception; /* number of arm exception taken */
- __uint32_t __fsr; /* Fault status */
- __uint32_t __far; /* Virtual Fault Address */
+ __uint32_t exception; /* number of arm exception taken */
+ __uint32_t fsr; /* Fault status */
+ __uint32_t far; /* Virtual Fault Address */
 };
-// # 59 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
-struct __darwin_arm_exception_state64
+// # 67 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
+struct arm_exception_state64
 {
- __uint64_t __far; /* Virtual Fault Address */
- __uint32_t __esr; /* Exception syndrome */
- __uint32_t __exception; /* number of arm exception taken */
+ __uint64_t far; /* Virtual Fault Address */
+ __uint32_t esr; /* Exception syndrome */
+ __uint32_t exception; /* number of arm exception taken */
 };
-// # 77 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
-struct __darwin_arm_thread_state
+// # 87 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
+struct arm_thread_state
 {
- __uint32_t __r[13]; /* General purpose register r0-r12 */
- __uint32_t __sp; /* Stack pointer r13 */
- __uint32_t __lr; /* Link register r14 */
- __uint32_t __pc; /* Program counter r15 */
- __uint32_t __cpsr; /* Current program status register */
+ __uint32_t r[13]; /* General purpose register r0-r12 */
+ __uint32_t sp; /* Stack pointer r13 */
+ __uint32_t lr; /* Link register r14 */
+ __uint32_t pc; /* Program counter r15 */
+ __uint32_t cpsr; /* Current program status register */
 };
-// # 98 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
+
+
+
 /*
  * By default, the pointer fields in the arm_thread_state64_t structure are
  * opaque on the arm64e architecture and require the use of accessor macros.
  * This mode can also be enabled on the arm64 architecture by building with
  * -D__DARWIN_OPAQUE_ARM_THREAD_STATE64=1.
  */
-// # 136 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
-struct __darwin_arm_thread_state64
+// # 161 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
+struct arm_thread_state64
 {
- __uint64_t __x[29]; /* General purpose registers x0-x28 */
- __uint64_t __fp; /* Frame pointer x29 */
- __uint64_t __lr; /* Link register x30 */
- __uint64_t __sp; /* Stack pointer x31 */
- __uint64_t __pc; /* Program counter */
- __uint32_t __cpsr; /* Current program status register */
+ __uint64_t x[29]; /* General purpose registers x0-x28 */
+ __uint64_t fp; /* Frame pointer x29 */
+ __uint64_t lr; /* Link register x30 */
+ __uint64_t sp; /* Stack pointer x31 */
+ __uint64_t pc; /* Program counter */
+ __uint32_t cpsr; /* Current program status register */
  __uint32_t __pad; /* Same size for 32-bit or 64-bit clients */
 };
-// # 176 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
+
+
+
+
+
 /* Accessor macros for arm_thread_state64_t pointer fields */
-// # 355 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
+// # 391 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
 /* Return pc field of arm_thread_state64_t as a data pointer value */
 
 
@@ -2321,25 +2300,25 @@ struct __darwin_arm_thread_state64
 
 
 /* Strip ptr auth bits from pc, lr, sp and fp field of arm_thread_state64_t */
-// # 433 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
-struct __darwin_arm_vfp_state
+// # 440 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
+struct arm_vfp_state
 {
- __uint32_t __r[64];
- __uint32_t __fpscr;
+ __uint32_t r[64];
+ __uint32_t fpscr;
 };
-// # 452 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
-struct __darwin_arm_neon_state64
+// # 488 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
+struct arm_neon_state64
 {
- __uint128_t __v[32];
- __uint32_t __fpsr;
- __uint32_t __fpcr;
+ __uint128_t q[32];
+ uint32_t fpsr;
+ uint32_t fpcr;
 };
 
-struct __darwin_arm_neon_state
+struct arm_neon_state
 {
- __uint128_t __v[16];
- __uint32_t __fpsr;
- __uint32_t __fpcr;
+ __uint128_t q[16];
+ uint32_t fpsr;
+ uint32_t fpcr;
 };
 // # 523 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
 struct __arm_pagein_state
@@ -2352,61 +2331,61 @@ struct __arm_pagein_state
  */
 // # 556 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
 /* ARM's arm_debug_state is ARM64's arm_legacy_debug_state */
-
-
-
-struct __arm_legacy_debug_state
+// # 569 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
+struct arm_legacy_debug_state
 {
- __uint32_t __bvr[16];
- __uint32_t __bcr[16];
- __uint32_t __wvr[16];
- __uint32_t __wcr[16];
+ __uint32_t bvr[16];
+ __uint32_t bcr[16];
+ __uint32_t wvr[16];
+ __uint32_t wcr[16];
 };
-// # 583 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
-struct __darwin_arm_debug_state32
+// # 603 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
+struct arm_debug_state32
 {
- __uint32_t __bvr[16];
- __uint32_t __bcr[16];
- __uint32_t __wvr[16];
- __uint32_t __wcr[16];
- __uint64_t __mdscr_el1; /* Bit 0 is SS (Hardware Single Step) */
+ __uint32_t bvr[16];
+ __uint32_t bcr[16];
+ __uint32_t wvr[16];
+ __uint32_t wcr[16];
+ __uint64_t mdscr_el1; /* Bit 0 is SS (Hardware Single Step) */
 };
 
 
-struct __darwin_arm_debug_state64
+struct arm_debug_state64
 {
- __uint64_t __bvr[16];
- __uint64_t __bcr[16];
- __uint64_t __wvr[16];
- __uint64_t __wcr[16];
- __uint64_t __mdscr_el1; /* Bit 0 is SS (Hardware Single Step) */
+ __uint64_t bvr[16];
+ __uint64_t bcr[16];
+ __uint64_t wvr[16];
+ __uint64_t wcr[16];
+ __uint64_t mdscr_el1; /* Bit 0 is SS (Hardware Single Step) */
 };
-// # 625 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
-struct __darwin_arm_cpmu_state64
+// # 631 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
+struct arm_cpmu_state64
 {
- __uint64_t __ctrs[16];
+ __uint64_t ctrs[16];
 };
 // # 36 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/machine/_structs.h" 2 3 4
 // # 37 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/_mcontext.h" 2 3 4
-
-
-
-
-struct __darwin_mcontext32
+// # 50 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/_mcontext.h" 3 4
+struct mcontext32
 {
- struct __darwin_arm_exception_state __es;
- struct __darwin_arm_thread_state __ss;
- struct __darwin_arm_vfp_state __fs;
+ struct arm_exception_state es;
+ struct arm_thread_state ss;
+ struct arm_vfp_state fs;
 };
-// # 64 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/_mcontext.h" 3 4
-struct __darwin_mcontext64
+// # 73 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/_mcontext.h" 3 4
+struct mcontext64
 {
- struct __darwin_arm_exception_state64 __es;
- struct __darwin_arm_thread_state64 __ss;
- struct __darwin_arm_neon_state64 __ns;
+ struct arm_exception_state64 es;
+ struct arm_thread_state64 ss;
+ struct arm_neon_state64 ns;
 };
-// # 85 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/_mcontext.h" 3 4
-typedef struct __darwin_mcontext64 *mcontext_t;
+
+
+
+
+
+
+typedef struct mcontext64 *mcontext_t;
 // # 35 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/machine/_mcontext.h" 2 3 4
 // # 147 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 2 3 4
 
@@ -2475,13 +2454,13 @@ typedef __darwin_pthread_attr_t pthread_attr_t;
 
 /* Structure used in sigaltstack call. */
 // # 42 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_sigaltstack.h" 3 4
-struct __darwin_sigaltstack
+struct sigaltstack
 {
  void *ss_sp; /* signal stack base */
  __darwin_size_t ss_size; /* signal stack length */
  int ss_flags; /* SA_DISABLE and/or SA_ONSTACK */
 };
-typedef struct __darwin_sigaltstack stack_t; /* [???] signal stack */
+typedef struct sigaltstack stack_t; /* [???] signal stack */
 // # 151 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 2 3 4
 // # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_ucontext.h" 1 3 4
 /*
@@ -2512,21 +2491,21 @@ typedef struct __darwin_sigaltstack stack_t; /* [???] signal stack */
  * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  */
 // # 43 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_ucontext.h" 3 4
-struct __darwin_ucontext
+struct ucontext
 {
  int uc_onstack;
  __darwin_sigset_t uc_sigmask; /* signal mask used by this context */
- struct __darwin_sigaltstack uc_stack; /* stack used by this context */
- struct __darwin_ucontext *uc_link; /* pointer to resuming context */
+ struct sigaltstack uc_stack; /* stack used by this context */
+ struct ucontext *uc_link; /* pointer to resuming context */
  __darwin_size_t uc_mcsize; /* size of the machine context passed in */
- struct __darwin_mcontext64 *uc_mcontext; /* pointer to machine specific context */
+ struct mcontext64 *uc_mcontext; /* pointer to machine specific context */
 
 
 
 };
 
 /* user context */
-typedef struct __darwin_ucontext ucontext_t; /* [???] user context */
+typedef struct ucontext ucontext_t; /* [???] user context */
 // # 152 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 2 3 4
 
 
@@ -3665,16 +3644,7 @@ int setrlimit(int, const struct rlimit *) __asm("_" "setrlimit" );
  */
 /* WNOHANG already defined for wait4() */
 /* WUNTRACED defined for wait4() but not for waitid() */
-
-
-/* waitid() parameter */
-
-
-
-
-
-
-
+// # 178 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/wait.h" 3 4
 /* POSIX extensions and 4.2/4.3 compatability: */
 
 /*
@@ -4139,7 +4109,15 @@ union wait {
 
  } w_S;
 };
-// # 248 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/wait.h" 3 4
+// # 240 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/wait.h" 3 4
+/*
+ * Stopped state value; cannot use waitid() parameter of the same name
+ * in the same scope
+ */
+
+
+
+
 pid_t wait(int *) __asm("_" "wait" );
 pid_t waitpid(pid_t, int *, int) __asm("_" "waitpid" );
 
@@ -4462,9 +4440,9 @@ char *gcvt(double, int, char *); /* LEGACY */
 int getsubopt(char **, char * const *, char **);
 int grantpt(int);
 
-char *initstate(unsigned, char *, size_t); /* no  __DARWIN_ALIAS needed */
 
 
+char *initstate(unsigned long, char *, long);
 
 long jrand48(unsigned short[3]) __attribute__((__availability__(swift, unavailable, message="Use arc4random instead.")));
 char *l64a(long);
@@ -4485,30 +4463,30 @@ int putenv(char *) __asm("_" "putenv" );
 long random(void) __attribute__((__availability__(swift, unavailable, message="Use arc4random instead.")));
 int rand_r(unsigned *) __attribute__((__availability__(swift, unavailable, message="Use arc4random instead.")));
 
-char *realpath(const char * restrict, char * restrict) __asm("_" "realpath" "$DARWIN_EXTSN");
 
 
+char *realpath(const char * restrict, char * restrict) __asm("_" "realpath" );
 
 unsigned short
  *seed48(unsigned short[3]);
 int setenv(const char * __name, const char * __value, int __overwrite) __asm("_" "setenv" );
 
-void setkey(const char *) __asm("_" "setkey" );
 
 
+int setkey(const char *);
 
 char *setstate(const char *);
 void srand48(long);
 
-void srandom(unsigned);
 
 
+void srandom(unsigned long);
 
 int unlockpt(int);
 
-int unsetenv(const char *) __asm("_" "unsetenv" );
 
 
+void unsetenv(const char *);
 
 
 
@@ -4676,7 +4654,7 @@ extern char *suboptarg; /* getsubopt(3) external variable */
 
 
 /* Poison the following routines if -fshort-wchar is set */
-// # 29 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c" 2
+// # 34 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/string.h" 1 3 4
 /*
  * Copyright (c) 2000, 2007, 2010 Apple Inc. All rights reserved.
@@ -5268,7 +5246,7 @@ int flsll(long long) __attribute__((availability(macosx,introduced=10.9)));
 
 /* char *strncat(char *s1, const char *s2, size_t n) */
 // # 195 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/string.h" 2 3 4
-// # 30 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c" 2
+// # 35 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
 /* Defining MPU_WRAPPERS_INCLUDED_FROM_API_FILE prevents task.h from redefining
  * all the API functions to use the MPU wrappers.  That should only be done when
@@ -5386,7 +5364,9 @@ __WINT_TYPE__ directly; accommodate both by requiring __need_wint_t */
 /* *INDENT-ON* */
 
 /* Application specific configuration options. */
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore/FreeRTOSConfig.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/FreeRTOSConfig.h" 1
+/* This is a stub used for the VeriFast proof. */
+
 /*
  * FreeRTOS V202107.00
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
@@ -5430,9 +5410,9 @@ __WINT_TYPE__ directly; accommodate both by requiring __need_wint_t */
  *----------------------------------------------------------*/
 
 /* Scheduler Related */
-// # 55 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore/FreeRTOSConfig.h"
+// # 57 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/FreeRTOSConfig.h"
 /* Synchronization Related */
-// # 67 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore/FreeRTOSConfig.h"
+// # 69 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/FreeRTOSConfig.h"
 /* System */
 
 
@@ -5534,13 +5514,13 @@ __WINT_TYPE__ directly; accommodate both by requiring __need_wint_t */
 void __assert_rtn(const char *, const char *, int, const char *) __attribute__((__noreturn__)) __attribute__((__cold__)) __attribute__((__disable_tail_calls__));
 // # 92 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/assert.h" 3 4
 /* 8462256: modified __assert_rtn() replaces deprecated __eprintf() */
-// # 114 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore/FreeRTOSConfig.h" 2
+// # 116 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/FreeRTOSConfig.h" 2
 /* Define to trap errors during development. */
 
 
 /* Set the following definitions to 1 to include the API function, or zero
 to exclude the API function. */
-// # 136 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore/FreeRTOSConfig.h"
+// # 138 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/FreeRTOSConfig.h"
 /* A header file that defines trace macro can be included here. */
 // # 58 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 2
 
@@ -5910,7 +5890,7 @@ static inline void update_us_since_boot(absolute_time_t *t, uint64_t us_since_bo
 
 
 
-    (__builtin_expect(!(us_since_boot <= 9223372036854775807LL), 0) ? __assert_rtn(__func__, "types.h", 63, "us_since_boot <= INT64_MAX") : (void)0);
+    (__builtin_expect(!(us_since_boot <= 9223372036854775807LL), 0) ? __assert_rtn ((const char *)-1L, "types.h", 63, "us_since_boot <= INT64_MAX") : (void)0);
     t->_private_us_since_boot = us_since_boot;
 
 }
@@ -8381,7 +8361,7 @@ typedef ioptr const const_ioptr;
 // Helper method used by xip_alias macros to optionally check input validity
 static inline __always_inline uint32_t xip_alias_check_addr(const void *addr) {
     uint32_t rc = (uintptr_t)addr;
-    ({if (((0 || 0) && !0)) (__builtin_expect(!(rc >= 0x10000000u && rc < 0x11000000u), 0) ? __assert_rtn(__func__, "address_mapped.h", 95, "rc >= 0x10000000u && rc < 0x11000000u") : (void)0);});
+    ({if (((0 || 0) && !0)) (__builtin_expect(!(rc >= 0x10000000u && rc < 0x11000000u), 0) ? __assert_rtn ((const char *)-1L, "address_mapped.h", 95, "rc >= 0x10000000u && rc < 0x11000000u") : (void)0);});
     return rc;
 }
 
@@ -8661,7 +8641,7 @@ inline __always_inline static void restore_interrupts(uint32_t status) {
  * \return The spinlock instance
  */
 inline __always_inline static spin_lock_t *spin_lock_instance(uint lock_num) {
-    ({if (((0 || 0) && !0)) (__builtin_expect(!(!(lock_num >= 32u)), 0) ? __assert_rtn(__func__, "sync.h", 226, "!(lock_num >= 32u)") : (void)0);});
+    ({if (((0 || 0) && !0)) (__builtin_expect(!(!(lock_num >= 32u)), 0) ? __assert_rtn ((const char *)-1L, "sync.h", 226, "!(lock_num >= 32u)") : (void)0);});
     return (spin_lock_t *) (0xd0000000u + 0x00000100u + lock_num * 4);
 }
 
@@ -8672,7 +8652,7 @@ inline __always_inline static spin_lock_t *spin_lock_instance(uint lock_num) {
  * \return The Spinlock ID
  */
 inline __always_inline static uint spin_lock_get_num(spin_lock_t *lock) {
-    ({if (((0 || 0) && !0)) (__builtin_expect(!(!((uint) lock < 0xd0000000u + 0x00000100u || (uint) lock >= 32u * sizeof(spin_lock_t) + 0xd0000000u + 0x00000100u || ((uint) lock - 0xd0000000u + 0x00000100u) % sizeof(spin_lock_t) != 0)), 0) ? __assert_rtn(__func__, "sync.h", 239, "!((uint) lock < 0xd0000000u + 0x00000100u || (uint) lock >= 32u * sizeof(spin_lock_t) + 0xd0000000u + 0x00000100u || ((uint) lock - 0xd0000000u + 0x00000100u) % sizeof(spin_lock_t) != 0)") : (void)0);});
+    ({if (((0 || 0) && !0)) (__builtin_expect(!(!((uint) lock < 0xd0000000u + 0x00000100u || (uint) lock >= 32u * sizeof(spin_lock_t) + 0xd0000000u + 0x00000100u || ((uint) lock - 0xd0000000u + 0x00000100u) % sizeof(spin_lock_t) != 0)), 0) ? __assert_rtn ((const char *)-1L, "sync.h", 239, "!((uint) lock < 0xd0000000u + 0x00000100u || (uint) lock >= 32u * sizeof(spin_lock_t) + 0xd0000000u + 0x00000100u || ((uint) lock - 0xd0000000u + 0x00000100u) % sizeof(spin_lock_t) != 0)") : (void)0);});
 
 
     return (uint) (lock - (spin_lock_t *) (0xd0000000u + 0x00000100u));
@@ -8929,29 +8909,29 @@ _Bool spin_lock_is_claimed(uint lock_num);
     static inline void vPortRecursiveLock(uint32_t ulLockNum, spin_lock_t *pxSpinLock, BaseType_t uxAcquire) {
         static uint8_t ucOwnedByCore[ 2 ];
         static uint8_t ucRecursionCountByLock[ 2 ];
-        (__builtin_expect(!(ulLockNum >= 0 && ulLockNum < 2), 0) ? __assert_rtn(__func__, "portmacro.h", 178, "ulLockNum >= 0 && ulLockNum < 2") : (void)0);
+        (__builtin_expect(!(ulLockNum >= 0 && ulLockNum < 2), 0) ? __assert_rtn ((const char *)-1L, "portmacro.h", 178, "ulLockNum >= 0 && ulLockNum < 2") : (void)0);
         uint32_t ulCoreNum = get_core_num();
         uint32_t ulLockBit = 1u << ulLockNum;
-        (__builtin_expect(!(ulLockBit < 256u), 0) ? __assert_rtn(__func__, "portmacro.h", 181, "ulLockBit < 256u") : (void)0);
+        (__builtin_expect(!(ulLockBit < 256u), 0) ? __assert_rtn ((const char *)-1L, "portmacro.h", 181, "ulLockBit < 256u") : (void)0);
         if( uxAcquire )
         {
             if( __builtin_expect( !*pxSpinLock, 0 ) )
             {
                 if( ucOwnedByCore[ulCoreNum] & ulLockBit )
                 {
-                    (__builtin_expect(!(ucRecursionCountByLock[ulLockNum] != 255u), 0) ? __assert_rtn(__func__, "portmacro.h", 188, "ucRecursionCountByLock[ulLockNum] != 255u") : (void)0);
+                    (__builtin_expect(!(ucRecursionCountByLock[ulLockNum] != 255u), 0) ? __assert_rtn ((const char *)-1L, "portmacro.h", 188, "ucRecursionCountByLock[ulLockNum] != 255u") : (void)0);
                     ucRecursionCountByLock[ulLockNum]++;
                     return;
                 }
                 while ( __builtin_expect( !*pxSpinLock, 0 ) );
             }
             __mem_fence_acquire();
-            (__builtin_expect(!(ucRecursionCountByLock[ulLockNum] == 0), 0) ? __assert_rtn(__func__, "portmacro.h", 195, "ucRecursionCountByLock[ulLockNum] == 0") : (void)0);
+            (__builtin_expect(!(ucRecursionCountByLock[ulLockNum] == 0), 0) ? __assert_rtn ((const char *)-1L, "portmacro.h", 195, "ucRecursionCountByLock[ulLockNum] == 0") : (void)0);
             ucRecursionCountByLock[ulLockNum] = 1;
             ucOwnedByCore[ulCoreNum] |= ulLockBit;
         } else {
-            (__builtin_expect(!((ucOwnedByCore[ulCoreNum] & ulLockBit) != 0), 0) ? __assert_rtn(__func__, "portmacro.h", 199, "(ucOwnedByCore[ulCoreNum] & ulLockBit) != 0") : (void)0);
-            (__builtin_expect(!(ucRecursionCountByLock[ulLockNum] != 0), 0) ? __assert_rtn(__func__, "portmacro.h", 200, "ucRecursionCountByLock[ulLockNum] != 0") : (void)0);
+            (__builtin_expect(!((ucOwnedByCore[ulCoreNum] & ulLockBit) != 0), 0) ? __assert_rtn ((const char *)-1L, "portmacro.h", 199, "(ucOwnedByCore[ulCoreNum] & ulLockBit) != 0") : (void)0);
+            (__builtin_expect(!(ucRecursionCountByLock[ulLockNum] != 0), 0) ? __assert_rtn ((const char *)-1L, "portmacro.h", 200, "ucRecursionCountByLock[ulLockNum] != 0") : (void)0);
             if( !--ucRecursionCountByLock[ulLockNum] )
             {
                 ucOwnedByCore[ulCoreNum] &= ~ulLockBit;
@@ -9593,7 +9573,7 @@ typedef StaticStreamBuffer_t StaticMessageBuffer_t;
 
 
 /* *INDENT-ON* */
-// # 38 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c" 2
+// # 43 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
@@ -13043,7 +13023,7 @@ void vTaskYieldWithinAPI( void );
 
 
 /* *INDENT-ON* */
-// # 39 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c" 2
+// # 44 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
@@ -14362,7 +14342,7 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
 
 
 /* *INDENT-ON* */
-// # 40 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c" 2
+// # 45 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
@@ -14423,7 +14403,7 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
 /*-----------------------------------------------------------*/
 
 /* Remove stack overflow macro if not being used. */
-// # 41 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c" 2
+// # 46 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
 /* Lint e9021, e961 and e750 are suppressed as a MISRA exception justified
  * because the MPU ports require MPU_WRAPPERS_INCLUDED_FROM_API_FILE to be defined
@@ -14433,7 +14413,7 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
 
 /* Set configUSE_STATS_FORMATTING_FUNCTIONS to 2 to include the stats formatting
  * functions but without including stdio.h here. */
-// # 68 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 73 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /* Values that can be assigned to the ucNotifyState member of the TCB. */
 
 
@@ -14490,18 +14470,18 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
 
 /* uxTopReadyPriority holds the priority of the highest priority ready
  * state task. */
-// # 132 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 137 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /*-----------------------------------------------------------*/
 
 /* Define away taskRESET_READY_PRIORITY() and portRESET_READY_PRIORITY() as
  * they are only required when a port optimised method of task selection is
  * being used. */
-// # 166 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 171 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 /* pxDelayedTaskList and pxOverflowDelayedTaskList are switched when the tick
  * count overflows. */
-// # 184 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 189 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 /*
@@ -14556,7 +14536,7 @@ typedef BaseType_t TaskRunning_t;
 typedef struct tskTaskControlBlock /* The old naming convention is used to prevent breaking kernel aware debuggers. */
 {
     volatile StackType_t * pxTopOfStack; /*< Points to the location of the last item placed on the tasks stack.  THIS MUST BE THE FIRST MEMBER OF THE TCB STRUCT. */
-// # 247 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 252 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     ListItem_t xStateListItem; /*< The list that the state list item of a task is reference from denotes the state of that task (Ready, Blocked, Suspended ). */
     ListItem_t xEventListItem; /*< Used to reference a task from an event list. */
     UBaseType_t uxPriority; /*< The priority of the task.  0 is the lowest priority. */
@@ -14564,7 +14544,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve
     volatile TaskRunning_t xTaskRunState; /*< Used to identify the core the task is running on, if any. */
     BaseType_t xIsIdle; /*< Used to identify the idle tasks. */
     char pcTaskName[ 16 ]; /*< Descriptive name given to the task when created.  Facilitates debugging only. */ /*lint !e971 Unqualified char types are allowed for strings and single characters only. */
-// # 264 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 269 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         UBaseType_t uxCriticalNesting; /*< Holds the critical section nesting depth for ports that do not maintain their own count in the port layer. */
 
 
@@ -14584,7 +14564,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve
 
 
         void * pvThreadLocalStoragePointers[ 5 ];
-// # 304 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 309 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         volatile uint32_t ulNotifiedValue[ 1 ];
         volatile uint8_t ucNotifyState[ 1 ];
 
@@ -14675,7 +14655,7 @@ const volatile UBaseType_t uxTopUsedPriority = 32 - 1U;
  * must not be done by an ISR. Reads must be protected by either lock and may be done by
  * either an ISR or a task. */
                 static volatile UBaseType_t uxSchedulerSuspended = ( UBaseType_t ) ( ( BaseType_t ) 0 );
-// # 404 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 409 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*lint -restore */
 
 /*-----------------------------------------------------------*/
@@ -14828,7 +14808,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
  * will exit the Blocked state.
  */
 static void prvResetNextTaskUnblockTime( void ) ;
-// # 568 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 573 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * Called after a Task_t structure has been allocated either statically or
  * dynamically to fill in the structure's members.
@@ -14860,96 +14840,9 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) ;
 
 
 /*-----------------------------------------------------------*/
-
-static BaseType_t prvGetCurrentYieldPending( void )
-{
-    BaseType_t xReturn;
-    UBaseType_t ulState;
-
-    ulState = ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;});
-    xReturn = xYieldPendings[ 0 ];
-    __asm volatile ("msr PRIMASK,%0"::"r" (ulState) : );
-
-    return xReturn;
-}
-
+// # 623 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-
-static void prvCheckForRunStateChange( void )
-{
-    UBaseType_t uxPrevCriticalNesting;
-    UBaseType_t uxPrevSchedulerSuspended;
-    TCB_t * pxThisTCB;
-
-    /* This should be skipped when entering a critical section within
-     * an ISR. If the task on the current core is no longer running, then
-     * vTaskSwitchContext() probably should be run before returning, but
-     * we don't have a way to force that to happen from here. */
-    if( ({ uint32_t ulIPSR; __asm volatile ("mrs %0, IPSR" : "=r" (ulIPSR)::); ((uint8_t)ulIPSR)>0;}) == ( ( BaseType_t ) 0 ) )
-    {
-        /* This function is always called with interrupts disabled
-         * so this is safe. */
-        pxThisTCB = pxCurrentTCBs[ 0 ];
-
-        while( pxThisTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )
-        {
-            /* We are only here if we just entered a critical section
-            * or if we just suspended the scheduler, and another task
-            * has requested that we yield.
-            *
-            * This is slightly complicated since we need to save and restore
-            * the suspension and critical nesting counts, as well as release
-            * and reacquire the correct locks. And then do it all over again
-            * if our state changed again during the reacquisition. */
-
-            uxPrevCriticalNesting = pxThisTCB->uxCriticalNesting;
-            uxPrevSchedulerSuspended = uxSchedulerSuspended;
-
-            /* this must only be called the first time we enter into a critical
-             * section, otherwise it could context switch in the middle of a
-             * critical section. */
-            (__builtin_expect(!(uxPrevCriticalNesting + uxPrevSchedulerSuspended == 1U), 0) ? __assert_rtn(__func__, "tasks.c", 647, "uxPrevCriticalNesting + uxPrevSchedulerSuspended == 1U") : (void)0);
-
-            uxSchedulerSuspended = 0U;
-
-            if( uxPrevCriticalNesting > 0U )
-            {
-                pxThisTCB->uxCriticalNesting = 0U;
-                vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 0 ));
-                vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 0 ));
-            }
-            else
-            {
-                /* uxPrevSchedulerSuspended must be 1 */
-                vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 0 ));
-            }
-
-            __asm volatile ( "" ::: "memory" );
-            (__builtin_expect(!(pxThisTCB->xTaskRunState == ( TaskRunning_t ) ( -2 )), 0) ? __assert_rtn(__func__, "tasks.c", 664, "pxThisTCB->xTaskRunState == ( TaskRunning_t ) ( -2 )") : (void)0);
-
-            vPortEnableInterrupts();
-
-            /* Enabling interrupts should cause this core to immediately
-             * service the pending interrupt and yield. If the run state is still
-             * yielding here then that is a problem. */
-            (__builtin_expect(!(pxThisTCB->xTaskRunState != ( TaskRunning_t ) ( -2 )), 0) ? __assert_rtn(__func__, "tasks.c", 671, "pxThisTCB->xTaskRunState != ( TaskRunning_t ) ( -2 )") : (void)0);
-
-            ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;});
-            vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 1 ));
-            vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 1 ));
-            xTaskGetCurrentTaskHandle()->uxCriticalNesting = uxPrevCriticalNesting;
-            uxSchedulerSuspended = uxPrevSchedulerSuspended;
-
-            if( uxPrevCriticalNesting == 0U )
-            {
-                /* uxPrevSchedulerSuspended must be 1 */
-                (__builtin_expect(!(uxPrevSchedulerSuspended != ( UBaseType_t ) ( ( BaseType_t ) 0 )), 0) ? __assert_rtn(__func__, "tasks.c", 682, "uxPrevSchedulerSuspended != ( UBaseType_t ) ( ( BaseType_t ) 0 )") : (void)0);
-                vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 0 ));
-            }
-        }
-    }
-}
-
+// # 706 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvYieldCore( BaseType_t xCoreID )
@@ -14967,11 +14860,13 @@ static void prvYieldCore( BaseType_t xCoreID )
         {
             xYieldPendings[ xCoreID ] = ( ( BaseType_t ) 1 );
         }
-        else
-        {
-            vYieldCore(xCoreID);
-            pxCurrentTCBs[ xCoreID ]->xTaskRunState = ( TaskRunning_t ) ( -2 );
-        }
+
+
+
+
+
+
+
     }
 }
 
@@ -14989,8 +14884,8 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
     /* THIS FUNCTION MUST BE CALLED FROM A CRITICAL SECTION */
 
-    (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn(__func__, "tasks.c", 728, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
-// # 741 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+    (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 747, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+// # 760 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     xLowestPriority = ( BaseType_t ) pxTCB->uxPriority;
 
     if( xPreemptEqualPriority == ( ( BaseType_t ) 0 ) )
@@ -15029,7 +14924,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
             {
                                         ;
             }
-// # 795 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 814 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
         else
         {
@@ -15042,7 +14937,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
         prvYieldCore( xLowestPriorityCore );
         xYieldCount++;
     }
-// # 815 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 834 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 /*-----------------------------------------------------------*/
 
@@ -15053,10 +14948,10 @@ static void prvYieldForTask( TCB_t * pxTCB,
         UBaseType_t uxCurrentPriority = uxTopReadyPriority;
         BaseType_t xTaskScheduled = ( ( BaseType_t ) 0 );
         BaseType_t xDecrementTopPriority = ( ( BaseType_t ) 1 );
-// # 833 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 852 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         while( xTaskScheduled == ( ( BaseType_t ) 0 ) )
         {
-// # 847 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 866 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             if( ( ( ( &( pxReadyTasksLists[ uxCurrentPriority ] ) )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) == ( ( BaseType_t ) 0 ) )
             {
                 List_t * const pxReadyList = &( pxReadyTasksLists[ uxCurrentPriority ] );
@@ -15086,7 +14981,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     pxTCB = pxTaskItem->pvOwner;
 
                     /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */
-// # 892 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 911 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     if( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -1 ) )
                     {
 
@@ -15107,7 +15002,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     }
                     else if( pxTCB == pxCurrentTCBs[ xCoreID ] )
                     {
-                        (__builtin_expect(!(( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )), 0) ? __assert_rtn(__func__, "tasks.c", 912, "( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )") : (void)0);
+                        (__builtin_expect(!(( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 931, "( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )") : (void)0);
 
 
 
@@ -15151,21 +15046,21 @@ static void prvYieldForTask( TCB_t * pxTCB,
                 return ( ( BaseType_t ) 0 );
             }
 
-            (__builtin_expect(!(( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )), 0) ? __assert_rtn(__func__, "tasks.c", 956, "( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )") : (void)0);
+            (__builtin_expect(!(( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 975, "( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )") : (void)0);
             uxCurrentPriority--;
         }
 
-        (__builtin_expect(!(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )), 0) ? __assert_rtn(__func__, "tasks.c", 960, "( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )") : (void)0);
-// # 1036 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+        (__builtin_expect(!(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 979, "( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )") : (void)0);
+// # 1055 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         return ( ( BaseType_t ) 1 );
     }
-// # 1052 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 1071 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1108 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 1149 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1155 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 1212 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1205 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 1278 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -15176,6 +15071,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                             void * const pvParameters,
                             UBaseType_t uxPriority,
                             TaskHandle_t * const pxCreatedTask )
+// # 1301 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     {
         TCB_t * pxNewTCB;
         BaseType_t xReturn;
@@ -15183,7 +15079,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
         /* If the stack grows down then allocate the stack then the TCB so the stack
          * does not grow into the TCB.  Likewise if the stack grows up then allocate
          * the TCB then the stack. */
-// # 1245 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 1331 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 StackType_t * pxStack;
 
@@ -15216,8 +15112,9 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
         if( pxNewTCB != ((void*)0) )
         {
-// # 1285 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 1371 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvInitialiseNewTask( pxTaskCode, pcName, ( uint32_t ) usStackDepth, pvParameters, uxPriority, pxCreatedTask, pxNewTCB, ((void*)0) );
+// # 1380 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvAddNewTaskToReadyList( pxNewTCB );
             xReturn = ( ( ( BaseType_t ) 1 ) );
         }
@@ -15243,7 +15140,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 {
     StackType_t * pxTopOfStack;
     UBaseType_t x;
-// # 1327 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 1421 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Avoid dependency on memset() if it is not required. */
 
         {
@@ -15262,10 +15159,10 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             pxTopOfStack = ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception.  Avoiding casts between pointers and integers is not practical.  Size differences accounted for using portPOINTER_SIZE_TYPE type.  Checked by assert(). */
 
             /* Check the alignment of the calculated top of stack is correct. */
-            (__builtin_expect(!(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )), 0) ? __assert_rtn(__func__, "tasks.c", 1345, "( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )") : (void)0);
-// # 1354 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+            (__builtin_expect(!(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1439, "( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )") : (void)0);
+// # 1448 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
-// # 1368 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 1462 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Store the task name in the TCB. */
     if( pcName != ((void*)0) )
     {
@@ -15331,7 +15228,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         {
             pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U;
         }
-// # 1452 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 1546 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* Avoid compiler warning about unreferenced parameter. */
             ( void ) xRegions;
@@ -15349,21 +15246,21 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             __builtin___memset_chk (( void * ) &( pxNewTCB->ulNotifiedValue[ 0 ] ), 0x00, sizeof( pxNewTCB->ulNotifiedValue ), __builtin_object_size (( void * ) &( pxNewTCB->ulNotifiedValue[ 0 ] ), 0));
             __builtin___memset_chk (( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ), __builtin_object_size (( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0));
         }
-// # 1481 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 1575 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             pxNewTCB->ucDelayAborted = ( ( BaseType_t ) 0 );
         }
-// # 1499 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 1593 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Initialize the TCB stack to look as if the task was already running,
      * but had been interrupted by the scheduler.  The return address is set
      * to the start of the task function. Once the stack has been initialised
      * the top of stack variable is updated. */
-// # 1527 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 1621 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* If the port has capability to detect stack overflow,
              * pass the stack end address to the stack initialization
              * function as well. */
-// # 1544 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 1638 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                 {
                     pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters );
                 }
@@ -15568,7 +15465,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
                 if( xTaskRunningOnCore == xCoreID )
                 {
-                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn(__func__, "tasks.c", 1748, "uxSchedulerSuspended == 0") : (void)0);
+                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1842, "uxSchedulerSuspended == 0") : (void)0);
                     vTaskYieldWithinAPI();
                 }
                 else
@@ -15591,12 +15488,12 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         TickType_t xTimeToWake;
         BaseType_t xAlreadyYielded, xShouldDelay = ( ( BaseType_t ) 0 );
 
-        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn(__func__, "tasks.c", 1771, "pxPreviousWakeTime") : (void)0);
-        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn(__func__, "tasks.c", 1772, "( xTimeIncrement > 0U )") : (void)0);
+        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1865, "pxPreviousWakeTime") : (void)0);
+        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1866, "( xTimeIncrement > 0U )") : (void)0);
 
         vTaskSuspendAll();
         {
-            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn(__func__, "tasks.c", 1776, "uxSchedulerSuspended == 1") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1870, "uxSchedulerSuspended == 1") : (void)0);
 
             /* Minor optimisation.  The tick count cannot change in this
              * block. */
@@ -15682,7 +15579,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         {
             vTaskSuspendAll();
             {
-                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn(__func__, "tasks.c", 1862, "uxSchedulerSuspended == 1") : (void)0);
+                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1956, "uxSchedulerSuspended == 1") : (void)0);
                                  ;
 
                 /* A task that is removed from the event list while the
@@ -15724,7 +15621,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         List_t const * pxStateList, * pxDelayedList, * pxOverflowedDelayedList;
         const TCB_t * const pxTCB = xTask;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn(__func__, "tasks.c", 1904, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1998, "pxTCB") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -15886,7 +15783,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         BaseType_t xYieldForTask = ( ( BaseType_t ) 0 );
         BaseType_t xCoreID;
 
-        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn(__func__, "tasks.c", 2066, "( uxNewPriority < 32 )") : (void)0);
+        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2160, "( uxNewPriority < 32 )") : (void)0);
 
         /* Ensure the new priority is valid. */
         if( uxNewPriority >= ( UBaseType_t ) 32 )
@@ -16040,13 +15937,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
 /*-----------------------------------------------------------*/
-// # 2254 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 2348 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2277 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 2371 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2295 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 2389 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2323 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 2417 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -16123,7 +16020,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                     if( xTaskRunningOnCore == 0 )
                     {
                         /* The current task has just been suspended. */
-                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn(__func__, "tasks.c", 2399, "uxSchedulerSuspended == 0") : (void)0);
+                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2493, "uxSchedulerSuspended == 0") : (void)0);
                         vTaskYieldWithinAPI();
                     }
                     else
@@ -16137,7 +16034,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                 {
                     vTaskExitCritical();
 
-                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn(__func__, "tasks.c", 2413, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
+                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2507, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
 
                     /* The scheduler is not running, but the task that was pointed
                      * to by pxCurrentTCB has just been suspended and pxCurrentTCB
@@ -16184,7 +16081,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         /* Accesses xPendingReadyList so must be called from a critical section. */
 
         /* It does not make sense to check if the calling task is suspended. */
-        (__builtin_expect(!(xTask), 0) ? __assert_rtn(__func__, "tasks.c", 2460, "xTask") : (void)0);
+        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2554, "xTask") : (void)0);
 
         /* Is the task being resumed actually in the suspended list? */
         if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &xSuspendedTaskList ) ) ? ( ( ( BaseType_t ) 1 ) ) : ( ( ( BaseType_t ) 0 ) ) ) != ( ( BaseType_t ) 0 ) )
@@ -16226,7 +16123,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         TCB_t * const pxTCB = xTaskToResume;
 
         /* It does not make sense to resume the calling task. */
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn(__func__, "tasks.c", 2502, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2596, "xTaskToResume") : (void)0);
 
         /* The parameter cannot be NULL as it is impossible to resume the
          * currently executing task. It is also impossible to resume a task
@@ -16278,7 +16175,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         TCB_t * const pxTCB = xTaskToResume;
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn(__func__, "tasks.c", 2554, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2648, "xTaskToResume") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -16399,7 +16296,7 @@ static BaseType_t prvCreateIdleTasks( void )
         {
                                     ;
         }
-// # 2722 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 2816 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 if( xCoreID == 0 )
                 {
@@ -16411,7 +16308,7 @@ static BaseType_t prvCreateIdleTasks( void )
                                            ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */
                                            &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */
                 }
-// # 2745 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 2839 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             }
 
     }
@@ -16448,7 +16345,7 @@ void vTaskStartScheduler( void )
          * so interrupts will automatically get re-enabled when the first task
          * starts to run. */
         ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;});
-// # 2792 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 2889 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL;
         xSchedulerRunning = ( ( BaseType_t ) 1 );
         xTickCount = ( TickType_t ) 0;
@@ -16480,7 +16377,7 @@ void vTaskStartScheduler( void )
         /* This line will only be reached if the kernel could not be started,
          * because there was not enough FreeRTOS heap to create the idle task
          * or the timer task. */
-        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn(__func__, "tasks.c", 2823, "xReturn != ( -1 )") : (void)0);
+        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2920, "xReturn != ( -1 )") : (void)0);
     }
 
     /* Prevent compiler warnings if INCLUDE_xTaskGetIdleTaskHandle is set to 0,
@@ -16545,7 +16442,7 @@ void vTaskSuspendAll( void )
     }
 }
 /*----------------------------------------------------------*/
-// # 2950 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 3047 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskResumeAll( void )
@@ -16568,7 +16465,7 @@ BaseType_t xTaskResumeAll( void )
 
             /* If uxSchedulerSuspended is zero then this function does not match a
              * previous call to vTaskSuspendAll(). */
-            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn(__func__, "tasks.c", 2972, "uxSchedulerSuspended") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3069, "uxSchedulerSuspended") : (void)0);
 
             --uxSchedulerSuspended;
             vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 0 ));
@@ -16726,7 +16623,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     /* If null is passed in here then the name of the calling task is being
      * queried. */
     pxTCB = ( ( ( xTaskToQuery ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTaskToQuery ) );
-    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn(__func__, "tasks.c", 3130, "pxTCB") : (void)0);
+    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3227, "pxTCB") : (void)0);
     return &( pxTCB->pcTaskName[ 0 ] );
 }
 /*-----------------------------------------------------------*/
@@ -16808,7 +16705,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
         TCB_t * pxTCB;
 
         /* Task names will be truncated to configMAX_TASK_NAME_LEN - 1 bytes. */
-        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn(__func__, "tasks.c", 3212, "strlen( pcNameToQuery ) < 16") : (void)0);
+        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3309, "strlen( pcNameToQuery ) < 16") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -16904,7 +16801,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                          * each task in the Suspended state. */
                         uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended );
                     }
-// # 3322 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 3419 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         if( pulTotalRunTime != ((void*)0) )
                         {
@@ -16932,7 +16829,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     {
         /* If xTaskGetIdleTaskHandle() is called before the scheduler has been
          * started, then xIdleTaskHandle will be NULL. */
-        (__builtin_expect(!(( xIdleTaskHandle != ((void*)0) )), 0) ? __assert_rtn(__func__, "tasks.c", 3349, "( xIdleTaskHandle != ((void*)0) )") : (void)0);
+        (__builtin_expect(!(( xIdleTaskHandle != ((void*)0) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3446, "( xIdleTaskHandle != ((void*)0) )") : (void)0);
         return &( xIdleTaskHandle[ 0 ] );
     }
 
@@ -16943,7 +16840,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
  * This is to ensure vTaskStepTick() is available when user defined low power mode
  * implementations require configUSE_TICKLESS_IDLE to be set to a value other than
  * 1. */
-// # 3373 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 3470 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
@@ -16952,7 +16849,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
 
     /* Must not be called with the scheduler suspended as the implementation
      * relies on xPendedTicks being wound down to 0 in xTaskResumeAll(). */
-    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn(__func__, "tasks.c", 3381, "uxSchedulerSuspended == 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3478, "uxSchedulerSuspended == 0") : (void)0);
 
     /* Use xPendedTicks to mimic xTicksToCatchUp number of ticks occurring when
      * the scheduler is suspended so the ticks are executed in xTaskResumeAll(). */
@@ -16971,7 +16868,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
         TCB_t * pxTCB = xTask;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn(__func__, "tasks.c", 3400, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3497, "pxTCB") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -17070,7 +16967,7 @@ BaseType_t xTaskIncrementTick( void )
 
             if( xConstTickCount == ( TickType_t ) 0U ) /*lint !e774 'if' does not always evaluate to false as it is looking for an overflow. */
             {
-                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn(__func__, "tasks.c", 3499, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
+                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3596, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
             }
             else
             {
@@ -17253,13 +17150,13 @@ BaseType_t xTaskIncrementTick( void )
     return xSwitchRequired;
 }
 /*-----------------------------------------------------------*/
-// # 3711 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 3808 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3735 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 3832 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3760 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 3857 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3793 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 3890 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 void vTaskSwitchContext( BaseType_t xCoreID )
@@ -17277,7 +17174,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
     {
         /* vTaskSwitchContext() must never be called from within a critical section.
          * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */
-        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn(__func__, "tasks.c", 3810, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
+        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3907, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
 
         if( uxSchedulerSuspended != ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
         {
@@ -17289,7 +17186,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
         {
             xYieldPendings[ xCoreID ] = ( ( BaseType_t ) 0 );
                                     ;
-// # 3851 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 3948 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             /* Check for stack overflow, if configured. */
             { const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } };
 
@@ -17306,7 +17203,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
                                    ;
 
             /* After the new task is switched in, update the global errno. */
-// # 3882 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 3982 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
     }
     vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 0 ));
@@ -17317,7 +17214,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
 void vTaskPlaceOnEventList( List_t * const pxEventList,
                             const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn(__func__, "tasks.c", 3892, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3992, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH EITHER INTERRUPTS DISABLED OR THE
      * SCHEDULER SUSPENDED AND THE QUEUE BEING ACCESSED LOCKED. */
@@ -17336,11 +17233,11 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                      const TickType_t xItemValue,
                                      const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn(__func__, "tasks.c", 3911, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4011, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event groups implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn(__func__, "tasks.c", 3915, "uxSchedulerSuspended != 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4015, "uxSchedulerSuspended != 0") : (void)0);
 
     /* Store the item value in the event list item.  It is safe to access the
      * event list item here as interrupts won't access the event list item of a
@@ -17364,7 +17261,7 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                           TickType_t xTicksToWait,
                                           const BaseType_t xWaitIndefinitely )
     {
-        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn(__func__, "tasks.c", 3939, "pxEventList") : (void)0);
+        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4039, "pxEventList") : (void)0);
 
         /* This function should not be called by application code hence the
          * 'Restricted' in its name.  It is not part of the public API.  It is
@@ -17412,14 +17309,14 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
      * This function assumes that a check has already been made to ensure that
      * pxEventList is not empty. */
     pxUnblockedTCB = ( ( &( ( pxEventList )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn(__func__, "tasks.c", 3987, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4087, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( &( pxUnblockedTCB->xEventListItem ) );
 
     if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
     {
         ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) );
         ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ;
-// # 4008 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 4108 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
     else
     {
@@ -17449,7 +17346,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event flags implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn(__func__, "tasks.c", 4037, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4137, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
 
     /* Store the new item value in the event list. */
     ( ( pxEventListItem )->xItemValue = ( xItemValue | 0x80000000UL ) );
@@ -17457,9 +17354,9 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
     /* Remove the event list form the event flag.  Interrupts do not access
      * event flags. */
     pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn(__func__, "tasks.c", 4045, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4145, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( pxEventListItem );
-// # 4062 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 4162 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Remove the task from the delayed list and add it to the ready list.  The
      * scheduler is suspended so interrupts will not be accessing the ready
      * lists. */
@@ -17478,7 +17375,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
 void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut )
 {
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn(__func__, "tasks.c", 4080, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4180, "pxTimeOut") : (void)0);
     vTaskEnterCritical();
     {
         pxTimeOut->xOverflowCount = xNumOfOverflows;
@@ -17501,8 +17398,8 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
 {
     BaseType_t xReturn;
 
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn(__func__, "tasks.c", 4103, "pxTimeOut") : (void)0);
-    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn(__func__, "tasks.c", 4104, "pxTicksToWait") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4203, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4204, "pxTicksToWait") : (void)0);
 
     vTaskEnterCritical();
     {
@@ -17617,7 +17514,7 @@ void vTaskMissedYield( void )
  *
  * @todo additional conditional compiles to remove this function.
  */
-// # 4279 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 4379 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * -----------------------------------------------------------
  * The Idle task.
@@ -17647,7 +17544,7 @@ static void prvIdleTask( void * pvParameters )
         /* See if any tasks have deleted themselves - if so then the idle task
          * is responsible for freeing the deleted task's TCB and stack. */
         prvCheckTasksWaitingTermination();
-// # 4320 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 4420 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 /* When using preemption tasks of equal priority will be
                  * timesliced.  If a task that is sharing the idle priority is ready
@@ -17668,16 +17565,16 @@ static void prvIdleTask( void * pvParameters )
                                             ;
                 }
             }
-// # 4356 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 4456 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         /* This conditional compilation should use inequality to 0, not equality
          * to 1.  This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when
          * user defined low power mode  implementations require
          * configUSE_TICKLESS_IDLE to be set to a value other than 1. */
-// # 4421 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 4521 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 }
 /*-----------------------------------------------------------*/
-// # 4471 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 4571 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -17691,7 +17588,7 @@ static void prvIdleTask( void * pvParameters )
         if( xIndex < 5 )
         {
             pxTCB = ( ( ( xTaskToSet ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSet ) );
-            (__builtin_expect(!(pxTCB != ((void*)0)), 0) ? __assert_rtn(__func__, "tasks.c", 4484, "pxTCB != ((void*)0)") : (void)0);
+            (__builtin_expect(!(pxTCB != ((void*)0)), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4584, "pxTCB != ((void*)0)") : (void)0);
             pxTCB->pvThreadLocalStoragePointers[ xIndex ] = pvValue;
         }
     }
@@ -17722,7 +17619,7 @@ static void prvIdleTask( void * pvParameters )
 
 
 /*-----------------------------------------------------------*/
-// # 4531 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 4631 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvInitialiseTaskLists( void )
@@ -17824,7 +17721,7 @@ static void prvCheckTasksWaitingTermination( void )
             {
                 pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority;
             }
-// # 4643 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 4743 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 pxTaskStatus->ulRunTimeCounter = 0;
             }
@@ -17945,7 +17842,7 @@ static void prvCheckTasksWaitingTermination( void )
 
 
 /*-----------------------------------------------------------*/
-// # 4802 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 4902 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -18002,7 +17899,7 @@ static void prvCheckTasksWaitingTermination( void )
                 vPortFree( pxTCB->pxStack );
                 vPortFree( pxTCB );
             }
-// # 4885 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 4985 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 
 
@@ -18193,8 +18090,8 @@ static void prvResetNextTaskUnblockTime( void )
              * If the mutex is held by a task then it cannot be given from an
              * interrupt, and if a mutex is given by the holding task then it must
              * be the running state task. */
-            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn(__func__, "tasks.c", 5075, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn(__func__, "tasks.c", 5076, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5175, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5176, "pxTCB->uxMutexesHeld") : (void)0);
             ( pxTCB->uxMutexesHeld )--;
 
             /* Has the holder of the mutex inherited the priority of another
@@ -18273,7 +18170,7 @@ static void prvResetNextTaskUnblockTime( void )
         {
             /* If pxMutexHolder is not NULL then the holder must hold at least
              * one mutex. */
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn(__func__, "tasks.c", 5155, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5255, "pxTCB->uxMutexesHeld") : (void)0);
 
             /* Determine the priority to which the priority of the task that
              * holds the mutex should be set.  This will be the greater of the
@@ -18300,7 +18197,7 @@ static void prvResetNextTaskUnblockTime( void )
                     /* If a task has timed out because it already holds the
                      * mutex it was trying to obtain then it cannot of inherited
                      * its own priority. */
-                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn(__func__, "tasks.c", 5182, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
+                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5282, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
 
                     /* Disinherit the priority, remembering the previous
                      * priority to facilitate determining the subject task's
@@ -18431,7 +18328,7 @@ void vTaskYieldWithinAPI( void )
         {
             /* If pxCurrentTCB->uxCriticalNesting is zero then this function
              * does not match a previous call to vTaskEnterCritical(). */
-            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn(__func__, "tasks.c", 5313, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5413, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
 
             if( xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U )
             {
@@ -18481,11 +18378,11 @@ void vTaskYieldWithinAPI( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5389 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 5489 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 5495 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 5595 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
-// # 5622 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 5722 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 TickType_t uxTaskResetEventItemValue( void )
@@ -18527,7 +18424,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         uint32_t ulReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn(__func__, "tasks.c", 5663, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5763, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -18601,7 +18498,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn(__func__, "tasks.c", 5737, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5837, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -18689,8 +18586,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         uint8_t ucOriginalNotifyState;
 
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn(__func__, "tasks.c", 5825, "uxIndexToNotify < 1") : (void)0);
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn(__func__, "tasks.c", 5826, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5925, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5926, "xTaskToNotify") : (void)0);
         pxTCB = xTaskToNotify;
 
         vTaskEnterCritical();
@@ -18743,7 +18640,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn(__func__, "tasks.c", 5879, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5979, "xTickCount == ( TickType_t ) 0") : (void)0);
 
                     break;
             }
@@ -18758,8 +18655,8 @@ TickType_t uxTaskResetEventItemValue( void )
                 ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
 
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0)), 0) ? __assert_rtn(__func__, "tasks.c", 5894, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0)") : (void)0);
-// # 5913 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0)), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5994, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0)") : (void)0);
+// # 6013 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         prvYieldForTask( pxTCB, ( ( BaseType_t ) 0 ) );
                     }
@@ -18792,8 +18689,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn(__func__, "tasks.c", 5945, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn(__func__, "tasks.c", 5946, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6045, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6046, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -18864,7 +18761,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn(__func__, "tasks.c", 6017, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6117, "xTickCount == ( TickType_t ) 0") : (void)0);
                     break;
             }
 
@@ -18875,7 +18772,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0)), 0) ? __assert_rtn(__func__, "tasks.c", 6028, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0)") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0)), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6128, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0)") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -18920,8 +18817,8 @@ TickType_t uxTaskResetEventItemValue( void )
         uint8_t ucOriginalNotifyState;
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn(__func__, "tasks.c", 6073, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn(__func__, "tasks.c", 6074, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6173, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6174, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -18959,7 +18856,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0)), 0) ? __assert_rtn(__func__, "tasks.c", 6112, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0)") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0)), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6212, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0)") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -19000,7 +18897,7 @@ TickType_t uxTaskResetEventItemValue( void )
         TCB_t * pxTCB;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn(__func__, "tasks.c", 6153, "uxIndexToClear < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6253, "uxIndexToClear < 1") : (void)0);
 
         /* If null is passed in here then it is the calling task that is having
          * its notification state cleared. */
@@ -19053,7 +18950,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
 
 /*-----------------------------------------------------------*/
-// # 6222 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 6322 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
@@ -19129,7 +19026,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                 }
             }
         }
-// # 6334 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/tasks.c"
+// # 6434 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 
 /* Code below here allows additional code to be inserted into this source file,

From da0c8ffb76077bfef25c7d25ca8ef10dcafd2f51 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Fri, 21 Oct 2022 11:44:53 -0400
Subject: [PATCH 034/289] Replaced problematic system headers by VeriFast
 headers.

---
 .../preprocess_tasks_c.sh                     |    1 +
 .../verifast/preprocessed_files/tasks--pp.c   | 6246 +++--------------
 2 files changed, 850 insertions(+), 5397 deletions(-)

diff --git a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
index df3c6796adf..1d114b04277 100755
--- a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
+++ b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
@@ -25,6 +25,7 @@ mkdir $LOG_PP_OUT_DIR
 
 clang -E -C  -DFREE_RTOS_KERNEL_SMP=1 -DLIB_FREERTOS_KERNEL=1 -DLIB_PICO_BIT_OPS=1 -DLIB_PICO_BIT_OPS_PICO=1 -DLIB_PICO_DIVIDER=1 -DLIB_PICO_DIVIDER_HARDWARE=1 -DLIB_PICO_DOUBLE=1 -DLIB_PICO_DOUBLE_PICO=1 -DLIB_PICO_FLOAT=1 -DLIB_PICO_FLOAT_PICO=1 -DLIB_PICO_INT64_OPS=1 -DLIB_PICO_INT64_OPS_PICO=1 -DLIB_PICO_MALLOC=1 -DLIB_PICO_MEM_OPS=1 -DLIB_PICO_MEM_OPS_PICO=1 -DLIB_PICO_MULTICORE=1 -DLIB_PICO_PLATFORM=1 -DLIB_PICO_PRINTF=1 -DLIB_PICO_PRINTF_PICO=1 -DLIB_PICO_RUNTIME=1 -DLIB_PICO_STANDARD_LINK=1 -DLIB_PICO_STDIO=1 -DLIB_PICO_STDIO_UART=1 -DLIB_PICO_STDLIB=1 -DLIB_PICO_SYNC=1 -DLIB_PICO_SYNC_CORE=1 -DLIB_PICO_SYNC_CRITICAL_SECTION=1 -DLIB_PICO_SYNC_MUTEX=1 -DLIB_PICO_SYNC_SEM=1 -DLIB_PICO_TIME=1 -DLIB_PICO_UTIL=1 -DPICO_BOARD=\"pico\" -DPICO_BUILD=1 -DPICO_CMAKE_BUILD_TYPE=\"Release\" -DPICO_COPY_TO_RAM=0 -DPICO_CXX_ENABLE_EXCEPTIONS=0 -DPICO_NO_FLASH=0 -DPICO_NO_HARDWARE=0 -DPICO_ON_DEVICE=1 -DPICO_STACK_SIZE=0x1000 -DPICO_TARGET_NAME=\"on_core_one\" -DPICO_USE_BLOCKED_RAM=0 -DmainRUN_FREE_RTOS_ON_CORE=1 \
 -DVERIFAST \
+-I/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin \
 -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup \
 -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore \
 -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include \
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index 744b5301ce2..cba07171bf0 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -38,4919 +38,371 @@
  * This file contains defines to configure the VeriFast proof setup.
  *
  */
-// # 30 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
-
-
-/* Standard includes. */
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 1 3 4
-/*
- * Copyright (c) 2000, 2002 - 2008 Apple Inc. All rights reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- * 
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- * 
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- * 
- * @APPLE_LICENSE_HEADER_END@
- */
-/*-
- * Copyright (c) 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)stdlib.h	8.5 (Berkeley) 5/19/95
- */
-
-
-
-
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/Availability.h" 1 3 4
-/*
- * Copyright (c) 2007-2016 by Apple Inc.. All rights reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- * 
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- * 
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- * 
- * @APPLE_LICENSE_HEADER_END@
- */
-
-
-
- /*     
-    These macros are for use in OS header files. They enable function prototypes
-    and Objective-C methods to be tagged with the OS version in which they
-    were first available; and, if applicable, the OS version in which they 
-    became deprecated.  
-     
-    The desktop Mac OS X and iOS each have different version numbers.
-    The __OSX_AVAILABLE_STARTING() macro allows you to specify both the desktop
-    and iOS version numbers.  For instance:
-        __OSX_AVAILABLE_STARTING(__MAC_10_2,__IPHONE_2_0)
-    means the function/method was first available on Mac OS X 10.2 on the desktop
-    and first available in iOS 2.0 on the iPhone.
-    
-    If a function is available on one platform, but not the other a _NA (not
-    applicable) parameter is used.  For instance:
-            __OSX_AVAILABLE_STARTING(__MAC_10_3,__IPHONE_NA)
-    means that the function/method was first available on Mac OS X 10.3, and it
-    currently not implemented on the iPhone.
-
-    At some point, a function/method may be deprecated.  That means Apple
-    recommends applications stop using the function, either because there is a 
-    better replacement or the functionality is being phased out.  Deprecated
-    functions/methods can be tagged with a __OSX_AVAILABLE_BUT_DEPRECATED()
-    macro which specifies the OS version where the function became available
-    as well as the OS version in which it became deprecated.  For instance:
-        __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_0,__MAC_10_5,__IPHONE_NA,__IPHONE_NA)
-    means that the function/method was introduced in Mac OS X 10.0, then
-    became deprecated beginning in Mac OS X 10.5.  On iOS the function 
-    has never been available.  
-    
-    For these macros to function properly, a program must specify the OS version range 
-    it is targeting.  The min OS version is specified as an option to the compiler:
-    -mmacosx-version-min=10.x when building for Mac OS X, and -miphoneos-version-min=y.z
-    when building for the iPhone.  The upper bound for the OS version is rarely needed,
-    but it can be set on the command line via: -D__MAC_OS_X_VERSION_MAX_ALLOWED=10x0 for
-    Mac OS X and __IPHONE_OS_VERSION_MAX_ALLOWED = y0z00 for iOS.  
-    
-    Examples:
-
-        A function available in Mac OS X 10.5 and later, but not on the phone:
-        
-            extern void mymacfunc() __OSX_AVAILABLE_STARTING(__MAC_10_5,__IPHONE_NA);
-
-
-        An Objective-C method in Mac OS X 10.5 and later, but not on the phone:
-        
-            @interface MyClass : NSObject
-            -(void) mymacmethod __OSX_AVAILABLE_STARTING(__MAC_10_5,__IPHONE_NA);
-            @end
-
-        
-        An enum available on the phone, but not available on Mac OS X:
-        
-            #if __IPHONE_OS_VERSION_MIN_REQUIRED
-                enum { myEnum = 1 };
-            #endif
-           Note: this works when targeting the Mac OS X platform because 
-           __IPHONE_OS_VERSION_MIN_REQUIRED is undefined which evaluates to zero. 
-        
-
-        An enum with values added in different iPhoneOS versions:
-		
-			enum {
-			    myX  = 1,	// Usable on iPhoneOS 2.1 and later
-			    myY  = 2,	// Usable on iPhoneOS 3.0 and later
-			    myZ  = 3,	// Usable on iPhoneOS 3.0 and later
-				...
-		      Note: you do not want to use #if with enumeration values
-			  when a client needs to see all values at compile time
-			  and use runtime logic to only use the viable values.
-			  
-
-    It is also possible to use the *_VERSION_MIN_REQUIRED in source code to make one
-    source base that can be compiled to target a range of OS versions.  It is best
-    to not use the _MAC_* and __IPHONE_* macros for comparisons, but rather their values.
-    That is because you might get compiled on an old OS that does not define a later
-    OS version macro, and in the C preprocessor undefined values evaluate to zero
-    in expresssions, which could cause the #if expression to evaluate in an unexpected
-    way.
-    
-        #ifdef __MAC_OS_X_VERSION_MIN_REQUIRED
-            // code only compiled when targeting Mac OS X and not iPhone
-            // note use of 1050 instead of __MAC_10_5
-            #if __MAC_OS_X_VERSION_MIN_REQUIRED < 1050
-                // code in here might run on pre-Leopard OS
-            #else
-                // code here can assume Leopard or later
-            #endif
-        #endif
-
-
-*/
-
-/* 
- * __API_TO_BE_DEPRECATED is used as a version number in API that will be deprecated 
- * in an upcoming release. This soft deprecation is an intermediate step before formal 
- * deprecation to notify developers about the API before compiler warnings are generated.
- * You can find all places in your code that use soft deprecated API by redefining the 
- * value of this macro to your current minimum deployment target, for example:
- * (macOS)
- *   clang -D__API_TO_BE_DEPRECATED=10.12 
- * (iOS)
- *   clang -D__API_TO_BE_DEPRECATED=11.0 
- */
-
-
-
-
-
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/AvailabilityVersions.h" 1 3 4
-/*
- * Copyright (c) 2019 by Apple Inc.. All rights reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- * 
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- * 
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- * 
- * @APPLE_LICENSE_HEADER_END@
- */
-// # 70 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/AvailabilityVersions.h" 3 4
-/* __MAC_NA is not defined to a value but is used as a token by macros to indicate that the API is unavailable */
-// # 132 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/AvailabilityVersions.h" 3 4
-/* __IPHONE_NA is not defined to a value but is used as a token by macros to indicate that the API is unavailable */
-// # 200 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/AvailabilityVersions.h" 3 4
-/*
- * Set up standard Mac OS X versions
- */
-// # 136 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/Availability.h" 2 3 4
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/AvailabilityInternal.h" 1 3 4
-/*
- * Copyright (c) 2007-2016 by Apple Inc.. All rights reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- * 
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- * 
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- * 
- * @APPLE_LICENSE_HEADER_END@
- */
-
-/*
-    File:       AvailabilityInternal.h
- 
-    Contains:   implementation details of __OSX_AVAILABLE_* macros from 
-
-*/
-// # 39 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/AvailabilityInternal.h" 3 4
-        /* compiler for Mac OS X sets __ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ */
-// # 91 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/AvailabilityInternal.h" 3 4
-    /* make sure a default max version is set */
-// # 2921 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/AvailabilityInternal.h" 3 4
-            /* use better attributes if possible */
-// # 4435 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/AvailabilityInternal.h" 3 4
-/*
- Macros for defining which versions/platform a given symbol can be used.
- 
- @see http://clang.llvm.org/docs/AttributeReference.html#availability
- */
-// # 4566 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/AvailabilityInternal.h" 3 4
-    /*
-     * API Unavailability
-     * Use to specify that an API is unavailable for a particular platform.
-     *
-     * Example:
-     *    __API_UNAVAILABLE(macos)
-     *    __API_UNAVAILABLE(watchos, tvos)
-     */
-// # 4647 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/AvailabilityInternal.h" 3 4
-/*
- * Swift compiler version
- * Allows for project-agnostic "epochs" for frameworks imported into Swift via the Clang importer, like #if _compiler_version for Swift
- * Example:
- *
- *  #if __swift_compiler_version_at_least(800, 2, 20)
- *  - (nonnull NSString *)description;
- *  #else
- *  - (NSString *)description;
- *  #endif
- */
-// # 4667 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/AvailabilityInternal.h" 3 4
-/*
- * If __SPI_AVAILABLE has not been defined elsewhere, disable it.
- */
-// # 137 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/Availability.h" 2 3 4
-// # 213 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/Availability.h" 3 4
-/* for use to document app extension usage */
-// # 231 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/Availability.h" 3 4
-/* for use marking APIs available info for Mac OSX */
-// # 253 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/Availability.h" 3 4
-/* for use marking APIs available info for iOS */
-// # 280 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/Availability.h" 3 4
-/* for use marking APIs available info for tvOS */
-// # 307 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/Availability.h" 3 4
-/* for use marking APIs available info for Watch OS */
-// # 334 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/Availability.h" 3 4
-/* for use marking APIs unavailable for swift */
-// # 350 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/Availability.h" 3 4
-/*
- Macros for defining which versions/platform a given symbol can be used.
- 
- @see http://clang.llvm.org/docs/AttributeReference.html#availability
- 
- * Note that these macros are only compatible with clang compilers that
- * support the following target selection options:
- *
- * -mmacosx-version-min
- * -miphoneos-version-min
- * -mwatchos-version-min
- * -mtvos-version-min
- */
-
-
-
-
-    /*
-     * API Introductions
-     *
-     * Use to specify the release that a particular API became available.
-     *
-     * Platform names:
-     *   macos, ios, tvos, watchos
-     *
-     * Examples:
-     *    __API_AVAILABLE(macos(10.10))
-     *    __API_AVAILABLE(macos(10.9), ios(10.0))
-     *    __API_AVAILABLE(macos(10.4), ios(8.0), watchos(2.0), tvos(10.0))
-     *    __API_AVAILABLE(driverkit(19.0))
-     */
-
-
-
-
-
-    /*
-     * API Deprecations
-     *
-     * Use to specify the release that a particular API became unavailable.
-     *
-     * Platform names:
-     *   macos, ios, tvos, watchos
-     *
-     * Examples:
-     *
-     *    __API_DEPRECATED("No longer supported", macos(10.4, 10.8))
-     *    __API_DEPRECATED("No longer supported", macos(10.4, 10.8), ios(2.0, 3.0), watchos(2.0, 3.0), tvos(9.0, 10.0))
-     *
-     *    __API_DEPRECATED_WITH_REPLACEMENT("-setName:", tvos(10.0, 10.4), ios(9.0, 10.0))
-     *    __API_DEPRECATED_WITH_REPLACEMENT("SomeClassName", macos(10.4, 10.6), watchos(2.0, 3.0))
-     */
-// # 411 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/Availability.h" 3 4
-    /*
-     * API Unavailability
-     * Use to specify that an API is unavailable for a particular platform.
-     *
-     * Example:
-     *    __API_UNAVAILABLE(macos)
-     *    __API_UNAVAILABLE(watchos, tvos)
-     */
-// # 466 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/Availability.h" 3 4
-/*
- * If SPI decorations have not been defined elsewhere, disable them.
- */
-// # 62 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 2 3 4
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 1 3 4
-/* This is a stub used for the VeriFast proof. */
-
-/*
- * Copyright (c) 2000-2018 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-/* Copyright 1995 NeXT Computer, Inc. All rights reserved. */
-/*
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * This code is derived from software contributed to Berkeley by
- * Berkeley Software Design, Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)cdefs.h	8.8 (Berkeley) 1/9/95
- */
-
-
-
-
-/* Verifast proof setup */
-
-    /*
-     * The proof setup header is already included at the top of the proof target,
-     * e.g., `tasks.c`. But it seems like the contained defines are not propagated
-     * to this file.
-     */
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_proof_defs.h" 1 3 4
-/*
- * This file contains defines to configure the VeriFast proof setup.
- *
- */
-// # 80 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 2 3 4
-// # 90 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
-/* This SDK is designed to work with clang and specific versions of
- * gcc >= 4.0 with Apple's patch sets */
-
-
-
-
-/*
- * Compatibility with compilers and environments that don't support compiler
- * feature checking function-like macros.
- */
-// # 116 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
-/*
- * The __CONCAT macro is used to concatenate parts of symbol names, e.g.
- * with "#define OLD(foo) __CONCAT(old,foo)", OLD(foo) produces oldfoo.
- * The __CONCAT macro is a bit tricky -- make sure you don't put spaces
- * in between its arguments.  __CONCAT can also concatenate double-quoted
- * strings produced by the __STRING macro, but this only works with ANSI C.
- */
-// # 167 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
-/*
- * __pure2 can be used for functions that are only a function of their scalar
- * arguments (meaning they can't dereference pointers).
- *
- * __stateful_pure can be used for functions that have no side effects,
- * but depend on the state of the memory.
- */
-
-
-
-
-/* __unused denotes variables and functions that may not be used, preventing
- * the compiler from warning about it if not used.
- */
-
-
-/* __used forces variables and functions to be included even if it appears
- * to the compiler that they are not used (and would thust be discarded).
- */
-
-
-/* __cold marks code used for debugging or that is rarely taken
- * and tells the compiler to optimize for size and outline code.
- */
-
-
-
-
-
-
-/* __exported denotes symbols that should be exported even when symbols
- * are hidden by default.
- * __exported_push/_exported_pop are pragmas used to delimit a range of
- *  symbols that should be exported even when symbols are hidden by default.
- */
-
-
-
-
-/* __deprecated causes the compiler to produce a warning when encountering
- * code using the deprecated functionality.
- * __deprecated_msg() does the same, and compilers that support it will print
- * a message along with the deprecation warning.
- * This may require turning on such warning with the -Wdeprecated flag.
- * __deprecated_enum_msg() should be used on enums, and compilers that support
- * it will print the deprecation warning.
- * __kpi_deprecated() specifically indicates deprecation of kernel programming
- * interfaces in Kernel.framework used by KEXTs.
- */
-// # 233 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
-/* __unavailable causes the compiler to error out when encountering
- * code using the tagged function
- */
-// # 250 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
-/* Delete pseudo-keywords wherever they are not available or needed. */
-
-
-
-
-
-/*
- * We use `__restrict' as a way to define the `restrict' type qualifier
- * without disturbing older software that is unaware of C99 keywords.
- */
-
-
-
-
-
-
-/* Compatibility with compilers and environments that don't support the
- * nullability feature.
- */
-// # 291 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
-/*
- * __disable_tail_calls causes the compiler to not perform tail call
- * optimization inside the marked function.
- */
-
-
-
-
-
-
-/*
- * __not_tail_called causes the compiler to prevent tail call optimization
- * on statically bound calls to the function.  It has no effect on indirect
- * calls.  Virtual functions, objective-c methods, and functions marked as
- * "always_inline" cannot be marked as __not_tail_called.
- */
-
-
-
-
-
-
-/*
- * __result_use_check warns callers of a function that not using the function
- * return value is a bug, i.e. dismissing malloc() return value results in a
- * memory leak.
- */
-
-
-
-
-
-
-/*
- * __swift_unavailable causes the compiler to mark a symbol as specifically
- * unavailable in Swift, regardless of any other availability in C.
- */
-
-
-
-
-
-
-/*
- * __abortlike is the attribute to put on functions like abort() that are
- * typically used to mark assertions. These optimize the codegen
- * for outlining while still maintaining debugability.
- */
-
-
-
-
-/* Declaring inline functions within headers is error-prone due to differences
- * across various versions of the C language and extensions.  __header_inline
- * can be used to declare inline functions within system headers.  In cases
- * where you want to force inlining instead of letting the compiler make
- * the decision, you can use __header_always_inline.
- *
- * Be aware that using inline for functions which compilers may also provide
- * builtins can behave differently under various compilers.  If you intend to
- * provide an inline version of such a function, you may want to use a macro
- * instead.
- *
- * The check for !__GNUC__ || __clang__ is because gcc doesn't correctly
- * support c99 inline in some cases:
- * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55965
- */
-// # 384 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
-/*
- * Compiler-dependent macros that bracket portions of code where the
- * "-Wunreachable-code" warning should be ignored. Please use sparingly.
- */
-// # 405 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
-/*
- * Compiler-dependent macros to declare that functions take printf-like
- * or scanf-like arguments.  They are null except for versions of gcc
- * that are known to support the features properly.  Functions declared
- * with these attributes will cause compilation warnings if there is a
- * mismatch between the format string and subsequent function parameter
- * types.
- */
-// # 440 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
-/* Source compatibility only, ID string not emitted in object file */
-// # 457 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
-/*
- * __alloc_size can be used to label function arguments that represent the
- * size of memory that the function allocates and returns. The one-argument
- * form labels a single argument that gives the allocation size (where the
- * arguments are numbered from 1):
- *
- * void	*malloc(size_t __size) __alloc_size(1);
- *
- * The two-argument form handles the case where the size is calculated as the
- * product of two arguments:
- *
- * void	*calloc(size_t __count, size_t __size) __alloc_size(1,2);
- */
-// # 478 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
-/*
- * COMPILATION ENVIRONMENTS -- see compat(5) for additional detail
- *
- * DEFAULT	By default newly complied code will get POSIX APIs plus
- *		Apple API extensions in scope.
- *
- *		Most users will use this compilation environment to avoid
- *		behavioral differences between 32 and 64 bit code.
- *
- * LEGACY	Defining _NONSTD_SOURCE will get pre-POSIX APIs plus Apple
- *		API extensions in scope.
- *
- *		This is generally equivalent to the Tiger release compilation
- *		environment, except that it cannot be applied to 64 bit code;
- *		its use is discouraged.
- *
- *		We expect this environment to be deprecated in the future.
- *
- * STRICT	Defining _POSIX_C_SOURCE or _XOPEN_SOURCE restricts the
- *		available APIs to exactly the set of APIs defined by the
- *		corresponding standard, based on the value defined.
- *
- *		A correct, portable definition for _POSIX_C_SOURCE is 200112L.
- *		A correct, portable definition for _XOPEN_SOURCE is 600L.
- *
- *		Apple API extensions are not visible in this environment,
- *		which can cause Apple specific code to fail to compile,
- *		or behave incorrectly if prototypes are not in scope or
- *		warnings about missing prototypes are not enabled or ignored.
- *
- * In any compilation environment, for correct symbol resolution to occur,
- * function prototypes must be in scope.  It is recommended that all Apple
- * tools users add either the "-Wall" or "-Wimplicit-function-declaration"
- * compiler flags to their projects to be warned when a function is being
- * used without a prototype in scope.
- */
-
-/* These settings are particular to each product. */
-// # 526 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
-/*
- * The __DARWIN_ALIAS macros are used to do symbol renaming; they allow
- * legacy code to use the old symbol, thus maintaining binary compatibility
- * while new code can use a standards compliant version of the same function.
- *
- * __DARWIN_ALIAS is used by itself if the function signature has not
- * changed, it is used along with a #ifdef check for __DARWIN_UNIX03
- * if the signature has changed.  Because the __LP64__ environment
- * only supports UNIX03 semantics it causes __DARWIN_UNIX03 to be
- * defined, but causes __DARWIN_ALIAS to do no symbol mangling.
- *
- * As a special case, when XCode is used to target a specific version of the
- * OS, the manifest constant __ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__
- * will be defined by the compiler, with the digits representing major version
- * time 100 + minor version times 10 (e.g. 10.5 := 1050).  If we are targeting
- * pre-10.5, and it is the default compilation environment, revert the
- * compilation environment to pre-__DARWIN_UNIX03.
- */
-// # 560 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
-/*
- * symbol suffixes used for symbol versioning
- */
-// # 605 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
-/*
- * symbol versioning macros
- */
-// # 623 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
-/*
- * symbol release macros
- */
-
-
-
-/*
- * POSIX.1 requires that the macros we test be defined before any standard
- * header file is included.  This permits us to convert values for feature
- * testing, as necessary, using only _POSIX_C_SOURCE.
- *
- * Here's a quick run-down of the versions:
- *  defined(_POSIX_SOURCE)		1003.1-1988
- *  _POSIX_C_SOURCE == 1L		1003.1-1990
- *  _POSIX_C_SOURCE == 2L		1003.2-1992 C Language Binding Option
- *  _POSIX_C_SOURCE == 199309L		1003.1b-1993
- *  _POSIX_C_SOURCE == 199506L		1003.1c-1995, 1003.1i-1995,
- *					and the omnibus ISO/IEC 9945-1: 1996
- *  _POSIX_C_SOURCE == 200112L		1003.1-2001
- *  _POSIX_C_SOURCE == 200809L		1003.1-2008
- *
- * In addition, the X/Open Portability Guide, which is now the Single UNIX
- * Specification, defines a feature-test macro which indicates the version of
- * that specification, and which subsumes _POSIX_C_SOURCE.
- */
-
-/* Deal with IEEE Std. 1003.1-1990, in which _POSIX_C_SOURCE == 1L. */
-
-
-
-
-
-/* Deal with IEEE Std. 1003.2-1992, in which _POSIX_C_SOURCE == 2L. */
-
-
-
-
-
-/* Deal with various X/Open Portability Guides and Single UNIX Spec. */
-// # 675 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
-/*
- * Deal with all versions of POSIX.  The ordering relative to the tests above is
- * important.
- */
-
-
-
-
-/* POSIX C deprecation macros */
-
-
-/*
- * Set a single macro which will always be defined and can be used to determine
- * the appropriate namespace.  For POSIX, these values will correspond to
- * _POSIX_C_SOURCE value.  Currently there are two additional levels corresponding
- * to ANSI (_ANSI_SOURCE) and Darwin extensions (_DARWIN_C_SOURCE)
- */
-// # 703 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
-/* If the developer has neither requested a strict language mode nor a version
- * of POSIX, turn on functionality provided by __STDC_WANT_LIB_EXT1__ as part
- * of __DARWIN_C_FULL.
- */
-
-
-
-
-/*
- * long long is not supported in c89 (__STRICT_ANSI__), but g++ -ansi and
- * c99 still want long longs.  While not perfect, we allow long longs for
- * g++.
- */
-
-
-
-
-
-
-/*****************************************
-*  Public darwin-specific feature macros
-*****************************************/
-
-/*
- * _DARWIN_FEATURE_64_BIT_INODE indicates that the ino_t type is 64-bit, and
- * structures modified for 64-bit inodes (like struct stat) will be used.
- */
-
-
-
-
-/*
- * _DARWIN_FEATURE_64_ONLY_BIT_INODE indicates that the ino_t type may only
- * be 64-bit; there is no support for 32-bit ino_t when this macro is defined
- * (and non-zero).  There is no struct stat64 either, as the regular
- * struct stat will already be the 64-bit version.
- */
-
-
-
-
-/*
- * _DARWIN_FEATURE_ONLY_VERS_1050 indicates that only those APIs updated
- * in 10.5 exists; no pre-10.5 variants are available.
- */
-
-
-
-
-/*
- * _DARWIN_FEATURE_ONLY_UNIX_CONFORMANCE indicates only UNIX conforming API
- * are available (the legacy BSD APIs are not available)
- */
-
-
-
-
-/*
- * _DARWIN_FEATURE_UNIX_CONFORMANCE indicates whether UNIX conformance is on,
- * and specifies the conformance level (3 is SUSv3)
- */
-
-
-
-
-
-/*
- * This macro casts away the qualifier from the variable
- *
- * Note: use at your own risk, removing qualifiers can result in
- * catastrophic run-time failures.
- */
-
-
-
-
-/*
- * __XNU_PRIVATE_EXTERN is a linkage decoration indicating that a symbol can be
- * used from other compilation units, but not other libraries or executables.
- */
-
-
-
-
-
-
-
-/*
- * We intentionally define to nothing pointer attributes which do not have an
- * impact on the ABI. __indexable and __bidi_indexable are not defined because
- * of the ABI incompatibility that makes the diagnostic preferable.
- */
-
-
-
-
-
-
-
-/*
- * Similarly, we intentionally define to nothing the
- * __ptrcheck_abi_assume_single and __ptrcheck_abi_assume_unsafe_indexable
- * macros because they do not lead to an ABI incompatibility. However, we do not
- * define the indexable and unsafe_indexable ones because the diagnostic is
- * better than the silent ABI break.
- */
-
-
-
-/* __unsafe_forge intrinsics are defined as regular C casts. */
-
-
-
-/* decay operates normally; attribute is meaningless without pointer checks. */
-// # 831 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
-/*
- * Architecture validation for current SDK
- */
-// # 843 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
-/*
- * Check if __probable and __improbable have already been defined elsewhere.
- * These macros inform the compiler (and humans) about which branches are likely
- * to be taken.
- */
-// # 875 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
-/*
- * Similar to OS_ENUM/OS_CLOSED_ENUM/OS_OPTIONS/OS_CLOSED_OPTIONS
- *
- * This provides more advanced type checking on compilers supporting
- * the proper extensions, even in C.
- */
-// # 63 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 2 3 4
-
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/_types.h" 1 3 4
-/*
- * Copyright (c) 2004, 2008, 2009 Apple Inc. All rights reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- * 
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- * 
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- * 
- * @APPLE_LICENSE_HEADER_END@
- */
-
-
-
-
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types.h" 1 3 4
-/*
- * Copyright (c) 2003-2007 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-
-
-
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/machine/_types.h" 1 3 4
-/*
- * Copyright (c) 2003-2007 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-
-
-
-
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/_types.h" 1 3 4
-/*
- * Copyright (c) 2000-2007 Apple Inc. All rights reserved.
- */
-
-
-
-
-
-/*
- * This header file contains integer types.  It's intended to also contain
- * flotaing point and other arithmetic types, as needed, later.
- */
-
-
-typedef signed char __int8_t;
-
-
-
-typedef unsigned char __uint8_t;
-typedef short __int16_t;
-typedef unsigned short __uint16_t;
-typedef int __int32_t;
-typedef unsigned int __uint32_t;
-typedef long long __int64_t;
-typedef unsigned long long __uint64_t;
-
-typedef long __darwin_intptr_t;
-typedef unsigned int __darwin_natural_t;
-
-/*
- * The rune type below is declared to be an ``int'' instead of the more natural
- * ``unsigned long'' or ``long''.  Two things are happening here.  It is not
- * unsigned so that EOF (-1) can be naturally assigned to it and used.  Also,
- * it looks like 10646 will be a 31 bit standard.  This means that if your
- * ints cannot hold 32 bits, you will be in trouble.  The reason an int was
- * chosen over a long is that the is*() and to*() routines take ints (says
- * ANSI C), but they use __darwin_ct_rune_t instead of int.  By changing it
- * here, you lose a bit of ANSI conformance, but your programs will still
- * work.
- *
- * NOTE: rune_t is not covered by ANSI nor other standards, and should not
- * be instantiated outside of lib/libc/locale.  Use wchar_t.  wchar_t and
- * rune_t must be the same type.  Also wint_t must be no narrower than
- * wchar_t, and should also be able to hold all members of the largest
- * character set plus one extra value (WEOF). wint_t must be at least 16 bits.
- */
-
-typedef int __darwin_ct_rune_t; /* ct_rune_t */
-
-/*
- * mbstate_t is an opaque object to keep conversion state, during multibyte
- * stream conversions.  The content must not be referenced by user programs.
- */
-typedef union {
- char __mbstate8[128];
- long long _mbstateL; /* for alignment */
-} __mbstate_t;
-
-typedef __mbstate_t __darwin_mbstate_t; /* mbstate_t */
-
-
-typedef long int __darwin_ptrdiff_t; /* ptr1 - ptr2 */
-
-
-
-
-
-
-
-typedef unsigned long int __darwin_size_t; /* sizeof() */
-
-
-
-
-
-typedef __builtin_va_list __darwin_va_list; /* va_list */
-
-
-
-
-
-typedef int __darwin_wchar_t; /* wchar_t */
-
-
-
-
-typedef __darwin_wchar_t __darwin_rune_t; /* rune_t */
-
-
-typedef int __darwin_wint_t; /* wint_t */
-
-
-
-
-typedef unsigned long __darwin_clock_t; /* clock() */
-typedef __uint32_t __darwin_socklen_t; /* socklen_t (duh) */
-typedef long __darwin_ssize_t; /* byte count or error */
-typedef long __darwin_time_t; /* time() */
-// # 35 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/machine/_types.h" 2 3 4
-// # 34 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types.h" 2 3 4
-
-/*
- * Type definitions; takes common type definitions that must be used
- * in multiple header files due to [XSI], removes them from the system
- * space, and puts them in the implementation space.
- */
-// # 55 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types.h" 3 4
-typedef __int64_t __darwin_blkcnt_t; /* total blocks */
-typedef __int32_t __darwin_blksize_t; /* preferred block size */
-typedef __int32_t __darwin_dev_t; /* dev_t */
-typedef unsigned int __darwin_fsblkcnt_t; /* Used by statvfs and fstatvfs */
-typedef unsigned int __darwin_fsfilcnt_t; /* Used by statvfs and fstatvfs */
-typedef __uint32_t __darwin_gid_t; /* [???] process and group IDs */
-typedef __uint32_t __darwin_id_t; /* [XSI] pid_t, uid_t, or gid_t*/
-typedef __uint64_t __darwin_ino64_t; /* [???] Used for 64 bit inodes */
-
-
-
-typedef __uint32_t __darwin_ino_t; /* [???] Used for inodes */
-
-typedef __darwin_natural_t __darwin_mach_port_name_t; /* Used by mach */
-typedef __darwin_mach_port_name_t __darwin_mach_port_t; /* Used by mach */
-typedef __uint16_t __darwin_mode_t; /* [???] Some file attributes */
-typedef __int64_t __darwin_off_t; /* [???] Used for file sizes */
-typedef __int32_t __darwin_pid_t; /* [???] process and group IDs */
-typedef __uint32_t __darwin_sigset_t; /* [???] signal set */
-typedef __int32_t __darwin_suseconds_t; /* [???] microseconds */
-typedef __uint32_t __darwin_uid_t; /* [???] user IDs */
-typedef __uint32_t __darwin_useconds_t; /* [???] microseconds */
-
-
-
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_pthread/_pthread_types.h" 1 3 4
-/*
- * Copyright (c) 2003-2013 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-
-
-
-
-// pthread opaque structures
-// # 57 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_pthread/_pthread_types.h" 3 4
-struct __darwin_pthread_handler_rec {
- void (*__routine)(void *); // Routine to call
- void *__arg; // Argument to pass
- struct __darwin_pthread_handler_rec *__next;
-};
-
-struct _opaque_pthread_attr_t {
- long __sig;
- char __opaque[56];
-};
-
-struct _opaque_pthread_cond_t {
- long __sig;
- char __opaque[40];
-};
-
-struct _opaque_pthread_condattr_t {
- long __sig;
- char __opaque[8];
-};
-
-struct _opaque_pthread_mutex_t {
- long __sig;
- char __opaque[56];
-};
-
-struct _opaque_pthread_mutexattr_t {
- long __sig;
- char __opaque[8];
-};
-
-struct _opaque_pthread_once_t {
- long __sig;
- char __opaque[8];
-};
-
-struct _opaque_pthread_rwlock_t {
- long __sig;
- char __opaque[192];
-};
-
-struct _opaque_pthread_rwlockattr_t {
- long __sig;
- char __opaque[16];
-};
-
-struct _opaque_pthread_t {
- long __sig;
- struct __darwin_pthread_handler_rec *__cleanup_stack;
- char __opaque[8176];
-};
-
-typedef struct _opaque_pthread_attr_t __darwin_pthread_attr_t;
-typedef struct _opaque_pthread_cond_t __darwin_pthread_cond_t;
-typedef struct _opaque_pthread_condattr_t __darwin_pthread_condattr_t;
-typedef unsigned long __darwin_pthread_key_t;
-typedef struct _opaque_pthread_mutex_t __darwin_pthread_mutex_t;
-typedef struct _opaque_pthread_mutexattr_t __darwin_pthread_mutexattr_t;
-typedef struct _opaque_pthread_once_t __darwin_pthread_once_t;
-typedef struct _opaque_pthread_rwlock_t __darwin_pthread_rwlock_t;
-typedef struct _opaque_pthread_rwlockattr_t __darwin_pthread_rwlockattr_t;
-typedef struct _opaque_pthread_t *__darwin_pthread_t;
-// # 81 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types.h" 2 3 4
-// # 28 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/_types.h" 2 3 4
-// # 40 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/_types.h" 3 4
-typedef int __darwin_nl_item;
-typedef int __darwin_wctrans_t;
-
-typedef __uint32_t __darwin_wctype_t;
-// # 65 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 2 3 4
-
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/wait.h" 1 3 4
-/*
- * Copyright (c) 2000 Apple Computer, Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-/* Copyright (c) 1995 NeXT Computer, Inc. All Rights Reserved */
-/*
- * Copyright (c) 1982, 1986, 1989, 1993, 1994
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)wait.h	8.2 (Berkeley) 7/10/94
- */
-
-
-
-
-
-
-
-/*
- * This file holds definitions relevent to the wait4 system call
- * and the alternate interfaces that use it (wait, wait3, waitpid).
- */
-
-/*
- * [XSI] The type idtype_t shall be defined as an enumeration type whose
- * possible values shall include at least P_ALL, P_PID, and P_PGID.
- */
-typedef enum {
- P_ALL,
- P_PID,
- P_PGID
-} idtype_t;
-
-/*
- * [XSI] The id_t and pid_t types shall be defined as described
- * in 
- */
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_pid_t.h" 1 3 4
-/*
- * Copyright (c) 2003-2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-
-typedef __darwin_pid_t pid_t;
-// # 90 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/wait.h" 2 3 4
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_id_t.h" 1 3 4
-/*
- * Copyright (c) 2003-2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-
-typedef __darwin_id_t id_t; /* can hold pid_t, gid_t, or uid_t */
-// # 91 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/wait.h" 2 3 4
-
-/*
- * [XSI] The siginfo_t type shall be defined as described in 
- * [XSI] The rusage structure shall be defined as described in 
- * [XSI] Inclusion of the  header may also make visible all
- * symbols from  and 
- *
- * NOTE:	This requirement is currently being satisfied by the direct
- *		inclusion of  and , below.
- *
- *		Software should not depend on the exposure of anything other
- *		than the types siginfo_t and struct rusage as a result of
- *		this inclusion.  If you depend on any types or manifest
- *		values othe than siginfo_t and struct rusage from either of
- *		those files, you should explicitly include them yourself, as
- *		well, or in future releases your stware may not compile
- *		without modification.
- */
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 1 3 4
-/*
- * Copyright (c) 2000-2006 Apple Computer, Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-/* Copyright (c) 1995 NeXT Computer, Inc. All Rights Reserved */
-/*
- * Copyright (c) 1982, 1986, 1989, 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- * (c) UNIX System Laboratories, Inc.
- * All or some portions of this file are derived from material licensed
- * to the University of California by American Telephone and Telegraph
- * Co. or Unix System Laboratories, Inc. and are reproduced herein with
- * the permission of UNIX System Laboratories, Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)signal.h	8.2 (Berkeley) 1/21/94
- */
-
-
-
-
-
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/appleapiopts.h" 1 3 4
-/*
- * Copyright (c) 2002 Apple Computer, Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-// # 74 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 2 3 4
-
-
-
-
-
-
-
-
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/machine/signal.h" 1 3 4
-/*
- * Copyright (c) 2000-2007 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-
-
-
-
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/signal.h" 1 3 4
-/*
- * Copyright (c) 2000-2009 Apple, Inc. All rights reserved.
- */
-/*
- * Copyright (c) 1992 NeXT Computer, Inc.
- *
- */
-// # 17 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/signal.h" 3 4
-typedef int sig_atomic_t;
-// # 35 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/machine/signal.h" 2 3 4
-// # 83 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 2 3 4
-// # 136 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 3 4
-/* DO NOT REMOVE THE COMMENTED OUT int: fixincludes needs to see them */
-// # 146 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 3 4
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/machine/_mcontext.h" 1 3 4
-/*
- * Copyright (c) 2003-2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-
-
-
-
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/_mcontext.h" 1 3 4
-/*
- * Copyright (c) 2003-2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-// # 36 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/_mcontext.h" 3 4
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/machine/_structs.h" 1 3 4
-/*
- * Copyright (c) 2017 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-
-
-
-
-
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 1 3 4
-/*
- * Copyright (c) 2004-2007 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-/*
- * @OSF_COPYRIGHT@
- */
-
-
-
-
-
-
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/machine/types.h" 1 3 4
-/*
- * Copyright (c) 2000-2007 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-/*
- * Copyright 1995 NeXT Computer, Inc. All rights reserved.
- */
-
-
-
-
-
-
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/types.h" 1 3 4
-/*
- * Copyright (c) 2000-2008 Apple Inc. All rights reserved.
- */
-/*
- * Copyright 1995 NeXT Computer, Inc. All rights reserved.
- */
-/*
- * Copyright (c) 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)types.h	8.3 (Berkeley) 1/5/94
- */
-// # 51 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/types.h" 3 4
-/*
- * Basic integral types.  Omit the typedef if
- * not possible for a machine/compiler combination.
- */
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_int8_t.h" 1 3 4
-/*
- * Copyright (c) 2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-typedef signed char int8_t;
-// # 56 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/types.h" 2 3 4
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_int16_t.h" 1 3 4
-/*
- * Copyright (c) 2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-typedef short int16_t;
-// # 57 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/types.h" 2 3 4
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_int32_t.h" 1 3 4
-/*
- * Copyright (c) 2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-typedef int int32_t;
-// # 58 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/types.h" 2 3 4
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_int64_t.h" 1 3 4
-/*
- * Copyright (c) 2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-typedef long long int64_t;
-// # 59 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/types.h" 2 3 4
-
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_u_int8_t.h" 1 3 4
-/*
- * Copyright (c) 2016 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-typedef unsigned char u_int8_t;
-// # 61 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/types.h" 2 3 4
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_u_int16_t.h" 1 3 4
-/*
- * Copyright (c) 2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-typedef unsigned short u_int16_t;
-// # 62 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/types.h" 2 3 4
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_u_int32_t.h" 1 3 4
-/*
- * Copyright (c) 2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-typedef unsigned int u_int32_t;
-// # 63 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/types.h" 2 3 4
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_u_int64_t.h" 1 3 4
-/*
- * Copyright (c) 2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-typedef unsigned long long u_int64_t;
-// # 64 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/types.h" 2 3 4
-
-
-typedef int64_t register_t;
-
-
-
-
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_intptr_t.h" 1 3 4
-/*
- * Copyright (c) 2003-2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/machine/types.h" 1 3 4
-/*
- * Copyright (c) 2000-2007 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-/*
- * Copyright 1995 NeXT Computer, Inc. All rights reserved.
- */
-// # 31 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_intptr_t.h" 2 3 4
-
-typedef __darwin_intptr_t intptr_t;
-// # 72 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/types.h" 2 3 4
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_uintptr_t.h" 1 3 4
-/*
- * Copyright (c) 2003-2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-
-
-
-
-typedef unsigned long uintptr_t;
-// # 73 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/types.h" 2 3 4
-
-
-/* These types are used for reserving the largest possible size. */
-
-typedef u_int64_t user_addr_t;
-typedef u_int64_t user_size_t;
-typedef int64_t user_ssize_t;
-typedef int64_t user_long_t;
-typedef u_int64_t user_ulong_t;
-typedef int64_t user_time_t;
-typedef int64_t user_off_t;
-// # 100 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/types.h" 3 4
-/* This defines the size of syscall arguments after copying into the kernel: */
-
-
-
-typedef u_int64_t syscall_arg_t;
-// # 38 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/machine/types.h" 2 3 4
-// # 38 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 2 3 4
-// # 49 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
-struct arm_exception_state
-{
- __uint32_t exception; /* number of arm exception taken */
- __uint32_t fsr; /* Fault status */
- __uint32_t far; /* Virtual Fault Address */
-};
-// # 67 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
-struct arm_exception_state64
-{
- __uint64_t far; /* Virtual Fault Address */
- __uint32_t esr; /* Exception syndrome */
- __uint32_t exception; /* number of arm exception taken */
-};
-// # 87 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
-struct arm_thread_state
-{
- __uint32_t r[13]; /* General purpose register r0-r12 */
- __uint32_t sp; /* Stack pointer r13 */
- __uint32_t lr; /* Link register r14 */
- __uint32_t pc; /* Program counter r15 */
- __uint32_t cpsr; /* Current program status register */
-};
-
-
-
-/*
- * By default, the pointer fields in the arm_thread_state64_t structure are
- * opaque on the arm64e architecture and require the use of accessor macros.
- * This mode can also be enabled on the arm64 architecture by building with
- * -D__DARWIN_OPAQUE_ARM_THREAD_STATE64=1.
- */
-// # 161 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
-struct arm_thread_state64
-{
- __uint64_t x[29]; /* General purpose registers x0-x28 */
- __uint64_t fp; /* Frame pointer x29 */
- __uint64_t lr; /* Link register x30 */
- __uint64_t sp; /* Stack pointer x31 */
- __uint64_t pc; /* Program counter */
- __uint32_t cpsr; /* Current program status register */
- __uint32_t __pad; /* Same size for 32-bit or 64-bit clients */
-};
-
-
-
-
-
-/* Accessor macros for arm_thread_state64_t pointer fields */
-// # 391 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
-/* Return pc field of arm_thread_state64_t as a data pointer value */
-
-
-/* Return pc field of arm_thread_state64_t as a function pointer */
-
-
-/* Set pc field of arm_thread_state64_t to a function pointer */
-
-
-/* Return lr field of arm_thread_state64_t as a data pointer value */
-
-
-/* Return lr field of arm_thread_state64_t as a function pointer */
-
-
-/* Set lr field of arm_thread_state64_t to a function pointer */
-
-
-/* Return sp field of arm_thread_state64_t as a data pointer value */
-
-
-/* Set sp field of arm_thread_state64_t to a data pointer value */
-
-
-/* Return fp field of arm_thread_state64_t as a data pointer value */
-
-
-/* Set fp field of arm_thread_state64_t to a data pointer value */
-
-
-/* Strip ptr auth bits from pc, lr, sp and fp field of arm_thread_state64_t */
-// # 440 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
-struct arm_vfp_state
-{
- __uint32_t r[64];
- __uint32_t fpscr;
-};
-// # 488 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
-struct arm_neon_state64
-{
- __uint128_t q[32];
- uint32_t fpsr;
- uint32_t fpcr;
-};
-
-struct arm_neon_state
-{
- __uint128_t q[16];
- uint32_t fpsr;
- uint32_t fpcr;
-};
-// # 523 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
-struct __arm_pagein_state
-{
- int __pagein_error;
-};
-
-/*
- * Debug State
- */
-// # 556 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
-/* ARM's arm_debug_state is ARM64's arm_legacy_debug_state */
-// # 569 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
-struct arm_legacy_debug_state
-{
- __uint32_t bvr[16];
- __uint32_t bcr[16];
- __uint32_t wvr[16];
- __uint32_t wcr[16];
-};
-// # 603 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
-struct arm_debug_state32
-{
- __uint32_t bvr[16];
- __uint32_t bcr[16];
- __uint32_t wvr[16];
- __uint32_t wcr[16];
- __uint64_t mdscr_el1; /* Bit 0 is SS (Hardware Single Step) */
-};
-
-
-struct arm_debug_state64
-{
- __uint64_t bvr[16];
- __uint64_t bcr[16];
- __uint64_t wvr[16];
- __uint64_t wcr[16];
- __uint64_t mdscr_el1; /* Bit 0 is SS (Hardware Single Step) */
-};
-// # 631 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/arm/_structs.h" 3 4
-struct arm_cpmu_state64
-{
- __uint64_t ctrs[16];
-};
-// # 36 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/mach/machine/_structs.h" 2 3 4
-// # 37 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/_mcontext.h" 2 3 4
-// # 50 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/_mcontext.h" 3 4
-struct mcontext32
-{
- struct arm_exception_state es;
- struct arm_thread_state ss;
- struct arm_vfp_state fs;
-};
-// # 73 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/_mcontext.h" 3 4
-struct mcontext64
-{
- struct arm_exception_state64 es;
- struct arm_thread_state64 ss;
- struct arm_neon_state64 ns;
-};
-
-
-
-
-
-
-typedef struct mcontext64 *mcontext_t;
-// # 35 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/machine/_mcontext.h" 2 3 4
-// # 147 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 2 3 4
-
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_pthread/_pthread_attr_t.h" 1 3 4
-/*
- * Copyright (c) 2003-2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-
-typedef __darwin_pthread_attr_t pthread_attr_t;
-// # 149 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 2 3 4
-
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_sigaltstack.h" 1 3 4
-/*
- * Copyright (c) 2003-2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-/* Structure used in sigaltstack call. */
-// # 42 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_sigaltstack.h" 3 4
-struct sigaltstack
-{
- void *ss_sp; /* signal stack base */
- __darwin_size_t ss_size; /* signal stack length */
- int ss_flags; /* SA_DISABLE and/or SA_ONSTACK */
-};
-typedef struct sigaltstack stack_t; /* [???] signal stack */
-// # 151 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 2 3 4
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_ucontext.h" 1 3 4
-/*
- * Copyright (c) 2003-2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-// # 43 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_ucontext.h" 3 4
-struct ucontext
-{
- int uc_onstack;
- __darwin_sigset_t uc_sigmask; /* signal mask used by this context */
- struct sigaltstack uc_stack; /* stack used by this context */
- struct ucontext *uc_link; /* pointer to resuming context */
- __darwin_size_t uc_mcsize; /* size of the machine context passed in */
- struct mcontext64 *uc_mcontext; /* pointer to machine specific context */
-
-
-
-};
-
-/* user context */
-typedef struct ucontext ucontext_t; /* [???] user context */
-// # 152 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 2 3 4
-
-
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_sigset_t.h" 1 3 4
-/*
- * Copyright (c) 2003-2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-
-typedef __darwin_sigset_t sigset_t;
-// # 155 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 2 3 4
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_size_t.h" 1 3 4
-/*
- * Copyright (c) 2003-2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-
-typedef __darwin_size_t size_t;
-// # 156 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 2 3 4
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_uid_t.h" 1 3 4
-/*
- * Copyright (c) 2003-2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-
-typedef __darwin_uid_t uid_t;
-// # 157 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 2 3 4
-
-union sigval {
- /* Members as suggested by Annex C of POSIX 1003.1b. */
- int sival_int;
- void *sival_ptr;
-};
-
-
-
-
-
-struct sigevent {
- int sigev_notify; /* Notification type */
- int sigev_signo; /* Signal number */
- union sigval sigev_value; /* Signal value */
- void (*sigev_notify_function)(union sigval); /* Notification function */
- pthread_attr_t *sigev_notify_attributes; /* Notification attributes */
-};
-
-
-typedef struct __siginfo {
- int si_signo; /* signal number */
- int si_errno; /* errno association */
- int si_code; /* signal code */
- pid_t si_pid; /* sending process */
- uid_t si_uid; /* sender's ruid */
- int si_status; /* exit value */
- void *si_addr; /* faulting instruction */
- union sigval si_value; /* signal value */
- long si_band; /* band event for SIGPOLL */
- unsigned long __pad[7]; /* Reserved for Future Use */
-} siginfo_t;
-
-
-/*
- * When the signal is SIGILL or SIGFPE, si_addr contains the address of
- * the faulting instruction.
- * When the signal is SIGSEGV or SIGBUS, si_addr contains the address of
- * the faulting memory reference. Although for x86 there are cases of SIGSEGV
- * for which si_addr cannot be determined and is NULL.
- * If the signal is SIGCHLD, the si_pid field will contain the child process ID,
- *  si_status contains the exit value or signal and
- *  si_uid contains the real user ID of the process that sent the signal.
- */
-
-/* Values for si_code */
-
-/* Codes for SIGILL */
-// # 217 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 3 4
-/* Codes for SIGFPE */
-// # 230 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 3 4
-/* Codes for SIGSEGV */
-
-
-
-
-
-
-/* Codes for SIGBUS */
-
-
-
-
-
-
-
-/* Codes for SIGTRAP */
-
-
-
-/* Codes for SIGCHLD */
-// # 260 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 3 4
-/* Codes for SIGPOLL */
-
-
-
-
-
-
-
-/* union for signal handlers */
-union __sigaction_u {
- void (*__sa_handler)(int);
- void (*__sa_sigaction)(int, struct __siginfo *,
-     void *);
-};
-
-/* Signal vector template for Kernel user boundary */
-struct __sigaction {
- union __sigaction_u __sigaction_u; /* signal handler */
- void (*sa_tramp)(void *, int, int, siginfo_t *, void *);
- sigset_t sa_mask; /* signal mask to apply */
- int sa_flags; /* see signal options below */
-};
-
-/*
- * Signal vector "template" used in sigaction call.
- */
-struct sigaction {
- union __sigaction_u __sigaction_u; /* signal handler */
- sigset_t sa_mask; /* signal mask to apply */
- int sa_flags; /* see signal options below */
-};
-
-
-
-/* if SA_SIGINFO is set, sa_sigaction is to be used instead of sa_handler. */
-// # 307 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 3 4
-/* This will provide 64bit register set in a 32bit user address space */
-
-
-
-/* the following are the only bits we support from user space, the
- * rest are for kernel use only.
- */
-
-
-/*
- * Flags for sigprocmask:
- */
-
-
-
-
-/* POSIX 1003.1b required values. */
-
-
-
-
-
-
-
-typedef void (*sig_t)(int); /* type of signal function */
-
-
-/*
- * Structure used in sigaltstack call.
- */
-
-
-
-
-
-
-
-/*
- * 4.3 compatibility:
- * Signal vector "template" used in sigvec call.
- */
-struct sigvec {
- void (*sv_handler)(int); /* signal handler */
- int sv_mask; /* signal mask to apply */
- int sv_flags; /* see signal options below */
-};
-// # 364 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 3 4
-/*
- * Structure used in sigstack call.
- */
-struct sigstack {
- char *ss_sp; /* signal stack pointer */
- int ss_onstack; /* current status */
-};
-
-
-/*
- * Macro for converting signal number to a mask suitable for
- * sigblock().
- */
-// # 385 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/signal.h" 3 4
-/*
- * For historical reasons; programs expect signal's return value to be
- * defined by .
- */
-
-    void(*signal(int, void (*)(int)))(int);
-// # 110 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/wait.h" 2 3 4
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/resource.h" 1 3 4
-/*
- * Copyright (c) 2000-2018 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-/* Copyright (c) 1995 NeXT Computer, Inc. All Rights Reserved */
-/*
- * Copyright (c) 1982, 1986, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)resource.h	8.2 (Berkeley) 1/4/94
- */
-// # 72 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/resource.h" 3 4
-// # 1 "/Library/Developer/CommandLineTools/usr/lib/clang/14.0.0/include/stdint.h" 1 3 4
-/*===---- stdint.h - Standard header for sized integer types --------------===*\
- *
- * Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
- * See https://llvm.org/LICENSE.txt for license information.
- * SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
- *
-\*===----------------------------------------------------------------------===*/
-
-
-// AIX system headers need stdint.h to be re-enterable while _STD_TYPES_T
-// is defined until an inclusion of it without _STD_TYPES_T occurs, in which
-// case the header guard macro is defined.
-
-
-
-
-/* If we're hosted, fall back to the system's stdint.h, which might have
- * additional definitions.
- */
-
-
-// C99 7.18.3 Limits of other integer types
-//
-//  Footnote 219, 220: C++ implementations should define these macros only when
-//  __STDC_LIMIT_MACROS is defined before  is included.
-//
-//  Footnote 222: C++ implementations should define these macros only when
-//  __STDC_CONSTANT_MACROS is defined before  is included.
-//
-// C++11 [cstdint.syn]p2:
-//
-//  The macros defined by  are provided unconditionally. In particular,
-//  the symbols __STDC_LIMIT_MACROS and __STDC_CONSTANT_MACROS (mentioned in
-//  footnotes 219, 220, and 222 in the C standard) play no role in C++.
-//
-// C11 removed the problematic footnotes.
-//
-// Work around this inconsistency by always defining those macros in C++ mode,
-// so that a C library implementation which follows the C99 standard can be
-// used in C++.
-// # 52 "/Library/Developer/CommandLineTools/usr/lib/clang/14.0.0/include/stdint.h" 3 4
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdint.h" 1 3 4
-/*
- * Copyright (c) 2000-2010 Apple Inc.
- * All rights reserved.
- */
-// # 15 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdint.h" 3 4
-/* from ISO/IEC 988:1999 spec */
-
-/* 7.18.1.1 Exact-width integer types */
-
-
-
-
-
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/_types/_uint8_t.h" 1 3 4
-/*
- * Copyright (c) 2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- * 
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- * 
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- * 
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- * 
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-
-typedef unsigned char uint8_t;
-// # 24 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdint.h" 2 3 4
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/_types/_uint16_t.h" 1 3 4
-/*
- * Copyright (c) 2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- * 
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- * 
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- * 
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- * 
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-
-typedef unsigned short uint16_t;
-// # 25 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdint.h" 2 3 4
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/_types/_uint32_t.h" 1 3 4
-/*
- * Copyright (c) 2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- * 
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- * 
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- * 
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- * 
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-
-typedef unsigned int uint32_t;
-// # 26 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdint.h" 2 3 4
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/_types/_uint64_t.h" 1 3 4
-/*
- * Copyright (c) 2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- * 
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- * 
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- * 
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- * 
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-
-typedef unsigned long long uint64_t;
-// # 27 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdint.h" 2 3 4
-
-/* 7.18.1.2 Minimum-width integer types */
-typedef int8_t int_least8_t;
-typedef int16_t int_least16_t;
-typedef int32_t int_least32_t;
-typedef int64_t int_least64_t;
-typedef uint8_t uint_least8_t;
-typedef uint16_t uint_least16_t;
-typedef uint32_t uint_least32_t;
-typedef uint64_t uint_least64_t;
-
-
-/* 7.18.1.3 Fastest-width integer types */
-typedef int8_t int_fast8_t;
-typedef int16_t int_fast16_t;
-typedef int32_t int_fast32_t;
-typedef int64_t int_fast64_t;
-typedef uint8_t uint_fast8_t;
-typedef uint16_t uint_fast16_t;
-typedef uint32_t uint_fast32_t;
-typedef uint64_t uint_fast64_t;
-
-
-/* 7.18.1.4 Integer types capable of holding object pointers */
-
-
-
-
-
-
-/* 7.18.1.5 Greatest-width integer types */
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/_types/_intmax_t.h" 1 3 4
-/*
- * Copyright (c) 2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- * 
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- * 
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- * 
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- * 
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-
-
-typedef long int intmax_t;
-// # 59 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdint.h" 2 3 4
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/_types/_uintmax_t.h" 1 3 4
-/*
- * Copyright (c) 2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- * 
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- * 
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- * 
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- * 
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-
-
-typedef unsigned long int uintmax_t;
-// # 60 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdint.h" 2 3 4
-
-/* 7.18.4 Macros for integer constants */
-// # 80 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdint.h" 3 4
-/* 7.18.2 Limits of specified-width integer types:
- *   These #defines specify the minimum and maximum limits
- *   of each of the types declared above.
- *
- *   They must have "the same type as would an expression that is an
- *   object of the corresponding type converted according to the integer
- *   promotion".
- */
-
-
-/* 7.18.2.1 Limits of exact-width integer types */
-
-
-
-
-
-
-
-   /*
-      Note:  the literal "most negative int" cannot be written in C --
-      the rules in the standard (section 6.4.4.1 in C99) will give it
-      an unsigned type, so INT32_MIN (and the most negative member of
-      any larger signed type) must be written via a constant expression.
-   */
-// # 112 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdint.h" 3 4
-/* 7.18.2.2 Limits of minimum-width integer types */
-// # 128 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdint.h" 3 4
-/* 7.18.2.3 Limits of fastest minimum-width integer types */
-// # 144 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdint.h" 3 4
-/* 7.18.2.4 Limits of integer types capable of holding object pointers */
-// # 159 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdint.h" 3 4
-/* 7.18.2.5 Limits of greatest-width integer types */
-
-
-
-
-/* 7.18.3 "Other" */
-// # 187 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdint.h" 3 4
-/* WCHAR_MIN should be 0 if wchar_t is an unsigned type and
-   (-WCHAR_MAX-1) if wchar_t is a signed type.  Unfortunately,
-   it turns out that -fshort-wchar changes the signedness of
-   the type. */
-// # 53 "/Library/Developer/CommandLineTools/usr/lib/clang/14.0.0/include/stdint.h" 2 3 4
-// # 73 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/resource.h" 2 3 4
-
-
-
-
-/* [XSI] The timeval structure shall be defined as described in
- * 
- */
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_timeval.h" 1 3 4
-/*
- * Copyright (c) 2003-2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-
-
-
-
-struct timeval
-{
- __darwin_time_t tv_sec; /* seconds */
- __darwin_suseconds_t tv_usec; /* and microseconds */
-};
-// # 81 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/resource.h" 2 3 4
-
-/* The id_t type shall be defined as described in  */
-
-
-
-/*
- * Resource limit type (low 63 bits, excluding the sign bit)
- */
-typedef __uint64_t rlim_t;
-
-
-/*****
- * PRIORITY
- */
-
-/*
- * Possible values of the first parameter to getpriority()/setpriority(),
- * used to indicate the type of the second parameter.
- */
-// # 109 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/resource.h" 3 4
-/*
- * Range limitations for the value of the third parameter to setpriority().
- */
-
-
-
-/*
- * use PRIO_DARWIN_BG to set the current thread into "background" state
- * which lowers CPU, disk IO, and networking priorites until thread terminates
- * or "background" state is revoked
- */
-
-
-/*
- * use PRIO_DARWIN_NONUI to restrict a process's ability to make calls to
- * the GPU. (deprecated)
- */
-
-
-
-
-
-
-/*****
- * RESOURCE USAGE
- */
-
-/*
- * Possible values of the first parameter to getrusage(), used to indicate
- * the scope of the information to be returned.
- */
-
-
-
-/*
- * A structure representing an accounting of resource utilization.  The
- * address of an instance of this structure is the second parameter to
- * getrusage().
- *
- * Note: All values other than ru_utime and ru_stime are implementaiton
- *       defined and subject to change in a future release.  Their use
- *       is discouraged for standards compliant programs.
- */
-struct rusage {
- struct timeval ru_utime; /* user time used (PL) */
- struct timeval ru_stime; /* system time used (PL) */
-
-
-
- /*
-	 * Informational aliases for source compatibility with programs
-	 * that need more information than that provided by standards,
-	 * and which do not mind being OS-dependent.
-	 */
- long ru_maxrss; /* max resident set size (PL) */
-
- long ru_ixrss; /* integral shared memory size (NU) */
- long ru_idrss; /* integral unshared data (NU)  */
- long ru_isrss; /* integral unshared stack (NU) */
- long ru_minflt; /* page reclaims (NU) */
- long ru_majflt; /* page faults (NU) */
- long ru_nswap; /* swaps (NU) */
- long ru_inblock; /* block input operations (atomic) */
- long ru_oublock; /* block output operations (atomic) */
- long ru_msgsnd; /* messages sent (atomic) */
- long ru_msgrcv; /* messages received (atomic) */
- long ru_nsignals; /* signals received (atomic) */
- long ru_nvcsw; /* voluntary context switches (atomic) */
- long ru_nivcsw; /* involuntary " */
-
-
-};
-
-
-/*
- * Flavors for proc_pid_rusage().
- */
-// # 194 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/resource.h" 3 4
-/*
- * Flags for RUSAGE_INFO_V5
- */
-
-
-typedef void *rusage_info_t;
-
-struct rusage_info_v0 {
- uint8_t ri_uuid[16];
- uint64_t ri_user_time;
- uint64_t ri_system_time;
- uint64_t ri_pkg_idle_wkups;
- uint64_t ri_interrupt_wkups;
- uint64_t ri_pageins;
- uint64_t ri_wired_size;
- uint64_t ri_resident_size;
- uint64_t ri_phys_footprint;
- uint64_t ri_proc_start_abstime;
- uint64_t ri_proc_exit_abstime;
-};
-
-struct rusage_info_v1 {
- uint8_t ri_uuid[16];
- uint64_t ri_user_time;
- uint64_t ri_system_time;
- uint64_t ri_pkg_idle_wkups;
- uint64_t ri_interrupt_wkups;
- uint64_t ri_pageins;
- uint64_t ri_wired_size;
- uint64_t ri_resident_size;
- uint64_t ri_phys_footprint;
- uint64_t ri_proc_start_abstime;
- uint64_t ri_proc_exit_abstime;
- uint64_t ri_child_user_time;
- uint64_t ri_child_system_time;
- uint64_t ri_child_pkg_idle_wkups;
- uint64_t ri_child_interrupt_wkups;
- uint64_t ri_child_pageins;
- uint64_t ri_child_elapsed_abstime;
-};
-
-struct rusage_info_v2 {
- uint8_t ri_uuid[16];
- uint64_t ri_user_time;
- uint64_t ri_system_time;
- uint64_t ri_pkg_idle_wkups;
- uint64_t ri_interrupt_wkups;
- uint64_t ri_pageins;
- uint64_t ri_wired_size;
- uint64_t ri_resident_size;
- uint64_t ri_phys_footprint;
- uint64_t ri_proc_start_abstime;
- uint64_t ri_proc_exit_abstime;
- uint64_t ri_child_user_time;
- uint64_t ri_child_system_time;
- uint64_t ri_child_pkg_idle_wkups;
- uint64_t ri_child_interrupt_wkups;
- uint64_t ri_child_pageins;
- uint64_t ri_child_elapsed_abstime;
- uint64_t ri_diskio_bytesread;
- uint64_t ri_diskio_byteswritten;
-};
-
-struct rusage_info_v3 {
- uint8_t ri_uuid[16];
- uint64_t ri_user_time;
- uint64_t ri_system_time;
- uint64_t ri_pkg_idle_wkups;
- uint64_t ri_interrupt_wkups;
- uint64_t ri_pageins;
- uint64_t ri_wired_size;
- uint64_t ri_resident_size;
- uint64_t ri_phys_footprint;
- uint64_t ri_proc_start_abstime;
- uint64_t ri_proc_exit_abstime;
- uint64_t ri_child_user_time;
- uint64_t ri_child_system_time;
- uint64_t ri_child_pkg_idle_wkups;
- uint64_t ri_child_interrupt_wkups;
- uint64_t ri_child_pageins;
- uint64_t ri_child_elapsed_abstime;
- uint64_t ri_diskio_bytesread;
- uint64_t ri_diskio_byteswritten;
- uint64_t ri_cpu_time_qos_default;
- uint64_t ri_cpu_time_qos_maintenance;
- uint64_t ri_cpu_time_qos_background;
- uint64_t ri_cpu_time_qos_utility;
- uint64_t ri_cpu_time_qos_legacy;
- uint64_t ri_cpu_time_qos_user_initiated;
- uint64_t ri_cpu_time_qos_user_interactive;
- uint64_t ri_billed_system_time;
- uint64_t ri_serviced_system_time;
-};
-
-struct rusage_info_v4 {
- uint8_t ri_uuid[16];
- uint64_t ri_user_time;
- uint64_t ri_system_time;
- uint64_t ri_pkg_idle_wkups;
- uint64_t ri_interrupt_wkups;
- uint64_t ri_pageins;
- uint64_t ri_wired_size;
- uint64_t ri_resident_size;
- uint64_t ri_phys_footprint;
- uint64_t ri_proc_start_abstime;
- uint64_t ri_proc_exit_abstime;
- uint64_t ri_child_user_time;
- uint64_t ri_child_system_time;
- uint64_t ri_child_pkg_idle_wkups;
- uint64_t ri_child_interrupt_wkups;
- uint64_t ri_child_pageins;
- uint64_t ri_child_elapsed_abstime;
- uint64_t ri_diskio_bytesread;
- uint64_t ri_diskio_byteswritten;
- uint64_t ri_cpu_time_qos_default;
- uint64_t ri_cpu_time_qos_maintenance;
- uint64_t ri_cpu_time_qos_background;
- uint64_t ri_cpu_time_qos_utility;
- uint64_t ri_cpu_time_qos_legacy;
- uint64_t ri_cpu_time_qos_user_initiated;
- uint64_t ri_cpu_time_qos_user_interactive;
- uint64_t ri_billed_system_time;
- uint64_t ri_serviced_system_time;
- uint64_t ri_logical_writes;
- uint64_t ri_lifetime_max_phys_footprint;
- uint64_t ri_instructions;
- uint64_t ri_cycles;
- uint64_t ri_billed_energy;
- uint64_t ri_serviced_energy;
- uint64_t ri_interval_max_phys_footprint;
- uint64_t ri_runnable_time;
-};
-
-struct rusage_info_v5 {
- uint8_t ri_uuid[16];
- uint64_t ri_user_time;
- uint64_t ri_system_time;
- uint64_t ri_pkg_idle_wkups;
- uint64_t ri_interrupt_wkups;
- uint64_t ri_pageins;
- uint64_t ri_wired_size;
- uint64_t ri_resident_size;
- uint64_t ri_phys_footprint;
- uint64_t ri_proc_start_abstime;
- uint64_t ri_proc_exit_abstime;
- uint64_t ri_child_user_time;
- uint64_t ri_child_system_time;
- uint64_t ri_child_pkg_idle_wkups;
- uint64_t ri_child_interrupt_wkups;
- uint64_t ri_child_pageins;
- uint64_t ri_child_elapsed_abstime;
- uint64_t ri_diskio_bytesread;
- uint64_t ri_diskio_byteswritten;
- uint64_t ri_cpu_time_qos_default;
- uint64_t ri_cpu_time_qos_maintenance;
- uint64_t ri_cpu_time_qos_background;
- uint64_t ri_cpu_time_qos_utility;
- uint64_t ri_cpu_time_qos_legacy;
- uint64_t ri_cpu_time_qos_user_initiated;
- uint64_t ri_cpu_time_qos_user_interactive;
- uint64_t ri_billed_system_time;
- uint64_t ri_serviced_system_time;
- uint64_t ri_logical_writes;
- uint64_t ri_lifetime_max_phys_footprint;
- uint64_t ri_instructions;
- uint64_t ri_cycles;
- uint64_t ri_billed_energy;
- uint64_t ri_serviced_energy;
- uint64_t ri_interval_max_phys_footprint;
- uint64_t ri_runnable_time;
- uint64_t ri_flags;
-};
-
-typedef struct rusage_info_v5 rusage_info_current;
-
-
-
-
-
-/*****
- * RESOURCE LIMITS
- */
-
-/*
- * Symbolic constants for resource limits; since all limits are representable
- * as a type rlim_t, we are permitted to define RLIM_SAVED_* in terms of
- * RLIM_INFINITY.
- */
-
-
-
-
-/*
- * Possible values of the first parameter to getrlimit()/setrlimit(), to
- * indicate for which resource the operation is being performed.
- */
-// # 407 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/resource.h" 3 4
-/*
- * A structure representing a resource limit.  The address of an instance
- * of this structure is the second parameter to getrlimit()/setrlimit().
- */
-struct rlimit {
- rlim_t rlim_cur; /* current (soft) limit */
- rlim_t rlim_max; /* maximum value for rlim_cur */
-};
-
-
-/*
- * proc_rlimit_control()
- *
- * Resource limit flavors
- */
-
-
-
-
-
-/*
- * Flags for wakeups monitor control.
- */
-
-
-
-
-
-
-/*
- * Flags for CPU usage monitor control.
- */
-
-
-/*
- * Flags for memory footprint interval tracking.
- */
-
-
-struct proc_rlimit_control_wakeupmon {
- uint32_t wm_flags;
- int32_t wm_rate;
-};
-
-
-
-/* I/O type */
-// # 464 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/resource.h" 3 4
-/* scope */
-
-
-
-
-/* I/O Priority */
-
-
-
-
-
-
-
-/* compatibility with older names */
-// # 511 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/resource.h" 3 4
-int getpriority(int, id_t);
-
-int getiopolicy_np(int, int) __attribute__((availability(macosx,introduced=10.5)));
-
-int getrlimit(int, struct rlimit *) __asm("_" "getrlimit" );
-int getrusage(int, struct rusage *);
-int setpriority(int, id_t, int);
-
-int setiopolicy_np(int, int, int) __attribute__((availability(macosx,introduced=10.5)));
-
-int setrlimit(int, const struct rlimit *) __asm("_" "setrlimit" );
-// # 111 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/wait.h" 2 3 4
-
-/*
- * Option bits for the third argument of wait4.  WNOHANG causes the
- * wait to not hang if there are no stopped or terminated processes, rather
- * returning an error indication in this case (pid==0).  WUNTRACED
- * indicates that the caller should receive status about untraced children
- * which stop due to signals.  If children are stopped and a wait without
- * this option is done, it is as though they were still running... nothing
- * about them is returned.
- */
-
-
-
-/*
- * Macros to test the exit status returned by wait
- * and extract the relevant values.
- */
-
-
-
-
-
-
-
-/* These macros are permited, as they are in the implementation namespace */
-
-
-
-/*
- * [XSI] The  header shall define the following macros for
- * analysis of process status values
- */
-
-
-
-
-
-/* 0x13 == SIGCONT */
-// # 162 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/wait.h" 3 4
-/*
- * [XSI] The following symbolic constants shall be defined as possible
- * values for the fourth argument to waitid().
- */
-/* WNOHANG already defined for wait4() */
-/* WUNTRACED defined for wait4() but not for waitid() */
-// # 178 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/wait.h" 3 4
-/* POSIX extensions and 4.2/4.3 compatability: */
-
-/*
- * Tokens for special values of the "pid" parameter to wait4.
- */
-
-
-
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/machine/endian.h" 1 3 4
-/*
- * Copyright (c) 2000-2007 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-/*
- * Copyright 1995 NeXT Computer, Inc. All rights reserved.
- */
-
-
-
-
-
-
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/endian.h" 1 3 4
-/*
- * Copyright (c) 2000-2007 Apple Inc. All rights reserved.
- */
-/*
- * Copyright 1995 NeXT Computer, Inc. All rights reserved.
- */
-/*
- * Copyright (c) 1987, 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)endian.h	8.1 (Berkeley) 6/11/93
- */
-
-
-
-
-
-
-
-/*
- * Define _NOQUAD if the compiler does NOT support 64-bit integers.
- */
-/* #define _NOQUAD */
-
-/*
- * Define the order of 32-bit words in 64-bit words.
- */
-
-
-
-/*
- * Definitions for byte order, according to byte significance from low
- * address to high.
- */
-// # 77 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/endian.h" 3 4
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_endian.h" 1 3 4
-/*
- * Copyright (c) 2004, 2006 Apple Computer, Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-/*
- * Copyright (c) 1995 NeXT Computer, Inc. All rights reserved.
- * Copyright (c) 2000-2002 Apple Computer, Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-/*
- * Copyright (c) 1987, 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-
-
-
-
-
-/*
- * Macros for network/external number representation conversion.
- */
-// # 130 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_endian.h" 3 4
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/libkern/_OSByteOrder.h" 1 3 4
-/*
- * Copyright (c) 2006 Apple Computer, Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-
-
-/*
- * This header is normally included from .  However,
- *  also includes this in the case of little-endian
- * architectures, so that we can map OSByteOrder routines to the hton* and ntoh*
- * macros.  This results in the asymmetry below; we only include
- *  for little-endian architectures.
- */
-
-
-
-/* Macros for swapping constant values in the preprocessing stage. */
-// # 80 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/libkern/_OSByteOrder.h" 3 4
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/libkern/arm/OSByteOrder.h" 1 3 4
-/*
- * Copyright (c) 1999-2007 Apple Inc. All rights reserved.
- */
-
-
-
-
-
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/arch.h" 1 3 4
-/*
- * Copyright (c) 2007 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-
-
-
-/* Collect the __ARM_ARCH_*__ compiler flags into something easier to use. */
-// # 10 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/libkern/arm/OSByteOrder.h" 2 3 4
-
-/* Generic byte swapping functions. */
-
-static inline
-uint16_t
-_OSSwapInt16(
- uint16_t _data
- )
-{
- /* Reduces to 'rev16' with clang */
- return (uint16_t)(_data << 8 | _data >> 8);
-}
-
-static inline
-uint32_t
-_OSSwapInt32(
- uint32_t _data
- )
-{
-
- _data = __builtin_bswap32(_data);
-
-
-
-
-
- return _data;
-}
-
-static inline
-uint64_t
-_OSSwapInt64(
- uint64_t _data
- )
-{
-
- return __builtin_bswap64(_data);
-// # 60 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/libkern/arm/OSByteOrder.h" 3 4
-}
-
-/* Functions for byte reversed loads. */
-
-struct _OSUnalignedU16 {
- volatile uint16_t __val;
-} __attribute__((__packed__));
-
-struct _OSUnalignedU32 {
- volatile uint32_t __val;
-} __attribute__((__packed__));
-
-struct _OSUnalignedU64 {
- volatile uint64_t __val;
-} __attribute__((__packed__));
-// # 87 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/libkern/arm/OSByteOrder.h" 3 4
-static inline
-uint16_t
-OSReadSwapInt16(
- const volatile void * _base,
- uintptr_t _offset
- )
-{
- return _OSSwapInt16(((struct _OSUnalignedU16 *)((uintptr_t)_base + _offset))->__val);
-}
-// # 109 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/libkern/arm/OSByteOrder.h" 3 4
-static inline
-uint32_t
-OSReadSwapInt32(
- const volatile void * _base,
- uintptr_t _offset
- )
-{
- return _OSSwapInt32(((struct _OSUnalignedU32 *)((uintptr_t)_base + _offset))->__val);
-}
-// # 131 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/libkern/arm/OSByteOrder.h" 3 4
-static inline
-uint64_t
-OSReadSwapInt64(
- const volatile void * _base,
- uintptr_t _offset
- )
-{
- return _OSSwapInt64(((struct _OSUnalignedU64 *)((uintptr_t)_base + _offset))->__val);
-}
-
-
-/* Functions for byte reversed stores. */
-// # 156 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/libkern/arm/OSByteOrder.h" 3 4
-static inline
-void
-OSWriteSwapInt16(
- volatile void * _base,
- uintptr_t _offset,
- uint16_t _data
- )
-{
- ((struct _OSUnalignedU16 *)((uintptr_t)_base + _offset))->__val = _OSSwapInt16(_data);
-}
-// # 180 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/libkern/arm/OSByteOrder.h" 3 4
-static inline
-void
-OSWriteSwapInt32(
- volatile void * _base,
- uintptr_t _offset,
- uint32_t _data
- )
-{
- ((struct _OSUnalignedU32 *)((uintptr_t)_base + _offset))->__val = _OSSwapInt32(_data);
-}
-// # 204 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/libkern/arm/OSByteOrder.h" 3 4
-static inline
-void
-OSWriteSwapInt64(
- volatile void * _base,
- uintptr_t _offset,
- uint64_t _data
- )
-{
- ((struct _OSUnalignedU64 *)((uintptr_t)_base + _offset))->__val = _OSSwapInt64(_data);
-}
-// # 81 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/libkern/_OSByteOrder.h" 2 3 4
-// # 131 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_endian.h" 2 3 4
-// # 78 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/arm/endian.h" 2 3 4
-// # 38 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/machine/endian.h" 2 3 4
-// # 187 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/wait.h" 2 3 4
-
-/*
- * Deprecated:
- * Structure of the information in the status word returned by wait4.
- * If w_stopval==_WSTOPPED, then the second structure describes
- * the information returned, else the first.
- */
-union wait {
- int w_status; /* used in syscall */
- /*
-	 * Terminated process status.
-	 */
- struct {
-
-  unsigned int w_Termsig:7, /* termination signal */
-      w_Coredump:1, /* core dump indicator */
-      w_Retcode:8, /* exit code if w_termsig==0 */
-      w_Filler:16; /* upper bits filler */
-
-
-
-
-
-
-
- } w_T;
- /*
-	 * Stopped process status.  Returned
-	 * only for traced children unless requested
-	 * with the WUNTRACED option bit.
-	 */
- struct {
-
-  unsigned int w_Stopval:8, /* == W_STOPPED if stopped */
-      w_Stopsig:8, /* signal that stopped us */
-      w_Filler:16; /* upper bits filler */
-
-
-
-
-
-
- } w_S;
-};
-// # 240 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/wait.h" 3 4
-/*
- * Stopped state value; cannot use waitid() parameter of the same name
- * in the same scope
- */
-
-
-
-
-pid_t wait(int *) __asm("_" "wait" );
-pid_t waitpid(pid_t, int *, int) __asm("_" "waitpid" );
-
-int waitid(idtype_t, id_t, siginfo_t *, int) __asm("_" "waitid" );
-
-
-pid_t wait3(int *, int, struct rusage *);
-pid_t wait4(pid_t, int *, int, struct rusage *);
-// # 67 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 2 3 4
-
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/alloca.h" 1 3 4
-/*
- * Copyright (c) 2003 Apple Computer, Inc. All rights reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- * 
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- * 
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- * 
- * @APPLE_LICENSE_HEADER_END@
- */
-// # 32 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/alloca.h" 3 4
-void *alloca(size_t); /* built-in for gcc */
-
-
-
-/* built-in for gcc 3 */
-// # 69 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 2 3 4
-
-
-
-/* DO NOT REMOVE THIS COMMENT: fixincludes needs to see:
- * _GCC_SIZE_T */
-
-
-
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_ct_rune_t.h" 1 3 4
-/*
- * Copyright (c) 2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-
-
-typedef __darwin_ct_rune_t ct_rune_t;
-// # 78 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 2 3 4
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_rune_t.h" 1 3 4
-/*
- * Copyright (c) 2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-
-typedef __darwin_rune_t rune_t;
-// # 79 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 2 3 4
-
-
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_wchar_t.h" 1 3 4
-/*
- * Copyright (c) 2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-/* wchar_t is a built-in type in C++ */
-
-
-
-
-typedef __darwin_wchar_t wchar_t;
-// # 82 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 2 3 4
-
-typedef struct {
- int quot; /* quotient */
- int rem; /* remainder */
-} div_t;
-
-typedef struct {
- long quot; /* quotient */
- long rem; /* remainder */
-} ldiv_t;
-
-
-typedef struct {
- long long quot;
- long long rem;
-} lldiv_t;
-
-
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_null.h" 1 3 4
-/*
- * Copyright (c) 2003-2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-// # 101 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 2 3 4
-// # 118 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 3 4
-extern int __mb_cur_max;
-// # 128 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 3 4
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/malloc/_malloc.h" 1 3 4
-/*
- * Copyright (c) 2018 Apple Computer, Inc. All rights reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-
-
-
-
-/*
- * This header is included from , so the contents of this file have
- * broad source compatibility and POSIX conformance implications.
- * Be cautious about what is included and declared here.
- */
-// # 40 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/malloc/_malloc.h" 3 4
-void *malloc(size_t __size) __attribute__((__warn_unused_result__)) __attribute__((alloc_size(1)));
-void *calloc(size_t __count, size_t __size) __attribute__((__warn_unused_result__)) __attribute__((alloc_size(1,2)));
-void free(void *);
-void *realloc(void *__ptr, size_t __size) __attribute__((__warn_unused_result__)) __attribute__((alloc_size(2)));
-
-void *valloc(size_t) __attribute__((alloc_size(1)));
-
-
-
-
-void *aligned_alloc(size_t __alignment, size_t __size) __attribute__((__warn_unused_result__)) __attribute__((alloc_size(2))) __attribute__((availability(macosx,introduced=10.15))) __attribute__((availability(ios,introduced=13.0))) __attribute__((availability(tvos,introduced=13.0))) __attribute__((availability(watchos,introduced=6.0)));
-
-int posix_memalign(void **__memptr, size_t __alignment, size_t __size) __attribute__((availability(macosx,introduced=10.6)));
-// # 129 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 2 3 4
-
-
-void abort(void) __attribute__((__cold__)) __attribute__((__noreturn__));
-int abs(int) __attribute__((__const__));
-int atexit(void (* _Nonnull)(void));
-double atof(const char *);
-int atoi(const char *);
-long atol(const char *);
-
-long long
-  atoll(const char *);
-
-void *bsearch(const void *__key, const void *__base, size_t __nel,
-     size_t __width, int (* _Nonnull __compar)(const void *, const void *));
-/* calloc is now declared in _malloc.h */
-div_t div(int, int) __attribute__((__const__));
-void exit(int) __attribute__((__noreturn__));
-/* free is now declared in _malloc.h */
-char *getenv(const char *);
-long labs(long) __attribute__((__const__));
-ldiv_t ldiv(long, long) __attribute__((__const__));
-
-long long
-  llabs(long long);
-lldiv_t lldiv(long long, long long);
-
-/* malloc is now declared in _malloc.h */
-int mblen(const char *__s, size_t __n);
-size_t mbstowcs(wchar_t * restrict , const char * restrict, size_t);
-int mbtowc(wchar_t * restrict, const char * restrict, size_t);
-/* posix_memalign is now declared in _malloc.h */
-void qsort(void *__base, size_t __nel, size_t __width,
-     int (* _Nonnull __compar)(const void *, const void *));
-int rand(void) __attribute__((__availability__(swift, unavailable, message="Use arc4random instead.")));
-/* realloc is now declared in _malloc.h */
-void srand(unsigned) __attribute__((__availability__(swift, unavailable, message="Use arc4random instead.")));
-double strtod(const char *, char **) __asm("_" "strtod" );
-float strtof(const char *, char **) __asm("_" "strtof" );
-long strtol(const char *__str, char **__endptr, int __base);
-long double
-  strtold(const char *, char **);
-
-long long
-  strtoll(const char *__str, char **__endptr, int __base);
-
-unsigned long
-  strtoul(const char *__str, char **__endptr, int __base);
-
-unsigned long long
-  strtoull(const char *__str, char **__endptr, int __base);
-
-
-__attribute__((__availability__(swift, unavailable, message="Use posix_spawn APIs or NSTask instead. (On iOS, process spawning is unavailable.)")))
-__attribute__((availability(macos,introduced=10.0))) __attribute__((availability(ios,unavailable)))
-__attribute__((availability(watchos,unavailable))) __attribute__((availability(tvos,unavailable)))
-int system(const char *) __asm("_" "system" );
-
-
-size_t wcstombs(char * restrict, const wchar_t * restrict, size_t);
-int wctomb(char *, wchar_t);
-
-
-void _Exit(int) __attribute__((__noreturn__));
-long a64l(const char *);
-double drand48(void);
-char *ecvt(double, int, int *restrict, int *restrict); /* LEGACY */
-double erand48(unsigned short[3]);
-char *fcvt(double, int, int *restrict, int *restrict); /* LEGACY */
-char *gcvt(double, int, char *); /* LEGACY */
-int getsubopt(char **, char * const *, char **);
-int grantpt(int);
-
-
-
-char *initstate(unsigned long, char *, long);
-
-long jrand48(unsigned short[3]) __attribute__((__availability__(swift, unavailable, message="Use arc4random instead.")));
-char *l64a(long);
-void lcong48(unsigned short[7]);
-long lrand48(void) __attribute__((__availability__(swift, unavailable, message="Use arc4random instead.")));
-char *mktemp(char *);
-int mkstemp(char *);
-long mrand48(void) __attribute__((__availability__(swift, unavailable, message="Use arc4random instead.")));
-long nrand48(unsigned short[3]) __attribute__((__availability__(swift, unavailable, message="Use arc4random instead.")));
-int posix_openpt(int);
-char *ptsname(int);
-
-
-int ptsname_r(int fildes, char *buffer, size_t buflen) __attribute__((availability(macos,introduced=10.13.4))) __attribute__((availability(ios,introduced=11.3))) __attribute__((availability(tvos,introduced=11.3))) __attribute__((availability(watchos,introduced=4.3)));
-
-
-int putenv(char *) __asm("_" "putenv" );
-long random(void) __attribute__((__availability__(swift, unavailable, message="Use arc4random instead.")));
-int rand_r(unsigned *) __attribute__((__availability__(swift, unavailable, message="Use arc4random instead.")));
-
-
-
-char *realpath(const char * restrict, char * restrict) __asm("_" "realpath" );
-
-unsigned short
- *seed48(unsigned short[3]);
-int setenv(const char * __name, const char * __value, int __overwrite) __asm("_" "setenv" );
-
-
-
-int setkey(const char *);
-
-char *setstate(const char *);
-void srand48(long);
-
-
-
-void srandom(unsigned long);
-
-int unlockpt(int);
-
-
-
-void unsetenv(const char *);
-
-
-
-
-
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_dev_t.h" 1 3 4
-/*
- * Copyright (c) 2003-2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-
-typedef __darwin_dev_t dev_t; /* device number */
-// # 254 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 2 3 4
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_mode_t.h" 1 3 4
-/*
- * Copyright (c) 2003-2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
-
-
-
-typedef __darwin_mode_t mode_t;
-// # 255 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 2 3 4
-
-
-uint32_t arc4random(void);
-void arc4random_addrandom(unsigned char * /*dat*/, int /*datlen*/)
-    __attribute__((availability(macosx,introduced=10.0))) __attribute__((availability(macosx,deprecated=10.12,message="use arc4random_stir")))
-    __attribute__((availability(ios,introduced=2.0))) __attribute__((availability(ios,deprecated=10.0,message="use arc4random_stir")))
-    __attribute__((availability(tvos,introduced=2.0))) __attribute__((availability(tvos,deprecated=10.0,message="use arc4random_stir")))
-    __attribute__((availability(watchos,introduced=1.0))) __attribute__((availability(watchos,deprecated=3.0,message="use arc4random_stir")));
-void arc4random_buf(void * __buf, size_t __nbytes) __attribute__((availability(macosx,introduced=10.7)));
-void arc4random_stir(void);
-uint32_t
-  arc4random_uniform(uint32_t __upper_bound) __attribute__((availability(macosx,introduced=10.7)));
-
-int atexit_b(void (^ _Nonnull)(void)) __attribute__((availability(macosx,introduced=10.6)));
-// # 277 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 3 4
-void *bsearch_b(const void *__key, const void *__base, size_t __nel,
-     size_t __width, int (^ _Nonnull __compar)(const void *, const void *) __attribute__((__noescape__)))
-     __attribute__((availability(macosx,introduced=10.6)));
-
-
-  /* getcap(3) functions */
-char *cgetcap(char *, const char *, int);
-int cgetclose(void);
-int cgetent(char **, char **, const char *);
-int cgetfirst(char **, char **);
-int cgetmatch(const char *, const char *);
-int cgetnext(char **, char **);
-int cgetnum(char *, const char *, long *);
-int cgetset(const char *);
-int cgetstr(char *, const char *, char **);
-int cgetustr(char *, const char *, char **);
-
-int daemon(int, int) __asm("_" "daemon" ) __attribute__((availability(macosx,introduced=10.0,deprecated=10.5,message="Use posix_spawn APIs instead."))) __attribute__((availability(watchos,unavailable))) __attribute__((availability(tvos,unavailable)));
-char *devname(dev_t, mode_t);
-char *devname_r(dev_t, mode_t, char *buf, int len);
-char *getbsize(int *, long *);
-int getloadavg(double [], int);
-const char
- *getprogname(void);
-void setprogname(const char *);
-// # 311 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/stdlib.h" 3 4
-int heapsort(void *__base, size_t __nel, size_t __width,
-     int (* _Nonnull __compar)(const void *, const void *));
-
-int heapsort_b(void *__base, size_t __nel, size_t __width,
-     int (^ _Nonnull __compar)(const void *, const void *) __attribute__((__noescape__)))
-     __attribute__((availability(macosx,introduced=10.6)));
-
-int mergesort(void *__base, size_t __nel, size_t __width,
-     int (* _Nonnull __compar)(const void *, const void *));
-
-int mergesort_b(void *__base, size_t __nel, size_t __width,
-     int (^ _Nonnull __compar)(const void *, const void *) __attribute__((__noescape__)))
-     __attribute__((availability(macosx,introduced=10.6)));
-
-void psort(void *__base, size_t __nel, size_t __width,
-     int (* _Nonnull __compar)(const void *, const void *))
-     __attribute__((availability(macosx,introduced=10.6)));
-
-void psort_b(void *__base, size_t __nel, size_t __width,
-     int (^ _Nonnull __compar)(const void *, const void *) __attribute__((__noescape__)))
-     __attribute__((availability(macosx,introduced=10.6)));
-
-void psort_r(void *__base, size_t __nel, size_t __width, void *,
-     int (* _Nonnull __compar)(void *, const void *, const void *))
-     __attribute__((availability(macosx,introduced=10.6)));
-
-void qsort_b(void *__base, size_t __nel, size_t __width,
-     int (^ _Nonnull __compar)(const void *, const void *) __attribute__((__noescape__)))
-     __attribute__((availability(macosx,introduced=10.6)));
-
-void qsort_r(void *__base, size_t __nel, size_t __width, void *,
-     int (* _Nonnull __compar)(void *, const void *, const void *));
-int radixsort(const unsigned char **__base, int __nel, const unsigned char *__table,
-     unsigned __endbyte);
-int rpmatch(const char *)
- __attribute__((availability(macos,introduced=10.15))) __attribute__((availability(ios,introduced=13.0))) __attribute__((availability(tvos,introduced=13.0))) __attribute__((availability(watchos,introduced=6.0)));
-int sradixsort(const unsigned char **__base, int __nel, const unsigned char *__table,
-     unsigned __endbyte);
-void sranddev(void);
-void srandomdev(void);
-void *reallocf(void *__ptr, size_t __size) __attribute__((alloc_size(2)));
-long long
- strtonum(const char *__numstr, long long __minval, long long __maxval, const char **__errstrp)
- __attribute__((availability(macos,introduced=11.0))) __attribute__((availability(ios,introduced=14.0))) __attribute__((availability(tvos,introduced=14.0))) __attribute__((availability(watchos,introduced=7.0)));
-
-long long
-  strtoq(const char *__str, char **__endptr, int __base);
-unsigned long long
-  strtouq(const char *__str, char **__endptr, int __base);
-
-extern char *suboptarg; /* getsubopt(3) external variable */
-/* valloc is now declared in _malloc.h */
-
-
-/* Poison the following routines if -fshort-wchar is set */
-// # 34 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/string.h" 1 3 4
-/*
- * Copyright (c) 2000, 2007, 2010 Apple Inc. All rights reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-/*-
- * Copyright (c) 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)string.h	8.1 (Berkeley) 6/2/93
- */
-// # 67 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/string.h" 3 4
-/* ANSI-C */
-
-
-void *memchr(const void *__s, int __c, size_t __n);
-int memcmp(const void *__s1, const void *__s2, size_t __n);
-void *memcpy(void *__dst, const void *__src, size_t __n);
-void *memmove(void *__dst, const void *__src, size_t __len);
-void *memset(void *__b, int __c, size_t __len);
-char *strcat(char *__s1, const char *__s2);
-char *strchr(const char *__s, int __c);
-int strcmp(const char *__s1, const char *__s2);
-int strcoll(const char *__s1, const char *__s2);
-char *strcpy(char *__dst, const char *__src);
-size_t strcspn(const char *__s, const char *__charset);
-char *strerror(int __errnum) __asm("_" "strerror" );
-size_t strlen(const char *__s);
-char *strncat(char *__s1, const char *__s2, size_t __n);
-int strncmp(const char *__s1, const char *__s2, size_t __n);
-char *strncpy(char *__dst, const char *__src, size_t __n);
-char *strpbrk(const char *__s, const char *__charset);
-char *strrchr(const char *__s, int __c);
-size_t strspn(const char *__s, const char *__charset);
-char *strstr(const char *__big, const char *__little);
-char *strtok(char *__str, const char *__sep);
-size_t strxfrm(char *__s1, const char *__s2, size_t __n);
-
-
-
-
-/* Additional functionality provided by:
- * POSIX.1c-1995,
- * POSIX.1i-1995,
- * and the omnibus ISO/IEC 9945-1: 1996
- */
-
-
-
-char *strtok_r(char *__str, const char *__sep, char **__lasts);
 
 
 
 
+    // Prevent inclusion of MacOS system headers which VeriFast cannot parse:
+   // #define _SYS__PTHREAD_TYPES_H_
+// # 30 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
-/* Additional functionality provided by:
- * POSIX.1-2001
- */
+int test_start = 0;
+//#include "_pthread_types.h"
+int test_end = 1;
 
+/* Standard includes. */
+// # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdlib.h" 1
+
+
+
+// # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdbool.h" 1
+// # 5 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdlib.h" 2
+// # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/malloc.h" 1
+
+
+
+// # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stddef.h" 1
+
+
+
+typedef uintptr_t size_t;
+typedef intptr_t ptrdiff_t;
+typedef intptr_t ssize_t;
+// # 5 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/malloc.h" 2
+
+/*@
+
+// In Standard C, freeing a null pointer is allowed and is a no-op.
+lemma_auto void malloc_block_null();
+    requires emp;
+    ensures malloc_block(0, 0);
+
+lemma void malloc_block_limits(void *array);
+    requires [?f]malloc_block(array, ?size);
+    ensures [f]malloc_block(array, size) &*& (void *)0 <= array &*& 0 <= size &*& array + size <= (void *)UINTPTR_MAX;
+
+@*/
+
+void *malloc(size_t size);
+    //@ requires true;
+    /*@
+    ensures
+        result == 0 ?
+            emp
+        :
+            chars_(result, size, _) &*& malloc_block(result, size) &*&
+            (char *)0 < result && result + size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
+    @*/
+    //@ terminates;
+
+void *calloc(size_t nmemb, size_t size);
+    //@ requires true;
+    /*@
+    ensures
+        result == 0 ?
+            emp
+        :
+            chars(result, nmemb * size, ?cs) &*& malloc_block(result, nmemb * size) &*& all_eq(cs, 0) == true &*&
+            (char *)0 < result && result + nmemb * size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
+    @*/
+    //@ terminates;
+
+void free(void *array);
+    //@ requires malloc_block(array, ?size) &*& chars_(array, size, ?cs);
+    //@ ensures emp;
+    //@ terminates;
+
+void *realloc(void *array, size_t newSize);
+    //@ requires malloc_block(array, ?size) &*& chars(array, size, ?cs);
+    /*@
+    ensures
+        result == 0 ?
+            malloc_block(array, size) &*& chars(array, size, cs)
+        :
+            malloc_block(result, newSize) &*&
+            newSize <= size ?
+                chars(result, _, take(newSize, cs))
+            :
+                chars(result, _, cs) &*& chars(result + size, newSize - size, _);
+    @*/
+    //@ terminates;
+// # 6 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdlib.h" 2
+
+void abort();
+    //@ requires true;
+    //@ ensures false;
+    //@ terminates;
+
+void exit(int status);
+    //@ requires true;
+    //@ ensures false;
+    //@ terminates;
+
+int abs(int x);
+    //@ requires INT_MIN < x;
+    //@ ensures result == abs(x);
+    //@ terminates;
+
+long labs(long x);
+    //@ requires LONG_MIN < x;
+    //@ ensures result == abs(x);
+    //@ terminates;
+
+long long llabs(long long x);
+    //@ requires LLONG_MIN < x;
+    //@ ensures result == abs(x);
+    //@ terminates;
+// # 37 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/string.h" 1
+
+
+
+
+
+char *strcpy(char *d, char *s);
+    //@ requires [?f]string(s, ?cs) &*& chars(d, length(cs) + 1, _);
+    //@ ensures [f]string(s, cs) &*& chars(d, length(cs) + 1, append(cs, {0})) &*& result == d;
+
+void memcpy(void *array, void *array0, size_t count);
+    //@ requires chars_(array, count, _) &*& [?f]chars(array0, count, ?cs0);
+    //@ ensures chars(array, count, cs0) &*& [f]chars(array0, count, cs0);
+
+void memmove(void *dest, void *src, size_t count);
+    /*@
+    requires
+        chars(src, count, ?cs) &*&
+        dest <= src ?
+            chars(dest, src - dest, _)
+        :
+            chars(src + count, dest - src, _);
+    @*/
+    /*@
+    ensures
+        chars(dest, count, cs) &*&
+        dest <= src ?
+            chars(dest + count, src - dest, _)
+        :
+            chars(src, dest - src, _);
+    @*/
+
+size_t strlen(char *string);
+    //@ requires [?f]string(string, ?cs);
+    //@ ensures [f]string(string, cs) &*& result == length(cs);
+
+int memcmp(char *array, char *array0, size_t count);
+    //@ requires [?f]chars(array, ?n, ?cs) &*& [?f0]chars(array0, ?n0, ?cs0) &*& count <= n &*& count <= n0;
+    //@ ensures [f]chars(array, n, cs) &*& [f0]chars(array0, n0, cs0) &*& (result == 0) == (take(count, cs) == take(count, cs0));
+
+int strcmp(char *s1, char *s2);
+    //@ requires [?f1]string(s1, ?cs1) &*& [?f2]string(s2, ?cs2);
+    //@ ensures [f1]string(s1, cs1) &*& [f2]string(s2, cs2) &*& (result == 0) == (cs1 == cs2);
+
+char *memchr(char *array, char c, size_t count);
+    //@ requires [?f]chars(array, count, ?cs);
+    //@ ensures [f]chars(array, count, cs) &*& result == 0 ? mem(c, cs) == false : mem(c, cs) == true &*& result == array + index_of(c, cs);
+
+char* strchr(char *str, char c);
+    //@ requires [?f]string(str, ?cs);
+    /*@ ensures
+            [f]string(str, cs) &*&
+            c == 0 ? 
+                result == str + length(cs)
+            : 
+                result == 0 ?
+                    mem(c, cs) == false
+                :
+                    mem(c, cs) == true &*& result == str + index_of(c, cs);
+    @*/
+
+void* memset(void *array, char value, size_t size);
+    //@ requires chars_(array, size, _);
+    //@ ensures chars(array, size, ?cs1) &*& all_eq(cs1, value) == true &*& result == array;
+
+char *strdup(char *string);
+    //@ requires [?f]string(string, ?cs);
+    //@ ensures [f]string(string, cs) &*& result == 0 ? true : string(result, cs) &*& malloc_block_chars(result, length(cs) + 1);
+// # 38 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
+/* Defining MPU_WRAPPERS_INCLUDED_FROM_API_FILE prevents task.h from redefining
+ * all the API functions to use the MPU wrappers.  That should only be done when
+ * task.h is included from an application file. */
 
-int strerror_r(int __errnum, char *__strerrbuf, size_t __buflen);
-char *strdup(const char *__s1);
-void *memccpy(void *__dst, const void *__src, int __c, size_t __n);
 
+/* FreeRTOS includes. */
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 1
+/*
+ * FreeRTOS Kernel V10.4.3
+ * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of
+ * this software and associated documentation files (the "Software"), to deal in
+ * the Software without restriction, including without limitation the rights to
+ * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+ * the Software, and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+ * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+ * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * https://www.FreeRTOS.org
+ * https://github.com/FreeRTOS
+ *
+ */
 
 
 
 
-/* Additional functionality provided by:
- * POSIX.1-2008
+/*
+ * Include the generic headers required for the FreeRTOS port being used.
  */
 
 
+/*
+ * If stdint.h cannot be located then:
+ *   + If using GCC ensure the -nostdint options is *not* being used.
+ *   + Ensure the project's include path includes the directory in which your
+ *     compiler stores stdint.h.
+ *   + Set any compiler options necessary for it to support C99, as technically
+ *     stdint.h is only mandatory with C99 (FreeRTOS does not require C99 in any
+ *     other way).
+ *   + The FreeRTOS download includes a simple stdint.h definition that can be
+ *     used in cases where none is provided by the compiler.  The files only
+ *     contains the typedefs required to build FreeRTOS.  Read the instructions
+ *     in FreeRTOS/source/stdint.readme for more information.
+ */
+// # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdint.h" 1
+// # 18 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdint.h"
+typedef __int8 int8_t;
+typedef __int16 int16_t;
+typedef __int32 int32_t;
+typedef __int64 int64_t;
+typedef __int128 int128_t;
+
+typedef unsigned __int8 uint8_t;
+typedef unsigned __int16 uint16_t;
+typedef unsigned __int32 uint32_t;
+typedef unsigned __int64 uint64_t;
+typedef unsigned __int128 uint128_t;
+// # 49 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 2
 
-char *stpcpy(char *__dst, const char *__src);
-char *stpncpy(char *__dst, const char *__src, size_t __n) __attribute__((availability(macosx,introduced=10.7)));
-char *strndup(const char *__s1, size_t __n) __attribute__((availability(macosx,introduced=10.7)));
-size_t strnlen(const char *__s1, size_t __n) __attribute__((availability(macosx,introduced=10.7)));
-char *strsignal(int __sig);
+/* *INDENT-OFF* */
 
 
 
-/* C11 Annex K */
+/* *INDENT-ON* */
 
+/* Application specific configuration options. */
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/FreeRTOSConfig.h" 1
+/* This is a stub used for the VeriFast proof. */
 
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_rsize_t.h" 1 3 4
 /*
- * Copyright (c) 2003-2012 Apple Inc. All rights reserved.
+ * FreeRTOS V202107.00
+ * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
  *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of
+ * this software and associated documentation files (the "Software"), to deal in
+ * the Software without restriction, including without limitation the rights to
+ * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+ * the Software, and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
  *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
  *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+ * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+ * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
+ * http://www.FreeRTOS.org
+ * http://aws.amazon.com/freertos
  *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
+ * 1 tab == 4 spaces!
  */
 
 
 
-typedef __darwin_size_t rsize_t;
-// # 142 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/string.h" 2 3 4
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_errno_t.h" 1 3 4
-/*
- * Copyright (c) 2003-2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
+
+/*-----------------------------------------------------------
+ * Application specific definitions.
  *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
+ * These definitions should be adjusted for your particular hardware and
+ * application requirements.
  *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
+ * THESE PARAMETERS ARE DESCRIBED WITHIN THE 'CONFIGURATION' SECTION OF THE
+ * FreeRTOS API DOCUMENTATION AVAILABLE ON THE FreeRTOS.org WEB SITE.
  *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
+ * See http://www.freertos.org/a00110.html
+ *----------------------------------------------------------*/
+
+/* Scheduler Related */
+// # 57 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/FreeRTOSConfig.h"
+/* Synchronization Related */
+// # 69 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/FreeRTOSConfig.h"
+/* System */
 
 
-typedef int errno_t;
-// # 143 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/string.h" 2 3 4
 
+/* Memory allocation related definitions. */
 
-errno_t memset_s(void *__s, rsize_t __smax, int __c, rsize_t __n) __attribute__((availability(macosx,introduced=10.9)));
 
 
 
-/* Darwin extensions */
+
+/* Hook function related definitions. */
 
 
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/sys/_types/_ssize_t.h" 1 3 4
-/*
- * Copyright (c) 2003-2012 Apple Inc. All rights reserved.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
- *
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
- */
 
 
+/* Run time and task stats gathering related definitions. */
 
-typedef __darwin_ssize_t ssize_t;
-// # 153 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/string.h" 2 3 4
 
 
-void *memmem(const void *__big, size_t __big_len, const void *__little, size_t __little_len) __attribute__((availability(macosx,introduced=10.7)));
-void memset_pattern4(void *__b, const void *__pattern4, size_t __len) __attribute__((availability(macosx,introduced=10.5)));
-void memset_pattern8(void *__b, const void *__pattern8, size_t __len) __attribute__((availability(macosx,introduced=10.5)));
-void memset_pattern16(void *__b, const void *__pattern16, size_t __len) __attribute__((availability(macosx,introduced=10.5)));
 
-char *strcasestr(const char *__big, const char *__little);
-char *strnstr(const char *__big, const char *__little, size_t __len);
-size_t strlcat(char *__dst, const char *__source, size_t __size);
-size_t strlcpy(char *__dst, const char *__source, size_t __size);
-void strmode(int __mode, char *__bp);
-char *strsep(char **__stringp, const char *__delim);
+/* Co-routine related definitions. */
 
-/* SUS places swab() in unistd.h.  It is listed here for source compatibility */
-void swab(const void * restrict, void * restrict, ssize_t);
 
-__attribute__((availability(macosx,introduced=10.12.1))) __attribute__((availability(ios,introduced=10.1)))
-__attribute__((availability(tvos,introduced=10.0.1))) __attribute__((availability(watchos,introduced=3.1)))
-int timingsafe_bcmp(const void *__b1, const void *__b2, size_t __len);
 
-__attribute__((availability(macosx,introduced=11.0))) __attribute__((availability(ios,introduced=14.0)))
-__attribute__((availability(tvos,introduced=14.0))) __attribute__((availability(watchos,introduced=7.0)))
-int strsignal_r(int __sig, char *__strsignalbuf, size_t __buflen);
+/* Software timer related definitions. */
 
 
-/* Some functions historically defined in string.h were placed in strings.h
- * by SUS.  We are using "strings.h" instead of  to avoid an issue
- * where /Developer/Headers/FlatCarbon/Strings.h could be included instead on
- * case-insensitive file systems.
- */
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/strings.h" 1 3 4
+
+
+
+/* Interrupt nesting behaviour configuration. */
 /*
- * Copyright (c) 2000, 2007, 2010 Apple Inc. All rights reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- * 
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- * 
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- * 
- * @APPLE_LICENSE_HEADER_END@
- */
+// #define configKERNEL_INTERRUPT_PRIORITY         [dependent of processor]
+// #define configMAX_SYSCALL_INTERRUPT_PRIORITY    [dependent on processor and application]
+// #define configMAX_API_CALL_INTERRUPT_PRIORITY   [dependent on processor and application]
+*/
+
+/* SMP port only */
+
+
+
+
+/* RP2040 specific */
+
+
+
+// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/assert.h" 1 3 4
 /*-
- * Copyright (c) 1990, 1993
+ * Copyright (c) 1992, 1993
  *	The Regents of the University of California.  All rights reserved.
+ * (c) UNIX System Laboratories, Inc.
+ * All or some portions of this file are derived from material licensed
+ * to the University of California by American Telephone and Telegraph
+ * Co. or Unix System Laboratories, Inc. and are reproduced herein with
+ * the permission of UNIX System Laboratories, Inc.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -4980,45 +432,29 @@ int strsignal_r(int __sig, char *__strsignalbuf, size_t __buflen);
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	@(#)strings.h	8.1 (Berkeley) 6/2/93
+ *	@(#)assert.h	8.2 (Berkeley) 1/21/94
+ * $FreeBSD: src/include/assert.h,v 1.4 2002/03/23 17:24:53 imp Exp $
  */
-// # 68 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/strings.h" 3 4
-/* Removed in Issue 7 */
-
-int bcmp(const void *, const void *, size_t) ;
-void bcopy(const void *, void *, size_t) ;
-void bzero(void *, size_t) ;
-char *index(const char *, int) ;
-char *rindex(const char *, int) ;
-
-
-int ffs(int);
-int strcasecmp(const char *, const char *);
-int strncasecmp(const char *, const char *, size_t);
-
-
-/* Darwin extensions */
-
-
-int ffsl(long) __attribute__((availability(macosx,introduced=10.5)));
-int ffsll(long long) __attribute__((availability(macosx,introduced=10.9)));
-int fls(int) __attribute__((availability(macosx,introduced=10.5)));
-int flsl(long) __attribute__((availability(macosx,introduced=10.5)));
-int flsll(long long) __attribute__((availability(macosx,introduced=10.9)));
 
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 1 3 4
+/* This is a stub used for the VeriFast proof. */
 
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/string.h" 1 3 4
 /*
- * Copyright (c) 2000, 2007, 2010 Apple Inc. All rights reserved.
+ * Copyright (c) 2000-2018 Apple Inc. All rights reserved.
  *
- * @APPLE_LICENSE_HEADER_START@
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
  *
  * This file contains Original Code and/or Modifications of Original Code
  * as defined in and that are subject to the Apple Public Source License
  * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
+ * compliance with the License. The rights granted to you under the License
+ * may not be used to create, or enable the creation or redistribution of,
+ * unlawful or unlicensed copies of an Apple operating system, or to
+ * circumvent, violate, or enable the circumvention or violation of, any
+ * terms of an Apple operating system software license agreement.
+ *
+ * Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this file.
  *
  * The Original Code and all software distributed under the License are
  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
@@ -5028,12 +464,16 @@ int flsll(long long) __attribute__((availability(macosx,introduced=10.9)));
  * Please see the License for the specific language governing rights and
  * limitations under the License.
  *
- * @APPLE_LICENSE_HEADER_END@
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  */
-/*-
- * Copyright (c) 1990, 1993
+/* Copyright 1995 NeXT Computer, Inc. All rights reserved. */
+/*
+ * Copyright (c) 1991, 1993
  *	The Regents of the University of California.  All rights reserved.
  *
+ * This code is derived from software contributed to Berkeley by
+ * Berkeley Software Design, Inc.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -5062,446 +502,479 @@ int flsll(long long) __attribute__((availability(macosx,introduced=10.9)));
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	@(#)string.h	8.1 (Berkeley) 6/2/93
+ *	@(#)cdefs.h	8.8 (Berkeley) 1/9/95
+ */
+
+
+
+
+/* Verifast proof setup */
+
+    /*
+     * The proof setup header is already included at the top of the proof target,
+     * e.g., `tasks.c`. But it seems like the contained defines are not propagated
+     * to this file.
+     */
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_proof_defs.h" 1 3 4
+/*
+ * This file contains defines to configure the VeriFast proof setup.
+ *
  */
-// # 93 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/strings.h" 2 3 4
 
 
 
-/* Security checking functions.  */
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/secure/_strings.h" 1 3 4
+
+    // Prevent inclusion of MacOS system headers which VeriFast cannot parse:
+   // #define _SYS__PTHREAD_TYPES_H_
+// # 80 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 2 3 4
+// # 90 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+/* This SDK is designed to work with clang and specific versions of
+ * gcc >= 4.0 with Apple's patch sets */
+
+
+
+
 /*
- * Copyright (c) 2017 Apple Inc. All rights reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
+ * Compatibility with compilers and environments that don't support compiler
+ * feature checking function-like macros.
  */
-// # 33 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/secure/_strings.h" 3 4
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/secure/_common.h" 1 3 4
+// # 116 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /*
- * Copyright (c) 2007, 2008 Apple Inc. All rights reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
+ * The __CONCAT macro is used to concatenate parts of symbol names, e.g.
+ * with "#define OLD(foo) __CONCAT(old,foo)", OLD(foo) produces oldfoo.
+ * The __CONCAT macro is a bit tricky -- make sure you don't put spaces
+ * in between its arguments.  __CONCAT can also concatenate double-quoted
+ * strings produced by the __STRING macro, but this only works with ANSI C.
+ */
+// # 167 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+/*
+ * __pure2 can be used for functions that are only a function of their scalar
+ * arguments (meaning they can't dereference pointers).
  *
- * @APPLE_LICENSE_HEADER_END@
+ * __stateful_pure can be used for functions that have no side effects,
+ * but depend on the state of the memory.
+ */
+
+
+
+
+/* __unused denotes variables and functions that may not be used, preventing
+ * the compiler from warning about it if not used.
+ */
+
+
+/* __used forces variables and functions to be included even if it appears
+ * to the compiler that they are not used (and would thust be discarded).
  */
-// # 34 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/secure/_strings.h" 2 3 4
 
 
+/* __cold marks code used for debugging or that is rarely taken
+ * and tells the compiler to optimize for size and outline code.
+ */
+
 
-/* bcopy and bzero */
 
-/* Removed in Issue 7 */
 
 
 
+/* __exported denotes symbols that should be exported even when symbols
+ * are hidden by default.
+ * __exported_push/_exported_pop are pragmas used to delimit a range of
+ *  symbols that should be exported even when symbols are hidden by default.
+ */
 
-/* void	bcopy(const void *src, void *dst, size_t len) */
 
 
 
+/* __deprecated causes the compiler to produce a warning when encountering
+ * code using the deprecated functionality.
+ * __deprecated_msg() does the same, and compilers that support it will print
+ * a message along with the deprecation warning.
+ * This may require turning on such warning with the -Wdeprecated flag.
+ * __deprecated_enum_msg() should be used on enums, and compilers that support
+ * it will print the deprecation warning.
+ * __kpi_deprecated() specifically indicates deprecation of kernel programming
+ * interfaces in Kernel.framework used by KEXTs.
+ */
+// # 233 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+/* __unavailable causes the compiler to error out when encountering
+ * code using the tagged function
+ */
+// # 250 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+/* Delete pseudo-keywords wherever they are not available or needed. */
 
 
 
-/* void	bzero(void *s, size_t n) */
-// # 98 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/strings.h" 2 3 4
-// # 185 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/string.h" 2 3 4
 
 
+/*
+ * We use `__restrict' as a way to define the `restrict' type qualifier
+ * without disturbing older software that is unaware of C99 keywords.
+ */
 
 
 
 
 
 
-/* Security checking functions.  */
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/secure/_string.h" 1 3 4
+/* Compatibility with compilers and environments that don't support the
+ * nullability feature.
+ */
+// # 291 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /*
- * Copyright (c) 2007,2017 Apple Inc. All rights reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
+ * __disable_tail_calls causes the compiler to not perform tail call
+ * optimization inside the marked function.
  */
-// # 37 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/secure/_string.h" 3 4
-/*  */
-// # 46 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/secure/_string.h" 3 4
-/* memccpy, memcpy, mempcpy, memmove, memset, strcpy, strlcpy, stpcpy,
-   strncpy, stpncpy, strcat, strlcat, and strncat */
 
 
 
 
 
-/* void *memccpy(void *dst, const void *src, int c, size_t n) */
+
+/*
+ * __not_tail_called causes the compiler to prevent tail call optimization
+ * on statically bound calls to the function.  It has no effect on indirect
+ * calls.  Virtual functions, objective-c methods, and functions marked as
+ * "always_inline" cannot be marked as __not_tail_called.
+ */
 
 
 
 
 
 
+/*
+ * __result_use_check warns callers of a function that not using the function
+ * return value is a bug, i.e. dismissing malloc() return value results in a
+ * memory leak.
+ */
 
-/* void *memcpy(void *dst, const void *src, size_t n) */
 
 
 
 
 
+/*
+ * __swift_unavailable causes the compiler to mark a symbol as specifically
+ * unavailable in Swift, regardless of any other availability in C.
+ */
 
-/* void *memmove(void *dst, const void *src, size_t len) */
 
 
 
 
 
+/*
+ * __abortlike is the attribute to put on functions like abort() that are
+ * typically used to mark assertions. These optimize the codegen
+ * for outlining while still maintaining debugability.
+ */
 
-/* void *memset(void *b, int c, size_t len) */
 
 
 
+/* Declaring inline functions within headers is error-prone due to differences
+ * across various versions of the C language and extensions.  __header_inline
+ * can be used to declare inline functions within system headers.  In cases
+ * where you want to force inlining instead of letting the compiler make
+ * the decision, you can use __header_always_inline.
+ *
+ * Be aware that using inline for functions which compilers may also provide
+ * builtins can behave differently under various compilers.  If you intend to
+ * provide an inline version of such a function, you may want to use a macro
+ * instead.
+ *
+ * The check for !__GNUC__ || __clang__ is because gcc doesn't correctly
+ * support c99 inline in some cases:
+ * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55965
+ */
+// # 384 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+/*
+ * Compiler-dependent macros that bracket portions of code where the
+ * "-Wunreachable-code" warning should be ignored. Please use sparingly.
+ */
+// # 405 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+/*
+ * Compiler-dependent macros to declare that functions take printf-like
+ * or scanf-like arguments.  They are null except for versions of gcc
+ * that are known to support the features properly.  Functions declared
+ * with these attributes will cause compilation warnings if there is a
+ * mismatch between the format string and subsequent function parameter
+ * types.
+ */
+// # 440 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+/* Source compatibility only, ID string not emitted in object file */
+// # 457 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+/*
+ * __alloc_size can be used to label function arguments that represent the
+ * size of memory that the function allocates and returns. The one-argument
+ * form labels a single argument that gives the allocation size (where the
+ * arguments are numbered from 1):
+ *
+ * void	*malloc(size_t __size) __alloc_size(1);
+ *
+ * The two-argument form handles the case where the size is calculated as the
+ * product of two arguments:
+ *
+ * void	*calloc(size_t __count, size_t __size) __alloc_size(1,2);
+ */
+// # 478 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+/*
+ * COMPILATION ENVIRONMENTS -- see compat(5) for additional detail
+ *
+ * DEFAULT	By default newly complied code will get POSIX APIs plus
+ *		Apple API extensions in scope.
+ *
+ *		Most users will use this compilation environment to avoid
+ *		behavioral differences between 32 and 64 bit code.
+ *
+ * LEGACY	Defining _NONSTD_SOURCE will get pre-POSIX APIs plus Apple
+ *		API extensions in scope.
+ *
+ *		This is generally equivalent to the Tiger release compilation
+ *		environment, except that it cannot be applied to 64 bit code;
+ *		its use is discouraged.
+ *
+ *		We expect this environment to be deprecated in the future.
+ *
+ * STRICT	Defining _POSIX_C_SOURCE or _XOPEN_SOURCE restricts the
+ *		available APIs to exactly the set of APIs defined by the
+ *		corresponding standard, based on the value defined.
+ *
+ *		A correct, portable definition for _POSIX_C_SOURCE is 200112L.
+ *		A correct, portable definition for _XOPEN_SOURCE is 600L.
+ *
+ *		Apple API extensions are not visible in this environment,
+ *		which can cause Apple specific code to fail to compile,
+ *		or behave incorrectly if prototypes are not in scope or
+ *		warnings about missing prototypes are not enabled or ignored.
+ *
+ * In any compilation environment, for correct symbol resolution to occur,
+ * function prototypes must be in scope.  It is recommended that all Apple
+ * tools users add either the "-Wall" or "-Wimplicit-function-declaration"
+ * compiler flags to their projects to be warned when a function is being
+ * used without a prototype in scope.
+ */
 
+/* These settings are particular to each product. */
+// # 526 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+/*
+ * The __DARWIN_ALIAS macros are used to do symbol renaming; they allow
+ * legacy code to use the old symbol, thus maintaining binary compatibility
+ * while new code can use a standards compliant version of the same function.
+ *
+ * __DARWIN_ALIAS is used by itself if the function signature has not
+ * changed, it is used along with a #ifdef check for __DARWIN_UNIX03
+ * if the signature has changed.  Because the __LP64__ environment
+ * only supports UNIX03 semantics it causes __DARWIN_UNIX03 to be
+ * defined, but causes __DARWIN_ALIAS to do no symbol mangling.
+ *
+ * As a special case, when XCode is used to target a specific version of the
+ * OS, the manifest constant __ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__
+ * will be defined by the compiler, with the digits representing major version
+ * time 100 + minor version times 10 (e.g. 10.5 := 1050).  If we are targeting
+ * pre-10.5, and it is the default compilation environment, revert the
+ * compilation environment to pre-__DARWIN_UNIX03.
+ */
+// # 560 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+/*
+ * symbol suffixes used for symbol versioning
+ */
+// # 605 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+/*
+ * symbol versioning macros
+ */
+// # 623 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+/*
+ * symbol release macros
+ */
 
 
-/* char *strcpy(char *dst, const char *src) */
 
+/*
+ * POSIX.1 requires that the macros we test be defined before any standard
+ * header file is included.  This permits us to convert values for feature
+ * testing, as necessary, using only _POSIX_C_SOURCE.
+ *
+ * Here's a quick run-down of the versions:
+ *  defined(_POSIX_SOURCE)		1003.1-1988
+ *  _POSIX_C_SOURCE == 1L		1003.1-1990
+ *  _POSIX_C_SOURCE == 2L		1003.2-1992 C Language Binding Option
+ *  _POSIX_C_SOURCE == 199309L		1003.1b-1993
+ *  _POSIX_C_SOURCE == 199506L		1003.1c-1995, 1003.1i-1995,
+ *					and the omnibus ISO/IEC 9945-1: 1996
+ *  _POSIX_C_SOURCE == 200112L		1003.1-2001
+ *  _POSIX_C_SOURCE == 200809L		1003.1-2008
+ *
+ * In addition, the X/Open Portability Guide, which is now the Single UNIX
+ * Specification, defines a feature-test macro which indicates the version of
+ * that specification, and which subsumes _POSIX_C_SOURCE.
+ */
 
+/* Deal with IEEE Std. 1003.1-1990, in which _POSIX_C_SOURCE == 1L. */
 
 
 
 
 
-/* char *stpcpy(char *dst, const char *src) */
-// # 99 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/secure/_string.h" 3 4
-/* char *stpncpy(char *dst, const char *src, size_t n) */
-// # 110 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/secure/_string.h" 3 4
-/* size_t strlcpy(char *dst, const char *source, size_t size) */
+/* Deal with IEEE Std. 1003.2-1992, in which _POSIX_C_SOURCE == 2L. */
 
 
 
 
 
+/* Deal with various X/Open Portability Guides and Single UNIX Spec. */
+// # 675 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+/*
+ * Deal with all versions of POSIX.  The ordering relative to the tests above is
+ * important.
+ */
 
-/* size_t strlcat(char *dst, const char *source, size_t size) */
-// # 126 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/secure/_string.h" 3 4
-/* char *strncpy(char *dst, const char *src, size_t n) */
 
 
 
+/* POSIX C deprecation macros */
 
 
+/*
+ * Set a single macro which will always be defined and can be used to determine
+ * the appropriate namespace.  For POSIX, these values will correspond to
+ * _POSIX_C_SOURCE value.  Currently there are two additional levels corresponding
+ * to ANSI (_ANSI_SOURCE) and Darwin extensions (_DARWIN_C_SOURCE)
+ */
+// # 703 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+/* If the developer has neither requested a strict language mode nor a version
+ * of POSIX, turn on functionality provided by __STDC_WANT_LIB_EXT1__ as part
+ * of __DARWIN_C_FULL.
+ */
 
-/* char *strcat(char *s1, const char *s2) */
 
 
 
+/*
+ * long long is not supported in c89 (__STRICT_ANSI__), but g++ -ansi and
+ * c99 still want long longs.  While not perfect, we allow long longs for
+ * g++.
+ */
 
 
 
 
-/* char *strncat(char *s1, const char *s2, size_t n) */
-// # 195 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/string.h" 2 3 4
-// # 35 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
-/* Defining MPU_WRAPPERS_INCLUDED_FROM_API_FILE prevents task.h from redefining
- * all the API functions to use the MPU wrappers.  That should only be done when
- * task.h is included from an application file. */
 
+/*****************************************
+*  Public darwin-specific feature macros
+*****************************************/
 
-/* FreeRTOS includes. */
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 1
 /*
- * FreeRTOS Kernel V10.4.3
- * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy of
- * this software and associated documentation files (the "Software"), to deal in
- * the Software without restriction, including without limitation the rights to
- * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
- * the Software, and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
- * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
- * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
- * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
- * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- *
- * https://www.FreeRTOS.org
- * https://github.com/FreeRTOS
- *
+ * _DARWIN_FEATURE_64_BIT_INODE indicates that the ino_t type is 64-bit, and
+ * structures modified for 64-bit inodes (like struct stat) will be used.
  */
 
 
 
 
 /*
- * Include the generic headers required for the FreeRTOS port being used.
- */
-// # 1 "/Library/Developer/CommandLineTools/usr/lib/clang/14.0.0/include/stddef.h" 1 3
-/*===---- stddef.h - Basic type definitions --------------------------------===
- *
- * Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
- * See https://llvm.org/LICENSE.txt for license information.
- * SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
- *
- *===-----------------------------------------------------------------------===
+ * _DARWIN_FEATURE_64_ONLY_BIT_INODE indicates that the ino_t type may only
+ * be 64-bit; there is no support for 32-bit ino_t when this macro is defined
+ * (and non-zero).  There is no struct stat64 either, as the regular
+ * struct stat will already be the 64-bit version.
  */
-// # 17 "/Library/Developer/CommandLineTools/usr/lib/clang/14.0.0/include/stddef.h" 3
-/* Always define miscellaneous pieces when modules are available. */
-// # 26 "/Library/Developer/CommandLineTools/usr/lib/clang/14.0.0/include/stddef.h" 3
-/* __need_wint_t is intentionally not defined here. */
-
 
 
 
-/* Always define ptrdiff_t when modules are available. */
 
-
-
-typedef long int ptrdiff_t;
-// # 52 "/Library/Developer/CommandLineTools/usr/lib/clang/14.0.0/include/stddef.h" 3
-/* ISO9899:2011 7.20 (C11 Annex K): Define rsize_t if __STDC_WANT_LIB_EXT1__ is
- * enabled. */
-// # 66 "/Library/Developer/CommandLineTools/usr/lib/clang/14.0.0/include/stddef.h" 3
-/* Always define wchar_t when modules are available. */
-// # 102 "/Library/Developer/CommandLineTools/usr/lib/clang/14.0.0/include/stddef.h" 3
-// # 1 "/Library/Developer/CommandLineTools/usr/lib/clang/14.0.0/include/__stddef_max_align_t.h" 1 3
-/*===---- __stddef_max_align_t.h - Definition of max_align_t for modules ---===
- *
- * Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
- * See https://llvm.org/LICENSE.txt for license information.
- * SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
- *
- *===-----------------------------------------------------------------------===
+/*
+ * _DARWIN_FEATURE_ONLY_VERS_1050 indicates that only those APIs updated
+ * in 10.5 exists; no pre-10.5 variants are available.
  */
 
 
 
 
+/*
+ * _DARWIN_FEATURE_ONLY_UNIX_CONFORMANCE indicates only UNIX conforming API
+ * are available (the legacy BSD APIs are not available)
+ */
 
 
 
-typedef long double max_align_t;
-// # 103 "/Library/Developer/CommandLineTools/usr/lib/clang/14.0.0/include/stddef.h" 2 3
-
-
-
-
-
-/* Some C libraries expect to see a wint_t here. Others (notably MinGW) will use
-__WINT_TYPE__ directly; accommodate both by requiring __need_wint_t */
-// # 34 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 2
 
 /*
- * If stdint.h cannot be located then:
- *   + If using GCC ensure the -nostdint options is *not* being used.
- *   + Ensure the project's include path includes the directory in which your
- *     compiler stores stdint.h.
- *   + Set any compiler options necessary for it to support C99, as technically
- *     stdint.h is only mandatory with C99 (FreeRTOS does not require C99 in any
- *     other way).
- *   + The FreeRTOS download includes a simple stdint.h definition that can be
- *     used in cases where none is provided by the compiler.  The files only
- *     contains the typedefs required to build FreeRTOS.  Read the instructions
- *     in FreeRTOS/source/stdint.readme for more information.
+ * _DARWIN_FEATURE_UNIX_CONFORMANCE indicates whether UNIX conformance is on,
+ * and specifies the conformance level (3 is SUSv3)
  */
 
 
-/* *INDENT-OFF* */
-
-
 
-/* *INDENT-ON* */
 
-/* Application specific configuration options. */
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/FreeRTOSConfig.h" 1
-/* This is a stub used for the VeriFast proof. */
 
 /*
- * FreeRTOS V202107.00
- * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy of
- * this software and associated documentation files (the "Software"), to deal in
- * the Software without restriction, including without limitation the rights to
- * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
- * the Software, and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
- * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
- * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
- * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
- * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- *
- * http://www.FreeRTOS.org
- * http://aws.amazon.com/freertos
+ * This macro casts away the qualifier from the variable
  *
- * 1 tab == 4 spaces!
+ * Note: use at your own risk, removing qualifiers can result in
+ * catastrophic run-time failures.
  */
 
 
 
 
-/*-----------------------------------------------------------
- * Application specific definitions.
- *
- * These definitions should be adjusted for your particular hardware and
- * application requirements.
- *
- * THESE PARAMETERS ARE DESCRIBED WITHIN THE 'CONFIGURATION' SECTION OF THE
- * FreeRTOS API DOCUMENTATION AVAILABLE ON THE FreeRTOS.org WEB SITE.
- *
- * See http://www.freertos.org/a00110.html
- *----------------------------------------------------------*/
-
-/* Scheduler Related */
-// # 57 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/FreeRTOSConfig.h"
-/* Synchronization Related */
-// # 69 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/FreeRTOSConfig.h"
-/* System */
-
-
-
-/* Memory allocation related definitions. */
-
-
-
-
-
-/* Hook function related definitions. */
-
-
+/*
+ * __XNU_PRIVATE_EXTERN is a linkage decoration indicating that a symbol can be
+ * used from other compilation units, but not other libraries or executables.
+ */
 
 
-/* Run time and task stats gathering related definitions. */
 
 
 
 
-/* Co-routine related definitions. */
 
+/*
+ * We intentionally define to nothing pointer attributes which do not have an
+ * impact on the ABI. __indexable and __bidi_indexable are not defined because
+ * of the ABI incompatibility that makes the diagnostic preferable.
+ */
 
 
-/* Software timer related definitions. */
 
 
 
 
 
-/* Interrupt nesting behaviour configuration. */
 /*
-// #define configKERNEL_INTERRUPT_PRIORITY         [dependent of processor]
-// #define configMAX_SYSCALL_INTERRUPT_PRIORITY    [dependent on processor and application]
-// #define configMAX_API_CALL_INTERRUPT_PRIORITY   [dependent on processor and application]
-*/
-
-/* SMP port only */
-
+ * Similarly, we intentionally define to nothing the
+ * __ptrcheck_abi_assume_single and __ptrcheck_abi_assume_unsafe_indexable
+ * macros because they do not lead to an ABI incompatibility. However, we do not
+ * define the indexable and unsafe_indexable ones because the diagnostic is
+ * better than the silent ABI break.
+ */
 
 
 
-/* RP2040 specific */
+/* __unsafe_forge intrinsics are defined as regular C casts. */
 
 
 
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/assert.h" 1 3 4
-/*-
- * Copyright (c) 1992, 1993
- *	The Regents of the University of California.  All rights reserved.
- * (c) UNIX System Laboratories, Inc.
- * All or some portions of this file are derived from material licensed
- * to the University of California by American Telephone and Telegraph
- * Co. or Unix System Laboratories, Inc. and are reproduced herein with
- * the permission of UNIX System Laboratories, Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+/* decay operates normally; attribute is meaningless without pointer checks. */
+// # 831 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+/*
+ * Architecture validation for current SDK
+ */
+// # 843 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+/*
+ * Check if __probable and __improbable have already been defined elsewhere.
+ * These macros inform the compiler (and humans) about which branches are likely
+ * to be taken.
+ */
+// # 875 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+/*
+ * Similar to OS_ENUM/OS_CLOSED_ENUM/OS_OPTIONS/OS_CLOSED_OPTIONS
  *
- *	@(#)assert.h	8.2 (Berkeley) 1/21/94
- * $FreeBSD: src/include/assert.h,v 1.4 2002/03/23 17:24:53 imp Exp $
+ * This provides more advanced type checking on compilers supporting
+ * the proper extensions, even in C.
  */
-
-
+// # 43 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/assert.h" 2 3 4
 
 
 
@@ -5748,20 +1221,7 @@ typedef void (* TaskFunction_t)( void * );
 
 
 
-// # 1 "/Library/Developer/CommandLineTools/usr/lib/clang/14.0.0/include/stdbool.h" 1 3
-/*===---- stdbool.h - Standard header for booleans -------------------------===
- *
- * Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
- * See https://llvm.org/LICENSE.txt for license information.
- * SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
- *
- *===-----------------------------------------------------------------------===
- */
-
-
-
-
-/* Don't define bool, true, and false in C++, except as a GNU extension. */
+// # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdbool.h" 1
 // # 11 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico/assert.h" 2
 
 
@@ -5833,17 +1293,9 @@ void __assert_rtn(const char *, const char *, int, const char *) __attribute__((
 // # 13 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico/types.h" 2
 
 
+// # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdbool.h" 1
+// # 16 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico/types.h" 2
 
-// # 1 "/Library/Developer/CommandLineTools/usr/lib/clang/14.0.0/include/stddef.h" 1 3
-/*===---- stddef.h - Basic type definitions --------------------------------===
- *
- * Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
- * See https://llvm.org/LICENSE.txt for license information.
- * SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
- *
- *===-----------------------------------------------------------------------===
- */
-// # 17 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico/types.h" 2
 
 typedef unsigned int uint;
 
@@ -5890,7 +1342,7 @@ static inline void update_us_since_boot(absolute_time_t *t, uint64_t us_since_bo
 
 
 
-    (__builtin_expect(!(us_since_boot <= 9223372036854775807LL), 0) ? __assert_rtn ((const char *)-1L, "types.h", 63, "us_since_boot <= INT64_MAX") : (void)0);
+    (__builtin_expect(!(us_since_boot <= 9223372036854775807), 0) ? __assert_rtn ((const char *)-1L, "types.h", 63, "us_since_boot <= INT64_MAX") : (void)0);
     t->_private_us_since_boot = us_since_boot;
 
 }
@@ -6069,7 +1521,7 @@ typedef struct {
 
 
 
-        extern _Bool xPortLockInternalSpinUnlockWithBestEffortWaitOrTimeout( struct lock_core *pxLock, uint32_t ulSave, absolute_time_t uxUntil);
+        extern bool xPortLockInternalSpinUnlockWithBestEffortWaitOrTimeout( struct lock_core *pxLock, uint32_t ulSave, absolute_time_t uxUntil);
 
 
 
@@ -8126,7 +3578,7 @@ void __attribute__((noreturn)) panic(const char *fmt, ...);
 
 
 
-_Bool running_on_fpga(void);
+bool running_on_fpga(void);
 
 
 /*! \brief Returns the RP2040 chip revision number
@@ -8700,7 +4152,7 @@ inline __always_inline static uint32_t spin_lock_blocking(spin_lock_t *lock) {
  *
  * \param lock Spinlock instance
  */
-inline static _Bool is_spin_locked(spin_lock_t *lock) {
+inline static bool is_spin_locked(spin_lock_t *lock) {
     _Static_assert(sizeof(spin_lock_t) == (4), "hw size mismatch");
     uint lock_num = spin_lock_get_num(lock);
     return 0 != (*(io_ro_32 *) (0xd0000000u + 0x0000005cu) & (1u << lock_num));
@@ -8791,7 +4243,7 @@ void spin_lock_unclaim(uint lock_num);
  * \param required if true the function will panic if none are available
  * \return the spin lock number or -1 if required was false, and none were free
  */
-int spin_lock_claim_unused(_Bool required);
+int spin_lock_claim_unused(bool required);
 
 /*! \brief Determine if a spin lock is claimed
  *  \ingroup hardware_sync
@@ -8801,7 +4253,7 @@ int spin_lock_claim_unused(_Bool required);
  * \see spin_lock_claim
  * \see spin_lock_claim_mask
  */
-_Bool spin_lock_is_claimed(uint lock_num);
+bool spin_lock_is_claimed(uint lock_num);
 // # 39 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 2
 
 /*-----------------------------------------------------------
@@ -9573,7 +5025,7 @@ typedef StaticStreamBuffer_t StaticMessageBuffer_t;
 
 
 /* *INDENT-ON* */
-// # 43 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 46 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
@@ -13023,7 +8475,7 @@ void vTaskYieldWithinAPI( void );
 
 
 /* *INDENT-ON* */
-// # 44 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 47 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
@@ -14342,7 +9794,7 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
 
 
 /* *INDENT-ON* */
-// # 45 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 48 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
@@ -14403,7 +9855,7 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
 /*-----------------------------------------------------------*/
 
 /* Remove stack overflow macro if not being used. */
-// # 46 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 49 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
 /* Lint e9021, e961 and e750 are suppressed as a MISRA exception justified
  * because the MPU ports require MPU_WRAPPERS_INCLUDED_FROM_API_FILE to be defined
@@ -14413,7 +9865,7 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
 
 /* Set configUSE_STATS_FORMATTING_FUNCTIONS to 2 to include the stats formatting
  * functions but without including stdio.h here. */
-// # 73 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 76 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /* Values that can be assigned to the ucNotifyState member of the TCB. */
 
 
@@ -14470,18 +9922,18 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
 
 /* uxTopReadyPriority holds the priority of the highest priority ready
  * state task. */
-// # 137 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 140 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /*-----------------------------------------------------------*/
 
 /* Define away taskRESET_READY_PRIORITY() and portRESET_READY_PRIORITY() as
  * they are only required when a port optimised method of task selection is
  * being used. */
-// # 171 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 174 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 /* pxDelayedTaskList and pxOverflowDelayedTaskList are switched when the tick
  * count overflows. */
-// # 189 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 192 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 /*
@@ -14536,7 +9988,7 @@ typedef BaseType_t TaskRunning_t;
 typedef struct tskTaskControlBlock /* The old naming convention is used to prevent breaking kernel aware debuggers. */
 {
     volatile StackType_t * pxTopOfStack; /*< Points to the location of the last item placed on the tasks stack.  THIS MUST BE THE FIRST MEMBER OF THE TCB STRUCT. */
-// # 252 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 255 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     ListItem_t xStateListItem; /*< The list that the state list item of a task is reference from denotes the state of that task (Ready, Blocked, Suspended ). */
     ListItem_t xEventListItem; /*< Used to reference a task from an event list. */
     UBaseType_t uxPriority; /*< The priority of the task.  0 is the lowest priority. */
@@ -14544,7 +9996,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve
     volatile TaskRunning_t xTaskRunState; /*< Used to identify the core the task is running on, if any. */
     BaseType_t xIsIdle; /*< Used to identify the idle tasks. */
     char pcTaskName[ 16 ]; /*< Descriptive name given to the task when created.  Facilitates debugging only. */ /*lint !e971 Unqualified char types are allowed for strings and single characters only. */
-// # 269 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 272 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         UBaseType_t uxCriticalNesting; /*< Holds the critical section nesting depth for ports that do not maintain their own count in the port layer. */
 
 
@@ -14564,7 +10016,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve
 
 
         void * pvThreadLocalStoragePointers[ 5 ];
-// # 309 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 312 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         volatile uint32_t ulNotifiedValue[ 1 ];
         volatile uint8_t ucNotifyState[ 1 ];
 
@@ -14590,7 +10042,7 @@ typedef tskTCB TCB_t;
 
 /*lint -save -e956 A manual analysis and inspection has been used to determine
  * which static variables must be declared volatile. */
-                TCB_t * volatile pxCurrentTCBs[ 1 ] = { ((void*)0) };
+                TCB_t * volatile pxCurrentTCBs[ 1 ] = { 0 };
 
 
 /* Lists for ready and blocked tasks. --------------------
@@ -14633,7 +10085,7 @@ typedef tskTCB TCB_t;
                 static volatile BaseType_t xNumOfOverflows = ( BaseType_t ) 0;
                 static UBaseType_t uxTaskNumber = ( UBaseType_t ) 0U;
                 static volatile TickType_t xNextTaskUnblockTime = ( TickType_t ) 0U; /* Initialised to portMAX_DELAY before the scheduler starts. */
-                static TaskHandle_t xIdleTaskHandle[ 1 ] = { ((void*)0) }; /*< Holds the handle of the idle task.  The idle task is created automatically when the scheduler is started. */
+                static TaskHandle_t xIdleTaskHandle[ 1 ] = { 0 }; /*< Holds the handle of the idle task.  The idle task is created automatically when the scheduler is started. */
 
 
 
@@ -14655,7 +10107,7 @@ const volatile UBaseType_t uxTopUsedPriority = 32 - 1U;
  * must not be done by an ISR. Reads must be protected by either lock and may be done by
  * either an ISR or a task. */
                 static volatile UBaseType_t uxSchedulerSuspended = ( UBaseType_t ) ( ( BaseType_t ) 0 );
-// # 409 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 412 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*lint -restore */
 
 /*-----------------------------------------------------------*/
@@ -14808,7 +10260,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
  * will exit the Blocked state.
  */
 static void prvResetNextTaskUnblockTime( void ) ;
-// # 573 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 576 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * Called after a Task_t structure has been allocated either statically or
  * dynamically to fill in the structure's members.
@@ -14840,9 +10292,9 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) ;
 
 
 /*-----------------------------------------------------------*/
-// # 623 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 626 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 706 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 709 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvYieldCore( BaseType_t xCoreID )
@@ -14884,8 +10336,8 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
     /* THIS FUNCTION MUST BE CALLED FROM A CRITICAL SECTION */
 
-    (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 747, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
-// # 760 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+    (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 750, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+// # 763 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     xLowestPriority = ( BaseType_t ) pxTCB->uxPriority;
 
     if( xPreemptEqualPriority == ( ( BaseType_t ) 0 ) )
@@ -14924,7 +10376,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
             {
                                         ;
             }
-// # 814 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 817 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
         else
         {
@@ -14937,7 +10389,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
         prvYieldCore( xLowestPriorityCore );
         xYieldCount++;
     }
-// # 834 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 837 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 /*-----------------------------------------------------------*/
 
@@ -14948,10 +10400,10 @@ static void prvYieldForTask( TCB_t * pxTCB,
         UBaseType_t uxCurrentPriority = uxTopReadyPriority;
         BaseType_t xTaskScheduled = ( ( BaseType_t ) 0 );
         BaseType_t xDecrementTopPriority = ( ( BaseType_t ) 1 );
-// # 852 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 855 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         while( xTaskScheduled == ( ( BaseType_t ) 0 ) )
         {
-// # 866 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 869 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             if( ( ( ( &( pxReadyTasksLists[ uxCurrentPriority ] ) )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) == ( ( BaseType_t ) 0 ) )
             {
                 List_t * const pxReadyList = &( pxReadyTasksLists[ uxCurrentPriority ] );
@@ -14981,7 +10433,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     pxTCB = pxTaskItem->pvOwner;
 
                     /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */
-// # 911 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 914 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     if( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -1 ) )
                     {
 
@@ -15002,7 +10454,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     }
                     else if( pxTCB == pxCurrentTCBs[ xCoreID ] )
                     {
-                        (__builtin_expect(!(( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 931, "( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )") : (void)0);
+                        (__builtin_expect(!(( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 934, "( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )") : (void)0);
 
 
 
@@ -15046,21 +10498,21 @@ static void prvYieldForTask( TCB_t * pxTCB,
                 return ( ( BaseType_t ) 0 );
             }
 
-            (__builtin_expect(!(( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 975, "( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )") : (void)0);
+            (__builtin_expect(!(( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 978, "( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )") : (void)0);
             uxCurrentPriority--;
         }
 
-        (__builtin_expect(!(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 979, "( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )") : (void)0);
-// # 1055 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+        (__builtin_expect(!(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 982, "( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )") : (void)0);
+// # 1058 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         return ( ( BaseType_t ) 1 );
     }
-// # 1071 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1074 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1149 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1152 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1212 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1215 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1278 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1281 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -15071,7 +10523,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                             void * const pvParameters,
                             UBaseType_t uxPriority,
                             TaskHandle_t * const pxCreatedTask )
-// # 1301 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1304 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     {
         TCB_t * pxNewTCB;
         BaseType_t xReturn;
@@ -15079,19 +10531,19 @@ static void prvYieldForTask( TCB_t * pxTCB,
         /* If the stack grows down then allocate the stack then the TCB so the stack
          * does not grow into the TCB.  Likewise if the stack grows up then allocate
          * the TCB then the stack. */
-// # 1331 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1334 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 StackType_t * pxStack;
 
                 /* Allocate space for the stack used by the task being created. */
                 pxStack = pvPortMalloc( ( ( ( size_t ) usStackDepth ) * sizeof( StackType_t ) ) ); /*lint !e9079 All values returned by pvPortMalloc() have at least the alignment required by the MCU's stack and this allocation is the stack. */
 
-                if( pxStack != ((void*)0) )
+                if( pxStack != 0 )
                 {
                     /* Allocate space for the TCB. */
                     pxNewTCB = ( TCB_t * ) pvPortMalloc( sizeof( TCB_t ) ); /*lint !e9087 !e9079 All values returned by pvPortMalloc() have at least the alignment required by the MCU's stack, and the first member of TCB_t is always a pointer to the task's stack. */
 
-                    if( pxNewTCB != ((void*)0) )
+                    if( pxNewTCB != 0 )
                     {
                         /* Store the stack location in the TCB. */
                         pxNewTCB->pxStack = pxStack;
@@ -15105,16 +10557,16 @@ static void prvYieldForTask( TCB_t * pxTCB,
                 }
                 else
                 {
-                    pxNewTCB = ((void*)0);
+                    pxNewTCB = 0;
                 }
             }
 
 
-        if( pxNewTCB != ((void*)0) )
+        if( pxNewTCB != 0 )
         {
-// # 1371 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
-            prvInitialiseNewTask( pxTaskCode, pcName, ( uint32_t ) usStackDepth, pvParameters, uxPriority, pxCreatedTask, pxNewTCB, ((void*)0) );
-// # 1380 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1374 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+            prvInitialiseNewTask( pxTaskCode, pcName, ( uint32_t ) usStackDepth, pvParameters, uxPriority, pxCreatedTask, pxNewTCB, 0 );
+// # 1383 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvAddNewTaskToReadyList( pxNewTCB );
             xReturn = ( ( ( BaseType_t ) 1 ) );
         }
@@ -15140,12 +10592,12 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 {
     StackType_t * pxTopOfStack;
     UBaseType_t x;
-// # 1421 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1424 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Avoid dependency on memset() if it is not required. */
 
         {
             /* Fill the stack with a known value to assist debugging. */
-            ( void ) __builtin___memset_chk (pxNewTCB->pxStack, ( int ) ( 0xa5U ), ( size_t ) ulStackDepth * sizeof( StackType_t ), __builtin_object_size (pxNewTCB->pxStack, 0));
+            ( void ) memset( pxNewTCB->pxStack, ( int ) ( 0xa5U ), ( size_t ) ulStackDepth * sizeof( StackType_t ) );
         }
 
 
@@ -15159,12 +10611,12 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             pxTopOfStack = ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception.  Avoiding casts between pointers and integers is not practical.  Size differences accounted for using portPOINTER_SIZE_TYPE type.  Checked by assert(). */
 
             /* Check the alignment of the calculated top of stack is correct. */
-            (__builtin_expect(!(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1439, "( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )") : (void)0);
-// # 1448 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+            (__builtin_expect(!(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1442, "( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )") : (void)0);
+// # 1451 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
-// # 1462 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1465 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Store the task name in the TCB. */
-    if( pcName != ((void*)0) )
+    if( pcName != 0 )
     {
         for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) 16; x++ )
         {
@@ -15228,7 +10680,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         {
             pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U;
         }
-// # 1546 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1549 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* Avoid compiler warning about unreferenced parameter. */
             ( void ) xRegions;
@@ -15237,30 +10689,30 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 
 
         {
-            __builtin___memset_chk (( void * ) &( pxNewTCB->pvThreadLocalStoragePointers[ 0 ] ), 0x00, sizeof( pxNewTCB->pvThreadLocalStoragePointers ), __builtin_object_size (( void * ) &( pxNewTCB->pvThreadLocalStoragePointers[ 0 ] ), 0));
+            memset( ( void * ) &( pxNewTCB->pvThreadLocalStoragePointers[ 0 ] ), 0x00, sizeof( pxNewTCB->pvThreadLocalStoragePointers ) );
         }
 
 
 
         {
-            __builtin___memset_chk (( void * ) &( pxNewTCB->ulNotifiedValue[ 0 ] ), 0x00, sizeof( pxNewTCB->ulNotifiedValue ), __builtin_object_size (( void * ) &( pxNewTCB->ulNotifiedValue[ 0 ] ), 0));
-            __builtin___memset_chk (( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ), __builtin_object_size (( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0));
+            memset( ( void * ) &( pxNewTCB->ulNotifiedValue[ 0 ] ), 0x00, sizeof( pxNewTCB->ulNotifiedValue ) );
+            memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) );
         }
-// # 1575 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1578 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             pxNewTCB->ucDelayAborted = ( ( BaseType_t ) 0 );
         }
-// # 1593 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1596 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Initialize the TCB stack to look as if the task was already running,
      * but had been interrupted by the scheduler.  The return address is set
      * to the start of the task function. Once the stack has been initialised
      * the top of stack variable is updated. */
-// # 1621 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1624 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* If the port has capability to detect stack overflow,
              * pass the stack end address to the stack initialization
              * function as well. */
-// # 1638 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1641 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                 {
                     pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters );
                 }
@@ -15288,7 +10740,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         pxNewTCB->xIsIdle = ( ( BaseType_t ) 0 );
     }
 
-    if( pxCreatedTask != ((void*)0) )
+    if( pxCreatedTask != 0 )
     {
         /* Pass the handle out in an anonymous way.  The handle can be used to
          * change the created task's priority, delete the created task, etc.*/
@@ -15330,7 +10782,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                 /* Check if a core is free. */
                 for( xCoreID = ( UBaseType_t ) 0; xCoreID < ( UBaseType_t ) 1; xCoreID++ )
                 {
-                    if( pxCurrentTCBs[ xCoreID ] == ((void*)0) )
+                    if( pxCurrentTCBs[ xCoreID ] == 0 )
                     {
                         pxNewTCB->xTaskRunState = xCoreID;
                         pxCurrentTCBs[ xCoreID ] = pxNewTCB;
@@ -15387,7 +10839,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         {
             /* If null is passed in here then it is the calling task that is
              * being deleted. */
-            pxTCB = ( ( ( xTaskToDelete ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTaskToDelete ) );
+            pxTCB = ( ( ( xTaskToDelete ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToDelete ) );
 
             xTaskRunningOnCore = pxTCB->xTaskRunState;
 
@@ -15402,7 +10854,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
             }
 
             /* Is the task waiting on an event also? */
-            if( ( ( &( pxTCB->xEventListItem ) )->pxContainer ) != ((void*)0) )
+            if( ( ( &( pxTCB->xEventListItem ) )->pxContainer ) != 0 )
             {
                 ( void ) uxListRemove( &( pxTCB->xEventListItem ) );
             }
@@ -15465,7 +10917,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
                 if( xTaskRunningOnCore == xCoreID )
                 {
-                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1842, "uxSchedulerSuspended == 0") : (void)0);
+                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1845, "uxSchedulerSuspended == 0") : (void)0);
                     vTaskYieldWithinAPI();
                 }
                 else
@@ -15488,12 +10940,12 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         TickType_t xTimeToWake;
         BaseType_t xAlreadyYielded, xShouldDelay = ( ( BaseType_t ) 0 );
 
-        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1865, "pxPreviousWakeTime") : (void)0);
-        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1866, "( xTimeIncrement > 0U )") : (void)0);
+        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1868, "pxPreviousWakeTime") : (void)0);
+        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1869, "( xTimeIncrement > 0U )") : (void)0);
 
         vTaskSuspendAll();
         {
-            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1870, "uxSchedulerSuspended == 1") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1873, "uxSchedulerSuspended == 1") : (void)0);
 
             /* Minor optimisation.  The tick count cannot change in this
              * block. */
@@ -15579,7 +11031,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         {
             vTaskSuspendAll();
             {
-                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1956, "uxSchedulerSuspended == 1") : (void)0);
+                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1959, "uxSchedulerSuspended == 1") : (void)0);
                                  ;
 
                 /* A task that is removed from the event list while the
@@ -15621,7 +11073,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         List_t const * pxStateList, * pxDelayedList, * pxOverflowedDelayedList;
         const TCB_t * const pxTCB = xTask;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1998, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2001, "pxTCB") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -15644,7 +11096,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                 /* The task being queried is referenced from the suspended
                  * list.  Is it genuinely suspended or is it blocked
                  * indefinitely? */
-                if( ( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0) )
+                if( ( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0 )
                 {
 
                         {
@@ -15680,7 +11132,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
 
-            else if( ( pxStateList == &xTasksWaitingTermination ) || ( pxStateList == ((void*)0) ) )
+            else if( ( pxStateList == &xTasksWaitingTermination ) || ( pxStateList == 0 ) )
             {
                 /* The task being queried is referenced from the deleted
                  * tasks list, or it is not referenced from any lists at
@@ -15721,7 +11173,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         {
             /* If null is passed in here then it is the priority of the task
              * that called uxTaskPriorityGet() that is being queried. */
-            pxTCB = ( ( ( xTask ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTask ) );
+            pxTCB = ( ( ( xTask ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTask ) );
             uxReturn = pxTCB->uxPriority;
         }
         vTaskExitCritical();
@@ -15761,7 +11213,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         {
             /* If null is passed in here then it is the priority of the calling
              * task that is being queried. */
-            pxTCB = ( ( ( xTask ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTask ) );
+            pxTCB = ( ( ( xTask ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTask ) );
             uxReturn = pxTCB->uxPriority;
         }
         do { vTaskExitCritical(); __asm volatile ("msr PRIMASK,%0"::"r" (uxSavedInterruptState) : ); } while (0);
@@ -15783,7 +11235,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         BaseType_t xYieldForTask = ( ( BaseType_t ) 0 );
         BaseType_t xCoreID;
 
-        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2160, "( uxNewPriority < 32 )") : (void)0);
+        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2163, "( uxNewPriority < 32 )") : (void)0);
 
         /* Ensure the new priority is valid. */
         if( uxNewPriority >= ( UBaseType_t ) 32 )
@@ -15799,7 +11251,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         {
             /* If null is passed in here then it is the priority of the calling
              * task that is being changed. */
-            pxTCB = ( ( ( xTask ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTask ) );
+            pxTCB = ( ( ( xTask ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTask ) );
 
                                                           ;
 
@@ -15937,13 +11389,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
 /*-----------------------------------------------------------*/
-// # 2348 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2351 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2371 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2374 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2389 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2392 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2417 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2420 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -15957,7 +11409,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         {
             /* If null is passed in here then it is the running task that is
              * being suspended. */
-            pxTCB = ( ( ( xTaskToSuspend ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSuspend ) );
+            pxTCB = ( ( ( xTaskToSuspend ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSuspend ) );
 
                                       ;
 
@@ -15975,7 +11427,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
             }
 
             /* Is the task waiting on an event also? */
-            if( ( ( &( pxTCB->xEventListItem ) )->pxContainer ) != ((void*)0) )
+            if( ( ( &( pxTCB->xEventListItem ) )->pxContainer ) != 0 )
             {
                 ( void ) uxListRemove( &( pxTCB->xEventListItem ) );
             }
@@ -16020,7 +11472,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                     if( xTaskRunningOnCore == 0 )
                     {
                         /* The current task has just been suspended. */
-                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2493, "uxSchedulerSuspended == 0") : (void)0);
+                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2496, "uxSchedulerSuspended == 0") : (void)0);
                         vTaskYieldWithinAPI();
                     }
                     else
@@ -16034,7 +11486,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                 {
                     vTaskExitCritical();
 
-                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2507, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
+                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2510, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
 
                     /* The scheduler is not running, but the task that was pointed
                      * to by pxCurrentTCB has just been suspended and pxCurrentTCB
@@ -16046,7 +11498,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                          * be able to be set to point to it no matter what its relative
                          * priority is. */
                         pxTCB->xTaskRunState = ( TaskRunning_t ) ( -1 );
-                        pxCurrentTCBs[ xTaskRunningOnCore ] = ((void*)0);
+                        pxCurrentTCBs[ xTaskRunningOnCore ] = 0;
                     }
                     else
                     {
@@ -16056,7 +11508,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                         if( prvSelectHighestPriorityTask( xTaskRunningOnCore ) == ( ( BaseType_t ) 0 ) )
                         {
                             pxTCB->xTaskRunState = ( TaskRunning_t ) ( -1 );
-                            pxCurrentTCBs[ xTaskRunningOnCore ] = ((void*)0);
+                            pxCurrentTCBs[ xTaskRunningOnCore ] = 0;
                         }
                     }
                 }
@@ -16081,7 +11533,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         /* Accesses xPendingReadyList so must be called from a critical section. */
 
         /* It does not make sense to check if the calling task is suspended. */
-        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2554, "xTask") : (void)0);
+        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2557, "xTask") : (void)0);
 
         /* Is the task being resumed actually in the suspended list? */
         if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &xSuspendedTaskList ) ) ? ( ( ( BaseType_t ) 1 ) ) : ( ( ( BaseType_t ) 0 ) ) ) != ( ( BaseType_t ) 0 ) )
@@ -16091,7 +11543,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
             {
                 /* Is it in the suspended list because it is in the Suspended
                  * state, or because is is blocked with no timeout? */
-                if( ( ( ( &( pxTCB->xEventListItem ) )->pxContainer == ( ((void*)0) ) ) ? ( ( ( BaseType_t ) 1 ) ) : ( ( ( BaseType_t ) 0 ) ) ) != ( ( BaseType_t ) 0 ) ) /*lint !e961.  The cast is only redundant when NULL is used. */
+                if( ( ( ( &( pxTCB->xEventListItem ) )->pxContainer == ( 0 ) ) ? ( ( ( BaseType_t ) 1 ) ) : ( ( ( BaseType_t ) 0 ) ) ) != ( ( BaseType_t ) 0 ) ) /*lint !e961.  The cast is only redundant when NULL is used. */
                 {
                     xReturn = ( ( BaseType_t ) 1 );
                 }
@@ -16123,14 +11575,14 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         TCB_t * const pxTCB = xTaskToResume;
 
         /* It does not make sense to resume the calling task. */
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2596, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2599, "xTaskToResume") : (void)0);
 
         /* The parameter cannot be NULL as it is impossible to resume the
          * currently executing task. It is also impossible to resume a task
          * that is actively running on another core but it is too dangerous
          * to check their run state here. Safer to get into a critical section
          * and check if it is actually suspended or not below. */
-        if( pxTCB != ((void*)0) )
+        if( pxTCB != 0 )
         {
             vTaskEnterCritical();
             {
@@ -16175,7 +11627,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         TCB_t * const pxTCB = xTaskToResume;
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2648, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2651, "xTaskToResume") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -16296,7 +11748,7 @@ static BaseType_t prvCreateIdleTasks( void )
         {
                                     ;
         }
-// # 2816 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2819 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 if( xCoreID == 0 )
                 {
@@ -16304,11 +11756,11 @@ static BaseType_t prvCreateIdleTasks( void )
                     xReturn = xTaskCreate( prvIdleTask,
                                            cIdleName,
                                            ( uint32_t ) 256,
-                                           ( void * ) ((void*)0),
+                                           ( void * ) 0,
                                            ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */
                                            &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */
                 }
-// # 2839 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2842 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             }
 
     }
@@ -16345,7 +11797,7 @@ void vTaskStartScheduler( void )
          * so interrupts will automatically get re-enabled when the first task
          * starts to run. */
         ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;});
-// # 2889 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2892 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL;
         xSchedulerRunning = ( ( BaseType_t ) 1 );
         xTickCount = ( TickType_t ) 0;
@@ -16377,7 +11829,7 @@ void vTaskStartScheduler( void )
         /* This line will only be reached if the kernel could not be started,
          * because there was not enough FreeRTOS heap to create the idle task
          * or the timer task. */
-        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2920, "xReturn != ( -1 )") : (void)0);
+        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2923, "xReturn != ( -1 )") : (void)0);
     }
 
     /* Prevent compiler warnings if INCLUDE_xTaskGetIdleTaskHandle is set to 0,
@@ -16442,12 +11894,12 @@ void vTaskSuspendAll( void )
     }
 }
 /*----------------------------------------------------------*/
-// # 3047 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3050 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskResumeAll( void )
 {
-    TCB_t * pxTCB = ((void*)0);
+    TCB_t * pxTCB = 0;
     BaseType_t xAlreadyYielded = ( ( BaseType_t ) 0 );
 
     if( xSchedulerRunning != ( ( BaseType_t ) 0 ) )
@@ -16465,7 +11917,7 @@ BaseType_t xTaskResumeAll( void )
 
             /* If uxSchedulerSuspended is zero then this function does not match a
              * previous call to vTaskSuspendAll(). */
-            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3069, "uxSchedulerSuspended") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3072, "uxSchedulerSuspended") : (void)0);
 
             --uxSchedulerSuspended;
             vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 0 ));
@@ -16488,7 +11940,7 @@ BaseType_t xTaskResumeAll( void )
                          * which sets xYieldPendings for the current core to pdTRUE. */
                     }
 
-                    if( pxTCB != ((void*)0) )
+                    if( pxTCB != 0 )
                     {
                         /* A task was unblocked while the scheduler was suspended,
                          * which may have prevented the next unblock time from being
@@ -16622,8 +12074,8 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
 
     /* If null is passed in here then the name of the calling task is being
      * queried. */
-    pxTCB = ( ( ( xTaskToQuery ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTaskToQuery ) );
-    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3227, "pxTCB") : (void)0);
+    pxTCB = ( ( ( xTaskToQuery ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToQuery ) );
+    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3230, "pxTCB") : (void)0);
     return &( pxTCB->pcTaskName[ 0 ] );
 }
 /*-----------------------------------------------------------*/
@@ -16633,7 +12085,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     static TCB_t * prvSearchForNameWithinSingleList( List_t * pxList,
                                                      const char pcNameToQuery[] )
     {
-        TCB_t * pxNextTCB, * pxFirstTCB, * pxReturn = ((void*)0);
+        TCB_t * pxNextTCB, * pxFirstTCB, * pxReturn = 0;
         UBaseType_t x;
         char cNextChar;
         BaseType_t xBreakLoop;
@@ -16679,7 +12131,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                     }
                 }
 
-                if( pxReturn != ((void*)0) )
+                if( pxReturn != 0 )
                 {
                     /* The handle has been found. */
                     break;
@@ -16705,7 +12157,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
         TCB_t * pxTCB;
 
         /* Task names will be truncated to configMAX_TASK_NAME_LEN - 1 bytes. */
-        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3309, "strlen( pcNameToQuery ) < 16") : (void)0);
+        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3312, "strlen( pcNameToQuery ) < 16") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -16715,7 +12167,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                 uxQueue--;
                 pxTCB = prvSearchForNameWithinSingleList( ( List_t * ) &( pxReadyTasksLists[ uxQueue ] ), pcNameToQuery );
 
-                if( pxTCB != ((void*)0) )
+                if( pxTCB != 0 )
                 {
                     /* Found the handle. */
                     break;
@@ -16723,19 +12175,19 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
             } while( uxQueue > ( UBaseType_t ) ( ( UBaseType_t ) 0U ) ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */
 
             /* Search the delayed lists. */
-            if( pxTCB == ((void*)0) )
+            if( pxTCB == 0 )
             {
                 pxTCB = prvSearchForNameWithinSingleList( ( List_t * ) pxDelayedTaskList, pcNameToQuery );
             }
 
-            if( pxTCB == ((void*)0) )
+            if( pxTCB == 0 )
             {
                 pxTCB = prvSearchForNameWithinSingleList( ( List_t * ) pxOverflowDelayedTaskList, pcNameToQuery );
             }
 
 
                 {
-                    if( pxTCB == ((void*)0) )
+                    if( pxTCB == 0 )
                     {
                         /* Search the suspended list. */
                         pxTCB = prvSearchForNameWithinSingleList( &xSuspendedTaskList, pcNameToQuery );
@@ -16745,7 +12197,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
 
 
                 {
-                    if( pxTCB == ((void*)0) )
+                    if( pxTCB == 0 )
                     {
                         /* Search the deleted list. */
                         pxTCB = prvSearchForNameWithinSingleList( &xTasksWaitingTermination, pcNameToQuery );
@@ -16801,9 +12253,9 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                          * each task in the Suspended state. */
                         uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended );
                     }
-// # 3419 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3422 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
-                        if( pulTotalRunTime != ((void*)0) )
+                        if( pulTotalRunTime != 0 )
                         {
                             *pulTotalRunTime = 0;
                         }
@@ -16829,7 +12281,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     {
         /* If xTaskGetIdleTaskHandle() is called before the scheduler has been
          * started, then xIdleTaskHandle will be NULL. */
-        (__builtin_expect(!(( xIdleTaskHandle != ((void*)0) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3446, "( xIdleTaskHandle != ((void*)0) )") : (void)0);
+        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3449, "( xIdleTaskHandle != 0 )") : (void)0);
         return &( xIdleTaskHandle[ 0 ] );
     }
 
@@ -16840,7 +12292,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
  * This is to ensure vTaskStepTick() is available when user defined low power mode
  * implementations require configUSE_TICKLESS_IDLE to be set to a value other than
  * 1. */
-// # 3470 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3473 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
@@ -16849,7 +12301,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
 
     /* Must not be called with the scheduler suspended as the implementation
      * relies on xPendedTicks being wound down to 0 in xTaskResumeAll(). */
-    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3478, "uxSchedulerSuspended == 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3481, "uxSchedulerSuspended == 0") : (void)0);
 
     /* Use xPendedTicks to mimic xTicksToCatchUp number of ticks occurring when
      * the scheduler is suspended so the ticks are executed in xTaskResumeAll(). */
@@ -16868,7 +12320,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
         TCB_t * pxTCB = xTask;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3497, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3500, "pxTCB") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -16889,7 +12341,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
                  * is used. */
                 vTaskEnterCritical();
                 {
-                    if( ( ( &( pxTCB->xEventListItem ) )->pxContainer ) != ((void*)0) )
+                    if( ( ( &( pxTCB->xEventListItem ) )->pxContainer ) != 0 )
                     {
                         ( void ) uxListRemove( &( pxTCB->xEventListItem ) );
 
@@ -16967,7 +12419,7 @@ BaseType_t xTaskIncrementTick( void )
 
             if( xConstTickCount == ( TickType_t ) 0U ) /*lint !e774 'if' does not always evaluate to false as it is looking for an overflow. */
             {
-                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3596, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
+                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3599, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
             }
             else
             {
@@ -17021,7 +12473,7 @@ BaseType_t xTaskIncrementTick( void )
 
                         /* Is the task waiting on an event also?  If so remove
                          * it from the event list. */
-                        if( ( ( &( pxTCB->xEventListItem ) )->pxContainer ) != ((void*)0) )
+                        if( ( ( &( pxTCB->xEventListItem ) )->pxContainer ) != 0 )
                         {
                             ( void ) uxListRemove( &( pxTCB->xEventListItem ) );
                         }
@@ -17150,13 +12602,13 @@ BaseType_t xTaskIncrementTick( void )
     return xSwitchRequired;
 }
 /*-----------------------------------------------------------*/
-// # 3808 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3811 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3832 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3835 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3857 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3860 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3890 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3893 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 void vTaskSwitchContext( BaseType_t xCoreID )
@@ -17174,7 +12626,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
     {
         /* vTaskSwitchContext() must never be called from within a critical section.
          * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */
-        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3907, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
+        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3910, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
 
         if( uxSchedulerSuspended != ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
         {
@@ -17186,7 +12638,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
         {
             xYieldPendings[ xCoreID ] = ( ( BaseType_t ) 0 );
                                     ;
-// # 3948 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3951 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             /* Check for stack overflow, if configured. */
             { const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } };
 
@@ -17203,7 +12655,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
                                    ;
 
             /* After the new task is switched in, update the global errno. */
-// # 3982 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3985 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
     }
     vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 0 ));
@@ -17214,7 +12666,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
 void vTaskPlaceOnEventList( List_t * const pxEventList,
                             const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3992, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3995, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH EITHER INTERRUPTS DISABLED OR THE
      * SCHEDULER SUSPENDED AND THE QUEUE BEING ACCESSED LOCKED. */
@@ -17233,11 +12685,11 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                      const TickType_t xItemValue,
                                      const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4011, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4014, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event groups implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4015, "uxSchedulerSuspended != 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4018, "uxSchedulerSuspended != 0") : (void)0);
 
     /* Store the item value in the event list item.  It is safe to access the
      * event list item here as interrupts won't access the event list item of a
@@ -17261,7 +12713,7 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                           TickType_t xTicksToWait,
                                           const BaseType_t xWaitIndefinitely )
     {
-        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4039, "pxEventList") : (void)0);
+        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4042, "pxEventList") : (void)0);
 
         /* This function should not be called by application code hence the
          * 'Restricted' in its name.  It is not part of the public API.  It is
@@ -17309,14 +12761,14 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
      * This function assumes that a check has already been made to ensure that
      * pxEventList is not empty. */
     pxUnblockedTCB = ( ( &( ( pxEventList )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4087, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4090, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( &( pxUnblockedTCB->xEventListItem ) );
 
     if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
     {
         ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) );
         ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ;
-// # 4108 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4111 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
     else
     {
@@ -17346,7 +12798,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event flags implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4137, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4140, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
 
     /* Store the new item value in the event list. */
     ( ( pxEventListItem )->xItemValue = ( xItemValue | 0x80000000UL ) );
@@ -17354,9 +12806,9 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
     /* Remove the event list form the event flag.  Interrupts do not access
      * event flags. */
     pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4145, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4148, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( pxEventListItem );
-// # 4162 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4165 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Remove the task from the delayed list and add it to the ready list.  The
      * scheduler is suspended so interrupts will not be accessing the ready
      * lists. */
@@ -17375,7 +12827,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
 void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut )
 {
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4180, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4183, "pxTimeOut") : (void)0);
     vTaskEnterCritical();
     {
         pxTimeOut->xOverflowCount = xNumOfOverflows;
@@ -17398,8 +12850,8 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
 {
     BaseType_t xReturn;
 
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4203, "pxTimeOut") : (void)0);
-    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4204, "pxTicksToWait") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4206, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4207, "pxTicksToWait") : (void)0);
 
     vTaskEnterCritical();
     {
@@ -17472,7 +12924,7 @@ void vTaskMissedYield( void )
         UBaseType_t uxReturn;
         TCB_t const * pxTCB;
 
-        if( xTask != ((void*)0) )
+        if( xTask != 0 )
         {
             pxTCB = xTask;
             uxReturn = pxTCB->uxTaskNumber;
@@ -17495,7 +12947,7 @@ void vTaskMissedYield( void )
     {
         TCB_t * pxTCB;
 
-        if( xTask != ((void*)0) )
+        if( xTask != 0 )
         {
             pxTCB = xTask;
             pxTCB->uxTaskNumber = uxHandle;
@@ -17514,7 +12966,7 @@ void vTaskMissedYield( void )
  *
  * @todo additional conditional compiles to remove this function.
  */
-// # 4379 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4382 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * -----------------------------------------------------------
  * The Idle task.
@@ -17544,7 +12996,7 @@ static void prvIdleTask( void * pvParameters )
         /* See if any tasks have deleted themselves - if so then the idle task
          * is responsible for freeing the deleted task's TCB and stack. */
         prvCheckTasksWaitingTermination();
-// # 4420 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4423 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 /* When using preemption tasks of equal priority will be
                  * timesliced.  If a task that is sharing the idle priority is ready
@@ -17565,16 +13017,16 @@ static void prvIdleTask( void * pvParameters )
                                             ;
                 }
             }
-// # 4456 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4459 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         /* This conditional compilation should use inequality to 0, not equality
          * to 1.  This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when
          * user defined low power mode  implementations require
          * configUSE_TICKLESS_IDLE to be set to a value other than 1. */
-// # 4521 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4524 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 }
 /*-----------------------------------------------------------*/
-// # 4571 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4574 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -17587,8 +13039,8 @@ static void prvIdleTask( void * pvParameters )
 
         if( xIndex < 5 )
         {
-            pxTCB = ( ( ( xTaskToSet ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSet ) );
-            (__builtin_expect(!(pxTCB != ((void*)0)), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4584, "pxTCB != ((void*)0)") : (void)0);
+            pxTCB = ( ( ( xTaskToSet ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSet ) );
+            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4587, "pxTCB != 0") : (void)0);
             pxTCB->pvThreadLocalStoragePointers[ xIndex ] = pvValue;
         }
     }
@@ -17601,17 +13053,17 @@ static void prvIdleTask( void * pvParameters )
     void * pvTaskGetThreadLocalStoragePointer( TaskHandle_t xTaskToQuery,
                                                BaseType_t xIndex )
     {
-        void * pvReturn = ((void*)0);
+        void * pvReturn = 0;
         TCB_t * pxTCB;
 
         if( xIndex < 5 )
         {
-            pxTCB = ( ( ( xTaskToQuery ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTaskToQuery ) );
+            pxTCB = ( ( ( xTaskToQuery ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToQuery ) );
             pvReturn = pxTCB->pvThreadLocalStoragePointers[ xIndex ];
         }
         else
         {
-            pvReturn = ((void*)0);
+            pvReturn = 0;
         }
 
         return pvReturn;
@@ -17619,7 +13071,7 @@ static void prvIdleTask( void * pvParameters )
 
 
 /*-----------------------------------------------------------*/
-// # 4631 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4634 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvInitialiseTaskLists( void )
@@ -17709,7 +13161,7 @@ static void prvCheckTasksWaitingTermination( void )
         TCB_t * pxTCB;
 
         /* xTask is NULL then get the state of the calling task. */
-        pxTCB = ( ( ( xTask ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTask ) );
+        pxTCB = ( ( ( xTask ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTask ) );
 
         pxTaskStatus->xHandle = ( TaskHandle_t ) pxTCB;
         pxTaskStatus->pcTaskName = ( const char * ) &( pxTCB->pcTaskName[ 0 ] );
@@ -17721,7 +13173,7 @@ static void prvCheckTasksWaitingTermination( void )
             {
                 pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority;
             }
-// # 4743 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4746 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 pxTaskStatus->ulRunTimeCounter = 0;
             }
@@ -17749,7 +13201,7 @@ static void prvCheckTasksWaitingTermination( void )
                         {
                             vTaskSuspendAll();
                             {
-                                if( ( ( &( pxTCB->xEventListItem ) )->pxContainer ) != ((void*)0) )
+                                if( ( ( &( pxTCB->xEventListItem ) )->pxContainer ) != 0 )
                                 {
                                     pxTaskStatus->eCurrentState = eBlocked;
                                 }
@@ -17842,7 +13294,7 @@ static void prvCheckTasksWaitingTermination( void )
 
 
 /*-----------------------------------------------------------*/
-// # 4902 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4905 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -17853,7 +13305,7 @@ static void prvCheckTasksWaitingTermination( void )
         uint8_t * pucEndOfStack;
         UBaseType_t uxReturn;
 
-        pxTCB = ( ( ( xTask ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTask ) );
+        pxTCB = ( ( ( xTask ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTask ) );
 
 
             {
@@ -17899,7 +13351,7 @@ static void prvCheckTasksWaitingTermination( void )
                 vPortFree( pxTCB->pxStack );
                 vPortFree( pxTCB );
             }
-// # 4985 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4988 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 
 
@@ -17942,7 +13394,7 @@ static void prvResetNextTaskUnblockTime( void )
 
     TaskHandle_t xTaskGetCurrentTaskHandleCPU( UBaseType_t xCoreID )
     {
-        TaskHandle_t xReturn = ((void*)0);
+        TaskHandle_t xReturn = 0;
 
         if( ( ( BaseType_t ) ( ( 0 <= xCoreID ) && ( xCoreID < 1 ) ) ) != ( ( BaseType_t ) 0 ) )
         {
@@ -17997,7 +13449,7 @@ static void prvResetNextTaskUnblockTime( void )
         /* If the mutex was given back by an interrupt while the queue was
          * locked then the mutex holder might now be NULL.  _RB_ Is this still
          * needed as interrupts can no longer use mutexes? */
-        if( pxMutexHolder != ((void*)0) )
+        if( pxMutexHolder != 0 )
         {
             /* If the holder of the mutex has a priority below the priority of
              * the task attempting to obtain the mutex then it will temporarily
@@ -18084,14 +13536,14 @@ static void prvResetNextTaskUnblockTime( void )
         TCB_t * const pxTCB = pxMutexHolder;
         BaseType_t xReturn = ( ( BaseType_t ) 0 );
 
-        if( pxMutexHolder != ((void*)0) )
+        if( pxMutexHolder != 0 )
         {
             /* A task can only have an inherited priority if it holds the mutex.
              * If the mutex is held by a task then it cannot be given from an
              * interrupt, and if a mutex is given by the holding task then it must
              * be the running state task. */
-            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5175, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5176, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5178, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5179, "pxTCB->uxMutexesHeld") : (void)0);
             ( pxTCB->uxMutexesHeld )--;
 
             /* Has the holder of the mutex inherited the priority of another
@@ -18166,11 +13618,11 @@ static void prvResetNextTaskUnblockTime( void )
         UBaseType_t uxPriorityUsedOnEntry, uxPriorityToUse;
         const UBaseType_t uxOnlyOneMutexHeld = ( UBaseType_t ) 1;
 
-        if( pxMutexHolder != ((void*)0) )
+        if( pxMutexHolder != 0 )
         {
             /* If pxMutexHolder is not NULL then the holder must hold at least
              * one mutex. */
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5255, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5258, "pxTCB->uxMutexesHeld") : (void)0);
 
             /* Determine the priority to which the priority of the task that
              * holds the mutex should be set.  This will be the greater of the
@@ -18197,7 +13649,7 @@ static void prvResetNextTaskUnblockTime( void )
                     /* If a task has timed out because it already holds the
                      * mutex it was trying to obtain then it cannot of inherited
                      * its own priority. */
-                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5282, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
+                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5285, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
 
                     /* Disinherit the priority, remembering the previous
                      * priority to facilitate determining the subject task's
@@ -18328,7 +13780,7 @@ void vTaskYieldWithinAPI( void )
         {
             /* If pxCurrentTCB->uxCriticalNesting is zero then this function
              * does not match a previous call to vTaskEnterCritical(). */
-            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5413, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5416, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
 
             if( xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U )
             {
@@ -18378,11 +13830,11 @@ void vTaskYieldWithinAPI( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5489 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5492 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 5595 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5598 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
-// # 5722 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5725 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 TickType_t uxTaskResetEventItemValue( void )
@@ -18405,7 +13857,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         /* If xSemaphoreCreateMutex() is called before any tasks have been created
          * then pxCurrentTCB will be NULL. */
-        if( xTaskGetCurrentTaskHandle() != ((void*)0) )
+        if( xTaskGetCurrentTaskHandle() != 0 )
         {
             ( xTaskGetCurrentTaskHandle()->uxMutexesHeld )++;
         }
@@ -18424,7 +13876,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         uint32_t ulReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5763, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5766, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -18498,7 +13950,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5837, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5840, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -18540,7 +13992,7 @@ TickType_t uxTaskResetEventItemValue( void )
         {
                                                   ;
 
-            if( pulNotificationValue != ((void*)0) )
+            if( pulNotificationValue != 0 )
             {
                 /* Output the current notification value, which may or may not
                  * have changed. */
@@ -18586,13 +14038,13 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         uint8_t ucOriginalNotifyState;
 
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5925, "uxIndexToNotify < 1") : (void)0);
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5926, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5928, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5929, "xTaskToNotify") : (void)0);
         pxTCB = xTaskToNotify;
 
         vTaskEnterCritical();
         {
-            if( pulPreviousNotificationValue != ((void*)0) )
+            if( pulPreviousNotificationValue != 0 )
             {
                 *pulPreviousNotificationValue = pxTCB->ulNotifiedValue[ uxIndexToNotify ];
             }
@@ -18640,7 +14092,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5979, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5982, "xTickCount == ( TickType_t ) 0") : (void)0);
 
                     break;
             }
@@ -18655,8 +14107,8 @@ TickType_t uxTaskResetEventItemValue( void )
                 ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
 
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0)), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5994, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0)") : (void)0);
-// # 6013 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5997, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+// # 6016 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         prvYieldForTask( pxTCB, ( ( BaseType_t ) 0 ) );
                     }
@@ -18689,8 +14141,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6045, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6046, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6048, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6049, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -18714,7 +14166,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
         uxSavedInterruptStatus = ({ uint32_t ulStateISR = ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;}); vTaskEnterCritical(); ulStateISR; });
         {
-            if( pulPreviousNotificationValue != ((void*)0) )
+            if( pulPreviousNotificationValue != 0 )
             {
                 *pulPreviousNotificationValue = pxTCB->ulNotifiedValue[ uxIndexToNotify ];
             }
@@ -18761,7 +14213,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6117, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6120, "xTickCount == ( TickType_t ) 0") : (void)0);
                     break;
             }
 
@@ -18772,7 +14224,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0)), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6128, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0)") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6131, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -18791,7 +14243,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
                     if( xYieldPendings[ 0 ] == ( ( BaseType_t ) 1 ) )
                     {
-                        if( pxHigherPriorityTaskWoken != ((void*)0) )
+                        if( pxHigherPriorityTaskWoken != 0 )
                         {
                             *pxHigherPriorityTaskWoken = ( ( BaseType_t ) 1 );
                         }
@@ -18817,8 +14269,8 @@ TickType_t uxTaskResetEventItemValue( void )
         uint8_t ucOriginalNotifyState;
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6173, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6174, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6176, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6177, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -18856,7 +14308,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0)), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6212, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == ((void*)0)") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6215, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -18875,7 +14327,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
                     if( xYieldPendings[ 0 ] == ( ( BaseType_t ) 1 ) )
                     {
-                        if( pxHigherPriorityTaskWoken != ((void*)0) )
+                        if( pxHigherPriorityTaskWoken != 0 )
                         {
                             *pxHigherPriorityTaskWoken = ( ( BaseType_t ) 1 );
                         }
@@ -18897,11 +14349,11 @@ TickType_t uxTaskResetEventItemValue( void )
         TCB_t * pxTCB;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6253, "uxIndexToClear < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6256, "uxIndexToClear < 1") : (void)0);
 
         /* If null is passed in here then it is the calling task that is having
          * its notification state cleared. */
-        pxTCB = ( ( ( xTask ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTask ) );
+        pxTCB = ( ( ( xTask ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTask ) );
 
         vTaskEnterCritical();
         {
@@ -18934,7 +14386,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
         /* If null is passed in here then it is the calling task that is having
          * its notification state cleared. */
-        pxTCB = ( ( ( xTask ) == ((void*)0) ) ? xTaskGetCurrentTaskHandle() : ( xTask ) );
+        pxTCB = ( ( ( xTask ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTask ) );
 
         vTaskEnterCritical();
         {
@@ -18950,7 +14402,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
 
 /*-----------------------------------------------------------*/
-// # 6322 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6325 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
@@ -19026,7 +14478,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                 }
             }
         }
-// # 6434 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6437 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 
 /* Code below here allows additional code to be inserted into this source file,

From e9c9b27ddbb829abdc54b2e9e772cc37d1bb55af Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Fri, 21 Oct 2022 11:47:00 -0400
Subject: [PATCH 035/289] Added vscode settings directory to .gitignore.

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index 2b592bb3194..c8a67038e1f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -22,3 +22,4 @@ __pycache__/
 
 # Ignore OS bookkeeping files
 .DS_Store
+.vscode/settings.json

From 6af1321b4396e4ed23dee589b6df4a2de2c9982a Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Fri, 21 Oct 2022 12:27:58 -0400
Subject: [PATCH 036/289] VF rewrite: Delete attributes.

---
 .../custom_build_scripts_RP2040/vf_rewrite.sh |   6 +
 .../verifast/preprocessed_files/tasks--pp.c   | 283 +++++++++---------
 2 files changed, 140 insertions(+), 149 deletions(-)

diff --git a/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh b/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh
index b1bb6ee995c..2e163ab3e43 100755
--- a/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh
+++ b/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh
@@ -29,6 +29,12 @@ rewrite "long unsigned int" "unsigned long int"
 echo "Delete fixed-sized array typedefs"
 rewrite "typedef .*\[[0-9]*\];" ""
 
+echo "Delete attributes"
+#rewrite "\_\_attribute\_\_\(\(\_\_[a-z\_]*\_\_\)\)" ""
+rewrite "__attribute__(([_a-z]*))" ""
+# TODO: Why does matching `\s` or `:space:` not work on MacOs?
+rewrite "__attribute__( ( [_a-z]* ) )" ""
+
 #echo "VF RW: 'long unsigned int' -> 'unsinged long int'"
 #echo "backup : $VF_RW_WD/$SOURCE_FILE.backup-$BACKUP_IDX"
 #echo backup index $BACKUP_IDX
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index cba07171bf0..4d39f068eae 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -38,17 +38,8 @@
  * This file contains defines to configure the VeriFast proof setup.
  *
  */
-
-
-
-
-    // Prevent inclusion of MacOS system headers which VeriFast cannot parse:
-   // #define _SYS__PTHREAD_TYPES_H_
 // # 30 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
-int test_start = 0;
-//#include "_pthread_types.h"
-int test_end = 1;
 
 /* Standard includes. */
 // # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdlib.h" 1
@@ -152,7 +143,7 @@ long long llabs(long long x);
     //@ requires LLONG_MIN < x;
     //@ ensures result == abs(x);
     //@ terminates;
-// # 37 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 34 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/string.h" 1
 
 
@@ -221,7 +212,7 @@ void* memset(void *array, char value, size_t size);
 char *strdup(char *string);
     //@ requires [?f]string(string, ?cs);
     //@ ensures [f]string(string, cs) &*& result == 0 ? true : string(result, cs) &*& malloc_block_chars(result, length(cs) + 1);
-// # 38 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 35 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
 /* Defining MPU_WRAPPERS_INCLUDED_FROM_API_FILE prevents task.h from redefining
  * all the API functions to use the MPU wrappers.  That should only be done when
@@ -520,12 +511,6 @@ typedef unsigned __int128 uint128_t;
  * This file contains defines to configure the VeriFast proof setup.
  *
  */
-
-
-
-
-    // Prevent inclusion of MacOS system headers which VeriFast cannot parse:
-   // #define _SYS__PTHREAD_TYPES_H_
 // # 80 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 2 3 4
 // # 90 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /* This SDK is designed to work with clang and specific versions of
@@ -984,7 +969,7 @@ typedef unsigned __int128 uint128_t;
  * multiple times, with and without NDEBUG defined.
  */
 // # 82 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/assert.h" 3 4
-void __assert_rtn(const char *, const char *, int, const char *) __attribute__((__noreturn__)) __attribute__((__cold__)) __attribute__((__disable_tail_calls__));
+void __assert_rtn(const char *, const char *, int, const char *)   ;
 // # 92 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/assert.h" 3 4
 /* 8462256: modified __assert_rtn() replaces deprecated __eprintf() */
 // # 116 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/FreeRTOSConfig.h" 2
@@ -1282,7 +1267,7 @@ typedef void (* TaskFunction_t)( void * );
  * multiple times, with and without NDEBUG defined.
  */
 // # 82 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/assert.h" 3 4
-void __assert_rtn(const char *, const char *, int, const char *) __attribute__((__noreturn__)) __attribute__((__cold__)) __attribute__((__disable_tail_calls__));
+void __assert_rtn(const char *, const char *, int, const char *)   ;
 // # 92 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/assert.h" 3 4
 /* 8462256: modified __assert_rtn() replaces deprecated __eprintf() */
 // # 19 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico/assert.h" 2
@@ -3557,7 +3542,7 @@ inline __always_inline static void __compiler_memory_barrier(void) {
  *  \ingroup pico_platform
  *  \see panic
  */
-void __attribute__((noreturn)) panic_unsupported(void);
+void  panic_unsupported(void);
 
 /*! \brief Displays a panic message and halts execution
  *  \ingroup pico_platform
@@ -3568,7 +3553,7 @@ void __attribute__((noreturn)) panic_unsupported(void);
  * @param fmt format string (printf-like)
  * @param ...  printf-like arguments
  */
-void __attribute__((noreturn)) panic(const char *fmt, ...);
+void  panic(const char *fmt, ...);
 
 // PICO_CONFIG: PICO_NO_FPGA_CHECK, Remove the FPGA platform check for small code size reduction, type=bool, default=0, advanced=true, group=pico_runtime
 
@@ -5025,7 +5010,7 @@ typedef StaticStreamBuffer_t StaticMessageBuffer_t;
 
 
 /* *INDENT-ON* */
-// # 46 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 43 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
@@ -8361,7 +8346,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
  * Sets the pointer to the current TCB to the TCB of the highest priority task
  * that is ready to run.
  */
-__attribute__( ( used ) ) void vTaskSwitchContext( BaseType_t xCoreID ) ;
+ void vTaskSwitchContext( BaseType_t xCoreID ) ;
 
 /*
  * THESE FUNCTIONS MUST NOT BE USED FROM APPLICATION CODE.  THEY ARE USED BY
@@ -8475,7 +8460,7 @@ void vTaskYieldWithinAPI( void );
 
 
 /* *INDENT-ON* */
-// # 47 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 44 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
@@ -9794,7 +9779,7 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
 
 
 /* *INDENT-ON* */
-// # 48 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 45 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
@@ -9855,7 +9840,7 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
 /*-----------------------------------------------------------*/
 
 /* Remove stack overflow macro if not being used. */
-// # 49 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 46 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
 /* Lint e9021, e961 and e750 are suppressed as a MISRA exception justified
  * because the MPU ports require MPU_WRAPPERS_INCLUDED_FROM_API_FILE to be defined
@@ -9865,7 +9850,7 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
 
 /* Set configUSE_STATS_FORMATTING_FUNCTIONS to 2 to include the stats formatting
  * functions but without including stdio.h here. */
-// # 76 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 73 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /* Values that can be assigned to the ucNotifyState member of the TCB. */
 
 
@@ -9922,18 +9907,18 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
 
 /* uxTopReadyPriority holds the priority of the highest priority ready
  * state task. */
-// # 140 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 137 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /*-----------------------------------------------------------*/
 
 /* Define away taskRESET_READY_PRIORITY() and portRESET_READY_PRIORITY() as
  * they are only required when a port optimised method of task selection is
  * being used. */
-// # 174 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 171 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 /* pxDelayedTaskList and pxOverflowDelayedTaskList are switched when the tick
  * count overflows. */
-// # 192 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 189 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 /*
@@ -9988,7 +9973,7 @@ typedef BaseType_t TaskRunning_t;
 typedef struct tskTaskControlBlock /* The old naming convention is used to prevent breaking kernel aware debuggers. */
 {
     volatile StackType_t * pxTopOfStack; /*< Points to the location of the last item placed on the tasks stack.  THIS MUST BE THE FIRST MEMBER OF THE TCB STRUCT. */
-// # 255 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 252 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     ListItem_t xStateListItem; /*< The list that the state list item of a task is reference from denotes the state of that task (Ready, Blocked, Suspended ). */
     ListItem_t xEventListItem; /*< Used to reference a task from an event list. */
     UBaseType_t uxPriority; /*< The priority of the task.  0 is the lowest priority. */
@@ -9996,7 +9981,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve
     volatile TaskRunning_t xTaskRunState; /*< Used to identify the core the task is running on, if any. */
     BaseType_t xIsIdle; /*< Used to identify the idle tasks. */
     char pcTaskName[ 16 ]; /*< Descriptive name given to the task when created.  Facilitates debugging only. */ /*lint !e971 Unqualified char types are allowed for strings and single characters only. */
-// # 272 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 269 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         UBaseType_t uxCriticalNesting; /*< Holds the critical section nesting depth for ports that do not maintain their own count in the port layer. */
 
 
@@ -10016,7 +10001,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve
 
 
         void * pvThreadLocalStoragePointers[ 5 ];
-// # 312 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 309 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         volatile uint32_t ulNotifiedValue[ 1 ];
         volatile uint8_t ucNotifyState[ 1 ];
 
@@ -10107,7 +10092,7 @@ const volatile UBaseType_t uxTopUsedPriority = 32 - 1U;
  * must not be done by an ISR. Reads must be protected by either lock and may be done by
  * either an ISR or a task. */
                 static volatile UBaseType_t uxSchedulerSuspended = ( UBaseType_t ) ( ( BaseType_t ) 0 );
-// # 412 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 409 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*lint -restore */
 
 /*-----------------------------------------------------------*/
@@ -10260,7 +10245,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
  * will exit the Blocked state.
  */
 static void prvResetNextTaskUnblockTime( void ) ;
-// # 576 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 573 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * Called after a Task_t structure has been allocated either statically or
  * dynamically to fill in the structure's members.
@@ -10292,9 +10277,9 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) ;
 
 
 /*-----------------------------------------------------------*/
-// # 626 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 623 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 709 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 706 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvYieldCore( BaseType_t xCoreID )
@@ -10336,8 +10321,8 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
     /* THIS FUNCTION MUST BE CALLED FROM A CRITICAL SECTION */
 
-    (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 750, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
-// # 763 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+    (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 747, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+// # 760 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     xLowestPriority = ( BaseType_t ) pxTCB->uxPriority;
 
     if( xPreemptEqualPriority == ( ( BaseType_t ) 0 ) )
@@ -10376,7 +10361,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
             {
                                         ;
             }
-// # 817 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 814 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
         else
         {
@@ -10389,7 +10374,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
         prvYieldCore( xLowestPriorityCore );
         xYieldCount++;
     }
-// # 837 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 834 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 /*-----------------------------------------------------------*/
 
@@ -10400,10 +10385,10 @@ static void prvYieldForTask( TCB_t * pxTCB,
         UBaseType_t uxCurrentPriority = uxTopReadyPriority;
         BaseType_t xTaskScheduled = ( ( BaseType_t ) 0 );
         BaseType_t xDecrementTopPriority = ( ( BaseType_t ) 1 );
-// # 855 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 852 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         while( xTaskScheduled == ( ( BaseType_t ) 0 ) )
         {
-// # 869 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 866 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             if( ( ( ( &( pxReadyTasksLists[ uxCurrentPriority ] ) )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) == ( ( BaseType_t ) 0 ) )
             {
                 List_t * const pxReadyList = &( pxReadyTasksLists[ uxCurrentPriority ] );
@@ -10433,7 +10418,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     pxTCB = pxTaskItem->pvOwner;
 
                     /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */
-// # 914 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 911 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     if( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -1 ) )
                     {
 
@@ -10454,7 +10439,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     }
                     else if( pxTCB == pxCurrentTCBs[ xCoreID ] )
                     {
-                        (__builtin_expect(!(( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 934, "( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )") : (void)0);
+                        (__builtin_expect(!(( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 931, "( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )") : (void)0);
 
 
 
@@ -10498,21 +10483,21 @@ static void prvYieldForTask( TCB_t * pxTCB,
                 return ( ( BaseType_t ) 0 );
             }
 
-            (__builtin_expect(!(( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 978, "( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )") : (void)0);
+            (__builtin_expect(!(( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 975, "( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )") : (void)0);
             uxCurrentPriority--;
         }
 
-        (__builtin_expect(!(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 982, "( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )") : (void)0);
-// # 1058 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+        (__builtin_expect(!(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 979, "( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )") : (void)0);
+// # 1055 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         return ( ( BaseType_t ) 1 );
     }
-// # 1074 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1071 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1152 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1149 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1215 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1212 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1281 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1278 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -10523,7 +10508,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                             void * const pvParameters,
                             UBaseType_t uxPriority,
                             TaskHandle_t * const pxCreatedTask )
-// # 1304 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1301 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     {
         TCB_t * pxNewTCB;
         BaseType_t xReturn;
@@ -10531,7 +10516,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
         /* If the stack grows down then allocate the stack then the TCB so the stack
          * does not grow into the TCB.  Likewise if the stack grows up then allocate
          * the TCB then the stack. */
-// # 1334 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1331 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 StackType_t * pxStack;
 
@@ -10564,9 +10549,9 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
         if( pxNewTCB != 0 )
         {
-// # 1374 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1371 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvInitialiseNewTask( pxTaskCode, pcName, ( uint32_t ) usStackDepth, pvParameters, uxPriority, pxCreatedTask, pxNewTCB, 0 );
-// # 1383 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1380 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvAddNewTaskToReadyList( pxNewTCB );
             xReturn = ( ( ( BaseType_t ) 1 ) );
         }
@@ -10592,7 +10577,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 {
     StackType_t * pxTopOfStack;
     UBaseType_t x;
-// # 1424 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1421 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Avoid dependency on memset() if it is not required. */
 
         {
@@ -10611,10 +10596,10 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             pxTopOfStack = ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception.  Avoiding casts between pointers and integers is not practical.  Size differences accounted for using portPOINTER_SIZE_TYPE type.  Checked by assert(). */
 
             /* Check the alignment of the calculated top of stack is correct. */
-            (__builtin_expect(!(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1442, "( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )") : (void)0);
-// # 1451 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+            (__builtin_expect(!(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1439, "( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )") : (void)0);
+// # 1448 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
-// # 1465 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1462 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Store the task name in the TCB. */
     if( pcName != 0 )
     {
@@ -10680,7 +10665,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         {
             pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U;
         }
-// # 1549 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1546 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* Avoid compiler warning about unreferenced parameter. */
             ( void ) xRegions;
@@ -10698,21 +10683,21 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             memset( ( void * ) &( pxNewTCB->ulNotifiedValue[ 0 ] ), 0x00, sizeof( pxNewTCB->ulNotifiedValue ) );
             memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) );
         }
-// # 1578 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1575 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             pxNewTCB->ucDelayAborted = ( ( BaseType_t ) 0 );
         }
-// # 1596 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1593 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Initialize the TCB stack to look as if the task was already running,
      * but had been interrupted by the scheduler.  The return address is set
      * to the start of the task function. Once the stack has been initialised
      * the top of stack variable is updated. */
-// # 1624 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1621 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* If the port has capability to detect stack overflow,
              * pass the stack end address to the stack initialization
              * function as well. */
-// # 1641 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1638 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                 {
                     pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters );
                 }
@@ -10917,7 +10902,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
                 if( xTaskRunningOnCore == xCoreID )
                 {
-                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1845, "uxSchedulerSuspended == 0") : (void)0);
+                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1842, "uxSchedulerSuspended == 0") : (void)0);
                     vTaskYieldWithinAPI();
                 }
                 else
@@ -10940,12 +10925,12 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         TickType_t xTimeToWake;
         BaseType_t xAlreadyYielded, xShouldDelay = ( ( BaseType_t ) 0 );
 
-        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1868, "pxPreviousWakeTime") : (void)0);
-        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1869, "( xTimeIncrement > 0U )") : (void)0);
+        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1865, "pxPreviousWakeTime") : (void)0);
+        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1866, "( xTimeIncrement > 0U )") : (void)0);
 
         vTaskSuspendAll();
         {
-            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1873, "uxSchedulerSuspended == 1") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1870, "uxSchedulerSuspended == 1") : (void)0);
 
             /* Minor optimisation.  The tick count cannot change in this
              * block. */
@@ -11031,7 +11016,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         {
             vTaskSuspendAll();
             {
-                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1959, "uxSchedulerSuspended == 1") : (void)0);
+                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1956, "uxSchedulerSuspended == 1") : (void)0);
                                  ;
 
                 /* A task that is removed from the event list while the
@@ -11073,7 +11058,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         List_t const * pxStateList, * pxDelayedList, * pxOverflowedDelayedList;
         const TCB_t * const pxTCB = xTask;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2001, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1998, "pxTCB") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -11235,7 +11220,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         BaseType_t xYieldForTask = ( ( BaseType_t ) 0 );
         BaseType_t xCoreID;
 
-        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2163, "( uxNewPriority < 32 )") : (void)0);
+        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2160, "( uxNewPriority < 32 )") : (void)0);
 
         /* Ensure the new priority is valid. */
         if( uxNewPriority >= ( UBaseType_t ) 32 )
@@ -11389,13 +11374,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
 /*-----------------------------------------------------------*/
-// # 2351 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2348 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2374 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2371 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2392 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2389 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2420 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2417 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -11472,7 +11457,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                     if( xTaskRunningOnCore == 0 )
                     {
                         /* The current task has just been suspended. */
-                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2496, "uxSchedulerSuspended == 0") : (void)0);
+                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2493, "uxSchedulerSuspended == 0") : (void)0);
                         vTaskYieldWithinAPI();
                     }
                     else
@@ -11486,7 +11471,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                 {
                     vTaskExitCritical();
 
-                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2510, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
+                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2507, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
 
                     /* The scheduler is not running, but the task that was pointed
                      * to by pxCurrentTCB has just been suspended and pxCurrentTCB
@@ -11533,7 +11518,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         /* Accesses xPendingReadyList so must be called from a critical section. */
 
         /* It does not make sense to check if the calling task is suspended. */
-        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2557, "xTask") : (void)0);
+        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2554, "xTask") : (void)0);
 
         /* Is the task being resumed actually in the suspended list? */
         if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &xSuspendedTaskList ) ) ? ( ( ( BaseType_t ) 1 ) ) : ( ( ( BaseType_t ) 0 ) ) ) != ( ( BaseType_t ) 0 ) )
@@ -11575,7 +11560,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         TCB_t * const pxTCB = xTaskToResume;
 
         /* It does not make sense to resume the calling task. */
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2599, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2596, "xTaskToResume") : (void)0);
 
         /* The parameter cannot be NULL as it is impossible to resume the
          * currently executing task. It is also impossible to resume a task
@@ -11627,7 +11612,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         TCB_t * const pxTCB = xTaskToResume;
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2651, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2648, "xTaskToResume") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -11748,7 +11733,7 @@ static BaseType_t prvCreateIdleTasks( void )
         {
                                     ;
         }
-// # 2819 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2816 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 if( xCoreID == 0 )
                 {
@@ -11760,7 +11745,7 @@ static BaseType_t prvCreateIdleTasks( void )
                                            ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */
                                            &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */
                 }
-// # 2842 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2839 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             }
 
     }
@@ -11797,7 +11782,7 @@ void vTaskStartScheduler( void )
          * so interrupts will automatically get re-enabled when the first task
          * starts to run. */
         ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;});
-// # 2892 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2889 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL;
         xSchedulerRunning = ( ( BaseType_t ) 1 );
         xTickCount = ( TickType_t ) 0;
@@ -11829,7 +11814,7 @@ void vTaskStartScheduler( void )
         /* This line will only be reached if the kernel could not be started,
          * because there was not enough FreeRTOS heap to create the idle task
          * or the timer task. */
-        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2923, "xReturn != ( -1 )") : (void)0);
+        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2920, "xReturn != ( -1 )") : (void)0);
     }
 
     /* Prevent compiler warnings if INCLUDE_xTaskGetIdleTaskHandle is set to 0,
@@ -11894,7 +11879,7 @@ void vTaskSuspendAll( void )
     }
 }
 /*----------------------------------------------------------*/
-// # 3050 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3047 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskResumeAll( void )
@@ -11917,7 +11902,7 @@ BaseType_t xTaskResumeAll( void )
 
             /* If uxSchedulerSuspended is zero then this function does not match a
              * previous call to vTaskSuspendAll(). */
-            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3072, "uxSchedulerSuspended") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3069, "uxSchedulerSuspended") : (void)0);
 
             --uxSchedulerSuspended;
             vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 0 ));
@@ -12075,7 +12060,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     /* If null is passed in here then the name of the calling task is being
      * queried. */
     pxTCB = ( ( ( xTaskToQuery ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToQuery ) );
-    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3230, "pxTCB") : (void)0);
+    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3227, "pxTCB") : (void)0);
     return &( pxTCB->pcTaskName[ 0 ] );
 }
 /*-----------------------------------------------------------*/
@@ -12157,7 +12142,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
         TCB_t * pxTCB;
 
         /* Task names will be truncated to configMAX_TASK_NAME_LEN - 1 bytes. */
-        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3312, "strlen( pcNameToQuery ) < 16") : (void)0);
+        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3309, "strlen( pcNameToQuery ) < 16") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12253,7 +12238,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                          * each task in the Suspended state. */
                         uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended );
                     }
-// # 3422 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3419 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         if( pulTotalRunTime != 0 )
                         {
@@ -12281,7 +12266,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     {
         /* If xTaskGetIdleTaskHandle() is called before the scheduler has been
          * started, then xIdleTaskHandle will be NULL. */
-        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3449, "( xIdleTaskHandle != 0 )") : (void)0);
+        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3446, "( xIdleTaskHandle != 0 )") : (void)0);
         return &( xIdleTaskHandle[ 0 ] );
     }
 
@@ -12292,7 +12277,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
  * This is to ensure vTaskStepTick() is available when user defined low power mode
  * implementations require configUSE_TICKLESS_IDLE to be set to a value other than
  * 1. */
-// # 3473 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3470 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
@@ -12301,7 +12286,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
 
     /* Must not be called with the scheduler suspended as the implementation
      * relies on xPendedTicks being wound down to 0 in xTaskResumeAll(). */
-    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3481, "uxSchedulerSuspended == 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3478, "uxSchedulerSuspended == 0") : (void)0);
 
     /* Use xPendedTicks to mimic xTicksToCatchUp number of ticks occurring when
      * the scheduler is suspended so the ticks are executed in xTaskResumeAll(). */
@@ -12320,7 +12305,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
         TCB_t * pxTCB = xTask;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3500, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3497, "pxTCB") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12419,7 +12404,7 @@ BaseType_t xTaskIncrementTick( void )
 
             if( xConstTickCount == ( TickType_t ) 0U ) /*lint !e774 'if' does not always evaluate to false as it is looking for an overflow. */
             {
-                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3599, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
+                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3596, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
             }
             else
             {
@@ -12602,13 +12587,13 @@ BaseType_t xTaskIncrementTick( void )
     return xSwitchRequired;
 }
 /*-----------------------------------------------------------*/
-// # 3811 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3808 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3835 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3832 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3860 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3857 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3893 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3890 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 void vTaskSwitchContext( BaseType_t xCoreID )
@@ -12626,7 +12611,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
     {
         /* vTaskSwitchContext() must never be called from within a critical section.
          * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */
-        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3910, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
+        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3907, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
 
         if( uxSchedulerSuspended != ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
         {
@@ -12638,7 +12623,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
         {
             xYieldPendings[ xCoreID ] = ( ( BaseType_t ) 0 );
                                     ;
-// # 3951 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3948 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             /* Check for stack overflow, if configured. */
             { const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } };
 
@@ -12655,7 +12640,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
                                    ;
 
             /* After the new task is switched in, update the global errno. */
-// # 3985 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3982 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
     }
     vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 0 ));
@@ -12666,7 +12651,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
 void vTaskPlaceOnEventList( List_t * const pxEventList,
                             const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3995, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3992, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH EITHER INTERRUPTS DISABLED OR THE
      * SCHEDULER SUSPENDED AND THE QUEUE BEING ACCESSED LOCKED. */
@@ -12685,11 +12670,11 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                      const TickType_t xItemValue,
                                      const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4014, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4011, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event groups implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4018, "uxSchedulerSuspended != 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4015, "uxSchedulerSuspended != 0") : (void)0);
 
     /* Store the item value in the event list item.  It is safe to access the
      * event list item here as interrupts won't access the event list item of a
@@ -12713,7 +12698,7 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                           TickType_t xTicksToWait,
                                           const BaseType_t xWaitIndefinitely )
     {
-        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4042, "pxEventList") : (void)0);
+        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4039, "pxEventList") : (void)0);
 
         /* This function should not be called by application code hence the
          * 'Restricted' in its name.  It is not part of the public API.  It is
@@ -12761,14 +12746,14 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
      * This function assumes that a check has already been made to ensure that
      * pxEventList is not empty. */
     pxUnblockedTCB = ( ( &( ( pxEventList )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4090, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4087, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( &( pxUnblockedTCB->xEventListItem ) );
 
     if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
     {
         ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) );
         ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ;
-// # 4111 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4108 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
     else
     {
@@ -12798,7 +12783,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event flags implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4140, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4137, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
 
     /* Store the new item value in the event list. */
     ( ( pxEventListItem )->xItemValue = ( xItemValue | 0x80000000UL ) );
@@ -12806,9 +12791,9 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
     /* Remove the event list form the event flag.  Interrupts do not access
      * event flags. */
     pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4148, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4145, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( pxEventListItem );
-// # 4165 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4162 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Remove the task from the delayed list and add it to the ready list.  The
      * scheduler is suspended so interrupts will not be accessing the ready
      * lists. */
@@ -12827,7 +12812,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
 void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut )
 {
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4183, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4180, "pxTimeOut") : (void)0);
     vTaskEnterCritical();
     {
         pxTimeOut->xOverflowCount = xNumOfOverflows;
@@ -12850,8 +12835,8 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
 {
     BaseType_t xReturn;
 
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4206, "pxTimeOut") : (void)0);
-    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4207, "pxTicksToWait") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4203, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4204, "pxTicksToWait") : (void)0);
 
     vTaskEnterCritical();
     {
@@ -12966,7 +12951,7 @@ void vTaskMissedYield( void )
  *
  * @todo additional conditional compiles to remove this function.
  */
-// # 4382 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4379 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * -----------------------------------------------------------
  * The Idle task.
@@ -12996,7 +12981,7 @@ static void prvIdleTask( void * pvParameters )
         /* See if any tasks have deleted themselves - if so then the idle task
          * is responsible for freeing the deleted task's TCB and stack. */
         prvCheckTasksWaitingTermination();
-// # 4423 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4420 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 /* When using preemption tasks of equal priority will be
                  * timesliced.  If a task that is sharing the idle priority is ready
@@ -13017,16 +13002,16 @@ static void prvIdleTask( void * pvParameters )
                                             ;
                 }
             }
-// # 4459 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4456 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         /* This conditional compilation should use inequality to 0, not equality
          * to 1.  This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when
          * user defined low power mode  implementations require
          * configUSE_TICKLESS_IDLE to be set to a value other than 1. */
-// # 4524 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4521 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 }
 /*-----------------------------------------------------------*/
-// # 4574 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4571 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13040,7 +13025,7 @@ static void prvIdleTask( void * pvParameters )
         if( xIndex < 5 )
         {
             pxTCB = ( ( ( xTaskToSet ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSet ) );
-            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4587, "pxTCB != 0") : (void)0);
+            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4584, "pxTCB != 0") : (void)0);
             pxTCB->pvThreadLocalStoragePointers[ xIndex ] = pvValue;
         }
     }
@@ -13071,7 +13056,7 @@ static void prvIdleTask( void * pvParameters )
 
 
 /*-----------------------------------------------------------*/
-// # 4634 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4631 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvInitialiseTaskLists( void )
@@ -13173,7 +13158,7 @@ static void prvCheckTasksWaitingTermination( void )
             {
                 pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority;
             }
-// # 4746 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4743 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 pxTaskStatus->ulRunTimeCounter = 0;
             }
@@ -13294,7 +13279,7 @@ static void prvCheckTasksWaitingTermination( void )
 
 
 /*-----------------------------------------------------------*/
-// # 4905 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4902 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13351,7 +13336,7 @@ static void prvCheckTasksWaitingTermination( void )
                 vPortFree( pxTCB->pxStack );
                 vPortFree( pxTCB );
             }
-// # 4988 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4985 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 
 
@@ -13542,8 +13527,8 @@ static void prvResetNextTaskUnblockTime( void )
              * If the mutex is held by a task then it cannot be given from an
              * interrupt, and if a mutex is given by the holding task then it must
              * be the running state task. */
-            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5178, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5179, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5175, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5176, "pxTCB->uxMutexesHeld") : (void)0);
             ( pxTCB->uxMutexesHeld )--;
 
             /* Has the holder of the mutex inherited the priority of another
@@ -13622,7 +13607,7 @@ static void prvResetNextTaskUnblockTime( void )
         {
             /* If pxMutexHolder is not NULL then the holder must hold at least
              * one mutex. */
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5258, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5255, "pxTCB->uxMutexesHeld") : (void)0);
 
             /* Determine the priority to which the priority of the task that
              * holds the mutex should be set.  This will be the greater of the
@@ -13649,7 +13634,7 @@ static void prvResetNextTaskUnblockTime( void )
                     /* If a task has timed out because it already holds the
                      * mutex it was trying to obtain then it cannot of inherited
                      * its own priority. */
-                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5285, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
+                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5282, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
 
                     /* Disinherit the priority, remembering the previous
                      * priority to facilitate determining the subject task's
@@ -13780,7 +13765,7 @@ void vTaskYieldWithinAPI( void )
         {
             /* If pxCurrentTCB->uxCriticalNesting is zero then this function
              * does not match a previous call to vTaskEnterCritical(). */
-            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5416, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5413, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
 
             if( xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U )
             {
@@ -13830,11 +13815,11 @@ void vTaskYieldWithinAPI( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5492 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5489 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 5598 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5595 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
-// # 5725 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5722 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 TickType_t uxTaskResetEventItemValue( void )
@@ -13876,7 +13861,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         uint32_t ulReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5766, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5763, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -13950,7 +13935,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5840, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5837, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14038,8 +14023,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         uint8_t ucOriginalNotifyState;
 
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5928, "uxIndexToNotify < 1") : (void)0);
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5929, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5925, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5926, "xTaskToNotify") : (void)0);
         pxTCB = xTaskToNotify;
 
         vTaskEnterCritical();
@@ -14092,7 +14077,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5982, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5979, "xTickCount == ( TickType_t ) 0") : (void)0);
 
                     break;
             }
@@ -14107,8 +14092,8 @@ TickType_t uxTaskResetEventItemValue( void )
                 ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
 
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5997, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
-// # 6016 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5994, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+// # 6013 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         prvYieldForTask( pxTCB, ( ( BaseType_t ) 0 ) );
                     }
@@ -14141,8 +14126,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6048, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6049, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6045, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6046, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14213,7 +14198,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6120, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6117, "xTickCount == ( TickType_t ) 0") : (void)0);
                     break;
             }
 
@@ -14224,7 +14209,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6131, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6128, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -14269,8 +14254,8 @@ TickType_t uxTaskResetEventItemValue( void )
         uint8_t ucOriginalNotifyState;
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6176, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6177, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6173, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6174, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14308,7 +14293,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6215, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6212, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -14349,7 +14334,7 @@ TickType_t uxTaskResetEventItemValue( void )
         TCB_t * pxTCB;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6256, "uxIndexToClear < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6253, "uxIndexToClear < 1") : (void)0);
 
         /* If null is passed in here then it is the calling task that is having
          * its notification state cleared. */
@@ -14402,7 +14387,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
 
 /*-----------------------------------------------------------*/
-// # 6325 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6322 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
@@ -14478,7 +14463,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                 }
             }
         }
-// # 6437 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6434 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 
 /* Code below here allows additional code to be inserted into this source file,

From 81bb9d6b1bd3738509b482d0b1e3e795803cb34e Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Fri, 21 Oct 2022 12:31:19 -0400
Subject: [PATCH 037/289] Delete inline directives

---
 .../verifast/preprocessed_files/tasks--pp.c   | 64 +++++++++----------
 .../proof_setup/verifast_proof_defs.h         |  4 +-
 2 files changed, 35 insertions(+), 33 deletions(-)

diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index 4d39f068eae..92ce023fade 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -1308,7 +1308,7 @@ typedef struct {
  * \return a number of microseconds since boot, equivalent to t
  * \ingroup timestamp
  */
-static inline uint64_t to_us_since_boot(absolute_time_t t) {
+static uint64_t to_us_since_boot(absolute_time_t t) {
 
 
 
@@ -1323,7 +1323,7 @@ static inline uint64_t to_us_since_boot(absolute_time_t t) {
  *                      as a signed 64 bit integer
  * \ingroup timestamp
  */
-static inline void update_us_since_boot(absolute_time_t *t, uint64_t us_since_boot) {
+static void update_us_since_boot(absolute_time_t *t, uint64_t us_since_boot) {
 
 
 
@@ -3506,7 +3506,7 @@ typedef struct {
 /*! \brief Execute a breakpoint instruction
  *  \ingroup pico_platform
  */
-static inline void __breakpoint(void) {
+static void __breakpoint(void) {
     __asm__("bkpt #0");
 }
 
@@ -3522,7 +3522,7 @@ static inline void __breakpoint(void) {
  * The compiler will not move the load from `some_other_memory_location` above the memory barrier (which it otherwise
  * might - even above the memory store!)
  */
-inline __always_inline static void __compiler_memory_barrier(void) {
+               static void __compiler_memory_barrier(void) {
     __asm__ volatile ("" : : : "memory");
 }
 
@@ -3576,7 +3576,7 @@ uint8_t rp2040_chip_version(void);
  *  \ingroup pico_platform
  * @return the RP2040 rom version number (1 for RP2040-B0, 2 for RP2040-B1, 3 for RP2040-B2)
  */
-static inline uint8_t rp2040_rom_version(void) {
+static uint8_t rp2040_rom_version(void) {
 // #pragma GCC diagnostic push
 // #pragma GCC diagnostic ignored "-Warray-bounds"
     return *(uint8_t*)0x13;
@@ -3590,7 +3590,7 @@ static inline uint8_t rp2040_rom_version(void) {
  * makes it much easier to find tight loops, but also in the future \#ifdef-ed support for lockup
  * debugging might be added
  */
-static inline __always_inline void tight_loop_contents(void) {}
+static void tight_loop_contents(void) {}
 
 /*! \brief Multiply two integers using an assembly `MUL` instruction
  *  \ingroup pico_platform
@@ -3602,7 +3602,7 @@ static inline __always_inline void tight_loop_contents(void) {}
  * \param b the second operand
  * \return a * b
  */
-inline __always_inline static int32_t __mul_instruction(int32_t a, int32_t b) {
+               static int32_t __mul_instruction(int32_t a, int32_t b) {
     asm ("mul %0, %1" : "+l" (a) : "l" (b) : );
     return a;
 }
@@ -3653,7 +3653,7 @@ uint __get_current_exception(void);
  *
  * \param minimum_cycles the minimum number of system clock cycles to delay for
  */
-static inline void busy_wait_at_least_cycles(uint32_t minimum_cycles) {
+static void busy_wait_at_least_cycles(uint32_t minimum_cycles) {
     __asm volatile (
         ".syntax unified\n"
         "1: subs %0, #3\n"
@@ -3667,7 +3667,7 @@ static inline void busy_wait_at_least_cycles(uint32_t minimum_cycles) {
  *
  * \return The core number the call was made from
  */
-inline __always_inline static uint get_core_num(void) {
+               static uint get_core_num(void) {
     return (*(uint32_t *) (0xd0000000u + 0x00000000u));
 }
 // # 32 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico.h" 2
@@ -3796,7 +3796,7 @@ typedef ioptr const const_ioptr;
 //}
 
 // Helper method used by xip_alias macros to optionally check input validity
-static inline __always_inline uint32_t xip_alias_check_addr(const void *addr) {
+static uint32_t xip_alias_check_addr(const void *addr) {
     uint32_t rc = (uintptr_t)addr;
     ({if (((0 || 0) && !0)) (__builtin_expect(!(rc >= 0x10000000u && rc < 0x11000000u), 0) ? __assert_rtn ((const char *)-1L, "address_mapped.h", 95, "rc >= 0x10000000u && rc < 0x11000000u") : (void)0);});
     return rc;
@@ -3824,7 +3824,7 @@ static inline __always_inline uint32_t xip_alias_check_addr(const void *addr) {
  * \param addr Address of writable register
  * \param mask Bit-mask specifying bits to set
  */
-inline __always_inline static void hw_set_bits(io_rw_32 *addr, uint32_t mask) {
+               static void hw_set_bits(io_rw_32 *addr, uint32_t mask) {
     *(io_rw_32 *) ((void *)((0x2u << 12u) | ((uintptr_t)((volatile void *) addr)))) = mask;
 }
 
@@ -3834,7 +3834,7 @@ inline __always_inline static void hw_set_bits(io_rw_32 *addr, uint32_t mask) {
  * \param addr Address of writable register
  * \param mask Bit-mask specifying bits to clear
  */
-inline __always_inline static void hw_clear_bits(io_rw_32 *addr, uint32_t mask) {
+               static void hw_clear_bits(io_rw_32 *addr, uint32_t mask) {
     *(io_rw_32 *) ((void *)((0x3u << 12u) | ((uintptr_t)((volatile void *) addr)))) = mask;
 }
 
@@ -3844,7 +3844,7 @@ inline __always_inline static void hw_clear_bits(io_rw_32 *addr, uint32_t mask)
  * \param addr Address of writable register
  * \param mask Bit-mask specifying bits to invert
  */
-inline __always_inline static void hw_xor_bits(io_rw_32 *addr, uint32_t mask) {
+               static void hw_xor_bits(io_rw_32 *addr, uint32_t mask) {
     *(io_rw_32 *) ((void *)((0x1u << 12u) | ((uintptr_t)((volatile void *) addr)))) = mask;
 }
 
@@ -3860,7 +3860,7 @@ inline __always_inline static void hw_xor_bits(io_rw_32 *addr, uint32_t mask) {
  * \param values Bits values
  * \param write_mask Mask of bits to change
  */
-inline __always_inline static void hw_write_masked(io_rw_32 *addr, uint32_t values, uint32_t write_mask) {
+               static void hw_write_masked(io_rw_32 *addr, uint32_t values, uint32_t write_mask) {
     hw_xor_bits(addr, (*addr ^ values) & write_mask);
 }
 // # 12 "/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_sync/include/hardware/sync.h" 2
@@ -3964,7 +3964,7 @@ typedef volatile uint32_t spin_lock_t;
 
  * The SEV (send event) instruction sends an event to both cores.
  */
-inline __always_inline static void __sev(void) {
+               static void __sev(void) {
     __asm volatile ("sev");
 }
 
@@ -3974,7 +3974,7 @@ inline __always_inline static void __sev(void) {
  * The WFE (wait for event) instruction waits until one of a number of
  * events occurs, including events signalled by the SEV instruction on either core.
  */
-inline __always_inline static void __wfe(void) {
+               static void __wfe(void) {
     __asm volatile ("wfe");
 }
 
@@ -3983,7 +3983,7 @@ inline __always_inline static void __wfe(void) {
 *
  * The WFI (wait for interrupt) instruction waits for a interrupt to wake up the core.
  */
-inline __always_inline static void __wfi(void) {
+               static void __wfi(void) {
     __asm volatile ("wfi");
 }
 
@@ -3993,7 +3993,7 @@ inline __always_inline static void __wfi(void) {
  * The DMB (data memory barrier) acts as a memory barrier, all memory accesses prior to this
  * instruction will be observed before any explicit access after the instruction.
  */
-inline __always_inline static void __dmb(void) {
+               static void __dmb(void) {
     __asm volatile ("dmb" : : : "memory");
 }
 
@@ -4004,7 +4004,7 @@ inline __always_inline static void __dmb(void) {
  * memory barrier (DMB). The DSB operation completes when all explicit memory
  * accesses before this instruction complete.
  */
-inline __always_inline static void __dsb(void) {
+               static void __dsb(void) {
     __asm volatile ("dsb" : : : "memory");
 }
 
@@ -4015,14 +4015,14 @@ inline __always_inline static void __dsb(void) {
  * so that all instructions following the ISB are fetched from cache or memory again, after
  * the ISB instruction has been completed.
  */
-inline __always_inline static void __isb(void) {
+               static void __isb(void) {
     __asm volatile ("isb");
 }
 
 /*! \brief Acquire a memory fence
  *  \ingroup hardware_sync
  */
-inline __always_inline static void __mem_fence_acquire(void) {
+               static void __mem_fence_acquire(void) {
     // the original code below makes it hard for us to be included from C++ via a header
     // which itself is in an extern "C", so just use __dmb instead, which is what
     // is required on Cortex M0+
@@ -4038,7 +4038,7 @@ inline __always_inline static void __mem_fence_acquire(void) {
  *  \ingroup hardware_sync
  *
  */
-inline __always_inline static void __mem_fence_release(void) {
+               static void __mem_fence_release(void) {
     // the original code below makes it hard for us to be included from C++ via a header
     // which itself is in an extern "C", so just use __dmb instead, which is what
     // is required on Cortex M0+
@@ -4055,7 +4055,7 @@ inline __always_inline static void __mem_fence_release(void) {
  *
  * \return The prior interrupt enable status for restoration later via restore_interrupts()
  */
-inline __always_inline static uint32_t save_and_disable_interrupts(void) {
+               static uint32_t save_and_disable_interrupts(void) {
     uint32_t status;
     __asm volatile ("mrs %0, PRIMASK" : "=r" (status)::);
     __asm volatile ("cpsid i");
@@ -4067,7 +4067,7 @@ inline __always_inline static uint32_t save_and_disable_interrupts(void) {
  *
  * \param status Previous interrupt status from save_and_disable_interrupts()
   */
-inline __always_inline static void restore_interrupts(uint32_t status) {
+               static void restore_interrupts(uint32_t status) {
     __asm volatile ("msr PRIMASK,%0"::"r" (status) : );
 }
 
@@ -4077,7 +4077,7 @@ inline __always_inline static void restore_interrupts(uint32_t status) {
  * \param lock_num Spinlock ID
  * \return The spinlock instance
  */
-inline __always_inline static spin_lock_t *spin_lock_instance(uint lock_num) {
+               static spin_lock_t *spin_lock_instance(uint lock_num) {
     ({if (((0 || 0) && !0)) (__builtin_expect(!(!(lock_num >= 32u)), 0) ? __assert_rtn ((const char *)-1L, "sync.h", 226, "!(lock_num >= 32u)") : (void)0);});
     return (spin_lock_t *) (0xd0000000u + 0x00000100u + lock_num * 4);
 }
@@ -4088,7 +4088,7 @@ inline __always_inline static spin_lock_t *spin_lock_instance(uint lock_num) {
  * \param lock The Spinlock instance
  * \return The Spinlock ID
  */
-inline __always_inline static uint spin_lock_get_num(spin_lock_t *lock) {
+               static uint spin_lock_get_num(spin_lock_t *lock) {
     ({if (((0 || 0) && !0)) (__builtin_expect(!(!((uint) lock < 0xd0000000u + 0x00000100u || (uint) lock >= 32u * sizeof(spin_lock_t) + 0xd0000000u + 0x00000100u || ((uint) lock - 0xd0000000u + 0x00000100u) % sizeof(spin_lock_t) != 0)), 0) ? __assert_rtn ((const char *)-1L, "sync.h", 239, "!((uint) lock < 0xd0000000u + 0x00000100u || (uint) lock >= 32u * sizeof(spin_lock_t) + 0xd0000000u + 0x00000100u || ((uint) lock - 0xd0000000u + 0x00000100u) % sizeof(spin_lock_t) != 0)") : (void)0);});
 
 
@@ -4100,7 +4100,7 @@ inline __always_inline static uint spin_lock_get_num(spin_lock_t *lock) {
  *
  * \param lock Spinlock instance
  */
-inline __always_inline static void spin_lock_unsafe_blocking(spin_lock_t *lock) {
+               static void spin_lock_unsafe_blocking(spin_lock_t *lock) {
     // Note we don't do a wfe or anything, because by convention these spin_locks are VERY SHORT LIVED and NEVER BLOCK and run
     // with INTERRUPTS disabled (to ensure that)... therefore nothing on our core could be blocking us, so we just need to wait on another core
     // anyway which should be finished soon
@@ -4113,7 +4113,7 @@ inline __always_inline static void spin_lock_unsafe_blocking(spin_lock_t *lock)
  *
  * \param lock Spinlock instance
  */
-inline __always_inline static void spin_unlock_unsafe(spin_lock_t *lock) {
+               static void spin_unlock_unsafe(spin_lock_t *lock) {
     __mem_fence_release();
     *lock = 0;
 }
@@ -4126,7 +4126,7 @@ inline __always_inline static void spin_unlock_unsafe(spin_lock_t *lock) {
  * \param lock Spinlock instance
  * \return interrupt status to be used when unlocking, to restore to original state
  */
-inline __always_inline static uint32_t spin_lock_blocking(spin_lock_t *lock) {
+               static uint32_t spin_lock_blocking(spin_lock_t *lock) {
     uint32_t save = save_and_disable_interrupts();
     spin_lock_unsafe_blocking(lock);
     return save;
@@ -4137,7 +4137,7 @@ inline __always_inline static uint32_t spin_lock_blocking(spin_lock_t *lock) {
  *
  * \param lock Spinlock instance
  */
-inline static bool is_spin_locked(spin_lock_t *lock) {
+       static bool is_spin_locked(spin_lock_t *lock) {
     _Static_assert(sizeof(spin_lock_t) == (4), "hw size mismatch");
     uint lock_num = spin_lock_get_num(lock);
     return 0 != (*(io_ro_32 *) (0xd0000000u + 0x0000005cu) & (1u << lock_num));
@@ -4154,7 +4154,7 @@ inline static bool is_spin_locked(spin_lock_t *lock) {
  *
  * \sa spin_lock_blocking()
  */
-inline __always_inline static void spin_unlock(spin_lock_t *lock, uint32_t saved_irq) {
+               static void spin_unlock(spin_lock_t *lock, uint32_t saved_irq) {
     spin_unlock_unsafe(lock);
     restore_interrupts(saved_irq);
 }
@@ -4343,7 +4343,7 @@ bool spin_lock_is_claimed(uint lock_num);
     /* Note this is a single method with uxAcquire parameter since we have
      * static vars, the method is always called with a compile time constant for
      * uxAcquire, and the compiler should dothe right thing! */
-    static inline void vPortRecursiveLock(uint32_t ulLockNum, spin_lock_t *pxSpinLock, BaseType_t uxAcquire) {
+    static void vPortRecursiveLock(uint32_t ulLockNum, spin_lock_t *pxSpinLock, BaseType_t uxAcquire) {
         static uint8_t ucOwnedByCore[ 2 ];
         static uint8_t ucRecursionCountByLock[ 2 ];
         (__builtin_expect(!(ulLockNum >= 0 && ulLockNum < 2), 0) ? __assert_rtn ((const char *)-1L, "portmacro.h", 178, "ulLockNum >= 0 && ulLockNum < 2") : (void)0);
diff --git a/verification/verifast/proof_setup/verifast_proof_defs.h b/verification/verifast/proof_setup/verifast_proof_defs.h
index 61aa629c742..a9460d08e28 100644
--- a/verification/verifast/proof_setup/verifast_proof_defs.h
+++ b/verification/verifast/proof_setup/verifast_proof_defs.h
@@ -5,5 +5,7 @@
 
 
 #ifndef VERIFAST_DEFS_H
-
+    // Delete keywords VeriFast canot parse (in some contexts)
+    #define inline
+    #define __always_inline
 #endif /* VERIFAST_DEFS_H */

From 47aa491e31342a6c9b65939bab1e482bea4908c0 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Fri, 21 Oct 2022 17:37:32 -0400
Subject: [PATCH 038/289] Ensured that preprocessing script uses the pico sdk
 submodule.

---
 .../preprocess_tasks_c.sh                     | 83 ++++++++++---------
 1 file changed, 43 insertions(+), 40 deletions(-)

diff --git a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
index 1d114b04277..6dff52f2f69 100755
--- a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
+++ b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
@@ -8,12 +8,15 @@ DEMO_DIR="$PP_SCRIPT_WD/../FreeRTOS/Demo/CORTEX_M0+_RP2040/"
 TIMESTAMP=`date +'%y_%m_%d--%H_%M'`
 LOG_PP_OUT_DIR="$PP_SCRIPT_WD/log_preprocessed_files"
 LOG_PP_TASK_C="$LOG_PP_OUT_DIR/tasks--pp--$TIMESTAMP.c"
+LOG_PP_ERR="$LOG_PP_OUT_DIR/error--$TIMESTAMP.c"
 
 LOG_VF_RW_TASK_C="$LOG_PP_OUT_DIR/tasks--vf_rw--$TIMESTAMP.c"
 
 PP_OUT_DIR="$PP_SCRIPT_WD/../preprocessed_files"
 PP_TASK_C="$PP_OUT_DIR/tasks--pp.c"
 
+PICO_SDK_DIR="$PP_SCRIPT_WD/../sdks/pico-sdk"
+
 pwd
 mkdir $LOG_PP_OUT_DIR
 
@@ -22,7 +25,7 @@ mkdir $LOG_PP_OUT_DIR
 # -C
 # -P : surpresses line/file pragmas
 
-
+echo start preprocessor
 clang -E -C  -DFREE_RTOS_KERNEL_SMP=1 -DLIB_FREERTOS_KERNEL=1 -DLIB_PICO_BIT_OPS=1 -DLIB_PICO_BIT_OPS_PICO=1 -DLIB_PICO_DIVIDER=1 -DLIB_PICO_DIVIDER_HARDWARE=1 -DLIB_PICO_DOUBLE=1 -DLIB_PICO_DOUBLE_PICO=1 -DLIB_PICO_FLOAT=1 -DLIB_PICO_FLOAT_PICO=1 -DLIB_PICO_INT64_OPS=1 -DLIB_PICO_INT64_OPS_PICO=1 -DLIB_PICO_MALLOC=1 -DLIB_PICO_MEM_OPS=1 -DLIB_PICO_MEM_OPS_PICO=1 -DLIB_PICO_MULTICORE=1 -DLIB_PICO_PLATFORM=1 -DLIB_PICO_PRINTF=1 -DLIB_PICO_PRINTF_PICO=1 -DLIB_PICO_RUNTIME=1 -DLIB_PICO_STANDARD_LINK=1 -DLIB_PICO_STDIO=1 -DLIB_PICO_STDIO_UART=1 -DLIB_PICO_STDLIB=1 -DLIB_PICO_SYNC=1 -DLIB_PICO_SYNC_CORE=1 -DLIB_PICO_SYNC_CRITICAL_SECTION=1 -DLIB_PICO_SYNC_MUTEX=1 -DLIB_PICO_SYNC_SEM=1 -DLIB_PICO_TIME=1 -DLIB_PICO_UTIL=1 -DPICO_BOARD=\"pico\" -DPICO_BUILD=1 -DPICO_CMAKE_BUILD_TYPE=\"Release\" -DPICO_COPY_TO_RAM=0 -DPICO_CXX_ENABLE_EXCEPTIONS=0 -DPICO_NO_FLASH=0 -DPICO_NO_HARDWARE=0 -DPICO_ON_DEVICE=1 -DPICO_STACK_SIZE=0x1000 -DPICO_TARGET_NAME=\"on_core_one\" -DPICO_USE_BLOCKED_RAM=0 -DmainRUN_FREE_RTOS_ON_CORE=1 \
 -DVERIFAST \
 -I/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin \
@@ -30,47 +33,47 @@ clang -E -C  -DFREE_RTOS_KERNEL_SMP=1 -DLIB_FREERTOS_KERNEL=1 -DLIB_PICO_BIT_OPS
 -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore \
 -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include \
 -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include \
--I/Users/reitobia/programs/pico-sdk/src/common/pico_base/include \
+-I"$PICO_SDK_DIR/src/common/pico_base/include" \
 -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base \
--I/Users/reitobia/programs/pico-sdk/src/boards/include \
--I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_platform/include \
--I/Users/reitobia/programs/pico-sdk/src/rp2040/hardware_regs/include \
--I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_base/include \
--I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_clocks/include \
--I/Users/reitobia/programs/pico-sdk/src/rp2040/hardware_structs/include \
--I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_claim/include \
--I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_sync/include \
--I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_gpio/include \
--I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_irq/include \
--I/Users/reitobia/programs/pico-sdk/src/common/pico_sync/include \
--I/Users/reitobia/programs/pico-sdk/src/common/pico_time/include \
--I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_timer/include \
--I/Users/reitobia/programs/pico-sdk/src/common/pico_util/include \
--I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_resets/include \
--I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_pll/include \
--I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_vreg/include \
--I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_watchdog/include \
--I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_xosc/include \
--I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_exception/include \
--I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_multicore/include \
--I/Users/reitobia/programs/pico-sdk/src/common/pico_stdlib/include \
--I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_uart/include \
--I/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_divider/include \
--I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_runtime/include \
--I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_printf/include \
--I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_bootrom/include \
--I/Users/reitobia/programs/pico-sdk/src/common/pico_bit_ops/include \
--I/Users/reitobia/programs/pico-sdk/src/common/pico_divider/include \
--I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_double/include \
--I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_int64_ops/include \
--I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_float/include \
--I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_malloc/include \
--I/Users/reitobia/programs/pico-sdk/src/rp2_common/boot_stage2/include \
--I/Users/reitobia/programs/pico-sdk/src/common/pico_binary_info/include \
--I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_stdio/include \
--I/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_stdio_uart/include \
+-I"$PICO_SDK_DIR/src/boards/include" \
+-I"$PICO_SDK_DIR/src/rp2_common/pico_platform/include" \
+-I"$PICO_SDK_DIR/src/rp2040/hardware_regs/include" \
+-I"$PICO_SDK_DIR/src/rp2_common/hardware_base/include" \
+-I"$PICO_SDK_DIR/src/rp2_common/hardware_clocks/include" \
+-I"$PICO_SDK_DIR/src/rp2040/hardware_structs/include" \
+-I"$PICO_SDK_DIR/src/rp2_common/hardware_claim/include" \
+-I"$PICO_SDK_DIR/src/rp2_common/hardware_sync/include" \
+-I"$PICO_SDK_DIR/src/rp2_common/hardware_gpio/include" \
+-I"$PICO_SDK_DIR/src/rp2_common/hardware_irq/include" \
+-I"$PICO_SDK_DIR/src/common/pico_sync/include" \
+-I"$PICO_SDK_DIR/src/common/pico_time/include" \
+-I"$PICO_SDK_DIR/src/rp2_common/hardware_timer/include" \
+-I"$PICO_SDK_DIR/src/common/pico_util/include" \
+-I"$PICO_SDK_DIR/src/rp2_common/hardware_resets/include" \
+-I"$PICO_SDK_DIR/src/rp2_common/hardware_pll/include" \
+-I"$PICO_SDK_DIR/src/rp2_common/hardware_vreg/include" \
+-I"$PICO_SDK_DIR/src/rp2_common/hardware_watchdog/include" \
+-I"$PICO_SDK_DIR/src/rp2_common/hardware_xosc/include" \
+-I"$PICO_SDK_DIR/src/rp2_common/hardware_exception/include" \
+-I"$PICO_SDK_DIR/src/rp2_common/pico_multicore/include" \
+-I"$PICO_SDK_DIR/src/common/pico_stdlib/include" \
+-I"$PICO_SDK_DIR/src/rp2_common/hardware_uart/include" \
+-I"$PICO_SDK_DIR/src/rp2_common/hardware_divider/include" \
+-I"$PICO_SDK_DIR/src/rp2_common/pico_runtime/include" \
+-I"$PICO_SDK_DIR/src/rp2_common/pico_printf/include" \
+-I"$PICO_SDK_DIR/src/rp2_common/pico_bootrom/include" \
+-I"$PICO_SDK_DIR/src/common/pico_bit_ops/include" \
+-I"$PICO_SDK_DIR/src/common/pico_divider/include" \
+-I"$PICO_SDK_DIR/src/rp2_common/pico_double/include" \
+-I"$PICO_SDK_DIR/src/rp2_common/pico_int64_ops/include" \
+-I"$PICO_SDK_DIR/src/rp2_common/pico_float/include" \
+-I"$PICO_SDK_DIR/src/rp2_common/pico_malloc/include" \
+-I"$PICO_SDK_DIR/src/rp2_common/boot_stage2/include" \
+-I"$PICO_SDK_DIR/src/common/pico_binary_info/include" \
+-I"$PICO_SDK_DIR/src/rp2_common/pico_stdio/include" \
+-I"$PICO_SDK_DIR/src/rp2_common/pico_stdio_uart/include" \
 -c /Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c \
-&>$LOG_PP_TASK_C
+1>"$LOG_PP_TASK_C" 2>"$LOG_PP_ERR"
 
 echo "\n\nPreprocessed output with pragmas written to:"
 echo $LOG_PP_TASK_C

From d3cfeebca13baeb908d2728a978ab5d5198a3153 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Fri, 21 Oct 2022 17:42:05 -0400
Subject: [PATCH 039/289] Ensured that preprocessing script uses the smp demo
 submodule.

---
 .../custom_build_scripts_RP2040/preprocess_tasks_c.sh    | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
index 6dff52f2f69..27e62385ccc 100755
--- a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
+++ b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
@@ -16,6 +16,7 @@ PP_OUT_DIR="$PP_SCRIPT_WD/../preprocessed_files"
 PP_TASK_C="$PP_OUT_DIR/tasks--pp.c"
 
 PICO_SDK_DIR="$PP_SCRIPT_WD/../sdks/pico-sdk"
+SMP_DEMO_DIR="$PP_SCRIPT_WD/../demos/FreeRTOS-SMP-Demos"
 
 pwd
 mkdir $LOG_PP_OUT_DIR
@@ -30,11 +31,11 @@ clang -E -C  -DFREE_RTOS_KERNEL_SMP=1 -DLIB_FREERTOS_KERNEL=1 -DLIB_PICO_BIT_OPS
 -DVERIFAST \
 -I/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin \
 -I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup \
--I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore \
--I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include \
--I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include \
+-I"$SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore" \
+-I"$SMP_DEMO_DIR/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include" \
+-I"$SMP_DEMO_DIR/FreeRTOS/Source/include" \
 -I"$PICO_SDK_DIR/src/common/pico_base/include" \
--I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base \
+-I"$SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base" \
 -I"$PICO_SDK_DIR/src/boards/include" \
 -I"$PICO_SDK_DIR/src/rp2_common/pico_platform/include" \
 -I"$PICO_SDK_DIR/src/rp2040/hardware_regs/include" \

From f11cb629f388222954604acc8032ad79cabc52da Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Fri, 21 Oct 2022 17:55:21 -0400
Subject: [PATCH 040/289] Generalized paths to resources used in preprocessing
 script.

---
 .../preprocess_tasks_c.sh                           | 13 ++++++++++---
 verification/verifast/start-vfide--preprocessed.sh  |  9 +++++----
 2 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
index 27e62385ccc..071b9aa7b04 100755
--- a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
+++ b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
@@ -1,7 +1,14 @@
 #!/bin/zsh
 ps -o comm= -p $$
 
+# This script expects the following command line arguments:
+# $1 : Absolute path to the VeriFast directory
+
+VF_DIR="$1"
+
 PP_SCRIPT_WD=`pwd`
+TASKS_C="$PP_SCRIPT_WD/../../../tasks.c"
+PROOF_SETUP_DIR="$PP_SCRIPT_WD/../proof_setup"
 DEMO_DIR="$PP_SCRIPT_WD/../FreeRTOS/Demo/CORTEX_M0+_RP2040/"
 #LOG_DIR="`pwd`/build_logs"
 #BUILD_LOG="$LOG_DIR/build_log--`date +'%y_%m_%d--%H_%M'`.txt"
@@ -29,8 +36,8 @@ mkdir $LOG_PP_OUT_DIR
 echo start preprocessor
 clang -E -C  -DFREE_RTOS_KERNEL_SMP=1 -DLIB_FREERTOS_KERNEL=1 -DLIB_PICO_BIT_OPS=1 -DLIB_PICO_BIT_OPS_PICO=1 -DLIB_PICO_DIVIDER=1 -DLIB_PICO_DIVIDER_HARDWARE=1 -DLIB_PICO_DOUBLE=1 -DLIB_PICO_DOUBLE_PICO=1 -DLIB_PICO_FLOAT=1 -DLIB_PICO_FLOAT_PICO=1 -DLIB_PICO_INT64_OPS=1 -DLIB_PICO_INT64_OPS_PICO=1 -DLIB_PICO_MALLOC=1 -DLIB_PICO_MEM_OPS=1 -DLIB_PICO_MEM_OPS_PICO=1 -DLIB_PICO_MULTICORE=1 -DLIB_PICO_PLATFORM=1 -DLIB_PICO_PRINTF=1 -DLIB_PICO_PRINTF_PICO=1 -DLIB_PICO_RUNTIME=1 -DLIB_PICO_STANDARD_LINK=1 -DLIB_PICO_STDIO=1 -DLIB_PICO_STDIO_UART=1 -DLIB_PICO_STDLIB=1 -DLIB_PICO_SYNC=1 -DLIB_PICO_SYNC_CORE=1 -DLIB_PICO_SYNC_CRITICAL_SECTION=1 -DLIB_PICO_SYNC_MUTEX=1 -DLIB_PICO_SYNC_SEM=1 -DLIB_PICO_TIME=1 -DLIB_PICO_UTIL=1 -DPICO_BOARD=\"pico\" -DPICO_BUILD=1 -DPICO_CMAKE_BUILD_TYPE=\"Release\" -DPICO_COPY_TO_RAM=0 -DPICO_CXX_ENABLE_EXCEPTIONS=0 -DPICO_NO_FLASH=0 -DPICO_NO_HARDWARE=0 -DPICO_ON_DEVICE=1 -DPICO_STACK_SIZE=0x1000 -DPICO_TARGET_NAME=\"on_core_one\" -DPICO_USE_BLOCKED_RAM=0 -DmainRUN_FREE_RTOS_ON_CORE=1 \
 -DVERIFAST \
--I/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin \
--I/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup \
+-I"$VF_DIR/bin" \
+-I"$PROOF_SETUP_DIR" \
 -I"$SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore" \
 -I"$SMP_DEMO_DIR/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include" \
 -I"$SMP_DEMO_DIR/FreeRTOS/Source/include" \
@@ -73,7 +80,7 @@ clang -E -C  -DFREE_RTOS_KERNEL_SMP=1 -DLIB_FREERTOS_KERNEL=1 -DLIB_PICO_BIT_OPS
 -I"$PICO_SDK_DIR/src/common/pico_binary_info/include" \
 -I"$PICO_SDK_DIR/src/rp2_common/pico_stdio/include" \
 -I"$PICO_SDK_DIR/src/rp2_common/pico_stdio_uart/include" \
--c /Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c \
+-c "$TASKS_C" \
 1>"$LOG_PP_TASK_C" 2>"$LOG_PP_ERR"
 
 echo "\n\nPreprocessed output with pragmas written to:"
diff --git a/verification/verifast/start-vfide--preprocessed.sh b/verification/verifast/start-vfide--preprocessed.sh
index 2b1f972c57e..73381fe9c92 100755
--- a/verification/verifast/start-vfide--preprocessed.sh
+++ b/verification/verifast/start-vfide--preprocessed.sh
@@ -1,10 +1,11 @@
 # This script must be run from the directory in which it resides,
 # i.e., `FreeRTOS-Kernel/verification/verifast`.
 
+# This script expects the following command line arguments:
+# $1 : Absolute path to the VeriFast directory
 
 
-
-VFIDE="$1"
+VF_DIR="$1"
 echo Path to vfide binary : "\'$VFIDE\'"
 
 START_WD=`pwd`
@@ -15,9 +16,9 @@ PP_TASK_C="$START_WD/preprocessed_files/tasks--pp.c"
 cd "$PP_SCRIPT_DIR"
 pwd
 ls
-"$PP_SCRIPT"
+"$PP_SCRIPT" "$VF_DIR"
 cd "$START_WD"
 
 echo "\n\nPreprocessing script finished\n\n"
 
-$VFIDE $PP_TASK_C
+"$VF_DIR/bin/vfide" "$PP_TASK_C"

From 83d8831729c9fca859c9b408ce2b9a1263c86958 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Sat, 22 Oct 2022 11:05:09 -0400
Subject: [PATCH 041/289] Updated include paths in preprocessing script to
 ensure that only direct submodules as referenced.

---
 .../preprocess_tasks_c.sh                     |  17 +-
 .../verifast/preprocessed_files/tasks--pp.c   | 687 ++++++++++--------
 2 files changed, 386 insertions(+), 318 deletions(-)

diff --git a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
index 071b9aa7b04..025892628b4 100755
--- a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
+++ b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
@@ -7,9 +7,10 @@ ps -o comm= -p $$
 VF_DIR="$1"
 
 PP_SCRIPT_WD=`pwd`
-TASKS_C="$PP_SCRIPT_WD/../../../tasks.c"
-PROOF_SETUP_DIR="$PP_SCRIPT_WD/../proof_setup"
-DEMO_DIR="$PP_SCRIPT_WD/../FreeRTOS/Demo/CORTEX_M0+_RP2040/"
+BASE_DIR="$BASE_DIR"
+TASKS_C="$BASE_DIR/../../tasks.c"
+PROOF_SETUP_DIR="$BASE_DIR/proof_setup"
+DEMO_DIR="$BASE_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/"
 #LOG_DIR="`pwd`/build_logs"
 #BUILD_LOG="$LOG_DIR/build_log--`date +'%y_%m_%d--%H_%M'`.txt"
 TIMESTAMP=`date +'%y_%m_%d--%H_%M'`
@@ -19,11 +20,11 @@ LOG_PP_ERR="$LOG_PP_OUT_DIR/error--$TIMESTAMP.c"
 
 LOG_VF_RW_TASK_C="$LOG_PP_OUT_DIR/tasks--vf_rw--$TIMESTAMP.c"
 
-PP_OUT_DIR="$PP_SCRIPT_WD/../preprocessed_files"
+PP_OUT_DIR="$BASE_DIR/preprocessed_files"
 PP_TASK_C="$PP_OUT_DIR/tasks--pp.c"
 
-PICO_SDK_DIR="$PP_SCRIPT_WD/../sdks/pico-sdk"
-SMP_DEMO_DIR="$PP_SCRIPT_WD/../demos/FreeRTOS-SMP-Demos"
+PICO_SDK_DIR="$BASE_DIR/sdks/pico-sdk"
+SMP_DEMO_DIR="$BASE_DIR/demos/FreeRTOS-SMP-Demos"
 
 pwd
 mkdir $LOG_PP_OUT_DIR
@@ -39,8 +40,8 @@ clang -E -C  -DFREE_RTOS_KERNEL_SMP=1 -DLIB_FREERTOS_KERNEL=1 -DLIB_PICO_BIT_OPS
 -I"$VF_DIR/bin" \
 -I"$PROOF_SETUP_DIR" \
 -I"$SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore" \
--I"$SMP_DEMO_DIR/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include" \
--I"$SMP_DEMO_DIR/FreeRTOS/Source/include" \
+-I"$BASE_DIR/portable/ThirdParty/GCC/RP2040/include" \
+-I"$BASE_DIR/include" \
 -I"$PICO_SDK_DIR/src/common/pico_base/include" \
 -I"$SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base" \
 -I"$PICO_SDK_DIR/src/boards/include" \
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index 92ce023fade..8925598b712 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -1,10 +1,10 @@
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
 // # 1 "" 1
 // # 1 "" 3
 // # 400 "" 3
 // # 1 "" 1
 // # 1 "" 2
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c" 2
 /*
  * FreeRTOS SMP Kernel V202110.00
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
@@ -33,12 +33,16 @@
 
 /* Verifast proof setup */
 
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_proof_defs.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/verifast_proof_defs.h" 1
 /*
  * This file contains defines to configure the VeriFast proof setup.
  *
  */
-// # 30 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+
+
+
+    // Delete keywords VeriFast canot parse (in some contexts)
+// # 30 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c" 2
 
 
 /* Standard includes. */
@@ -143,7 +147,7 @@ long long llabs(long long x);
     //@ requires LLONG_MIN < x;
     //@ ensures result == abs(x);
     //@ terminates;
-// # 34 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 34 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c" 2
 // # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/string.h" 1
 
 
@@ -212,7 +216,7 @@ void* memset(void *array, char value, size_t size);
 char *strdup(char *string);
     //@ requires [?f]string(string, ?cs);
     //@ ensures [f]string(string, cs) &*& result == 0 ? true : string(result, cs) &*& malloc_block_chars(result, length(cs) + 1);
-// # 35 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 35 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c" 2
 
 /* Defining MPU_WRAPPERS_INCLUDED_FROM_API_FILE prevents task.h from redefining
  * all the API functions to use the MPU wrappers.  That should only be done when
@@ -220,7 +224,7 @@ char *strdup(char *string);
 
 
 /* FreeRTOS includes. */
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
@@ -281,7 +285,7 @@ typedef unsigned __int16 uint16_t;
 typedef unsigned __int32 uint32_t;
 typedef unsigned __int64 uint64_t;
 typedef unsigned __int128 uint128_t;
-// # 49 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 2
+// # 49 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 2
 
 /* *INDENT-OFF* */
 
@@ -290,7 +294,7 @@ typedef unsigned __int128 uint128_t;
 /* *INDENT-ON* */
 
 /* Application specific configuration options. */
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/FreeRTOSConfig.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/FreeRTOSConfig.h" 1
 /* This is a stub used for the VeriFast proof. */
 
 /*
@@ -336,9 +340,9 @@ typedef unsigned __int128 uint128_t;
  *----------------------------------------------------------*/
 
 /* Scheduler Related */
-// # 57 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/FreeRTOSConfig.h"
+// # 57 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/FreeRTOSConfig.h"
 /* Synchronization Related */
-// # 69 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/FreeRTOSConfig.h"
+// # 69 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/FreeRTOSConfig.h"
 /* System */
 
 
@@ -427,7 +431,7 @@ typedef unsigned __int128 uint128_t;
  * $FreeBSD: src/include/assert.h,v 1.4 2002/03/23 17:24:53 imp Exp $
  */
 
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 1 3 4
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 1 3 4
 /* This is a stub used for the VeriFast proof. */
 
 /*
@@ -506,13 +510,17 @@ typedef unsigned __int128 uint128_t;
      * e.g., `tasks.c`. But it seems like the contained defines are not propagated
      * to this file.
      */
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_proof_defs.h" 1 3 4
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/verifast_proof_defs.h" 1 3 4
 /*
  * This file contains defines to configure the VeriFast proof setup.
  *
  */
-// # 80 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 2 3 4
-// # 90 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+
+
+
+    // Delete keywords VeriFast canot parse (in some contexts)
+// # 80 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 2 3 4
+// # 90 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
 /* This SDK is designed to work with clang and specific versions of
  * gcc >= 4.0 with Apple's patch sets */
 
@@ -523,7 +531,7 @@ typedef unsigned __int128 uint128_t;
  * Compatibility with compilers and environments that don't support compiler
  * feature checking function-like macros.
  */
-// # 116 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+// # 116 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
 /*
  * The __CONCAT macro is used to concatenate parts of symbol names, e.g.
  * with "#define OLD(foo) __CONCAT(old,foo)", OLD(foo) produces oldfoo.
@@ -531,7 +539,7 @@ typedef unsigned __int128 uint128_t;
  * in between its arguments.  __CONCAT can also concatenate double-quoted
  * strings produced by the __STRING macro, but this only works with ANSI C.
  */
-// # 167 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+// # 167 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
 /*
  * __pure2 can be used for functions that are only a function of their scalar
  * arguments (meaning they can't dereference pointers).
@@ -581,11 +589,11 @@ typedef unsigned __int128 uint128_t;
  * __kpi_deprecated() specifically indicates deprecation of kernel programming
  * interfaces in Kernel.framework used by KEXTs.
  */
-// # 233 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+// # 233 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
 /* __unavailable causes the compiler to error out when encountering
  * code using the tagged function
  */
-// # 250 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+// # 250 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
 /* Delete pseudo-keywords wherever they are not available or needed. */
 
 
@@ -605,7 +613,7 @@ typedef unsigned __int128 uint128_t;
 /* Compatibility with compilers and environments that don't support the
  * nullability feature.
  */
-// # 291 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+// # 291 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
 /*
  * __disable_tail_calls causes the compiler to not perform tail call
  * optimization inside the marked function.
@@ -673,12 +681,12 @@ typedef unsigned __int128 uint128_t;
  * support c99 inline in some cases:
  * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55965
  */
-// # 384 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+// # 384 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
 /*
  * Compiler-dependent macros that bracket portions of code where the
  * "-Wunreachable-code" warning should be ignored. Please use sparingly.
  */
-// # 405 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+// # 405 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
 /*
  * Compiler-dependent macros to declare that functions take printf-like
  * or scanf-like arguments.  They are null except for versions of gcc
@@ -687,9 +695,9 @@ typedef unsigned __int128 uint128_t;
  * mismatch between the format string and subsequent function parameter
  * types.
  */
-// # 440 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+// # 440 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
 /* Source compatibility only, ID string not emitted in object file */
-// # 457 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+// # 457 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
 /*
  * __alloc_size can be used to label function arguments that represent the
  * size of memory that the function allocates and returns. The one-argument
@@ -703,7 +711,7 @@ typedef unsigned __int128 uint128_t;
  *
  * void	*calloc(size_t __count, size_t __size) __alloc_size(1,2);
  */
-// # 478 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+// # 478 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
 /*
  * COMPILATION ENVIRONMENTS -- see compat(5) for additional detail
  *
@@ -742,7 +750,7 @@ typedef unsigned __int128 uint128_t;
  */
 
 /* These settings are particular to each product. */
-// # 526 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+// # 526 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
 /*
  * The __DARWIN_ALIAS macros are used to do symbol renaming; they allow
  * legacy code to use the old symbol, thus maintaining binary compatibility
@@ -761,15 +769,15 @@ typedef unsigned __int128 uint128_t;
  * pre-10.5, and it is the default compilation environment, revert the
  * compilation environment to pre-__DARWIN_UNIX03.
  */
-// # 560 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+// # 560 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
 /*
  * symbol suffixes used for symbol versioning
  */
-// # 605 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+// # 605 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
 /*
  * symbol versioning macros
  */
-// # 623 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+// # 623 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
 /*
  * symbol release macros
  */
@@ -809,7 +817,7 @@ typedef unsigned __int128 uint128_t;
 
 
 /* Deal with various X/Open Portability Guides and Single UNIX Spec. */
-// # 675 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+// # 675 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
 /*
  * Deal with all versions of POSIX.  The ordering relative to the tests above is
  * important.
@@ -827,7 +835,7 @@ typedef unsigned __int128 uint128_t;
  * _POSIX_C_SOURCE value.  Currently there are two additional levels corresponding
  * to ANSI (_ANSI_SOURCE) and Darwin extensions (_DARWIN_C_SOURCE)
  */
-// # 703 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+// # 703 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
 /* If the developer has neither requested a strict language mode nor a version
  * of POSIX, turn on functionality provided by __STDC_WANT_LIB_EXT1__ as part
  * of __DARWIN_C_FULL.
@@ -942,17 +950,17 @@ typedef unsigned __int128 uint128_t;
 
 
 /* decay operates normally; attribute is meaningless without pointer checks. */
-// # 831 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+// # 831 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
 /*
  * Architecture validation for current SDK
  */
-// # 843 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+// # 843 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
 /*
  * Check if __probable and __improbable have already been defined elsewhere.
  * These macros inform the compiler (and humans) about which branches are likely
  * to be taken.
  */
-// # 875 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+// # 875 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
 /*
  * Similar to OS_ENUM/OS_CLOSED_ENUM/OS_OPTIONS/OS_CLOSED_OPTIONS
  *
@@ -972,18 +980,18 @@ typedef unsigned __int128 uint128_t;
 void __assert_rtn(const char *, const char *, int, const char *)   ;
 // # 92 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/assert.h" 3 4
 /* 8462256: modified __assert_rtn() replaces deprecated __eprintf() */
-// # 116 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/FreeRTOSConfig.h" 2
+// # 116 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/FreeRTOSConfig.h" 2
 /* Define to trap errors during development. */
 
 
 /* Set the following definitions to 1 to include the API function, or zero
 to exclude the API function. */
-// # 138 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/FreeRTOSConfig.h"
+// # 138 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/FreeRTOSConfig.h"
 /* A header file that defines trace macro can be included here. */
-// # 58 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 2
+// # 58 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 2
 
 /* Basic FreeRTOS definitions. */
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/projdefs.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/projdefs.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
@@ -1022,27 +1030,27 @@ typedef void (* TaskFunction_t)( void * );
 /* Converts a time in milliseconds to a time in ticks.  This macro can be
  * overridden by a macro of the same name defined in FreeRTOSConfig.h in case the
  * definition here is not suitable for your application. */
-// # 51 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/projdefs.h"
+// # 51 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/projdefs.h"
 /* FreeRTOS error definitions. */
 
 
 
 
 /* Macros used for basic data corruption checks. */
-// # 67 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/projdefs.h"
+// # 67 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/projdefs.h"
 /* The following errno values are used by FreeRTOS+ components, not FreeRTOS
  * itself. */
-// # 110 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/projdefs.h"
+// # 110 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/projdefs.h"
 /* The following endian values are used by FreeRTOS+ components, not FreeRTOS
  * itself. */
 
 
 
 /* Re-defining endian values for generic naming. */
-// # 61 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 2
+// # 61 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 2
 
 /* Definitions specific to the port being used. */
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
@@ -1086,7 +1094,7 @@ typedef void (* TaskFunction_t)( void * );
  * to make it clear that new projects should not use it, support for the port
  * specific constants has been moved into the deprecated_definitions.h header
  * file. */
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/deprecated_definitions.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/deprecated_definitions.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
@@ -1125,14 +1133,14 @@ typedef void (* TaskFunction_t)( void * );
  * portmacro.h file to be located anywhere in relation to the port being used.  The
  * definitions below remain in the code for backward compatibility only.  New
  * projects should not use them. */
-// # 45 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h" 2
+// # 45 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h" 2
 
 /* If portENTER_CRITICAL is not defined then including deprecated_definitions.h
  * did not result in a portmacro.h header file being included - and it should be
  * included here.  In this case the path to the correct portmacro.h header file
  * must be set in the compiler's include path. */
 
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
@@ -1161,8 +1169,8 @@ typedef void (* TaskFunction_t)( void * );
  * https://github.com/FreeRTOS
  *
  */
-// # 37 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
-// # 1 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico.h" 1
+// # 37 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/common/pico_base/include/pico.h" 1
 /*
  * Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
  *
@@ -1184,7 +1192,7 @@ typedef void (* TaskFunction_t)( void * );
 
 
 
-// # 1 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico/types.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/common/pico_base/include/pico/types.h" 1
 /*
  * Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
  *
@@ -1196,7 +1204,7 @@ typedef void (* TaskFunction_t)( void * );
 
 
 
-// # 1 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico/assert.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/common/pico_base/include/pico/assert.h" 1
 /*
  * Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
  *
@@ -1207,7 +1215,7 @@ typedef void (* TaskFunction_t)( void * );
 
 
 // # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdbool.h" 1
-// # 11 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico/assert.h" 2
+// # 11 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/common/pico_base/include/pico/assert.h" 2
 
 
 
@@ -1270,16 +1278,21 @@ typedef void (* TaskFunction_t)( void * );
 void __assert_rtn(const char *, const char *, int, const char *)   ;
 // # 92 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/assert.h" 3 4
 /* 8462256: modified __assert_rtn() replaces deprecated __eprintf() */
-// # 19 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico/assert.h" 2
+// # 19 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/common/pico_base/include/pico/assert.h" 2
 
 
 // PICO_CONFIG: PARAM_ASSERTIONS_ENABLE_ALL, Global assert enable, type=bool, default=0, group=pico_base
 // PICO_CONFIG: PARAM_ASSERTIONS_DISABLE_ALL, Global assert disable, type=bool, default=0, group=pico_base
-// # 13 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico/types.h" 2
+// # 35 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/common/pico_base/include/pico/assert.h"
+    /* Reason for rewrite: 
+     * Verifast cannot parse statements non-empty block statements wrapped in parentheses,
+     * i.e., it can parse `{stmt;}` but not `( {stmt;} )`.
+     */
+// # 13 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/common/pico_base/include/pico/types.h" 2
 
 
 // # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdbool.h" 1
-// # 16 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico/types.h" 2
+// # 16 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/common/pico_base/include/pico/types.h" 2
 
 
 typedef unsigned int uint;
@@ -1354,8 +1367,8 @@ typedef struct {
     int8_t min; ///< 0..59
     int8_t sec; ///< 0..59
 } datetime_t;
-// # 23 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico.h" 2
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base/pico/version.h" 1
+// # 23 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/common/pico_base/include/pico.h" 2
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base/pico/version.h" 1
 /*
  * Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
  *
@@ -1365,13 +1378,13 @@ typedef struct {
 // ---------------------------------------
 // THIS FILE IS AUTOGENERATED; DO NOT EDIT
 // ---------------------------------------
-// # 24 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico.h" 2
+// # 24 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/common/pico_base/include/pico.h" 2
 
 // PICO_CONFIG: PICO_CONFIG_HEADER, unquoted path to header include in place of the default pico/config.h which may be desirable for build systems which can't easily generate the config_autogen header, group=pico_base
 
 
 
-// # 1 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico/config.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/common/pico_base/include/pico/config.h" 1
 /*
  * Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
  *
@@ -1390,7 +1403,7 @@ typedef struct {
 // PICO_CONFIG_HEADER_FILES and then PICO_SDK__CONFIG_INCLUDE_FILES
 // entries are dumped in order at build time into this generated header
 
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base/pico/config_autogen.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base/pico/config_autogen.h" 1
 // AUTOGENERATED FROM PICO_CONFIG_HEADER_FILES and then PICO__CONFIG_HEADER_FILES
 // DO NOT EDIT!
 
@@ -1431,7 +1444,7 @@ typedef struct {
 
 
 
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/rp2040_config.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/rp2040_config.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
@@ -1459,11 +1472,11 @@ typedef struct {
  * https://www.FreeRTOS.org
  * https://github.com/FreeRTOS
  */
-// # 36 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/rp2040_config.h"
+// # 36 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/rp2040_config.h"
 /* configUSE_DYNAMIC_EXCEPTION_HANDLERS == 1 means set the exception handlers dynamically on cores
  * that need them in case the user has set up distinct vector table offsets per core
  */
-// # 47 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/rp2040_config.h"
+// # 47 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/rp2040_config.h"
 /* configSUPPORT_PICO_SYNC_INTEROP == 1 means that SDK pico_sync
  * sem/mutex/queue etc. will work correctly when called from FreeRTOS tasks
  */
@@ -1477,7 +1490,7 @@ typedef struct {
  * sleep_ms/sleep_us/sleep_until will work correctly when called from FreeRTOS
  * tasks, and will actually block at the FreeRTOS level
  */
-// # 74 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/rp2040_config.h"
+// # 74 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/rp2040_config.h"
 /* This SMP port requires two spin locks, which are claimed from the SDK.
  * the spin lock numbers to be used are defined statically and defaulted here
  * to the values nominally set aside for RTOS by the SDK */
@@ -1514,7 +1527,7 @@ typedef struct {
 
 
         extern void xPortSyncInternalYieldUntilBefore(absolute_time_t t);
-// # 8 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base/pico/config_autogen.h" 2
+// # 8 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base/pico/config_autogen.h" 2
 // # 1 "/Users/reitobia/programs/pico-sdk/src/boards/include/boards/pico.h" 1
 /*
  * Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
@@ -1550,7 +1563,7 @@ typedef struct {
 // --- FLASH ---
 // # 77 "/Users/reitobia/programs/pico-sdk/src/boards/include/boards/pico.h"
 // Drive high to force power supply into PWM mode (lower ripple on 3V3 at light loads)
-// # 9 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base/pico/config_autogen.h" 2
+// # 9 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base/pico/config_autogen.h" 2
 
 // based on PICO_RP2040_CONFIG_HEADER_FILES:
 
@@ -1560,13 +1573,13 @@ typedef struct {
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
-// # 12 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base/pico/config_autogen.h" 2
-// # 20 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico/config.h" 2
+// # 12 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base/pico/config_autogen.h" 2
+// # 20 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/common/pico_base/include/pico/config.h" 2
 
 // PICO_CONFIG: PICO_CONFIG_RTOS_ADAPTER_HEADER, unquoted path to header include in the default pico/config.h for RTOS integration defines that must be included in all sources, group=pico_base
-// # 30 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico.h" 2
+// # 30 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/common/pico_base/include/pico.h" 2
 
-// # 1 "/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h" 1
 /*
  * Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
  *
@@ -1585,7 +1598,7 @@ typedef struct {
  * This header may be included by assembly code
  */
 
-// # 1 "/Users/reitobia/programs/pico-sdk/src/rp2040/hardware_regs/include/hardware/platform_defs.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2040/hardware_regs/include/hardware/platform_defs.h" 1
 /*
  * Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
  *
@@ -1596,10 +1609,10 @@ typedef struct {
 
 
 // This header is included from C and assembler - intended mostly for #defines; guard other stuff with #ifdef __ASSEMBLER__
-// # 40 "/Users/reitobia/programs/pico-sdk/src/rp2040/hardware_regs/include/hardware/platform_defs.h"
+// # 40 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2040/hardware_regs/include/hardware/platform_defs.h"
 // PICO_CONFIG: XOSC_MHZ, The crystal oscillator frequency in Mhz, type=int, default=12, advanced=true, group=hardware_base
-// # 20 "/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h" 2
-// # 1 "/Users/reitobia/programs/pico-sdk/src/rp2040/hardware_regs/include/hardware/regs/addressmap.h" 1
+// # 20 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h" 2
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2040/hardware_regs/include/hardware/regs/addressmap.h" 1
 /**
  * Copyright (c) 2021 Raspberry Pi (Trading) Ltd.
  *
@@ -1611,8 +1624,8 @@ typedef struct {
 
 
 // Register address offsets for atomic RMW aliases
-// # 21 "/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h" 2
-// # 1 "/Users/reitobia/programs/pico-sdk/src/rp2040/hardware_regs/include/hardware/regs/sio.h" 1
+// # 21 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h" 2
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2040/hardware_regs/include/hardware/regs/sio.h" 1
 /**
  * Copyright (c) 2022 Raspberry Pi (Trading) Ltd.
  *
@@ -3268,7 +3281,7 @@ typedef struct {
 
 
 // =============================================================================
-// # 22 "/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h" 2
+// # 22 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h" 2
 
 // Marker for builds targeting the RP2040
 
@@ -3315,7 +3328,7 @@ typedef struct {
 
 
 // --- remainder of file is not included by assembly code ---
-// # 78 "/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h"
+// # 78 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h"
 /*! \brief Marker for an interrupt handler
  *  \ingroup pico_platform
  * For example an IRQ handler function called my_interrupt_handler:
@@ -3468,20 +3481,13 @@ typedef struct {
 
 
 
-/*! \brief Attribute to force inlining of a function regardless of optimization level
- *  \ingroup pico_platform
- *
- *  For example my_function here will always be inlined:
- *
- *      int __force_inline my_function(int x) {
- *
- */
-
-
-
-
-
 
+    /* Reason for rewrite:
+     * Verifast cannot parse ths define for and unknown reason.
+     *
+     * VF-TODO: What causes the parse error?
+     */
+// # 253 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h"
 /*! \brief Macro to determine the number of elements in an array
  *  \ingroup pico_platform
  */
@@ -3522,9 +3528,18 @@ static void __breakpoint(void) {
  * The compiler will not move the load from `some_other_memory_location` above the memory barrier (which it otherwise
  * might - even above the memory store!)
  */
-               static void __compiler_memory_barrier(void) {
-    __asm__ volatile ("" : : : "memory");
-}
+
+    /* Reason for rewrite: VeriFast cannot parse:
+     * - `__force_inline`
+     * - the function body
+     */
+    static void __compiler_memory_barrier(void);
+
+
+
+
+
+
 
 /*! \brief Macro for converting memory addresses to 32 bit addresses suitable for DMA
  *  \ingroup pico_platform
@@ -3542,7 +3557,12 @@ static void __breakpoint(void) {
  *  \ingroup pico_platform
  *  \see panic
  */
-void  panic_unsupported(void);
+
+    /* Reason for rewrite: VeriFast cannot parse ``. */
+    void panic_unsupported(void);
+
+
+
 
 /*! \brief Displays a panic message and halts execution
  *  \ingroup pico_platform
@@ -3553,7 +3573,12 @@ void  panic_unsupported(void);
  * @param fmt format string (printf-like)
  * @param ...  printf-like arguments
  */
-void  panic(const char *fmt, ...);
+
+    /* Reason for rewrite: VeriFast cannot parse ``. */
+    void panic(const char *fmt, ...);
+
+
+
 
 // PICO_CONFIG: PICO_NO_FPGA_CHECK, Remove the FPGA platform check for small code size reduction, type=bool, default=0, advanced=true, group=pico_runtime
 
@@ -3577,10 +3602,15 @@ uint8_t rp2040_chip_version(void);
  * @return the RP2040 rom version number (1 for RP2040-B0, 2 for RP2040-B1, 3 for RP2040-B2)
  */
 static uint8_t rp2040_rom_version(void) {
-// #pragma GCC diagnostic push
-// #pragma GCC diagnostic ignored "-Warray-bounds"
-    return *(uint8_t*)0x13;
-// #pragma GCC diagnostic pop
+
+        /* Reason for rewrite: VeriFast cannot parse GCC pragmas */
+            return *(uint8_t*)0x13;
+
+
+
+
+
+
 }
 
 /*! \brief No-op function for the body of tight loops
@@ -3590,7 +3620,13 @@ static uint8_t rp2040_rom_version(void) {
  * makes it much easier to find tight loops, but also in the future \#ifdef-ed support for lockup
  * debugging might be added
  */
-static void tight_loop_contents(void) {}
+
+    /* Reason for rewrite: VeriFast cannot parse `__force_inline`. */
+    static void tight_loop_contents(void) {}
+
+
+
+
 
 /*! \brief Multiply two integers using an assembly `MUL` instruction
  *  \ingroup pico_platform
@@ -3602,10 +3638,18 @@ static void tight_loop_contents(void) {}
  * \param b the second operand
  * \return a * b
  */
-               static int32_t __mul_instruction(int32_t a, int32_t b) {
-    asm ("mul %0, %1" : "+l" (a) : "l" (b) : );
-    return a;
-}
+
+    /* Reason for rewrite: VeriFast cannot parse:
+     * - `__force_inline`
+     * - function body
+     */
+    static int32_t __mul_instruction(int32_t a, int32_t b);
+
+
+
+
+
+
 
 /*! \brief multiply two integer values using the fastest method possible
  *  \ingroup pico_platform
@@ -3638,7 +3682,7 @@ static void tight_loop_contents(void) {}
  * \return the exception number if the CPU is handling an exception, or 0 otherwise
  */
 uint __get_current_exception(void);
-// # 408 "/Users/reitobia/programs/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h"
+// # 455 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h"
 /*! \brief Helper method to busy-wait for at least the given number of cycles
  *  \ingroup pico_platform
  *
@@ -3653,25 +3697,26 @@ uint __get_current_exception(void);
  *
  * \param minimum_cycles the minimum number of system clock cycles to delay for
  */
-static void busy_wait_at_least_cycles(uint32_t minimum_cycles) {
-    __asm volatile (
-        ".syntax unified\n"
-        "1: subs %0, #3\n"
-        "bcs 1b\n"
-        : "+r" (minimum_cycles) : : "memory"
-    );
-}
 
+    /* Reason for rewrite: VeriFast cannot parse function body. */
+    static void busy_wait_at_least_cycles(uint32_t minimum_cycles);
+// # 483 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h"
 /*! \brief Get the current core number
  *  \ingroup pico_platform
  *
  * \return The core number the call was made from
  */
-               static uint get_core_num(void) {
+
+    /* Reason for rewrite: VeriFast cannot parse `__force_inline`. */
+    static uint get_core_num(void)
+
+
+
+{
     return (*(uint32_t *) (0xd0000000u + 0x00000000u));
 }
-// # 32 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico.h" 2
-// # 1 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico/error.h" 1
+// # 32 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/common/pico_base/include/pico.h" 2
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/common/pico_base/include/pico/error.h" 1
 /*
  * Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
  *
@@ -3687,19 +3732,24 @@ static void busy_wait_at_least_cycles(uint32_t minimum_cycles) {
  * \brief Common return codes from pico_sdk methods that return a status
  * \ingroup pico_base
  */
-enum pico_error_codes {
-    PICO_OK = 0,
-    PICO_ERROR_NONE = 0,
-    PICO_ERROR_TIMEOUT = -1,
-    PICO_ERROR_GENERIC = -2,
-    PICO_ERROR_NO_DATA = -3,
-    PICO_ERROR_NOT_PERMITTED = -4,
-    PICO_ERROR_INVALID_ARG = -5,
-    PICO_ERROR_IO = -6,
-};
-// # 33 "/Users/reitobia/programs/pico-sdk/src/common/pico_base/include/pico.h" 2
-// # 38 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 2
-// # 1 "/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_sync/include/hardware/sync.h" 1
+
+    /* Reason for rewrite: 
+     * VeriFast's parser does not expect a colon after 
+     * an enum's last element.
+     */
+    enum pico_error_codes {
+        PICO_OK = 0,
+        PICO_ERROR_NONE = 0,
+        PICO_ERROR_TIMEOUT = -1,
+        PICO_ERROR_GENERIC = -2,
+        PICO_ERROR_NO_DATA = -3,
+        PICO_ERROR_NOT_PERMITTED = -4,
+        PICO_ERROR_INVALID_ARG = -5,
+        PICO_ERROR_IO = -6
+    };
+// # 33 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/common/pico_base/include/pico.h" 2
+// # 38 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 2
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2_common/hardware_sync/include/hardware/sync.h" 1
 /*
  * Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
  *
@@ -3710,7 +3760,7 @@ enum pico_error_codes {
 
 
 
-// # 1 "/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_base/include/hardware/address_mapped.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2_common/hardware_base/include/hardware/address_mapped.h" 1
 /*
  * Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
  *
@@ -3760,7 +3810,7 @@ enum pico_error_codes {
  *  For example `hw_set_alias(dma_hw)->inte1 = 0x80;` will set bit 7 of the INTE1 register of the DMA controller,
  *  leaving the other bits unchanged.
  */
-// # 58 "/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_base/include/hardware/address_mapped.h"
+// # 58 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2_common/hardware_base/include/hardware/address_mapped.h"
 // PICO_CONFIG: PARAM_ASSERTIONS_ENABLED_ADDRESS_ALIAS, Enable/disable assertions in memory address aliasing macros, type=bool, default=0, group=hardware_base
 
 
@@ -3798,7 +3848,7 @@ typedef ioptr const const_ioptr;
 // Helper method used by xip_alias macros to optionally check input validity
 static uint32_t xip_alias_check_addr(const void *addr) {
     uint32_t rc = (uintptr_t)addr;
-    ({if (((0 || 0) && !0)) (__builtin_expect(!(rc >= 0x10000000u && rc < 0x11000000u), 0) ? __assert_rtn ((const char *)-1L, "address_mapped.h", 95, "rc >= 0x10000000u && rc < 0x11000000u") : (void)0);});
+    {if (((0 || 0) && !0)) (__builtin_expect(!(rc >= 0x10000000u && rc < 0x11000000u), 0) ? __assert_rtn ((const char *)-1L, "address_mapped.h", 95, "rc >= 0x10000000u && rc < 0x11000000u") : (void)0);};
     return rc;
 }
 
@@ -3863,7 +3913,7 @@ static uint32_t xip_alias_check_addr(const void *addr) {
                static void hw_write_masked(io_rw_32 *addr, uint32_t values, uint32_t write_mask) {
     hw_xor_bits(addr, (*addr ^ values) & write_mask);
 }
-// # 12 "/Users/reitobia/programs/pico-sdk/src/rp2_common/hardware_sync/include/hardware/sync.h" 2
+// # 12 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2_common/hardware_sync/include/hardware/sync.h" 2
 
 
 
@@ -3964,9 +4014,14 @@ typedef volatile uint32_t spin_lock_t;
 
  * The SEV (send event) instruction sends an event to both cores.
  */
-               static void __sev(void) {
-    __asm volatile ("sev");
-}
+
+    /* Reason for rewrite: VeriFast cannot handle inline assembler. */
+                   static void __sev(void) ;
+
+
+
+
+
 
 /*! \brief Insert a WFE instruction in to the code path.
  *  \ingroup hardware_sync
@@ -3974,18 +4029,28 @@ typedef volatile uint32_t spin_lock_t;
  * The WFE (wait for event) instruction waits until one of a number of
  * events occurs, including events signalled by the SEV instruction on either core.
  */
-               static void __wfe(void) {
-    __asm volatile ("wfe");
-}
+
+    /* Reason for rewrite: VeriFast cannot handle inline assembler. */
+                   static void __wfe(void) ;
+
+
+
+
+
 
 /*! \brief Insert a WFI instruction in to the code path.
   *  \ingroup hardware_sync
 *
  * The WFI (wait for interrupt) instruction waits for a interrupt to wake up the core.
  */
-               static void __wfi(void) {
-    __asm volatile ("wfi");
-}
+
+    /* Reason for rewrite: VeriFast cannot handle inline assembler. */
+                   static void __wfi(void) ;
+
+
+
+
+
 
 /*! \brief Insert a DMB instruction in to the code path.
  *  \ingroup hardware_sync
@@ -3993,9 +4058,14 @@ typedef volatile uint32_t spin_lock_t;
  * The DMB (data memory barrier) acts as a memory barrier, all memory accesses prior to this
  * instruction will be observed before any explicit access after the instruction.
  */
-               static void __dmb(void) {
-    __asm volatile ("dmb" : : : "memory");
-}
+
+    /* Reason for rewrite: VeriFast cannot handle inline assembler. */
+                   static void __dmb(void) ;
+
+
+
+
+
 
 /*! \brief Insert a DSB instruction in to the code path.
  *  \ingroup hardware_sync
@@ -4004,9 +4074,14 @@ typedef volatile uint32_t spin_lock_t;
  * memory barrier (DMB). The DSB operation completes when all explicit memory
  * accesses before this instruction complete.
  */
-               static void __dsb(void) {
-    __asm volatile ("dsb" : : : "memory");
-}
+
+    /* Reason for rewrite: VeriFast cannot handle inline assembler. */
+                   static void __dsb(void) ;
+
+
+
+
+
 
 /*! \brief Insert a ISB instruction in to the code path.
  *  \ingroup hardware_sync
@@ -4015,9 +4090,14 @@ typedef volatile uint32_t spin_lock_t;
  * so that all instructions following the ISB are fetched from cache or memory again, after
  * the ISB instruction has been completed.
  */
-               static void __isb(void) {
-    __asm volatile ("isb");
-}
+
+    /* Reason for rewrite: VeriFast cannot handle inline assembler. */
+                   static void __isb(void) ;
+
+
+
+
+
 
 /*! \brief Acquire a memory fence
  *  \ingroup hardware_sync
@@ -4055,21 +4135,23 @@ typedef volatile uint32_t spin_lock_t;
  *
  * \return The prior interrupt enable status for restoration later via restore_interrupts()
  */
-               static uint32_t save_and_disable_interrupts(void) {
-    uint32_t status;
-    __asm volatile ("mrs %0, PRIMASK" : "=r" (status)::);
-    __asm volatile ("cpsid i");
-    return status;
-}
 
+    /* Reason for rewrite: VeriFast cannot handle inline assembler. */
+                   static uint32_t save_and_disable_interrupts(void);
+// # 246 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2_common/hardware_sync/include/hardware/sync.h"
 /*! \brief Restore interrupts to a specified state
  *  \ingroup hardware_sync
  *
  * \param status Previous interrupt status from save_and_disable_interrupts()
   */
-               static void restore_interrupts(uint32_t status) {
-    __asm volatile ("msr PRIMASK,%0"::"r" (status) : );
-}
+
+    /* Reason for rewrite: VeriFast cannot handle inline assembler. */
+                   static void restore_interrupts(uint32_t status) ;
+
+
+
+
+
 
 /*! \brief Get HW Spinlock instance from number
  *  \ingroup hardware_sync
@@ -4078,7 +4160,7 @@ typedef volatile uint32_t spin_lock_t;
  * \return The spinlock instance
  */
                static spin_lock_t *spin_lock_instance(uint lock_num) {
-    ({if (((0 || 0) && !0)) (__builtin_expect(!(!(lock_num >= 32u)), 0) ? __assert_rtn ((const char *)-1L, "sync.h", 226, "!(lock_num >= 32u)") : (void)0);});
+    {if (((0 || 0) && !0)) (__builtin_expect(!(!(lock_num >= 32u)), 0) ? __assert_rtn ((const char *)-1L, "sync.h", 267, "!(lock_num >= 32u)") : (void)0);};
     return (spin_lock_t *) (0xd0000000u + 0x00000100u + lock_num * 4);
 }
 
@@ -4089,7 +4171,7 @@ typedef volatile uint32_t spin_lock_t;
  * \return The Spinlock ID
  */
                static uint spin_lock_get_num(spin_lock_t *lock) {
-    ({if (((0 || 0) && !0)) (__builtin_expect(!(!((uint) lock < 0xd0000000u + 0x00000100u || (uint) lock >= 32u * sizeof(spin_lock_t) + 0xd0000000u + 0x00000100u || ((uint) lock - 0xd0000000u + 0x00000100u) % sizeof(spin_lock_t) != 0)), 0) ? __assert_rtn ((const char *)-1L, "sync.h", 239, "!((uint) lock < 0xd0000000u + 0x00000100u || (uint) lock >= 32u * sizeof(spin_lock_t) + 0xd0000000u + 0x00000100u || ((uint) lock - 0xd0000000u + 0x00000100u) % sizeof(spin_lock_t) != 0)") : (void)0);});
+    {if (((0 || 0) && !0)) (__builtin_expect(!(!((uint) lock < 0xd0000000u + 0x00000100u || (uint) lock >= 32u * sizeof(spin_lock_t) + 0xd0000000u + 0x00000100u || ((uint) lock - 0xd0000000u + 0x00000100u) % sizeof(spin_lock_t) != 0)), 0) ? __assert_rtn ((const char *)-1L, "sync.h", 280, "!((uint) lock < 0xd0000000u + 0x00000100u || (uint) lock >= 32u * sizeof(spin_lock_t) + 0xd0000000u + 0x00000100u || ((uint) lock - 0xd0000000u + 0x00000100u) % sizeof(spin_lock_t) != 0)") : (void)0);};
 
 
     return (uint) (lock - (spin_lock_t *) (0xd0000000u + 0x00000100u));
@@ -4137,7 +4219,16 @@ typedef volatile uint32_t spin_lock_t;
  *
  * \param lock Spinlock instance
  */
-       static bool is_spin_locked(spin_lock_t *lock) {
+
+    /* Reason for rewrite: 
+     * VeriFast's parser does not accept `inline` as first token in a function
+     * declaration.
+     */
+    static bool is_spin_locked(spin_lock_t *lock)
+
+
+
+{
     _Static_assert(sizeof(spin_lock_t) == (4), "hw size mismatch");
     uint lock_num = spin_lock_get_num(lock);
     return 0 != (*(io_ro_32 *) (0xd0000000u + 0x0000005cu) & (1u << lock_num));
@@ -4239,7 +4330,7 @@ int spin_lock_claim_unused(bool required);
  * \see spin_lock_claim_mask
  */
 bool spin_lock_is_claimed(uint lock_num);
-// # 39 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 2
+// # 39 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 2
 
 /*-----------------------------------------------------------
  * Port specific definitions.
@@ -4252,7 +4343,7 @@ bool spin_lock_is_claimed(uint lock_num);
  */
 
 /* Type definitions. */
-// # 59 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
+// # 59 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
     typedef uint32_t StackType_t;
     typedef int32_t BaseType_t;
     typedef uint32_t UBaseType_t;
@@ -4319,9 +4410,9 @@ bool spin_lock_is_claimed(uint lock_num);
 
 
     /* Check validity of number of cores specified in config */
-// # 133 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
+// # 133 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
     /* FreeRTOS core id is always zero based, so always 0 if we're running on only one core */
-// # 145 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
+// # 145 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
     void vYieldCore(int xCoreID);
 
 
@@ -4329,7 +4420,9 @@ bool spin_lock_is_claimed(uint lock_num);
 /*-----------------------------------------------------------*/
 
 /* Critical section management. */
-// # 162 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
+// # 161 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
+    //#define portDISABLE_INTERRUPTS() lol abc 132123
+
     extern void vPortEnableInterrupts();
 
 
@@ -4344,38 +4437,12 @@ bool spin_lock_is_claimed(uint lock_num);
      * static vars, the method is always called with a compile time constant for
      * uxAcquire, and the compiler should dothe right thing! */
     static void vPortRecursiveLock(uint32_t ulLockNum, spin_lock_t *pxSpinLock, BaseType_t uxAcquire) {
-        static uint8_t ucOwnedByCore[ 2 ];
-        static uint8_t ucRecursionCountByLock[ 2 ];
-        (__builtin_expect(!(ulLockNum >= 0 && ulLockNum < 2), 0) ? __assert_rtn ((const char *)-1L, "portmacro.h", 178, "ulLockNum >= 0 && ulLockNum < 2") : (void)0);
-        uint32_t ulCoreNum = get_core_num();
-        uint32_t ulLockBit = 1u << ulLockNum;
-        (__builtin_expect(!(ulLockBit < 256u), 0) ? __assert_rtn ((const char *)-1L, "portmacro.h", 181, "ulLockBit < 256u") : (void)0);
-        if( uxAcquire )
-        {
-            if( __builtin_expect( !*pxSpinLock, 0 ) )
-            {
-                if( ucOwnedByCore[ulCoreNum] & ulLockBit )
-                {
-                    (__builtin_expect(!(ucRecursionCountByLock[ulLockNum] != 255u), 0) ? __assert_rtn ((const char *)-1L, "portmacro.h", 188, "ucRecursionCountByLock[ulLockNum] != 255u") : (void)0);
-                    ucRecursionCountByLock[ulLockNum]++;
-                    return;
-                }
-                while ( __builtin_expect( !*pxSpinLock, 0 ) );
-            }
-            __mem_fence_acquire();
-            (__builtin_expect(!(ucRecursionCountByLock[ulLockNum] == 0), 0) ? __assert_rtn ((const char *)-1L, "portmacro.h", 195, "ucRecursionCountByLock[ulLockNum] == 0") : (void)0);
-            ucRecursionCountByLock[ulLockNum] = 1;
-            ucOwnedByCore[ulCoreNum] |= ulLockBit;
-        } else {
-            (__builtin_expect(!((ucOwnedByCore[ulCoreNum] & ulLockBit) != 0), 0) ? __assert_rtn ((const char *)-1L, "portmacro.h", 199, "(ucOwnedByCore[ulCoreNum] & ulLockBit) != 0") : (void)0);
-            (__builtin_expect(!(ucRecursionCountByLock[ulLockNum] != 0), 0) ? __assert_rtn ((const char *)-1L, "portmacro.h", 200, "ucRecursionCountByLock[ulLockNum] != 0") : (void)0);
-            if( !--ucRecursionCountByLock[ulLockNum] )
-            {
-                ucOwnedByCore[ulCoreNum] &= ~ulLockBit;
-                __mem_fence_release();
-                *pxSpinLock = 1;
-            }
-        }
+
+            /* Reason for rewrite: 
+             * VeriFast does not support static, local variables.
+             */
+            (__builtin_expect(!(false), 0) ? __assert_rtn ((const char *)-1L, "portmacro.h", 181, "false") : (void)0);
+// # 216 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
     }
 
 
@@ -4393,15 +4460,15 @@ bool spin_lock_is_claimed(uint lock_num);
 /*-----------------------------------------------------------*/
 
 /* Task function macros as described on the FreeRTOS.org WEB site. */
-// # 52 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h" 2
-// # 94 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h"
+// # 52 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h" 2
+// # 94 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h"
 /* *INDENT-OFF* */
 
 
 
 /* *INDENT-ON* */
 
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/mpu_wrappers.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/mpu_wrappers.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
@@ -4433,7 +4500,7 @@ bool spin_lock_is_claimed(uint lock_num);
 
 /* This file redefines API functions to be called through a wrapper macro, but
  * only for ports that are using the MPU. */
-// # 101 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h" 2
+// # 101 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h" 2
 
 /*
  * Setup the stack of a new task so it is ready to be placed under the
@@ -4441,7 +4508,7 @@ bool spin_lock_is_claimed(uint lock_num);
  * the order that the port expects to find them.
  *
  */
-// # 128 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h"
+// # 128 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h"
         StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
                                              TaskFunction_t pxCode,
                                              void * pvParameters ) ;
@@ -4495,7 +4562,7 @@ void vPortFree( void * pv ) ;
 void vPortInitialiseBlocks( void ) ;
 size_t xPortGetFreeHeapSize( void ) ;
 size_t xPortGetMinimumEverFreeHeapSize( void ) ;
-// # 190 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h"
+// # 190 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h"
 /*
  * Setup the hardware ready for the scheduler to take control.  This generally
  * sets up a tick interrupt and sets timers for the correct tick frequency.
@@ -4516,13 +4583,13 @@ void vPortEndScheduler( void ) ;
  * Fills the xMPUSettings structure with the memory region information
  * contained in xRegions.
  */
-// # 218 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h"
+// # 218 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h"
 /* *INDENT-OFF* */
 
 
 
 /* *INDENT-ON* */
-// # 64 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 2
+// # 64 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 2
 
 /* Must be defaulted before configUSE_NEWLIB_REENTRANT is used below. */
 
@@ -4539,21 +4606,21 @@ void vPortEndScheduler( void ) ;
  * These macros are application specific and (as downloaded) are defined
  * within FreeRTOSConfig.h.
  */
-// # 140 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
+// # 140 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
         /* If INCLUDE_vTaskDelayUntil is set but INCLUDE_xTaskDelayUntil is not then
          * the project's FreeRTOSConfig.h probably pre-dates the introduction of
          * xTaskDelayUntil and setting INCLUDE_xTaskDelayUntil to whatever
          * INCLUDE_vTaskDelayUntil is set to will ensure backward compatibility.
          */
-// # 274 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
+// # 274 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
 /* configPRECONDITION should be defined as configASSERT.
  * The CBMC proofs need a way to track assumptions and assertions.
  * A configPRECONDITION statement should express an implicit invariant or
  * assumption made.  A configASSERT statement should express an invariant that must
  * hold explicit before calling the code. */
-// # 303 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
+// # 303 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
 /* The timers module relies on xTaskGetSchedulerState(). */
-// # 358 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
+// # 358 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
 /* Remove any unused trace macros. */
 
 
@@ -4643,13 +4710,13 @@ void vPortEndScheduler( void ) ;
  * queue/mutex/semaphore.  pxQueue is a pointer to the queue/mutex/semaphore
  * upon which the write was attempted.  pxCurrentTCB points to the TCB of the
  * task that attempted the write. */
-// # 462 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
+// # 462 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
 /* The following event macros are embedded in the kernel API calls. */
-// # 917 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
+// # 917 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
     /* Defaults to 0 for backward compatibility. */
-// # 936 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
+// # 936 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
 /* Sanity check the configuration. */
-// # 978 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
+// # 978 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
 /* The tick type can be read atomically, so critical sections used when the
  * tick count is returned can be defined away. */
 
@@ -4690,7 +4757,7 @@ void vPortEndScheduler( void ) ;
 
 /* The application writer has not provided their own MIN macro, so define
  * the following generic implementation. */
-// # 1059 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
+// # 1059 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
 /* Set configUSE_TASK_FPU_SUPPORT to 0 to omit floating point support even
  * if floating point hardware is otherwise supported by the FreeRTOS port in use.
  * This constant is not supported by all FreeRTOS ports that include floating
@@ -4864,7 +4931,7 @@ typedef struct xSTATIC_TCB
 
 
         void * pvDummy15[ 5 ];
-// # 1240 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
+// # 1240 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
         uint32_t ulDummy18[ 1 ];
         uint8_t ucDummy19[ 1 ];
 
@@ -5010,8 +5077,8 @@ typedef StaticStreamBuffer_t StaticMessageBuffer_t;
 
 
 /* *INDENT-ON* */
-// # 43 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h" 1
+// # 43 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c" 2
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
@@ -5037,8 +5104,8 @@ typedef StaticStreamBuffer_t StaticMessageBuffer_t;
  * https://github.com/FreeRTOS
  *
  */
-// # 35 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h"
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/list.h" 1
+// # 35 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h"
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/list.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
@@ -5092,7 +5159,7 @@ typedef StaticStreamBuffer_t StaticMessageBuffer_t;
  * \page ListIntroduction List Implementation
  * \ingroup FreeRTOSIntro
  */
-// # 63 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/list.h"
+// # 63 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/list.h"
 /*
  * The list structure members are modified from within interrupts, and therefore
  * by rights should be declared volatile.  However, they are only modified in a
@@ -5138,7 +5205,7 @@ typedef StaticStreamBuffer_t StaticMessageBuffer_t;
  * use of FreeRTOS.*/
 
     /* Define the macros to do nothing. */
-// # 138 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/list.h"
+// # 138 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/list.h"
 /*
  * Definition of the only type of object that a list can contain.
  */
@@ -5280,7 +5347,7 @@ typedef struct xLIST
  * \page listGET_OWNER_OF_NEXT_ENTRY listGET_OWNER_OF_NEXT_ENTRY
  * \ingroup LinkedList
  */
-// # 293 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/list.h"
+// # 293 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/list.h"
 /*
  * Access function to obtain the owner of the first entry in a list.  Lists
  * are normally sorted in ascending item value order.
@@ -5404,7 +5471,7 @@ UBaseType_t uxListRemove( ListItem_t * const pxItemToRemove ) ;
 
 
 /* *INDENT-ON* */
-// # 36 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h" 2
+// # 36 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h" 2
 
 /* *INDENT-OFF* */
 
@@ -5860,7 +5927,7 @@ typedef enum
  * \defgroup xTaskCreateStatic xTaskCreateStatic
  * \ingroup Tasks
  */
-// # 501 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h"
+// # 501 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h"
 /**
  * task. h
  * 
@@ -6605,7 +6672,7 @@ void vTaskResume( TaskHandle_t xTaskToResume ) ;
  * \ingroup TaskCtrl
  */
 BaseType_t xTaskResumeFromISR( TaskHandle_t xTaskToResume ) ;
-// # 1333 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h"
+// # 1333 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h"
 /**
  * @brief Disables preemption for a task.
  *
@@ -7004,7 +7071,7 @@ uint32_t uxTaskGetStackHighWaterMark2( TaskHandle_t xTask ) ;
  * fixed by simply guarding against the inclusion of these two prototypes unless
  * they are explicitly required by the configUSE_APPLICATION_TASK_TAG configuration
  * constant. */
-// # 1774 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h"
+// # 1774 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h"
 /* Each task contains an array of pointers that is dimensioned by the
  * configNUM_THREAD_LOCAL_STORAGE_POINTERS setting in FreeRTOSConfig.h.  The
  * kernel does not use the pointers itself, so the application writer can use
@@ -7044,7 +7111,7 @@ uint32_t uxTaskGetStackHighWaterMark2( TaskHandle_t xTask ) ;
      * This hook function is called in the system tick handler after any OS work is completed.
      */
     void vApplicationTickHook( void ); /*lint !e526 Symbol not defined as it is an application callback. */
-// # 1833 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h"
+// # 1833 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h"
 /**
  * task.h
  * 
@@ -8460,8 +8527,8 @@ void vTaskYieldWithinAPI( void );
 
 
 /* *INDENT-ON* */
-// # 44 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h" 1
+// # 44 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c" 2
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
@@ -8487,7 +8554,7 @@ void vTaskYieldWithinAPI( void );
  * https://github.com/FreeRTOS
  *
  */
-// # 35 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h"
+// # 35 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h"
 /*lint -save -e537 This headers are only multiply included if the application code
  * happens to also be including task.h. */
 
@@ -8508,7 +8575,7 @@ void vTaskYieldWithinAPI( void );
  * as defined below.  The commands that are sent from interrupts must use the
  * highest numbers as tmrFIRST_FROM_ISR_COMMAND is used to determine if the task
  * or interrupt version of the queue send function should be used. */
-// # 71 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h"
+// # 71 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h"
 /**
  * Type by which software timers are referenced.  For example, a call to
  * xTimerCreate() returns an TimerHandle_t variable that can then be used to
@@ -8797,7 +8864,7 @@ typedef void (* PendedFunction_t)( void *,
  * }
  * @endverbatim
  */
-// # 368 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h"
+// # 368 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h"
 /**
  * void *pvTimerGetTimerID( TimerHandle_t xTimer );
  *
@@ -9773,14 +9840,14 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
     void vTimerSetTimerNumber( TimerHandle_t xTimer,
                                UBaseType_t uxTimerNumber ) ;
     UBaseType_t uxTimerGetTimerNumber( TimerHandle_t xTimer ) ;
-// # 1364 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h"
+// # 1364 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h"
 /* *INDENT-OFF* */
 
 
 
 /* *INDENT-ON* */
-// # 45 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h" 1
+// # 45 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c" 2
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
@@ -9830,17 +9897,17 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
  * portSTACK_LIMIT_PADDING is a number of extra words to consider to be in
  * use on the stack.
  */
-// # 67 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h"
+// # 67 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h"
 /*-----------------------------------------------------------*/
-// # 83 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h"
+// # 83 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h"
 /*-----------------------------------------------------------*/
-// # 102 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h"
+// # 102 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h"
 /*-----------------------------------------------------------*/
-// # 126 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h"
+// # 126 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h"
 /*-----------------------------------------------------------*/
 
 /* Remove stack overflow macro if not being used. */
-// # 46 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 46 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c" 2
 
 /* Lint e9021, e961 and e750 are suppressed as a MISRA exception justified
  * because the MPU ports require MPU_WRAPPERS_INCLUDED_FROM_API_FILE to be defined
@@ -9850,7 +9917,7 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
 
 /* Set configUSE_STATS_FORMATTING_FUNCTIONS to 2 to include the stats formatting
  * functions but without including stdio.h here. */
-// # 73 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 73 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
 /* Values that can be assigned to the ucNotifyState member of the TCB. */
 
 
@@ -9907,18 +9974,18 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
 
 /* uxTopReadyPriority holds the priority of the highest priority ready
  * state task. */
-// # 137 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 137 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
     /*-----------------------------------------------------------*/
 
 /* Define away taskRESET_READY_PRIORITY() and portRESET_READY_PRIORITY() as
  * they are only required when a port optimised method of task selection is
  * being used. */
-// # 171 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 171 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
 /*-----------------------------------------------------------*/
 
 /* pxDelayedTaskList and pxOverflowDelayedTaskList are switched when the tick
  * count overflows. */
-// # 189 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 189 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
 /*-----------------------------------------------------------*/
 
 /*
@@ -9973,7 +10040,7 @@ typedef BaseType_t TaskRunning_t;
 typedef struct tskTaskControlBlock /* The old naming convention is used to prevent breaking kernel aware debuggers. */
 {
     volatile StackType_t * pxTopOfStack; /*< Points to the location of the last item placed on the tasks stack.  THIS MUST BE THE FIRST MEMBER OF THE TCB STRUCT. */
-// # 252 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 252 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
     ListItem_t xStateListItem; /*< The list that the state list item of a task is reference from denotes the state of that task (Ready, Blocked, Suspended ). */
     ListItem_t xEventListItem; /*< Used to reference a task from an event list. */
     UBaseType_t uxPriority; /*< The priority of the task.  0 is the lowest priority. */
@@ -9981,7 +10048,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve
     volatile TaskRunning_t xTaskRunState; /*< Used to identify the core the task is running on, if any. */
     BaseType_t xIsIdle; /*< Used to identify the idle tasks. */
     char pcTaskName[ 16 ]; /*< Descriptive name given to the task when created.  Facilitates debugging only. */ /*lint !e971 Unqualified char types are allowed for strings and single characters only. */
-// # 269 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 269 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
         UBaseType_t uxCriticalNesting; /*< Holds the critical section nesting depth for ports that do not maintain their own count in the port layer. */
 
 
@@ -10001,7 +10068,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve
 
 
         void * pvThreadLocalStoragePointers[ 5 ];
-// # 309 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 309 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
         volatile uint32_t ulNotifiedValue[ 1 ];
         volatile uint8_t ucNotifyState[ 1 ];
 
@@ -10092,7 +10159,7 @@ const volatile UBaseType_t uxTopUsedPriority = 32 - 1U;
  * must not be done by an ISR. Reads must be protected by either lock and may be done by
  * either an ISR or a task. */
                 static volatile UBaseType_t uxSchedulerSuspended = ( UBaseType_t ) ( ( BaseType_t ) 0 );
-// # 409 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 409 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
 /*lint -restore */
 
 /*-----------------------------------------------------------*/
@@ -10245,7 +10312,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
  * will exit the Blocked state.
  */
 static void prvResetNextTaskUnblockTime( void ) ;
-// # 573 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 573 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
 /*
  * Called after a Task_t structure has been allocated either statically or
  * dynamically to fill in the structure's members.
@@ -10277,9 +10344,9 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) ;
 
 
 /*-----------------------------------------------------------*/
-// # 623 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 623 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
 /*-----------------------------------------------------------*/
-// # 706 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 706 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvYieldCore( BaseType_t xCoreID )
@@ -10322,7 +10389,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
     /* THIS FUNCTION MUST BE CALLED FROM A CRITICAL SECTION */
 
     (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 747, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
-// # 760 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 760 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
     xLowestPriority = ( BaseType_t ) pxTCB->uxPriority;
 
     if( xPreemptEqualPriority == ( ( BaseType_t ) 0 ) )
@@ -10361,7 +10428,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
             {
                                         ;
             }
-// # 814 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 814 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
         }
         else
         {
@@ -10374,7 +10441,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
         prvYieldCore( xLowestPriorityCore );
         xYieldCount++;
     }
-// # 834 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 834 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
 }
 /*-----------------------------------------------------------*/
 
@@ -10385,10 +10452,10 @@ static void prvYieldForTask( TCB_t * pxTCB,
         UBaseType_t uxCurrentPriority = uxTopReadyPriority;
         BaseType_t xTaskScheduled = ( ( BaseType_t ) 0 );
         BaseType_t xDecrementTopPriority = ( ( BaseType_t ) 1 );
-// # 852 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 852 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
         while( xTaskScheduled == ( ( BaseType_t ) 0 ) )
         {
-// # 866 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 866 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
             if( ( ( ( &( pxReadyTasksLists[ uxCurrentPriority ] ) )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) == ( ( BaseType_t ) 0 ) )
             {
                 List_t * const pxReadyList = &( pxReadyTasksLists[ uxCurrentPriority ] );
@@ -10418,7 +10485,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     pxTCB = pxTaskItem->pvOwner;
 
                     /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */
-// # 911 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 911 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
                     if( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -1 ) )
                     {
 
@@ -10488,16 +10555,16 @@ static void prvYieldForTask( TCB_t * pxTCB,
         }
 
         (__builtin_expect(!(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 979, "( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )") : (void)0);
-// # 1055 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1055 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
         return ( ( BaseType_t ) 1 );
     }
-// # 1071 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1071 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
 /*-----------------------------------------------------------*/
-// # 1149 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1149 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
 /*-----------------------------------------------------------*/
-// # 1212 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1212 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
 /*-----------------------------------------------------------*/
-// # 1278 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1278 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -10508,7 +10575,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                             void * const pvParameters,
                             UBaseType_t uxPriority,
                             TaskHandle_t * const pxCreatedTask )
-// # 1301 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1301 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
     {
         TCB_t * pxNewTCB;
         BaseType_t xReturn;
@@ -10516,7 +10583,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
         /* If the stack grows down then allocate the stack then the TCB so the stack
          * does not grow into the TCB.  Likewise if the stack grows up then allocate
          * the TCB then the stack. */
-// # 1331 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1331 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
             {
                 StackType_t * pxStack;
 
@@ -10549,9 +10616,9 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
         if( pxNewTCB != 0 )
         {
-// # 1371 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1371 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
             prvInitialiseNewTask( pxTaskCode, pcName, ( uint32_t ) usStackDepth, pvParameters, uxPriority, pxCreatedTask, pxNewTCB, 0 );
-// # 1380 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1380 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
             prvAddNewTaskToReadyList( pxNewTCB );
             xReturn = ( ( ( BaseType_t ) 1 ) );
         }
@@ -10577,7 +10644,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 {
     StackType_t * pxTopOfStack;
     UBaseType_t x;
-// # 1421 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1421 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
     /* Avoid dependency on memset() if it is not required. */
 
         {
@@ -10597,9 +10664,9 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 
             /* Check the alignment of the calculated top of stack is correct. */
             (__builtin_expect(!(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1439, "( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )") : (void)0);
-// # 1448 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1448 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
         }
-// # 1462 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1462 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
     /* Store the task name in the TCB. */
     if( pcName != 0 )
     {
@@ -10665,7 +10732,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         {
             pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U;
         }
-// # 1546 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1546 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
         {
             /* Avoid compiler warning about unreferenced parameter. */
             ( void ) xRegions;
@@ -10683,21 +10750,21 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             memset( ( void * ) &( pxNewTCB->ulNotifiedValue[ 0 ] ), 0x00, sizeof( pxNewTCB->ulNotifiedValue ) );
             memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) );
         }
-// # 1575 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1575 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
         {
             pxNewTCB->ucDelayAborted = ( ( BaseType_t ) 0 );
         }
-// # 1593 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1593 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
     /* Initialize the TCB stack to look as if the task was already running,
      * but had been interrupted by the scheduler.  The return address is set
      * to the start of the task function. Once the stack has been initialised
      * the top of stack variable is updated. */
-// # 1621 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1621 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
         {
             /* If the port has capability to detect stack overflow,
              * pass the stack end address to the stack initialization
              * function as well. */
-// # 1638 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1638 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
                 {
                     pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters );
                 }
@@ -11374,13 +11441,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
 /*-----------------------------------------------------------*/
-// # 2348 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2348 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
 /*-----------------------------------------------------------*/
-// # 2371 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2371 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
 /*-----------------------------------------------------------*/
-// # 2389 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2389 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
 /*-----------------------------------------------------------*/
-// # 2417 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2417 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -11733,7 +11800,7 @@ static BaseType_t prvCreateIdleTasks( void )
         {
                                     ;
         }
-// # 2816 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2816 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
             {
                 if( xCoreID == 0 )
                 {
@@ -11745,7 +11812,7 @@ static BaseType_t prvCreateIdleTasks( void )
                                            ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */
                                            &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */
                 }
-// # 2839 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2839 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
             }
 
     }
@@ -11782,7 +11849,7 @@ void vTaskStartScheduler( void )
          * so interrupts will automatically get re-enabled when the first task
          * starts to run. */
         ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;});
-// # 2889 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2889 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
         xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL;
         xSchedulerRunning = ( ( BaseType_t ) 1 );
         xTickCount = ( TickType_t ) 0;
@@ -11879,7 +11946,7 @@ void vTaskSuspendAll( void )
     }
 }
 /*----------------------------------------------------------*/
-// # 3047 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3047 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskResumeAll( void )
@@ -12238,7 +12305,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                          * each task in the Suspended state. */
                         uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended );
                     }
-// # 3419 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3419 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
                     {
                         if( pulTotalRunTime != 0 )
                         {
@@ -12277,7 +12344,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
  * This is to ensure vTaskStepTick() is available when user defined low power mode
  * implementations require configUSE_TICKLESS_IDLE to be set to a value other than
  * 1. */
-// # 3470 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3470 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
@@ -12587,13 +12654,13 @@ BaseType_t xTaskIncrementTick( void )
     return xSwitchRequired;
 }
 /*-----------------------------------------------------------*/
-// # 3808 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3808 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
 /*-----------------------------------------------------------*/
-// # 3832 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3832 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
 /*-----------------------------------------------------------*/
-// # 3857 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3857 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
 /*-----------------------------------------------------------*/
-// # 3890 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3890 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
 /*-----------------------------------------------------------*/
 
 void vTaskSwitchContext( BaseType_t xCoreID )
@@ -12623,7 +12690,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
         {
             xYieldPendings[ xCoreID ] = ( ( BaseType_t ) 0 );
                                     ;
-// # 3948 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3948 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
             /* Check for stack overflow, if configured. */
             { const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } };
 
@@ -12640,7 +12707,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
                                    ;
 
             /* After the new task is switched in, update the global errno. */
-// # 3982 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3982 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
         }
     }
     vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 0 ));
@@ -12753,7 +12820,7 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
     {
         ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) );
         ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ;
-// # 4108 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4108 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
     }
     else
     {
@@ -12793,7 +12860,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
     pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
     (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4145, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( pxEventListItem );
-// # 4162 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4162 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
     /* Remove the task from the delayed list and add it to the ready list.  The
      * scheduler is suspended so interrupts will not be accessing the ready
      * lists. */
@@ -12951,7 +13018,7 @@ void vTaskMissedYield( void )
  *
  * @todo additional conditional compiles to remove this function.
  */
-// # 4379 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4379 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
 /*
  * -----------------------------------------------------------
  * The Idle task.
@@ -12981,7 +13048,7 @@ static void prvIdleTask( void * pvParameters )
         /* See if any tasks have deleted themselves - if so then the idle task
          * is responsible for freeing the deleted task's TCB and stack. */
         prvCheckTasksWaitingTermination();
-// # 4420 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4420 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
             {
                 /* When using preemption tasks of equal priority will be
                  * timesliced.  If a task that is sharing the idle priority is ready
@@ -13002,16 +13069,16 @@ static void prvIdleTask( void * pvParameters )
                                             ;
                 }
             }
-// # 4456 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4456 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
         /* This conditional compilation should use inequality to 0, not equality
          * to 1.  This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when
          * user defined low power mode  implementations require
          * configUSE_TICKLESS_IDLE to be set to a value other than 1. */
-// # 4521 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4521 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
     }
 }
 /*-----------------------------------------------------------*/
-// # 4571 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4571 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13056,7 +13123,7 @@ static void prvIdleTask( void * pvParameters )
 
 
 /*-----------------------------------------------------------*/
-// # 4631 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4631 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvInitialiseTaskLists( void )
@@ -13158,7 +13225,7 @@ static void prvCheckTasksWaitingTermination( void )
             {
                 pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority;
             }
-// # 4743 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4743 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
             {
                 pxTaskStatus->ulRunTimeCounter = 0;
             }
@@ -13279,7 +13346,7 @@ static void prvCheckTasksWaitingTermination( void )
 
 
 /*-----------------------------------------------------------*/
-// # 4902 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4902 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13336,7 +13403,7 @@ static void prvCheckTasksWaitingTermination( void )
                 vPortFree( pxTCB->pxStack );
                 vPortFree( pxTCB );
             }
-// # 4985 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4985 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
     }
 
 
@@ -13815,11 +13882,11 @@ void vTaskYieldWithinAPI( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5489 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5489 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
 /*-----------------------------------------------------------*/
-// # 5595 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5595 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
 /*----------------------------------------------------------*/
-// # 5722 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5722 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
 /*-----------------------------------------------------------*/
 
 TickType_t uxTaskResetEventItemValue( void )
@@ -14093,7 +14160,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
                 /* The task should not have been on an event list. */
                 (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5994, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
-// # 6013 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6013 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
                     {
                         prvYieldForTask( pxTCB, ( ( BaseType_t ) 0 ) );
                     }
@@ -14387,7 +14454,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
 
 /*-----------------------------------------------------------*/
-// # 6322 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6322 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
@@ -14463,7 +14530,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                 }
             }
         }
-// # 6434 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6434 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
 }
 
 /* Code below here allows additional code to be inserted into this source file,

From ea00b82275ef2a6fdf7ba68afdf4d5ec473f3827 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Sat, 22 Oct 2022 11:56:03 -0400
Subject: [PATCH 042/289] Simplified paths in preprocessing script

---
 .../preprocess_tasks_c.sh                     |  24 +-
 .../verifast/preprocessed_files/tasks--pp.c   | 450 +++++++++---------
 2 files changed, 252 insertions(+), 222 deletions(-)

diff --git a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
index 025892628b4..3e25cf643ec 100755
--- a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
+++ b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
@@ -7,10 +7,17 @@ ps -o comm= -p $$
 VF_DIR="$1"
 
 PP_SCRIPT_WD=`pwd`
-BASE_DIR="$BASE_DIR"
-TASKS_C="$BASE_DIR/../../tasks.c"
-PROOF_SETUP_DIR="$BASE_DIR/proof_setup"
-DEMO_DIR="$BASE_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/"
+REPO_BASE_DIR=`cd ../../..; pwd`
+PROOF_DIR=`cd ..; pwd`
+
+
+TASKS_C="$REPO_BASE_DIR/tasks.c"
+
+PROOF_SETUP_DIR="$PROOF_DIR/proof_setup"
+PICO_SDK_DIR="$PROOF_DIR/sdks/pico-sdk"
+SMP_DEMO_DIR="$PROOF_DIR/demos/FreeRTOS-SMP-Demos"
+
+
 #LOG_DIR="`pwd`/build_logs"
 #BUILD_LOG="$LOG_DIR/build_log--`date +'%y_%m_%d--%H_%M'`.txt"
 TIMESTAMP=`date +'%y_%m_%d--%H_%M'`
@@ -20,11 +27,10 @@ LOG_PP_ERR="$LOG_PP_OUT_DIR/error--$TIMESTAMP.c"
 
 LOG_VF_RW_TASK_C="$LOG_PP_OUT_DIR/tasks--vf_rw--$TIMESTAMP.c"
 
-PP_OUT_DIR="$BASE_DIR/preprocessed_files"
+PP_OUT_DIR="$PROOF_DIR/preprocessed_files"
 PP_TASK_C="$PP_OUT_DIR/tasks--pp.c"
 
-PICO_SDK_DIR="$BASE_DIR/sdks/pico-sdk"
-SMP_DEMO_DIR="$BASE_DIR/demos/FreeRTOS-SMP-Demos"
+
 
 pwd
 mkdir $LOG_PP_OUT_DIR
@@ -40,8 +46,8 @@ clang -E -C  -DFREE_RTOS_KERNEL_SMP=1 -DLIB_FREERTOS_KERNEL=1 -DLIB_PICO_BIT_OPS
 -I"$VF_DIR/bin" \
 -I"$PROOF_SETUP_DIR" \
 -I"$SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore" \
--I"$BASE_DIR/portable/ThirdParty/GCC/RP2040/include" \
--I"$BASE_DIR/include" \
+-I"$SMP_DEMO_DIR/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include" \
+-I"$SMP_DEMO_DIR/FreeRTOS/Source/include" \
 -I"$PICO_SDK_DIR/src/common/pico_base/include" \
 -I"$SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base" \
 -I"$PICO_SDK_DIR/src/boards/include" \
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index 8925598b712..d94bf411dff 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -1,10 +1,10 @@
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 // # 1 "" 1
 // # 1 "" 3
 // # 400 "" 3
 // # 1 "" 1
 // # 1 "" 2
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c" 2
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 /*
  * FreeRTOS SMP Kernel V202110.00
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
@@ -33,7 +33,7 @@
 
 /* Verifast proof setup */
 
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/verifast_proof_defs.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_proof_defs.h" 1
 /*
  * This file contains defines to configure the VeriFast proof setup.
  *
@@ -42,7 +42,7 @@
 
 
     // Delete keywords VeriFast canot parse (in some contexts)
-// # 30 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c" 2
+// # 30 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
 
 /* Standard includes. */
@@ -147,7 +147,7 @@ long long llabs(long long x);
     //@ requires LLONG_MIN < x;
     //@ ensures result == abs(x);
     //@ terminates;
-// # 34 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c" 2
+// # 34 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/string.h" 1
 
 
@@ -216,7 +216,7 @@ void* memset(void *array, char value, size_t size);
 char *strdup(char *string);
     //@ requires [?f]string(string, ?cs);
     //@ ensures [f]string(string, cs) &*& result == 0 ? true : string(result, cs) &*& malloc_block_chars(result, length(cs) + 1);
-// # 35 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c" 2
+// # 35 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
 /* Defining MPU_WRAPPERS_INCLUDED_FROM_API_FILE prevents task.h from redefining
  * all the API functions to use the MPU wrappers.  That should only be done when
@@ -224,7 +224,7 @@ char *strdup(char *string);
 
 
 /* FreeRTOS includes. */
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
@@ -285,7 +285,7 @@ typedef unsigned __int16 uint16_t;
 typedef unsigned __int32 uint32_t;
 typedef unsigned __int64 uint64_t;
 typedef unsigned __int128 uint128_t;
-// # 49 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 2
+// # 49 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 2
 
 /* *INDENT-OFF* */
 
@@ -294,7 +294,7 @@ typedef unsigned __int128 uint128_t;
 /* *INDENT-ON* */
 
 /* Application specific configuration options. */
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/FreeRTOSConfig.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/FreeRTOSConfig.h" 1
 /* This is a stub used for the VeriFast proof. */
 
 /*
@@ -340,9 +340,9 @@ typedef unsigned __int128 uint128_t;
  *----------------------------------------------------------*/
 
 /* Scheduler Related */
-// # 57 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/FreeRTOSConfig.h"
+// # 57 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/FreeRTOSConfig.h"
 /* Synchronization Related */
-// # 69 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/FreeRTOSConfig.h"
+// # 69 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/FreeRTOSConfig.h"
 /* System */
 
 
@@ -431,7 +431,7 @@ typedef unsigned __int128 uint128_t;
  * $FreeBSD: src/include/assert.h,v 1.4 2002/03/23 17:24:53 imp Exp $
  */
 
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 1 3 4
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 1 3 4
 /* This is a stub used for the VeriFast proof. */
 
 /*
@@ -510,7 +510,7 @@ typedef unsigned __int128 uint128_t;
      * e.g., `tasks.c`. But it seems like the contained defines are not propagated
      * to this file.
      */
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/verifast_proof_defs.h" 1 3 4
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_proof_defs.h" 1 3 4
 /*
  * This file contains defines to configure the VeriFast proof setup.
  *
@@ -519,8 +519,8 @@ typedef unsigned __int128 uint128_t;
 
 
     // Delete keywords VeriFast canot parse (in some contexts)
-// # 80 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 2 3 4
-// # 90 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
+// # 80 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 2 3 4
+// # 90 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /* This SDK is designed to work with clang and specific versions of
  * gcc >= 4.0 with Apple's patch sets */
 
@@ -531,7 +531,7 @@ typedef unsigned __int128 uint128_t;
  * Compatibility with compilers and environments that don't support compiler
  * feature checking function-like macros.
  */
-// # 116 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
+// # 116 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /*
  * The __CONCAT macro is used to concatenate parts of symbol names, e.g.
  * with "#define OLD(foo) __CONCAT(old,foo)", OLD(foo) produces oldfoo.
@@ -539,7 +539,7 @@ typedef unsigned __int128 uint128_t;
  * in between its arguments.  __CONCAT can also concatenate double-quoted
  * strings produced by the __STRING macro, but this only works with ANSI C.
  */
-// # 167 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
+// # 167 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /*
  * __pure2 can be used for functions that are only a function of their scalar
  * arguments (meaning they can't dereference pointers).
@@ -589,11 +589,11 @@ typedef unsigned __int128 uint128_t;
  * __kpi_deprecated() specifically indicates deprecation of kernel programming
  * interfaces in Kernel.framework used by KEXTs.
  */
-// # 233 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
+// # 233 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /* __unavailable causes the compiler to error out when encountering
  * code using the tagged function
  */
-// # 250 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
+// # 250 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /* Delete pseudo-keywords wherever they are not available or needed. */
 
 
@@ -613,7 +613,7 @@ typedef unsigned __int128 uint128_t;
 /* Compatibility with compilers and environments that don't support the
  * nullability feature.
  */
-// # 291 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
+// # 291 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /*
  * __disable_tail_calls causes the compiler to not perform tail call
  * optimization inside the marked function.
@@ -681,12 +681,12 @@ typedef unsigned __int128 uint128_t;
  * support c99 inline in some cases:
  * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55965
  */
-// # 384 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
+// # 384 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /*
  * Compiler-dependent macros that bracket portions of code where the
  * "-Wunreachable-code" warning should be ignored. Please use sparingly.
  */
-// # 405 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
+// # 405 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /*
  * Compiler-dependent macros to declare that functions take printf-like
  * or scanf-like arguments.  They are null except for versions of gcc
@@ -695,9 +695,9 @@ typedef unsigned __int128 uint128_t;
  * mismatch between the format string and subsequent function parameter
  * types.
  */
-// # 440 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
+// # 440 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /* Source compatibility only, ID string not emitted in object file */
-// # 457 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
+// # 457 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /*
  * __alloc_size can be used to label function arguments that represent the
  * size of memory that the function allocates and returns. The one-argument
@@ -711,7 +711,7 @@ typedef unsigned __int128 uint128_t;
  *
  * void	*calloc(size_t __count, size_t __size) __alloc_size(1,2);
  */
-// # 478 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
+// # 478 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /*
  * COMPILATION ENVIRONMENTS -- see compat(5) for additional detail
  *
@@ -750,7 +750,7 @@ typedef unsigned __int128 uint128_t;
  */
 
 /* These settings are particular to each product. */
-// # 526 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
+// # 526 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /*
  * The __DARWIN_ALIAS macros are used to do symbol renaming; they allow
  * legacy code to use the old symbol, thus maintaining binary compatibility
@@ -769,15 +769,15 @@ typedef unsigned __int128 uint128_t;
  * pre-10.5, and it is the default compilation environment, revert the
  * compilation environment to pre-__DARWIN_UNIX03.
  */
-// # 560 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
+// # 560 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /*
  * symbol suffixes used for symbol versioning
  */
-// # 605 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
+// # 605 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /*
  * symbol versioning macros
  */
-// # 623 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
+// # 623 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /*
  * symbol release macros
  */
@@ -817,7 +817,7 @@ typedef unsigned __int128 uint128_t;
 
 
 /* Deal with various X/Open Portability Guides and Single UNIX Spec. */
-// # 675 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
+// # 675 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /*
  * Deal with all versions of POSIX.  The ordering relative to the tests above is
  * important.
@@ -835,7 +835,7 @@ typedef unsigned __int128 uint128_t;
  * _POSIX_C_SOURCE value.  Currently there are two additional levels corresponding
  * to ANSI (_ANSI_SOURCE) and Darwin extensions (_DARWIN_C_SOURCE)
  */
-// # 703 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
+// # 703 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /* If the developer has neither requested a strict language mode nor a version
  * of POSIX, turn on functionality provided by __STDC_WANT_LIB_EXT1__ as part
  * of __DARWIN_C_FULL.
@@ -950,17 +950,17 @@ typedef unsigned __int128 uint128_t;
 
 
 /* decay operates normally; attribute is meaningless without pointer checks. */
-// # 831 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
+// # 831 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /*
  * Architecture validation for current SDK
  */
-// # 843 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
+// # 843 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /*
  * Check if __probable and __improbable have already been defined elsewhere.
  * These macros inform the compiler (and humans) about which branches are likely
  * to be taken.
  */
-// # 875 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/sys/cdefs.h" 3 4
+// # 875 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /*
  * Similar to OS_ENUM/OS_CLOSED_ENUM/OS_OPTIONS/OS_CLOSED_OPTIONS
  *
@@ -980,18 +980,18 @@ typedef unsigned __int128 uint128_t;
 void __assert_rtn(const char *, const char *, int, const char *)   ;
 // # 92 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/assert.h" 3 4
 /* 8462256: modified __assert_rtn() replaces deprecated __eprintf() */
-// # 116 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/FreeRTOSConfig.h" 2
+// # 116 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/FreeRTOSConfig.h" 2
 /* Define to trap errors during development. */
 
 
 /* Set the following definitions to 1 to include the API function, or zero
 to exclude the API function. */
-// # 138 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../proof_setup/FreeRTOSConfig.h"
+// # 138 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/FreeRTOSConfig.h"
 /* A header file that defines trace macro can be included here. */
-// # 58 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 2
+// # 58 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 2
 
 /* Basic FreeRTOS definitions. */
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/projdefs.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/projdefs.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
@@ -1030,27 +1030,27 @@ typedef void (* TaskFunction_t)( void * );
 /* Converts a time in milliseconds to a time in ticks.  This macro can be
  * overridden by a macro of the same name defined in FreeRTOSConfig.h in case the
  * definition here is not suitable for your application. */
-// # 51 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/projdefs.h"
+// # 51 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/projdefs.h"
 /* FreeRTOS error definitions. */
 
 
 
 
 /* Macros used for basic data corruption checks. */
-// # 67 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/projdefs.h"
+// # 67 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/projdefs.h"
 /* The following errno values are used by FreeRTOS+ components, not FreeRTOS
  * itself. */
-// # 110 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/projdefs.h"
+// # 110 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/projdefs.h"
 /* The following endian values are used by FreeRTOS+ components, not FreeRTOS
  * itself. */
 
 
 
 /* Re-defining endian values for generic naming. */
-// # 61 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 2
+// # 61 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 2
 
 /* Definitions specific to the port being used. */
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
@@ -1094,7 +1094,7 @@ typedef void (* TaskFunction_t)( void * );
  * to make it clear that new projects should not use it, support for the port
  * specific constants has been moved into the deprecated_definitions.h header
  * file. */
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/deprecated_definitions.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/deprecated_definitions.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
@@ -1133,14 +1133,14 @@ typedef void (* TaskFunction_t)( void * );
  * portmacro.h file to be located anywhere in relation to the port being used.  The
  * definitions below remain in the code for backward compatibility only.  New
  * projects should not use them. */
-// # 45 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h" 2
+// # 45 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h" 2
 
 /* If portENTER_CRITICAL is not defined then including deprecated_definitions.h
  * did not result in a portmacro.h header file being included - and it should be
  * included here.  In this case the path to the correct portmacro.h header file
  * must be set in the compiler's include path. */
 
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
@@ -1169,8 +1169,8 @@ typedef void (* TaskFunction_t)( void * );
  * https://github.com/FreeRTOS
  *
  */
-// # 37 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/common/pico_base/include/pico.h" 1
+// # 37 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico.h" 1
 /*
  * Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
  *
@@ -1192,7 +1192,7 @@ typedef void (* TaskFunction_t)( void * );
 
 
 
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/common/pico_base/include/pico/types.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico/types.h" 1
 /*
  * Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
  *
@@ -1204,7 +1204,7 @@ typedef void (* TaskFunction_t)( void * );
 
 
 
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/common/pico_base/include/pico/assert.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico/assert.h" 1
 /*
  * Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
  *
@@ -1215,7 +1215,7 @@ typedef void (* TaskFunction_t)( void * );
 
 
 // # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdbool.h" 1
-// # 11 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/common/pico_base/include/pico/assert.h" 2
+// # 11 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico/assert.h" 2
 
 
 
@@ -1278,21 +1278,21 @@ typedef void (* TaskFunction_t)( void * );
 void __assert_rtn(const char *, const char *, int, const char *)   ;
 // # 92 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/assert.h" 3 4
 /* 8462256: modified __assert_rtn() replaces deprecated __eprintf() */
-// # 19 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/common/pico_base/include/pico/assert.h" 2
+// # 19 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico/assert.h" 2
 
 
 // PICO_CONFIG: PARAM_ASSERTIONS_ENABLE_ALL, Global assert enable, type=bool, default=0, group=pico_base
 // PICO_CONFIG: PARAM_ASSERTIONS_DISABLE_ALL, Global assert disable, type=bool, default=0, group=pico_base
-// # 35 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/common/pico_base/include/pico/assert.h"
+// # 35 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico/assert.h"
     /* Reason for rewrite: 
      * Verifast cannot parse statements non-empty block statements wrapped in parentheses,
      * i.e., it can parse `{stmt;}` but not `( {stmt;} )`.
      */
-// # 13 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/common/pico_base/include/pico/types.h" 2
+// # 13 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico/types.h" 2
 
 
 // # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdbool.h" 1
-// # 16 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/common/pico_base/include/pico/types.h" 2
+// # 16 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico/types.h" 2
 
 
 typedef unsigned int uint;
@@ -1367,8 +1367,8 @@ typedef struct {
     int8_t min; ///< 0..59
     int8_t sec; ///< 0..59
 } datetime_t;
-// # 23 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/common/pico_base/include/pico.h" 2
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base/pico/version.h" 1
+// # 23 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico.h" 2
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base/pico/version.h" 1
 /*
  * Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
  *
@@ -1378,13 +1378,13 @@ typedef struct {
 // ---------------------------------------
 // THIS FILE IS AUTOGENERATED; DO NOT EDIT
 // ---------------------------------------
-// # 24 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/common/pico_base/include/pico.h" 2
+// # 24 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico.h" 2
 
 // PICO_CONFIG: PICO_CONFIG_HEADER, unquoted path to header include in place of the default pico/config.h which may be desirable for build systems which can't easily generate the config_autogen header, group=pico_base
 
 
 
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/common/pico_base/include/pico/config.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico/config.h" 1
 /*
  * Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
  *
@@ -1403,7 +1403,7 @@ typedef struct {
 // PICO_CONFIG_HEADER_FILES and then PICO_SDK__CONFIG_INCLUDE_FILES
 // entries are dumped in order at build time into this generated header
 
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base/pico/config_autogen.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base/pico/config_autogen.h" 1
 // AUTOGENERATED FROM PICO_CONFIG_HEADER_FILES and then PICO__CONFIG_HEADER_FILES
 // DO NOT EDIT!
 
@@ -1444,7 +1444,7 @@ typedef struct {
 
 
 
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/rp2040_config.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/rp2040_config.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
@@ -1472,11 +1472,11 @@ typedef struct {
  * https://www.FreeRTOS.org
  * https://github.com/FreeRTOS
  */
-// # 36 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/rp2040_config.h"
+// # 36 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/rp2040_config.h"
 /* configUSE_DYNAMIC_EXCEPTION_HANDLERS == 1 means set the exception handlers dynamically on cores
  * that need them in case the user has set up distinct vector table offsets per core
  */
-// # 47 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/rp2040_config.h"
+// # 47 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/rp2040_config.h"
 /* configSUPPORT_PICO_SYNC_INTEROP == 1 means that SDK pico_sync
  * sem/mutex/queue etc. will work correctly when called from FreeRTOS tasks
  */
@@ -1490,7 +1490,7 @@ typedef struct {
  * sleep_ms/sleep_us/sleep_until will work correctly when called from FreeRTOS
  * tasks, and will actually block at the FreeRTOS level
  */
-// # 74 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/rp2040_config.h"
+// # 74 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/rp2040_config.h"
 /* This SMP port requires two spin locks, which are claimed from the SDK.
  * the spin lock numbers to be used are defined statically and defaulted here
  * to the values nominally set aside for RTOS by the SDK */
@@ -1527,7 +1527,7 @@ typedef struct {
 
 
         extern void xPortSyncInternalYieldUntilBefore(absolute_time_t t);
-// # 8 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base/pico/config_autogen.h" 2
+// # 8 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base/pico/config_autogen.h" 2
 // # 1 "/Users/reitobia/programs/pico-sdk/src/boards/include/boards/pico.h" 1
 /*
  * Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
@@ -1563,7 +1563,7 @@ typedef struct {
 // --- FLASH ---
 // # 77 "/Users/reitobia/programs/pico-sdk/src/boards/include/boards/pico.h"
 // Drive high to force power supply into PWM mode (lower ripple on 3V3 at light loads)
-// # 9 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base/pico/config_autogen.h" 2
+// # 9 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base/pico/config_autogen.h" 2
 
 // based on PICO_RP2040_CONFIG_HEADER_FILES:
 
@@ -1573,13 +1573,13 @@ typedef struct {
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
-// # 12 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base/pico/config_autogen.h" 2
-// # 20 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/common/pico_base/include/pico/config.h" 2
+// # 12 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base/pico/config_autogen.h" 2
+// # 20 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico/config.h" 2
 
 // PICO_CONFIG: PICO_CONFIG_RTOS_ADAPTER_HEADER, unquoted path to header include in the default pico/config.h for RTOS integration defines that must be included in all sources, group=pico_base
-// # 30 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/common/pico_base/include/pico.h" 2
+// # 30 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico.h" 2
 
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h" 1
 /*
  * Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
  *
@@ -1598,7 +1598,7 @@ typedef struct {
  * This header may be included by assembly code
  */
 
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2040/hardware_regs/include/hardware/platform_defs.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2040/hardware_regs/include/hardware/platform_defs.h" 1
 /*
  * Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
  *
@@ -1609,10 +1609,10 @@ typedef struct {
 
 
 // This header is included from C and assembler - intended mostly for #defines; guard other stuff with #ifdef __ASSEMBLER__
-// # 40 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2040/hardware_regs/include/hardware/platform_defs.h"
+// # 40 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2040/hardware_regs/include/hardware/platform_defs.h"
 // PICO_CONFIG: XOSC_MHZ, The crystal oscillator frequency in Mhz, type=int, default=12, advanced=true, group=hardware_base
-// # 20 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h" 2
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2040/hardware_regs/include/hardware/regs/addressmap.h" 1
+// # 20 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h" 2
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2040/hardware_regs/include/hardware/regs/addressmap.h" 1
 /**
  * Copyright (c) 2021 Raspberry Pi (Trading) Ltd.
  *
@@ -1624,8 +1624,8 @@ typedef struct {
 
 
 // Register address offsets for atomic RMW aliases
-// # 21 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h" 2
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2040/hardware_regs/include/hardware/regs/sio.h" 1
+// # 21 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h" 2
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2040/hardware_regs/include/hardware/regs/sio.h" 1
 /**
  * Copyright (c) 2022 Raspberry Pi (Trading) Ltd.
  *
@@ -3281,7 +3281,7 @@ typedef struct {
 
 
 // =============================================================================
-// # 22 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h" 2
+// # 22 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h" 2
 
 // Marker for builds targeting the RP2040
 
@@ -3328,7 +3328,7 @@ typedef struct {
 
 
 // --- remainder of file is not included by assembly code ---
-// # 78 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h"
+// # 78 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h"
 /*! \brief Marker for an interrupt handler
  *  \ingroup pico_platform
  * For example an IRQ handler function called my_interrupt_handler:
@@ -3487,7 +3487,7 @@ typedef struct {
      *
      * VF-TODO: What causes the parse error?
      */
-// # 253 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h"
+// # 253 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h"
 /*! \brief Macro to determine the number of elements in an array
  *  \ingroup pico_platform
  */
@@ -3682,7 +3682,7 @@ static uint8_t rp2040_rom_version(void) {
  * \return the exception number if the CPU is handling an exception, or 0 otherwise
  */
 uint __get_current_exception(void);
-// # 455 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h"
+// # 455 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h"
 /*! \brief Helper method to busy-wait for at least the given number of cycles
  *  \ingroup pico_platform
  *
@@ -3700,7 +3700,7 @@ uint __get_current_exception(void);
 
     /* Reason for rewrite: VeriFast cannot parse function body. */
     static void busy_wait_at_least_cycles(uint32_t minimum_cycles);
-// # 483 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h"
+// # 483 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h"
 /*! \brief Get the current core number
  *  \ingroup pico_platform
  *
@@ -3715,8 +3715,8 @@ uint __get_current_exception(void);
 {
     return (*(uint32_t *) (0xd0000000u + 0x00000000u));
 }
-// # 32 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/common/pico_base/include/pico.h" 2
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/common/pico_base/include/pico/error.h" 1
+// # 32 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico.h" 2
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico/error.h" 1
 /*
  * Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
  *
@@ -3747,9 +3747,9 @@ uint __get_current_exception(void);
         PICO_ERROR_INVALID_ARG = -5,
         PICO_ERROR_IO = -6
     };
-// # 33 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/common/pico_base/include/pico.h" 2
-// # 38 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 2
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2_common/hardware_sync/include/hardware/sync.h" 1
+// # 33 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico.h" 2
+// # 38 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 2
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2_common/hardware_sync/include/hardware/sync.h" 1
 /*
  * Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
  *
@@ -3760,7 +3760,7 @@ uint __get_current_exception(void);
 
 
 
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2_common/hardware_base/include/hardware/address_mapped.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2_common/hardware_base/include/hardware/address_mapped.h" 1
 /*
  * Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
  *
@@ -3810,7 +3810,7 @@ uint __get_current_exception(void);
  *  For example `hw_set_alias(dma_hw)->inte1 = 0x80;` will set bit 7 of the INTE1 register of the DMA controller,
  *  leaving the other bits unchanged.
  */
-// # 58 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2_common/hardware_base/include/hardware/address_mapped.h"
+// # 58 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2_common/hardware_base/include/hardware/address_mapped.h"
 // PICO_CONFIG: PARAM_ASSERTIONS_ENABLED_ADDRESS_ALIAS, Enable/disable assertions in memory address aliasing macros, type=bool, default=0, group=hardware_base
 
 
@@ -3913,7 +3913,7 @@ static uint32_t xip_alias_check_addr(const void *addr) {
                static void hw_write_masked(io_rw_32 *addr, uint32_t values, uint32_t write_mask) {
     hw_xor_bits(addr, (*addr ^ values) & write_mask);
 }
-// # 12 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2_common/hardware_sync/include/hardware/sync.h" 2
+// # 12 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2_common/hardware_sync/include/hardware/sync.h" 2
 
 
 
@@ -4138,7 +4138,7 @@ typedef volatile uint32_t spin_lock_t;
 
     /* Reason for rewrite: VeriFast cannot handle inline assembler. */
                    static uint32_t save_and_disable_interrupts(void);
-// # 246 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../sdks/pico-sdk/src/rp2_common/hardware_sync/include/hardware/sync.h"
+// # 246 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2_common/hardware_sync/include/hardware/sync.h"
 /*! \brief Restore interrupts to a specified state
  *  \ingroup hardware_sync
  *
@@ -4330,7 +4330,7 @@ int spin_lock_claim_unused(bool required);
  * \see spin_lock_claim_mask
  */
 bool spin_lock_is_claimed(uint lock_num);
-// # 39 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 2
+// # 39 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 2
 
 /*-----------------------------------------------------------
  * Port specific definitions.
@@ -4343,7 +4343,7 @@ bool spin_lock_is_claimed(uint lock_num);
  */
 
 /* Type definitions. */
-// # 59 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
+// # 59 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
     typedef uint32_t StackType_t;
     typedef int32_t BaseType_t;
     typedef uint32_t UBaseType_t;
@@ -4410,9 +4410,9 @@ bool spin_lock_is_claimed(uint lock_num);
 
 
     /* Check validity of number of cores specified in config */
-// # 133 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
+// # 133 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
     /* FreeRTOS core id is always zero based, so always 0 if we're running on only one core */
-// # 145 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
+// # 145 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
     void vYieldCore(int xCoreID);
 
 
@@ -4420,9 +4420,7 @@ bool spin_lock_is_claimed(uint lock_num);
 /*-----------------------------------------------------------*/
 
 /* Critical section management. */
-// # 161 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
-    //#define portDISABLE_INTERRUPTS() lol abc 132123
-
+// # 162 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
     extern void vPortEnableInterrupts();
 
 
@@ -4437,12 +4435,38 @@ bool spin_lock_is_claimed(uint lock_num);
      * static vars, the method is always called with a compile time constant for
      * uxAcquire, and the compiler should dothe right thing! */
     static void vPortRecursiveLock(uint32_t ulLockNum, spin_lock_t *pxSpinLock, BaseType_t uxAcquire) {
-
-            /* Reason for rewrite: 
-             * VeriFast does not support static, local variables.
-             */
-            (__builtin_expect(!(false), 0) ? __assert_rtn ((const char *)-1L, "portmacro.h", 181, "false") : (void)0);
-// # 216 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
+        static uint8_t ucOwnedByCore[ 2 ];
+        static uint8_t ucRecursionCountByLock[ 2 ];
+        (__builtin_expect(!(ulLockNum >= 0 && ulLockNum < 2), 0) ? __assert_rtn ((const char *)-1L, "portmacro.h", 178, "ulLockNum >= 0 && ulLockNum < 2") : (void)0);
+        uint32_t ulCoreNum = get_core_num();
+        uint32_t ulLockBit = 1u << ulLockNum;
+        (__builtin_expect(!(ulLockBit < 256u), 0) ? __assert_rtn ((const char *)-1L, "portmacro.h", 181, "ulLockBit < 256u") : (void)0);
+        if( uxAcquire )
+        {
+            if( __builtin_expect( !*pxSpinLock, 0 ) )
+            {
+                if( ucOwnedByCore[ulCoreNum] & ulLockBit )
+                {
+                    (__builtin_expect(!(ucRecursionCountByLock[ulLockNum] != 255u), 0) ? __assert_rtn ((const char *)-1L, "portmacro.h", 188, "ucRecursionCountByLock[ulLockNum] != 255u") : (void)0);
+                    ucRecursionCountByLock[ulLockNum]++;
+                    return;
+                }
+                while ( __builtin_expect( !*pxSpinLock, 0 ) );
+            }
+            __mem_fence_acquire();
+            (__builtin_expect(!(ucRecursionCountByLock[ulLockNum] == 0), 0) ? __assert_rtn ((const char *)-1L, "portmacro.h", 195, "ucRecursionCountByLock[ulLockNum] == 0") : (void)0);
+            ucRecursionCountByLock[ulLockNum] = 1;
+            ucOwnedByCore[ulCoreNum] |= ulLockBit;
+        } else {
+            (__builtin_expect(!((ucOwnedByCore[ulCoreNum] & ulLockBit) != 0), 0) ? __assert_rtn ((const char *)-1L, "portmacro.h", 199, "(ucOwnedByCore[ulCoreNum] & ulLockBit) != 0") : (void)0);
+            (__builtin_expect(!(ucRecursionCountByLock[ulLockNum] != 0), 0) ? __assert_rtn ((const char *)-1L, "portmacro.h", 200, "ucRecursionCountByLock[ulLockNum] != 0") : (void)0);
+            if( !--ucRecursionCountByLock[ulLockNum] )
+            {
+                ucOwnedByCore[ulCoreNum] &= ~ulLockBit;
+                __mem_fence_release();
+                *pxSpinLock = 1;
+            }
+        }
     }
 
 
@@ -4460,15 +4484,15 @@ bool spin_lock_is_claimed(uint lock_num);
 /*-----------------------------------------------------------*/
 
 /* Task function macros as described on the FreeRTOS.org WEB site. */
-// # 52 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h" 2
-// # 94 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h"
+// # 52 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h" 2
+// # 94 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h"
 /* *INDENT-OFF* */
 
 
 
 /* *INDENT-ON* */
 
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/mpu_wrappers.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/mpu_wrappers.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
@@ -4500,7 +4524,7 @@ bool spin_lock_is_claimed(uint lock_num);
 
 /* This file redefines API functions to be called through a wrapper macro, but
  * only for ports that are using the MPU. */
-// # 101 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h" 2
+// # 101 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h" 2
 
 /*
  * Setup the stack of a new task so it is ready to be placed under the
@@ -4508,7 +4532,7 @@ bool spin_lock_is_claimed(uint lock_num);
  * the order that the port expects to find them.
  *
  */
-// # 128 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h"
+// # 128 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h"
         StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
                                              TaskFunction_t pxCode,
                                              void * pvParameters ) ;
@@ -4562,7 +4586,7 @@ void vPortFree( void * pv ) ;
 void vPortInitialiseBlocks( void ) ;
 size_t xPortGetFreeHeapSize( void ) ;
 size_t xPortGetMinimumEverFreeHeapSize( void ) ;
-// # 190 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h"
+// # 190 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h"
 /*
  * Setup the hardware ready for the scheduler to take control.  This generally
  * sets up a tick interrupt and sets timers for the correct tick frequency.
@@ -4583,13 +4607,13 @@ void vPortEndScheduler( void ) ;
  * Fills the xMPUSettings structure with the memory region information
  * contained in xRegions.
  */
-// # 218 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h"
+// # 218 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h"
 /* *INDENT-OFF* */
 
 
 
 /* *INDENT-ON* */
-// # 64 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 2
+// # 64 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 2
 
 /* Must be defaulted before configUSE_NEWLIB_REENTRANT is used below. */
 
@@ -4606,21 +4630,21 @@ void vPortEndScheduler( void ) ;
  * These macros are application specific and (as downloaded) are defined
  * within FreeRTOSConfig.h.
  */
-// # 140 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
+// # 140 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
         /* If INCLUDE_vTaskDelayUntil is set but INCLUDE_xTaskDelayUntil is not then
          * the project's FreeRTOSConfig.h probably pre-dates the introduction of
          * xTaskDelayUntil and setting INCLUDE_xTaskDelayUntil to whatever
          * INCLUDE_vTaskDelayUntil is set to will ensure backward compatibility.
          */
-// # 274 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
+// # 274 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
 /* configPRECONDITION should be defined as configASSERT.
  * The CBMC proofs need a way to track assumptions and assertions.
  * A configPRECONDITION statement should express an implicit invariant or
  * assumption made.  A configASSERT statement should express an invariant that must
  * hold explicit before calling the code. */
-// # 303 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
+// # 303 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
 /* The timers module relies on xTaskGetSchedulerState(). */
-// # 358 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
+// # 358 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
 /* Remove any unused trace macros. */
 
 
@@ -4710,13 +4734,13 @@ void vPortEndScheduler( void ) ;
  * queue/mutex/semaphore.  pxQueue is a pointer to the queue/mutex/semaphore
  * upon which the write was attempted.  pxCurrentTCB points to the TCB of the
  * task that attempted the write. */
-// # 462 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
+// # 462 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
 /* The following event macros are embedded in the kernel API calls. */
-// # 917 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
+// # 917 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
     /* Defaults to 0 for backward compatibility. */
-// # 936 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
+// # 936 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
 /* Sanity check the configuration. */
-// # 978 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
+// # 978 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
 /* The tick type can be read atomically, so critical sections used when the
  * tick count is returned can be defined away. */
 
@@ -4757,7 +4781,7 @@ void vPortEndScheduler( void ) ;
 
 /* The application writer has not provided their own MIN macro, so define
  * the following generic implementation. */
-// # 1059 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
+// # 1059 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
 /* Set configUSE_TASK_FPU_SUPPORT to 0 to omit floating point support even
  * if floating point hardware is otherwise supported by the FreeRTOS port in use.
  * This constant is not supported by all FreeRTOS ports that include floating
@@ -4931,7 +4955,7 @@ typedef struct xSTATIC_TCB
 
 
         void * pvDummy15[ 5 ];
-// # 1240 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
+// # 1240 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
         uint32_t ulDummy18[ 1 ];
         uint8_t ucDummy19[ 1 ];
 
@@ -5077,8 +5101,8 @@ typedef StaticStreamBuffer_t StaticMessageBuffer_t;
 
 
 /* *INDENT-ON* */
-// # 43 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c" 2
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h" 1
+// # 43 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
@@ -5104,8 +5128,8 @@ typedef StaticStreamBuffer_t StaticMessageBuffer_t;
  * https://github.com/FreeRTOS
  *
  */
-// # 35 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h"
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/list.h" 1
+// # 35 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h"
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/list.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
@@ -5159,7 +5183,7 @@ typedef StaticStreamBuffer_t StaticMessageBuffer_t;
  * \page ListIntroduction List Implementation
  * \ingroup FreeRTOSIntro
  */
-// # 63 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/list.h"
+// # 63 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/list.h"
 /*
  * The list structure members are modified from within interrupts, and therefore
  * by rights should be declared volatile.  However, they are only modified in a
@@ -5205,7 +5229,7 @@ typedef StaticStreamBuffer_t StaticMessageBuffer_t;
  * use of FreeRTOS.*/
 
     /* Define the macros to do nothing. */
-// # 138 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/list.h"
+// # 138 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/list.h"
 /*
  * Definition of the only type of object that a list can contain.
  */
@@ -5347,7 +5371,7 @@ typedef struct xLIST
  * \page listGET_OWNER_OF_NEXT_ENTRY listGET_OWNER_OF_NEXT_ENTRY
  * \ingroup LinkedList
  */
-// # 293 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/list.h"
+// # 293 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/list.h"
 /*
  * Access function to obtain the owner of the first entry in a list.  Lists
  * are normally sorted in ascending item value order.
@@ -5471,7 +5495,7 @@ UBaseType_t uxListRemove( ListItem_t * const pxItemToRemove ) ;
 
 
 /* *INDENT-ON* */
-// # 36 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h" 2
+// # 36 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h" 2
 
 /* *INDENT-OFF* */
 
@@ -5927,7 +5951,7 @@ typedef enum
  * \defgroup xTaskCreateStatic xTaskCreateStatic
  * \ingroup Tasks
  */
-// # 501 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h"
+// # 501 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h"
 /**
  * task. h
  * 
@@ -6672,7 +6696,7 @@ void vTaskResume( TaskHandle_t xTaskToResume ) ;
  * \ingroup TaskCtrl
  */
 BaseType_t xTaskResumeFromISR( TaskHandle_t xTaskToResume ) ;
-// # 1333 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h"
+// # 1333 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h"
 /**
  * @brief Disables preemption for a task.
  *
@@ -7071,7 +7095,7 @@ uint32_t uxTaskGetStackHighWaterMark2( TaskHandle_t xTask ) ;
  * fixed by simply guarding against the inclusion of these two prototypes unless
  * they are explicitly required by the configUSE_APPLICATION_TASK_TAG configuration
  * constant. */
-// # 1774 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h"
+// # 1774 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h"
 /* Each task contains an array of pointers that is dimensioned by the
  * configNUM_THREAD_LOCAL_STORAGE_POINTERS setting in FreeRTOSConfig.h.  The
  * kernel does not use the pointers itself, so the application writer can use
@@ -7111,7 +7135,7 @@ uint32_t uxTaskGetStackHighWaterMark2( TaskHandle_t xTask ) ;
      * This hook function is called in the system tick handler after any OS work is completed.
      */
     void vApplicationTickHook( void ); /*lint !e526 Symbol not defined as it is an application callback. */
-// # 1833 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h"
+// # 1833 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h"
 /**
  * task.h
  * 
@@ -8527,8 +8551,8 @@ void vTaskYieldWithinAPI( void );
 
 
 /* *INDENT-ON* */
-// # 44 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c" 2
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h" 1
+// # 44 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
@@ -8554,7 +8578,7 @@ void vTaskYieldWithinAPI( void );
  * https://github.com/FreeRTOS
  *
  */
-// # 35 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h"
+// # 35 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h"
 /*lint -save -e537 This headers are only multiply included if the application code
  * happens to also be including task.h. */
 
@@ -8575,7 +8599,7 @@ void vTaskYieldWithinAPI( void );
  * as defined below.  The commands that are sent from interrupts must use the
  * highest numbers as tmrFIRST_FROM_ISR_COMMAND is used to determine if the task
  * or interrupt version of the queue send function should be used. */
-// # 71 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h"
+// # 71 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h"
 /**
  * Type by which software timers are referenced.  For example, a call to
  * xTimerCreate() returns an TimerHandle_t variable that can then be used to
@@ -8864,7 +8888,7 @@ typedef void (* PendedFunction_t)( void *,
  * }
  * @endverbatim
  */
-// # 368 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h"
+// # 368 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h"
 /**
  * void *pvTimerGetTimerID( TimerHandle_t xTimer );
  *
@@ -9840,14 +9864,14 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
     void vTimerSetTimerNumber( TimerHandle_t xTimer,
                                UBaseType_t uxTimerNumber ) ;
     UBaseType_t uxTimerGetTimerNumber( TimerHandle_t xTimer ) ;
-// # 1364 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h"
+// # 1364 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h"
 /* *INDENT-OFF* */
 
 
 
 /* *INDENT-ON* */
-// # 45 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c" 2
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h" 1
+// # 45 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h" 1
 /*
  * FreeRTOS Kernel V10.4.3
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
@@ -9897,17 +9921,17 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
  * portSTACK_LIMIT_PADDING is a number of extra words to consider to be in
  * use on the stack.
  */
-// # 67 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h"
+// # 67 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h"
 /*-----------------------------------------------------------*/
-// # 83 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h"
+// # 83 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h"
 /*-----------------------------------------------------------*/
-// # 102 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h"
+// # 102 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h"
 /*-----------------------------------------------------------*/
-// # 126 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h"
+// # 126 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h"
 /*-----------------------------------------------------------*/
 
 /* Remove stack overflow macro if not being used. */
-// # 46 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c" 2
+// # 46 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
 /* Lint e9021, e961 and e750 are suppressed as a MISRA exception justified
  * because the MPU ports require MPU_WRAPPERS_INCLUDED_FROM_API_FILE to be defined
@@ -9917,7 +9941,7 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
 
 /* Set configUSE_STATS_FORMATTING_FUNCTIONS to 2 to include the stats formatting
  * functions but without including stdio.h here. */
-// # 73 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 73 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /* Values that can be assigned to the ucNotifyState member of the TCB. */
 
 
@@ -9974,18 +9998,18 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
 
 /* uxTopReadyPriority holds the priority of the highest priority ready
  * state task. */
-// # 137 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 137 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /*-----------------------------------------------------------*/
 
 /* Define away taskRESET_READY_PRIORITY() and portRESET_READY_PRIORITY() as
  * they are only required when a port optimised method of task selection is
  * being used. */
-// # 171 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 171 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 /* pxDelayedTaskList and pxOverflowDelayedTaskList are switched when the tick
  * count overflows. */
-// # 189 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 189 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 /*
@@ -10040,7 +10064,7 @@ typedef BaseType_t TaskRunning_t;
 typedef struct tskTaskControlBlock /* The old naming convention is used to prevent breaking kernel aware debuggers. */
 {
     volatile StackType_t * pxTopOfStack; /*< Points to the location of the last item placed on the tasks stack.  THIS MUST BE THE FIRST MEMBER OF THE TCB STRUCT. */
-// # 252 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 252 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     ListItem_t xStateListItem; /*< The list that the state list item of a task is reference from denotes the state of that task (Ready, Blocked, Suspended ). */
     ListItem_t xEventListItem; /*< Used to reference a task from an event list. */
     UBaseType_t uxPriority; /*< The priority of the task.  0 is the lowest priority. */
@@ -10048,7 +10072,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve
     volatile TaskRunning_t xTaskRunState; /*< Used to identify the core the task is running on, if any. */
     BaseType_t xIsIdle; /*< Used to identify the idle tasks. */
     char pcTaskName[ 16 ]; /*< Descriptive name given to the task when created.  Facilitates debugging only. */ /*lint !e971 Unqualified char types are allowed for strings and single characters only. */
-// # 269 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 269 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         UBaseType_t uxCriticalNesting; /*< Holds the critical section nesting depth for ports that do not maintain their own count in the port layer. */
 
 
@@ -10068,7 +10092,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve
 
 
         void * pvThreadLocalStoragePointers[ 5 ];
-// # 309 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 309 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         volatile uint32_t ulNotifiedValue[ 1 ];
         volatile uint8_t ucNotifyState[ 1 ];
 
@@ -10159,7 +10183,7 @@ const volatile UBaseType_t uxTopUsedPriority = 32 - 1U;
  * must not be done by an ISR. Reads must be protected by either lock and may be done by
  * either an ISR or a task. */
                 static volatile UBaseType_t uxSchedulerSuspended = ( UBaseType_t ) ( ( BaseType_t ) 0 );
-// # 409 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 409 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*lint -restore */
 
 /*-----------------------------------------------------------*/
@@ -10312,7 +10336,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
  * will exit the Blocked state.
  */
 static void prvResetNextTaskUnblockTime( void ) ;
-// # 573 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 573 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * Called after a Task_t structure has been allocated either statically or
  * dynamically to fill in the structure's members.
@@ -10344,9 +10368,9 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) ;
 
 
 /*-----------------------------------------------------------*/
-// # 623 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 623 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 706 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 706 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvYieldCore( BaseType_t xCoreID )
@@ -10389,7 +10413,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
     /* THIS FUNCTION MUST BE CALLED FROM A CRITICAL SECTION */
 
     (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 747, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
-// # 760 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 760 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     xLowestPriority = ( BaseType_t ) pxTCB->uxPriority;
 
     if( xPreemptEqualPriority == ( ( BaseType_t ) 0 ) )
@@ -10428,7 +10452,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
             {
                                         ;
             }
-// # 814 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 814 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
         else
         {
@@ -10441,7 +10465,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
         prvYieldCore( xLowestPriorityCore );
         xYieldCount++;
     }
-// # 834 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 834 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 /*-----------------------------------------------------------*/
 
@@ -10452,10 +10476,10 @@ static void prvYieldForTask( TCB_t * pxTCB,
         UBaseType_t uxCurrentPriority = uxTopReadyPriority;
         BaseType_t xTaskScheduled = ( ( BaseType_t ) 0 );
         BaseType_t xDecrementTopPriority = ( ( BaseType_t ) 1 );
-// # 852 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 852 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         while( xTaskScheduled == ( ( BaseType_t ) 0 ) )
         {
-// # 866 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 866 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             if( ( ( ( &( pxReadyTasksLists[ uxCurrentPriority ] ) )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) == ( ( BaseType_t ) 0 ) )
             {
                 List_t * const pxReadyList = &( pxReadyTasksLists[ uxCurrentPriority ] );
@@ -10485,7 +10509,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     pxTCB = pxTaskItem->pvOwner;
 
                     /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */
-// # 911 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 911 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     if( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -1 ) )
                     {
 
@@ -10555,16 +10579,16 @@ static void prvYieldForTask( TCB_t * pxTCB,
         }
 
         (__builtin_expect(!(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 979, "( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )") : (void)0);
-// # 1055 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 1055 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         return ( ( BaseType_t ) 1 );
     }
-// # 1071 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 1071 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1149 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 1149 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1212 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 1212 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1278 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 1278 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -10575,7 +10599,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                             void * const pvParameters,
                             UBaseType_t uxPriority,
                             TaskHandle_t * const pxCreatedTask )
-// # 1301 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 1301 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     {
         TCB_t * pxNewTCB;
         BaseType_t xReturn;
@@ -10583,7 +10607,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
         /* If the stack grows down then allocate the stack then the TCB so the stack
          * does not grow into the TCB.  Likewise if the stack grows up then allocate
          * the TCB then the stack. */
-// # 1331 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 1331 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 StackType_t * pxStack;
 
@@ -10616,9 +10640,9 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
         if( pxNewTCB != 0 )
         {
-// # 1371 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 1371 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvInitialiseNewTask( pxTaskCode, pcName, ( uint32_t ) usStackDepth, pvParameters, uxPriority, pxCreatedTask, pxNewTCB, 0 );
-// # 1380 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 1380 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvAddNewTaskToReadyList( pxNewTCB );
             xReturn = ( ( ( BaseType_t ) 1 ) );
         }
@@ -10644,7 +10668,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 {
     StackType_t * pxTopOfStack;
     UBaseType_t x;
-// # 1421 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 1421 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Avoid dependency on memset() if it is not required. */
 
         {
@@ -10664,9 +10688,9 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 
             /* Check the alignment of the calculated top of stack is correct. */
             (__builtin_expect(!(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1439, "( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )") : (void)0);
-// # 1448 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 1448 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
-// # 1462 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 1462 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Store the task name in the TCB. */
     if( pcName != 0 )
     {
@@ -10732,7 +10756,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         {
             pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U;
         }
-// # 1546 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 1546 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* Avoid compiler warning about unreferenced parameter. */
             ( void ) xRegions;
@@ -10750,21 +10774,21 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             memset( ( void * ) &( pxNewTCB->ulNotifiedValue[ 0 ] ), 0x00, sizeof( pxNewTCB->ulNotifiedValue ) );
             memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) );
         }
-// # 1575 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 1575 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             pxNewTCB->ucDelayAborted = ( ( BaseType_t ) 0 );
         }
-// # 1593 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 1593 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Initialize the TCB stack to look as if the task was already running,
      * but had been interrupted by the scheduler.  The return address is set
      * to the start of the task function. Once the stack has been initialised
      * the top of stack variable is updated. */
-// # 1621 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 1621 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* If the port has capability to detect stack overflow,
              * pass the stack end address to the stack initialization
              * function as well. */
-// # 1638 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 1638 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                 {
                     pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters );
                 }
@@ -11441,13 +11465,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
 /*-----------------------------------------------------------*/
-// # 2348 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 2348 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2371 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 2371 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2389 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 2389 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2417 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 2417 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -11800,7 +11824,7 @@ static BaseType_t prvCreateIdleTasks( void )
         {
                                     ;
         }
-// # 2816 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 2816 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 if( xCoreID == 0 )
                 {
@@ -11812,7 +11836,7 @@ static BaseType_t prvCreateIdleTasks( void )
                                            ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */
                                            &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */
                 }
-// # 2839 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 2839 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             }
 
     }
@@ -11849,7 +11873,7 @@ void vTaskStartScheduler( void )
          * so interrupts will automatically get re-enabled when the first task
          * starts to run. */
         ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;});
-// # 2889 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 2889 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL;
         xSchedulerRunning = ( ( BaseType_t ) 1 );
         xTickCount = ( TickType_t ) 0;
@@ -11946,7 +11970,7 @@ void vTaskSuspendAll( void )
     }
 }
 /*----------------------------------------------------------*/
-// # 3047 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 3047 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskResumeAll( void )
@@ -12305,7 +12329,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                          * each task in the Suspended state. */
                         uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended );
                     }
-// # 3419 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 3419 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         if( pulTotalRunTime != 0 )
                         {
@@ -12344,7 +12368,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
  * This is to ensure vTaskStepTick() is available when user defined low power mode
  * implementations require configUSE_TICKLESS_IDLE to be set to a value other than
  * 1. */
-// # 3470 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 3470 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
@@ -12654,13 +12678,13 @@ BaseType_t xTaskIncrementTick( void )
     return xSwitchRequired;
 }
 /*-----------------------------------------------------------*/
-// # 3808 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 3808 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3832 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 3832 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3857 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 3857 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3890 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 3890 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 void vTaskSwitchContext( BaseType_t xCoreID )
@@ -12690,7 +12714,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
         {
             xYieldPendings[ xCoreID ] = ( ( BaseType_t ) 0 );
                                     ;
-// # 3948 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 3948 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             /* Check for stack overflow, if configured. */
             { const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } };
 
@@ -12707,7 +12731,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
                                    ;
 
             /* After the new task is switched in, update the global errno. */
-// # 3982 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 3982 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
     }
     vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 0 ));
@@ -12820,7 +12844,7 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
     {
         ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) );
         ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ;
-// # 4108 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 4108 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
     else
     {
@@ -12860,7 +12884,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
     pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
     (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4145, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( pxEventListItem );
-// # 4162 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 4162 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Remove the task from the delayed list and add it to the ready list.  The
      * scheduler is suspended so interrupts will not be accessing the ready
      * lists. */
@@ -13018,7 +13042,7 @@ void vTaskMissedYield( void )
  *
  * @todo additional conditional compiles to remove this function.
  */
-// # 4379 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 4379 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * -----------------------------------------------------------
  * The Idle task.
@@ -13048,7 +13072,7 @@ static void prvIdleTask( void * pvParameters )
         /* See if any tasks have deleted themselves - if so then the idle task
          * is responsible for freeing the deleted task's TCB and stack. */
         prvCheckTasksWaitingTermination();
-// # 4420 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 4420 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 /* When using preemption tasks of equal priority will be
                  * timesliced.  If a task that is sharing the idle priority is ready
@@ -13069,16 +13093,16 @@ static void prvIdleTask( void * pvParameters )
                                             ;
                 }
             }
-// # 4456 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 4456 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         /* This conditional compilation should use inequality to 0, not equality
          * to 1.  This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when
          * user defined low power mode  implementations require
          * configUSE_TICKLESS_IDLE to be set to a value other than 1. */
-// # 4521 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 4521 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 }
 /*-----------------------------------------------------------*/
-// # 4571 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 4571 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13123,7 +13147,7 @@ static void prvIdleTask( void * pvParameters )
 
 
 /*-----------------------------------------------------------*/
-// # 4631 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 4631 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvInitialiseTaskLists( void )
@@ -13225,7 +13249,7 @@ static void prvCheckTasksWaitingTermination( void )
             {
                 pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority;
             }
-// # 4743 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 4743 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 pxTaskStatus->ulRunTimeCounter = 0;
             }
@@ -13346,7 +13370,7 @@ static void prvCheckTasksWaitingTermination( void )
 
 
 /*-----------------------------------------------------------*/
-// # 4902 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 4902 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13403,7 +13427,7 @@ static void prvCheckTasksWaitingTermination( void )
                 vPortFree( pxTCB->pxStack );
                 vPortFree( pxTCB );
             }
-// # 4985 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 4985 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 
 
@@ -13882,11 +13906,11 @@ void vTaskYieldWithinAPI( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5489 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 5489 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 5595 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 5595 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
-// # 5722 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 5722 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 TickType_t uxTaskResetEventItemValue( void )
@@ -14160,7 +14184,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
                 /* The task should not have been on an event list. */
                 (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5994, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
-// # 6013 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 6013 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         prvYieldForTask( pxTCB, ( ( BaseType_t ) 0 ) );
                     }
@@ -14454,7 +14478,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
 
 /*-----------------------------------------------------------*/
-// # 6322 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 6322 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
@@ -14530,7 +14554,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                 }
             }
         }
-// # 6434 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/custom_build_scripts_RP2040/../../../tasks.c"
+// # 6434 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 
 /* Code below here allows additional code to be inserted into this source file,

From 75fa197ac98ff3b53b1b6cb76927428623c027d3 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Sat, 22 Oct 2022 12:01:17 -0400
Subject: [PATCH 043/289] Fixed include paths to submodules in preprocessing
 script.

---
 .../preprocess_tasks_c.sh                     |   4 +-
 .../verifast/preprocessed_files/tasks--pp.c   | 300 ++++++++++--------
 2 files changed, 178 insertions(+), 126 deletions(-)

diff --git a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
index 3e25cf643ec..f4051cf5f98 100755
--- a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
+++ b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
@@ -46,8 +46,8 @@ clang -E -C  -DFREE_RTOS_KERNEL_SMP=1 -DLIB_FREERTOS_KERNEL=1 -DLIB_PICO_BIT_OPS
 -I"$VF_DIR/bin" \
 -I"$PROOF_SETUP_DIR" \
 -I"$SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore" \
--I"$SMP_DEMO_DIR/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include" \
--I"$SMP_DEMO_DIR/FreeRTOS/Source/include" \
+-I"$REPO_BASE_DIR/portable/ThirdParty/GCC/RP2040/include" \
+-I"$REPO_BASE_DIR/include" \
 -I"$PICO_SDK_DIR/src/common/pico_base/include" \
 -I"$SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base" \
 -I"$PICO_SDK_DIR/src/boards/include" \
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index d94bf411dff..c9015ae200f 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -224,9 +224,9 @@ char *strdup(char *string);
 
 
 /* FreeRTOS includes. */
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h" 1
 /*
- * FreeRTOS Kernel V10.4.3
+ * FreeRTOS SMP Kernel V202110.00
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy of
@@ -285,7 +285,7 @@ typedef unsigned __int16 uint16_t;
 typedef unsigned __int32 uint32_t;
 typedef unsigned __int64 uint64_t;
 typedef unsigned __int128 uint128_t;
-// # 49 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 2
+// # 49 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h" 2
 
 /* *INDENT-OFF* */
 
@@ -988,12 +988,12 @@ void __assert_rtn(const char *, const char *, int, const char *)   ;
 to exclude the API function. */
 // # 138 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/FreeRTOSConfig.h"
 /* A header file that defines trace macro can be included here. */
-// # 58 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 2
+// # 58 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h" 2
 
 /* Basic FreeRTOS definitions. */
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/projdefs.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/projdefs.h" 1
 /*
- * FreeRTOS Kernel V10.4.3
+ * FreeRTOS SMP Kernel V202110.00
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy of
@@ -1030,29 +1030,29 @@ typedef void (* TaskFunction_t)( void * );
 /* Converts a time in milliseconds to a time in ticks.  This macro can be
  * overridden by a macro of the same name defined in FreeRTOSConfig.h in case the
  * definition here is not suitable for your application. */
-// # 51 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/projdefs.h"
+// # 51 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/projdefs.h"
 /* FreeRTOS error definitions. */
 
 
 
 
 /* Macros used for basic data corruption checks. */
-// # 67 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/projdefs.h"
+// # 67 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/projdefs.h"
 /* The following errno values are used by FreeRTOS+ components, not FreeRTOS
  * itself. */
-// # 110 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/projdefs.h"
+// # 110 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/projdefs.h"
 /* The following endian values are used by FreeRTOS+ components, not FreeRTOS
  * itself. */
 
 
 
 /* Re-defining endian values for generic naming. */
-// # 61 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 2
+// # 61 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h" 2
 
 /* Definitions specific to the port being used. */
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/portable.h" 1
 /*
- * FreeRTOS Kernel V10.4.3
+ * FreeRTOS SMP Kernel V202110.00
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy of
@@ -1094,9 +1094,9 @@ typedef void (* TaskFunction_t)( void * );
  * to make it clear that new projects should not use it, support for the port
  * specific constants has been moved into the deprecated_definitions.h header
  * file. */
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/deprecated_definitions.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/deprecated_definitions.h" 1
 /*
- * FreeRTOS Kernel V10.4.3
+ * FreeRTOS SMP Kernel V202110.00
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy of
@@ -1133,16 +1133,16 @@ typedef void (* TaskFunction_t)( void * );
  * portmacro.h file to be located anywhere in relation to the port being used.  The
  * definitions below remain in the code for backward compatibility only.  New
  * projects should not use them. */
-// # 45 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h" 2
+// # 45 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/portable.h" 2
 
 /* If portENTER_CRITICAL is not defined then including deprecated_definitions.h
  * did not result in a portmacro.h header file being included - and it should be
  * included here.  In this case the path to the correct portmacro.h header file
  * must be set in the compiler's include path. */
 
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 1
 /*
- * FreeRTOS Kernel V10.4.3
+ * FreeRTOS SMP Kernel V202110.00
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
  * Copyright (c) 2021 Raspberry Pi (Trading) Ltd.
  *
@@ -1169,7 +1169,7 @@ typedef void (* TaskFunction_t)( void * );
  * https://github.com/FreeRTOS
  *
  */
-// # 37 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
+// # 37 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico.h" 1
 /*
  * Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
@@ -3748,7 +3748,7 @@ uint __get_current_exception(void);
         PICO_ERROR_IO = -6
     };
 // # 33 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico.h" 2
-// # 38 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 2
+// # 38 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2_common/hardware_sync/include/hardware/sync.h" 1
 /*
  * Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
@@ -4330,7 +4330,7 @@ int spin_lock_claim_unused(bool required);
  * \see spin_lock_claim_mask
  */
 bool spin_lock_is_claimed(uint lock_num);
-// # 39 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 2
+// # 39 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 2
 
 /*-----------------------------------------------------------
  * Port specific definitions.
@@ -4343,7 +4343,7 @@ bool spin_lock_is_claimed(uint lock_num);
  */
 
 /* Type definitions. */
-// # 59 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
+// # 59 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
     typedef uint32_t StackType_t;
     typedef int32_t BaseType_t;
     typedef uint32_t UBaseType_t;
@@ -4366,6 +4366,12 @@ bool spin_lock_is_claimed(uint lock_num);
 
 
 
+        /* Reason for rewrite: VeriFast does not support the attriibute `used`. 
+         */
+
+
+
+
     /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config,
      * as our FreeRTOSConfig.h header cannot be included by ASM code - which is what this affects in the SDK */
 
@@ -4410,9 +4416,9 @@ bool spin_lock_is_claimed(uint lock_num);
 
 
     /* Check validity of number of cores specified in config */
-// # 133 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
+// # 139 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
     /* FreeRTOS core id is always zero based, so always 0 if we're running on only one core */
-// # 145 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
+// # 151 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
     void vYieldCore(int xCoreID);
 
 
@@ -4420,7 +4426,7 @@ bool spin_lock_is_claimed(uint lock_num);
 /*-----------------------------------------------------------*/
 
 /* Critical section management. */
-// # 162 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
+// # 168 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
     extern void vPortEnableInterrupts();
 
 
@@ -4434,46 +4440,10 @@ bool spin_lock_is_claimed(uint lock_num);
     /* Note this is a single method with uxAcquire parameter since we have
      * static vars, the method is always called with a compile time constant for
      * uxAcquire, and the compiler should dothe right thing! */
-    static void vPortRecursiveLock(uint32_t ulLockNum, spin_lock_t *pxSpinLock, BaseType_t uxAcquire) {
-        static uint8_t ucOwnedByCore[ 2 ];
-        static uint8_t ucRecursionCountByLock[ 2 ];
-        (__builtin_expect(!(ulLockNum >= 0 && ulLockNum < 2), 0) ? __assert_rtn ((const char *)-1L, "portmacro.h", 178, "ulLockNum >= 0 && ulLockNum < 2") : (void)0);
-        uint32_t ulCoreNum = get_core_num();
-        uint32_t ulLockBit = 1u << ulLockNum;
-        (__builtin_expect(!(ulLockBit < 256u), 0) ? __assert_rtn ((const char *)-1L, "portmacro.h", 181, "ulLockBit < 256u") : (void)0);
-        if( uxAcquire )
-        {
-            if( __builtin_expect( !*pxSpinLock, 0 ) )
-            {
-                if( ucOwnedByCore[ulCoreNum] & ulLockBit )
-                {
-                    (__builtin_expect(!(ucRecursionCountByLock[ulLockNum] != 255u), 0) ? __assert_rtn ((const char *)-1L, "portmacro.h", 188, "ucRecursionCountByLock[ulLockNum] != 255u") : (void)0);
-                    ucRecursionCountByLock[ulLockNum]++;
-                    return;
-                }
-                while ( __builtin_expect( !*pxSpinLock, 0 ) );
-            }
-            __mem_fence_acquire();
-            (__builtin_expect(!(ucRecursionCountByLock[ulLockNum] == 0), 0) ? __assert_rtn ((const char *)-1L, "portmacro.h", 195, "ucRecursionCountByLock[ulLockNum] == 0") : (void)0);
-            ucRecursionCountByLock[ulLockNum] = 1;
-            ucOwnedByCore[ulCoreNum] |= ulLockBit;
-        } else {
-            (__builtin_expect(!((ucOwnedByCore[ulCoreNum] & ulLockBit) != 0), 0) ? __assert_rtn ((const char *)-1L, "portmacro.h", 199, "(ucOwnedByCore[ulCoreNum] & ulLockBit) != 0") : (void)0);
-            (__builtin_expect(!(ucRecursionCountByLock[ulLockNum] != 0), 0) ? __assert_rtn ((const char *)-1L, "portmacro.h", 200, "ucRecursionCountByLock[ulLockNum] != 0") : (void)0);
-            if( !--ucRecursionCountByLock[ulLockNum] )
-            {
-                ucOwnedByCore[ulCoreNum] &= ~ulLockBit;
-                __mem_fence_release();
-                *pxSpinLock = 1;
-            }
-        }
-    }
-
-
-
-
-
 
+        /* Reason for rewrite: VeriFast does not support local static variables.
+         */
+// # 226 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
 /*-----------------------------------------------------------*/
 
 /* Tickless idle/low power functionality. */
@@ -4484,17 +4454,17 @@ bool spin_lock_is_claimed(uint lock_num);
 /*-----------------------------------------------------------*/
 
 /* Task function macros as described on the FreeRTOS.org WEB site. */
-// # 52 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h" 2
-// # 94 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h"
+// # 52 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/portable.h" 2
+// # 94 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/portable.h"
 /* *INDENT-OFF* */
 
 
 
 /* *INDENT-ON* */
 
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/mpu_wrappers.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/mpu_wrappers.h" 1
 /*
- * FreeRTOS Kernel V10.4.3
+ * FreeRTOS SMP Kernel V202110.00
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy of
@@ -4524,7 +4494,7 @@ bool spin_lock_is_claimed(uint lock_num);
 
 /* This file redefines API functions to be called through a wrapper macro, but
  * only for ports that are using the MPU. */
-// # 101 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h" 2
+// # 101 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/portable.h" 2
 
 /*
  * Setup the stack of a new task so it is ready to be placed under the
@@ -4532,7 +4502,7 @@ bool spin_lock_is_claimed(uint lock_num);
  * the order that the port expects to find them.
  *
  */
-// # 128 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h"
+// # 128 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/portable.h"
         StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
                                              TaskFunction_t pxCode,
                                              void * pvParameters ) ;
@@ -4586,7 +4556,7 @@ void vPortFree( void * pv ) ;
 void vPortInitialiseBlocks( void ) ;
 size_t xPortGetFreeHeapSize( void ) ;
 size_t xPortGetMinimumEverFreeHeapSize( void ) ;
-// # 190 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h"
+// # 190 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/portable.h"
 /*
  * Setup the hardware ready for the scheduler to take control.  This generally
  * sets up a tick interrupt and sets timers for the correct tick frequency.
@@ -4607,13 +4577,13 @@ void vPortEndScheduler( void ) ;
  * Fills the xMPUSettings structure with the memory region information
  * contained in xRegions.
  */
-// # 218 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/portable.h"
+// # 218 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/portable.h"
 /* *INDENT-OFF* */
 
 
 
 /* *INDENT-ON* */
-// # 64 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h" 2
+// # 64 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h" 2
 
 /* Must be defaulted before configUSE_NEWLIB_REENTRANT is used below. */
 
@@ -4621,30 +4591,27 @@ void vPortEndScheduler( void ) ;
 
 
 /* Required if struct _reent is used. */
-
-
-
-
+// # 83 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h"
 /*
  * Check all the required application specific macros have been defined.
  * These macros are application specific and (as downloaded) are defined
  * within FreeRTOSConfig.h.
  */
-// # 140 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
+// # 148 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h"
         /* If INCLUDE_vTaskDelayUntil is set but INCLUDE_xTaskDelayUntil is not then
          * the project's FreeRTOSConfig.h probably pre-dates the introduction of
          * xTaskDelayUntil and setting INCLUDE_xTaskDelayUntil to whatever
          * INCLUDE_vTaskDelayUntil is set to will ensure backward compatibility.
          */
-// # 274 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
+// # 282 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h"
 /* configPRECONDITION should be defined as configASSERT.
  * The CBMC proofs need a way to track assumptions and assertions.
  * A configPRECONDITION statement should express an implicit invariant or
  * assumption made.  A configASSERT statement should express an invariant that must
  * hold explicit before calling the code. */
-// # 303 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
+// # 311 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h"
 /* The timers module relies on xTaskGetSchedulerState(). */
-// # 358 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
+// # 366 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h"
 /* Remove any unused trace macros. */
 
 
@@ -4734,13 +4701,13 @@ void vPortEndScheduler( void ) ;
  * queue/mutex/semaphore.  pxQueue is a pointer to the queue/mutex/semaphore
  * upon which the write was attempted.  pxCurrentTCB points to the TCB of the
  * task that attempted the write. */
-// # 462 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
+// # 470 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h"
 /* The following event macros are embedded in the kernel API calls. */
-// # 917 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
+// # 925 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h"
     /* Defaults to 0 for backward compatibility. */
-// # 936 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
+// # 944 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h"
 /* Sanity check the configuration. */
-// # 978 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
+// # 986 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h"
 /* The tick type can be read atomically, so critical sections used when the
  * tick count is returned can be defined away. */
 
@@ -4781,7 +4748,7 @@ void vPortEndScheduler( void ) ;
 
 /* The application writer has not provided their own MIN macro, so define
  * the following generic implementation. */
-// # 1059 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
+// # 1067 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h"
 /* Set configUSE_TASK_FPU_SUPPORT to 0 to omit floating point support even
  * if floating point hardware is otherwise supported by the FreeRTOS port in use.
  * This constant is not supported by all FreeRTOS ports that include floating
@@ -4955,7 +4922,7 @@ typedef struct xSTATIC_TCB
 
 
         void * pvDummy15[ 5 ];
-// # 1240 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/FreeRTOS.h"
+// # 1248 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h"
         uint32_t ulDummy18[ 1 ];
         uint8_t ucDummy19[ 1 ];
 
@@ -5102,9 +5069,9 @@ typedef StaticStreamBuffer_t StaticMessageBuffer_t;
 
 /* *INDENT-ON* */
 // # 43 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/task.h" 1
 /*
- * FreeRTOS Kernel V10.4.3
+ * FreeRTOS SMP Kernel V202110.00
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy of
@@ -5128,10 +5095,49 @@ typedef StaticStreamBuffer_t StaticMessageBuffer_t;
  * https://github.com/FreeRTOS
  *
  */
-// # 35 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h"
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/list.h" 1
+
+
+
+
+
+
+    /* Reason for rewrite:
+     * VeriFast bug:
+     * Both `#ifdef INC_FREERTOS_H` and its negation `#ifdef INC_FREERTOS_H`
+     * evaluate to true. See minimal example `define_name`.
+     */
+
+    /* Remember that this header is included by `tasks.c` after it includes
+     * `FreeRTOS.h`.
+     */
+    // TODO: Remove this work-around once VF has been fixed.
+
+
+
+/* Remark: 
+ * Note that the following VF section renders the previous one obsolete.
+ * However, we keep the above as a reminder until the corresponding bug
+ * has been fixed.
+ */
+
+    /* Reason for rewrite:
+     * Even though in the current verification setup, `FreeRTOS.h` is always
+     * included before this file is processed, VeriFast does not consider this
+     * context when processing this file. VeriFast forbids macro expansions to
+     * depend on a potentially variable context, e.g, `configSTACK_DEPTH_TYPE` 
+     * which expands to 'uint16_t' if and only if `FreeRTOS.h` has been 
+     * included.
+     */
+
+
+
+
+
+
+
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/list.h" 1
 /*
- * FreeRTOS Kernel V10.4.3
+ * FreeRTOS SMP Kernel V202110.00
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy of
@@ -5183,7 +5189,40 @@ typedef StaticStreamBuffer_t StaticMessageBuffer_t;
  * \page ListIntroduction List Implementation
  * \ingroup FreeRTOSIntro
  */
-// # 63 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/list.h"
+
+
+
+
+
+
+
+    /* Reason for rewrite:
+     * VeriFast bug:
+     * Both `#ifdef INC_FREERTOS_H` and its negation `#ifdef INC_FREERTOS_H`
+     * evaluate to true. See minimal example `define_name`.
+     */
+
+    /* Remember that this header is included indirectly `tasks.c` after it
+     * includes `FreeRTOS.h`.
+     */
+    // TODO: Remove this work-around once VF has been fixed.
+
+
+
+
+
+
+
+    /* Reason for rewrite:
+     * VeriFast's normal and context-free preprocessor consume different
+     * numbers of tokens when expanding `PRIVILEGED_FUNCTION` in this file.
+     */
+
+    // TODO: Figure out why the preprocessors consume different amounts of
+    //       of tokens. This most likely has to do with the path/context
+    //       from which this header is included.
+
+
 /*
  * The list structure members are modified from within interrupts, and therefore
  * by rights should be declared volatile.  However, they are only modified in a
@@ -5229,7 +5268,7 @@ typedef StaticStreamBuffer_t StaticMessageBuffer_t;
  * use of FreeRTOS.*/
 
     /* Define the macros to do nothing. */
-// # 138 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/list.h"
+// # 163 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/list.h"
 /*
  * Definition of the only type of object that a list can contain.
  */
@@ -5371,7 +5410,7 @@ typedef struct xLIST
  * \page listGET_OWNER_OF_NEXT_ENTRY listGET_OWNER_OF_NEXT_ENTRY
  * \ingroup LinkedList
  */
-// # 293 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/list.h"
+// # 318 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/list.h"
 /*
  * Access function to obtain the owner of the first entry in a list.  Lists
  * are normally sorted in ascending item value order.
@@ -5495,7 +5534,7 @@ UBaseType_t uxListRemove( ListItem_t * const pxItemToRemove ) ;
 
 
 /* *INDENT-ON* */
-// # 36 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h" 2
+// # 67 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/task.h" 2
 
 /* *INDENT-OFF* */
 
@@ -5841,8 +5880,7 @@ typedef enum
                             void * const pvParameters,
                             UBaseType_t uxPriority,
                             TaskHandle_t * const pxCreatedTask ) ;
-
-
+// # 424 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/task.h"
 /**
  * task. h
  * 
@@ -5951,7 +5989,7 @@ typedef enum
  * \defgroup xTaskCreateStatic xTaskCreateStatic
  * \ingroup Tasks
  */
-// # 501 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h"
+// # 553 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/task.h"
 /**
  * task. h
  * 
@@ -6025,11 +6063,7 @@ typedef enum
  * \defgroup xTaskCreateRestricted xTaskCreateRestricted
  * \ingroup Tasks
  */
-
-
-
-
-
+// # 637 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/task.h"
 /**
  * task. h
  * 
@@ -6115,11 +6149,7 @@ typedef enum
  * \defgroup xTaskCreateRestrictedStatic xTaskCreateRestrictedStatic
  * \ingroup Tasks
  */
-
-
-
-
-
+// # 733 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/task.h"
 /**
  * task. h
  * 
@@ -6696,7 +6726,7 @@ void vTaskResume( TaskHandle_t xTaskToResume ) ;
  * \ingroup TaskCtrl
  */
 BaseType_t xTaskResumeFromISR( TaskHandle_t xTaskToResume ) ;
-// # 1333 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h"
+// # 1397 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/task.h"
 /**
  * @brief Disables preemption for a task.
  *
@@ -7095,7 +7125,7 @@ uint32_t uxTaskGetStackHighWaterMark2( TaskHandle_t xTask ) ;
  * fixed by simply guarding against the inclusion of these two prototypes unless
  * they are explicitly required by the configUSE_APPLICATION_TASK_TAG configuration
  * constant. */
-// # 1774 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h"
+// # 1838 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/task.h"
 /* Each task contains an array of pointers that is dimensioned by the
  * configNUM_THREAD_LOCAL_STORAGE_POINTERS setting in FreeRTOSConfig.h.  The
  * kernel does not use the pointers itself, so the application writer can use
@@ -7135,7 +7165,7 @@ uint32_t uxTaskGetStackHighWaterMark2( TaskHandle_t xTask ) ;
      * This hook function is called in the system tick handler after any OS work is completed.
      */
     void vApplicationTickHook( void ); /*lint !e526 Symbol not defined as it is an application callback. */
-// # 1833 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/task.h"
+// # 1897 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/task.h"
 /**
  * task.h
  * 
@@ -8437,7 +8467,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
  * Sets the pointer to the current TCB to the TCB of the highest priority task
  * that is ready to run.
  */
- void vTaskSwitchContext( BaseType_t xCoreID ) ;
+                 void vTaskSwitchContext( BaseType_t xCoreID ) ;
 
 /*
  * THESE FUNCTIONS MUST NOT BE USED FROM APPLICATION CODE.  THEY ARE USED BY
@@ -8552,9 +8582,9 @@ void vTaskYieldWithinAPI( void );
 
 /* *INDENT-ON* */
 // # 44 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/timers.h" 1
 /*
- * FreeRTOS Kernel V10.4.3
+ * FreeRTOS SMP Kernel V202110.00
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy of
@@ -8578,7 +8608,29 @@ void vTaskYieldWithinAPI( void );
  * https://github.com/FreeRTOS
  *
  */
-// # 35 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h"
+
+
+
+
+
+
+
+    /* Reason for rewrite:
+     * VeriFast bug:
+     * Both `#ifdef INC_FREERTOS_H` and its negation `#ifdef INC_FREERTOS_H`
+     * evaluate to true. See minimal example `define_name`.
+     */
+
+    /* Remember that this header is included indirectly `tasks.c` after it
+     * includes `FreeRTOS.h`.
+     */
+    // TODO: Remove this work-around once VF has been fixed.
+
+
+
+
+
+
 /*lint -save -e537 This headers are only multiply included if the application code
  * happens to also be including task.h. */
 
@@ -8599,7 +8651,7 @@ void vTaskYieldWithinAPI( void );
  * as defined below.  The commands that are sent from interrupts must use the
  * highest numbers as tmrFIRST_FROM_ISR_COMMAND is used to determine if the task
  * or interrupt version of the queue send function should be used. */
-// # 71 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h"
+// # 85 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/timers.h"
 /**
  * Type by which software timers are referenced.  For example, a call to
  * xTimerCreate() returns an TimerHandle_t variable that can then be used to
@@ -8888,7 +8940,7 @@ typedef void (* PendedFunction_t)( void *,
  * }
  * @endverbatim
  */
-// # 368 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h"
+// # 382 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/timers.h"
 /**
  * void *pvTimerGetTimerID( TimerHandle_t xTimer );
  *
@@ -9864,16 +9916,16 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
     void vTimerSetTimerNumber( TimerHandle_t xTimer,
                                UBaseType_t uxTimerNumber ) ;
     UBaseType_t uxTimerGetTimerNumber( TimerHandle_t xTimer ) ;
-// # 1364 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/timers.h"
+// # 1378 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/timers.h"
 /* *INDENT-OFF* */
 
 
 
 /* *INDENT-ON* */
 // # 45 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/stack_macros.h" 1
 /*
- * FreeRTOS Kernel V10.4.3
+ * FreeRTOS SMP Kernel V202110.00
  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy of
@@ -9921,13 +9973,13 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
  * portSTACK_LIMIT_PADDING is a number of extra words to consider to be in
  * use on the stack.
  */
-// # 67 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h"
+// # 67 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/stack_macros.h"
 /*-----------------------------------------------------------*/
-// # 83 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h"
+// # 83 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/stack_macros.h"
 /*-----------------------------------------------------------*/
-// # 102 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h"
+// # 102 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/stack_macros.h"
 /*-----------------------------------------------------------*/
-// # 126 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/include/stack_macros.h"
+// # 126 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/stack_macros.h"
 /*-----------------------------------------------------------*/
 
 /* Remove stack overflow macro if not being used. */

From eeae596776838c5172aced8dd699fb801c5f666a Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Sat, 22 Oct 2022 12:39:54 -0400
Subject: [PATCH 044/289] Replaced asm macro by failing assertion.

---
 tasks.c                                       |   4 +
 .../verifast/preprocessed_files/tasks--pp.c   | 464 +++++++++---------
 .../verifast/proof_setup/verifast_asm.h       |  12 +
 3 files changed, 255 insertions(+), 225 deletions(-)
 create mode 100644 verification/verifast/proof_setup/verifast_asm.h

diff --git a/tasks.c b/tasks.c
index 81ad299e3bf..838ac8c3e5f 100644
--- a/tasks.c
+++ b/tasks.c
@@ -44,6 +44,10 @@
 #include "timers.h"
 #include "stack_macros.h"
 
+#ifdef VERIFAST
+    #include "verifast_asm.h"
+#endif
+
 /* Lint e9021, e961 and e750 are suppressed as a MISRA exception justified
  * because the MPU ports require MPU_WRAPPERS_INCLUDED_FROM_API_FILE to be defined
  * for the header files above, but not in this file, in order to generate the
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index c9015ae200f..c4ce48ad073 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -65,40 +65,40 @@ typedef intptr_t ptrdiff_t;
 typedef intptr_t ssize_t;
 // # 5 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/malloc.h" 2
 
-/*@
-
-// In Standard C, freeing a null pointer is allowed and is a no-op.
-lemma_auto void malloc_block_null();
-    requires emp;
-    ensures malloc_block(0, 0);
-
-lemma void malloc_block_limits(void *array);
-    requires [?f]malloc_block(array, ?size);
-    ensures [f]malloc_block(array, size) &*& (void *)0 <= array &*& 0 <= size &*& array + size <= (void *)UINTPTR_MAX;
-
+/*@
+
+// In Standard C, freeing a null pointer is allowed and is a no-op.
+lemma_auto void malloc_block_null();
+    requires emp;
+    ensures malloc_block(0, 0);
+
+lemma void malloc_block_limits(void *array);
+    requires [?f]malloc_block(array, ?size);
+    ensures [f]malloc_block(array, size) &*& (void *)0 <= array &*& 0 <= size &*& array + size <= (void *)UINTPTR_MAX;
+
 @*/
 
 void *malloc(size_t size);
     //@ requires true;
-    /*@
-    ensures
-        result == 0 ?
-            emp
-        :
-            chars_(result, size, _) &*& malloc_block(result, size) &*&
-            (char *)0 < result && result + size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
+    /*@
+    ensures
+        result == 0 ?
+            emp
+        :
+            chars_(result, size, _) &*& malloc_block(result, size) &*&
+            (char *)0 < result && result + size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
     @*/
     //@ terminates;
 
 void *calloc(size_t nmemb, size_t size);
     //@ requires true;
-    /*@
-    ensures
-        result == 0 ?
-            emp
-        :
-            chars(result, nmemb * size, ?cs) &*& malloc_block(result, nmemb * size) &*& all_eq(cs, 0) == true &*&
-            (char *)0 < result && result + nmemb * size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
+    /*@
+    ensures
+        result == 0 ?
+            emp
+        :
+            chars(result, nmemb * size, ?cs) &*& malloc_block(result, nmemb * size) &*& all_eq(cs, 0) == true &*&
+            (char *)0 < result && result + nmemb * size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
     @*/
     //@ terminates;
 
@@ -109,16 +109,16 @@ void free(void *array);
 
 void *realloc(void *array, size_t newSize);
     //@ requires malloc_block(array, ?size) &*& chars(array, size, ?cs);
-    /*@
-    ensures
-        result == 0 ?
-            malloc_block(array, size) &*& chars(array, size, cs)
-        :
-            malloc_block(result, newSize) &*&
-            newSize <= size ?
-                chars(result, _, take(newSize, cs))
-            :
-                chars(result, _, cs) &*& chars(result + size, newSize - size, _);
+    /*@
+    ensures
+        result == 0 ?
+            malloc_block(array, size) &*& chars(array, size, cs)
+        :
+            malloc_block(result, newSize) &*&
+            newSize <= size ?
+                chars(result, _, take(newSize, cs))
+            :
+                chars(result, _, cs) &*& chars(result + size, newSize - size, _);
     @*/
     //@ terminates;
 // # 6 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdlib.h" 2
@@ -163,21 +163,21 @@ void memcpy(void *array, void *array0, size_t count);
     //@ ensures chars(array, count, cs0) &*& [f]chars(array0, count, cs0);
 
 void memmove(void *dest, void *src, size_t count);
-    /*@
-    requires
-        chars(src, count, ?cs) &*&
-        dest <= src ?
-            chars(dest, src - dest, _)
-        :
-            chars(src + count, dest - src, _);
+    /*@
+    requires
+        chars(src, count, ?cs) &*&
+        dest <= src ?
+            chars(dest, src - dest, _)
+        :
+            chars(src + count, dest - src, _);
     @*/
-    /*@
-    ensures
-        chars(dest, count, cs) &*&
-        dest <= src ?
-            chars(dest + count, src - dest, _)
-        :
-            chars(src, dest - src, _);
+    /*@
+    ensures
+        chars(dest, count, cs) &*&
+        dest <= src ?
+            chars(dest + count, src - dest, _)
+        :
+            chars(src, dest - src, _);
     @*/
 
 size_t strlen(char *string);
@@ -198,15 +198,15 @@ char *memchr(char *array, char c, size_t count);
 
 char* strchr(char *str, char c);
     //@ requires [?f]string(str, ?cs);
-    /*@ ensures
-            [f]string(str, cs) &*&
-            c == 0 ? 
-                result == str + length(cs)
-            : 
-                result == 0 ?
-                    mem(c, cs) == false
-                :
-                    mem(c, cs) == true &*& result == str + index_of(c, cs);
+    /*@ ensures
+            [f]string(str, cs) &*&
+            c == 0 ? 
+                result == str + length(cs)
+            : 
+                result == 0 ?
+                    mem(c, cs) == false
+                :
+                    mem(c, cs) == true &*& result == str + index_of(c, cs);
     @*/
 
 void* memset(void *array, char value, size_t size);
@@ -1141,33 +1141,33 @@ typedef void (* TaskFunction_t)( void * );
  * must be set in the compiler's include path. */
 
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 1
-/*
- * FreeRTOS SMP Kernel V202110.00
- * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
- * Copyright (c) 2021 Raspberry Pi (Trading) Ltd.
- *
- * SPDX-License-Identifier: MIT AND BSD-3-Clause
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy of
- * this software and associated documentation files (the "Software"), to deal in
- * the Software without restriction, including without limitation the rights to
- * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
- * the Software, and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
- * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
- * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
- * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
- * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- *
- * https://www.FreeRTOS.org
- * https://github.com/FreeRTOS
- *
+/*
+ * FreeRTOS SMP Kernel V202110.00
+ * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
+ * Copyright (c) 2021 Raspberry Pi (Trading) Ltd.
+ *
+ * SPDX-License-Identifier: MIT AND BSD-3-Clause
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of
+ * this software and associated documentation files (the "Software"), to deal in
+ * the Software without restriction, including without limitation the rights to
+ * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+ * the Software, and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+ * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+ * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * https://www.FreeRTOS.org
+ * https://github.com/FreeRTOS
+ *
  */
 // # 37 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico.h" 1
@@ -4332,14 +4332,14 @@ int spin_lock_claim_unused(bool required);
 bool spin_lock_is_claimed(uint lock_num);
 // # 39 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 2
 
-/*-----------------------------------------------------------
- * Port specific definitions.
- *
- * The settings in this file configure FreeRTOS correctly for the
- * given hardware and compiler.
- *
- * These settings should not be altered.
- *-----------------------------------------------------------
+/*-----------------------------------------------------------
+ * Port specific definitions.
+ *
+ * The settings in this file configure FreeRTOS correctly for the
+ * given hardware and compiler.
+ *
+ * These settings should not be altered.
+ *-----------------------------------------------------------
  */
 
 /* Type definitions. */
@@ -4355,7 +4355,7 @@ bool spin_lock_is_claimed(uint lock_num);
         typedef uint32_t TickType_t;
 
 
-/* 32-bit tick type on a 32-bit architecture, so reads of the tick count do
+/* 32-bit tick type on a 32-bit architecture, so reads of the tick count do
  * not need to be guarded with a critical section. */
 
 
@@ -4366,13 +4366,13 @@ bool spin_lock_is_claimed(uint lock_num);
 
 
 
-        /* Reason for rewrite: VeriFast does not support the attriibute `used`. 
+        /* Reason for rewrite: VeriFast does not support the attriibute `used`. 
          */
 
 
 
 
-    /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config,
+    /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config,
      * as our FreeRTOSConfig.h header cannot be included by ASM code - which is what this affects in the SDK */
 
 
@@ -4437,11 +4437,11 @@ bool spin_lock_is_claimed(uint lock_num);
 
 
 
-    /* Note this is a single method with uxAcquire parameter since we have
-     * static vars, the method is always called with a compile time constant for
+    /* Note this is a single method with uxAcquire parameter since we have
+     * static vars, the method is always called with a compile time constant for
      * uxAcquire, and the compiler should dothe right thing! */
 
-        /* Reason for rewrite: VeriFast does not support local static variables.
+        /* Reason for rewrite: VeriFast does not support local static variables.
          */
 // # 226 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
 /*-----------------------------------------------------------*/
@@ -9985,6 +9985,19 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
 /* Remove stack overflow macro if not being used. */
 // # 46 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
+
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_asm.h" 1
+
+
+
+bool assert_fct(bool b)
+{
+    (__builtin_expect(!(b), 0) ? __assert_rtn ((const char *)-1L, "verifast_asm.h", 6, "b") : (void)0);
+    return b;
+}
+// # 49 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+
+
 /* Lint e9021, e961 and e750 are suppressed as a MISRA exception justified
  * because the MPU ports require MPU_WRAPPERS_INCLUDED_FROM_API_FILE to be defined
  * for the header files above, but not in this file, in order to generate the
@@ -9993,7 +10006,7 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
 
 /* Set configUSE_STATS_FORMATTING_FUNCTIONS to 2 to include the stats formatting
  * functions but without including stdio.h here. */
-// # 73 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 77 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /* Values that can be assigned to the ucNotifyState member of the TCB. */
 
 
@@ -10050,18 +10063,18 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
 
 /* uxTopReadyPriority holds the priority of the highest priority ready
  * state task. */
-// # 137 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 141 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /*-----------------------------------------------------------*/
 
 /* Define away taskRESET_READY_PRIORITY() and portRESET_READY_PRIORITY() as
  * they are only required when a port optimised method of task selection is
  * being used. */
-// # 171 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 175 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 /* pxDelayedTaskList and pxOverflowDelayedTaskList are switched when the tick
  * count overflows. */
-// # 189 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 193 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 /*
@@ -10116,7 +10129,7 @@ typedef BaseType_t TaskRunning_t;
 typedef struct tskTaskControlBlock /* The old naming convention is used to prevent breaking kernel aware debuggers. */
 {
     volatile StackType_t * pxTopOfStack; /*< Points to the location of the last item placed on the tasks stack.  THIS MUST BE THE FIRST MEMBER OF THE TCB STRUCT. */
-// # 252 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 256 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     ListItem_t xStateListItem; /*< The list that the state list item of a task is reference from denotes the state of that task (Ready, Blocked, Suspended ). */
     ListItem_t xEventListItem; /*< Used to reference a task from an event list. */
     UBaseType_t uxPriority; /*< The priority of the task.  0 is the lowest priority. */
@@ -10124,7 +10137,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve
     volatile TaskRunning_t xTaskRunState; /*< Used to identify the core the task is running on, if any. */
     BaseType_t xIsIdle; /*< Used to identify the idle tasks. */
     char pcTaskName[ 16 ]; /*< Descriptive name given to the task when created.  Facilitates debugging only. */ /*lint !e971 Unqualified char types are allowed for strings and single characters only. */
-// # 269 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 273 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         UBaseType_t uxCriticalNesting; /*< Holds the critical section nesting depth for ports that do not maintain their own count in the port layer. */
 
 
@@ -10144,7 +10157,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve
 
 
         void * pvThreadLocalStoragePointers[ 5 ];
-// # 309 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 313 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         volatile uint32_t ulNotifiedValue[ 1 ];
         volatile uint8_t ucNotifyState[ 1 ];
 
@@ -10235,7 +10248,7 @@ const volatile UBaseType_t uxTopUsedPriority = 32 - 1U;
  * must not be done by an ISR. Reads must be protected by either lock and may be done by
  * either an ISR or a task. */
                 static volatile UBaseType_t uxSchedulerSuspended = ( UBaseType_t ) ( ( BaseType_t ) 0 );
-// # 409 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 413 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*lint -restore */
 
 /*-----------------------------------------------------------*/
@@ -10388,7 +10401,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
  * will exit the Blocked state.
  */
 static void prvResetNextTaskUnblockTime( void ) ;
-// # 573 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 577 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * Called after a Task_t structure has been allocated either statically or
  * dynamically to fill in the structure's members.
@@ -10420,9 +10433,9 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) ;
 
 
 /*-----------------------------------------------------------*/
-// # 623 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 627 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 706 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 710 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvYieldCore( BaseType_t xCoreID )
@@ -10430,7 +10443,7 @@ static void prvYieldCore( BaseType_t xCoreID )
     /* This must be called from a critical section and
      * xCoreID must be valid. */
 
-    if( ({ uint32_t ulIPSR; __asm volatile ("mrs %0, IPSR" : "=r" (ulIPSR)::); ((uint8_t)ulIPSR)>0;}) && ( xCoreID == 0 ) )
+    if( assert_fct(false) && ( xCoreID == 0 ) )
     {
         xYieldPendings[ xCoreID ] = ( ( BaseType_t ) 1 );
     }
@@ -10464,8 +10477,8 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
     /* THIS FUNCTION MUST BE CALLED FROM A CRITICAL SECTION */
 
-    (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 747, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
-// # 760 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+    (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 751, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+// # 764 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     xLowestPriority = ( BaseType_t ) pxTCB->uxPriority;
 
     if( xPreemptEqualPriority == ( ( BaseType_t ) 0 ) )
@@ -10504,7 +10517,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
             {
                                         ;
             }
-// # 814 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 818 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
         else
         {
@@ -10517,7 +10530,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
         prvYieldCore( xLowestPriorityCore );
         xYieldCount++;
     }
-// # 834 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 838 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 /*-----------------------------------------------------------*/
 
@@ -10528,12 +10541,13 @@ static void prvYieldForTask( TCB_t * pxTCB,
         UBaseType_t uxCurrentPriority = uxTopReadyPriority;
         BaseType_t xTaskScheduled = ( ( BaseType_t ) 0 );
         BaseType_t xDecrementTopPriority = ( ( BaseType_t ) 1 );
-// # 852 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 856 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         while( xTaskScheduled == ( ( BaseType_t ) 0 ) )
         {
-// # 866 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 870 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             if( ( ( ( &( pxReadyTasksLists[ uxCurrentPriority ] ) )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) == ( ( BaseType_t ) 0 ) )
             {
+             List_t *  tt = &( pxReadyTasksLists[ uxCurrentPriority ] );
                 List_t * const pxReadyList = &( pxReadyTasksLists[ uxCurrentPriority ] );
                 ListItem_t * pxLastTaskItem = pxReadyList->pxIndex->pxPrevious;
                 ListItem_t * pxTaskItem = pxLastTaskItem;
@@ -10561,7 +10575,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     pxTCB = pxTaskItem->pvOwner;
 
                     /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */
-// # 911 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 915 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     if( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -1 ) )
                     {
 
@@ -10582,7 +10596,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     }
                     else if( pxTCB == pxCurrentTCBs[ xCoreID ] )
                     {
-                        (__builtin_expect(!(( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 931, "( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )") : (void)0);
+                        (__builtin_expect(!(( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 935, "( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )") : (void)0);
 
 
 
@@ -10626,21 +10640,21 @@ static void prvYieldForTask( TCB_t * pxTCB,
                 return ( ( BaseType_t ) 0 );
             }
 
-            (__builtin_expect(!(( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 975, "( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )") : (void)0);
+            (__builtin_expect(!(( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 979, "( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )") : (void)0);
             uxCurrentPriority--;
         }
 
-        (__builtin_expect(!(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 979, "( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )") : (void)0);
-// # 1055 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+        (__builtin_expect(!(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 983, "( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )") : (void)0);
+// # 1059 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         return ( ( BaseType_t ) 1 );
     }
-// # 1071 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1075 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1149 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1153 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1212 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1216 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1278 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1282 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -10651,7 +10665,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                             void * const pvParameters,
                             UBaseType_t uxPriority,
                             TaskHandle_t * const pxCreatedTask )
-// # 1301 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1305 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     {
         TCB_t * pxNewTCB;
         BaseType_t xReturn;
@@ -10659,7 +10673,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
         /* If the stack grows down then allocate the stack then the TCB so the stack
          * does not grow into the TCB.  Likewise if the stack grows up then allocate
          * the TCB then the stack. */
-// # 1331 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1335 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 StackType_t * pxStack;
 
@@ -10692,9 +10706,9 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
         if( pxNewTCB != 0 )
         {
-// # 1371 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1375 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvInitialiseNewTask( pxTaskCode, pcName, ( uint32_t ) usStackDepth, pvParameters, uxPriority, pxCreatedTask, pxNewTCB, 0 );
-// # 1380 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1384 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvAddNewTaskToReadyList( pxNewTCB );
             xReturn = ( ( ( BaseType_t ) 1 ) );
         }
@@ -10720,7 +10734,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 {
     StackType_t * pxTopOfStack;
     UBaseType_t x;
-// # 1421 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1425 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Avoid dependency on memset() if it is not required. */
 
         {
@@ -10739,10 +10753,10 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             pxTopOfStack = ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception.  Avoiding casts between pointers and integers is not practical.  Size differences accounted for using portPOINTER_SIZE_TYPE type.  Checked by assert(). */
 
             /* Check the alignment of the calculated top of stack is correct. */
-            (__builtin_expect(!(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1439, "( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )") : (void)0);
-// # 1448 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+            (__builtin_expect(!(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1443, "( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )") : (void)0);
+// # 1452 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
-// # 1462 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1466 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Store the task name in the TCB. */
     if( pcName != 0 )
     {
@@ -10808,7 +10822,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         {
             pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U;
         }
-// # 1546 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1550 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* Avoid compiler warning about unreferenced parameter. */
             ( void ) xRegions;
@@ -10826,21 +10840,21 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             memset( ( void * ) &( pxNewTCB->ulNotifiedValue[ 0 ] ), 0x00, sizeof( pxNewTCB->ulNotifiedValue ) );
             memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) );
         }
-// # 1575 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1579 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             pxNewTCB->ucDelayAborted = ( ( BaseType_t ) 0 );
         }
-// # 1593 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1597 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Initialize the TCB stack to look as if the task was already running,
      * but had been interrupted by the scheduler.  The return address is set
      * to the start of the task function. Once the stack has been initialised
      * the top of stack variable is updated. */
-// # 1621 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1625 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* If the port has capability to detect stack overflow,
              * pass the stack end address to the stack initialization
              * function as well. */
-// # 1638 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1642 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                 {
                     pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters );
                 }
@@ -11045,7 +11059,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
                 if( xTaskRunningOnCore == xCoreID )
                 {
-                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1842, "uxSchedulerSuspended == 0") : (void)0);
+                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1846, "uxSchedulerSuspended == 0") : (void)0);
                     vTaskYieldWithinAPI();
                 }
                 else
@@ -11068,12 +11082,12 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         TickType_t xTimeToWake;
         BaseType_t xAlreadyYielded, xShouldDelay = ( ( BaseType_t ) 0 );
 
-        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1865, "pxPreviousWakeTime") : (void)0);
-        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1866, "( xTimeIncrement > 0U )") : (void)0);
+        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1869, "pxPreviousWakeTime") : (void)0);
+        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1870, "( xTimeIncrement > 0U )") : (void)0);
 
         vTaskSuspendAll();
         {
-            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1870, "uxSchedulerSuspended == 1") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1874, "uxSchedulerSuspended == 1") : (void)0);
 
             /* Minor optimisation.  The tick count cannot change in this
              * block. */
@@ -11159,7 +11173,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         {
             vTaskSuspendAll();
             {
-                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1956, "uxSchedulerSuspended == 1") : (void)0);
+                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1960, "uxSchedulerSuspended == 1") : (void)0);
                                  ;
 
                 /* A task that is removed from the event list while the
@@ -11201,7 +11215,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         List_t const * pxStateList, * pxDelayedList, * pxOverflowedDelayedList;
         const TCB_t * const pxTCB = xTask;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1998, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2002, "pxTCB") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -11363,7 +11377,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         BaseType_t xYieldForTask = ( ( BaseType_t ) 0 );
         BaseType_t xCoreID;
 
-        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2160, "( uxNewPriority < 32 )") : (void)0);
+        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2164, "( uxNewPriority < 32 )") : (void)0);
 
         /* Ensure the new priority is valid. */
         if( uxNewPriority >= ( UBaseType_t ) 32 )
@@ -11517,13 +11531,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
 /*-----------------------------------------------------------*/
-// # 2348 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2352 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2371 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2375 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2389 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2393 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2417 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2421 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -11600,7 +11614,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                     if( xTaskRunningOnCore == 0 )
                     {
                         /* The current task has just been suspended. */
-                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2493, "uxSchedulerSuspended == 0") : (void)0);
+                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2497, "uxSchedulerSuspended == 0") : (void)0);
                         vTaskYieldWithinAPI();
                     }
                     else
@@ -11614,7 +11628,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                 {
                     vTaskExitCritical();
 
-                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2507, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
+                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2511, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
 
                     /* The scheduler is not running, but the task that was pointed
                      * to by pxCurrentTCB has just been suspended and pxCurrentTCB
@@ -11661,7 +11675,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         /* Accesses xPendingReadyList so must be called from a critical section. */
 
         /* It does not make sense to check if the calling task is suspended. */
-        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2554, "xTask") : (void)0);
+        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2558, "xTask") : (void)0);
 
         /* Is the task being resumed actually in the suspended list? */
         if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &xSuspendedTaskList ) ) ? ( ( ( BaseType_t ) 1 ) ) : ( ( ( BaseType_t ) 0 ) ) ) != ( ( BaseType_t ) 0 ) )
@@ -11703,7 +11717,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         TCB_t * const pxTCB = xTaskToResume;
 
         /* It does not make sense to resume the calling task. */
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2596, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2600, "xTaskToResume") : (void)0);
 
         /* The parameter cannot be NULL as it is impossible to resume the
          * currently executing task. It is also impossible to resume a task
@@ -11755,7 +11769,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         TCB_t * const pxTCB = xTaskToResume;
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2648, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2652, "xTaskToResume") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -11876,7 +11890,7 @@ static BaseType_t prvCreateIdleTasks( void )
         {
                                     ;
         }
-// # 2816 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2820 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 if( xCoreID == 0 )
                 {
@@ -11888,7 +11902,7 @@ static BaseType_t prvCreateIdleTasks( void )
                                            ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */
                                            &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */
                 }
-// # 2839 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2843 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             }
 
     }
@@ -11925,7 +11939,7 @@ void vTaskStartScheduler( void )
          * so interrupts will automatically get re-enabled when the first task
          * starts to run. */
         ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;});
-// # 2889 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2893 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL;
         xSchedulerRunning = ( ( BaseType_t ) 1 );
         xTickCount = ( TickType_t ) 0;
@@ -11957,7 +11971,7 @@ void vTaskStartScheduler( void )
         /* This line will only be reached if the kernel could not be started,
          * because there was not enough FreeRTOS heap to create the idle task
          * or the timer task. */
-        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2920, "xReturn != ( -1 )") : (void)0);
+        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2924, "xReturn != ( -1 )") : (void)0);
     }
 
     /* Prevent compiler warnings if INCLUDE_xTaskGetIdleTaskHandle is set to 0,
@@ -12022,7 +12036,7 @@ void vTaskSuspendAll( void )
     }
 }
 /*----------------------------------------------------------*/
-// # 3047 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3051 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskResumeAll( void )
@@ -12045,7 +12059,7 @@ BaseType_t xTaskResumeAll( void )
 
             /* If uxSchedulerSuspended is zero then this function does not match a
              * previous call to vTaskSuspendAll(). */
-            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3069, "uxSchedulerSuspended") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3073, "uxSchedulerSuspended") : (void)0);
 
             --uxSchedulerSuspended;
             vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 0 ));
@@ -12203,7 +12217,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     /* If null is passed in here then the name of the calling task is being
      * queried. */
     pxTCB = ( ( ( xTaskToQuery ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToQuery ) );
-    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3227, "pxTCB") : (void)0);
+    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3231, "pxTCB") : (void)0);
     return &( pxTCB->pcTaskName[ 0 ] );
 }
 /*-----------------------------------------------------------*/
@@ -12285,7 +12299,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
         TCB_t * pxTCB;
 
         /* Task names will be truncated to configMAX_TASK_NAME_LEN - 1 bytes. */
-        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3309, "strlen( pcNameToQuery ) < 16") : (void)0);
+        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3313, "strlen( pcNameToQuery ) < 16") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12381,7 +12395,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                          * each task in the Suspended state. */
                         uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended );
                     }
-// # 3419 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3423 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         if( pulTotalRunTime != 0 )
                         {
@@ -12409,7 +12423,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     {
         /* If xTaskGetIdleTaskHandle() is called before the scheduler has been
          * started, then xIdleTaskHandle will be NULL. */
-        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3446, "( xIdleTaskHandle != 0 )") : (void)0);
+        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3450, "( xIdleTaskHandle != 0 )") : (void)0);
         return &( xIdleTaskHandle[ 0 ] );
     }
 
@@ -12420,7 +12434,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
  * This is to ensure vTaskStepTick() is available when user defined low power mode
  * implementations require configUSE_TICKLESS_IDLE to be set to a value other than
  * 1. */
-// # 3470 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3474 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
@@ -12429,7 +12443,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
 
     /* Must not be called with the scheduler suspended as the implementation
      * relies on xPendedTicks being wound down to 0 in xTaskResumeAll(). */
-    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3478, "uxSchedulerSuspended == 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3482, "uxSchedulerSuspended == 0") : (void)0);
 
     /* Use xPendedTicks to mimic xTicksToCatchUp number of ticks occurring when
      * the scheduler is suspended so the ticks are executed in xTaskResumeAll(). */
@@ -12448,7 +12462,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
         TCB_t * pxTCB = xTask;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3497, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3501, "pxTCB") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12547,7 +12561,7 @@ BaseType_t xTaskIncrementTick( void )
 
             if( xConstTickCount == ( TickType_t ) 0U ) /*lint !e774 'if' does not always evaluate to false as it is looking for an overflow. */
             {
-                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3596, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
+                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3600, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
             }
             else
             {
@@ -12730,13 +12744,13 @@ BaseType_t xTaskIncrementTick( void )
     return xSwitchRequired;
 }
 /*-----------------------------------------------------------*/
-// # 3808 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3812 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3832 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3836 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3857 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3861 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3890 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3894 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 void vTaskSwitchContext( BaseType_t xCoreID )
@@ -12754,7 +12768,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
     {
         /* vTaskSwitchContext() must never be called from within a critical section.
          * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */
-        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3907, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
+        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3911, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
 
         if( uxSchedulerSuspended != ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
         {
@@ -12766,7 +12780,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
         {
             xYieldPendings[ xCoreID ] = ( ( BaseType_t ) 0 );
                                     ;
-// # 3948 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3952 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             /* Check for stack overflow, if configured. */
             { const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } };
 
@@ -12783,7 +12797,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
                                    ;
 
             /* After the new task is switched in, update the global errno. */
-// # 3982 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3986 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
     }
     vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 0 ));
@@ -12794,7 +12808,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
 void vTaskPlaceOnEventList( List_t * const pxEventList,
                             const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3992, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3996, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH EITHER INTERRUPTS DISABLED OR THE
      * SCHEDULER SUSPENDED AND THE QUEUE BEING ACCESSED LOCKED. */
@@ -12813,11 +12827,11 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                      const TickType_t xItemValue,
                                      const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4011, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4015, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event groups implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4015, "uxSchedulerSuspended != 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4019, "uxSchedulerSuspended != 0") : (void)0);
 
     /* Store the item value in the event list item.  It is safe to access the
      * event list item here as interrupts won't access the event list item of a
@@ -12841,7 +12855,7 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                           TickType_t xTicksToWait,
                                           const BaseType_t xWaitIndefinitely )
     {
-        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4039, "pxEventList") : (void)0);
+        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4043, "pxEventList") : (void)0);
 
         /* This function should not be called by application code hence the
          * 'Restricted' in its name.  It is not part of the public API.  It is
@@ -12889,14 +12903,14 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
      * This function assumes that a check has already been made to ensure that
      * pxEventList is not empty. */
     pxUnblockedTCB = ( ( &( ( pxEventList )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4087, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4091, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( &( pxUnblockedTCB->xEventListItem ) );
 
     if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
     {
         ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) );
         ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ;
-// # 4108 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4112 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
     else
     {
@@ -12926,7 +12940,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event flags implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4137, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4141, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
 
     /* Store the new item value in the event list. */
     ( ( pxEventListItem )->xItemValue = ( xItemValue | 0x80000000UL ) );
@@ -12934,9 +12948,9 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
     /* Remove the event list form the event flag.  Interrupts do not access
      * event flags. */
     pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4145, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4149, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( pxEventListItem );
-// # 4162 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4166 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Remove the task from the delayed list and add it to the ready list.  The
      * scheduler is suspended so interrupts will not be accessing the ready
      * lists. */
@@ -12955,7 +12969,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
 void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut )
 {
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4180, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4184, "pxTimeOut") : (void)0);
     vTaskEnterCritical();
     {
         pxTimeOut->xOverflowCount = xNumOfOverflows;
@@ -12978,8 +12992,8 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
 {
     BaseType_t xReturn;
 
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4203, "pxTimeOut") : (void)0);
-    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4204, "pxTicksToWait") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4207, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4208, "pxTicksToWait") : (void)0);
 
     vTaskEnterCritical();
     {
@@ -13094,7 +13108,7 @@ void vTaskMissedYield( void )
  *
  * @todo additional conditional compiles to remove this function.
  */
-// # 4379 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4383 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * -----------------------------------------------------------
  * The Idle task.
@@ -13124,7 +13138,7 @@ static void prvIdleTask( void * pvParameters )
         /* See if any tasks have deleted themselves - if so then the idle task
          * is responsible for freeing the deleted task's TCB and stack. */
         prvCheckTasksWaitingTermination();
-// # 4420 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4424 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 /* When using preemption tasks of equal priority will be
                  * timesliced.  If a task that is sharing the idle priority is ready
@@ -13145,16 +13159,16 @@ static void prvIdleTask( void * pvParameters )
                                             ;
                 }
             }
-// # 4456 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4460 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         /* This conditional compilation should use inequality to 0, not equality
          * to 1.  This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when
          * user defined low power mode  implementations require
          * configUSE_TICKLESS_IDLE to be set to a value other than 1. */
-// # 4521 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4525 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 }
 /*-----------------------------------------------------------*/
-// # 4571 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4575 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13168,7 +13182,7 @@ static void prvIdleTask( void * pvParameters )
         if( xIndex < 5 )
         {
             pxTCB = ( ( ( xTaskToSet ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSet ) );
-            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4584, "pxTCB != 0") : (void)0);
+            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4588, "pxTCB != 0") : (void)0);
             pxTCB->pvThreadLocalStoragePointers[ xIndex ] = pvValue;
         }
     }
@@ -13199,7 +13213,7 @@ static void prvIdleTask( void * pvParameters )
 
 
 /*-----------------------------------------------------------*/
-// # 4631 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4635 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvInitialiseTaskLists( void )
@@ -13301,7 +13315,7 @@ static void prvCheckTasksWaitingTermination( void )
             {
                 pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority;
             }
-// # 4743 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4747 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 pxTaskStatus->ulRunTimeCounter = 0;
             }
@@ -13422,7 +13436,7 @@ static void prvCheckTasksWaitingTermination( void )
 
 
 /*-----------------------------------------------------------*/
-// # 4902 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4906 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13479,7 +13493,7 @@ static void prvCheckTasksWaitingTermination( void )
                 vPortFree( pxTCB->pxStack );
                 vPortFree( pxTCB );
             }
-// # 4985 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4989 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 
 
@@ -13670,8 +13684,8 @@ static void prvResetNextTaskUnblockTime( void )
              * If the mutex is held by a task then it cannot be given from an
              * interrupt, and if a mutex is given by the holding task then it must
              * be the running state task. */
-            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5175, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5176, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5179, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5180, "pxTCB->uxMutexesHeld") : (void)0);
             ( pxTCB->uxMutexesHeld )--;
 
             /* Has the holder of the mutex inherited the priority of another
@@ -13750,7 +13764,7 @@ static void prvResetNextTaskUnblockTime( void )
         {
             /* If pxMutexHolder is not NULL then the holder must hold at least
              * one mutex. */
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5255, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5259, "pxTCB->uxMutexesHeld") : (void)0);
 
             /* Determine the priority to which the priority of the task that
              * holds the mutex should be set.  This will be the greater of the
@@ -13777,7 +13791,7 @@ static void prvResetNextTaskUnblockTime( void )
                     /* If a task has timed out because it already holds the
                      * mutex it was trying to obtain then it cannot of inherited
                      * its own priority. */
-                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5282, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
+                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5286, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
 
                     /* Disinherit the priority, remembering the previous
                      * priority to facilitate determining the subject task's
@@ -13871,7 +13885,7 @@ void vTaskYieldWithinAPI( void )
         {
             if( xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0U )
             {
-                if( ({ uint32_t ulIPSR; __asm volatile ("mrs %0, IPSR" : "=r" (ulIPSR)::); ((uint8_t)ulIPSR)>0;}) == ( ( BaseType_t ) 0 ) )
+                if( assert_fct(false) == ( ( BaseType_t ) 0 ) )
                 {
                     vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 1 ));
                 }
@@ -13908,7 +13922,7 @@ void vTaskYieldWithinAPI( void )
         {
             /* If pxCurrentTCB->uxCriticalNesting is zero then this function
              * does not match a previous call to vTaskEnterCritical(). */
-            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5413, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5417, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
 
             if( xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U )
             {
@@ -13918,7 +13932,7 @@ void vTaskYieldWithinAPI( void )
                 {
                     vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 0 ));
 
-                    if( ({ uint32_t ulIPSR; __asm volatile ("mrs %0, IPSR" : "=r" (ulIPSR)::); ((uint8_t)ulIPSR)>0;}) == ( ( BaseType_t ) 0 ) )
+                    if( assert_fct(false) == ( ( BaseType_t ) 0 ) )
                     {
                         vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 0 ));
                         vPortEnableInterrupts();
@@ -13958,11 +13972,11 @@ void vTaskYieldWithinAPI( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5489 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5493 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 5595 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5599 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
-// # 5722 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5726 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 TickType_t uxTaskResetEventItemValue( void )
@@ -14004,7 +14018,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         uint32_t ulReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5763, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5767, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14078,7 +14092,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5837, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5841, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14166,8 +14180,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         uint8_t ucOriginalNotifyState;
 
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5925, "uxIndexToNotify < 1") : (void)0);
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5926, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5929, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5930, "xTaskToNotify") : (void)0);
         pxTCB = xTaskToNotify;
 
         vTaskEnterCritical();
@@ -14220,7 +14234,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5979, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5983, "xTickCount == ( TickType_t ) 0") : (void)0);
 
                     break;
             }
@@ -14235,8 +14249,8 @@ TickType_t uxTaskResetEventItemValue( void )
                 ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
 
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5994, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
-// # 6013 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5998, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+// # 6017 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         prvYieldForTask( pxTCB, ( ( BaseType_t ) 0 ) );
                     }
@@ -14269,8 +14283,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6045, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6046, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6049, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6050, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14341,7 +14355,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6117, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6121, "xTickCount == ( TickType_t ) 0") : (void)0);
                     break;
             }
 
@@ -14352,7 +14366,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6128, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6132, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -14397,8 +14411,8 @@ TickType_t uxTaskResetEventItemValue( void )
         uint8_t ucOriginalNotifyState;
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6173, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6174, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6177, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6178, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14436,7 +14450,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6212, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6216, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -14477,7 +14491,7 @@ TickType_t uxTaskResetEventItemValue( void )
         TCB_t * pxTCB;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6253, "uxIndexToClear < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6257, "uxIndexToClear < 1") : (void)0);
 
         /* If null is passed in here then it is the calling task that is having
          * its notification state cleared. */
@@ -14530,7 +14544,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
 
 /*-----------------------------------------------------------*/
-// # 6322 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6326 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
@@ -14606,7 +14620,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                 }
             }
         }
-// # 6434 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6438 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 
 /* Code below here allows additional code to be inserted into this source file,
diff --git a/verification/verifast/proof_setup/verifast_asm.h b/verification/verifast/proof_setup/verifast_asm.h
new file mode 100644
index 00000000000..3d1904e188d
--- /dev/null
+++ b/verification/verifast/proof_setup/verifast_asm.h
@@ -0,0 +1,12 @@
+#ifndef VERIFAST_ASM_H
+#define VERIFAST_ASM_H
+
+bool assert_fct(bool b) 
+{
+    assert(b);
+    return b;
+}
+#undef portCHECK_IF_IN_ISR
+#define portCHECK_IF_IN_ISR()  assert_fct(false)
+
+#endif /* VERIFAST_ASM_H */
\ No newline at end of file

From 342ab6463ca177984bd0c9bffb7871523b81bb33 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Sat, 22 Oct 2022 13:00:58 -0400
Subject: [PATCH 045/289] Resolved VF parse error: VF does not support const
 pointers.

---
 tasks.c                                       |  42 +-
 .../verifast/preprocessed_files/tasks--pp.c   | 453 ++++++++++--------
 2 files changed, 281 insertions(+), 214 deletions(-)

diff --git a/tasks.c b/tasks.c
index 838ac8c3e5f..306934be2cc 100644
--- a/tasks.c
+++ b/tasks.c
@@ -869,7 +869,15 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
             if( listLIST_IS_EMPTY( &( pxReadyTasksLists[ uxCurrentPriority ] ) ) == pdFALSE )
             {
-                List_t * const pxReadyList = &( pxReadyTasksLists[ uxCurrentPriority ] );
+                #ifdef VERIFAST
+                    /* Reason for rewrite: 
+                     * VeriFast does not support const pointers.
+                     */
+                    List_t * pxReadyList = &( pxReadyTasksLists[ uxCurrentPriority ] );
+                #else
+                    List_t * const pxReadyList = &( pxReadyTasksLists[ uxCurrentPriority ] );
+                #endif /* VERIFAST */
+
                 ListItem_t * pxLastTaskItem = pxReadyList->pxIndex->pxPrevious;
                 ListItem_t * pxTaskItem = pxLastTaskItem;
 
@@ -1996,7 +2004,19 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
     eTaskState eTaskGetState( TaskHandle_t xTask )
     {
         eTaskState eReturn;
-        List_t const * pxStateList, * pxDelayedList, * pxOverflowedDelayedList;
+        #ifdef VERIFAST
+            /* Reason for rewrite:
+             * VeriFast does not support the following:
+             * - const pointers
+             * - multiple pointer declarations to user-defined types in single
+             *   statement (i.e., `A p1, p2;` is ok, `A *p1, *p2;` fails)
+             */
+            List_t * pxStateList;
+            List_t * pxDelayedList;
+            List_t * pxOverflowedDelayedList;
+        #else
+            List_t * pxStateList, * pxDelayedList, * pxOverflowedDelayedList;
+        #endif /* VERIFAST */
         const TCB_t * const pxTCB = xTask;
 
         configASSERT( pxTCB );
@@ -2092,7 +2112,14 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
     UBaseType_t uxTaskPriorityGet( const TaskHandle_t xTask )
     {
-        TCB_t const * pxTCB;
+        #ifdef VERIFAST
+            /* Reason for rewrite:
+             * VeriFast does not support const pointers.
+             */
+            TCB_t * pxTCB;
+        #else
+            TCB_t const * pxTCB;
+        #endif /* VERIFAST */
         UBaseType_t uxReturn;
 
         taskENTER_CRITICAL();
@@ -2114,7 +2141,14 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
     UBaseType_t uxTaskPriorityGetFromISR( const TaskHandle_t xTask )
     {
-        TCB_t const * pxTCB;
+        #ifdef VERIFAST
+            /* Reason for rewrite:
+            * VeriFast does not support const pointers.
+            */
+           TCB_t * pxTCB;
+        #else
+            TCB_t const * pxTCB;
+        #endif /* VERIFAST */
         UBaseType_t uxReturn, uxSavedInterruptState;
 
         /* RTOS ports that support interrupt nesting have the concept of a
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index c4ce48ad073..5adfd579877 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -65,40 +65,40 @@ typedef intptr_t ptrdiff_t;
 typedef intptr_t ssize_t;
 // # 5 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/malloc.h" 2
 
-/*@
-
-// In Standard C, freeing a null pointer is allowed and is a no-op.
-lemma_auto void malloc_block_null();
-    requires emp;
-    ensures malloc_block(0, 0);
-
-lemma void malloc_block_limits(void *array);
-    requires [?f]malloc_block(array, ?size);
-    ensures [f]malloc_block(array, size) &*& (void *)0 <= array &*& 0 <= size &*& array + size <= (void *)UINTPTR_MAX;
-
+/*@
+
+// In Standard C, freeing a null pointer is allowed and is a no-op.
+lemma_auto void malloc_block_null();
+    requires emp;
+    ensures malloc_block(0, 0);
+
+lemma void malloc_block_limits(void *array);
+    requires [?f]malloc_block(array, ?size);
+    ensures [f]malloc_block(array, size) &*& (void *)0 <= array &*& 0 <= size &*& array + size <= (void *)UINTPTR_MAX;
+
 @*/
 
 void *malloc(size_t size);
     //@ requires true;
-    /*@
-    ensures
-        result == 0 ?
-            emp
-        :
-            chars_(result, size, _) &*& malloc_block(result, size) &*&
-            (char *)0 < result && result + size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
+    /*@
+    ensures
+        result == 0 ?
+            emp
+        :
+            chars_(result, size, _) &*& malloc_block(result, size) &*&
+            (char *)0 < result && result + size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
     @*/
     //@ terminates;
 
 void *calloc(size_t nmemb, size_t size);
     //@ requires true;
-    /*@
-    ensures
-        result == 0 ?
-            emp
-        :
-            chars(result, nmemb * size, ?cs) &*& malloc_block(result, nmemb * size) &*& all_eq(cs, 0) == true &*&
-            (char *)0 < result && result + nmemb * size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
+    /*@
+    ensures
+        result == 0 ?
+            emp
+        :
+            chars(result, nmemb * size, ?cs) &*& malloc_block(result, nmemb * size) &*& all_eq(cs, 0) == true &*&
+            (char *)0 < result && result + nmemb * size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
     @*/
     //@ terminates;
 
@@ -109,16 +109,16 @@ void free(void *array);
 
 void *realloc(void *array, size_t newSize);
     //@ requires malloc_block(array, ?size) &*& chars(array, size, ?cs);
-    /*@
-    ensures
-        result == 0 ?
-            malloc_block(array, size) &*& chars(array, size, cs)
-        :
-            malloc_block(result, newSize) &*&
-            newSize <= size ?
-                chars(result, _, take(newSize, cs))
-            :
-                chars(result, _, cs) &*& chars(result + size, newSize - size, _);
+    /*@
+    ensures
+        result == 0 ?
+            malloc_block(array, size) &*& chars(array, size, cs)
+        :
+            malloc_block(result, newSize) &*&
+            newSize <= size ?
+                chars(result, _, take(newSize, cs))
+            :
+                chars(result, _, cs) &*& chars(result + size, newSize - size, _);
     @*/
     //@ terminates;
 // # 6 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdlib.h" 2
@@ -163,21 +163,21 @@ void memcpy(void *array, void *array0, size_t count);
     //@ ensures chars(array, count, cs0) &*& [f]chars(array0, count, cs0);
 
 void memmove(void *dest, void *src, size_t count);
-    /*@
-    requires
-        chars(src, count, ?cs) &*&
-        dest <= src ?
-            chars(dest, src - dest, _)
-        :
-            chars(src + count, dest - src, _);
+    /*@
+    requires
+        chars(src, count, ?cs) &*&
+        dest <= src ?
+            chars(dest, src - dest, _)
+        :
+            chars(src + count, dest - src, _);
     @*/
-    /*@
-    ensures
-        chars(dest, count, cs) &*&
-        dest <= src ?
-            chars(dest + count, src - dest, _)
-        :
-            chars(src, dest - src, _);
+    /*@
+    ensures
+        chars(dest, count, cs) &*&
+        dest <= src ?
+            chars(dest + count, src - dest, _)
+        :
+            chars(src, dest - src, _);
     @*/
 
 size_t strlen(char *string);
@@ -198,15 +198,15 @@ char *memchr(char *array, char c, size_t count);
 
 char* strchr(char *str, char c);
     //@ requires [?f]string(str, ?cs);
-    /*@ ensures
-            [f]string(str, cs) &*&
-            c == 0 ? 
-                result == str + length(cs)
-            : 
-                result == 0 ?
-                    mem(c, cs) == false
-                :
-                    mem(c, cs) == true &*& result == str + index_of(c, cs);
+    /*@ ensures
+            [f]string(str, cs) &*&
+            c == 0 ? 
+                result == str + length(cs)
+            : 
+                result == 0 ?
+                    mem(c, cs) == false
+                :
+                    mem(c, cs) == true &*& result == str + index_of(c, cs);
     @*/
 
 void* memset(void *array, char value, size_t size);
@@ -1141,33 +1141,33 @@ typedef void (* TaskFunction_t)( void * );
  * must be set in the compiler's include path. */
 
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 1
-/*
- * FreeRTOS SMP Kernel V202110.00
- * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
- * Copyright (c) 2021 Raspberry Pi (Trading) Ltd.
- *
- * SPDX-License-Identifier: MIT AND BSD-3-Clause
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy of
- * this software and associated documentation files (the "Software"), to deal in
- * the Software without restriction, including without limitation the rights to
- * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
- * the Software, and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
- * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
- * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
- * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
- * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- *
- * https://www.FreeRTOS.org
- * https://github.com/FreeRTOS
- *
+/*
+ * FreeRTOS SMP Kernel V202110.00
+ * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
+ * Copyright (c) 2021 Raspberry Pi (Trading) Ltd.
+ *
+ * SPDX-License-Identifier: MIT AND BSD-3-Clause
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of
+ * this software and associated documentation files (the "Software"), to deal in
+ * the Software without restriction, including without limitation the rights to
+ * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+ * the Software, and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+ * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+ * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * https://www.FreeRTOS.org
+ * https://github.com/FreeRTOS
+ *
  */
 // # 37 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico.h" 1
@@ -4332,14 +4332,14 @@ int spin_lock_claim_unused(bool required);
 bool spin_lock_is_claimed(uint lock_num);
 // # 39 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 2
 
-/*-----------------------------------------------------------
- * Port specific definitions.
- *
- * The settings in this file configure FreeRTOS correctly for the
- * given hardware and compiler.
- *
- * These settings should not be altered.
- *-----------------------------------------------------------
+/*-----------------------------------------------------------
+ * Port specific definitions.
+ *
+ * The settings in this file configure FreeRTOS correctly for the
+ * given hardware and compiler.
+ *
+ * These settings should not be altered.
+ *-----------------------------------------------------------
  */
 
 /* Type definitions. */
@@ -4355,7 +4355,7 @@ bool spin_lock_is_claimed(uint lock_num);
         typedef uint32_t TickType_t;
 
 
-/* 32-bit tick type on a 32-bit architecture, so reads of the tick count do
+/* 32-bit tick type on a 32-bit architecture, so reads of the tick count do
  * not need to be guarded with a critical section. */
 
 
@@ -4366,13 +4366,13 @@ bool spin_lock_is_claimed(uint lock_num);
 
 
 
-        /* Reason for rewrite: VeriFast does not support the attriibute `used`. 
+        /* Reason for rewrite: VeriFast does not support the attriibute `used`. 
          */
 
 
 
 
-    /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config,
+    /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config,
      * as our FreeRTOSConfig.h header cannot be included by ASM code - which is what this affects in the SDK */
 
 
@@ -4437,11 +4437,11 @@ bool spin_lock_is_claimed(uint lock_num);
 
 
 
-    /* Note this is a single method with uxAcquire parameter since we have
-     * static vars, the method is always called with a compile time constant for
+    /* Note this is a single method with uxAcquire parameter since we have
+     * static vars, the method is always called with a compile time constant for
      * uxAcquire, and the compiler should dothe right thing! */
 
-        /* Reason for rewrite: VeriFast does not support local static variables.
+        /* Reason for rewrite: VeriFast does not support local static variables.
          */
 // # 226 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
 /*-----------------------------------------------------------*/
@@ -10547,8 +10547,15 @@ static void prvYieldForTask( TCB_t * pxTCB,
 // # 870 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             if( ( ( ( &( pxReadyTasksLists[ uxCurrentPriority ] ) )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) == ( ( BaseType_t ) 0 ) )
             {
-             List_t *  tt = &( pxReadyTasksLists[ uxCurrentPriority ] );
-                List_t * const pxReadyList = &( pxReadyTasksLists[ uxCurrentPriority ] );
+
+                    /* Reason for rewrite: 
+                     * VeriFast does not support const pointers.
+                     */
+                    List_t * pxReadyList = &( pxReadyTasksLists[ uxCurrentPriority ] );
+
+
+
+
                 ListItem_t * pxLastTaskItem = pxReadyList->pxIndex->pxPrevious;
                 ListItem_t * pxTaskItem = pxLastTaskItem;
 
@@ -10575,7 +10582,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     pxTCB = pxTaskItem->pvOwner;
 
                     /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */
-// # 915 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 923 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     if( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -1 ) )
                     {
 
@@ -10596,7 +10603,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     }
                     else if( pxTCB == pxCurrentTCBs[ xCoreID ] )
                     {
-                        (__builtin_expect(!(( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 935, "( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )") : (void)0);
+                        (__builtin_expect(!(( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 943, "( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )") : (void)0);
 
 
 
@@ -10640,21 +10647,21 @@ static void prvYieldForTask( TCB_t * pxTCB,
                 return ( ( BaseType_t ) 0 );
             }
 
-            (__builtin_expect(!(( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 979, "( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )") : (void)0);
+            (__builtin_expect(!(( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 987, "( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )") : (void)0);
             uxCurrentPriority--;
         }
 
-        (__builtin_expect(!(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 983, "( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )") : (void)0);
-// # 1059 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+        (__builtin_expect(!(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 991, "( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )") : (void)0);
+// # 1067 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         return ( ( BaseType_t ) 1 );
     }
-// # 1075 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1083 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1153 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1161 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1216 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1224 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1282 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1290 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -10665,7 +10672,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                             void * const pvParameters,
                             UBaseType_t uxPriority,
                             TaskHandle_t * const pxCreatedTask )
-// # 1305 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1313 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     {
         TCB_t * pxNewTCB;
         BaseType_t xReturn;
@@ -10673,7 +10680,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
         /* If the stack grows down then allocate the stack then the TCB so the stack
          * does not grow into the TCB.  Likewise if the stack grows up then allocate
          * the TCB then the stack. */
-// # 1335 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1343 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 StackType_t * pxStack;
 
@@ -10706,9 +10713,9 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
         if( pxNewTCB != 0 )
         {
-// # 1375 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1383 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvInitialiseNewTask( pxTaskCode, pcName, ( uint32_t ) usStackDepth, pvParameters, uxPriority, pxCreatedTask, pxNewTCB, 0 );
-// # 1384 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1392 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvAddNewTaskToReadyList( pxNewTCB );
             xReturn = ( ( ( BaseType_t ) 1 ) );
         }
@@ -10734,7 +10741,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 {
     StackType_t * pxTopOfStack;
     UBaseType_t x;
-// # 1425 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1433 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Avoid dependency on memset() if it is not required. */
 
         {
@@ -10753,10 +10760,10 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             pxTopOfStack = ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception.  Avoiding casts between pointers and integers is not practical.  Size differences accounted for using portPOINTER_SIZE_TYPE type.  Checked by assert(). */
 
             /* Check the alignment of the calculated top of stack is correct. */
-            (__builtin_expect(!(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1443, "( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )") : (void)0);
-// # 1452 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+            (__builtin_expect(!(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1451, "( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )") : (void)0);
+// # 1460 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
-// # 1466 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1474 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Store the task name in the TCB. */
     if( pcName != 0 )
     {
@@ -10822,7 +10829,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         {
             pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U;
         }
-// # 1550 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1558 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* Avoid compiler warning about unreferenced parameter. */
             ( void ) xRegions;
@@ -10840,21 +10847,21 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             memset( ( void * ) &( pxNewTCB->ulNotifiedValue[ 0 ] ), 0x00, sizeof( pxNewTCB->ulNotifiedValue ) );
             memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) );
         }
-// # 1579 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1587 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             pxNewTCB->ucDelayAborted = ( ( BaseType_t ) 0 );
         }
-// # 1597 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1605 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Initialize the TCB stack to look as if the task was already running,
      * but had been interrupted by the scheduler.  The return address is set
      * to the start of the task function. Once the stack has been initialised
      * the top of stack variable is updated. */
-// # 1625 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1633 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* If the port has capability to detect stack overflow,
              * pass the stack end address to the stack initialization
              * function as well. */
-// # 1642 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1650 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                 {
                     pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters );
                 }
@@ -11059,7 +11066,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
                 if( xTaskRunningOnCore == xCoreID )
                 {
-                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1846, "uxSchedulerSuspended == 0") : (void)0);
+                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1854, "uxSchedulerSuspended == 0") : (void)0);
                     vTaskYieldWithinAPI();
                 }
                 else
@@ -11082,12 +11089,12 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         TickType_t xTimeToWake;
         BaseType_t xAlreadyYielded, xShouldDelay = ( ( BaseType_t ) 0 );
 
-        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1869, "pxPreviousWakeTime") : (void)0);
-        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1870, "( xTimeIncrement > 0U )") : (void)0);
+        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1877, "pxPreviousWakeTime") : (void)0);
+        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1878, "( xTimeIncrement > 0U )") : (void)0);
 
         vTaskSuspendAll();
         {
-            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1874, "uxSchedulerSuspended == 1") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1882, "uxSchedulerSuspended == 1") : (void)0);
 
             /* Minor optimisation.  The tick count cannot change in this
              * block. */
@@ -11173,7 +11180,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         {
             vTaskSuspendAll();
             {
-                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1960, "uxSchedulerSuspended == 1") : (void)0);
+                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1968, "uxSchedulerSuspended == 1") : (void)0);
                                  ;
 
                 /* A task that is removed from the event list while the
@@ -11212,10 +11219,22 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
     eTaskState eTaskGetState( TaskHandle_t xTask )
     {
         eTaskState eReturn;
-        List_t const * pxStateList, * pxDelayedList, * pxOverflowedDelayedList;
+
+            /* Reason for rewrite:
+             * VeriFast does not support the following:
+             * - const pointers
+             * - multiple pointer declarations to user-defined types in single
+             *   statement (i.e., `A p1, p2;` is ok, `A *p1, *p2;` fails)
+             */
+            List_t * pxStateList;
+            List_t * pxDelayedList;
+            List_t * pxOverflowedDelayedList;
+
+
+
         const TCB_t * const pxTCB = xTask;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2002, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2022, "pxTCB") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -11308,7 +11327,14 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
     UBaseType_t uxTaskPriorityGet( const TaskHandle_t xTask )
     {
-        TCB_t const * pxTCB;
+
+            /* Reason for rewrite:
+             * VeriFast does not support const pointers.
+             */
+            TCB_t * pxTCB;
+
+
+
         UBaseType_t uxReturn;
 
         vTaskEnterCritical();
@@ -11330,7 +11356,14 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
     UBaseType_t uxTaskPriorityGetFromISR( const TaskHandle_t xTask )
     {
-        TCB_t const * pxTCB;
+
+            /* Reason for rewrite:
+            * VeriFast does not support const pointers.
+            */
+           TCB_t * pxTCB;
+
+
+
         UBaseType_t uxReturn, uxSavedInterruptState;
 
         /* RTOS ports that support interrupt nesting have the concept of a
@@ -11377,7 +11410,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         BaseType_t xYieldForTask = ( ( BaseType_t ) 0 );
         BaseType_t xCoreID;
 
-        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2164, "( uxNewPriority < 32 )") : (void)0);
+        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2198, "( uxNewPriority < 32 )") : (void)0);
 
         /* Ensure the new priority is valid. */
         if( uxNewPriority >= ( UBaseType_t ) 32 )
@@ -11531,13 +11564,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
 /*-----------------------------------------------------------*/
-// # 2352 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2386 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2375 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2409 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2393 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2427 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2421 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2455 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -11614,7 +11647,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                     if( xTaskRunningOnCore == 0 )
                     {
                         /* The current task has just been suspended. */
-                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2497, "uxSchedulerSuspended == 0") : (void)0);
+                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2531, "uxSchedulerSuspended == 0") : (void)0);
                         vTaskYieldWithinAPI();
                     }
                     else
@@ -11628,7 +11661,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                 {
                     vTaskExitCritical();
 
-                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2511, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
+                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2545, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
 
                     /* The scheduler is not running, but the task that was pointed
                      * to by pxCurrentTCB has just been suspended and pxCurrentTCB
@@ -11675,7 +11708,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         /* Accesses xPendingReadyList so must be called from a critical section. */
 
         /* It does not make sense to check if the calling task is suspended. */
-        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2558, "xTask") : (void)0);
+        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2592, "xTask") : (void)0);
 
         /* Is the task being resumed actually in the suspended list? */
         if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &xSuspendedTaskList ) ) ? ( ( ( BaseType_t ) 1 ) ) : ( ( ( BaseType_t ) 0 ) ) ) != ( ( BaseType_t ) 0 ) )
@@ -11717,7 +11750,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         TCB_t * const pxTCB = xTaskToResume;
 
         /* It does not make sense to resume the calling task. */
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2600, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2634, "xTaskToResume") : (void)0);
 
         /* The parameter cannot be NULL as it is impossible to resume the
          * currently executing task. It is also impossible to resume a task
@@ -11769,7 +11802,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         TCB_t * const pxTCB = xTaskToResume;
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2652, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2686, "xTaskToResume") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -11890,7 +11923,7 @@ static BaseType_t prvCreateIdleTasks( void )
         {
                                     ;
         }
-// # 2820 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2854 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 if( xCoreID == 0 )
                 {
@@ -11902,7 +11935,7 @@ static BaseType_t prvCreateIdleTasks( void )
                                            ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */
                                            &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */
                 }
-// # 2843 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2877 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             }
 
     }
@@ -11939,7 +11972,7 @@ void vTaskStartScheduler( void )
          * so interrupts will automatically get re-enabled when the first task
          * starts to run. */
         ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;});
-// # 2893 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2927 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL;
         xSchedulerRunning = ( ( BaseType_t ) 1 );
         xTickCount = ( TickType_t ) 0;
@@ -11971,7 +12004,7 @@ void vTaskStartScheduler( void )
         /* This line will only be reached if the kernel could not be started,
          * because there was not enough FreeRTOS heap to create the idle task
          * or the timer task. */
-        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2924, "xReturn != ( -1 )") : (void)0);
+        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2958, "xReturn != ( -1 )") : (void)0);
     }
 
     /* Prevent compiler warnings if INCLUDE_xTaskGetIdleTaskHandle is set to 0,
@@ -12036,7 +12069,7 @@ void vTaskSuspendAll( void )
     }
 }
 /*----------------------------------------------------------*/
-// # 3051 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3085 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskResumeAll( void )
@@ -12059,7 +12092,7 @@ BaseType_t xTaskResumeAll( void )
 
             /* If uxSchedulerSuspended is zero then this function does not match a
              * previous call to vTaskSuspendAll(). */
-            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3073, "uxSchedulerSuspended") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3107, "uxSchedulerSuspended") : (void)0);
 
             --uxSchedulerSuspended;
             vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 0 ));
@@ -12217,7 +12250,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     /* If null is passed in here then the name of the calling task is being
      * queried. */
     pxTCB = ( ( ( xTaskToQuery ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToQuery ) );
-    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3231, "pxTCB") : (void)0);
+    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3265, "pxTCB") : (void)0);
     return &( pxTCB->pcTaskName[ 0 ] );
 }
 /*-----------------------------------------------------------*/
@@ -12299,7 +12332,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
         TCB_t * pxTCB;
 
         /* Task names will be truncated to configMAX_TASK_NAME_LEN - 1 bytes. */
-        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3313, "strlen( pcNameToQuery ) < 16") : (void)0);
+        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3347, "strlen( pcNameToQuery ) < 16") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12395,7 +12428,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                          * each task in the Suspended state. */
                         uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended );
                     }
-// # 3423 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3457 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         if( pulTotalRunTime != 0 )
                         {
@@ -12423,7 +12456,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     {
         /* If xTaskGetIdleTaskHandle() is called before the scheduler has been
          * started, then xIdleTaskHandle will be NULL. */
-        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3450, "( xIdleTaskHandle != 0 )") : (void)0);
+        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3484, "( xIdleTaskHandle != 0 )") : (void)0);
         return &( xIdleTaskHandle[ 0 ] );
     }
 
@@ -12434,7 +12467,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
  * This is to ensure vTaskStepTick() is available when user defined low power mode
  * implementations require configUSE_TICKLESS_IDLE to be set to a value other than
  * 1. */
-// # 3474 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3508 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
@@ -12443,7 +12476,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
 
     /* Must not be called with the scheduler suspended as the implementation
      * relies on xPendedTicks being wound down to 0 in xTaskResumeAll(). */
-    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3482, "uxSchedulerSuspended == 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3516, "uxSchedulerSuspended == 0") : (void)0);
 
     /* Use xPendedTicks to mimic xTicksToCatchUp number of ticks occurring when
      * the scheduler is suspended so the ticks are executed in xTaskResumeAll(). */
@@ -12462,7 +12495,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
         TCB_t * pxTCB = xTask;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3501, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3535, "pxTCB") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12561,7 +12594,7 @@ BaseType_t xTaskIncrementTick( void )
 
             if( xConstTickCount == ( TickType_t ) 0U ) /*lint !e774 'if' does not always evaluate to false as it is looking for an overflow. */
             {
-                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3600, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
+                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3634, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
             }
             else
             {
@@ -12744,13 +12777,13 @@ BaseType_t xTaskIncrementTick( void )
     return xSwitchRequired;
 }
 /*-----------------------------------------------------------*/
-// # 3812 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3846 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3836 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3870 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3861 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3895 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3894 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3928 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 void vTaskSwitchContext( BaseType_t xCoreID )
@@ -12768,7 +12801,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
     {
         /* vTaskSwitchContext() must never be called from within a critical section.
          * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */
-        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3911, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
+        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3945, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
 
         if( uxSchedulerSuspended != ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
         {
@@ -12780,7 +12813,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
         {
             xYieldPendings[ xCoreID ] = ( ( BaseType_t ) 0 );
                                     ;
-// # 3952 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3986 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             /* Check for stack overflow, if configured. */
             { const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } };
 
@@ -12797,7 +12830,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
                                    ;
 
             /* After the new task is switched in, update the global errno. */
-// # 3986 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4020 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
     }
     vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 0 ));
@@ -12808,7 +12841,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
 void vTaskPlaceOnEventList( List_t * const pxEventList,
                             const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3996, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4030, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH EITHER INTERRUPTS DISABLED OR THE
      * SCHEDULER SUSPENDED AND THE QUEUE BEING ACCESSED LOCKED. */
@@ -12827,11 +12860,11 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                      const TickType_t xItemValue,
                                      const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4015, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4049, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event groups implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4019, "uxSchedulerSuspended != 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4053, "uxSchedulerSuspended != 0") : (void)0);
 
     /* Store the item value in the event list item.  It is safe to access the
      * event list item here as interrupts won't access the event list item of a
@@ -12855,7 +12888,7 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                           TickType_t xTicksToWait,
                                           const BaseType_t xWaitIndefinitely )
     {
-        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4043, "pxEventList") : (void)0);
+        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4077, "pxEventList") : (void)0);
 
         /* This function should not be called by application code hence the
          * 'Restricted' in its name.  It is not part of the public API.  It is
@@ -12903,14 +12936,14 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
      * This function assumes that a check has already been made to ensure that
      * pxEventList is not empty. */
     pxUnblockedTCB = ( ( &( ( pxEventList )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4091, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4125, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( &( pxUnblockedTCB->xEventListItem ) );
 
     if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
     {
         ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) );
         ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ;
-// # 4112 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4146 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
     else
     {
@@ -12940,7 +12973,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event flags implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4141, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4175, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
 
     /* Store the new item value in the event list. */
     ( ( pxEventListItem )->xItemValue = ( xItemValue | 0x80000000UL ) );
@@ -12948,9 +12981,9 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
     /* Remove the event list form the event flag.  Interrupts do not access
      * event flags. */
     pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4149, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4183, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( pxEventListItem );
-// # 4166 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4200 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Remove the task from the delayed list and add it to the ready list.  The
      * scheduler is suspended so interrupts will not be accessing the ready
      * lists. */
@@ -12969,7 +13002,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
 void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut )
 {
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4184, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4218, "pxTimeOut") : (void)0);
     vTaskEnterCritical();
     {
         pxTimeOut->xOverflowCount = xNumOfOverflows;
@@ -12992,8 +13025,8 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
 {
     BaseType_t xReturn;
 
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4207, "pxTimeOut") : (void)0);
-    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4208, "pxTicksToWait") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4241, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4242, "pxTicksToWait") : (void)0);
 
     vTaskEnterCritical();
     {
@@ -13108,7 +13141,7 @@ void vTaskMissedYield( void )
  *
  * @todo additional conditional compiles to remove this function.
  */
-// # 4383 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4417 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * -----------------------------------------------------------
  * The Idle task.
@@ -13138,7 +13171,7 @@ static void prvIdleTask( void * pvParameters )
         /* See if any tasks have deleted themselves - if so then the idle task
          * is responsible for freeing the deleted task's TCB and stack. */
         prvCheckTasksWaitingTermination();
-// # 4424 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4458 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 /* When using preemption tasks of equal priority will be
                  * timesliced.  If a task that is sharing the idle priority is ready
@@ -13159,16 +13192,16 @@ static void prvIdleTask( void * pvParameters )
                                             ;
                 }
             }
-// # 4460 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4494 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         /* This conditional compilation should use inequality to 0, not equality
          * to 1.  This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when
          * user defined low power mode  implementations require
          * configUSE_TICKLESS_IDLE to be set to a value other than 1. */
-// # 4525 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4559 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 }
 /*-----------------------------------------------------------*/
-// # 4575 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4609 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13182,7 +13215,7 @@ static void prvIdleTask( void * pvParameters )
         if( xIndex < 5 )
         {
             pxTCB = ( ( ( xTaskToSet ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSet ) );
-            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4588, "pxTCB != 0") : (void)0);
+            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4622, "pxTCB != 0") : (void)0);
             pxTCB->pvThreadLocalStoragePointers[ xIndex ] = pvValue;
         }
     }
@@ -13213,7 +13246,7 @@ static void prvIdleTask( void * pvParameters )
 
 
 /*-----------------------------------------------------------*/
-// # 4635 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4669 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvInitialiseTaskLists( void )
@@ -13315,7 +13348,7 @@ static void prvCheckTasksWaitingTermination( void )
             {
                 pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority;
             }
-// # 4747 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4781 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 pxTaskStatus->ulRunTimeCounter = 0;
             }
@@ -13436,7 +13469,7 @@ static void prvCheckTasksWaitingTermination( void )
 
 
 /*-----------------------------------------------------------*/
-// # 4906 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4940 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13493,7 +13526,7 @@ static void prvCheckTasksWaitingTermination( void )
                 vPortFree( pxTCB->pxStack );
                 vPortFree( pxTCB );
             }
-// # 4989 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5023 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 
 
@@ -13684,8 +13717,8 @@ static void prvResetNextTaskUnblockTime( void )
              * If the mutex is held by a task then it cannot be given from an
              * interrupt, and if a mutex is given by the holding task then it must
              * be the running state task. */
-            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5179, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5180, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5213, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5214, "pxTCB->uxMutexesHeld") : (void)0);
             ( pxTCB->uxMutexesHeld )--;
 
             /* Has the holder of the mutex inherited the priority of another
@@ -13764,7 +13797,7 @@ static void prvResetNextTaskUnblockTime( void )
         {
             /* If pxMutexHolder is not NULL then the holder must hold at least
              * one mutex. */
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5259, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5293, "pxTCB->uxMutexesHeld") : (void)0);
 
             /* Determine the priority to which the priority of the task that
              * holds the mutex should be set.  This will be the greater of the
@@ -13791,7 +13824,7 @@ static void prvResetNextTaskUnblockTime( void )
                     /* If a task has timed out because it already holds the
                      * mutex it was trying to obtain then it cannot of inherited
                      * its own priority. */
-                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5286, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
+                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5320, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
 
                     /* Disinherit the priority, remembering the previous
                      * priority to facilitate determining the subject task's
@@ -13922,7 +13955,7 @@ void vTaskYieldWithinAPI( void )
         {
             /* If pxCurrentTCB->uxCriticalNesting is zero then this function
              * does not match a previous call to vTaskEnterCritical(). */
-            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5417, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5451, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
 
             if( xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U )
             {
@@ -13972,11 +14005,11 @@ void vTaskYieldWithinAPI( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5493 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5527 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 5599 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5633 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
-// # 5726 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5760 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 TickType_t uxTaskResetEventItemValue( void )
@@ -14018,7 +14051,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         uint32_t ulReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5767, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5801, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14092,7 +14125,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5841, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5875, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14180,8 +14213,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         uint8_t ucOriginalNotifyState;
 
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5929, "uxIndexToNotify < 1") : (void)0);
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5930, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5963, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5964, "xTaskToNotify") : (void)0);
         pxTCB = xTaskToNotify;
 
         vTaskEnterCritical();
@@ -14234,7 +14267,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5983, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6017, "xTickCount == ( TickType_t ) 0") : (void)0);
 
                     break;
             }
@@ -14249,8 +14282,8 @@ TickType_t uxTaskResetEventItemValue( void )
                 ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
 
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5998, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
-// # 6017 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6032, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+// # 6051 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         prvYieldForTask( pxTCB, ( ( BaseType_t ) 0 ) );
                     }
@@ -14283,8 +14316,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6049, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6050, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6083, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6084, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14355,7 +14388,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6121, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6155, "xTickCount == ( TickType_t ) 0") : (void)0);
                     break;
             }
 
@@ -14366,7 +14399,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6132, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6166, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -14411,8 +14444,8 @@ TickType_t uxTaskResetEventItemValue( void )
         uint8_t ucOriginalNotifyState;
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6177, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6178, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6211, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6212, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14450,7 +14483,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6216, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6250, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -14491,7 +14524,7 @@ TickType_t uxTaskResetEventItemValue( void )
         TCB_t * pxTCB;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6257, "uxIndexToClear < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6291, "uxIndexToClear < 1") : (void)0);
 
         /* If null is passed in here then it is the calling task that is having
          * its notification state cleared. */
@@ -14544,7 +14577,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
 
 /*-----------------------------------------------------------*/
-// # 6326 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6360 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
@@ -14620,7 +14653,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                 }
             }
         }
-// # 6438 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6472 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 
 /* Code below here allows additional code to be inserted into this source file,

From 785723ff458a25b47ab07bbb50d197deea300be2 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Sat, 22 Oct 2022 13:25:53 -0400
Subject: [PATCH 046/289] Replaced asm macros by failing assertion.

---
 .../verifast/preprocessed_files/tasks--pp.c   | 38 +++++++++++++------
 .../verifast/proof_setup/verifast_asm.h       | 19 ++++++++++
 2 files changed, 46 insertions(+), 11 deletions(-)

diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index 5adfd579877..54137c8efd9 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -9990,11 +9990,27 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
 
 
 
+/* VeriFast does not support inline assembler.
+ * The following definitions replace macros that would normally evaluate to
+ * inline assember by failing assertions.
+ */
+
+/* VeriFast treats `assert` as keyword and does not support calling it
+ * in many contexts where function calls are permitted. */
 bool assert_fct(bool b)
 {
-    (__builtin_expect(!(b), 0) ? __assert_rtn ((const char *)-1L, "verifast_asm.h", 6, "b") : (void)0);
+    (__builtin_expect(!(b), 0) ? __assert_rtn ((const char *)-1L, "verifast_asm.h", 13, "b") : (void)0);
     return b;
 }
+
+
+
+
+
+/* Additional reason for rewrite:
+ * VeriFast does not support embedding block statements that consist of
+ * multiple elemts in expression contexts, e.g., `({e1; e2})`.
+ */
 // # 49 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
 
@@ -11384,14 +11400,14 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
          * https://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html */
                                                   ;
 
-        uxSavedInterruptState = ({ uint32_t ulStateISR = ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;}); vTaskEnterCritical(); ulStateISR; });
+        uxSavedInterruptState = assert_fct(false);
         {
             /* If null is passed in here then it is the priority of the calling
              * task that is being queried. */
             pxTCB = ( ( ( xTask ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTask ) );
             uxReturn = pxTCB->uxPriority;
         }
-        do { vTaskExitCritical(); __asm volatile ("msr PRIMASK,%0"::"r" (uxSavedInterruptState) : ); } while (0);
+        do { vTaskExitCritical(); assert_fct(false); } while (0);
 
         return uxReturn;
     }
@@ -11822,7 +11838,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
          * https://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html */
                                                   ;
 
-        uxSavedInterruptStatus = ({ uint32_t ulStateISR = ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;}); vTaskEnterCritical(); ulStateISR; });
+        uxSavedInterruptStatus = assert_fct(false);
         {
             if( prvTaskIsTaskSuspended( pxTCB ) != ( ( BaseType_t ) 0 ) )
             {
@@ -11859,7 +11875,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                                         ;
             }
         }
-        do { vTaskExitCritical(); __asm volatile ("msr PRIMASK,%0"::"r" (uxSavedInterruptStatus) : ); } while (0);
+        do { vTaskExitCritical(); assert_fct(false); } while (0);
 
         return xYieldRequired;
     }
@@ -12061,7 +12077,7 @@ void vTaskSuspendAll( void )
             prvCheckForRunStateChange();
         }
 
-        __asm volatile ("msr PRIMASK,%0"::"r" (ulState) : );
+        assert_fct(false);
     }
     else
     {
@@ -13562,7 +13578,7 @@ static void prvResetNextTaskUnblockTime( void )
 
         ulState = ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;});
         xReturn = pxCurrentTCBs[ 0 ];
-        __asm volatile ("msr PRIMASK,%0"::"r" (ulState) : );
+        assert_fct(false);
 
         return xReturn;
     }
@@ -14339,7 +14355,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
         pxTCB = xTaskToNotify;
 
-        uxSavedInterruptStatus = ({ uint32_t ulStateISR = ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;}); vTaskEnterCritical(); ulStateISR; });
+        uxSavedInterruptStatus = assert_fct(false);
         {
             if( pulPreviousNotificationValue != 0 )
             {
@@ -14426,7 +14442,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
             }
         }
-        do { vTaskExitCritical(); __asm volatile ("msr PRIMASK,%0"::"r" (uxSavedInterruptStatus) : ); } while (0);
+        do { vTaskExitCritical(); assert_fct(false); } while (0);
 
         return xReturn;
     }
@@ -14467,7 +14483,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
         pxTCB = xTaskToNotify;
 
-        uxSavedInterruptStatus = ({ uint32_t ulStateISR = ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;}); vTaskEnterCritical(); ulStateISR; });
+        uxSavedInterruptStatus = assert_fct(false);
         {
             ucOriginalNotifyState = pxTCB->ucNotifyState[ uxIndexToNotify ];
             pxTCB->ucNotifyState[ uxIndexToNotify ] = ( ( uint8_t ) 2 );
@@ -14510,7 +14526,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
             }
         }
-        do { vTaskExitCritical(); __asm volatile ("msr PRIMASK,%0"::"r" (uxSavedInterruptStatus) : ); } while (0);
+        do { vTaskExitCritical(); assert_fct(false); } while (0);
     }
 
 
diff --git a/verification/verifast/proof_setup/verifast_asm.h b/verification/verifast/proof_setup/verifast_asm.h
index 3d1904e188d..14b3d7d47a5 100644
--- a/verification/verifast/proof_setup/verifast_asm.h
+++ b/verification/verifast/proof_setup/verifast_asm.h
@@ -1,12 +1,31 @@
 #ifndef VERIFAST_ASM_H
 #define VERIFAST_ASM_H
 
+/* VeriFast does not support inline assembler.
+ * The following definitions replace macros that would normally evaluate to
+ * inline assember by failing assertions.
+ */
+
+/* VeriFast treats `assert` as keyword and does not support calling it
+ * in many contexts where function calls are permitted. */
 bool assert_fct(bool b) 
 {
     assert(b);
     return b;
 }
+
+
 #undef portCHECK_IF_IN_ISR
 #define portCHECK_IF_IN_ISR()  assert_fct(false)
 
+/* Additional reason for rewrite:
+ * VeriFast does not support embedding block statements that consist of
+ * multiple elemts in expression contexts, e.g., `({e1; e2})`.
+ */
+#undef portSET_INTERRUPT_MASK_FROM_ISR
+#define portSET_INTERRUPT_MASK_FROM_ISR()   assert_fct(false)
+
+#undef portRESTORE_INTERRUPTS
+#define portRESTORE_INTERRUPTS(ulState) assert_fct(false)
+
 #endif /* VERIFAST_ASM_H */
\ No newline at end of file

From 55cfee8798be1b6308f53d897140ccac13f2d975 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Sat, 22 Oct 2022 13:28:40 -0400
Subject: [PATCH 047/289] Resolved VF parse error: VF does not support const
 pointers.

---
 tasks.c                                       |  18 +-
 .../verifast/preprocessed_files/tasks--pp.c   | 158 ++++++++++--------
 2 files changed, 102 insertions(+), 74 deletions(-)

diff --git a/tasks.c b/tasks.c
index 306934be2cc..356a1222929 100644
--- a/tasks.c
+++ b/tasks.c
@@ -2628,7 +2628,14 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
     void vTaskResume( TaskHandle_t xTaskToResume )
     {
-        TCB_t * const pxTCB = xTaskToResume;
+        #ifdef VERIFAST
+            /* Reason for rewrite:
+            * VeriFast does not support const pointers.
+            */
+            TCB_t * pxTCB = xTaskToResume;
+        #else
+            TCB_t * const pxTCB = xTaskToResume;
+        #endif /* VERIFAST */
 
         /* It does not make sense to resume the calling task. */
         configASSERT( xTaskToResume );
@@ -2680,7 +2687,14 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
     BaseType_t xTaskResumeFromISR( TaskHandle_t xTaskToResume )
     {
         BaseType_t xYieldRequired = pdFALSE;
-        TCB_t * const pxTCB = xTaskToResume;
+        #ifdef VERIFAST
+            /* Reason for rewrite:
+            * VeriFast does not support const pointers.
+            */
+           TCB_t * pxTCB = xTaskToResume;
+        #else
+            TCB_t * const pxTCB = xTaskToResume;
+        #endif /* VERIFAST */
         UBaseType_t uxSavedInterruptStatus;
 
         configASSERT( xTaskToResume );
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index 54137c8efd9..3cdfe088ae6 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -11763,10 +11763,17 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
     void vTaskResume( TaskHandle_t xTaskToResume )
     {
-        TCB_t * const pxTCB = xTaskToResume;
+
+            /* Reason for rewrite:
+            * VeriFast does not support const pointers.
+            */
+            TCB_t * pxTCB = xTaskToResume;
+
+
+
 
         /* It does not make sense to resume the calling task. */
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2634, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2641, "xTaskToResume") : (void)0);
 
         /* The parameter cannot be NULL as it is impossible to resume the
          * currently executing task. It is also impossible to resume a task
@@ -11815,10 +11822,17 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
     BaseType_t xTaskResumeFromISR( TaskHandle_t xTaskToResume )
     {
         BaseType_t xYieldRequired = ( ( BaseType_t ) 0 );
-        TCB_t * const pxTCB = xTaskToResume;
+
+            /* Reason for rewrite:
+            * VeriFast does not support const pointers.
+            */
+           TCB_t * pxTCB = xTaskToResume;
+
+
+
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2686, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2700, "xTaskToResume") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -11939,7 +11953,7 @@ static BaseType_t prvCreateIdleTasks( void )
         {
                                     ;
         }
-// # 2854 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2868 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 if( xCoreID == 0 )
                 {
@@ -11951,7 +11965,7 @@ static BaseType_t prvCreateIdleTasks( void )
                                            ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */
                                            &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */
                 }
-// # 2877 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2891 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             }
 
     }
@@ -11988,7 +12002,7 @@ void vTaskStartScheduler( void )
          * so interrupts will automatically get re-enabled when the first task
          * starts to run. */
         ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;});
-// # 2927 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2941 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL;
         xSchedulerRunning = ( ( BaseType_t ) 1 );
         xTickCount = ( TickType_t ) 0;
@@ -12020,7 +12034,7 @@ void vTaskStartScheduler( void )
         /* This line will only be reached if the kernel could not be started,
          * because there was not enough FreeRTOS heap to create the idle task
          * or the timer task. */
-        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2958, "xReturn != ( -1 )") : (void)0);
+        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2972, "xReturn != ( -1 )") : (void)0);
     }
 
     /* Prevent compiler warnings if INCLUDE_xTaskGetIdleTaskHandle is set to 0,
@@ -12085,7 +12099,7 @@ void vTaskSuspendAll( void )
     }
 }
 /*----------------------------------------------------------*/
-// # 3085 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3099 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskResumeAll( void )
@@ -12108,7 +12122,7 @@ BaseType_t xTaskResumeAll( void )
 
             /* If uxSchedulerSuspended is zero then this function does not match a
              * previous call to vTaskSuspendAll(). */
-            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3107, "uxSchedulerSuspended") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3121, "uxSchedulerSuspended") : (void)0);
 
             --uxSchedulerSuspended;
             vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 0 ));
@@ -12266,7 +12280,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     /* If null is passed in here then the name of the calling task is being
      * queried. */
     pxTCB = ( ( ( xTaskToQuery ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToQuery ) );
-    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3265, "pxTCB") : (void)0);
+    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3279, "pxTCB") : (void)0);
     return &( pxTCB->pcTaskName[ 0 ] );
 }
 /*-----------------------------------------------------------*/
@@ -12348,7 +12362,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
         TCB_t * pxTCB;
 
         /* Task names will be truncated to configMAX_TASK_NAME_LEN - 1 bytes. */
-        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3347, "strlen( pcNameToQuery ) < 16") : (void)0);
+        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3361, "strlen( pcNameToQuery ) < 16") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12444,7 +12458,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                          * each task in the Suspended state. */
                         uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended );
                     }
-// # 3457 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3471 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         if( pulTotalRunTime != 0 )
                         {
@@ -12472,7 +12486,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     {
         /* If xTaskGetIdleTaskHandle() is called before the scheduler has been
          * started, then xIdleTaskHandle will be NULL. */
-        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3484, "( xIdleTaskHandle != 0 )") : (void)0);
+        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3498, "( xIdleTaskHandle != 0 )") : (void)0);
         return &( xIdleTaskHandle[ 0 ] );
     }
 
@@ -12483,7 +12497,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
  * This is to ensure vTaskStepTick() is available when user defined low power mode
  * implementations require configUSE_TICKLESS_IDLE to be set to a value other than
  * 1. */
-// # 3508 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3522 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
@@ -12492,7 +12506,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
 
     /* Must not be called with the scheduler suspended as the implementation
      * relies on xPendedTicks being wound down to 0 in xTaskResumeAll(). */
-    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3516, "uxSchedulerSuspended == 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3530, "uxSchedulerSuspended == 0") : (void)0);
 
     /* Use xPendedTicks to mimic xTicksToCatchUp number of ticks occurring when
      * the scheduler is suspended so the ticks are executed in xTaskResumeAll(). */
@@ -12511,7 +12525,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
         TCB_t * pxTCB = xTask;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3535, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3549, "pxTCB") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12610,7 +12624,7 @@ BaseType_t xTaskIncrementTick( void )
 
             if( xConstTickCount == ( TickType_t ) 0U ) /*lint !e774 'if' does not always evaluate to false as it is looking for an overflow. */
             {
-                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3634, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
+                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3648, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
             }
             else
             {
@@ -12793,13 +12807,13 @@ BaseType_t xTaskIncrementTick( void )
     return xSwitchRequired;
 }
 /*-----------------------------------------------------------*/
-// # 3846 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3860 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3870 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3884 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3895 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3909 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3928 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3942 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 void vTaskSwitchContext( BaseType_t xCoreID )
@@ -12817,7 +12831,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
     {
         /* vTaskSwitchContext() must never be called from within a critical section.
          * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */
-        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3945, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
+        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3959, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
 
         if( uxSchedulerSuspended != ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
         {
@@ -12829,7 +12843,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
         {
             xYieldPendings[ xCoreID ] = ( ( BaseType_t ) 0 );
                                     ;
-// # 3986 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4000 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             /* Check for stack overflow, if configured. */
             { const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } };
 
@@ -12846,7 +12860,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
                                    ;
 
             /* After the new task is switched in, update the global errno. */
-// # 4020 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4034 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
     }
     vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 0 ));
@@ -12857,7 +12871,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
 void vTaskPlaceOnEventList( List_t * const pxEventList,
                             const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4030, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4044, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH EITHER INTERRUPTS DISABLED OR THE
      * SCHEDULER SUSPENDED AND THE QUEUE BEING ACCESSED LOCKED. */
@@ -12876,11 +12890,11 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                      const TickType_t xItemValue,
                                      const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4049, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4063, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event groups implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4053, "uxSchedulerSuspended != 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4067, "uxSchedulerSuspended != 0") : (void)0);
 
     /* Store the item value in the event list item.  It is safe to access the
      * event list item here as interrupts won't access the event list item of a
@@ -12904,7 +12918,7 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                           TickType_t xTicksToWait,
                                           const BaseType_t xWaitIndefinitely )
     {
-        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4077, "pxEventList") : (void)0);
+        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4091, "pxEventList") : (void)0);
 
         /* This function should not be called by application code hence the
          * 'Restricted' in its name.  It is not part of the public API.  It is
@@ -12952,14 +12966,14 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
      * This function assumes that a check has already been made to ensure that
      * pxEventList is not empty. */
     pxUnblockedTCB = ( ( &( ( pxEventList )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4125, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4139, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( &( pxUnblockedTCB->xEventListItem ) );
 
     if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
     {
         ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) );
         ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ;
-// # 4146 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4160 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
     else
     {
@@ -12989,7 +13003,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event flags implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4175, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4189, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
 
     /* Store the new item value in the event list. */
     ( ( pxEventListItem )->xItemValue = ( xItemValue | 0x80000000UL ) );
@@ -12997,9 +13011,9 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
     /* Remove the event list form the event flag.  Interrupts do not access
      * event flags. */
     pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4183, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4197, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( pxEventListItem );
-// # 4200 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4214 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Remove the task from the delayed list and add it to the ready list.  The
      * scheduler is suspended so interrupts will not be accessing the ready
      * lists. */
@@ -13018,7 +13032,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
 void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut )
 {
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4218, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4232, "pxTimeOut") : (void)0);
     vTaskEnterCritical();
     {
         pxTimeOut->xOverflowCount = xNumOfOverflows;
@@ -13041,8 +13055,8 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
 {
     BaseType_t xReturn;
 
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4241, "pxTimeOut") : (void)0);
-    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4242, "pxTicksToWait") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4255, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4256, "pxTicksToWait") : (void)0);
 
     vTaskEnterCritical();
     {
@@ -13157,7 +13171,7 @@ void vTaskMissedYield( void )
  *
  * @todo additional conditional compiles to remove this function.
  */
-// # 4417 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4431 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * -----------------------------------------------------------
  * The Idle task.
@@ -13187,7 +13201,7 @@ static void prvIdleTask( void * pvParameters )
         /* See if any tasks have deleted themselves - if so then the idle task
          * is responsible for freeing the deleted task's TCB and stack. */
         prvCheckTasksWaitingTermination();
-// # 4458 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4472 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 /* When using preemption tasks of equal priority will be
                  * timesliced.  If a task that is sharing the idle priority is ready
@@ -13208,16 +13222,16 @@ static void prvIdleTask( void * pvParameters )
                                             ;
                 }
             }
-// # 4494 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4508 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         /* This conditional compilation should use inequality to 0, not equality
          * to 1.  This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when
          * user defined low power mode  implementations require
          * configUSE_TICKLESS_IDLE to be set to a value other than 1. */
-// # 4559 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4573 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 }
 /*-----------------------------------------------------------*/
-// # 4609 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4623 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13231,7 +13245,7 @@ static void prvIdleTask( void * pvParameters )
         if( xIndex < 5 )
         {
             pxTCB = ( ( ( xTaskToSet ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSet ) );
-            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4622, "pxTCB != 0") : (void)0);
+            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4636, "pxTCB != 0") : (void)0);
             pxTCB->pvThreadLocalStoragePointers[ xIndex ] = pvValue;
         }
     }
@@ -13262,7 +13276,7 @@ static void prvIdleTask( void * pvParameters )
 
 
 /*-----------------------------------------------------------*/
-// # 4669 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4683 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvInitialiseTaskLists( void )
@@ -13364,7 +13378,7 @@ static void prvCheckTasksWaitingTermination( void )
             {
                 pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority;
             }
-// # 4781 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4795 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 pxTaskStatus->ulRunTimeCounter = 0;
             }
@@ -13485,7 +13499,7 @@ static void prvCheckTasksWaitingTermination( void )
 
 
 /*-----------------------------------------------------------*/
-// # 4940 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4954 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13542,7 +13556,7 @@ static void prvCheckTasksWaitingTermination( void )
                 vPortFree( pxTCB->pxStack );
                 vPortFree( pxTCB );
             }
-// # 5023 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5037 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 
 
@@ -13733,8 +13747,8 @@ static void prvResetNextTaskUnblockTime( void )
              * If the mutex is held by a task then it cannot be given from an
              * interrupt, and if a mutex is given by the holding task then it must
              * be the running state task. */
-            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5213, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5214, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5227, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5228, "pxTCB->uxMutexesHeld") : (void)0);
             ( pxTCB->uxMutexesHeld )--;
 
             /* Has the holder of the mutex inherited the priority of another
@@ -13813,7 +13827,7 @@ static void prvResetNextTaskUnblockTime( void )
         {
             /* If pxMutexHolder is not NULL then the holder must hold at least
              * one mutex. */
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5293, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5307, "pxTCB->uxMutexesHeld") : (void)0);
 
             /* Determine the priority to which the priority of the task that
              * holds the mutex should be set.  This will be the greater of the
@@ -13840,7 +13854,7 @@ static void prvResetNextTaskUnblockTime( void )
                     /* If a task has timed out because it already holds the
                      * mutex it was trying to obtain then it cannot of inherited
                      * its own priority. */
-                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5320, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
+                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5334, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
 
                     /* Disinherit the priority, remembering the previous
                      * priority to facilitate determining the subject task's
@@ -13971,7 +13985,7 @@ void vTaskYieldWithinAPI( void )
         {
             /* If pxCurrentTCB->uxCriticalNesting is zero then this function
              * does not match a previous call to vTaskEnterCritical(). */
-            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5451, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5465, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
 
             if( xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U )
             {
@@ -14021,11 +14035,11 @@ void vTaskYieldWithinAPI( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5527 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5541 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 5633 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5647 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
-// # 5760 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5774 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 TickType_t uxTaskResetEventItemValue( void )
@@ -14067,7 +14081,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         uint32_t ulReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5801, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5815, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14141,7 +14155,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5875, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5889, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14229,8 +14243,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         uint8_t ucOriginalNotifyState;
 
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5963, "uxIndexToNotify < 1") : (void)0);
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5964, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5977, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5978, "xTaskToNotify") : (void)0);
         pxTCB = xTaskToNotify;
 
         vTaskEnterCritical();
@@ -14283,7 +14297,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6017, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6031, "xTickCount == ( TickType_t ) 0") : (void)0);
 
                     break;
             }
@@ -14298,8 +14312,8 @@ TickType_t uxTaskResetEventItemValue( void )
                 ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
 
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6032, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
-// # 6051 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6046, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+// # 6065 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         prvYieldForTask( pxTCB, ( ( BaseType_t ) 0 ) );
                     }
@@ -14332,8 +14346,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6083, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6084, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6097, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6098, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14404,7 +14418,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6155, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6169, "xTickCount == ( TickType_t ) 0") : (void)0);
                     break;
             }
 
@@ -14415,7 +14429,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6166, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6180, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -14460,8 +14474,8 @@ TickType_t uxTaskResetEventItemValue( void )
         uint8_t ucOriginalNotifyState;
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6211, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6212, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6225, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6226, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14499,7 +14513,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6250, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6264, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -14540,7 +14554,7 @@ TickType_t uxTaskResetEventItemValue( void )
         TCB_t * pxTCB;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6291, "uxIndexToClear < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6305, "uxIndexToClear < 1") : (void)0);
 
         /* If null is passed in here then it is the calling task that is having
          * its notification state cleared. */
@@ -14593,7 +14607,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
 
 /*-----------------------------------------------------------*/
-// # 6360 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6374 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
@@ -14669,7 +14683,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                 }
             }
         }
-// # 6472 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6486 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 
 /* Code below here allows additional code to be inserted into this source file,

From 663ea1fb7772ef3df53aeeacca88f07c58248ee4 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Sat, 22 Oct 2022 13:52:12 -0400
Subject: [PATCH 048/289] Resolved VF parse errors.

- const pointers
- inline assembler
- statements blocks consisting of multiple elements used in expression contexts, e.g., `({e1 e2;})`
- multiple pointer declarations to user-defined types in single line, i.e., `A *p1, *p2;`
---
 include/list.h                                |  43 ++--
 tasks.c                                       |  41 +++-
 .../verifast/preprocessed_files/tasks--pp.c   | 189 +++++++++++-------
 .../verifast/proof_setup/verifast_asm.h       |   3 +
 4 files changed, 186 insertions(+), 90 deletions(-)

diff --git a/include/list.h b/include/list.h
index 2b6283aa89f..0491e057ff0 100644
--- a/include/list.h
+++ b/include/list.h
@@ -301,18 +301,37 @@ typedef struct xLIST
  * \page listGET_OWNER_OF_NEXT_ENTRY listGET_OWNER_OF_NEXT_ENTRY
  * \ingroup LinkedList
  */
-#define listGET_OWNER_OF_NEXT_ENTRY( pxTCB, pxList )                                           \
-    {                                                                                          \
-        List_t * const pxConstList = ( pxList );                                               \
-        /* Increment the index to the next item and return the item, ensuring */               \
-        /* we don't return the marker used at the end of the list.  */                         \
-        ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext;                           \
-        if( ( void * ) ( pxConstList )->pxIndex == ( void * ) &( ( pxConstList )->xListEnd ) ) \
-        {                                                                                      \
-            ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext;                       \
-        }                                                                                      \
-        ( pxTCB ) = ( pxConstList )->pxIndex->pvOwner;                                         \
-    }
+#ifdef VERIFAST
+    /* Reason for rewrite:
+     * VeriFast does not support const pointers.
+     */
+    #define listGET_OWNER_OF_NEXT_ENTRY( pxTCB, pxList )                                           \
+        {                                                                                          \
+            List_t * pxConstList = ( pxList );                                                     \
+            /* Increment the index to the next item and return the item, ensuring */               \
+            /* we don't return the marker used at the end of the list.  */                         \
+            ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext;                           \
+            if( ( void * ) ( pxConstList )->pxIndex == ( void * ) &( ( pxConstList )->xListEnd ) ) \
+            {                                                                                      \
+                ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext;                       \
+            }                                                                                      \
+            ( pxTCB ) = ( pxConstList )->pxIndex->pvOwner;                                         \
+        }
+#else
+    #define listGET_OWNER_OF_NEXT_ENTRY( pxTCB, pxList )                                           \
+        {                                                                                          \
+            List_t * const pxConstList = ( pxList );                                               \
+            /* Increment the index to the next item and return the item, ensuring */               \
+            /* we don't return the marker used at the end of the list.  */                         \
+            ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext;                           \
+            if( ( void * ) ( pxConstList )->pxIndex == ( void * ) &( ( pxConstList )->xListEnd ) ) \
+            {                                                                                      \
+                ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext;                       \
+            }                                                                                      \
+            ( pxTCB ) = ( pxConstList )->pxIndex->pvOwner;                                         \
+        }
+#endif /* VERIFAST */
+
 
 
 /*
diff --git a/tasks.c b/tasks.c
index 356a1222929..d1ce70d5e9c 100644
--- a/tasks.c
+++ b/tasks.c
@@ -3286,7 +3286,18 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     static TCB_t * prvSearchForNameWithinSingleList( List_t * pxList,
                                                      const char pcNameToQuery[] )
     {
+        #ifdef VERIFAST
+    /* Reason for rewrite:
+    * VeriFast does not support multiple pointer declarations to 
+    * user-defined types in single statement 
+    * (i.e., `A p1, p2;` is ok, `A *p1, *p2;` fails)
+    */
+        TCB_t * pxNextTCB;
+        TCB_t * pxFirstTCB;
+        TCB_t * pxReturn = NULL;
+    #else
         TCB_t * pxNextTCB, * pxFirstTCB, * pxReturn = NULL;
+    #endif /* VERIFAST */
         UBaseType_t x;
         char cNextChar;
         BaseType_t xBreakLoop;
@@ -4324,7 +4335,14 @@ void vTaskMissedYield( void )
     UBaseType_t uxTaskGetTaskNumber( TaskHandle_t xTask )
     {
         UBaseType_t uxReturn;
-        TCB_t const * pxTCB;
+        #ifdef VERIFAST
+            /* Reason for rewrite:
+            * VeriFast does not support const pointers.
+            */
+           TCB_t * pxTCB;
+        #else
+            TCB_t const * pxTCB;
+        #endif /* VERIFAST */
 
         if( xTask != NULL )
         {
@@ -4864,7 +4882,17 @@ static void prvCheckTasksWaitingTermination( void )
                                                      List_t * pxList,
                                                      eTaskState eState )
     {
-        configLIST_VOLATILE TCB_t * pxNextTCB, * pxFirstTCB;
+        #ifdef VERIFAST
+            /* Reason for rewrite:
+            * VeriFast does not support multiple pointer declarations to 
+            * user-defined types in single statement 
+            * (i.e., `A p1, p2;` is ok, `A *p1, *p2;` fails)
+            */
+           configLIST_VOLATILE TCB_t * pxNextTCB;
+           configLIST_VOLATILE TCB_t * pxFirstTCB;
+        #else
+            configLIST_VOLATILE TCB_t * pxNextTCB, * pxFirstTCB;
+        #endif /* VERIFAST */
         UBaseType_t uxTask = 0;
 
         if( listCURRENT_LIST_LENGTH( pxList ) > ( UBaseType_t ) 0 )
@@ -5125,7 +5153,14 @@ static void prvResetNextTaskUnblockTime( void )
 
     BaseType_t xTaskPriorityInherit( TaskHandle_t const pxMutexHolder )
     {
-        TCB_t * const pxMutexHolderTCB = pxMutexHolder;
+        #ifdef VERIFAST
+            /* Reason for rewrite:
+            * VeriFast does not support const pointers.
+            */
+           TCB_t * pxMutexHolderTCB = pxMutexHolder;
+        #else
+            TCB_t * const pxMutexHolderTCB = pxMutexHolder;
+        #endif /* VERIFAST */
         BaseType_t xReturn = pdFALSE;
 
         /* If the mutex was given back by an interrupt while the queue was
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index 3cdfe088ae6..86bfd67ca10 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -5410,7 +5410,11 @@ typedef struct xLIST
  * \page listGET_OWNER_OF_NEXT_ENTRY listGET_OWNER_OF_NEXT_ENTRY
  * \ingroup LinkedList
  */
-// # 318 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/list.h"
+
+    /* Reason for rewrite:
+     * VeriFast does not support const pointers.
+     */
+// # 337 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/list.h"
 /*
  * Access function to obtain the owner of the first entry in a list.  Lists
  * are normally sorted in ascending item value order.
@@ -12001,7 +12005,7 @@ void vTaskStartScheduler( void )
          * the created tasks contain a status word with interrupts switched on
          * so interrupts will automatically get re-enabled when the first task
          * starts to run. */
-        ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;});
+        assert_fct(false);
 // # 2941 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL;
         xSchedulerRunning = ( ( BaseType_t ) 1 );
@@ -12052,7 +12056,7 @@ void vTaskEndScheduler( void )
     /* Stop the scheduler interrupts and call the portable scheduler end
      * routine so the original ISRs can be restored if necessary.  The port
      * layer must ensure interrupts enable  bit is left in the correct state. */
-    ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;});
+    assert_fct(false);
     xSchedulerRunning = ( ( BaseType_t ) 0 );
     vPortEndScheduler();
 }
@@ -12072,7 +12076,7 @@ void vTaskSuspendAll( void )
          * interrupted and switches context before incrementing uxSchedulerSuspended.
          * It is safe to re-enable interrupts after releasing the ISR lock and incrementing
          * uxSchedulerSuspended since that will prevent context switches. */
-        ulState = ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;});
+        ulState = assert_fct(false);
 
         /* portSOFRWARE_BARRIER() is only implemented for emulated/simulated ports that
          * do not otherwise exhibit real time behaviour. */
@@ -12290,7 +12294,18 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     static TCB_t * prvSearchForNameWithinSingleList( List_t * pxList,
                                                      const char pcNameToQuery[] )
     {
-        TCB_t * pxNextTCB, * pxFirstTCB, * pxReturn = 0;
+
+    /* Reason for rewrite:
+    * VeriFast does not support multiple pointer declarations to 
+    * user-defined types in single statement 
+    * (i.e., `A p1, p2;` is ok, `A *p1, *p2;` fails)
+    */
+        TCB_t * pxNextTCB;
+        TCB_t * pxFirstTCB;
+        TCB_t * pxReturn = 0;
+
+
+
         UBaseType_t x;
         char cNextChar;
         BaseType_t xBreakLoop;
@@ -12299,11 +12314,11 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
 
         if( ( ( pxList )->uxNumberOfItems ) > ( UBaseType_t ) 0 )
         {
-            { List_t * const pxConstList = ( pxList ); ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; if( ( void * ) ( pxConstList )->pxIndex == ( void * ) &( ( pxConstList )->xListEnd ) ) { ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; } ( pxFirstTCB ) = ( pxConstList )->pxIndex->pvOwner; }; /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
+            { List_t * pxConstList = ( pxList ); ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; if( ( void * ) ( pxConstList )->pxIndex == ( void * ) &( ( pxConstList )->xListEnd ) ) { ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; } ( pxFirstTCB ) = ( pxConstList )->pxIndex->pvOwner; }; /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
 
             do
             {
-                { List_t * const pxConstList = ( pxList ); ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; if( ( void * ) ( pxConstList )->pxIndex == ( void * ) &( ( pxConstList )->xListEnd ) ) { ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; } ( pxNextTCB ) = ( pxConstList )->pxIndex->pvOwner; }; /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
+                { List_t * pxConstList = ( pxList ); ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; if( ( void * ) ( pxConstList )->pxIndex == ( void * ) &( ( pxConstList )->xListEnd ) ) { ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; } ( pxNextTCB ) = ( pxConstList )->pxIndex->pvOwner; }; /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
 
                 /* Check each character in the name looking for a match or
                  * mismatch. */
@@ -12362,7 +12377,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
         TCB_t * pxTCB;
 
         /* Task names will be truncated to configMAX_TASK_NAME_LEN - 1 bytes. */
-        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3361, "strlen( pcNameToQuery ) < 16") : (void)0);
+        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3372, "strlen( pcNameToQuery ) < 16") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12458,7 +12473,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                          * each task in the Suspended state. */
                         uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended );
                     }
-// # 3471 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3482 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         if( pulTotalRunTime != 0 )
                         {
@@ -12486,7 +12501,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     {
         /* If xTaskGetIdleTaskHandle() is called before the scheduler has been
          * started, then xIdleTaskHandle will be NULL. */
-        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3498, "( xIdleTaskHandle != 0 )") : (void)0);
+        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3509, "( xIdleTaskHandle != 0 )") : (void)0);
         return &( xIdleTaskHandle[ 0 ] );
     }
 
@@ -12497,7 +12512,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
  * This is to ensure vTaskStepTick() is available when user defined low power mode
  * implementations require configUSE_TICKLESS_IDLE to be set to a value other than
  * 1. */
-// # 3522 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3533 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
@@ -12506,7 +12521,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
 
     /* Must not be called with the scheduler suspended as the implementation
      * relies on xPendedTicks being wound down to 0 in xTaskResumeAll(). */
-    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3530, "uxSchedulerSuspended == 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3541, "uxSchedulerSuspended == 0") : (void)0);
 
     /* Use xPendedTicks to mimic xTicksToCatchUp number of ticks occurring when
      * the scheduler is suspended so the ticks are executed in xTaskResumeAll(). */
@@ -12525,7 +12540,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
         TCB_t * pxTCB = xTask;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3549, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3560, "pxTCB") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12624,7 +12639,7 @@ BaseType_t xTaskIncrementTick( void )
 
             if( xConstTickCount == ( TickType_t ) 0U ) /*lint !e774 'if' does not always evaluate to false as it is looking for an overflow. */
             {
-                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3648, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
+                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3659, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
             }
             else
             {
@@ -12807,13 +12822,13 @@ BaseType_t xTaskIncrementTick( void )
     return xSwitchRequired;
 }
 /*-----------------------------------------------------------*/
-// # 3860 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3871 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3884 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3895 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3909 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3920 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3942 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3953 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 void vTaskSwitchContext( BaseType_t xCoreID )
@@ -12831,7 +12846,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
     {
         /* vTaskSwitchContext() must never be called from within a critical section.
          * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */
-        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3959, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
+        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3970, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
 
         if( uxSchedulerSuspended != ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
         {
@@ -12843,7 +12858,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
         {
             xYieldPendings[ xCoreID ] = ( ( BaseType_t ) 0 );
                                     ;
-// # 4000 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4011 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             /* Check for stack overflow, if configured. */
             { const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } };
 
@@ -12860,7 +12875,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
                                    ;
 
             /* After the new task is switched in, update the global errno. */
-// # 4034 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4045 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
     }
     vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 0 ));
@@ -12871,7 +12886,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
 void vTaskPlaceOnEventList( List_t * const pxEventList,
                             const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4044, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4055, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH EITHER INTERRUPTS DISABLED OR THE
      * SCHEDULER SUSPENDED AND THE QUEUE BEING ACCESSED LOCKED. */
@@ -12890,11 +12905,11 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                      const TickType_t xItemValue,
                                      const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4063, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4074, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event groups implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4067, "uxSchedulerSuspended != 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4078, "uxSchedulerSuspended != 0") : (void)0);
 
     /* Store the item value in the event list item.  It is safe to access the
      * event list item here as interrupts won't access the event list item of a
@@ -12918,7 +12933,7 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                           TickType_t xTicksToWait,
                                           const BaseType_t xWaitIndefinitely )
     {
-        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4091, "pxEventList") : (void)0);
+        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4102, "pxEventList") : (void)0);
 
         /* This function should not be called by application code hence the
          * 'Restricted' in its name.  It is not part of the public API.  It is
@@ -12966,14 +12981,14 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
      * This function assumes that a check has already been made to ensure that
      * pxEventList is not empty. */
     pxUnblockedTCB = ( ( &( ( pxEventList )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4139, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4150, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( &( pxUnblockedTCB->xEventListItem ) );
 
     if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
     {
         ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) );
         ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ;
-// # 4160 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4171 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
     else
     {
@@ -13003,7 +13018,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event flags implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4189, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4200, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
 
     /* Store the new item value in the event list. */
     ( ( pxEventListItem )->xItemValue = ( xItemValue | 0x80000000UL ) );
@@ -13011,9 +13026,9 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
     /* Remove the event list form the event flag.  Interrupts do not access
      * event flags. */
     pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4197, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4208, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( pxEventListItem );
-// # 4214 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4225 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Remove the task from the delayed list and add it to the ready list.  The
      * scheduler is suspended so interrupts will not be accessing the ready
      * lists. */
@@ -13032,7 +13047,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
 void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut )
 {
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4232, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4243, "pxTimeOut") : (void)0);
     vTaskEnterCritical();
     {
         pxTimeOut->xOverflowCount = xNumOfOverflows;
@@ -13055,8 +13070,8 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
 {
     BaseType_t xReturn;
 
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4255, "pxTimeOut") : (void)0);
-    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4256, "pxTicksToWait") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4266, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4267, "pxTicksToWait") : (void)0);
 
     vTaskEnterCritical();
     {
@@ -13127,7 +13142,14 @@ void vTaskMissedYield( void )
     UBaseType_t uxTaskGetTaskNumber( TaskHandle_t xTask )
     {
         UBaseType_t uxReturn;
-        TCB_t const * pxTCB;
+
+            /* Reason for rewrite:
+            * VeriFast does not support const pointers.
+            */
+           TCB_t * pxTCB;
+
+
+
 
         if( xTask != 0 )
         {
@@ -13171,7 +13193,7 @@ void vTaskMissedYield( void )
  *
  * @todo additional conditional compiles to remove this function.
  */
-// # 4431 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4449 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * -----------------------------------------------------------
  * The Idle task.
@@ -13201,7 +13223,7 @@ static void prvIdleTask( void * pvParameters )
         /* See if any tasks have deleted themselves - if so then the idle task
          * is responsible for freeing the deleted task's TCB and stack. */
         prvCheckTasksWaitingTermination();
-// # 4472 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4490 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 /* When using preemption tasks of equal priority will be
                  * timesliced.  If a task that is sharing the idle priority is ready
@@ -13222,16 +13244,16 @@ static void prvIdleTask( void * pvParameters )
                                             ;
                 }
             }
-// # 4508 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4526 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         /* This conditional compilation should use inequality to 0, not equality
          * to 1.  This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when
          * user defined low power mode  implementations require
          * configUSE_TICKLESS_IDLE to be set to a value other than 1. */
-// # 4573 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4591 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 }
 /*-----------------------------------------------------------*/
-// # 4623 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4641 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13245,7 +13267,7 @@ static void prvIdleTask( void * pvParameters )
         if( xIndex < 5 )
         {
             pxTCB = ( ( ( xTaskToSet ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSet ) );
-            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4636, "pxTCB != 0") : (void)0);
+            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4654, "pxTCB != 0") : (void)0);
             pxTCB->pvThreadLocalStoragePointers[ xIndex ] = pvValue;
         }
     }
@@ -13276,7 +13298,7 @@ static void prvIdleTask( void * pvParameters )
 
 
 /*-----------------------------------------------------------*/
-// # 4683 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4701 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvInitialiseTaskLists( void )
@@ -13378,7 +13400,7 @@ static void prvCheckTasksWaitingTermination( void )
             {
                 pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority;
             }
-// # 4795 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4813 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 pxTaskStatus->ulRunTimeCounter = 0;
             }
@@ -13451,12 +13473,22 @@ static void prvCheckTasksWaitingTermination( void )
                                                      List_t * pxList,
                                                      eTaskState eState )
     {
-                            TCB_t * pxNextTCB, * pxFirstTCB;
+
+            /* Reason for rewrite:
+            * VeriFast does not support multiple pointer declarations to 
+            * user-defined types in single statement 
+            * (i.e., `A p1, p2;` is ok, `A *p1, *p2;` fails)
+            */
+                               TCB_t * pxNextTCB;
+                               TCB_t * pxFirstTCB;
+
+
+
         UBaseType_t uxTask = 0;
 
         if( ( ( pxList )->uxNumberOfItems ) > ( UBaseType_t ) 0 )
         {
-            { List_t * const pxConstList = ( pxList ); ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; if( ( void * ) ( pxConstList )->pxIndex == ( void * ) &( ( pxConstList )->xListEnd ) ) { ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; } ( pxFirstTCB ) = ( pxConstList )->pxIndex->pvOwner; }; /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
+            { List_t * pxConstList = ( pxList ); ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; if( ( void * ) ( pxConstList )->pxIndex == ( void * ) &( ( pxConstList )->xListEnd ) ) { ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; } ( pxFirstTCB ) = ( pxConstList )->pxIndex->pvOwner; }; /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
 
             /* Populate an TaskStatus_t structure within the
              * pxTaskStatusArray array for each task that is referenced from
@@ -13464,7 +13496,7 @@ static void prvCheckTasksWaitingTermination( void )
              * meaning of each TaskStatus_t structure member. */
             do
             {
-                { List_t * const pxConstList = ( pxList ); ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; if( ( void * ) ( pxConstList )->pxIndex == ( void * ) &( ( pxConstList )->xListEnd ) ) { ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; } ( pxNextTCB ) = ( pxConstList )->pxIndex->pvOwner; }; /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
+                { List_t * pxConstList = ( pxList ); ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; if( ( void * ) ( pxConstList )->pxIndex == ( void * ) &( ( pxConstList )->xListEnd ) ) { ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; } ( pxNextTCB ) = ( pxConstList )->pxIndex->pvOwner; }; /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
                 vTaskGetInfo( ( TaskHandle_t ) pxNextTCB, &( pxTaskStatusArray[ uxTask ] ), ( ( BaseType_t ) 1 ), eState );
                 uxTask++;
             } while( pxNextTCB != pxFirstTCB );
@@ -13499,7 +13531,7 @@ static void prvCheckTasksWaitingTermination( void )
 
 
 /*-----------------------------------------------------------*/
-// # 4954 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4982 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13556,7 +13588,7 @@ static void prvCheckTasksWaitingTermination( void )
                 vPortFree( pxTCB->pxStack );
                 vPortFree( pxTCB );
             }
-// # 5037 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5065 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 
 
@@ -13590,7 +13622,7 @@ static void prvResetNextTaskUnblockTime( void )
         TaskHandle_t xReturn;
         uint32_t ulState;
 
-        ulState = ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;});
+        ulState = assert_fct(false);
         xReturn = pxCurrentTCBs[ 0 ];
         assert_fct(false);
 
@@ -13648,7 +13680,14 @@ static void prvResetNextTaskUnblockTime( void )
 
     BaseType_t xTaskPriorityInherit( TaskHandle_t const pxMutexHolder )
     {
-        TCB_t * const pxMutexHolderTCB = pxMutexHolder;
+
+            /* Reason for rewrite:
+            * VeriFast does not support const pointers.
+            */
+           TCB_t * pxMutexHolderTCB = pxMutexHolder;
+
+
+
         BaseType_t xReturn = ( ( BaseType_t ) 0 );
 
         /* If the mutex was given back by an interrupt while the queue was
@@ -13747,8 +13786,8 @@ static void prvResetNextTaskUnblockTime( void )
              * If the mutex is held by a task then it cannot be given from an
              * interrupt, and if a mutex is given by the holding task then it must
              * be the running state task. */
-            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5227, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5228, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5262, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5263, "pxTCB->uxMutexesHeld") : (void)0);
             ( pxTCB->uxMutexesHeld )--;
 
             /* Has the holder of the mutex inherited the priority of another
@@ -13827,7 +13866,7 @@ static void prvResetNextTaskUnblockTime( void )
         {
             /* If pxMutexHolder is not NULL then the holder must hold at least
              * one mutex. */
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5307, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5342, "pxTCB->uxMutexesHeld") : (void)0);
 
             /* Determine the priority to which the priority of the task that
              * holds the mutex should be set.  This will be the greater of the
@@ -13854,7 +13893,7 @@ static void prvResetNextTaskUnblockTime( void )
                     /* If a task has timed out because it already holds the
                      * mutex it was trying to obtain then it cannot of inherited
                      * its own priority. */
-                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5334, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
+                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5369, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
 
                     /* Disinherit the priority, remembering the previous
                      * priority to facilitate determining the subject task's
@@ -13942,7 +13981,7 @@ void vTaskYieldWithinAPI( void )
 
     void vTaskEnterCritical( void )
     {
-        ({ uint32_t ulState; __asm volatile ("mrs %0, PRIMASK" : "=r" (ulState)::); __asm volatile ( " cpsid i " ::: "memory" ); ulState;});
+        assert_fct(false);
 
         if( xSchedulerRunning != ( ( BaseType_t ) 0 ) )
         {
@@ -13985,7 +14024,7 @@ void vTaskYieldWithinAPI( void )
         {
             /* If pxCurrentTCB->uxCriticalNesting is zero then this function
              * does not match a previous call to vTaskEnterCritical(). */
-            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5465, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5500, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
 
             if( xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U )
             {
@@ -14035,11 +14074,11 @@ void vTaskYieldWithinAPI( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5541 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5576 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 5647 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5682 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
-// # 5774 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5809 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 TickType_t uxTaskResetEventItemValue( void )
@@ -14081,7 +14120,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         uint32_t ulReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5815, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5850, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14155,7 +14194,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5889, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5924, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14243,8 +14282,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         uint8_t ucOriginalNotifyState;
 
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5977, "uxIndexToNotify < 1") : (void)0);
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5978, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6012, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6013, "xTaskToNotify") : (void)0);
         pxTCB = xTaskToNotify;
 
         vTaskEnterCritical();
@@ -14297,7 +14336,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6031, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6066, "xTickCount == ( TickType_t ) 0") : (void)0);
 
                     break;
             }
@@ -14312,8 +14351,8 @@ TickType_t uxTaskResetEventItemValue( void )
                 ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
 
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6046, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
-// # 6065 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6081, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+// # 6100 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         prvYieldForTask( pxTCB, ( ( BaseType_t ) 0 ) );
                     }
@@ -14346,8 +14385,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6097, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6098, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6132, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6133, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14418,7 +14457,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6169, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6204, "xTickCount == ( TickType_t ) 0") : (void)0);
                     break;
             }
 
@@ -14429,7 +14468,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6180, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6215, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -14474,8 +14513,8 @@ TickType_t uxTaskResetEventItemValue( void )
         uint8_t ucOriginalNotifyState;
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6225, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6226, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6260, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6261, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14513,7 +14552,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6264, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6299, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -14554,7 +14593,7 @@ TickType_t uxTaskResetEventItemValue( void )
         TCB_t * pxTCB;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6305, "uxIndexToClear < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6340, "uxIndexToClear < 1") : (void)0);
 
         /* If null is passed in here then it is the calling task that is having
          * its notification state cleared. */
@@ -14607,7 +14646,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
 
 /*-----------------------------------------------------------*/
-// # 6374 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6409 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
@@ -14683,7 +14722,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                 }
             }
         }
-// # 6486 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6521 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 
 /* Code below here allows additional code to be inserted into this source file,
diff --git a/verification/verifast/proof_setup/verifast_asm.h b/verification/verifast/proof_setup/verifast_asm.h
index 14b3d7d47a5..d47e2dd45ff 100644
--- a/verification/verifast/proof_setup/verifast_asm.h
+++ b/verification/verifast/proof_setup/verifast_asm.h
@@ -28,4 +28,7 @@ bool assert_fct(bool b)
 #undef portRESTORE_INTERRUPTS
 #define portRESTORE_INTERRUPTS(ulState) assert_fct(false)
 
+#undef portDISABLE_INTERRUPTS
+#define portDISABLE_INTERRUPTS() assert_fct(false)
+
 #endif /* VERIFAST_ASM_H */
\ No newline at end of file

From 47e6fa7398d98407683a9b8a49ee0f2947ee149b Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Sat, 22 Oct 2022 14:02:04 -0400
Subject: [PATCH 049/289] Resolved VF parse errors: const pointers.

---
 tasks.c                                       | 18 ++++-
 .../verifast/preprocessed_files/tasks--pp.c   | 68 +++++++++++--------
 2 files changed, 57 insertions(+), 29 deletions(-)

diff --git a/tasks.c b/tasks.c
index d1ce70d5e9c..8ea57d1d6ce 100644
--- a/tasks.c
+++ b/tasks.c
@@ -5250,7 +5250,14 @@ static void prvResetNextTaskUnblockTime( void )
 
     BaseType_t xTaskPriorityDisinherit( TaskHandle_t const pxMutexHolder )
     {
-        TCB_t * const pxTCB = pxMutexHolder;
+        #ifdef VERIFAST
+            /* Reason for rewrite:
+            * VeriFast does not support const pointers.
+            */
+           TCB_t * pxTCB = pxMutexHolder;
+        #else
+            TCB_t * const pxTCB = pxMutexHolder;
+        #endif /* VERIFAST */
         BaseType_t xReturn = pdFALSE;
 
         if( pxMutexHolder != NULL )
@@ -5331,7 +5338,14 @@ static void prvResetNextTaskUnblockTime( void )
     void vTaskPriorityDisinheritAfterTimeout( TaskHandle_t const pxMutexHolder,
                                               UBaseType_t uxHighestPriorityWaitingTask )
     {
-        TCB_t * const pxTCB = pxMutexHolder;
+        #ifdef VERIFAST
+            /* Reason for rewrite:
+            * VeriFast does not support const pointers.
+            */
+           TCB_t * pxTCB = pxMutexHolder;
+        #else
+            TCB_t * const pxTCB = pxMutexHolder;
+        #endif /* VERIFAST */
         UBaseType_t uxPriorityUsedOnEntry, uxPriorityToUse;
         const UBaseType_t uxOnlyOneMutexHeld = ( UBaseType_t ) 1;
 
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index 86bfd67ca10..06ad0fe424a 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -13777,7 +13777,14 @@ static void prvResetNextTaskUnblockTime( void )
 
     BaseType_t xTaskPriorityDisinherit( TaskHandle_t const pxMutexHolder )
     {
-        TCB_t * const pxTCB = pxMutexHolder;
+
+            /* Reason for rewrite:
+            * VeriFast does not support const pointers.
+            */
+           TCB_t * pxTCB = pxMutexHolder;
+
+
+
         BaseType_t xReturn = ( ( BaseType_t ) 0 );
 
         if( pxMutexHolder != 0 )
@@ -13786,8 +13793,8 @@ static void prvResetNextTaskUnblockTime( void )
              * If the mutex is held by a task then it cannot be given from an
              * interrupt, and if a mutex is given by the holding task then it must
              * be the running state task. */
-            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5262, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5263, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5269, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5270, "pxTCB->uxMutexesHeld") : (void)0);
             ( pxTCB->uxMutexesHeld )--;
 
             /* Has the holder of the mutex inherited the priority of another
@@ -13858,7 +13865,14 @@ static void prvResetNextTaskUnblockTime( void )
     void vTaskPriorityDisinheritAfterTimeout( TaskHandle_t const pxMutexHolder,
                                               UBaseType_t uxHighestPriorityWaitingTask )
     {
-        TCB_t * const pxTCB = pxMutexHolder;
+
+            /* Reason for rewrite:
+            * VeriFast does not support const pointers.
+            */
+           TCB_t * pxTCB = pxMutexHolder;
+
+
+
         UBaseType_t uxPriorityUsedOnEntry, uxPriorityToUse;
         const UBaseType_t uxOnlyOneMutexHeld = ( UBaseType_t ) 1;
 
@@ -13866,7 +13880,7 @@ static void prvResetNextTaskUnblockTime( void )
         {
             /* If pxMutexHolder is not NULL then the holder must hold at least
              * one mutex. */
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5342, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5356, "pxTCB->uxMutexesHeld") : (void)0);
 
             /* Determine the priority to which the priority of the task that
              * holds the mutex should be set.  This will be the greater of the
@@ -13893,7 +13907,7 @@ static void prvResetNextTaskUnblockTime( void )
                     /* If a task has timed out because it already holds the
                      * mutex it was trying to obtain then it cannot of inherited
                      * its own priority. */
-                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5369, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
+                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5383, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
 
                     /* Disinherit the priority, remembering the previous
                      * priority to facilitate determining the subject task's
@@ -14024,7 +14038,7 @@ void vTaskYieldWithinAPI( void )
         {
             /* If pxCurrentTCB->uxCriticalNesting is zero then this function
              * does not match a previous call to vTaskEnterCritical(). */
-            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5500, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5514, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
 
             if( xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U )
             {
@@ -14074,11 +14088,11 @@ void vTaskYieldWithinAPI( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5576 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5590 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 5682 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5696 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
-// # 5809 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5823 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 TickType_t uxTaskResetEventItemValue( void )
@@ -14120,7 +14134,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         uint32_t ulReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5850, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5864, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14194,7 +14208,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5924, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5938, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14282,8 +14296,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         uint8_t ucOriginalNotifyState;
 
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6012, "uxIndexToNotify < 1") : (void)0);
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6013, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6026, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6027, "xTaskToNotify") : (void)0);
         pxTCB = xTaskToNotify;
 
         vTaskEnterCritical();
@@ -14336,7 +14350,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6066, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6080, "xTickCount == ( TickType_t ) 0") : (void)0);
 
                     break;
             }
@@ -14351,8 +14365,8 @@ TickType_t uxTaskResetEventItemValue( void )
                 ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
 
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6081, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
-// # 6100 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6095, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+// # 6114 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         prvYieldForTask( pxTCB, ( ( BaseType_t ) 0 ) );
                     }
@@ -14385,8 +14399,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6132, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6133, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6146, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6147, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14457,7 +14471,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6204, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6218, "xTickCount == ( TickType_t ) 0") : (void)0);
                     break;
             }
 
@@ -14468,7 +14482,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6215, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6229, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -14513,8 +14527,8 @@ TickType_t uxTaskResetEventItemValue( void )
         uint8_t ucOriginalNotifyState;
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6260, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6261, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6274, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6275, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14552,7 +14566,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6299, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6313, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -14593,7 +14607,7 @@ TickType_t uxTaskResetEventItemValue( void )
         TCB_t * pxTCB;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6340, "uxIndexToClear < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6354, "uxIndexToClear < 1") : (void)0);
 
         /* If null is passed in here then it is the calling task that is having
          * its notification state cleared. */
@@ -14646,7 +14660,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
 
 /*-----------------------------------------------------------*/
-// # 6409 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6423 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
@@ -14722,7 +14736,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                 }
             }
         }
-// # 6521 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6535 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 
 /* Code below here allows additional code to be inserted into this source file,

From 32480e74c4a62b195273004ee0d2a85550251a7b Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Sat, 22 Oct 2022 16:30:03 -0400
Subject: [PATCH 050/289] Resolved VF errors

- VeriFast does not support nested union definitions. Removed those temporarily.
- VeriFast does not support duplicate function prototypes. Prevented include of unguarded system header file.
---
 include/FreeRTOS.h                            |   5 +
 .../verifast/preprocessed_files/tasks--pp.c   | 692 ++++++++----------
 .../verifast/proof_setup/FreeRTOSConfig.h     |   5 +-
 3 files changed, 315 insertions(+), 387 deletions(-)

diff --git a/include/FreeRTOS.h b/include/FreeRTOS.h
index 60abd75b6ca..5ab71a39875 100644
--- a/include/FreeRTOS.h
+++ b/include/FreeRTOS.h
@@ -1274,6 +1274,10 @@ typedef struct xSTATIC_TCB
  * users will recognise that it would be unwise to make direct use of the
  * structure members.
  */
+#ifndef VERIFAST
+/* Reason for rewrite:
+ * VeriFast does not support nested union definitions.
+ */
 typedef struct xSTATIC_QUEUE
 {
     void * pvDummy1[ 3 ];
@@ -1302,6 +1306,7 @@ typedef struct xSTATIC_QUEUE
     #endif
 } StaticQueue_t;
 typedef StaticQueue_t StaticSemaphore_t;
+#endif /* VERIFAST */
 
 /*
  * In line with software engineering best practice, especially when supplying a
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index 06ad0fe424a..a8da34e832c 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -389,6 +389,252 @@ typedef unsigned __int128 uint128_t;
 
 
 
+
+
+
+
+/* Define to trap errors during development. */
+
+
+/* Set the following definitions to 1 to include the API function, or zero
+to exclude the API function. */
+// # 141 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/FreeRTOSConfig.h"
+/* A header file that defines trace macro can be included here. */
+// # 58 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h" 2
+
+/* Basic FreeRTOS definitions. */
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/projdefs.h" 1
+/*
+ * FreeRTOS SMP Kernel V202110.00
+ * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of
+ * this software and associated documentation files (the "Software"), to deal in
+ * the Software without restriction, including without limitation the rights to
+ * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+ * the Software, and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+ * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+ * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * https://www.FreeRTOS.org
+ * https://github.com/FreeRTOS
+ *
+ */
+
+
+
+
+/*
+ * Defines the prototype to which task functions must conform.  Defined in this
+ * file to ensure the type is known before portable.h is included.
+ */
+typedef void (* TaskFunction_t)( void * );
+
+/* Converts a time in milliseconds to a time in ticks.  This macro can be
+ * overridden by a macro of the same name defined in FreeRTOSConfig.h in case the
+ * definition here is not suitable for your application. */
+// # 51 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/projdefs.h"
+/* FreeRTOS error definitions. */
+
+
+
+
+/* Macros used for basic data corruption checks. */
+// # 67 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/projdefs.h"
+/* The following errno values are used by FreeRTOS+ components, not FreeRTOS
+ * itself. */
+// # 110 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/projdefs.h"
+/* The following endian values are used by FreeRTOS+ components, not FreeRTOS
+ * itself. */
+
+
+
+/* Re-defining endian values for generic naming. */
+// # 61 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h" 2
+
+/* Definitions specific to the port being used. */
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/portable.h" 1
+/*
+ * FreeRTOS SMP Kernel V202110.00
+ * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of
+ * this software and associated documentation files (the "Software"), to deal in
+ * the Software without restriction, including without limitation the rights to
+ * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+ * the Software, and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+ * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+ * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * https://www.FreeRTOS.org
+ * https://github.com/FreeRTOS
+ *
+ */
+
+/*-----------------------------------------------------------
+* Portable layer API.  Each function must be defined for each port.
+*----------------------------------------------------------*/
+
+
+
+
+/* Each FreeRTOS port has a unique portmacro.h header file.  Originally a
+ * pre-processor definition was used to ensure the pre-processor found the correct
+ * portmacro.h file for the port being used.  That scheme was deprecated in favour
+ * of setting the compiler's include path such that it found the correct
+ * portmacro.h file - removing the need for the constant and allowing the
+ * portmacro.h file to be located anywhere in relation to the port being used.
+ * Purely for reasons of backward compatibility the old method is still valid, but
+ * to make it clear that new projects should not use it, support for the port
+ * specific constants has been moved into the deprecated_definitions.h header
+ * file. */
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/deprecated_definitions.h" 1
+/*
+ * FreeRTOS SMP Kernel V202110.00
+ * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of
+ * this software and associated documentation files (the "Software"), to deal in
+ * the Software without restriction, including without limitation the rights to
+ * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+ * the Software, and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+ * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+ * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * https://www.FreeRTOS.org
+ * https://github.com/FreeRTOS
+ *
+ */
+
+
+
+
+
+/* Each FreeRTOS port has a unique portmacro.h header file.  Originally a
+ * pre-processor definition was used to ensure the pre-processor found the correct
+ * portmacro.h file for the port being used.  That scheme was deprecated in favour
+ * of setting the compiler's include path such that it found the correct
+ * portmacro.h file - removing the need for the constant and allowing the
+ * portmacro.h file to be located anywhere in relation to the port being used.  The
+ * definitions below remain in the code for backward compatibility only.  New
+ * projects should not use them. */
+// # 45 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/portable.h" 2
+
+/* If portENTER_CRITICAL is not defined then including deprecated_definitions.h
+ * did not result in a portmacro.h header file being included - and it should be
+ * included here.  In this case the path to the correct portmacro.h header file
+ * must be set in the compiler's include path. */
+
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 1
+/*
+ * FreeRTOS SMP Kernel V202110.00
+ * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
+ * Copyright (c) 2021 Raspberry Pi (Trading) Ltd.
+ *
+ * SPDX-License-Identifier: MIT AND BSD-3-Clause
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of
+ * this software and associated documentation files (the "Software"), to deal in
+ * the Software without restriction, including without limitation the rights to
+ * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+ * the Software, and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+ * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+ * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * https://www.FreeRTOS.org
+ * https://github.com/FreeRTOS
+ *
+ */
+// # 37 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico.h" 1
+/*
+ * Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+
+
+/** \file pico.h
+ *  \defgroup pico_base pico_base
+ *
+ * Core types and macros for the Raspberry Pi Pico SDK. This header is intended to be included by all source code
+ * as it includes configuration headers and overrides in the correct order
+ *
+ * This header may be included by assembly code
+*/
+
+
+
+
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico/types.h" 1
+/*
+ * Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+
+
+
+
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico/assert.h" 1
+/*
+ * Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+
+
+// # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdbool.h" 1
+// # 11 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico/assert.h" 2
+
+
+
+
+
+
+
 // # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/assert.h" 1 3 4
 /*-
  * Copyright (c) 1992, 1993
@@ -855,348 +1101,66 @@ typedef unsigned __int128 uint128_t;
 
 
 
-/*****************************************
-*  Public darwin-specific feature macros
-*****************************************/
-
-/*
- * _DARWIN_FEATURE_64_BIT_INODE indicates that the ino_t type is 64-bit, and
- * structures modified for 64-bit inodes (like struct stat) will be used.
- */
-
-
-
-
-/*
- * _DARWIN_FEATURE_64_ONLY_BIT_INODE indicates that the ino_t type may only
- * be 64-bit; there is no support for 32-bit ino_t when this macro is defined
- * (and non-zero).  There is no struct stat64 either, as the regular
- * struct stat will already be the 64-bit version.
- */
-
-
-
-
-/*
- * _DARWIN_FEATURE_ONLY_VERS_1050 indicates that only those APIs updated
- * in 10.5 exists; no pre-10.5 variants are available.
- */
-
-
-
-
-/*
- * _DARWIN_FEATURE_ONLY_UNIX_CONFORMANCE indicates only UNIX conforming API
- * are available (the legacy BSD APIs are not available)
- */
-
-
-
-
-/*
- * _DARWIN_FEATURE_UNIX_CONFORMANCE indicates whether UNIX conformance is on,
- * and specifies the conformance level (3 is SUSv3)
- */
-
-
-
-
-
-/*
- * This macro casts away the qualifier from the variable
- *
- * Note: use at your own risk, removing qualifiers can result in
- * catastrophic run-time failures.
- */
-
-
-
-
-/*
- * __XNU_PRIVATE_EXTERN is a linkage decoration indicating that a symbol can be
- * used from other compilation units, but not other libraries or executables.
- */
-
-
-
-
-
-
-
-/*
- * We intentionally define to nothing pointer attributes which do not have an
- * impact on the ABI. __indexable and __bidi_indexable are not defined because
- * of the ABI incompatibility that makes the diagnostic preferable.
- */
-
-
-
-
-
-
-
-/*
- * Similarly, we intentionally define to nothing the
- * __ptrcheck_abi_assume_single and __ptrcheck_abi_assume_unsafe_indexable
- * macros because they do not lead to an ABI incompatibility. However, we do not
- * define the indexable and unsafe_indexable ones because the diagnostic is
- * better than the silent ABI break.
- */
-
-
-
-/* __unsafe_forge intrinsics are defined as regular C casts. */
-
-
-
-/* decay operates normally; attribute is meaningless without pointer checks. */
-// # 831 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
-/*
- * Architecture validation for current SDK
- */
-// # 843 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
-/*
- * Check if __probable and __improbable have already been defined elsewhere.
- * These macros inform the compiler (and humans) about which branches are likely
- * to be taken.
- */
-// # 875 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
-/*
- * Similar to OS_ENUM/OS_CLOSED_ENUM/OS_OPTIONS/OS_CLOSED_OPTIONS
- *
- * This provides more advanced type checking on compilers supporting
- * the proper extensions, even in C.
- */
-// # 43 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/assert.h" 2 3 4
-
-
-
-
-/*
- * Unlike other ANSI header files,  may usefully be included
- * multiple times, with and without NDEBUG defined.
- */
-// # 82 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/assert.h" 3 4
-void __assert_rtn(const char *, const char *, int, const char *)   ;
-// # 92 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/assert.h" 3 4
-/* 8462256: modified __assert_rtn() replaces deprecated __eprintf() */
-// # 116 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/FreeRTOSConfig.h" 2
-/* Define to trap errors during development. */
-
-
-/* Set the following definitions to 1 to include the API function, or zero
-to exclude the API function. */
-// # 138 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/FreeRTOSConfig.h"
-/* A header file that defines trace macro can be included here. */
-// # 58 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h" 2
-
-/* Basic FreeRTOS definitions. */
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/projdefs.h" 1
-/*
- * FreeRTOS SMP Kernel V202110.00
- * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy of
- * this software and associated documentation files (the "Software"), to deal in
- * the Software without restriction, including without limitation the rights to
- * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
- * the Software, and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
- * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
- * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
- * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
- * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- *
- * https://www.FreeRTOS.org
- * https://github.com/FreeRTOS
- *
- */
-
-
-
-
-/*
- * Defines the prototype to which task functions must conform.  Defined in this
- * file to ensure the type is known before portable.h is included.
- */
-typedef void (* TaskFunction_t)( void * );
-
-/* Converts a time in milliseconds to a time in ticks.  This macro can be
- * overridden by a macro of the same name defined in FreeRTOSConfig.h in case the
- * definition here is not suitable for your application. */
-// # 51 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/projdefs.h"
-/* FreeRTOS error definitions. */
-
-
-
+/*****************************************
+*  Public darwin-specific feature macros
+*****************************************/
 
-/* Macros used for basic data corruption checks. */
-// # 67 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/projdefs.h"
-/* The following errno values are used by FreeRTOS+ components, not FreeRTOS
- * itself. */
-// # 110 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/projdefs.h"
-/* The following endian values are used by FreeRTOS+ components, not FreeRTOS
- * itself. */
+/*
+ * _DARWIN_FEATURE_64_BIT_INODE indicates that the ino_t type is 64-bit, and
+ * structures modified for 64-bit inodes (like struct stat) will be used.
+ */
 
 
 
-/* Re-defining endian values for generic naming. */
-// # 61 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h" 2
 
-/* Definitions specific to the port being used. */
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/portable.h" 1
 /*
- * FreeRTOS SMP Kernel V202110.00
- * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy of
- * this software and associated documentation files (the "Software"), to deal in
- * the Software without restriction, including without limitation the rights to
- * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
- * the Software, and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
- * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
- * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
- * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
- * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- *
- * https://www.FreeRTOS.org
- * https://github.com/FreeRTOS
- *
+ * _DARWIN_FEATURE_64_ONLY_BIT_INODE indicates that the ino_t type may only
+ * be 64-bit; there is no support for 32-bit ino_t when this macro is defined
+ * (and non-zero).  There is no struct stat64 either, as the regular
+ * struct stat will already be the 64-bit version.
  */
 
-/*-----------------------------------------------------------
-* Portable layer API.  Each function must be defined for each port.
-*----------------------------------------------------------*/
-
 
 
 
-/* Each FreeRTOS port has a unique portmacro.h header file.  Originally a
- * pre-processor definition was used to ensure the pre-processor found the correct
- * portmacro.h file for the port being used.  That scheme was deprecated in favour
- * of setting the compiler's include path such that it found the correct
- * portmacro.h file - removing the need for the constant and allowing the
- * portmacro.h file to be located anywhere in relation to the port being used.
- * Purely for reasons of backward compatibility the old method is still valid, but
- * to make it clear that new projects should not use it, support for the port
- * specific constants has been moved into the deprecated_definitions.h header
- * file. */
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/deprecated_definitions.h" 1
 /*
- * FreeRTOS SMP Kernel V202110.00
- * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy of
- * this software and associated documentation files (the "Software"), to deal in
- * the Software without restriction, including without limitation the rights to
- * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
- * the Software, and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
- * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
- * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
- * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
- * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- *
- * https://www.FreeRTOS.org
- * https://github.com/FreeRTOS
- *
+ * _DARWIN_FEATURE_ONLY_VERS_1050 indicates that only those APIs updated
+ * in 10.5 exists; no pre-10.5 variants are available.
  */
 
 
 
 
+/*
+ * _DARWIN_FEATURE_ONLY_UNIX_CONFORMANCE indicates only UNIX conforming API
+ * are available (the legacy BSD APIs are not available)
+ */
+
 
-/* Each FreeRTOS port has a unique portmacro.h header file.  Originally a
- * pre-processor definition was used to ensure the pre-processor found the correct
- * portmacro.h file for the port being used.  That scheme was deprecated in favour
- * of setting the compiler's include path such that it found the correct
- * portmacro.h file - removing the need for the constant and allowing the
- * portmacro.h file to be located anywhere in relation to the port being used.  The
- * definitions below remain in the code for backward compatibility only.  New
- * projects should not use them. */
-// # 45 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/portable.h" 2
 
-/* If portENTER_CRITICAL is not defined then including deprecated_definitions.h
- * did not result in a portmacro.h header file being included - and it should be
- * included here.  In this case the path to the correct portmacro.h header file
- * must be set in the compiler's include path. */
 
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 1
-/*
- * FreeRTOS SMP Kernel V202110.00
- * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
- * Copyright (c) 2021 Raspberry Pi (Trading) Ltd.
- *
- * SPDX-License-Identifier: MIT AND BSD-3-Clause
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy of
- * this software and associated documentation files (the "Software"), to deal in
- * the Software without restriction, including without limitation the rights to
- * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
- * the Software, and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
- * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
- * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
- * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
- * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- *
- * https://www.FreeRTOS.org
- * https://github.com/FreeRTOS
- *
- */
-// # 37 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico.h" 1
 /*
- * Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
- *
- * SPDX-License-Identifier: BSD-3-Clause
+ * _DARWIN_FEATURE_UNIX_CONFORMANCE indicates whether UNIX conformance is on,
+ * and specifies the conformance level (3 is SUSv3)
  */
 
 
 
 
-/** \file pico.h
- *  \defgroup pico_base pico_base
- *
- * Core types and macros for the Raspberry Pi Pico SDK. This header is intended to be included by all source code
- * as it includes configuration headers and overrides in the correct order
+
+/*
+ * This macro casts away the qualifier from the variable
  *
- * This header may be included by assembly code
-*/
+ * Note: use at your own risk, removing qualifiers can result in
+ * catastrophic run-time failures.
+ */
 
 
 
 
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico/types.h" 1
 /*
- * Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
- *
- * SPDX-License-Identifier: BSD-3-Clause
+ * __XNU_PRIVATE_EXTERN is a linkage decoration indicating that a symbol can be
+ * used from other compilation units, but not other libraries or executables.
  */
 
 
@@ -1204,68 +1168,52 @@ typedef void (* TaskFunction_t)( void * );
 
 
 
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico/assert.h" 1
+
 /*
- * Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
- *
- * SPDX-License-Identifier: BSD-3-Clause
+ * We intentionally define to nothing pointer attributes which do not have an
+ * impact on the ABI. __indexable and __bidi_indexable are not defined because
+ * of the ABI incompatibility that makes the diagnostic preferable.
  */
 
 
 
 
-// # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdbool.h" 1
-// # 11 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico/assert.h" 2
 
 
 
+/*
+ * Similarly, we intentionally define to nothing the
+ * __ptrcheck_abi_assume_single and __ptrcheck_abi_assume_unsafe_indexable
+ * macros because they do not lead to an ABI incompatibility. However, we do not
+ * define the indexable and unsafe_indexable ones because the diagnostic is
+ * better than the silent ABI break.
+ */
 
 
 
+/* __unsafe_forge intrinsics are defined as regular C casts. */
 
-// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/assert.h" 1 3 4
-/*-
- * Copyright (c) 1992, 1993
- *	The Regents of the University of California.  All rights reserved.
- * (c) UNIX System Laboratories, Inc.
- * All or some portions of this file are derived from material licensed
- * to the University of California by American Telephone and Telegraph
- * Co. or Unix System Laboratories, Inc. and are reproduced herein with
- * the permission of UNIX System Laboratories, Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)assert.h	8.2 (Berkeley) 1/21/94
- * $FreeBSD: src/include/assert.h,v 1.4 2002/03/23 17:24:53 imp Exp $
- */
 
 
+/* decay operates normally; attribute is meaningless without pointer checks. */
+// # 831 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+/*
+ * Architecture validation for current SDK
+ */
+// # 843 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+/*
+ * Check if __probable and __improbable have already been defined elsewhere.
+ * These macros inform the compiler (and humans) about which branches are likely
+ * to be taken.
+ */
+// # 875 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
+/*
+ * Similar to OS_ENUM/OS_CLOSED_ENUM/OS_OPTIONS/OS_CLOSED_OPTIONS
+ *
+ * This provides more advanced type checking on compilers supporting
+ * the proper extensions, even in C.
+ */
+// # 43 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/assert.h" 2 3 4
 
 
 
@@ -4952,35 +4900,7 @@ typedef struct xSTATIC_TCB
  * users will recognise that it would be unwise to make direct use of the
  * structure members.
  */
-typedef struct xSTATIC_QUEUE
-{
-    void * pvDummy1[ 3 ];
-
-    union
-    {
-        void * pvDummy2;
-        UBaseType_t uxDummy2;
-    } u;
-
-    StaticList_t xDummy3[ 2 ];
-    UBaseType_t uxDummy4[ 3 ];
-    uint8_t ucDummy5[ 2 ];
-
-
-
-
-
-
-        void * pvDummy7;
-
-
-
-        UBaseType_t uxDummy8;
-        uint8_t ucDummy9;
-
-} StaticQueue_t;
-typedef StaticQueue_t StaticSemaphore_t;
-
+// # 1311 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h"
 /*
  * In line with software engineering best practice, especially when supplying a
  * library that is likely to change in future versions, FreeRTOS implements a
diff --git a/verification/verifast/proof_setup/FreeRTOSConfig.h b/verification/verifast/proof_setup/FreeRTOSConfig.h
index 31f51ccc955..8d80c36986f 100644
--- a/verification/verifast/proof_setup/FreeRTOSConfig.h
+++ b/verification/verifast/proof_setup/FreeRTOSConfig.h
@@ -112,7 +112,10 @@
 #define configSUPPORT_PICO_SYNC_INTEROP         1
 #define configSUPPORT_PICO_TIME_INTEROP         1
 
-#include 
+#ifndef VERIFAST
+    /* Reason for rewrite: VeriFast does not accept duplicate fct prototypes. */
+    #include 
+#endif /* VERIFAST */
 /* Define to trap errors during development. */
 #define configASSERT(x)                         assert(x)
 

From 95049a67c01168990317d754e2e628c8e8e66b3f Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Mon, 24 Oct 2022 12:25:27 -0400
Subject: [PATCH 051/289] Use VeriFast's build-in treatment of `malloc` and
 `free` instead of port-specific implementation.

---
 include/portable.h | 29 ++++++++++++++++++++++++-----
 1 file changed, 24 insertions(+), 5 deletions(-)

diff --git a/include/portable.h b/include/portable.h
index 6a3564547de..e5afd4592f9 100644
--- a/include/portable.h
+++ b/include/portable.h
@@ -170,11 +170,30 @@ void vPortDefineHeapRegions( const HeapRegion_t * const pxHeapRegions ) PRIVILEG
  */
 void vPortGetHeapStats( HeapStats_t * pxHeapStats );
 
-/*
- * Map to the memory management routines required for the port.
- */
-void * pvPortMalloc( size_t xSize ) PRIVILEGED_FUNCTION;
-void vPortFree( void * pv ) PRIVILEGED_FUNCTION;
+#ifdef VERIFAST
+    /* Reason for rewrite:
+     * VeriFast treats the `malloc` and `free` functions specially,
+     * in a particular built-in way that cannot be axiomatized within
+     * VeriFast's specification language. 
+     * 
+     * When `malloc( sizeof(struct S) )` is called for a user defined
+     * struct `S`, VeriFast instantiates the corresponding
+     * `malloc_block_S(...)` predicate as well as points-to chunks
+     * for its fields.
+     * Reversely, calling `free` cleans up all the predicates instantiated
+     * by `malloc`.
+     */
+    #define pvPortMalloc malloc
+    #define vPortFree(ptr) free( (void*) ptr)
+#else
+    /*
+    * Map to the memory management routines required for the port.
+    */
+    void * pvPortMalloc( size_t xSize ) PRIVILEGED_FUNCTION;
+    void vPortFree( void * pv ) PRIVILEGED_FUNCTION;
+#endif /* VERIFAST */
+
+
 void vPortInitialiseBlocks( void ) PRIVILEGED_FUNCTION;
 size_t xPortGetFreeHeapSize( void ) PRIVILEGED_FUNCTION;
 size_t xPortGetMinimumEverFreeHeapSize( void ) PRIVILEGED_FUNCTION;

From 746c02f34a2b5b3f21ffc174f9bb9e199d4a238c Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Mon, 24 Oct 2022 12:26:12 -0400
Subject: [PATCH 052/289] Specified font size in VF startup script.

---
 verification/verifast/start-vfide--preprocessed.sh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/verification/verifast/start-vfide--preprocessed.sh b/verification/verifast/start-vfide--preprocessed.sh
index 73381fe9c92..93d47a6fd17 100755
--- a/verification/verifast/start-vfide--preprocessed.sh
+++ b/verification/verifast/start-vfide--preprocessed.sh
@@ -13,6 +13,8 @@ PP_SCRIPT_DIR="$START_WD/custom_build_scripts_RP2040"
 PP_SCRIPT="./preprocess_tasks_c.sh"
 PP_TASK_C="$START_WD/preprocessed_files/tasks--pp.c"
 
+FONT_SIZE=16
+
 cd "$PP_SCRIPT_DIR"
 pwd
 ls
@@ -21,4 +23,5 @@ cd "$START_WD"
 
 echo "\n\nPreprocessing script finished\n\n"
 
-"$VF_DIR/bin/vfide" "$PP_TASK_C"
+"$VF_DIR/bin/vfide" "$PP_TASK_C" \
+    -codeFont "$FONT_SIZE" -traceFont "$FONT_SIZE"

From f1a0170309826ce42b1dd488c5dba6ac3e36a598 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Mon, 24 Oct 2022 12:29:55 -0400
Subject: [PATCH 053/289] Initialized memory safety proof for `xTaskCreate`.

---
 tasks.c                                       |  12 +
 .../preprocess_tasks_c.sh                     |  12 +-
 .../verifast/preprocessed_files/tasks--pp.c   | 318 ++++++++++--------
 verification/verifast/proof/tasks.gh          |  14 +
 4 files changed, 209 insertions(+), 147 deletions(-)
 create mode 100644 verification/verifast/proof/tasks.gh

diff --git a/tasks.c b/tasks.c
index 8ea57d1d6ce..78e8b193956 100644
--- a/tasks.c
+++ b/tasks.c
@@ -27,6 +27,7 @@
 /* Verifast proof setup */
 #ifdef VERIFAST
     #include "verifast_proof_defs.h"
+    #include "tasks.gh"
 #endif
 
 /* Standard includes. */
@@ -1297,6 +1298,9 @@ static void prvYieldForTask( TCB_t * pxTCB,
                             void * const pvParameters,
                             UBaseType_t uxPriority,
                             TaskHandle_t * const pxCreatedTask )
+    /*@ requires usStackDepth * sizeof( StackType_t ) < UINTPTR_MAX;
+     @*/
+    //@ ensures true;
     #if ( ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) )
         {
             return xTaskCreateAffinitySet(pxTaskCode, pcName, usStackDepth, pvParameters, uxPriority, tskNO_AFFINITY, pxCreatedTask);
@@ -1411,6 +1415,10 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
                                   TaskHandle_t * const pxCreatedTask,
                                   TCB_t * pxNewTCB,
                                   const MemoryRegion_t * const xRegions )
+/*@ requires true;
+ @*/
+/*@ ensures true; 
+ @*/
 {
     StackType_t * pxTopOfStack;
     UBaseType_t x;
@@ -1688,6 +1696,10 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 /*-----------------------------------------------------------*/
 
 static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
+/*@ requires true; 
+  @*/
+/*@ ensures true; 
+  @*/
 {
     /* Ensure interrupts don't access the task lists while the lists are being
      * updated. */
diff --git a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
index f4051cf5f98..e2f340e8942 100755
--- a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
+++ b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
@@ -8,14 +8,15 @@ VF_DIR="$1"
 
 PP_SCRIPT_WD=`pwd`
 REPO_BASE_DIR=`cd ../../..; pwd`
-PROOF_DIR=`cd ..; pwd`
+VF_PROOF_BASE_DIR=`cd ..; pwd`
 
 
 TASKS_C="$REPO_BASE_DIR/tasks.c"
 
-PROOF_SETUP_DIR="$PROOF_DIR/proof_setup"
-PICO_SDK_DIR="$PROOF_DIR/sdks/pico-sdk"
-SMP_DEMO_DIR="$PROOF_DIR/demos/FreeRTOS-SMP-Demos"
+PROOF_SETUP_DIR="$VF_PROOF_BASE_DIR/proof_setup"
+PROOF_FILES_DIR="$VF_PROOF_BASE_DIR/proof"
+PICO_SDK_DIR="$VF_PROOF_BASE_DIR/sdks/pico-sdk"
+SMP_DEMO_DIR="$VF_PROOF_BASE_DIR/demos/FreeRTOS-SMP-Demos"
 
 
 #LOG_DIR="`pwd`/build_logs"
@@ -27,7 +28,7 @@ LOG_PP_ERR="$LOG_PP_OUT_DIR/error--$TIMESTAMP.c"
 
 LOG_VF_RW_TASK_C="$LOG_PP_OUT_DIR/tasks--vf_rw--$TIMESTAMP.c"
 
-PP_OUT_DIR="$PROOF_DIR/preprocessed_files"
+PP_OUT_DIR="$VF_PROOF_BASE_DIR/preprocessed_files"
 PP_TASK_C="$PP_OUT_DIR/tasks--pp.c"
 
 
@@ -45,6 +46,7 @@ clang -E -C  -DFREE_RTOS_KERNEL_SMP=1 -DLIB_FREERTOS_KERNEL=1 -DLIB_PICO_BIT_OPS
 -DVERIFAST \
 -I"$VF_DIR/bin" \
 -I"$PROOF_SETUP_DIR" \
+-I"$PROOF_FILES_DIR" \
 -I"$SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore" \
 -I"$REPO_BASE_DIR/portable/ThirdParty/GCC/RP2040/include" \
 -I"$REPO_BASE_DIR/include" \
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index a8da34e832c..97234d6482b 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -43,6 +43,20 @@
 
     // Delete keywords VeriFast canot parse (in some contexts)
 // # 30 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/tasks.gh" 1
+
+
+
+
+
+/*@
+
+predicate TCB(TCB_t * tcb) =
+    malloc_block_tskTaskControlBlock(tcb) &*&
+    tcb->pxStack |-> ?stack;
+
+@*/
+// # 31 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
 
 /* Standard includes. */
@@ -147,7 +161,7 @@ long long llabs(long long x);
     //@ requires LLONG_MIN < x;
     //@ ensures result == abs(x);
     //@ terminates;
-// # 34 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 35 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/string.h" 1
 
 
@@ -216,7 +230,7 @@ void* memset(void *array, char value, size_t size);
 char *strdup(char *string);
     //@ requires [?f]string(string, ?cs);
     //@ ensures [f]string(string, cs) &*& result == 0 ? true : string(result, cs) &*& malloc_block_chars(result, length(cs) + 1);
-// # 35 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 36 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
 /* Defining MPU_WRAPPERS_INCLUDED_FROM_API_FILE prevents task.h from redefining
  * all the API functions to use the MPU wrappers.  That should only be done when
@@ -4496,15 +4510,24 @@ void vPortDefineHeapRegions( const HeapRegion_t * const pxHeapRegions ) ;
  */
 void vPortGetHeapStats( HeapStats_t * pxHeapStats );
 
-/*
- * Map to the memory management routines required for the port.
- */
-void * pvPortMalloc( size_t xSize ) ;
-void vPortFree( void * pv ) ;
+
+    /* Reason for rewrite:
+     * VeriFast treats the `malloc` and `free` functions specially,
+     * in a particular built-in way that cannot be axiomatized within
+     * VeriFast's specification language. 
+     * 
+     * When `malloc( sizeof(struct S) )` is called for a user defined
+     * struct `S`, VeriFast instantiates the corresponding
+     * `malloc_block_S(...)` predicate as well as points-to chunks
+     * for its fields.
+     * Reversely, calling `free` cleans up all the predicates instantiated
+     * by `malloc`.
+     */
+// # 197 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/portable.h"
 void vPortInitialiseBlocks( void ) ;
 size_t xPortGetFreeHeapSize( void ) ;
 size_t xPortGetMinimumEverFreeHeapSize( void ) ;
-// # 190 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/portable.h"
+// # 209 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/portable.h"
 /*
  * Setup the hardware ready for the scheduler to take control.  This generally
  * sets up a tick interrupt and sets timers for the correct tick frequency.
@@ -4525,7 +4548,7 @@ void vPortEndScheduler( void ) ;
  * Fills the xMPUSettings structure with the memory region information
  * contained in xRegions.
  */
-// # 218 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/portable.h"
+// # 237 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/portable.h"
 /* *INDENT-OFF* */
 
 
@@ -4988,7 +5011,7 @@ typedef StaticStreamBuffer_t StaticMessageBuffer_t;
 
 
 /* *INDENT-ON* */
-// # 43 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 44 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/task.h" 1
 /*
  * FreeRTOS SMP Kernel V202110.00
@@ -8505,7 +8528,7 @@ void vTaskYieldWithinAPI( void );
 
 
 /* *INDENT-ON* */
-// # 44 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 45 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/timers.h" 1
 /*
  * FreeRTOS SMP Kernel V202110.00
@@ -9846,7 +9869,7 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
 
 
 /* *INDENT-ON* */
-// # 45 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 46 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/stack_macros.h" 1
 /*
  * FreeRTOS SMP Kernel V202110.00
@@ -9907,7 +9930,7 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
 /*-----------------------------------------------------------*/
 
 /* Remove stack overflow macro if not being used. */
-// # 46 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 47 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
 
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_asm.h" 1
@@ -9935,7 +9958,7 @@ bool assert_fct(bool b)
  * VeriFast does not support embedding block statements that consist of
  * multiple elemts in expression contexts, e.g., `({e1; e2})`.
  */
-// # 49 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 50 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
 
 /* Lint e9021, e961 and e750 are suppressed as a MISRA exception justified
@@ -9946,7 +9969,7 @@ bool assert_fct(bool b)
 
 /* Set configUSE_STATS_FORMATTING_FUNCTIONS to 2 to include the stats formatting
  * functions but without including stdio.h here. */
-// # 77 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 78 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /* Values that can be assigned to the ucNotifyState member of the TCB. */
 
 
@@ -10003,18 +10026,18 @@ bool assert_fct(bool b)
 
 /* uxTopReadyPriority holds the priority of the highest priority ready
  * state task. */
-// # 141 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 142 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /*-----------------------------------------------------------*/
 
 /* Define away taskRESET_READY_PRIORITY() and portRESET_READY_PRIORITY() as
  * they are only required when a port optimised method of task selection is
  * being used. */
-// # 175 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 176 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 /* pxDelayedTaskList and pxOverflowDelayedTaskList are switched when the tick
  * count overflows. */
-// # 193 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 194 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 /*
@@ -10069,7 +10092,7 @@ typedef BaseType_t TaskRunning_t;
 typedef struct tskTaskControlBlock /* The old naming convention is used to prevent breaking kernel aware debuggers. */
 {
     volatile StackType_t * pxTopOfStack; /*< Points to the location of the last item placed on the tasks stack.  THIS MUST BE THE FIRST MEMBER OF THE TCB STRUCT. */
-// # 256 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 257 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     ListItem_t xStateListItem; /*< The list that the state list item of a task is reference from denotes the state of that task (Ready, Blocked, Suspended ). */
     ListItem_t xEventListItem; /*< Used to reference a task from an event list. */
     UBaseType_t uxPriority; /*< The priority of the task.  0 is the lowest priority. */
@@ -10077,7 +10100,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve
     volatile TaskRunning_t xTaskRunState; /*< Used to identify the core the task is running on, if any. */
     BaseType_t xIsIdle; /*< Used to identify the idle tasks. */
     char pcTaskName[ 16 ]; /*< Descriptive name given to the task when created.  Facilitates debugging only. */ /*lint !e971 Unqualified char types are allowed for strings and single characters only. */
-// # 273 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 274 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         UBaseType_t uxCriticalNesting; /*< Holds the critical section nesting depth for ports that do not maintain their own count in the port layer. */
 
 
@@ -10097,7 +10120,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve
 
 
         void * pvThreadLocalStoragePointers[ 5 ];
-// # 313 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 314 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         volatile uint32_t ulNotifiedValue[ 1 ];
         volatile uint8_t ucNotifyState[ 1 ];
 
@@ -10188,7 +10211,7 @@ const volatile UBaseType_t uxTopUsedPriority = 32 - 1U;
  * must not be done by an ISR. Reads must be protected by either lock and may be done by
  * either an ISR or a task. */
                 static volatile UBaseType_t uxSchedulerSuspended = ( UBaseType_t ) ( ( BaseType_t ) 0 );
-// # 413 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 414 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*lint -restore */
 
 /*-----------------------------------------------------------*/
@@ -10341,7 +10364,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
  * will exit the Blocked state.
  */
 static void prvResetNextTaskUnblockTime( void ) ;
-// # 577 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 578 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * Called after a Task_t structure has been allocated either statically or
  * dynamically to fill in the structure's members.
@@ -10373,9 +10396,9 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) ;
 
 
 /*-----------------------------------------------------------*/
-// # 627 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 628 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 710 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 711 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvYieldCore( BaseType_t xCoreID )
@@ -10417,8 +10440,8 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
     /* THIS FUNCTION MUST BE CALLED FROM A CRITICAL SECTION */
 
-    (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 751, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
-// # 764 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+    (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 752, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+// # 765 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     xLowestPriority = ( BaseType_t ) pxTCB->uxPriority;
 
     if( xPreemptEqualPriority == ( ( BaseType_t ) 0 ) )
@@ -10457,7 +10480,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
             {
                                         ;
             }
-// # 818 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 819 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
         else
         {
@@ -10470,7 +10493,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
         prvYieldCore( xLowestPriorityCore );
         xYieldCount++;
     }
-// # 838 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 839 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 /*-----------------------------------------------------------*/
 
@@ -10481,10 +10504,10 @@ static void prvYieldForTask( TCB_t * pxTCB,
         UBaseType_t uxCurrentPriority = uxTopReadyPriority;
         BaseType_t xTaskScheduled = ( ( BaseType_t ) 0 );
         BaseType_t xDecrementTopPriority = ( ( BaseType_t ) 1 );
-// # 856 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 857 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         while( xTaskScheduled == ( ( BaseType_t ) 0 ) )
         {
-// # 870 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 871 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             if( ( ( ( &( pxReadyTasksLists[ uxCurrentPriority ] ) )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) == ( ( BaseType_t ) 0 ) )
             {
 
@@ -10522,7 +10545,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     pxTCB = pxTaskItem->pvOwner;
 
                     /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */
-// # 923 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 924 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     if( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -1 ) )
                     {
 
@@ -10543,7 +10566,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     }
                     else if( pxTCB == pxCurrentTCBs[ xCoreID ] )
                     {
-                        (__builtin_expect(!(( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 943, "( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )") : (void)0);
+                        (__builtin_expect(!(( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 944, "( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )") : (void)0);
 
 
 
@@ -10587,21 +10610,21 @@ static void prvYieldForTask( TCB_t * pxTCB,
                 return ( ( BaseType_t ) 0 );
             }
 
-            (__builtin_expect(!(( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 987, "( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )") : (void)0);
+            (__builtin_expect(!(( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 988, "( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )") : (void)0);
             uxCurrentPriority--;
         }
 
-        (__builtin_expect(!(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 991, "( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )") : (void)0);
-// # 1067 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+        (__builtin_expect(!(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 992, "( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )") : (void)0);
+// # 1068 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         return ( ( BaseType_t ) 1 );
     }
-// # 1083 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1084 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1161 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1162 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1224 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1225 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1290 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1291 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -10612,7 +10635,10 @@ static void prvYieldForTask( TCB_t * pxTCB,
                             void * const pvParameters,
                             UBaseType_t uxPriority,
                             TaskHandle_t * const pxCreatedTask )
-// # 1313 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+    /*@ requires usStackDepth * sizeof( StackType_t ) < UINTPTR_MAX;
+     @*/
+    //@ ensures true;
+// # 1317 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     {
         TCB_t * pxNewTCB;
         BaseType_t xReturn;
@@ -10620,17 +10646,17 @@ static void prvYieldForTask( TCB_t * pxTCB,
         /* If the stack grows down then allocate the stack then the TCB so the stack
          * does not grow into the TCB.  Likewise if the stack grows up then allocate
          * the TCB then the stack. */
-// # 1343 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1347 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 StackType_t * pxStack;
 
                 /* Allocate space for the stack used by the task being created. */
-                pxStack = pvPortMalloc( ( ( ( size_t ) usStackDepth ) * sizeof( StackType_t ) ) ); /*lint !e9079 All values returned by pvPortMalloc() have at least the alignment required by the MCU's stack and this allocation is the stack. */
+                pxStack = malloc( ( ( ( size_t ) usStackDepth ) * sizeof( StackType_t ) ) ); /*lint !e9079 All values returned by pvPortMalloc() have at least the alignment required by the MCU's stack and this allocation is the stack. */
 
                 if( pxStack != 0 )
                 {
                     /* Allocate space for the TCB. */
-                    pxNewTCB = ( TCB_t * ) pvPortMalloc( sizeof( TCB_t ) ); /*lint !e9087 !e9079 All values returned by pvPortMalloc() have at least the alignment required by the MCU's stack, and the first member of TCB_t is always a pointer to the task's stack. */
+                    pxNewTCB = ( TCB_t * ) malloc( sizeof( TCB_t ) ); /*lint !e9087 !e9079 All values returned by pvPortMalloc() have at least the alignment required by the MCU's stack, and the first member of TCB_t is always a pointer to the task's stack. */
 
                     if( pxNewTCB != 0 )
                     {
@@ -10641,7 +10667,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     {
                         /* The stack cannot be used as the TCB was not created.  Free
                          * it again. */
-                        vPortFree( pxStack );
+                        free( (void*) pxStack);
                     }
                 }
                 else
@@ -10653,9 +10679,9 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
         if( pxNewTCB != 0 )
         {
-// # 1383 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1387 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvInitialiseNewTask( pxTaskCode, pcName, ( uint32_t ) usStackDepth, pvParameters, uxPriority, pxCreatedTask, pxNewTCB, 0 );
-// # 1392 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1396 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvAddNewTaskToReadyList( pxNewTCB );
             xReturn = ( ( ( BaseType_t ) 1 ) );
         }
@@ -10678,10 +10704,14 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
                                   TaskHandle_t * const pxCreatedTask,
                                   TCB_t * pxNewTCB,
                                   const MemoryRegion_t * const xRegions )
+/*@ requires true;
+ @*/
+/*@ ensures true; 
+ @*/
 {
     StackType_t * pxTopOfStack;
     UBaseType_t x;
-// # 1433 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1441 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Avoid dependency on memset() if it is not required. */
 
         {
@@ -10700,10 +10730,10 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             pxTopOfStack = ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception.  Avoiding casts between pointers and integers is not practical.  Size differences accounted for using portPOINTER_SIZE_TYPE type.  Checked by assert(). */
 
             /* Check the alignment of the calculated top of stack is correct. */
-            (__builtin_expect(!(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1451, "( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )") : (void)0);
-// # 1460 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+            (__builtin_expect(!(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1459, "( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )") : (void)0);
+// # 1468 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
-// # 1474 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1482 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Store the task name in the TCB. */
     if( pcName != 0 )
     {
@@ -10769,7 +10799,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         {
             pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U;
         }
-// # 1558 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1566 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* Avoid compiler warning about unreferenced parameter. */
             ( void ) xRegions;
@@ -10787,21 +10817,21 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             memset( ( void * ) &( pxNewTCB->ulNotifiedValue[ 0 ] ), 0x00, sizeof( pxNewTCB->ulNotifiedValue ) );
             memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) );
         }
-// # 1587 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1595 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             pxNewTCB->ucDelayAborted = ( ( BaseType_t ) 0 );
         }
-// # 1605 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1613 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Initialize the TCB stack to look as if the task was already running,
      * but had been interrupted by the scheduler.  The return address is set
      * to the start of the task function. Once the stack has been initialised
      * the top of stack variable is updated. */
-// # 1633 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1641 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* If the port has capability to detect stack overflow,
              * pass the stack end address to the stack initialization
              * function as well. */
-// # 1650 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1658 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                 {
                     pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters );
                 }
@@ -10843,6 +10873,10 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 /*-----------------------------------------------------------*/
 
 static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
+/*@ requires true; 
+  @*/
+/*@ ensures true; 
+  @*/
 {
     /* Ensure interrupts don't access the task lists while the lists are being
      * updated. */
@@ -11006,7 +11040,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
                 if( xTaskRunningOnCore == xCoreID )
                 {
-                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1854, "uxSchedulerSuspended == 0") : (void)0);
+                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1866, "uxSchedulerSuspended == 0") : (void)0);
                     vTaskYieldWithinAPI();
                 }
                 else
@@ -11029,12 +11063,12 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         TickType_t xTimeToWake;
         BaseType_t xAlreadyYielded, xShouldDelay = ( ( BaseType_t ) 0 );
 
-        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1877, "pxPreviousWakeTime") : (void)0);
-        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1878, "( xTimeIncrement > 0U )") : (void)0);
+        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1889, "pxPreviousWakeTime") : (void)0);
+        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1890, "( xTimeIncrement > 0U )") : (void)0);
 
         vTaskSuspendAll();
         {
-            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1882, "uxSchedulerSuspended == 1") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1894, "uxSchedulerSuspended == 1") : (void)0);
 
             /* Minor optimisation.  The tick count cannot change in this
              * block. */
@@ -11120,7 +11154,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         {
             vTaskSuspendAll();
             {
-                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1968, "uxSchedulerSuspended == 1") : (void)0);
+                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1980, "uxSchedulerSuspended == 1") : (void)0);
                                  ;
 
                 /* A task that is removed from the event list while the
@@ -11174,7 +11208,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         const TCB_t * const pxTCB = xTask;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2022, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2034, "pxTCB") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -11350,7 +11384,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         BaseType_t xYieldForTask = ( ( BaseType_t ) 0 );
         BaseType_t xCoreID;
 
-        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2198, "( uxNewPriority < 32 )") : (void)0);
+        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2210, "( uxNewPriority < 32 )") : (void)0);
 
         /* Ensure the new priority is valid. */
         if( uxNewPriority >= ( UBaseType_t ) 32 )
@@ -11504,13 +11538,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
 /*-----------------------------------------------------------*/
-// # 2386 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2398 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2409 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2421 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2427 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2439 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2455 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2467 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -11587,7 +11621,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                     if( xTaskRunningOnCore == 0 )
                     {
                         /* The current task has just been suspended. */
-                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2531, "uxSchedulerSuspended == 0") : (void)0);
+                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2543, "uxSchedulerSuspended == 0") : (void)0);
                         vTaskYieldWithinAPI();
                     }
                     else
@@ -11601,7 +11635,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                 {
                     vTaskExitCritical();
 
-                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2545, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
+                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2557, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
 
                     /* The scheduler is not running, but the task that was pointed
                      * to by pxCurrentTCB has just been suspended and pxCurrentTCB
@@ -11648,7 +11682,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         /* Accesses xPendingReadyList so must be called from a critical section. */
 
         /* It does not make sense to check if the calling task is suspended. */
-        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2592, "xTask") : (void)0);
+        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2604, "xTask") : (void)0);
 
         /* Is the task being resumed actually in the suspended list? */
         if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &xSuspendedTaskList ) ) ? ( ( ( BaseType_t ) 1 ) ) : ( ( ( BaseType_t ) 0 ) ) ) != ( ( BaseType_t ) 0 ) )
@@ -11697,7 +11731,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
         /* It does not make sense to resume the calling task. */
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2641, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2653, "xTaskToResume") : (void)0);
 
         /* The parameter cannot be NULL as it is impossible to resume the
          * currently executing task. It is also impossible to resume a task
@@ -11756,7 +11790,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2700, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2712, "xTaskToResume") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -11877,7 +11911,7 @@ static BaseType_t prvCreateIdleTasks( void )
         {
                                     ;
         }
-// # 2868 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2880 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 if( xCoreID == 0 )
                 {
@@ -11889,7 +11923,7 @@ static BaseType_t prvCreateIdleTasks( void )
                                            ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */
                                            &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */
                 }
-// # 2891 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2903 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             }
 
     }
@@ -11926,7 +11960,7 @@ void vTaskStartScheduler( void )
          * so interrupts will automatically get re-enabled when the first task
          * starts to run. */
         assert_fct(false);
-// # 2941 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2953 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL;
         xSchedulerRunning = ( ( BaseType_t ) 1 );
         xTickCount = ( TickType_t ) 0;
@@ -11958,7 +11992,7 @@ void vTaskStartScheduler( void )
         /* This line will only be reached if the kernel could not be started,
          * because there was not enough FreeRTOS heap to create the idle task
          * or the timer task. */
-        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2972, "xReturn != ( -1 )") : (void)0);
+        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2984, "xReturn != ( -1 )") : (void)0);
     }
 
     /* Prevent compiler warnings if INCLUDE_xTaskGetIdleTaskHandle is set to 0,
@@ -12023,7 +12057,7 @@ void vTaskSuspendAll( void )
     }
 }
 /*----------------------------------------------------------*/
-// # 3099 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3111 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskResumeAll( void )
@@ -12046,7 +12080,7 @@ BaseType_t xTaskResumeAll( void )
 
             /* If uxSchedulerSuspended is zero then this function does not match a
              * previous call to vTaskSuspendAll(). */
-            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3121, "uxSchedulerSuspended") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3133, "uxSchedulerSuspended") : (void)0);
 
             --uxSchedulerSuspended;
             vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 0 ));
@@ -12204,7 +12238,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     /* If null is passed in here then the name of the calling task is being
      * queried. */
     pxTCB = ( ( ( xTaskToQuery ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToQuery ) );
-    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3279, "pxTCB") : (void)0);
+    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3291, "pxTCB") : (void)0);
     return &( pxTCB->pcTaskName[ 0 ] );
 }
 /*-----------------------------------------------------------*/
@@ -12297,7 +12331,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
         TCB_t * pxTCB;
 
         /* Task names will be truncated to configMAX_TASK_NAME_LEN - 1 bytes. */
-        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3372, "strlen( pcNameToQuery ) < 16") : (void)0);
+        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3384, "strlen( pcNameToQuery ) < 16") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12393,7 +12427,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                          * each task in the Suspended state. */
                         uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended );
                     }
-// # 3482 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3494 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         if( pulTotalRunTime != 0 )
                         {
@@ -12421,7 +12455,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     {
         /* If xTaskGetIdleTaskHandle() is called before the scheduler has been
          * started, then xIdleTaskHandle will be NULL. */
-        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3509, "( xIdleTaskHandle != 0 )") : (void)0);
+        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3521, "( xIdleTaskHandle != 0 )") : (void)0);
         return &( xIdleTaskHandle[ 0 ] );
     }
 
@@ -12432,7 +12466,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
  * This is to ensure vTaskStepTick() is available when user defined low power mode
  * implementations require configUSE_TICKLESS_IDLE to be set to a value other than
  * 1. */
-// # 3533 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3545 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
@@ -12441,7 +12475,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
 
     /* Must not be called with the scheduler suspended as the implementation
      * relies on xPendedTicks being wound down to 0 in xTaskResumeAll(). */
-    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3541, "uxSchedulerSuspended == 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3553, "uxSchedulerSuspended == 0") : (void)0);
 
     /* Use xPendedTicks to mimic xTicksToCatchUp number of ticks occurring when
      * the scheduler is suspended so the ticks are executed in xTaskResumeAll(). */
@@ -12460,7 +12494,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
         TCB_t * pxTCB = xTask;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3560, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3572, "pxTCB") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12559,7 +12593,7 @@ BaseType_t xTaskIncrementTick( void )
 
             if( xConstTickCount == ( TickType_t ) 0U ) /*lint !e774 'if' does not always evaluate to false as it is looking for an overflow. */
             {
-                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3659, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
+                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3671, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
             }
             else
             {
@@ -12742,13 +12776,13 @@ BaseType_t xTaskIncrementTick( void )
     return xSwitchRequired;
 }
 /*-----------------------------------------------------------*/
-// # 3871 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3883 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3895 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3907 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3920 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3932 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3953 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3965 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 void vTaskSwitchContext( BaseType_t xCoreID )
@@ -12766,7 +12800,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
     {
         /* vTaskSwitchContext() must never be called from within a critical section.
          * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */
-        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3970, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
+        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3982, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
 
         if( uxSchedulerSuspended != ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
         {
@@ -12778,7 +12812,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
         {
             xYieldPendings[ xCoreID ] = ( ( BaseType_t ) 0 );
                                     ;
-// # 4011 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4023 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             /* Check for stack overflow, if configured. */
             { const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } };
 
@@ -12795,7 +12829,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
                                    ;
 
             /* After the new task is switched in, update the global errno. */
-// # 4045 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4057 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
     }
     vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 0 ));
@@ -12806,7 +12840,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
 void vTaskPlaceOnEventList( List_t * const pxEventList,
                             const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4055, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4067, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH EITHER INTERRUPTS DISABLED OR THE
      * SCHEDULER SUSPENDED AND THE QUEUE BEING ACCESSED LOCKED. */
@@ -12825,11 +12859,11 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                      const TickType_t xItemValue,
                                      const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4074, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4086, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event groups implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4078, "uxSchedulerSuspended != 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4090, "uxSchedulerSuspended != 0") : (void)0);
 
     /* Store the item value in the event list item.  It is safe to access the
      * event list item here as interrupts won't access the event list item of a
@@ -12853,7 +12887,7 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                           TickType_t xTicksToWait,
                                           const BaseType_t xWaitIndefinitely )
     {
-        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4102, "pxEventList") : (void)0);
+        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4114, "pxEventList") : (void)0);
 
         /* This function should not be called by application code hence the
          * 'Restricted' in its name.  It is not part of the public API.  It is
@@ -12901,14 +12935,14 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
      * This function assumes that a check has already been made to ensure that
      * pxEventList is not empty. */
     pxUnblockedTCB = ( ( &( ( pxEventList )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4150, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4162, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( &( pxUnblockedTCB->xEventListItem ) );
 
     if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
     {
         ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) );
         ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ;
-// # 4171 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4183 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
     else
     {
@@ -12938,7 +12972,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event flags implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4200, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4212, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
 
     /* Store the new item value in the event list. */
     ( ( pxEventListItem )->xItemValue = ( xItemValue | 0x80000000UL ) );
@@ -12946,9 +12980,9 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
     /* Remove the event list form the event flag.  Interrupts do not access
      * event flags. */
     pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4208, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4220, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( pxEventListItem );
-// # 4225 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4237 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Remove the task from the delayed list and add it to the ready list.  The
      * scheduler is suspended so interrupts will not be accessing the ready
      * lists. */
@@ -12967,7 +13001,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
 void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut )
 {
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4243, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4255, "pxTimeOut") : (void)0);
     vTaskEnterCritical();
     {
         pxTimeOut->xOverflowCount = xNumOfOverflows;
@@ -12990,8 +13024,8 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
 {
     BaseType_t xReturn;
 
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4266, "pxTimeOut") : (void)0);
-    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4267, "pxTicksToWait") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4278, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4279, "pxTicksToWait") : (void)0);
 
     vTaskEnterCritical();
     {
@@ -13113,7 +13147,7 @@ void vTaskMissedYield( void )
  *
  * @todo additional conditional compiles to remove this function.
  */
-// # 4449 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4461 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * -----------------------------------------------------------
  * The Idle task.
@@ -13143,7 +13177,7 @@ static void prvIdleTask( void * pvParameters )
         /* See if any tasks have deleted themselves - if so then the idle task
          * is responsible for freeing the deleted task's TCB and stack. */
         prvCheckTasksWaitingTermination();
-// # 4490 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4502 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 /* When using preemption tasks of equal priority will be
                  * timesliced.  If a task that is sharing the idle priority is ready
@@ -13164,16 +13198,16 @@ static void prvIdleTask( void * pvParameters )
                                             ;
                 }
             }
-// # 4526 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4538 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         /* This conditional compilation should use inequality to 0, not equality
          * to 1.  This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when
          * user defined low power mode  implementations require
          * configUSE_TICKLESS_IDLE to be set to a value other than 1. */
-// # 4591 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4603 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 }
 /*-----------------------------------------------------------*/
-// # 4641 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4653 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13187,7 +13221,7 @@ static void prvIdleTask( void * pvParameters )
         if( xIndex < 5 )
         {
             pxTCB = ( ( ( xTaskToSet ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSet ) );
-            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4654, "pxTCB != 0") : (void)0);
+            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4666, "pxTCB != 0") : (void)0);
             pxTCB->pvThreadLocalStoragePointers[ xIndex ] = pvValue;
         }
     }
@@ -13218,7 +13252,7 @@ static void prvIdleTask( void * pvParameters )
 
 
 /*-----------------------------------------------------------*/
-// # 4701 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4713 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvInitialiseTaskLists( void )
@@ -13320,7 +13354,7 @@ static void prvCheckTasksWaitingTermination( void )
             {
                 pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority;
             }
-// # 4813 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4825 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 pxTaskStatus->ulRunTimeCounter = 0;
             }
@@ -13451,7 +13485,7 @@ static void prvCheckTasksWaitingTermination( void )
 
 
 /*-----------------------------------------------------------*/
-// # 4982 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4994 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13505,10 +13539,10 @@ static void prvCheckTasksWaitingTermination( void )
             {
                 /* The task can only have been allocated dynamically - free both
                  * the stack and TCB. */
-                vPortFree( pxTCB->pxStack );
-                vPortFree( pxTCB );
+                free( (void*) pxTCB->pxStack);
+                free( (void*) pxTCB);
             }
-// # 5065 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5077 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 
 
@@ -13713,8 +13747,8 @@ static void prvResetNextTaskUnblockTime( void )
              * If the mutex is held by a task then it cannot be given from an
              * interrupt, and if a mutex is given by the holding task then it must
              * be the running state task. */
-            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5269, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5270, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5281, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5282, "pxTCB->uxMutexesHeld") : (void)0);
             ( pxTCB->uxMutexesHeld )--;
 
             /* Has the holder of the mutex inherited the priority of another
@@ -13800,7 +13834,7 @@ static void prvResetNextTaskUnblockTime( void )
         {
             /* If pxMutexHolder is not NULL then the holder must hold at least
              * one mutex. */
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5356, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5368, "pxTCB->uxMutexesHeld") : (void)0);
 
             /* Determine the priority to which the priority of the task that
              * holds the mutex should be set.  This will be the greater of the
@@ -13827,7 +13861,7 @@ static void prvResetNextTaskUnblockTime( void )
                     /* If a task has timed out because it already holds the
                      * mutex it was trying to obtain then it cannot of inherited
                      * its own priority. */
-                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5383, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
+                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5395, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
 
                     /* Disinherit the priority, remembering the previous
                      * priority to facilitate determining the subject task's
@@ -13958,7 +13992,7 @@ void vTaskYieldWithinAPI( void )
         {
             /* If pxCurrentTCB->uxCriticalNesting is zero then this function
              * does not match a previous call to vTaskEnterCritical(). */
-            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5514, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5526, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
 
             if( xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U )
             {
@@ -14008,11 +14042,11 @@ void vTaskYieldWithinAPI( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5590 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5602 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 5696 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5708 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
-// # 5823 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5835 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 TickType_t uxTaskResetEventItemValue( void )
@@ -14054,7 +14088,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         uint32_t ulReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5864, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5876, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14128,7 +14162,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5938, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5950, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14216,8 +14250,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         uint8_t ucOriginalNotifyState;
 
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6026, "uxIndexToNotify < 1") : (void)0);
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6027, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6038, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6039, "xTaskToNotify") : (void)0);
         pxTCB = xTaskToNotify;
 
         vTaskEnterCritical();
@@ -14270,7 +14304,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6080, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6092, "xTickCount == ( TickType_t ) 0") : (void)0);
 
                     break;
             }
@@ -14285,8 +14319,8 @@ TickType_t uxTaskResetEventItemValue( void )
                 ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
 
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6095, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
-// # 6114 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6107, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+// # 6126 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         prvYieldForTask( pxTCB, ( ( BaseType_t ) 0 ) );
                     }
@@ -14319,8 +14353,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6146, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6147, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6158, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6159, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14391,7 +14425,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6218, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6230, "xTickCount == ( TickType_t ) 0") : (void)0);
                     break;
             }
 
@@ -14402,7 +14436,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6229, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6241, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -14447,8 +14481,8 @@ TickType_t uxTaskResetEventItemValue( void )
         uint8_t ucOriginalNotifyState;
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6274, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6275, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6286, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6287, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14486,7 +14520,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6313, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6325, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -14527,7 +14561,7 @@ TickType_t uxTaskResetEventItemValue( void )
         TCB_t * pxTCB;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6354, "uxIndexToClear < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6366, "uxIndexToClear < 1") : (void)0);
 
         /* If null is passed in here then it is the calling task that is having
          * its notification state cleared. */
@@ -14580,7 +14614,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
 
 /*-----------------------------------------------------------*/
-// # 6423 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6435 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
@@ -14656,7 +14690,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                 }
             }
         }
-// # 6535 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6547 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 
 /* Code below here allows additional code to be inserted into this source file,
diff --git a/verification/verifast/proof/tasks.gh b/verification/verifast/proof/tasks.gh
new file mode 100644
index 00000000000..211096f6129
--- /dev/null
+++ b/verification/verifast/proof/tasks.gh
@@ -0,0 +1,14 @@
+#ifndef TASKS_GH
+
+#define TASKS_GH
+
+
+/*@
+
+predicate TCB(TCB_t * tcb) =
+    malloc_block_tskTaskControlBlock(tcb) &*&
+    tcb->pxStack |-> ?stack;
+
+@*/
+
+#endif /* TASKS_GH */
\ No newline at end of file

From 5a7916bff0e520ac4a269c0e3f800dea959a665f Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Mon, 24 Oct 2022 16:17:41 -0400
Subject: [PATCH 054/289] Added predicates to reason about `TCB_t` and
 substructures.

---
 tasks.c                                       |   5 +-
 .../verifast/preprocessed_files/tasks--pp.c   | 260 +++++++++++-------
 verification/verifast/proof/nathan/README.md  |   3 +
 .../verifast/proof/nathan/list_predicates.h   |  28 ++
 verification/verifast/proof/task_predicates.h |  46 ++++
 verification/verifast/proof/tasks.gh          |  14 -
 6 files changed, 242 insertions(+), 114 deletions(-)
 create mode 100644 verification/verifast/proof/nathan/README.md
 create mode 100644 verification/verifast/proof/nathan/list_predicates.h
 create mode 100644 verification/verifast/proof/task_predicates.h
 delete mode 100644 verification/verifast/proof/tasks.gh

diff --git a/tasks.c b/tasks.c
index 78e8b193956..e1f4c5eb939 100644
--- a/tasks.c
+++ b/tasks.c
@@ -27,7 +27,7 @@
 /* Verifast proof setup */
 #ifdef VERIFAST
     #include "verifast_proof_defs.h"
-    #include "tasks.gh"
+    #include "task_predicates.h"
 #endif
 
 /* Standard includes. */
@@ -1359,6 +1359,9 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     {
                         /* Store the stack location in the TCB. */
                         pxNewTCB->pxStack = pxStack;
+                        //@ close xLIST_ITEM(&pxNewTCB->xStateListItem, _, _, _, _);
+                        //@ close xLIST_ITEM(&pxNewTCB->xEventListItem, _, _, _, _);
+                        //@ close TCB_p(pxNewTCB); 
                     }
                     else
                     {
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index 97234d6482b..5984f1df75e 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -43,18 +43,77 @@
 
     // Delete keywords VeriFast canot parse (in some contexts)
 // # 30 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/tasks.gh" 1
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/task_predicates.h" 1
 
 
 
 
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/nathan/list_predicates.h" 1
+
+
+
+
+/*
+ * The code below has been taken from:
+ * pull request:
+ * https://github.com/FreeRTOS/FreeRTOS/pull/836
+ * file:
+ * FreeRTOS/Test/VeriFast/include/proof/list.h
+ *
+ */
 
 /*@
+predicate xLIST_ITEM(
+	struct xLIST_ITEM *n,
+	TickType_t xItemValue,
+	struct xLIST_ITEM *pxNext,
+	struct xLIST_ITEM *pxPrevious,
+	struct xLIST *pxContainer;) =
+	n->xItemValue |-> xItemValue &*&
+	n->pxNext |-> pxNext &*&
+	n->pxPrevious |-> pxPrevious &*&
+	n->pvOwner |-> _ &*&
+	n->pxContainer |-> pxContainer;
+@*/
+// # 6 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/task_predicates.h" 2
 
-predicate TCB(TCB_t * tcb) =
-    malloc_block_tskTaskControlBlock(tcb) &*&
-    tcb->pxStack |-> ?stack;
 
+/*@
+// This predicate represents the memory corresponding to an
+// instance of type `TCB_t` aka `tskTaskControlBlock`.
+predicate TCB_p(TCB_t * tcb) =
+    malloc_block_tskTaskControlBlock(tcb) &*&
+    tcb->pxTopOfStack |-> _ &*&
+
+    xLIST_ITEM(&tcb->xStateListItem, _, _, _, _) &*&
+    struct_xLIST_ITEM_padding(&tcb->xStateListItem) &*&
+    xLIST_ITEM(&tcb->xEventListItem, _, _, _, _) &*&
+    struct_xLIST_ITEM_padding(&tcb->xEventListItem) &*&
+    
+    tcb->uxPriority |-> _ &*&
+    tcb->pxStack |-> _ &*&
+    tcb->xTaskRunState |-> _ &*&
+    tcb->xIsIdle |-> _ &*&
+    
+    // pcTaskName
+    chars_(tcb->pcTaskName, 16, _) &*&
+
+    tcb->uxCriticalNesting |-> _ &*&
+    tcb->uxTCBNumber |-> _ &*&
+    tcb->uxTaskNumber |-> _ &*&
+    tcb->uxBasePriority |-> _ &*&
+    tcb->uxMutexesHeld |-> _ &*&
+
+    // void * pvThreadLocalStoragePointers[ 5 ];
+    pointers_(tcb->pvThreadLocalStoragePointers, _, _) &*&
+
+    integers__(tcb->ulNotifiedValue, _, _, _, _) &*&
+    
+    uchars_(tcb->ucNotifyState, 1, _) &*&
+
+    tcb->ucDelayAborted |-> _;
+
+    
 @*/
 // # 31 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
@@ -10662,6 +10721,9 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     {
                         /* Store the stack location in the TCB. */
                         pxNewTCB->pxStack = pxStack;
+                        //@ close xLIST_ITEM(&pxNewTCB->xStateListItem, _, _, _, _);
+                        //@ close xLIST_ITEM(&pxNewTCB->xEventListItem, _, _, _, _);
+                        //@ close TCB_p(pxNewTCB); 
                     }
                     else
                     {
@@ -10679,9 +10741,9 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
         if( pxNewTCB != 0 )
         {
-// # 1387 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1390 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvInitialiseNewTask( pxTaskCode, pcName, ( uint32_t ) usStackDepth, pvParameters, uxPriority, pxCreatedTask, pxNewTCB, 0 );
-// # 1396 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1399 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvAddNewTaskToReadyList( pxNewTCB );
             xReturn = ( ( ( BaseType_t ) 1 ) );
         }
@@ -10711,7 +10773,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 {
     StackType_t * pxTopOfStack;
     UBaseType_t x;
-// # 1441 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1444 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Avoid dependency on memset() if it is not required. */
 
         {
@@ -10730,10 +10792,10 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             pxTopOfStack = ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception.  Avoiding casts between pointers and integers is not practical.  Size differences accounted for using portPOINTER_SIZE_TYPE type.  Checked by assert(). */
 
             /* Check the alignment of the calculated top of stack is correct. */
-            (__builtin_expect(!(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1459, "( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )") : (void)0);
-// # 1468 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+            (__builtin_expect(!(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1462, "( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )") : (void)0);
+// # 1471 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
-// # 1482 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1485 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Store the task name in the TCB. */
     if( pcName != 0 )
     {
@@ -10799,7 +10861,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         {
             pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U;
         }
-// # 1566 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1569 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* Avoid compiler warning about unreferenced parameter. */
             ( void ) xRegions;
@@ -10817,21 +10879,21 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             memset( ( void * ) &( pxNewTCB->ulNotifiedValue[ 0 ] ), 0x00, sizeof( pxNewTCB->ulNotifiedValue ) );
             memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) );
         }
-// # 1595 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1598 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             pxNewTCB->ucDelayAborted = ( ( BaseType_t ) 0 );
         }
-// # 1613 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1616 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Initialize the TCB stack to look as if the task was already running,
      * but had been interrupted by the scheduler.  The return address is set
      * to the start of the task function. Once the stack has been initialised
      * the top of stack variable is updated. */
-// # 1641 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1644 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* If the port has capability to detect stack overflow,
              * pass the stack end address to the stack initialization
              * function as well. */
-// # 1658 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1661 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                 {
                     pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters );
                 }
@@ -11040,7 +11102,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
                 if( xTaskRunningOnCore == xCoreID )
                 {
-                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1866, "uxSchedulerSuspended == 0") : (void)0);
+                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1869, "uxSchedulerSuspended == 0") : (void)0);
                     vTaskYieldWithinAPI();
                 }
                 else
@@ -11063,12 +11125,12 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         TickType_t xTimeToWake;
         BaseType_t xAlreadyYielded, xShouldDelay = ( ( BaseType_t ) 0 );
 
-        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1889, "pxPreviousWakeTime") : (void)0);
-        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1890, "( xTimeIncrement > 0U )") : (void)0);
+        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1892, "pxPreviousWakeTime") : (void)0);
+        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1893, "( xTimeIncrement > 0U )") : (void)0);
 
         vTaskSuspendAll();
         {
-            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1894, "uxSchedulerSuspended == 1") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1897, "uxSchedulerSuspended == 1") : (void)0);
 
             /* Minor optimisation.  The tick count cannot change in this
              * block. */
@@ -11154,7 +11216,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         {
             vTaskSuspendAll();
             {
-                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1980, "uxSchedulerSuspended == 1") : (void)0);
+                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1983, "uxSchedulerSuspended == 1") : (void)0);
                                  ;
 
                 /* A task that is removed from the event list while the
@@ -11208,7 +11270,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         const TCB_t * const pxTCB = xTask;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2034, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2037, "pxTCB") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -11384,7 +11446,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         BaseType_t xYieldForTask = ( ( BaseType_t ) 0 );
         BaseType_t xCoreID;
 
-        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2210, "( uxNewPriority < 32 )") : (void)0);
+        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2213, "( uxNewPriority < 32 )") : (void)0);
 
         /* Ensure the new priority is valid. */
         if( uxNewPriority >= ( UBaseType_t ) 32 )
@@ -11538,13 +11600,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
 /*-----------------------------------------------------------*/
-// # 2398 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2401 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2421 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2424 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2439 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2442 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2467 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2470 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -11621,7 +11683,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                     if( xTaskRunningOnCore == 0 )
                     {
                         /* The current task has just been suspended. */
-                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2543, "uxSchedulerSuspended == 0") : (void)0);
+                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2546, "uxSchedulerSuspended == 0") : (void)0);
                         vTaskYieldWithinAPI();
                     }
                     else
@@ -11635,7 +11697,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                 {
                     vTaskExitCritical();
 
-                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2557, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
+                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2560, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
 
                     /* The scheduler is not running, but the task that was pointed
                      * to by pxCurrentTCB has just been suspended and pxCurrentTCB
@@ -11682,7 +11744,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         /* Accesses xPendingReadyList so must be called from a critical section. */
 
         /* It does not make sense to check if the calling task is suspended. */
-        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2604, "xTask") : (void)0);
+        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2607, "xTask") : (void)0);
 
         /* Is the task being resumed actually in the suspended list? */
         if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &xSuspendedTaskList ) ) ? ( ( ( BaseType_t ) 1 ) ) : ( ( ( BaseType_t ) 0 ) ) ) != ( ( BaseType_t ) 0 ) )
@@ -11731,7 +11793,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
         /* It does not make sense to resume the calling task. */
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2653, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2656, "xTaskToResume") : (void)0);
 
         /* The parameter cannot be NULL as it is impossible to resume the
          * currently executing task. It is also impossible to resume a task
@@ -11790,7 +11852,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2712, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2715, "xTaskToResume") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -11911,7 +11973,7 @@ static BaseType_t prvCreateIdleTasks( void )
         {
                                     ;
         }
-// # 2880 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2883 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 if( xCoreID == 0 )
                 {
@@ -11923,7 +11985,7 @@ static BaseType_t prvCreateIdleTasks( void )
                                            ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */
                                            &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */
                 }
-// # 2903 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2906 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             }
 
     }
@@ -11960,7 +12022,7 @@ void vTaskStartScheduler( void )
          * so interrupts will automatically get re-enabled when the first task
          * starts to run. */
         assert_fct(false);
-// # 2953 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2956 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL;
         xSchedulerRunning = ( ( BaseType_t ) 1 );
         xTickCount = ( TickType_t ) 0;
@@ -11992,7 +12054,7 @@ void vTaskStartScheduler( void )
         /* This line will only be reached if the kernel could not be started,
          * because there was not enough FreeRTOS heap to create the idle task
          * or the timer task. */
-        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2984, "xReturn != ( -1 )") : (void)0);
+        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2987, "xReturn != ( -1 )") : (void)0);
     }
 
     /* Prevent compiler warnings if INCLUDE_xTaskGetIdleTaskHandle is set to 0,
@@ -12057,7 +12119,7 @@ void vTaskSuspendAll( void )
     }
 }
 /*----------------------------------------------------------*/
-// # 3111 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3114 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskResumeAll( void )
@@ -12080,7 +12142,7 @@ BaseType_t xTaskResumeAll( void )
 
             /* If uxSchedulerSuspended is zero then this function does not match a
              * previous call to vTaskSuspendAll(). */
-            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3133, "uxSchedulerSuspended") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3136, "uxSchedulerSuspended") : (void)0);
 
             --uxSchedulerSuspended;
             vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 0 ));
@@ -12238,7 +12300,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     /* If null is passed in here then the name of the calling task is being
      * queried. */
     pxTCB = ( ( ( xTaskToQuery ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToQuery ) );
-    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3291, "pxTCB") : (void)0);
+    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3294, "pxTCB") : (void)0);
     return &( pxTCB->pcTaskName[ 0 ] );
 }
 /*-----------------------------------------------------------*/
@@ -12331,7 +12393,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
         TCB_t * pxTCB;
 
         /* Task names will be truncated to configMAX_TASK_NAME_LEN - 1 bytes. */
-        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3384, "strlen( pcNameToQuery ) < 16") : (void)0);
+        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3387, "strlen( pcNameToQuery ) < 16") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12427,7 +12489,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                          * each task in the Suspended state. */
                         uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended );
                     }
-// # 3494 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3497 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         if( pulTotalRunTime != 0 )
                         {
@@ -12455,7 +12517,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     {
         /* If xTaskGetIdleTaskHandle() is called before the scheduler has been
          * started, then xIdleTaskHandle will be NULL. */
-        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3521, "( xIdleTaskHandle != 0 )") : (void)0);
+        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3524, "( xIdleTaskHandle != 0 )") : (void)0);
         return &( xIdleTaskHandle[ 0 ] );
     }
 
@@ -12466,7 +12528,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
  * This is to ensure vTaskStepTick() is available when user defined low power mode
  * implementations require configUSE_TICKLESS_IDLE to be set to a value other than
  * 1. */
-// # 3545 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3548 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
@@ -12475,7 +12537,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
 
     /* Must not be called with the scheduler suspended as the implementation
      * relies on xPendedTicks being wound down to 0 in xTaskResumeAll(). */
-    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3553, "uxSchedulerSuspended == 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3556, "uxSchedulerSuspended == 0") : (void)0);
 
     /* Use xPendedTicks to mimic xTicksToCatchUp number of ticks occurring when
      * the scheduler is suspended so the ticks are executed in xTaskResumeAll(). */
@@ -12494,7 +12556,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
         TCB_t * pxTCB = xTask;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3572, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3575, "pxTCB") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12593,7 +12655,7 @@ BaseType_t xTaskIncrementTick( void )
 
             if( xConstTickCount == ( TickType_t ) 0U ) /*lint !e774 'if' does not always evaluate to false as it is looking for an overflow. */
             {
-                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3671, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
+                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3674, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
             }
             else
             {
@@ -12776,13 +12838,13 @@ BaseType_t xTaskIncrementTick( void )
     return xSwitchRequired;
 }
 /*-----------------------------------------------------------*/
-// # 3883 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3886 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3907 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3910 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3932 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3935 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3965 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3968 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 void vTaskSwitchContext( BaseType_t xCoreID )
@@ -12800,7 +12862,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
     {
         /* vTaskSwitchContext() must never be called from within a critical section.
          * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */
-        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3982, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
+        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3985, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
 
         if( uxSchedulerSuspended != ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
         {
@@ -12812,7 +12874,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
         {
             xYieldPendings[ xCoreID ] = ( ( BaseType_t ) 0 );
                                     ;
-// # 4023 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4026 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             /* Check for stack overflow, if configured. */
             { const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } };
 
@@ -12829,7 +12891,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
                                    ;
 
             /* After the new task is switched in, update the global errno. */
-// # 4057 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4060 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
     }
     vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 0 ));
@@ -12840,7 +12902,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
 void vTaskPlaceOnEventList( List_t * const pxEventList,
                             const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4067, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4070, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH EITHER INTERRUPTS DISABLED OR THE
      * SCHEDULER SUSPENDED AND THE QUEUE BEING ACCESSED LOCKED. */
@@ -12859,11 +12921,11 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                      const TickType_t xItemValue,
                                      const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4086, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4089, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event groups implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4090, "uxSchedulerSuspended != 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4093, "uxSchedulerSuspended != 0") : (void)0);
 
     /* Store the item value in the event list item.  It is safe to access the
      * event list item here as interrupts won't access the event list item of a
@@ -12887,7 +12949,7 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                           TickType_t xTicksToWait,
                                           const BaseType_t xWaitIndefinitely )
     {
-        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4114, "pxEventList") : (void)0);
+        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4117, "pxEventList") : (void)0);
 
         /* This function should not be called by application code hence the
          * 'Restricted' in its name.  It is not part of the public API.  It is
@@ -12935,14 +12997,14 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
      * This function assumes that a check has already been made to ensure that
      * pxEventList is not empty. */
     pxUnblockedTCB = ( ( &( ( pxEventList )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4162, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4165, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( &( pxUnblockedTCB->xEventListItem ) );
 
     if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
     {
         ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) );
         ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ;
-// # 4183 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4186 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
     else
     {
@@ -12972,7 +13034,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event flags implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4212, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4215, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
 
     /* Store the new item value in the event list. */
     ( ( pxEventListItem )->xItemValue = ( xItemValue | 0x80000000UL ) );
@@ -12980,9 +13042,9 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
     /* Remove the event list form the event flag.  Interrupts do not access
      * event flags. */
     pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4220, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4223, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( pxEventListItem );
-// # 4237 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4240 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Remove the task from the delayed list and add it to the ready list.  The
      * scheduler is suspended so interrupts will not be accessing the ready
      * lists. */
@@ -13001,7 +13063,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
 void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut )
 {
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4255, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4258, "pxTimeOut") : (void)0);
     vTaskEnterCritical();
     {
         pxTimeOut->xOverflowCount = xNumOfOverflows;
@@ -13024,8 +13086,8 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
 {
     BaseType_t xReturn;
 
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4278, "pxTimeOut") : (void)0);
-    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4279, "pxTicksToWait") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4281, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4282, "pxTicksToWait") : (void)0);
 
     vTaskEnterCritical();
     {
@@ -13147,7 +13209,7 @@ void vTaskMissedYield( void )
  *
  * @todo additional conditional compiles to remove this function.
  */
-// # 4461 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4464 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * -----------------------------------------------------------
  * The Idle task.
@@ -13177,7 +13239,7 @@ static void prvIdleTask( void * pvParameters )
         /* See if any tasks have deleted themselves - if so then the idle task
          * is responsible for freeing the deleted task's TCB and stack. */
         prvCheckTasksWaitingTermination();
-// # 4502 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4505 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 /* When using preemption tasks of equal priority will be
                  * timesliced.  If a task that is sharing the idle priority is ready
@@ -13198,16 +13260,16 @@ static void prvIdleTask( void * pvParameters )
                                             ;
                 }
             }
-// # 4538 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4541 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         /* This conditional compilation should use inequality to 0, not equality
          * to 1.  This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when
          * user defined low power mode  implementations require
          * configUSE_TICKLESS_IDLE to be set to a value other than 1. */
-// # 4603 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4606 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 }
 /*-----------------------------------------------------------*/
-// # 4653 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4656 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13221,7 +13283,7 @@ static void prvIdleTask( void * pvParameters )
         if( xIndex < 5 )
         {
             pxTCB = ( ( ( xTaskToSet ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSet ) );
-            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4666, "pxTCB != 0") : (void)0);
+            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4669, "pxTCB != 0") : (void)0);
             pxTCB->pvThreadLocalStoragePointers[ xIndex ] = pvValue;
         }
     }
@@ -13252,7 +13314,7 @@ static void prvIdleTask( void * pvParameters )
 
 
 /*-----------------------------------------------------------*/
-// # 4713 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4716 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvInitialiseTaskLists( void )
@@ -13354,7 +13416,7 @@ static void prvCheckTasksWaitingTermination( void )
             {
                 pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority;
             }
-// # 4825 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4828 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 pxTaskStatus->ulRunTimeCounter = 0;
             }
@@ -13485,7 +13547,7 @@ static void prvCheckTasksWaitingTermination( void )
 
 
 /*-----------------------------------------------------------*/
-// # 4994 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4997 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13542,7 +13604,7 @@ static void prvCheckTasksWaitingTermination( void )
                 free( (void*) pxTCB->pxStack);
                 free( (void*) pxTCB);
             }
-// # 5077 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5080 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 
 
@@ -13747,8 +13809,8 @@ static void prvResetNextTaskUnblockTime( void )
              * If the mutex is held by a task then it cannot be given from an
              * interrupt, and if a mutex is given by the holding task then it must
              * be the running state task. */
-            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5281, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5282, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5284, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5285, "pxTCB->uxMutexesHeld") : (void)0);
             ( pxTCB->uxMutexesHeld )--;
 
             /* Has the holder of the mutex inherited the priority of another
@@ -13834,7 +13896,7 @@ static void prvResetNextTaskUnblockTime( void )
         {
             /* If pxMutexHolder is not NULL then the holder must hold at least
              * one mutex. */
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5368, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5371, "pxTCB->uxMutexesHeld") : (void)0);
 
             /* Determine the priority to which the priority of the task that
              * holds the mutex should be set.  This will be the greater of the
@@ -13861,7 +13923,7 @@ static void prvResetNextTaskUnblockTime( void )
                     /* If a task has timed out because it already holds the
                      * mutex it was trying to obtain then it cannot of inherited
                      * its own priority. */
-                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5395, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
+                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5398, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
 
                     /* Disinherit the priority, remembering the previous
                      * priority to facilitate determining the subject task's
@@ -13992,7 +14054,7 @@ void vTaskYieldWithinAPI( void )
         {
             /* If pxCurrentTCB->uxCriticalNesting is zero then this function
              * does not match a previous call to vTaskEnterCritical(). */
-            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5526, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5529, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
 
             if( xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U )
             {
@@ -14042,11 +14104,11 @@ void vTaskYieldWithinAPI( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5602 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5605 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 5708 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5711 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
-// # 5835 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5838 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 TickType_t uxTaskResetEventItemValue( void )
@@ -14088,7 +14150,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         uint32_t ulReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5876, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5879, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14162,7 +14224,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5950, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5953, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14250,8 +14312,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         uint8_t ucOriginalNotifyState;
 
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6038, "uxIndexToNotify < 1") : (void)0);
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6039, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6041, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6042, "xTaskToNotify") : (void)0);
         pxTCB = xTaskToNotify;
 
         vTaskEnterCritical();
@@ -14304,7 +14366,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6092, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6095, "xTickCount == ( TickType_t ) 0") : (void)0);
 
                     break;
             }
@@ -14319,8 +14381,8 @@ TickType_t uxTaskResetEventItemValue( void )
                 ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
 
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6107, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
-// # 6126 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6110, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+// # 6129 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         prvYieldForTask( pxTCB, ( ( BaseType_t ) 0 ) );
                     }
@@ -14353,8 +14415,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6158, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6159, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6161, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6162, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14425,7 +14487,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6230, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6233, "xTickCount == ( TickType_t ) 0") : (void)0);
                     break;
             }
 
@@ -14436,7 +14498,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6241, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6244, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -14481,8 +14543,8 @@ TickType_t uxTaskResetEventItemValue( void )
         uint8_t ucOriginalNotifyState;
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6286, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6287, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6289, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6290, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14520,7 +14582,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6325, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6328, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -14561,7 +14623,7 @@ TickType_t uxTaskResetEventItemValue( void )
         TCB_t * pxTCB;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6366, "uxIndexToClear < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6369, "uxIndexToClear < 1") : (void)0);
 
         /* If null is passed in here then it is the calling task that is having
          * its notification state cleared. */
@@ -14614,7 +14676,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
 
 /*-----------------------------------------------------------*/
-// # 6435 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6438 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
@@ -14690,7 +14752,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                 }
             }
         }
-// # 6547 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6550 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 
 /* Code below here allows additional code to be inserted into this source file,
diff --git a/verification/verifast/proof/nathan/README.md b/verification/verifast/proof/nathan/README.md
new file mode 100644
index 00000000000..d8b83cacb64
--- /dev/null
+++ b/verification/verifast/proof/nathan/README.md
@@ -0,0 +1,3 @@
+This directory contains proof artifacts written by Nathan Chong.
+See the following pull request:
+https://github.com/FreeRTOS/FreeRTOS/pull/836
diff --git a/verification/verifast/proof/nathan/list_predicates.h b/verification/verifast/proof/nathan/list_predicates.h
new file mode 100644
index 00000000000..7731a0a669f
--- /dev/null
+++ b/verification/verifast/proof/nathan/list_predicates.h
@@ -0,0 +1,28 @@
+#ifndef LIST_PREDICATES_H
+
+#define LIST_PREDICATES_H
+
+/*
+ * The code below has been taken from:
+ * pull request:
+ * https://github.com/FreeRTOS/FreeRTOS/pull/836
+ * file:
+ * FreeRTOS/Test/VeriFast/include/proof/list.h
+ *
+ */
+
+/*@
+predicate xLIST_ITEM(
+	struct xLIST_ITEM *n,
+	TickType_t xItemValue,
+	struct xLIST_ITEM *pxNext,
+	struct xLIST_ITEM *pxPrevious,
+	struct xLIST *pxContainer;) =
+	n->xItemValue |-> xItemValue &*&
+	n->pxNext |-> pxNext &*&
+	n->pxPrevious |-> pxPrevious &*&
+	n->pvOwner |-> _ &*&
+	n->pxContainer |-> pxContainer;
+@*/
+
+#endif /* LIST_PREDICATES_H */
\ No newline at end of file
diff --git a/verification/verifast/proof/task_predicates.h b/verification/verifast/proof/task_predicates.h
new file mode 100644
index 00000000000..308866bbe1e
--- /dev/null
+++ b/verification/verifast/proof/task_predicates.h
@@ -0,0 +1,46 @@
+#ifndef TASKS_GH
+
+#define TASKS_GH
+
+#include "nathan/list_predicates.h"
+
+
+/*@
+// This predicate represents the memory corresponding to an
+// instance of type `TCB_t` aka `tskTaskControlBlock`.
+predicate TCB_p(TCB_t * tcb) =
+    malloc_block_tskTaskControlBlock(tcb) &*&
+    tcb->pxTopOfStack |-> _ &*&
+
+    xLIST_ITEM(&tcb->xStateListItem, _, _, _, _) &*&
+    struct_xLIST_ITEM_padding(&tcb->xStateListItem) &*&
+    xLIST_ITEM(&tcb->xEventListItem, _, _, _, _) &*&
+    struct_xLIST_ITEM_padding(&tcb->xEventListItem) &*&
+    
+    tcb->uxPriority |-> _ &*&
+    tcb->pxStack |-> _ &*&
+    tcb->xTaskRunState |-> _ &*&
+    tcb->xIsIdle |-> _ &*&
+    
+    // pcTaskName
+    chars_(tcb->pcTaskName, 16, _) &*&
+
+    tcb->uxCriticalNesting |-> _ &*&
+    tcb->uxTCBNumber |-> _ &*&
+    tcb->uxTaskNumber |-> _ &*&
+    tcb->uxBasePriority |-> _ &*&
+    tcb->uxMutexesHeld |-> _ &*&
+
+    // void * pvThreadLocalStoragePointers[ 5 ];
+    pointers_(tcb->pvThreadLocalStoragePointers, _, _) &*&
+
+    integers__(tcb->ulNotifiedValue, _, _, _, _) &*&
+    
+    uchars_(tcb->ucNotifyState, 1, _) &*&
+
+    tcb->ucDelayAborted |-> _;
+
+    
+@*/
+
+#endif /* TASKS_GH */
\ No newline at end of file
diff --git a/verification/verifast/proof/tasks.gh b/verification/verifast/proof/tasks.gh
deleted file mode 100644
index 211096f6129..00000000000
--- a/verification/verifast/proof/tasks.gh
+++ /dev/null
@@ -1,14 +0,0 @@
-#ifndef TASKS_GH
-
-#define TASKS_GH
-
-
-/*@
-
-predicate TCB(TCB_t * tcb) =
-    malloc_block_tskTaskControlBlock(tcb) &*&
-    tcb->pxStack |-> ?stack;
-
-@*/
-
-#endif /* TASKS_GH */
\ No newline at end of file

From 80134a65edf818d8c7d10c003549473ecddd0e85 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Tue, 25 Oct 2022 12:49:33 -0400
Subject: [PATCH 055/289] VeriFast cannot handle casts of side-effectful
 expressions.

---
 tasks.c                                       |  14 +-
 .../verifast/preprocessed_files/tasks--pp.c   | 198 ++++++++++--------
 2 files changed, 118 insertions(+), 94 deletions(-)

diff --git a/tasks.c b/tasks.c
index e1f4c5eb939..743b3c7f83a 100644
--- a/tasks.c
+++ b/tasks.c
@@ -1445,7 +1445,19 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
     #if ( tskSET_NEW_STACKS_TO_KNOWN_VALUE == 1 )
         {
             /* Fill the stack with a known value to assist debugging. */
-            ( void ) memset( pxNewTCB->pxStack, ( int ) tskSTACK_FILL_BYTE, ( size_t ) ulStackDepth * sizeof( StackType_t ) );
+            #ifdef VERIFAST
+                /* Reason for rewrite:
+                 * - VeriFast does not support casts involving side-effectful
+                 *   expressions.
+                 * 
+                 * 
+                 * Note: The only affect of void casts is to surpress compiler
+                 *       warnings.
+                 */
+                memset( pxNewTCB->pxStack, ( int ) tskSTACK_FILL_BYTE, ( size_t ) ulStackDepth * sizeof( StackType_t ) );
+            #else
+                ( void ) memset( pxNewTCB->pxStack, ( int ) tskSTACK_FILL_BYTE, ( size_t ) ulStackDepth * sizeof( StackType_t ) );
+            #endif
         }
     #endif /* tskSET_NEW_STACKS_TO_KNOWN_VALUE */
 
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index 5984f1df75e..7acbdb895e7 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -10778,7 +10778,19 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 
         {
             /* Fill the stack with a known value to assist debugging. */
-            ( void ) memset( pxNewTCB->pxStack, ( int ) ( 0xa5U ), ( size_t ) ulStackDepth * sizeof( StackType_t ) );
+
+                /* Reason for rewrite:
+                 * - VeriFast does not support casts involving side-effectful
+                 *   expressions.
+                 * 
+                 * 
+                 * Note: The only affect of void casts is to surpress compiler
+                 *       warnings.
+                 */
+                memset( pxNewTCB->pxStack, ( int ) ( 0xa5U ), ( size_t ) ulStackDepth * sizeof( StackType_t ) );
+
+
+
         }
 
 
@@ -10792,10 +10804,10 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             pxTopOfStack = ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception.  Avoiding casts between pointers and integers is not practical.  Size differences accounted for using portPOINTER_SIZE_TYPE type.  Checked by assert(). */
 
             /* Check the alignment of the calculated top of stack is correct. */
-            (__builtin_expect(!(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1462, "( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )") : (void)0);
-// # 1471 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+            (__builtin_expect(!(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1474, "( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )") : (void)0);
+// # 1483 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
-// # 1485 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1497 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Store the task name in the TCB. */
     if( pcName != 0 )
     {
@@ -10861,7 +10873,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         {
             pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U;
         }
-// # 1569 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1581 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* Avoid compiler warning about unreferenced parameter. */
             ( void ) xRegions;
@@ -10879,21 +10891,21 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             memset( ( void * ) &( pxNewTCB->ulNotifiedValue[ 0 ] ), 0x00, sizeof( pxNewTCB->ulNotifiedValue ) );
             memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) );
         }
-// # 1598 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1610 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             pxNewTCB->ucDelayAborted = ( ( BaseType_t ) 0 );
         }
-// # 1616 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1628 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Initialize the TCB stack to look as if the task was already running,
      * but had been interrupted by the scheduler.  The return address is set
      * to the start of the task function. Once the stack has been initialised
      * the top of stack variable is updated. */
-// # 1644 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1656 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* If the port has capability to detect stack overflow,
              * pass the stack end address to the stack initialization
              * function as well. */
-// # 1661 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1673 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                 {
                     pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters );
                 }
@@ -11102,7 +11114,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
                 if( xTaskRunningOnCore == xCoreID )
                 {
-                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1869, "uxSchedulerSuspended == 0") : (void)0);
+                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1881, "uxSchedulerSuspended == 0") : (void)0);
                     vTaskYieldWithinAPI();
                 }
                 else
@@ -11125,12 +11137,12 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         TickType_t xTimeToWake;
         BaseType_t xAlreadyYielded, xShouldDelay = ( ( BaseType_t ) 0 );
 
-        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1892, "pxPreviousWakeTime") : (void)0);
-        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1893, "( xTimeIncrement > 0U )") : (void)0);
+        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1904, "pxPreviousWakeTime") : (void)0);
+        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1905, "( xTimeIncrement > 0U )") : (void)0);
 
         vTaskSuspendAll();
         {
-            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1897, "uxSchedulerSuspended == 1") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1909, "uxSchedulerSuspended == 1") : (void)0);
 
             /* Minor optimisation.  The tick count cannot change in this
              * block. */
@@ -11216,7 +11228,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         {
             vTaskSuspendAll();
             {
-                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1983, "uxSchedulerSuspended == 1") : (void)0);
+                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1995, "uxSchedulerSuspended == 1") : (void)0);
                                  ;
 
                 /* A task that is removed from the event list while the
@@ -11270,7 +11282,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         const TCB_t * const pxTCB = xTask;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2037, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2049, "pxTCB") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -11446,7 +11458,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         BaseType_t xYieldForTask = ( ( BaseType_t ) 0 );
         BaseType_t xCoreID;
 
-        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2213, "( uxNewPriority < 32 )") : (void)0);
+        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2225, "( uxNewPriority < 32 )") : (void)0);
 
         /* Ensure the new priority is valid. */
         if( uxNewPriority >= ( UBaseType_t ) 32 )
@@ -11600,13 +11612,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
 /*-----------------------------------------------------------*/
-// # 2401 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2413 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2424 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2436 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2442 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2454 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2470 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2482 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -11683,7 +11695,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                     if( xTaskRunningOnCore == 0 )
                     {
                         /* The current task has just been suspended. */
-                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2546, "uxSchedulerSuspended == 0") : (void)0);
+                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2558, "uxSchedulerSuspended == 0") : (void)0);
                         vTaskYieldWithinAPI();
                     }
                     else
@@ -11697,7 +11709,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                 {
                     vTaskExitCritical();
 
-                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2560, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
+                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2572, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
 
                     /* The scheduler is not running, but the task that was pointed
                      * to by pxCurrentTCB has just been suspended and pxCurrentTCB
@@ -11744,7 +11756,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         /* Accesses xPendingReadyList so must be called from a critical section. */
 
         /* It does not make sense to check if the calling task is suspended. */
-        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2607, "xTask") : (void)0);
+        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2619, "xTask") : (void)0);
 
         /* Is the task being resumed actually in the suspended list? */
         if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &xSuspendedTaskList ) ) ? ( ( ( BaseType_t ) 1 ) ) : ( ( ( BaseType_t ) 0 ) ) ) != ( ( BaseType_t ) 0 ) )
@@ -11793,7 +11805,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
         /* It does not make sense to resume the calling task. */
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2656, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2668, "xTaskToResume") : (void)0);
 
         /* The parameter cannot be NULL as it is impossible to resume the
          * currently executing task. It is also impossible to resume a task
@@ -11852,7 +11864,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2715, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2727, "xTaskToResume") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -11973,7 +11985,7 @@ static BaseType_t prvCreateIdleTasks( void )
         {
                                     ;
         }
-// # 2883 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2895 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 if( xCoreID == 0 )
                 {
@@ -11985,7 +11997,7 @@ static BaseType_t prvCreateIdleTasks( void )
                                            ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */
                                            &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */
                 }
-// # 2906 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2918 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             }
 
     }
@@ -12022,7 +12034,7 @@ void vTaskStartScheduler( void )
          * so interrupts will automatically get re-enabled when the first task
          * starts to run. */
         assert_fct(false);
-// # 2956 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2968 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL;
         xSchedulerRunning = ( ( BaseType_t ) 1 );
         xTickCount = ( TickType_t ) 0;
@@ -12054,7 +12066,7 @@ void vTaskStartScheduler( void )
         /* This line will only be reached if the kernel could not be started,
          * because there was not enough FreeRTOS heap to create the idle task
          * or the timer task. */
-        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2987, "xReturn != ( -1 )") : (void)0);
+        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2999, "xReturn != ( -1 )") : (void)0);
     }
 
     /* Prevent compiler warnings if INCLUDE_xTaskGetIdleTaskHandle is set to 0,
@@ -12119,7 +12131,7 @@ void vTaskSuspendAll( void )
     }
 }
 /*----------------------------------------------------------*/
-// # 3114 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3126 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskResumeAll( void )
@@ -12142,7 +12154,7 @@ BaseType_t xTaskResumeAll( void )
 
             /* If uxSchedulerSuspended is zero then this function does not match a
              * previous call to vTaskSuspendAll(). */
-            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3136, "uxSchedulerSuspended") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3148, "uxSchedulerSuspended") : (void)0);
 
             --uxSchedulerSuspended;
             vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 0 ));
@@ -12300,7 +12312,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     /* If null is passed in here then the name of the calling task is being
      * queried. */
     pxTCB = ( ( ( xTaskToQuery ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToQuery ) );
-    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3294, "pxTCB") : (void)0);
+    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3306, "pxTCB") : (void)0);
     return &( pxTCB->pcTaskName[ 0 ] );
 }
 /*-----------------------------------------------------------*/
@@ -12393,7 +12405,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
         TCB_t * pxTCB;
 
         /* Task names will be truncated to configMAX_TASK_NAME_LEN - 1 bytes. */
-        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3387, "strlen( pcNameToQuery ) < 16") : (void)0);
+        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3399, "strlen( pcNameToQuery ) < 16") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12489,7 +12501,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                          * each task in the Suspended state. */
                         uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended );
                     }
-// # 3497 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3509 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         if( pulTotalRunTime != 0 )
                         {
@@ -12517,7 +12529,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     {
         /* If xTaskGetIdleTaskHandle() is called before the scheduler has been
          * started, then xIdleTaskHandle will be NULL. */
-        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3524, "( xIdleTaskHandle != 0 )") : (void)0);
+        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3536, "( xIdleTaskHandle != 0 )") : (void)0);
         return &( xIdleTaskHandle[ 0 ] );
     }
 
@@ -12528,7 +12540,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
  * This is to ensure vTaskStepTick() is available when user defined low power mode
  * implementations require configUSE_TICKLESS_IDLE to be set to a value other than
  * 1. */
-// # 3548 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3560 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
@@ -12537,7 +12549,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
 
     /* Must not be called with the scheduler suspended as the implementation
      * relies on xPendedTicks being wound down to 0 in xTaskResumeAll(). */
-    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3556, "uxSchedulerSuspended == 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3568, "uxSchedulerSuspended == 0") : (void)0);
 
     /* Use xPendedTicks to mimic xTicksToCatchUp number of ticks occurring when
      * the scheduler is suspended so the ticks are executed in xTaskResumeAll(). */
@@ -12556,7 +12568,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
         TCB_t * pxTCB = xTask;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3575, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3587, "pxTCB") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12655,7 +12667,7 @@ BaseType_t xTaskIncrementTick( void )
 
             if( xConstTickCount == ( TickType_t ) 0U ) /*lint !e774 'if' does not always evaluate to false as it is looking for an overflow. */
             {
-                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3674, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
+                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3686, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
             }
             else
             {
@@ -12838,13 +12850,13 @@ BaseType_t xTaskIncrementTick( void )
     return xSwitchRequired;
 }
 /*-----------------------------------------------------------*/
-// # 3886 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3898 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3910 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3922 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3935 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3947 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3968 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3980 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 void vTaskSwitchContext( BaseType_t xCoreID )
@@ -12862,7 +12874,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
     {
         /* vTaskSwitchContext() must never be called from within a critical section.
          * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */
-        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3985, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
+        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3997, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
 
         if( uxSchedulerSuspended != ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
         {
@@ -12874,7 +12886,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
         {
             xYieldPendings[ xCoreID ] = ( ( BaseType_t ) 0 );
                                     ;
-// # 4026 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4038 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             /* Check for stack overflow, if configured. */
             { const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } };
 
@@ -12891,7 +12903,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
                                    ;
 
             /* After the new task is switched in, update the global errno. */
-// # 4060 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4072 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
     }
     vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 0 ));
@@ -12902,7 +12914,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
 void vTaskPlaceOnEventList( List_t * const pxEventList,
                             const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4070, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4082, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH EITHER INTERRUPTS DISABLED OR THE
      * SCHEDULER SUSPENDED AND THE QUEUE BEING ACCESSED LOCKED. */
@@ -12921,11 +12933,11 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                      const TickType_t xItemValue,
                                      const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4089, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4101, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event groups implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4093, "uxSchedulerSuspended != 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4105, "uxSchedulerSuspended != 0") : (void)0);
 
     /* Store the item value in the event list item.  It is safe to access the
      * event list item here as interrupts won't access the event list item of a
@@ -12949,7 +12961,7 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                           TickType_t xTicksToWait,
                                           const BaseType_t xWaitIndefinitely )
     {
-        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4117, "pxEventList") : (void)0);
+        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4129, "pxEventList") : (void)0);
 
         /* This function should not be called by application code hence the
          * 'Restricted' in its name.  It is not part of the public API.  It is
@@ -12997,14 +13009,14 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
      * This function assumes that a check has already been made to ensure that
      * pxEventList is not empty. */
     pxUnblockedTCB = ( ( &( ( pxEventList )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4165, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4177, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( &( pxUnblockedTCB->xEventListItem ) );
 
     if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
     {
         ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) );
         ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ;
-// # 4186 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4198 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
     else
     {
@@ -13034,7 +13046,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event flags implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4215, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4227, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
 
     /* Store the new item value in the event list. */
     ( ( pxEventListItem )->xItemValue = ( xItemValue | 0x80000000UL ) );
@@ -13042,9 +13054,9 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
     /* Remove the event list form the event flag.  Interrupts do not access
      * event flags. */
     pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4223, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4235, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( pxEventListItem );
-// # 4240 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4252 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Remove the task from the delayed list and add it to the ready list.  The
      * scheduler is suspended so interrupts will not be accessing the ready
      * lists. */
@@ -13063,7 +13075,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
 void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut )
 {
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4258, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4270, "pxTimeOut") : (void)0);
     vTaskEnterCritical();
     {
         pxTimeOut->xOverflowCount = xNumOfOverflows;
@@ -13086,8 +13098,8 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
 {
     BaseType_t xReturn;
 
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4281, "pxTimeOut") : (void)0);
-    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4282, "pxTicksToWait") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4293, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4294, "pxTicksToWait") : (void)0);
 
     vTaskEnterCritical();
     {
@@ -13209,7 +13221,7 @@ void vTaskMissedYield( void )
  *
  * @todo additional conditional compiles to remove this function.
  */
-// # 4464 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4476 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * -----------------------------------------------------------
  * The Idle task.
@@ -13239,7 +13251,7 @@ static void prvIdleTask( void * pvParameters )
         /* See if any tasks have deleted themselves - if so then the idle task
          * is responsible for freeing the deleted task's TCB and stack. */
         prvCheckTasksWaitingTermination();
-// # 4505 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4517 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 /* When using preemption tasks of equal priority will be
                  * timesliced.  If a task that is sharing the idle priority is ready
@@ -13260,16 +13272,16 @@ static void prvIdleTask( void * pvParameters )
                                             ;
                 }
             }
-// # 4541 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4553 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         /* This conditional compilation should use inequality to 0, not equality
          * to 1.  This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when
          * user defined low power mode  implementations require
          * configUSE_TICKLESS_IDLE to be set to a value other than 1. */
-// # 4606 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4618 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 }
 /*-----------------------------------------------------------*/
-// # 4656 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4668 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13283,7 +13295,7 @@ static void prvIdleTask( void * pvParameters )
         if( xIndex < 5 )
         {
             pxTCB = ( ( ( xTaskToSet ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSet ) );
-            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4669, "pxTCB != 0") : (void)0);
+            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4681, "pxTCB != 0") : (void)0);
             pxTCB->pvThreadLocalStoragePointers[ xIndex ] = pvValue;
         }
     }
@@ -13314,7 +13326,7 @@ static void prvIdleTask( void * pvParameters )
 
 
 /*-----------------------------------------------------------*/
-// # 4716 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4728 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvInitialiseTaskLists( void )
@@ -13416,7 +13428,7 @@ static void prvCheckTasksWaitingTermination( void )
             {
                 pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority;
             }
-// # 4828 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4840 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 pxTaskStatus->ulRunTimeCounter = 0;
             }
@@ -13547,7 +13559,7 @@ static void prvCheckTasksWaitingTermination( void )
 
 
 /*-----------------------------------------------------------*/
-// # 4997 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5009 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13604,7 +13616,7 @@ static void prvCheckTasksWaitingTermination( void )
                 free( (void*) pxTCB->pxStack);
                 free( (void*) pxTCB);
             }
-// # 5080 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5092 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 
 
@@ -13809,8 +13821,8 @@ static void prvResetNextTaskUnblockTime( void )
              * If the mutex is held by a task then it cannot be given from an
              * interrupt, and if a mutex is given by the holding task then it must
              * be the running state task. */
-            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5284, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5285, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5296, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5297, "pxTCB->uxMutexesHeld") : (void)0);
             ( pxTCB->uxMutexesHeld )--;
 
             /* Has the holder of the mutex inherited the priority of another
@@ -13896,7 +13908,7 @@ static void prvResetNextTaskUnblockTime( void )
         {
             /* If pxMutexHolder is not NULL then the holder must hold at least
              * one mutex. */
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5371, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5383, "pxTCB->uxMutexesHeld") : (void)0);
 
             /* Determine the priority to which the priority of the task that
              * holds the mutex should be set.  This will be the greater of the
@@ -13923,7 +13935,7 @@ static void prvResetNextTaskUnblockTime( void )
                     /* If a task has timed out because it already holds the
                      * mutex it was trying to obtain then it cannot of inherited
                      * its own priority. */
-                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5398, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
+                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5410, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
 
                     /* Disinherit the priority, remembering the previous
                      * priority to facilitate determining the subject task's
@@ -14054,7 +14066,7 @@ void vTaskYieldWithinAPI( void )
         {
             /* If pxCurrentTCB->uxCriticalNesting is zero then this function
              * does not match a previous call to vTaskEnterCritical(). */
-            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5529, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5541, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
 
             if( xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U )
             {
@@ -14104,11 +14116,11 @@ void vTaskYieldWithinAPI( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5605 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5617 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 5711 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5723 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
-// # 5838 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5850 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 TickType_t uxTaskResetEventItemValue( void )
@@ -14150,7 +14162,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         uint32_t ulReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5879, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5891, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14224,7 +14236,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5953, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5965, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14312,8 +14324,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         uint8_t ucOriginalNotifyState;
 
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6041, "uxIndexToNotify < 1") : (void)0);
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6042, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6053, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6054, "xTaskToNotify") : (void)0);
         pxTCB = xTaskToNotify;
 
         vTaskEnterCritical();
@@ -14366,7 +14378,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6095, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6107, "xTickCount == ( TickType_t ) 0") : (void)0);
 
                     break;
             }
@@ -14381,8 +14393,8 @@ TickType_t uxTaskResetEventItemValue( void )
                 ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
 
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6110, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
-// # 6129 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6122, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+// # 6141 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         prvYieldForTask( pxTCB, ( ( BaseType_t ) 0 ) );
                     }
@@ -14415,8 +14427,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6161, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6162, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6173, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6174, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14487,7 +14499,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6233, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6245, "xTickCount == ( TickType_t ) 0") : (void)0);
                     break;
             }
 
@@ -14498,7 +14510,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6244, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6256, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -14543,8 +14555,8 @@ TickType_t uxTaskResetEventItemValue( void )
         uint8_t ucOriginalNotifyState;
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6289, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6290, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6301, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6302, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14582,7 +14594,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6328, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6340, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -14623,7 +14635,7 @@ TickType_t uxTaskResetEventItemValue( void )
         TCB_t * pxTCB;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6369, "uxIndexToClear < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6381, "uxIndexToClear < 1") : (void)0);
 
         /* If null is passed in here then it is the calling task that is having
          * its notification state cleared. */
@@ -14676,7 +14688,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
 
 /*-----------------------------------------------------------*/
-// # 6438 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6450 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
@@ -14752,7 +14764,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                 }
             }
         }
-// # 6550 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6562 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 
 /* Code below here allows additional code to be inserted into this source file,

From 1042ea8cf8423e041237de9b8b79aab6d4bb9577 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Tue, 25 Oct 2022 13:22:10 -0400
Subject: [PATCH 056/289] Refined task control block predicate `TCB_p` such
 that it can be used to justify `memset`-ing the stack.

---
 tasks.c                                              |  4 ++--
 verification/verifast/preprocessed_files/tasks--pp.c | 10 +++++++---
 verification/verifast/proof/task_predicates.h        |  8 ++++++--
 3 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/tasks.c b/tasks.c
index 743b3c7f83a..4d10e41b8dc 100644
--- a/tasks.c
+++ b/tasks.c
@@ -1356,12 +1356,12 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     pxNewTCB = ( TCB_t * ) pvPortMalloc( sizeof( TCB_t ) ); /*lint !e9087 !e9079 All values returned by pvPortMalloc() have at least the alignment required by the MCU's stack, and the first member of TCB_t is always a pointer to the task's stack. */
 
                     if( pxNewTCB != NULL )
-                    {
+                    {   
                         /* Store the stack location in the TCB. */
                         pxNewTCB->pxStack = pxStack;
                         //@ close xLIST_ITEM(&pxNewTCB->xStateListItem, _, _, _, _);
                         //@ close xLIST_ITEM(&pxNewTCB->xEventListItem, _, _, _, _);
-                        //@ close TCB_p(pxNewTCB); 
+                        //@ close TCB_p(pxNewTCB, ((size_t) usStackDepth) * sizeof(StackType_t)); 
                     }
                     else
                     {
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index 7acbdb895e7..8862550c4cd 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -81,7 +81,7 @@ predicate xLIST_ITEM(
 /*@
 // This predicate represents the memory corresponding to an
 // instance of type `TCB_t` aka `tskTaskControlBlock`.
-predicate TCB_p(TCB_t * tcb) =
+predicate TCB_p(TCB_t * tcb, int stackSize) =
     malloc_block_tskTaskControlBlock(tcb) &*&
     tcb->pxTopOfStack |-> _ &*&
 
@@ -91,7 +91,11 @@ predicate TCB_p(TCB_t * tcb) =
     struct_xLIST_ITEM_padding(&tcb->xEventListItem) &*&
     
     tcb->uxPriority |-> _ &*&
-    tcb->pxStack |-> _ &*&
+
+    tcb->pxStack |-> ?stackPtr &*&
+    chars_((char*) stackPtr, stackSize, _) &*&
+    malloc_block_chars((char*) stackPtr, stackSize) &*&
+
     tcb->xTaskRunState |-> _ &*&
     tcb->xIsIdle |-> _ &*&
     
@@ -10723,7 +10727,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                         pxNewTCB->pxStack = pxStack;
                         //@ close xLIST_ITEM(&pxNewTCB->xStateListItem, _, _, _, _);
                         //@ close xLIST_ITEM(&pxNewTCB->xEventListItem, _, _, _, _);
-                        //@ close TCB_p(pxNewTCB); 
+                        //@ close TCB_p(pxNewTCB, ((size_t) usStackDepth) * sizeof(StackType_t)); 
                     }
                     else
                     {
diff --git a/verification/verifast/proof/task_predicates.h b/verification/verifast/proof/task_predicates.h
index 308866bbe1e..71767c6863c 100644
--- a/verification/verifast/proof/task_predicates.h
+++ b/verification/verifast/proof/task_predicates.h
@@ -8,7 +8,7 @@
 /*@
 // This predicate represents the memory corresponding to an
 // instance of type `TCB_t` aka `tskTaskControlBlock`.
-predicate TCB_p(TCB_t * tcb) =
+predicate TCB_p(TCB_t * tcb, int stackSize) =
     malloc_block_tskTaskControlBlock(tcb) &*&
     tcb->pxTopOfStack |-> _ &*&
 
@@ -18,7 +18,11 @@ predicate TCB_p(TCB_t * tcb) =
     struct_xLIST_ITEM_padding(&tcb->xEventListItem) &*&
     
     tcb->uxPriority |-> _ &*&
-    tcb->pxStack |-> _ &*&
+
+    tcb->pxStack |-> ?stackPtr &*&
+    chars_((char*) stackPtr, stackSize, _) &*&
+    malloc_block_chars((char*) stackPtr, stackSize) &*&
+
     tcb->xTaskRunState |-> _ &*&
     tcb->xIsIdle |-> _ &*&
     

From 06bc0fbb2d48251372154b05edefa2a39c06de62 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Tue, 25 Oct 2022 13:58:06 -0400
Subject: [PATCH 057/289] Resolved VF reporting type errors for memset call and
 disproved some overflows and underflows.

---
 tasks.c                                       |  21 +-
 .../verifast/preprocessed_files/tasks--pp.c   | 413 +++++++++---------
 2 files changed, 230 insertions(+), 204 deletions(-)

diff --git a/tasks.c b/tasks.c
index 4d10e41b8dc..8348b653338 100644
--- a/tasks.c
+++ b/tasks.c
@@ -1298,7 +1298,8 @@ static void prvYieldForTask( TCB_t * pxTCB,
                             void * const pvParameters,
                             UBaseType_t uxPriority,
                             TaskHandle_t * const pxCreatedTask )
-    /*@ requires usStackDepth * sizeof( StackType_t ) < UINTPTR_MAX;
+    /*@ requires usStackDepth * sizeof( StackType_t ) < UINTPTR_MAX &*&
+                 usStackDepth > 0;
      @*/
     //@ ensures true;
     #if ( ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) )
@@ -1404,6 +1405,9 @@ static void prvYieldForTask( TCB_t * pxTCB,
             xReturn = errCOULD_NOT_ALLOCATE_REQUIRED_MEMORY;
         }
 
+        //@ assume(false);
+        // TODO: Remove!
+        // Allows us to focus on verifying called functions.
         return xReturn;
     }
 
@@ -1418,7 +1422,10 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
                                   TaskHandle_t * const pxCreatedTask,
                                   TCB_t * pxNewTCB,
                                   const MemoryRegion_t * const xRegions )
-/*@ requires true;
+/*@ requires TCB_p(pxNewTCB, ?stackSize) &*&
+             stackSize == ulStackDepth * sizeof(StackType_t) &*&
+             stackSize <= UINTPTR_MAX &*&
+             ulStackDepth > 0;
  @*/
 /*@ ensures true; 
  @*/
@@ -1441,6 +1448,9 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         uxPriority &= ~portPRIVILEGE_BIT;
     #endif /* portUSING_MPU_WRAPPERS == 1 */
 
+
+    //@ open TCB_p(_,_);
+
     /* Avoid dependency on memset() if it is not required. */
     #if ( tskSET_NEW_STACKS_TO_KNOWN_VALUE == 1 )
         {
@@ -1449,12 +1459,15 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
                 /* Reason for rewrite:
                  * - VeriFast does not support casts involving side-effectful
                  *   expressions.
-                 * 
+                 * - VeriFast report type mismatch because 
+                 *   `( int ) tskSTACK_FILL_BYTE` is passed for a char argument.
                  * 
                  * Note: The only affect of void casts is to surpress compiler
                  *       warnings.
+                 * 
+                 * TODO: Is the type mismatch a real error?
                  */
-                memset( pxNewTCB->pxStack, ( int ) tskSTACK_FILL_BYTE, ( size_t ) ulStackDepth * sizeof( StackType_t ) );
+                memset( pxNewTCB->pxStack, ( char ) tskSTACK_FILL_BYTE, ( size_t ) ulStackDepth * sizeof( StackType_t ) );
             #else
                 ( void ) memset( pxNewTCB->pxStack, ( int ) tskSTACK_FILL_BYTE, ( size_t ) ulStackDepth * sizeof( StackType_t ) );
             #endif
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index 8862550c4cd..420efca78ab 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -142,40 +142,40 @@ typedef intptr_t ptrdiff_t;
 typedef intptr_t ssize_t;
 // # 5 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/malloc.h" 2
 
-/*@
-
-// In Standard C, freeing a null pointer is allowed and is a no-op.
-lemma_auto void malloc_block_null();
-    requires emp;
-    ensures malloc_block(0, 0);
-
-lemma void malloc_block_limits(void *array);
-    requires [?f]malloc_block(array, ?size);
-    ensures [f]malloc_block(array, size) &*& (void *)0 <= array &*& 0 <= size &*& array + size <= (void *)UINTPTR_MAX;
-
+/*@
+
+// In Standard C, freeing a null pointer is allowed and is a no-op.
+lemma_auto void malloc_block_null();
+    requires emp;
+    ensures malloc_block(0, 0);
+
+lemma void malloc_block_limits(void *array);
+    requires [?f]malloc_block(array, ?size);
+    ensures [f]malloc_block(array, size) &*& (void *)0 <= array &*& 0 <= size &*& array + size <= (void *)UINTPTR_MAX;
+
 @*/
 
 void *malloc(size_t size);
     //@ requires true;
-    /*@
-    ensures
-        result == 0 ?
-            emp
-        :
-            chars_(result, size, _) &*& malloc_block(result, size) &*&
-            (char *)0 < result && result + size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
+    /*@
+    ensures
+        result == 0 ?
+            emp
+        :
+            chars_(result, size, _) &*& malloc_block(result, size) &*&
+            (char *)0 < result && result + size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
     @*/
     //@ terminates;
 
 void *calloc(size_t nmemb, size_t size);
     //@ requires true;
-    /*@
-    ensures
-        result == 0 ?
-            emp
-        :
-            chars(result, nmemb * size, ?cs) &*& malloc_block(result, nmemb * size) &*& all_eq(cs, 0) == true &*&
-            (char *)0 < result && result + nmemb * size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
+    /*@
+    ensures
+        result == 0 ?
+            emp
+        :
+            chars(result, nmemb * size, ?cs) &*& malloc_block(result, nmemb * size) &*& all_eq(cs, 0) == true &*&
+            (char *)0 < result && result + nmemb * size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
     @*/
     //@ terminates;
 
@@ -186,16 +186,16 @@ void free(void *array);
 
 void *realloc(void *array, size_t newSize);
     //@ requires malloc_block(array, ?size) &*& chars(array, size, ?cs);
-    /*@
-    ensures
-        result == 0 ?
-            malloc_block(array, size) &*& chars(array, size, cs)
-        :
-            malloc_block(result, newSize) &*&
-            newSize <= size ?
-                chars(result, _, take(newSize, cs))
-            :
-                chars(result, _, cs) &*& chars(result + size, newSize - size, _);
+    /*@
+    ensures
+        result == 0 ?
+            malloc_block(array, size) &*& chars(array, size, cs)
+        :
+            malloc_block(result, newSize) &*&
+            newSize <= size ?
+                chars(result, _, take(newSize, cs))
+            :
+                chars(result, _, cs) &*& chars(result + size, newSize - size, _);
     @*/
     //@ terminates;
 // # 6 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdlib.h" 2
@@ -240,21 +240,21 @@ void memcpy(void *array, void *array0, size_t count);
     //@ ensures chars(array, count, cs0) &*& [f]chars(array0, count, cs0);
 
 void memmove(void *dest, void *src, size_t count);
-    /*@
-    requires
-        chars(src, count, ?cs) &*&
-        dest <= src ?
-            chars(dest, src - dest, _)
-        :
-            chars(src + count, dest - src, _);
+    /*@
+    requires
+        chars(src, count, ?cs) &*&
+        dest <= src ?
+            chars(dest, src - dest, _)
+        :
+            chars(src + count, dest - src, _);
     @*/
-    /*@
-    ensures
-        chars(dest, count, cs) &*&
-        dest <= src ?
-            chars(dest + count, src - dest, _)
-        :
-            chars(src, dest - src, _);
+    /*@
+    ensures
+        chars(dest, count, cs) &*&
+        dest <= src ?
+            chars(dest + count, src - dest, _)
+        :
+            chars(src, dest - src, _);
     @*/
 
 size_t strlen(char *string);
@@ -275,15 +275,15 @@ char *memchr(char *array, char c, size_t count);
 
 char* strchr(char *str, char c);
     //@ requires [?f]string(str, ?cs);
-    /*@ ensures
-            [f]string(str, cs) &*&
-            c == 0 ? 
-                result == str + length(cs)
-            : 
-                result == 0 ?
-                    mem(c, cs) == false
-                :
-                    mem(c, cs) == true &*& result == str + index_of(c, cs);
+    /*@ ensures
+            [f]string(str, cs) &*&
+            c == 0 ? 
+                result == str + length(cs)
+            : 
+                result == 0 ?
+                    mem(c, cs) == false
+                :
+                    mem(c, cs) == true &*& result == str + index_of(c, cs);
     @*/
 
 void* memset(void *array, char value, size_t size);
@@ -630,33 +630,33 @@ typedef void (* TaskFunction_t)( void * );
  * must be set in the compiler's include path. */
 
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 1
-/*
- * FreeRTOS SMP Kernel V202110.00
- * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
- * Copyright (c) 2021 Raspberry Pi (Trading) Ltd.
- *
- * SPDX-License-Identifier: MIT AND BSD-3-Clause
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy of
- * this software and associated documentation files (the "Software"), to deal in
- * the Software without restriction, including without limitation the rights to
- * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
- * the Software, and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
- * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
- * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
- * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
- * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- *
- * https://www.FreeRTOS.org
- * https://github.com/FreeRTOS
- *
+/*
+ * FreeRTOS SMP Kernel V202110.00
+ * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
+ * Copyright (c) 2021 Raspberry Pi (Trading) Ltd.
+ *
+ * SPDX-License-Identifier: MIT AND BSD-3-Clause
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of
+ * this software and associated documentation files (the "Software"), to deal in
+ * the Software without restriction, including without limitation the rights to
+ * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+ * the Software, and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+ * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+ * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * https://www.FreeRTOS.org
+ * https://github.com/FreeRTOS
+ *
  */
 // # 37 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico.h" 1
@@ -4357,14 +4357,14 @@ int spin_lock_claim_unused(bool required);
 bool spin_lock_is_claimed(uint lock_num);
 // # 39 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 2
 
-/*-----------------------------------------------------------
- * Port specific definitions.
- *
- * The settings in this file configure FreeRTOS correctly for the
- * given hardware and compiler.
- *
- * These settings should not be altered.
- *-----------------------------------------------------------
+/*-----------------------------------------------------------
+ * Port specific definitions.
+ *
+ * The settings in this file configure FreeRTOS correctly for the
+ * given hardware and compiler.
+ *
+ * These settings should not be altered.
+ *-----------------------------------------------------------
  */
 
 /* Type definitions. */
@@ -4380,7 +4380,7 @@ bool spin_lock_is_claimed(uint lock_num);
         typedef uint32_t TickType_t;
 
 
-/* 32-bit tick type on a 32-bit architecture, so reads of the tick count do
+/* 32-bit tick type on a 32-bit architecture, so reads of the tick count do
  * not need to be guarded with a critical section. */
 
 
@@ -4391,13 +4391,13 @@ bool spin_lock_is_claimed(uint lock_num);
 
 
 
-        /* Reason for rewrite: VeriFast does not support the attriibute `used`. 
+        /* Reason for rewrite: VeriFast does not support the attriibute `used`. 
          */
 
 
 
 
-    /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config,
+    /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config,
      * as our FreeRTOSConfig.h header cannot be included by ASM code - which is what this affects in the SDK */
 
 
@@ -4462,11 +4462,11 @@ bool spin_lock_is_claimed(uint lock_num);
 
 
 
-    /* Note this is a single method with uxAcquire parameter since we have
-     * static vars, the method is always called with a compile time constant for
+    /* Note this is a single method with uxAcquire parameter since we have
+     * static vars, the method is always called with a compile time constant for
      * uxAcquire, and the compiler should dothe right thing! */
 
-        /* Reason for rewrite: VeriFast does not support local static variables.
+        /* Reason for rewrite: VeriFast does not support local static variables.
          */
 // # 226 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
 /*-----------------------------------------------------------*/
@@ -10698,10 +10698,11 @@ static void prvYieldForTask( TCB_t * pxTCB,
                             void * const pvParameters,
                             UBaseType_t uxPriority,
                             TaskHandle_t * const pxCreatedTask )
-    /*@ requires usStackDepth * sizeof( StackType_t ) < UINTPTR_MAX;
+    /*@ requires usStackDepth * sizeof( StackType_t ) < UINTPTR_MAX &*&
+                 usStackDepth > 0;
      @*/
     //@ ensures true;
-// # 1317 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1318 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     {
         TCB_t * pxNewTCB;
         BaseType_t xReturn;
@@ -10709,7 +10710,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
         /* If the stack grows down then allocate the stack then the TCB so the stack
          * does not grow into the TCB.  Likewise if the stack grows up then allocate
          * the TCB then the stack. */
-// # 1347 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1348 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 StackType_t * pxStack;
 
@@ -10745,9 +10746,9 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
         if( pxNewTCB != 0 )
         {
-// # 1390 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1391 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvInitialiseNewTask( pxTaskCode, pcName, ( uint32_t ) usStackDepth, pvParameters, uxPriority, pxCreatedTask, pxNewTCB, 0 );
-// # 1399 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1400 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvAddNewTaskToReadyList( pxNewTCB );
             xReturn = ( ( ( BaseType_t ) 1 ) );
         }
@@ -10756,6 +10757,9 @@ static void prvYieldForTask( TCB_t * pxTCB,
             xReturn = ( -1 );
         }
 
+        //@ assume(false);
+        // TODO: Remove!
+        // Allows us to focus on verifying called functions.
         return xReturn;
     }
 
@@ -10770,14 +10774,19 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
                                   TaskHandle_t * const pxCreatedTask,
                                   TCB_t * pxNewTCB,
                                   const MemoryRegion_t * const xRegions )
-/*@ requires true;
+/*@ requires TCB_p(pxNewTCB, ?stackSize) &*&
+             stackSize == ulStackDepth * sizeof(StackType_t) &*&
+             stackSize <= UINTPTR_MAX &*&
+             ulStackDepth > 0;
  @*/
 /*@ ensures true; 
  @*/
 {
     StackType_t * pxTopOfStack;
     UBaseType_t x;
-// # 1444 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1452 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+    //@ open TCB_p(_,_);
+
     /* Avoid dependency on memset() if it is not required. */
 
         {
@@ -10786,12 +10795,15 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
                 /* Reason for rewrite:
                  * - VeriFast does not support casts involving side-effectful
                  *   expressions.
-                 * 
+                 * - VeriFast report type mismatch because 
+                 *   `( int ) tskSTACK_FILL_BYTE` is passed for a char argument.
                  * 
                  * Note: The only affect of void casts is to surpress compiler
                  *       warnings.
+                 * 
+                 * TODO: Is the type mismatch a real error?
                  */
-                memset( pxNewTCB->pxStack, ( int ) ( 0xa5U ), ( size_t ) ulStackDepth * sizeof( StackType_t ) );
+                memset( pxNewTCB->pxStack, ( char ) ( 0xa5U ), ( size_t ) ulStackDepth * sizeof( StackType_t ) );
 
 
 
@@ -10805,13 +10817,14 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 
         {
             pxTopOfStack = &( pxNewTCB->pxStack[ ulStackDepth - ( uint32_t ) 1 ] );
+            // VF-TODO: Justiy that this does not cause an arithmetic overflow
             pxTopOfStack = ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception.  Avoiding casts between pointers and integers is not practical.  Size differences accounted for using portPOINTER_SIZE_TYPE type.  Checked by assert(). */
 
             /* Check the alignment of the calculated top of stack is correct. */
-            (__builtin_expect(!(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1474, "( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )") : (void)0);
-// # 1483 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+            (__builtin_expect(!(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1487, "( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )") : (void)0);
+// # 1496 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
-// # 1497 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1510 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Store the task name in the TCB. */
     if( pcName != 0 )
     {
@@ -10877,7 +10890,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         {
             pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U;
         }
-// # 1581 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1594 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* Avoid compiler warning about unreferenced parameter. */
             ( void ) xRegions;
@@ -10895,21 +10908,21 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             memset( ( void * ) &( pxNewTCB->ulNotifiedValue[ 0 ] ), 0x00, sizeof( pxNewTCB->ulNotifiedValue ) );
             memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) );
         }
-// # 1610 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1623 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             pxNewTCB->ucDelayAborted = ( ( BaseType_t ) 0 );
         }
-// # 1628 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1641 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Initialize the TCB stack to look as if the task was already running,
      * but had been interrupted by the scheduler.  The return address is set
      * to the start of the task function. Once the stack has been initialised
      * the top of stack variable is updated. */
-// # 1656 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1669 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* If the port has capability to detect stack overflow,
              * pass the stack end address to the stack initialization
              * function as well. */
-// # 1673 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1686 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                 {
                     pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters );
                 }
@@ -11118,7 +11131,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
                 if( xTaskRunningOnCore == xCoreID )
                 {
-                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1881, "uxSchedulerSuspended == 0") : (void)0);
+                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1894, "uxSchedulerSuspended == 0") : (void)0);
                     vTaskYieldWithinAPI();
                 }
                 else
@@ -11141,12 +11154,12 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         TickType_t xTimeToWake;
         BaseType_t xAlreadyYielded, xShouldDelay = ( ( BaseType_t ) 0 );
 
-        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1904, "pxPreviousWakeTime") : (void)0);
-        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1905, "( xTimeIncrement > 0U )") : (void)0);
+        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1917, "pxPreviousWakeTime") : (void)0);
+        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1918, "( xTimeIncrement > 0U )") : (void)0);
 
         vTaskSuspendAll();
         {
-            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1909, "uxSchedulerSuspended == 1") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1922, "uxSchedulerSuspended == 1") : (void)0);
 
             /* Minor optimisation.  The tick count cannot change in this
              * block. */
@@ -11232,7 +11245,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         {
             vTaskSuspendAll();
             {
-                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1995, "uxSchedulerSuspended == 1") : (void)0);
+                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2008, "uxSchedulerSuspended == 1") : (void)0);
                                  ;
 
                 /* A task that is removed from the event list while the
@@ -11286,7 +11299,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         const TCB_t * const pxTCB = xTask;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2049, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2062, "pxTCB") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -11462,7 +11475,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         BaseType_t xYieldForTask = ( ( BaseType_t ) 0 );
         BaseType_t xCoreID;
 
-        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2225, "( uxNewPriority < 32 )") : (void)0);
+        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2238, "( uxNewPriority < 32 )") : (void)0);
 
         /* Ensure the new priority is valid. */
         if( uxNewPriority >= ( UBaseType_t ) 32 )
@@ -11616,13 +11629,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
 /*-----------------------------------------------------------*/
-// # 2413 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2426 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2436 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2449 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2454 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2467 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2482 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2495 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -11699,7 +11712,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                     if( xTaskRunningOnCore == 0 )
                     {
                         /* The current task has just been suspended. */
-                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2558, "uxSchedulerSuspended == 0") : (void)0);
+                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2571, "uxSchedulerSuspended == 0") : (void)0);
                         vTaskYieldWithinAPI();
                     }
                     else
@@ -11713,7 +11726,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                 {
                     vTaskExitCritical();
 
-                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2572, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
+                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2585, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
 
                     /* The scheduler is not running, but the task that was pointed
                      * to by pxCurrentTCB has just been suspended and pxCurrentTCB
@@ -11760,7 +11773,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         /* Accesses xPendingReadyList so must be called from a critical section. */
 
         /* It does not make sense to check if the calling task is suspended. */
-        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2619, "xTask") : (void)0);
+        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2632, "xTask") : (void)0);
 
         /* Is the task being resumed actually in the suspended list? */
         if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &xSuspendedTaskList ) ) ? ( ( ( BaseType_t ) 1 ) ) : ( ( ( BaseType_t ) 0 ) ) ) != ( ( BaseType_t ) 0 ) )
@@ -11809,7 +11822,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
         /* It does not make sense to resume the calling task. */
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2668, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2681, "xTaskToResume") : (void)0);
 
         /* The parameter cannot be NULL as it is impossible to resume the
          * currently executing task. It is also impossible to resume a task
@@ -11868,7 +11881,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2727, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2740, "xTaskToResume") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -11989,7 +12002,7 @@ static BaseType_t prvCreateIdleTasks( void )
         {
                                     ;
         }
-// # 2895 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2908 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 if( xCoreID == 0 )
                 {
@@ -12001,7 +12014,7 @@ static BaseType_t prvCreateIdleTasks( void )
                                            ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */
                                            &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */
                 }
-// # 2918 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2931 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             }
 
     }
@@ -12038,7 +12051,7 @@ void vTaskStartScheduler( void )
          * so interrupts will automatically get re-enabled when the first task
          * starts to run. */
         assert_fct(false);
-// # 2968 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2981 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL;
         xSchedulerRunning = ( ( BaseType_t ) 1 );
         xTickCount = ( TickType_t ) 0;
@@ -12070,7 +12083,7 @@ void vTaskStartScheduler( void )
         /* This line will only be reached if the kernel could not be started,
          * because there was not enough FreeRTOS heap to create the idle task
          * or the timer task. */
-        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2999, "xReturn != ( -1 )") : (void)0);
+        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3012, "xReturn != ( -1 )") : (void)0);
     }
 
     /* Prevent compiler warnings if INCLUDE_xTaskGetIdleTaskHandle is set to 0,
@@ -12135,7 +12148,7 @@ void vTaskSuspendAll( void )
     }
 }
 /*----------------------------------------------------------*/
-// # 3126 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3139 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskResumeAll( void )
@@ -12158,7 +12171,7 @@ BaseType_t xTaskResumeAll( void )
 
             /* If uxSchedulerSuspended is zero then this function does not match a
              * previous call to vTaskSuspendAll(). */
-            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3148, "uxSchedulerSuspended") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3161, "uxSchedulerSuspended") : (void)0);
 
             --uxSchedulerSuspended;
             vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 0 ));
@@ -12316,7 +12329,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     /* If null is passed in here then the name of the calling task is being
      * queried. */
     pxTCB = ( ( ( xTaskToQuery ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToQuery ) );
-    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3306, "pxTCB") : (void)0);
+    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3319, "pxTCB") : (void)0);
     return &( pxTCB->pcTaskName[ 0 ] );
 }
 /*-----------------------------------------------------------*/
@@ -12409,7 +12422,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
         TCB_t * pxTCB;
 
         /* Task names will be truncated to configMAX_TASK_NAME_LEN - 1 bytes. */
-        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3399, "strlen( pcNameToQuery ) < 16") : (void)0);
+        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3412, "strlen( pcNameToQuery ) < 16") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12505,7 +12518,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                          * each task in the Suspended state. */
                         uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended );
                     }
-// # 3509 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3522 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         if( pulTotalRunTime != 0 )
                         {
@@ -12533,7 +12546,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     {
         /* If xTaskGetIdleTaskHandle() is called before the scheduler has been
          * started, then xIdleTaskHandle will be NULL. */
-        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3536, "( xIdleTaskHandle != 0 )") : (void)0);
+        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3549, "( xIdleTaskHandle != 0 )") : (void)0);
         return &( xIdleTaskHandle[ 0 ] );
     }
 
@@ -12544,7 +12557,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
  * This is to ensure vTaskStepTick() is available when user defined low power mode
  * implementations require configUSE_TICKLESS_IDLE to be set to a value other than
  * 1. */
-// # 3560 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3573 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
@@ -12553,7 +12566,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
 
     /* Must not be called with the scheduler suspended as the implementation
      * relies on xPendedTicks being wound down to 0 in xTaskResumeAll(). */
-    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3568, "uxSchedulerSuspended == 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3581, "uxSchedulerSuspended == 0") : (void)0);
 
     /* Use xPendedTicks to mimic xTicksToCatchUp number of ticks occurring when
      * the scheduler is suspended so the ticks are executed in xTaskResumeAll(). */
@@ -12572,7 +12585,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
         TCB_t * pxTCB = xTask;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3587, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3600, "pxTCB") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12671,7 +12684,7 @@ BaseType_t xTaskIncrementTick( void )
 
             if( xConstTickCount == ( TickType_t ) 0U ) /*lint !e774 'if' does not always evaluate to false as it is looking for an overflow. */
             {
-                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3686, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
+                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3699, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
             }
             else
             {
@@ -12854,13 +12867,13 @@ BaseType_t xTaskIncrementTick( void )
     return xSwitchRequired;
 }
 /*-----------------------------------------------------------*/
-// # 3898 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3911 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3922 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3935 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3947 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3960 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3980 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3993 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 void vTaskSwitchContext( BaseType_t xCoreID )
@@ -12878,7 +12891,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
     {
         /* vTaskSwitchContext() must never be called from within a critical section.
          * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */
-        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3997, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
+        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4010, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
 
         if( uxSchedulerSuspended != ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
         {
@@ -12890,7 +12903,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
         {
             xYieldPendings[ xCoreID ] = ( ( BaseType_t ) 0 );
                                     ;
-// # 4038 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4051 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             /* Check for stack overflow, if configured. */
             { const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } };
 
@@ -12907,7 +12920,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
                                    ;
 
             /* After the new task is switched in, update the global errno. */
-// # 4072 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4085 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
     }
     vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 0 ));
@@ -12918,7 +12931,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
 void vTaskPlaceOnEventList( List_t * const pxEventList,
                             const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4082, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4095, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH EITHER INTERRUPTS DISABLED OR THE
      * SCHEDULER SUSPENDED AND THE QUEUE BEING ACCESSED LOCKED. */
@@ -12937,11 +12950,11 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                      const TickType_t xItemValue,
                                      const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4101, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4114, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event groups implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4105, "uxSchedulerSuspended != 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4118, "uxSchedulerSuspended != 0") : (void)0);
 
     /* Store the item value in the event list item.  It is safe to access the
      * event list item here as interrupts won't access the event list item of a
@@ -12965,7 +12978,7 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                           TickType_t xTicksToWait,
                                           const BaseType_t xWaitIndefinitely )
     {
-        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4129, "pxEventList") : (void)0);
+        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4142, "pxEventList") : (void)0);
 
         /* This function should not be called by application code hence the
          * 'Restricted' in its name.  It is not part of the public API.  It is
@@ -13013,14 +13026,14 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
      * This function assumes that a check has already been made to ensure that
      * pxEventList is not empty. */
     pxUnblockedTCB = ( ( &( ( pxEventList )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4177, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4190, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( &( pxUnblockedTCB->xEventListItem ) );
 
     if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
     {
         ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) );
         ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ;
-// # 4198 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4211 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
     else
     {
@@ -13050,7 +13063,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event flags implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4227, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4240, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
 
     /* Store the new item value in the event list. */
     ( ( pxEventListItem )->xItemValue = ( xItemValue | 0x80000000UL ) );
@@ -13058,9 +13071,9 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
     /* Remove the event list form the event flag.  Interrupts do not access
      * event flags. */
     pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4235, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4248, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( pxEventListItem );
-// # 4252 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4265 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Remove the task from the delayed list and add it to the ready list.  The
      * scheduler is suspended so interrupts will not be accessing the ready
      * lists. */
@@ -13079,7 +13092,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
 void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut )
 {
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4270, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4283, "pxTimeOut") : (void)0);
     vTaskEnterCritical();
     {
         pxTimeOut->xOverflowCount = xNumOfOverflows;
@@ -13102,8 +13115,8 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
 {
     BaseType_t xReturn;
 
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4293, "pxTimeOut") : (void)0);
-    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4294, "pxTicksToWait") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4306, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4307, "pxTicksToWait") : (void)0);
 
     vTaskEnterCritical();
     {
@@ -13225,7 +13238,7 @@ void vTaskMissedYield( void )
  *
  * @todo additional conditional compiles to remove this function.
  */
-// # 4476 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4489 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * -----------------------------------------------------------
  * The Idle task.
@@ -13255,7 +13268,7 @@ static void prvIdleTask( void * pvParameters )
         /* See if any tasks have deleted themselves - if so then the idle task
          * is responsible for freeing the deleted task's TCB and stack. */
         prvCheckTasksWaitingTermination();
-// # 4517 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4530 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 /* When using preemption tasks of equal priority will be
                  * timesliced.  If a task that is sharing the idle priority is ready
@@ -13276,16 +13289,16 @@ static void prvIdleTask( void * pvParameters )
                                             ;
                 }
             }
-// # 4553 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4566 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         /* This conditional compilation should use inequality to 0, not equality
          * to 1.  This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when
          * user defined low power mode  implementations require
          * configUSE_TICKLESS_IDLE to be set to a value other than 1. */
-// # 4618 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4631 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 }
 /*-----------------------------------------------------------*/
-// # 4668 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4681 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13299,7 +13312,7 @@ static void prvIdleTask( void * pvParameters )
         if( xIndex < 5 )
         {
             pxTCB = ( ( ( xTaskToSet ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSet ) );
-            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4681, "pxTCB != 0") : (void)0);
+            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4694, "pxTCB != 0") : (void)0);
             pxTCB->pvThreadLocalStoragePointers[ xIndex ] = pvValue;
         }
     }
@@ -13330,7 +13343,7 @@ static void prvIdleTask( void * pvParameters )
 
 
 /*-----------------------------------------------------------*/
-// # 4728 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4741 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvInitialiseTaskLists( void )
@@ -13432,7 +13445,7 @@ static void prvCheckTasksWaitingTermination( void )
             {
                 pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority;
             }
-// # 4840 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4853 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 pxTaskStatus->ulRunTimeCounter = 0;
             }
@@ -13563,7 +13576,7 @@ static void prvCheckTasksWaitingTermination( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5009 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5022 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13620,7 +13633,7 @@ static void prvCheckTasksWaitingTermination( void )
                 free( (void*) pxTCB->pxStack);
                 free( (void*) pxTCB);
             }
-// # 5092 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5105 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 
 
@@ -13825,8 +13838,8 @@ static void prvResetNextTaskUnblockTime( void )
              * If the mutex is held by a task then it cannot be given from an
              * interrupt, and if a mutex is given by the holding task then it must
              * be the running state task. */
-            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5296, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5297, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5309, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5310, "pxTCB->uxMutexesHeld") : (void)0);
             ( pxTCB->uxMutexesHeld )--;
 
             /* Has the holder of the mutex inherited the priority of another
@@ -13912,7 +13925,7 @@ static void prvResetNextTaskUnblockTime( void )
         {
             /* If pxMutexHolder is not NULL then the holder must hold at least
              * one mutex. */
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5383, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5396, "pxTCB->uxMutexesHeld") : (void)0);
 
             /* Determine the priority to which the priority of the task that
              * holds the mutex should be set.  This will be the greater of the
@@ -13939,7 +13952,7 @@ static void prvResetNextTaskUnblockTime( void )
                     /* If a task has timed out because it already holds the
                      * mutex it was trying to obtain then it cannot of inherited
                      * its own priority. */
-                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5410, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
+                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5423, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
 
                     /* Disinherit the priority, remembering the previous
                      * priority to facilitate determining the subject task's
@@ -14070,7 +14083,7 @@ void vTaskYieldWithinAPI( void )
         {
             /* If pxCurrentTCB->uxCriticalNesting is zero then this function
              * does not match a previous call to vTaskEnterCritical(). */
-            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5541, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5554, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
 
             if( xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U )
             {
@@ -14120,11 +14133,11 @@ void vTaskYieldWithinAPI( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5617 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5630 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 5723 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5736 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
-// # 5850 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5863 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 TickType_t uxTaskResetEventItemValue( void )
@@ -14166,7 +14179,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         uint32_t ulReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5891, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5904, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14240,7 +14253,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5965, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5978, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14328,8 +14341,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         uint8_t ucOriginalNotifyState;
 
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6053, "uxIndexToNotify < 1") : (void)0);
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6054, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6066, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6067, "xTaskToNotify") : (void)0);
         pxTCB = xTaskToNotify;
 
         vTaskEnterCritical();
@@ -14382,7 +14395,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6107, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6120, "xTickCount == ( TickType_t ) 0") : (void)0);
 
                     break;
             }
@@ -14397,8 +14410,8 @@ TickType_t uxTaskResetEventItemValue( void )
                 ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
 
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6122, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
-// # 6141 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6135, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+// # 6154 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         prvYieldForTask( pxTCB, ( ( BaseType_t ) 0 ) );
                     }
@@ -14431,8 +14444,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6173, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6174, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6186, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6187, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14503,7 +14516,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6245, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6258, "xTickCount == ( TickType_t ) 0") : (void)0);
                     break;
             }
 
@@ -14514,7 +14527,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6256, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6269, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -14559,8 +14572,8 @@ TickType_t uxTaskResetEventItemValue( void )
         uint8_t ucOriginalNotifyState;
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6301, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6302, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6314, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6315, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14598,7 +14611,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6340, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6353, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -14639,7 +14652,7 @@ TickType_t uxTaskResetEventItemValue( void )
         TCB_t * pxTCB;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6381, "uxIndexToClear < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6394, "uxIndexToClear < 1") : (void)0);
 
         /* If null is passed in here then it is the calling task that is having
          * its notification state cleared. */
@@ -14692,7 +14705,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
 
 /*-----------------------------------------------------------*/
-// # 6450 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6463 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
@@ -14768,7 +14781,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                 }
             }
         }
-// # 6562 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6575 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 
 /* Code below here allows additional code to be inserted into this source file,

From 8b958c78347423a53aec5bd36bffe45dfe20b512 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Tue, 25 Oct 2022 14:34:01 -0400
Subject: [PATCH 058/289] Axiomatized knowledge about RP2040 architecture and
 added tmp workaround for over/underflows.

---
 tasks.c                                       |  12 +
 .../verifast/preprocessed_files/tasks--pp.c   | 514 +++++++++---------
 .../proof_setup/verifast_RP2040_axioms.h      |  19 +
 3 files changed, 302 insertions(+), 243 deletions(-)
 create mode 100644 verification/verifast/proof_setup/verifast_RP2040_axioms.h

diff --git a/tasks.c b/tasks.c
index 8348b653338..fed7aa426ea 100644
--- a/tasks.c
+++ b/tasks.c
@@ -28,6 +28,7 @@
 #ifdef VERIFAST
     #include "verifast_proof_defs.h"
     #include "task_predicates.h"
+    #include "verifast_RP2040_axioms.h"
 #endif
 
 /* Standard includes. */
@@ -1481,6 +1482,17 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
     #if ( portSTACK_GROWTH < 0 )
         {
             pxTopOfStack = &( pxNewTCB->pxStack[ ulStackDepth - ( uint32_t ) 1 ] );
+            
+            // Axiomatize that pointers on RP2040 are 32bit
+            //@ uint32_t_ptr_range(pxTopOfStack);
+
+            // TODO: How can we prove this?
+            // Assume that no underflow occurs
+            //@ assume( 0 <= (( (uint32_t) pxTopOfStack) & ~(7)) );
+
+            // TODO: How can we prove this?
+            // Assume that now overflow occurs.
+            //@ assume(  (((uint32_t) pxTopOfStack) & ~7) <= UINTPTR_MAX);
             pxTopOfStack = ( StackType_t * ) ( ( ( portPOINTER_SIZE_TYPE ) pxTopOfStack ) & ( ~( ( portPOINTER_SIZE_TYPE ) portBYTE_ALIGNMENT_MASK ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception.  Avoiding casts between pointers and integers is not practical.  Size differences accounted for using portPOINTER_SIZE_TYPE type.  Checked by assert(). */
 
             /* Check the alignment of the calculated top of stack is correct. */
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index 420efca78ab..290f97cc2fb 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -120,6 +120,37 @@ predicate TCB_p(TCB_t * tcb, int stackSize) =
     
 @*/
 // # 31 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_RP2040_axioms.h" 1
+
+
+
+// # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdint.h" 1
+// # 18 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdint.h"
+typedef __int8 int8_t;
+typedef __int16 int16_t;
+typedef __int32 int32_t;
+typedef __int64 int64_t;
+typedef __int128 int128_t;
+
+typedef unsigned __int8 uint8_t;
+typedef unsigned __int16 uint16_t;
+typedef unsigned __int32 uint32_t;
+typedef unsigned __int64 uint64_t;
+typedef unsigned __int128 uint128_t;
+// # 5 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_RP2040_axioms.h" 2
+
+/*
+ * The lemmas in this file axiomatize that the RP2040 architecture uses
+ * 32bit pointers.
+ */
+
+/*@
+// Axiomatizes that: 0 <= ptr <= 2^32 - 1
+lemma void uint32_t_ptr_range(uint32_t* ptr);
+requires true;
+ensures 0 <= (int) ptr &*& (int) ptr <= 4294967295;
+@*/
+// # 32 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
 
 /* Standard includes. */
@@ -142,40 +173,40 @@ typedef intptr_t ptrdiff_t;
 typedef intptr_t ssize_t;
 // # 5 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/malloc.h" 2
 
-/*@
-
-// In Standard C, freeing a null pointer is allowed and is a no-op.
-lemma_auto void malloc_block_null();
-    requires emp;
-    ensures malloc_block(0, 0);
-
-lemma void malloc_block_limits(void *array);
-    requires [?f]malloc_block(array, ?size);
-    ensures [f]malloc_block(array, size) &*& (void *)0 <= array &*& 0 <= size &*& array + size <= (void *)UINTPTR_MAX;
-
+/*@
+
+// In Standard C, freeing a null pointer is allowed and is a no-op.
+lemma_auto void malloc_block_null();
+    requires emp;
+    ensures malloc_block(0, 0);
+
+lemma void malloc_block_limits(void *array);
+    requires [?f]malloc_block(array, ?size);
+    ensures [f]malloc_block(array, size) &*& (void *)0 <= array &*& 0 <= size &*& array + size <= (void *)UINTPTR_MAX;
+
 @*/
 
 void *malloc(size_t size);
     //@ requires true;
-    /*@
-    ensures
-        result == 0 ?
-            emp
-        :
-            chars_(result, size, _) &*& malloc_block(result, size) &*&
-            (char *)0 < result && result + size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
+    /*@
+    ensures
+        result == 0 ?
+            emp
+        :
+            chars_(result, size, _) &*& malloc_block(result, size) &*&
+            (char *)0 < result && result + size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
     @*/
     //@ terminates;
 
 void *calloc(size_t nmemb, size_t size);
     //@ requires true;
-    /*@
-    ensures
-        result == 0 ?
-            emp
-        :
-            chars(result, nmemb * size, ?cs) &*& malloc_block(result, nmemb * size) &*& all_eq(cs, 0) == true &*&
-            (char *)0 < result && result + nmemb * size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
+    /*@
+    ensures
+        result == 0 ?
+            emp
+        :
+            chars(result, nmemb * size, ?cs) &*& malloc_block(result, nmemb * size) &*& all_eq(cs, 0) == true &*&
+            (char *)0 < result && result + nmemb * size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
     @*/
     //@ terminates;
 
@@ -186,16 +217,16 @@ void free(void *array);
 
 void *realloc(void *array, size_t newSize);
     //@ requires malloc_block(array, ?size) &*& chars(array, size, ?cs);
-    /*@
-    ensures
-        result == 0 ?
-            malloc_block(array, size) &*& chars(array, size, cs)
-        :
-            malloc_block(result, newSize) &*&
-            newSize <= size ?
-                chars(result, _, take(newSize, cs))
-            :
-                chars(result, _, cs) &*& chars(result + size, newSize - size, _);
+    /*@
+    ensures
+        result == 0 ?
+            malloc_block(array, size) &*& chars(array, size, cs)
+        :
+            malloc_block(result, newSize) &*&
+            newSize <= size ?
+                chars(result, _, take(newSize, cs))
+            :
+                chars(result, _, cs) &*& chars(result + size, newSize - size, _);
     @*/
     //@ terminates;
 // # 6 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdlib.h" 2
@@ -224,7 +255,7 @@ long long llabs(long long x);
     //@ requires LLONG_MIN < x;
     //@ ensures result == abs(x);
     //@ terminates;
-// # 35 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 36 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/string.h" 1
 
 
@@ -240,21 +271,21 @@ void memcpy(void *array, void *array0, size_t count);
     //@ ensures chars(array, count, cs0) &*& [f]chars(array0, count, cs0);
 
 void memmove(void *dest, void *src, size_t count);
-    /*@
-    requires
-        chars(src, count, ?cs) &*&
-        dest <= src ?
-            chars(dest, src - dest, _)
-        :
-            chars(src + count, dest - src, _);
+    /*@
+    requires
+        chars(src, count, ?cs) &*&
+        dest <= src ?
+            chars(dest, src - dest, _)
+        :
+            chars(src + count, dest - src, _);
     @*/
-    /*@
-    ensures
-        chars(dest, count, cs) &*&
-        dest <= src ?
-            chars(dest + count, src - dest, _)
-        :
-            chars(src, dest - src, _);
+    /*@
+    ensures
+        chars(dest, count, cs) &*&
+        dest <= src ?
+            chars(dest + count, src - dest, _)
+        :
+            chars(src, dest - src, _);
     @*/
 
 size_t strlen(char *string);
@@ -275,15 +306,15 @@ char *memchr(char *array, char c, size_t count);
 
 char* strchr(char *str, char c);
     //@ requires [?f]string(str, ?cs);
-    /*@ ensures
-            [f]string(str, cs) &*&
-            c == 0 ? 
-                result == str + length(cs)
-            : 
-                result == 0 ?
-                    mem(c, cs) == false
-                :
-                    mem(c, cs) == true &*& result == str + index_of(c, cs);
+    /*@ ensures
+            [f]string(str, cs) &*&
+            c == 0 ? 
+                result == str + length(cs)
+            : 
+                result == 0 ?
+                    mem(c, cs) == false
+                :
+                    mem(c, cs) == true &*& result == str + index_of(c, cs);
     @*/
 
 void* memset(void *array, char value, size_t size);
@@ -293,7 +324,7 @@ void* memset(void *array, char value, size_t size);
 char *strdup(char *string);
     //@ requires [?f]string(string, ?cs);
     //@ ensures [f]string(string, cs) &*& result == 0 ? true : string(result, cs) &*& malloc_block_chars(result, length(cs) + 1);
-// # 36 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 37 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
 /* Defining MPU_WRAPPERS_INCLUDED_FROM_API_FILE prevents task.h from redefining
  * all the API functions to use the MPU wrappers.  That should only be done when
@@ -349,20 +380,7 @@ char *strdup(char *string);
  *     contains the typedefs required to build FreeRTOS.  Read the instructions
  *     in FreeRTOS/source/stdint.readme for more information.
  */
-// # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdint.h" 1
-// # 18 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdint.h"
-typedef __int8 int8_t;
-typedef __int16 int16_t;
-typedef __int32 int32_t;
-typedef __int64 int64_t;
-typedef __int128 int128_t;
 
-typedef unsigned __int8 uint8_t;
-typedef unsigned __int16 uint16_t;
-typedef unsigned __int32 uint32_t;
-typedef unsigned __int64 uint64_t;
-typedef unsigned __int128 uint128_t;
-// # 49 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h" 2
 
 /* *INDENT-OFF* */
 
@@ -630,33 +648,33 @@ typedef void (* TaskFunction_t)( void * );
  * must be set in the compiler's include path. */
 
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 1
-/*
- * FreeRTOS SMP Kernel V202110.00
- * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
- * Copyright (c) 2021 Raspberry Pi (Trading) Ltd.
- *
- * SPDX-License-Identifier: MIT AND BSD-3-Clause
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy of
- * this software and associated documentation files (the "Software"), to deal in
- * the Software without restriction, including without limitation the rights to
- * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
- * the Software, and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
- * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
- * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
- * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
- * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- *
- * https://www.FreeRTOS.org
- * https://github.com/FreeRTOS
- *
+/*
+ * FreeRTOS SMP Kernel V202110.00
+ * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
+ * Copyright (c) 2021 Raspberry Pi (Trading) Ltd.
+ *
+ * SPDX-License-Identifier: MIT AND BSD-3-Clause
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of
+ * this software and associated documentation files (the "Software"), to deal in
+ * the Software without restriction, including without limitation the rights to
+ * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+ * the Software, and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+ * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+ * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * https://www.FreeRTOS.org
+ * https://github.com/FreeRTOS
+ *
  */
 // # 37 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico.h" 1
@@ -4357,14 +4375,14 @@ int spin_lock_claim_unused(bool required);
 bool spin_lock_is_claimed(uint lock_num);
 // # 39 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 2
 
-/*-----------------------------------------------------------
- * Port specific definitions.
- *
- * The settings in this file configure FreeRTOS correctly for the
- * given hardware and compiler.
- *
- * These settings should not be altered.
- *-----------------------------------------------------------
+/*-----------------------------------------------------------
+ * Port specific definitions.
+ *
+ * The settings in this file configure FreeRTOS correctly for the
+ * given hardware and compiler.
+ *
+ * These settings should not be altered.
+ *-----------------------------------------------------------
  */
 
 /* Type definitions. */
@@ -4380,7 +4398,7 @@ bool spin_lock_is_claimed(uint lock_num);
         typedef uint32_t TickType_t;
 
 
-/* 32-bit tick type on a 32-bit architecture, so reads of the tick count do
+/* 32-bit tick type on a 32-bit architecture, so reads of the tick count do
  * not need to be guarded with a critical section. */
 
 
@@ -4391,13 +4409,13 @@ bool spin_lock_is_claimed(uint lock_num);
 
 
 
-        /* Reason for rewrite: VeriFast does not support the attriibute `used`. 
+        /* Reason for rewrite: VeriFast does not support the attriibute `used`. 
          */
 
 
 
 
-    /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config,
+    /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config,
      * as our FreeRTOSConfig.h header cannot be included by ASM code - which is what this affects in the SDK */
 
 
@@ -4462,11 +4480,11 @@ bool spin_lock_is_claimed(uint lock_num);
 
 
 
-    /* Note this is a single method with uxAcquire parameter since we have
-     * static vars, the method is always called with a compile time constant for
+    /* Note this is a single method with uxAcquire parameter since we have
+     * static vars, the method is always called with a compile time constant for
      * uxAcquire, and the compiler should dothe right thing! */
 
-        /* Reason for rewrite: VeriFast does not support local static variables.
+        /* Reason for rewrite: VeriFast does not support local static variables.
          */
 // # 226 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
 /*-----------------------------------------------------------*/
@@ -5074,7 +5092,7 @@ typedef StaticStreamBuffer_t StaticMessageBuffer_t;
 
 
 /* *INDENT-ON* */
-// # 44 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 45 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/task.h" 1
 /*
  * FreeRTOS SMP Kernel V202110.00
@@ -8591,7 +8609,7 @@ void vTaskYieldWithinAPI( void );
 
 
 /* *INDENT-ON* */
-// # 45 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 46 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/timers.h" 1
 /*
  * FreeRTOS SMP Kernel V202110.00
@@ -9932,7 +9950,7 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
 
 
 /* *INDENT-ON* */
-// # 46 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 47 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/stack_macros.h" 1
 /*
  * FreeRTOS SMP Kernel V202110.00
@@ -9993,7 +10011,7 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
 /*-----------------------------------------------------------*/
 
 /* Remove stack overflow macro if not being used. */
-// # 47 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 48 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
 
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_asm.h" 1
@@ -10021,7 +10039,7 @@ bool assert_fct(bool b)
  * VeriFast does not support embedding block statements that consist of
  * multiple elemts in expression contexts, e.g., `({e1; e2})`.
  */
-// # 50 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 51 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
 
 /* Lint e9021, e961 and e750 are suppressed as a MISRA exception justified
@@ -10032,7 +10050,7 @@ bool assert_fct(bool b)
 
 /* Set configUSE_STATS_FORMATTING_FUNCTIONS to 2 to include the stats formatting
  * functions but without including stdio.h here. */
-// # 78 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 79 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /* Values that can be assigned to the ucNotifyState member of the TCB. */
 
 
@@ -10089,18 +10107,18 @@ bool assert_fct(bool b)
 
 /* uxTopReadyPriority holds the priority of the highest priority ready
  * state task. */
-// # 142 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 143 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /*-----------------------------------------------------------*/
 
 /* Define away taskRESET_READY_PRIORITY() and portRESET_READY_PRIORITY() as
  * they are only required when a port optimised method of task selection is
  * being used. */
-// # 176 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 177 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 /* pxDelayedTaskList and pxOverflowDelayedTaskList are switched when the tick
  * count overflows. */
-// # 194 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 195 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 /*
@@ -10155,7 +10173,7 @@ typedef BaseType_t TaskRunning_t;
 typedef struct tskTaskControlBlock /* The old naming convention is used to prevent breaking kernel aware debuggers. */
 {
     volatile StackType_t * pxTopOfStack; /*< Points to the location of the last item placed on the tasks stack.  THIS MUST BE THE FIRST MEMBER OF THE TCB STRUCT. */
-// # 257 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 258 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     ListItem_t xStateListItem; /*< The list that the state list item of a task is reference from denotes the state of that task (Ready, Blocked, Suspended ). */
     ListItem_t xEventListItem; /*< Used to reference a task from an event list. */
     UBaseType_t uxPriority; /*< The priority of the task.  0 is the lowest priority. */
@@ -10163,7 +10181,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve
     volatile TaskRunning_t xTaskRunState; /*< Used to identify the core the task is running on, if any. */
     BaseType_t xIsIdle; /*< Used to identify the idle tasks. */
     char pcTaskName[ 16 ]; /*< Descriptive name given to the task when created.  Facilitates debugging only. */ /*lint !e971 Unqualified char types are allowed for strings and single characters only. */
-// # 274 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 275 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         UBaseType_t uxCriticalNesting; /*< Holds the critical section nesting depth for ports that do not maintain their own count in the port layer. */
 
 
@@ -10183,7 +10201,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve
 
 
         void * pvThreadLocalStoragePointers[ 5 ];
-// # 314 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 315 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         volatile uint32_t ulNotifiedValue[ 1 ];
         volatile uint8_t ucNotifyState[ 1 ];
 
@@ -10274,7 +10292,7 @@ const volatile UBaseType_t uxTopUsedPriority = 32 - 1U;
  * must not be done by an ISR. Reads must be protected by either lock and may be done by
  * either an ISR or a task. */
                 static volatile UBaseType_t uxSchedulerSuspended = ( UBaseType_t ) ( ( BaseType_t ) 0 );
-// # 414 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 415 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*lint -restore */
 
 /*-----------------------------------------------------------*/
@@ -10427,7 +10445,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
  * will exit the Blocked state.
  */
 static void prvResetNextTaskUnblockTime( void ) ;
-// # 578 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 579 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * Called after a Task_t structure has been allocated either statically or
  * dynamically to fill in the structure's members.
@@ -10459,9 +10477,9 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) ;
 
 
 /*-----------------------------------------------------------*/
-// # 628 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 629 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 711 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 712 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvYieldCore( BaseType_t xCoreID )
@@ -10503,8 +10521,8 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
     /* THIS FUNCTION MUST BE CALLED FROM A CRITICAL SECTION */
 
-    (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 752, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
-// # 765 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+    (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 753, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+// # 766 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     xLowestPriority = ( BaseType_t ) pxTCB->uxPriority;
 
     if( xPreemptEqualPriority == ( ( BaseType_t ) 0 ) )
@@ -10543,7 +10561,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
             {
                                         ;
             }
-// # 819 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 820 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
         else
         {
@@ -10556,7 +10574,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
         prvYieldCore( xLowestPriorityCore );
         xYieldCount++;
     }
-// # 839 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 840 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 /*-----------------------------------------------------------*/
 
@@ -10567,10 +10585,10 @@ static void prvYieldForTask( TCB_t * pxTCB,
         UBaseType_t uxCurrentPriority = uxTopReadyPriority;
         BaseType_t xTaskScheduled = ( ( BaseType_t ) 0 );
         BaseType_t xDecrementTopPriority = ( ( BaseType_t ) 1 );
-// # 857 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 858 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         while( xTaskScheduled == ( ( BaseType_t ) 0 ) )
         {
-// # 871 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 872 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             if( ( ( ( &( pxReadyTasksLists[ uxCurrentPriority ] ) )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) == ( ( BaseType_t ) 0 ) )
             {
 
@@ -10608,7 +10626,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     pxTCB = pxTaskItem->pvOwner;
 
                     /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */
-// # 924 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 925 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     if( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -1 ) )
                     {
 
@@ -10629,7 +10647,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     }
                     else if( pxTCB == pxCurrentTCBs[ xCoreID ] )
                     {
-                        (__builtin_expect(!(( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 944, "( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )") : (void)0);
+                        (__builtin_expect(!(( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 945, "( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )") : (void)0);
 
 
 
@@ -10673,21 +10691,21 @@ static void prvYieldForTask( TCB_t * pxTCB,
                 return ( ( BaseType_t ) 0 );
             }
 
-            (__builtin_expect(!(( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 988, "( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )") : (void)0);
+            (__builtin_expect(!(( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 989, "( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )") : (void)0);
             uxCurrentPriority--;
         }
 
-        (__builtin_expect(!(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 992, "( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )") : (void)0);
-// # 1068 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+        (__builtin_expect(!(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 993, "( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )") : (void)0);
+// # 1069 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         return ( ( BaseType_t ) 1 );
     }
-// # 1084 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1085 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1162 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1163 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1225 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1226 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1291 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1292 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -10702,7 +10720,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                  usStackDepth > 0;
      @*/
     //@ ensures true;
-// # 1318 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1319 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     {
         TCB_t * pxNewTCB;
         BaseType_t xReturn;
@@ -10710,7 +10728,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
         /* If the stack grows down then allocate the stack then the TCB so the stack
          * does not grow into the TCB.  Likewise if the stack grows up then allocate
          * the TCB then the stack. */
-// # 1348 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1349 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 StackType_t * pxStack;
 
@@ -10746,9 +10764,9 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
         if( pxNewTCB != 0 )
         {
-// # 1391 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1392 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvInitialiseNewTask( pxTaskCode, pcName, ( uint32_t ) usStackDepth, pvParameters, uxPriority, pxCreatedTask, pxNewTCB, 0 );
-// # 1400 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1401 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvAddNewTaskToReadyList( pxNewTCB );
             xReturn = ( ( ( BaseType_t ) 1 ) );
         }
@@ -10784,7 +10802,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 {
     StackType_t * pxTopOfStack;
     UBaseType_t x;
-// # 1452 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1453 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     //@ open TCB_p(_,_);
 
     /* Avoid dependency on memset() if it is not required. */
@@ -10817,14 +10835,24 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 
         {
             pxTopOfStack = &( pxNewTCB->pxStack[ ulStackDepth - ( uint32_t ) 1 ] );
-            // VF-TODO: Justiy that this does not cause an arithmetic overflow
+
+            // Axiomatize that pointers on RP2040 are 32bit
+            //@ uint32_t_ptr_range(pxTopOfStack);
+
+            // TODO: How can we prove this?
+            // Assume that no underflow occurs
+            //@ assume( 0 <= (( (uint32_t) pxTopOfStack) & ~(7)) );
+
+            // TODO: How can we prove this?
+            // Assume that now overflow occurs.
+            //@ assume(  (((uint32_t) pxTopOfStack) & ~7) <= UINTPTR_MAX);
             pxTopOfStack = ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception.  Avoiding casts between pointers and integers is not practical.  Size differences accounted for using portPOINTER_SIZE_TYPE type.  Checked by assert(). */
 
             /* Check the alignment of the calculated top of stack is correct. */
-            (__builtin_expect(!(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1487, "( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )") : (void)0);
-// # 1496 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+            (__builtin_expect(!(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1499, "( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )") : (void)0);
+// # 1508 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
-// # 1510 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1522 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Store the task name in the TCB. */
     if( pcName != 0 )
     {
@@ -10890,7 +10918,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         {
             pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U;
         }
-// # 1594 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1606 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* Avoid compiler warning about unreferenced parameter. */
             ( void ) xRegions;
@@ -10908,21 +10936,21 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             memset( ( void * ) &( pxNewTCB->ulNotifiedValue[ 0 ] ), 0x00, sizeof( pxNewTCB->ulNotifiedValue ) );
             memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) );
         }
-// # 1623 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1635 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             pxNewTCB->ucDelayAborted = ( ( BaseType_t ) 0 );
         }
-// # 1641 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1653 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Initialize the TCB stack to look as if the task was already running,
      * but had been interrupted by the scheduler.  The return address is set
      * to the start of the task function. Once the stack has been initialised
      * the top of stack variable is updated. */
-// # 1669 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1681 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* If the port has capability to detect stack overflow,
              * pass the stack end address to the stack initialization
              * function as well. */
-// # 1686 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1698 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                 {
                     pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters );
                 }
@@ -11131,7 +11159,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
                 if( xTaskRunningOnCore == xCoreID )
                 {
-                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1894, "uxSchedulerSuspended == 0") : (void)0);
+                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1906, "uxSchedulerSuspended == 0") : (void)0);
                     vTaskYieldWithinAPI();
                 }
                 else
@@ -11154,12 +11182,12 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         TickType_t xTimeToWake;
         BaseType_t xAlreadyYielded, xShouldDelay = ( ( BaseType_t ) 0 );
 
-        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1917, "pxPreviousWakeTime") : (void)0);
-        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1918, "( xTimeIncrement > 0U )") : (void)0);
+        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1929, "pxPreviousWakeTime") : (void)0);
+        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1930, "( xTimeIncrement > 0U )") : (void)0);
 
         vTaskSuspendAll();
         {
-            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1922, "uxSchedulerSuspended == 1") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1934, "uxSchedulerSuspended == 1") : (void)0);
 
             /* Minor optimisation.  The tick count cannot change in this
              * block. */
@@ -11245,7 +11273,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         {
             vTaskSuspendAll();
             {
-                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2008, "uxSchedulerSuspended == 1") : (void)0);
+                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2020, "uxSchedulerSuspended == 1") : (void)0);
                                  ;
 
                 /* A task that is removed from the event list while the
@@ -11299,7 +11327,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         const TCB_t * const pxTCB = xTask;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2062, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2074, "pxTCB") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -11475,7 +11503,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         BaseType_t xYieldForTask = ( ( BaseType_t ) 0 );
         BaseType_t xCoreID;
 
-        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2238, "( uxNewPriority < 32 )") : (void)0);
+        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2250, "( uxNewPriority < 32 )") : (void)0);
 
         /* Ensure the new priority is valid. */
         if( uxNewPriority >= ( UBaseType_t ) 32 )
@@ -11629,13 +11657,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
 /*-----------------------------------------------------------*/
-// # 2426 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2438 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2449 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2461 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2467 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2479 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2495 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2507 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -11712,7 +11740,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                     if( xTaskRunningOnCore == 0 )
                     {
                         /* The current task has just been suspended. */
-                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2571, "uxSchedulerSuspended == 0") : (void)0);
+                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2583, "uxSchedulerSuspended == 0") : (void)0);
                         vTaskYieldWithinAPI();
                     }
                     else
@@ -11726,7 +11754,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                 {
                     vTaskExitCritical();
 
-                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2585, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
+                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2597, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
 
                     /* The scheduler is not running, but the task that was pointed
                      * to by pxCurrentTCB has just been suspended and pxCurrentTCB
@@ -11773,7 +11801,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         /* Accesses xPendingReadyList so must be called from a critical section. */
 
         /* It does not make sense to check if the calling task is suspended. */
-        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2632, "xTask") : (void)0);
+        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2644, "xTask") : (void)0);
 
         /* Is the task being resumed actually in the suspended list? */
         if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &xSuspendedTaskList ) ) ? ( ( ( BaseType_t ) 1 ) ) : ( ( ( BaseType_t ) 0 ) ) ) != ( ( BaseType_t ) 0 ) )
@@ -11822,7 +11850,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
         /* It does not make sense to resume the calling task. */
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2681, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2693, "xTaskToResume") : (void)0);
 
         /* The parameter cannot be NULL as it is impossible to resume the
          * currently executing task. It is also impossible to resume a task
@@ -11881,7 +11909,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2740, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2752, "xTaskToResume") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -12002,7 +12030,7 @@ static BaseType_t prvCreateIdleTasks( void )
         {
                                     ;
         }
-// # 2908 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2920 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 if( xCoreID == 0 )
                 {
@@ -12014,7 +12042,7 @@ static BaseType_t prvCreateIdleTasks( void )
                                            ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */
                                            &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */
                 }
-// # 2931 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2943 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             }
 
     }
@@ -12051,7 +12079,7 @@ void vTaskStartScheduler( void )
          * so interrupts will automatically get re-enabled when the first task
          * starts to run. */
         assert_fct(false);
-// # 2981 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2993 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL;
         xSchedulerRunning = ( ( BaseType_t ) 1 );
         xTickCount = ( TickType_t ) 0;
@@ -12083,7 +12111,7 @@ void vTaskStartScheduler( void )
         /* This line will only be reached if the kernel could not be started,
          * because there was not enough FreeRTOS heap to create the idle task
          * or the timer task. */
-        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3012, "xReturn != ( -1 )") : (void)0);
+        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3024, "xReturn != ( -1 )") : (void)0);
     }
 
     /* Prevent compiler warnings if INCLUDE_xTaskGetIdleTaskHandle is set to 0,
@@ -12148,7 +12176,7 @@ void vTaskSuspendAll( void )
     }
 }
 /*----------------------------------------------------------*/
-// # 3139 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3151 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskResumeAll( void )
@@ -12171,7 +12199,7 @@ BaseType_t xTaskResumeAll( void )
 
             /* If uxSchedulerSuspended is zero then this function does not match a
              * previous call to vTaskSuspendAll(). */
-            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3161, "uxSchedulerSuspended") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3173, "uxSchedulerSuspended") : (void)0);
 
             --uxSchedulerSuspended;
             vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 0 ));
@@ -12329,7 +12357,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     /* If null is passed in here then the name of the calling task is being
      * queried. */
     pxTCB = ( ( ( xTaskToQuery ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToQuery ) );
-    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3319, "pxTCB") : (void)0);
+    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3331, "pxTCB") : (void)0);
     return &( pxTCB->pcTaskName[ 0 ] );
 }
 /*-----------------------------------------------------------*/
@@ -12422,7 +12450,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
         TCB_t * pxTCB;
 
         /* Task names will be truncated to configMAX_TASK_NAME_LEN - 1 bytes. */
-        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3412, "strlen( pcNameToQuery ) < 16") : (void)0);
+        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3424, "strlen( pcNameToQuery ) < 16") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12518,7 +12546,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                          * each task in the Suspended state. */
                         uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended );
                     }
-// # 3522 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3534 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         if( pulTotalRunTime != 0 )
                         {
@@ -12546,7 +12574,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     {
         /* If xTaskGetIdleTaskHandle() is called before the scheduler has been
          * started, then xIdleTaskHandle will be NULL. */
-        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3549, "( xIdleTaskHandle != 0 )") : (void)0);
+        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3561, "( xIdleTaskHandle != 0 )") : (void)0);
         return &( xIdleTaskHandle[ 0 ] );
     }
 
@@ -12557,7 +12585,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
  * This is to ensure vTaskStepTick() is available when user defined low power mode
  * implementations require configUSE_TICKLESS_IDLE to be set to a value other than
  * 1. */
-// # 3573 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3585 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
@@ -12566,7 +12594,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
 
     /* Must not be called with the scheduler suspended as the implementation
      * relies on xPendedTicks being wound down to 0 in xTaskResumeAll(). */
-    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3581, "uxSchedulerSuspended == 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3593, "uxSchedulerSuspended == 0") : (void)0);
 
     /* Use xPendedTicks to mimic xTicksToCatchUp number of ticks occurring when
      * the scheduler is suspended so the ticks are executed in xTaskResumeAll(). */
@@ -12585,7 +12613,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
         TCB_t * pxTCB = xTask;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3600, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3612, "pxTCB") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12684,7 +12712,7 @@ BaseType_t xTaskIncrementTick( void )
 
             if( xConstTickCount == ( TickType_t ) 0U ) /*lint !e774 'if' does not always evaluate to false as it is looking for an overflow. */
             {
-                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3699, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
+                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3711, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
             }
             else
             {
@@ -12867,13 +12895,13 @@ BaseType_t xTaskIncrementTick( void )
     return xSwitchRequired;
 }
 /*-----------------------------------------------------------*/
-// # 3911 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3923 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3935 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3947 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3960 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3972 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3993 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4005 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 void vTaskSwitchContext( BaseType_t xCoreID )
@@ -12891,7 +12919,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
     {
         /* vTaskSwitchContext() must never be called from within a critical section.
          * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */
-        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4010, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
+        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4022, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
 
         if( uxSchedulerSuspended != ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
         {
@@ -12903,7 +12931,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
         {
             xYieldPendings[ xCoreID ] = ( ( BaseType_t ) 0 );
                                     ;
-// # 4051 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4063 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             /* Check for stack overflow, if configured. */
             { const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } };
 
@@ -12920,7 +12948,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
                                    ;
 
             /* After the new task is switched in, update the global errno. */
-// # 4085 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4097 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
     }
     vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 0 ));
@@ -12931,7 +12959,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
 void vTaskPlaceOnEventList( List_t * const pxEventList,
                             const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4095, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4107, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH EITHER INTERRUPTS DISABLED OR THE
      * SCHEDULER SUSPENDED AND THE QUEUE BEING ACCESSED LOCKED. */
@@ -12950,11 +12978,11 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                      const TickType_t xItemValue,
                                      const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4114, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4126, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event groups implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4118, "uxSchedulerSuspended != 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4130, "uxSchedulerSuspended != 0") : (void)0);
 
     /* Store the item value in the event list item.  It is safe to access the
      * event list item here as interrupts won't access the event list item of a
@@ -12978,7 +13006,7 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                           TickType_t xTicksToWait,
                                           const BaseType_t xWaitIndefinitely )
     {
-        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4142, "pxEventList") : (void)0);
+        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4154, "pxEventList") : (void)0);
 
         /* This function should not be called by application code hence the
          * 'Restricted' in its name.  It is not part of the public API.  It is
@@ -13026,14 +13054,14 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
      * This function assumes that a check has already been made to ensure that
      * pxEventList is not empty. */
     pxUnblockedTCB = ( ( &( ( pxEventList )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4190, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4202, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( &( pxUnblockedTCB->xEventListItem ) );
 
     if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
     {
         ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) );
         ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ;
-// # 4211 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4223 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
     else
     {
@@ -13063,7 +13091,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event flags implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4240, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4252, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
 
     /* Store the new item value in the event list. */
     ( ( pxEventListItem )->xItemValue = ( xItemValue | 0x80000000UL ) );
@@ -13071,9 +13099,9 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
     /* Remove the event list form the event flag.  Interrupts do not access
      * event flags. */
     pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4248, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4260, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( pxEventListItem );
-// # 4265 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4277 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Remove the task from the delayed list and add it to the ready list.  The
      * scheduler is suspended so interrupts will not be accessing the ready
      * lists. */
@@ -13092,7 +13120,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
 void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut )
 {
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4283, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4295, "pxTimeOut") : (void)0);
     vTaskEnterCritical();
     {
         pxTimeOut->xOverflowCount = xNumOfOverflows;
@@ -13115,8 +13143,8 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
 {
     BaseType_t xReturn;
 
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4306, "pxTimeOut") : (void)0);
-    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4307, "pxTicksToWait") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4318, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4319, "pxTicksToWait") : (void)0);
 
     vTaskEnterCritical();
     {
@@ -13238,7 +13266,7 @@ void vTaskMissedYield( void )
  *
  * @todo additional conditional compiles to remove this function.
  */
-// # 4489 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4501 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * -----------------------------------------------------------
  * The Idle task.
@@ -13268,7 +13296,7 @@ static void prvIdleTask( void * pvParameters )
         /* See if any tasks have deleted themselves - if so then the idle task
          * is responsible for freeing the deleted task's TCB and stack. */
         prvCheckTasksWaitingTermination();
-// # 4530 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4542 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 /* When using preemption tasks of equal priority will be
                  * timesliced.  If a task that is sharing the idle priority is ready
@@ -13289,16 +13317,16 @@ static void prvIdleTask( void * pvParameters )
                                             ;
                 }
             }
-// # 4566 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4578 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         /* This conditional compilation should use inequality to 0, not equality
          * to 1.  This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when
          * user defined low power mode  implementations require
          * configUSE_TICKLESS_IDLE to be set to a value other than 1. */
-// # 4631 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4643 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 }
 /*-----------------------------------------------------------*/
-// # 4681 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4693 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13312,7 +13340,7 @@ static void prvIdleTask( void * pvParameters )
         if( xIndex < 5 )
         {
             pxTCB = ( ( ( xTaskToSet ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSet ) );
-            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4694, "pxTCB != 0") : (void)0);
+            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4706, "pxTCB != 0") : (void)0);
             pxTCB->pvThreadLocalStoragePointers[ xIndex ] = pvValue;
         }
     }
@@ -13343,7 +13371,7 @@ static void prvIdleTask( void * pvParameters )
 
 
 /*-----------------------------------------------------------*/
-// # 4741 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4753 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvInitialiseTaskLists( void )
@@ -13445,7 +13473,7 @@ static void prvCheckTasksWaitingTermination( void )
             {
                 pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority;
             }
-// # 4853 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4865 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 pxTaskStatus->ulRunTimeCounter = 0;
             }
@@ -13576,7 +13604,7 @@ static void prvCheckTasksWaitingTermination( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5022 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5034 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13633,7 +13661,7 @@ static void prvCheckTasksWaitingTermination( void )
                 free( (void*) pxTCB->pxStack);
                 free( (void*) pxTCB);
             }
-// # 5105 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5117 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 
 
@@ -13838,8 +13866,8 @@ static void prvResetNextTaskUnblockTime( void )
              * If the mutex is held by a task then it cannot be given from an
              * interrupt, and if a mutex is given by the holding task then it must
              * be the running state task. */
-            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5309, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5310, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5321, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5322, "pxTCB->uxMutexesHeld") : (void)0);
             ( pxTCB->uxMutexesHeld )--;
 
             /* Has the holder of the mutex inherited the priority of another
@@ -13925,7 +13953,7 @@ static void prvResetNextTaskUnblockTime( void )
         {
             /* If pxMutexHolder is not NULL then the holder must hold at least
              * one mutex. */
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5396, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5408, "pxTCB->uxMutexesHeld") : (void)0);
 
             /* Determine the priority to which the priority of the task that
              * holds the mutex should be set.  This will be the greater of the
@@ -13952,7 +13980,7 @@ static void prvResetNextTaskUnblockTime( void )
                     /* If a task has timed out because it already holds the
                      * mutex it was trying to obtain then it cannot of inherited
                      * its own priority. */
-                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5423, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
+                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5435, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
 
                     /* Disinherit the priority, remembering the previous
                      * priority to facilitate determining the subject task's
@@ -14083,7 +14111,7 @@ void vTaskYieldWithinAPI( void )
         {
             /* If pxCurrentTCB->uxCriticalNesting is zero then this function
              * does not match a previous call to vTaskEnterCritical(). */
-            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5554, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5566, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
 
             if( xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U )
             {
@@ -14133,11 +14161,11 @@ void vTaskYieldWithinAPI( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5630 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5642 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 5736 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5748 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
-// # 5863 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5875 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 TickType_t uxTaskResetEventItemValue( void )
@@ -14179,7 +14207,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         uint32_t ulReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5904, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5916, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14253,7 +14281,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5978, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5990, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14341,8 +14369,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         uint8_t ucOriginalNotifyState;
 
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6066, "uxIndexToNotify < 1") : (void)0);
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6067, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6078, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6079, "xTaskToNotify") : (void)0);
         pxTCB = xTaskToNotify;
 
         vTaskEnterCritical();
@@ -14395,7 +14423,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6120, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6132, "xTickCount == ( TickType_t ) 0") : (void)0);
 
                     break;
             }
@@ -14410,8 +14438,8 @@ TickType_t uxTaskResetEventItemValue( void )
                 ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
 
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6135, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
-// # 6154 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6147, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+// # 6166 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         prvYieldForTask( pxTCB, ( ( BaseType_t ) 0 ) );
                     }
@@ -14444,8 +14472,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6186, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6187, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6198, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6199, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14516,7 +14544,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6258, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6270, "xTickCount == ( TickType_t ) 0") : (void)0);
                     break;
             }
 
@@ -14527,7 +14555,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6269, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6281, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -14572,8 +14600,8 @@ TickType_t uxTaskResetEventItemValue( void )
         uint8_t ucOriginalNotifyState;
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6314, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6315, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6326, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6327, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14611,7 +14639,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6353, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6365, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -14652,7 +14680,7 @@ TickType_t uxTaskResetEventItemValue( void )
         TCB_t * pxTCB;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6394, "uxIndexToClear < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6406, "uxIndexToClear < 1") : (void)0);
 
         /* If null is passed in here then it is the calling task that is having
          * its notification state cleared. */
@@ -14705,7 +14733,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
 
 /*-----------------------------------------------------------*/
-// # 6463 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6475 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
@@ -14781,7 +14809,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                 }
             }
         }
-// # 6575 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6587 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 
 /* Code below here allows additional code to be inserted into this source file,
diff --git a/verification/verifast/proof_setup/verifast_RP2040_axioms.h b/verification/verifast/proof_setup/verifast_RP2040_axioms.h
new file mode 100644
index 00000000000..855727be504
--- /dev/null
+++ b/verification/verifast/proof_setup/verifast_RP2040_axioms.h
@@ -0,0 +1,19 @@
+#ifndef VERIFAST_RP2040_AXIOMS_H
+#define VERIFAST_RP2040_AXIOMS_H
+
+#include "stdint.h"
+
+/*
+ * The lemmas in this file axiomatize that the RP2040 architecture uses
+ * 32bit pointers.
+ */
+
+/*@
+// Axiomatizes that: 0 <= ptr <= 2^32 - 1
+lemma void uint32_t_ptr_range(uint32_t* ptr);
+requires true;
+ensures 0 <= (int) ptr &*& (int) ptr <= 4294967295;
+@*/
+
+
+#endif
\ No newline at end of file

From 82be7cb23a89cc074c9249d5bb94208d2cf57b9b Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Tue, 25 Oct 2022 14:40:50 -0400
Subject: [PATCH 059/289] Temporarily eliminated runtime assertion.

---
 tasks.c                                       |   7 +-
 .../verifast/preprocessed_files/tasks--pp.c   | 183 +++++++++---------
 .../proof_setup/verifast_proof_defs.h         |   3 +
 3 files changed, 100 insertions(+), 93 deletions(-)

diff --git a/tasks.c b/tasks.c
index fed7aa426ea..d222c667a3f 100644
--- a/tasks.c
+++ b/tasks.c
@@ -1496,7 +1496,12 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             pxTopOfStack = ( StackType_t * ) ( ( ( portPOINTER_SIZE_TYPE ) pxTopOfStack ) & ( ~( ( portPOINTER_SIZE_TYPE ) portBYTE_ALIGNMENT_MASK ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception.  Avoiding casts between pointers and integers is not practical.  Size differences accounted for using portPOINTER_SIZE_TYPE type.  Checked by assert(). */
 
             /* Check the alignment of the calculated top of stack is correct. */
-            configASSERT( ( ( ( portPOINTER_SIZE_TYPE ) pxTopOfStack & ( portPOINTER_SIZE_TYPE ) portBYTE_ALIGNMENT_MASK ) == 0UL ) );
+            
+            #ifndef VERIFAST
+                // TODO: Figure out how to handle configASSERT/__builtin_expect
+                // maybe replace by VF assertion.
+                configASSERT( ( ( ( portPOINTER_SIZE_TYPE ) pxTopOfStack & ( portPOINTER_SIZE_TYPE ) portBYTE_ALIGNMENT_MASK ) == 0UL ) );
+            #endif /* VERIFAST */
 
             #if ( configRECORD_STACK_HIGH_ADDRESS == 1 )
                 {
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index 290f97cc2fb..8c4394cafc9 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -10849,10 +10849,9 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             pxTopOfStack = ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception.  Avoiding casts between pointers and integers is not practical.  Size differences accounted for using portPOINTER_SIZE_TYPE type.  Checked by assert(). */
 
             /* Check the alignment of the calculated top of stack is correct. */
-            (__builtin_expect(!(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1499, "( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )") : (void)0);
-// # 1508 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1513 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
-// # 1522 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1527 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Store the task name in the TCB. */
     if( pcName != 0 )
     {
@@ -10918,7 +10917,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         {
             pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U;
         }
-// # 1606 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1611 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* Avoid compiler warning about unreferenced parameter. */
             ( void ) xRegions;
@@ -10936,21 +10935,21 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             memset( ( void * ) &( pxNewTCB->ulNotifiedValue[ 0 ] ), 0x00, sizeof( pxNewTCB->ulNotifiedValue ) );
             memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) );
         }
-// # 1635 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1640 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             pxNewTCB->ucDelayAborted = ( ( BaseType_t ) 0 );
         }
-// # 1653 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1658 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Initialize the TCB stack to look as if the task was already running,
      * but had been interrupted by the scheduler.  The return address is set
      * to the start of the task function. Once the stack has been initialised
      * the top of stack variable is updated. */
-// # 1681 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1686 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* If the port has capability to detect stack overflow,
              * pass the stack end address to the stack initialization
              * function as well. */
-// # 1698 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1703 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                 {
                     pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters );
                 }
@@ -11159,7 +11158,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
                 if( xTaskRunningOnCore == xCoreID )
                 {
-                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1906, "uxSchedulerSuspended == 0") : (void)0);
+                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1911, "uxSchedulerSuspended == 0") : (void)0);
                     vTaskYieldWithinAPI();
                 }
                 else
@@ -11182,12 +11181,12 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         TickType_t xTimeToWake;
         BaseType_t xAlreadyYielded, xShouldDelay = ( ( BaseType_t ) 0 );
 
-        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1929, "pxPreviousWakeTime") : (void)0);
-        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1930, "( xTimeIncrement > 0U )") : (void)0);
+        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1934, "pxPreviousWakeTime") : (void)0);
+        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1935, "( xTimeIncrement > 0U )") : (void)0);
 
         vTaskSuspendAll();
         {
-            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1934, "uxSchedulerSuspended == 1") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1939, "uxSchedulerSuspended == 1") : (void)0);
 
             /* Minor optimisation.  The tick count cannot change in this
              * block. */
@@ -11273,7 +11272,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         {
             vTaskSuspendAll();
             {
-                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2020, "uxSchedulerSuspended == 1") : (void)0);
+                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2025, "uxSchedulerSuspended == 1") : (void)0);
                                  ;
 
                 /* A task that is removed from the event list while the
@@ -11327,7 +11326,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         const TCB_t * const pxTCB = xTask;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2074, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2079, "pxTCB") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -11503,7 +11502,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         BaseType_t xYieldForTask = ( ( BaseType_t ) 0 );
         BaseType_t xCoreID;
 
-        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2250, "( uxNewPriority < 32 )") : (void)0);
+        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2255, "( uxNewPriority < 32 )") : (void)0);
 
         /* Ensure the new priority is valid. */
         if( uxNewPriority >= ( UBaseType_t ) 32 )
@@ -11657,13 +11656,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
 /*-----------------------------------------------------------*/
-// # 2438 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2443 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2461 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2466 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2479 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2484 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2507 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2512 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -11740,7 +11739,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                     if( xTaskRunningOnCore == 0 )
                     {
                         /* The current task has just been suspended. */
-                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2583, "uxSchedulerSuspended == 0") : (void)0);
+                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2588, "uxSchedulerSuspended == 0") : (void)0);
                         vTaskYieldWithinAPI();
                     }
                     else
@@ -11754,7 +11753,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                 {
                     vTaskExitCritical();
 
-                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2597, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
+                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2602, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
 
                     /* The scheduler is not running, but the task that was pointed
                      * to by pxCurrentTCB has just been suspended and pxCurrentTCB
@@ -11801,7 +11800,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         /* Accesses xPendingReadyList so must be called from a critical section. */
 
         /* It does not make sense to check if the calling task is suspended. */
-        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2644, "xTask") : (void)0);
+        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2649, "xTask") : (void)0);
 
         /* Is the task being resumed actually in the suspended list? */
         if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &xSuspendedTaskList ) ) ? ( ( ( BaseType_t ) 1 ) ) : ( ( ( BaseType_t ) 0 ) ) ) != ( ( BaseType_t ) 0 ) )
@@ -11850,7 +11849,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
         /* It does not make sense to resume the calling task. */
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2693, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2698, "xTaskToResume") : (void)0);
 
         /* The parameter cannot be NULL as it is impossible to resume the
          * currently executing task. It is also impossible to resume a task
@@ -11909,7 +11908,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2752, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2757, "xTaskToResume") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -12030,7 +12029,7 @@ static BaseType_t prvCreateIdleTasks( void )
         {
                                     ;
         }
-// # 2920 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2925 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 if( xCoreID == 0 )
                 {
@@ -12042,7 +12041,7 @@ static BaseType_t prvCreateIdleTasks( void )
                                            ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */
                                            &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */
                 }
-// # 2943 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2948 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             }
 
     }
@@ -12079,7 +12078,7 @@ void vTaskStartScheduler( void )
          * so interrupts will automatically get re-enabled when the first task
          * starts to run. */
         assert_fct(false);
-// # 2993 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2998 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL;
         xSchedulerRunning = ( ( BaseType_t ) 1 );
         xTickCount = ( TickType_t ) 0;
@@ -12111,7 +12110,7 @@ void vTaskStartScheduler( void )
         /* This line will only be reached if the kernel could not be started,
          * because there was not enough FreeRTOS heap to create the idle task
          * or the timer task. */
-        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3024, "xReturn != ( -1 )") : (void)0);
+        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3029, "xReturn != ( -1 )") : (void)0);
     }
 
     /* Prevent compiler warnings if INCLUDE_xTaskGetIdleTaskHandle is set to 0,
@@ -12176,7 +12175,7 @@ void vTaskSuspendAll( void )
     }
 }
 /*----------------------------------------------------------*/
-// # 3151 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3156 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskResumeAll( void )
@@ -12199,7 +12198,7 @@ BaseType_t xTaskResumeAll( void )
 
             /* If uxSchedulerSuspended is zero then this function does not match a
              * previous call to vTaskSuspendAll(). */
-            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3173, "uxSchedulerSuspended") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3178, "uxSchedulerSuspended") : (void)0);
 
             --uxSchedulerSuspended;
             vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 0 ));
@@ -12357,7 +12356,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     /* If null is passed in here then the name of the calling task is being
      * queried. */
     pxTCB = ( ( ( xTaskToQuery ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToQuery ) );
-    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3331, "pxTCB") : (void)0);
+    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3336, "pxTCB") : (void)0);
     return &( pxTCB->pcTaskName[ 0 ] );
 }
 /*-----------------------------------------------------------*/
@@ -12450,7 +12449,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
         TCB_t * pxTCB;
 
         /* Task names will be truncated to configMAX_TASK_NAME_LEN - 1 bytes. */
-        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3424, "strlen( pcNameToQuery ) < 16") : (void)0);
+        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3429, "strlen( pcNameToQuery ) < 16") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12546,7 +12545,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                          * each task in the Suspended state. */
                         uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended );
                     }
-// # 3534 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3539 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         if( pulTotalRunTime != 0 )
                         {
@@ -12574,7 +12573,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     {
         /* If xTaskGetIdleTaskHandle() is called before the scheduler has been
          * started, then xIdleTaskHandle will be NULL. */
-        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3561, "( xIdleTaskHandle != 0 )") : (void)0);
+        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3566, "( xIdleTaskHandle != 0 )") : (void)0);
         return &( xIdleTaskHandle[ 0 ] );
     }
 
@@ -12585,7 +12584,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
  * This is to ensure vTaskStepTick() is available when user defined low power mode
  * implementations require configUSE_TICKLESS_IDLE to be set to a value other than
  * 1. */
-// # 3585 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3590 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
@@ -12594,7 +12593,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
 
     /* Must not be called with the scheduler suspended as the implementation
      * relies on xPendedTicks being wound down to 0 in xTaskResumeAll(). */
-    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3593, "uxSchedulerSuspended == 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3598, "uxSchedulerSuspended == 0") : (void)0);
 
     /* Use xPendedTicks to mimic xTicksToCatchUp number of ticks occurring when
      * the scheduler is suspended so the ticks are executed in xTaskResumeAll(). */
@@ -12613,7 +12612,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
         TCB_t * pxTCB = xTask;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3612, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3617, "pxTCB") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12712,7 +12711,7 @@ BaseType_t xTaskIncrementTick( void )
 
             if( xConstTickCount == ( TickType_t ) 0U ) /*lint !e774 'if' does not always evaluate to false as it is looking for an overflow. */
             {
-                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3711, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
+                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3716, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
             }
             else
             {
@@ -12895,13 +12894,13 @@ BaseType_t xTaskIncrementTick( void )
     return xSwitchRequired;
 }
 /*-----------------------------------------------------------*/
-// # 3923 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3928 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3947 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3952 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3972 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3977 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4005 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4010 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 void vTaskSwitchContext( BaseType_t xCoreID )
@@ -12919,7 +12918,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
     {
         /* vTaskSwitchContext() must never be called from within a critical section.
          * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */
-        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4022, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
+        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4027, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
 
         if( uxSchedulerSuspended != ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
         {
@@ -12931,7 +12930,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
         {
             xYieldPendings[ xCoreID ] = ( ( BaseType_t ) 0 );
                                     ;
-// # 4063 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4068 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             /* Check for stack overflow, if configured. */
             { const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } };
 
@@ -12948,7 +12947,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
                                    ;
 
             /* After the new task is switched in, update the global errno. */
-// # 4097 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4102 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
     }
     vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 0 ));
@@ -12959,7 +12958,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
 void vTaskPlaceOnEventList( List_t * const pxEventList,
                             const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4107, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4112, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH EITHER INTERRUPTS DISABLED OR THE
      * SCHEDULER SUSPENDED AND THE QUEUE BEING ACCESSED LOCKED. */
@@ -12978,11 +12977,11 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                      const TickType_t xItemValue,
                                      const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4126, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4131, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event groups implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4130, "uxSchedulerSuspended != 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4135, "uxSchedulerSuspended != 0") : (void)0);
 
     /* Store the item value in the event list item.  It is safe to access the
      * event list item here as interrupts won't access the event list item of a
@@ -13006,7 +13005,7 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                           TickType_t xTicksToWait,
                                           const BaseType_t xWaitIndefinitely )
     {
-        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4154, "pxEventList") : (void)0);
+        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4159, "pxEventList") : (void)0);
 
         /* This function should not be called by application code hence the
          * 'Restricted' in its name.  It is not part of the public API.  It is
@@ -13054,14 +13053,14 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
      * This function assumes that a check has already been made to ensure that
      * pxEventList is not empty. */
     pxUnblockedTCB = ( ( &( ( pxEventList )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4202, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4207, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( &( pxUnblockedTCB->xEventListItem ) );
 
     if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
     {
         ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) );
         ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ;
-// # 4223 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4228 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
     else
     {
@@ -13091,7 +13090,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event flags implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4252, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4257, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
 
     /* Store the new item value in the event list. */
     ( ( pxEventListItem )->xItemValue = ( xItemValue | 0x80000000UL ) );
@@ -13099,9 +13098,9 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
     /* Remove the event list form the event flag.  Interrupts do not access
      * event flags. */
     pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4260, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4265, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( pxEventListItem );
-// # 4277 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4282 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Remove the task from the delayed list and add it to the ready list.  The
      * scheduler is suspended so interrupts will not be accessing the ready
      * lists. */
@@ -13120,7 +13119,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
 void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut )
 {
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4295, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4300, "pxTimeOut") : (void)0);
     vTaskEnterCritical();
     {
         pxTimeOut->xOverflowCount = xNumOfOverflows;
@@ -13143,8 +13142,8 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
 {
     BaseType_t xReturn;
 
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4318, "pxTimeOut") : (void)0);
-    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4319, "pxTicksToWait") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4323, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4324, "pxTicksToWait") : (void)0);
 
     vTaskEnterCritical();
     {
@@ -13266,7 +13265,7 @@ void vTaskMissedYield( void )
  *
  * @todo additional conditional compiles to remove this function.
  */
-// # 4501 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4506 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * -----------------------------------------------------------
  * The Idle task.
@@ -13296,7 +13295,7 @@ static void prvIdleTask( void * pvParameters )
         /* See if any tasks have deleted themselves - if so then the idle task
          * is responsible for freeing the deleted task's TCB and stack. */
         prvCheckTasksWaitingTermination();
-// # 4542 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4547 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 /* When using preemption tasks of equal priority will be
                  * timesliced.  If a task that is sharing the idle priority is ready
@@ -13317,16 +13316,16 @@ static void prvIdleTask( void * pvParameters )
                                             ;
                 }
             }
-// # 4578 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4583 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         /* This conditional compilation should use inequality to 0, not equality
          * to 1.  This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when
          * user defined low power mode  implementations require
          * configUSE_TICKLESS_IDLE to be set to a value other than 1. */
-// # 4643 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4648 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 }
 /*-----------------------------------------------------------*/
-// # 4693 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4698 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13340,7 +13339,7 @@ static void prvIdleTask( void * pvParameters )
         if( xIndex < 5 )
         {
             pxTCB = ( ( ( xTaskToSet ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSet ) );
-            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4706, "pxTCB != 0") : (void)0);
+            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4711, "pxTCB != 0") : (void)0);
             pxTCB->pvThreadLocalStoragePointers[ xIndex ] = pvValue;
         }
     }
@@ -13371,7 +13370,7 @@ static void prvIdleTask( void * pvParameters )
 
 
 /*-----------------------------------------------------------*/
-// # 4753 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4758 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvInitialiseTaskLists( void )
@@ -13473,7 +13472,7 @@ static void prvCheckTasksWaitingTermination( void )
             {
                 pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority;
             }
-// # 4865 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4870 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 pxTaskStatus->ulRunTimeCounter = 0;
             }
@@ -13604,7 +13603,7 @@ static void prvCheckTasksWaitingTermination( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5034 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5039 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13661,7 +13660,7 @@ static void prvCheckTasksWaitingTermination( void )
                 free( (void*) pxTCB->pxStack);
                 free( (void*) pxTCB);
             }
-// # 5117 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5122 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 
 
@@ -13866,8 +13865,8 @@ static void prvResetNextTaskUnblockTime( void )
              * If the mutex is held by a task then it cannot be given from an
              * interrupt, and if a mutex is given by the holding task then it must
              * be the running state task. */
-            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5321, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5322, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5326, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5327, "pxTCB->uxMutexesHeld") : (void)0);
             ( pxTCB->uxMutexesHeld )--;
 
             /* Has the holder of the mutex inherited the priority of another
@@ -13953,7 +13952,7 @@ static void prvResetNextTaskUnblockTime( void )
         {
             /* If pxMutexHolder is not NULL then the holder must hold at least
              * one mutex. */
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5408, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5413, "pxTCB->uxMutexesHeld") : (void)0);
 
             /* Determine the priority to which the priority of the task that
              * holds the mutex should be set.  This will be the greater of the
@@ -13980,7 +13979,7 @@ static void prvResetNextTaskUnblockTime( void )
                     /* If a task has timed out because it already holds the
                      * mutex it was trying to obtain then it cannot of inherited
                      * its own priority. */
-                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5435, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
+                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5440, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
 
                     /* Disinherit the priority, remembering the previous
                      * priority to facilitate determining the subject task's
@@ -14111,7 +14110,7 @@ void vTaskYieldWithinAPI( void )
         {
             /* If pxCurrentTCB->uxCriticalNesting is zero then this function
              * does not match a previous call to vTaskEnterCritical(). */
-            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5566, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5571, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
 
             if( xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U )
             {
@@ -14161,11 +14160,11 @@ void vTaskYieldWithinAPI( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5642 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5647 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 5748 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5753 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
-// # 5875 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5880 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 TickType_t uxTaskResetEventItemValue( void )
@@ -14207,7 +14206,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         uint32_t ulReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5916, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5921, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14281,7 +14280,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5990, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5995, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14369,8 +14368,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         uint8_t ucOriginalNotifyState;
 
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6078, "uxIndexToNotify < 1") : (void)0);
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6079, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6083, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6084, "xTaskToNotify") : (void)0);
         pxTCB = xTaskToNotify;
 
         vTaskEnterCritical();
@@ -14423,7 +14422,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6132, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6137, "xTickCount == ( TickType_t ) 0") : (void)0);
 
                     break;
             }
@@ -14438,8 +14437,8 @@ TickType_t uxTaskResetEventItemValue( void )
                 ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
 
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6147, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
-// # 6166 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6152, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+// # 6171 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         prvYieldForTask( pxTCB, ( ( BaseType_t ) 0 ) );
                     }
@@ -14472,8 +14471,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6198, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6199, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6203, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6204, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14544,7 +14543,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6270, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6275, "xTickCount == ( TickType_t ) 0") : (void)0);
                     break;
             }
 
@@ -14555,7 +14554,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6281, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6286, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -14600,8 +14599,8 @@ TickType_t uxTaskResetEventItemValue( void )
         uint8_t ucOriginalNotifyState;
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6326, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6327, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6331, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6332, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14639,7 +14638,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6365, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6370, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -14680,7 +14679,7 @@ TickType_t uxTaskResetEventItemValue( void )
         TCB_t * pxTCB;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6406, "uxIndexToClear < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6411, "uxIndexToClear < 1") : (void)0);
 
         /* If null is passed in here then it is the calling task that is having
          * its notification state cleared. */
@@ -14733,7 +14732,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
 
 /*-----------------------------------------------------------*/
-// # 6475 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6480 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
@@ -14809,7 +14808,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                 }
             }
         }
-// # 6587 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6592 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 
 /* Code below here allows additional code to be inserted into this source file,
diff --git a/verification/verifast/proof_setup/verifast_proof_defs.h b/verification/verifast/proof_setup/verifast_proof_defs.h
index a9460d08e28..2f3da0f98ba 100644
--- a/verification/verifast/proof_setup/verifast_proof_defs.h
+++ b/verification/verifast/proof_setup/verifast_proof_defs.h
@@ -8,4 +8,7 @@
     // Delete keywords VeriFast canot parse (in some contexts)
     #define inline
     #define __always_inline
+
+    #undef assert
+    #define assert(x) BLUB(x)
 #endif /* VERIFAST_DEFS_H */

From 8a8f0ab9b1bd169ea96e0ccaedbc699e8c84c9d1 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Tue, 25 Oct 2022 14:57:26 -0400
Subject: [PATCH 060/289] Proved memory safety of name-writing loop in
 `prvInitialiseNewTask`.

---
 tasks.c                                       |  15 +-
 .../verifast/preprocessed_files/tasks--pp.c   | 209 +++++++++---------
 verification/verifast/proof/task_predicates.h |   2 +-
 3 files changed, 124 insertions(+), 102 deletions(-)

diff --git a/tasks.c b/tasks.c
index d222c667a3f..dccc3003a2b 100644
--- a/tasks.c
+++ b/tasks.c
@@ -1300,7 +1300,9 @@ static void prvYieldForTask( TCB_t * pxTCB,
                             UBaseType_t uxPriority,
                             TaskHandle_t * const pxCreatedTask )
     /*@ requires usStackDepth * sizeof( StackType_t ) < UINTPTR_MAX &*&
-                 usStackDepth > 0;
+                 usStackDepth > 0 &*&
+                 // We assume that macro `configMAX_TASK_NAME_LEN` evaluates to 16.
+                 chars(pcName, 16, _);
      @*/
     //@ ensures true;
     #if ( ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) )
@@ -1426,7 +1428,9 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 /*@ requires TCB_p(pxNewTCB, ?stackSize) &*&
              stackSize == ulStackDepth * sizeof(StackType_t) &*&
              stackSize <= UINTPTR_MAX &*&
-             ulStackDepth > 0;
+             ulStackDepth > 0 &*&
+             // We assume that macro `configMAX_TASK_NAME_LEN` evaluates to 16.
+             chars(pcName, 16, _);
  @*/
 /*@ ensures true; 
  @*/
@@ -1524,11 +1528,17 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         }
     #endif /* portSTACK_GROWTH */
 
+    //@ close TCB_p(pxNewTCB, stackSize); 
+
     /* Store the task name in the TCB. */
     if( pcName != NULL )
     {
         for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) configMAX_TASK_NAME_LEN; x++ )
+        /*@ invariant TCB_p(pxNewTCB, stackSize) &*&
+                      chars(pcName, 16, _);
+         @*/
         {
+            //@ open TCB_p(_, _);
             pxNewTCB->pcTaskName[ x ] = pcName[ x ];
 
             /* Don't copy all configMAX_TASK_NAME_LEN if the string is shorter than
@@ -1542,6 +1552,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             {
                 mtCOVERAGE_TEST_MARKER();
             }
+            //@ close TCB_p(_, _);
         }
 
         /* Ensure the name string is terminated in the case that the string length
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index 8c4394cafc9..2a72892db20 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -99,7 +99,7 @@ predicate TCB_p(TCB_t * tcb, int stackSize) =
     tcb->xTaskRunState |-> _ &*&
     tcb->xIsIdle |-> _ &*&
     
-    // pcTaskName
+    // Assumes macro `configMAX_TASK_NAME_LEN` evaluates to 16.
     chars_(tcb->pcTaskName, 16, _) &*&
 
     tcb->uxCriticalNesting |-> _ &*&
@@ -10717,10 +10717,12 @@ static void prvYieldForTask( TCB_t * pxTCB,
                             UBaseType_t uxPriority,
                             TaskHandle_t * const pxCreatedTask )
     /*@ requires usStackDepth * sizeof( StackType_t ) < UINTPTR_MAX &*&
-                 usStackDepth > 0;
+                 usStackDepth > 0 &*&
+                 // We assume that macro `configMAX_TASK_NAME_LEN` evaluates to 16.
+                 chars(pcName, 16, _);
      @*/
     //@ ensures true;
-// # 1319 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1321 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     {
         TCB_t * pxNewTCB;
         BaseType_t xReturn;
@@ -10728,7 +10730,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
         /* If the stack grows down then allocate the stack then the TCB so the stack
          * does not grow into the TCB.  Likewise if the stack grows up then allocate
          * the TCB then the stack. */
-// # 1349 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1351 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 StackType_t * pxStack;
 
@@ -10764,9 +10766,9 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
         if( pxNewTCB != 0 )
         {
-// # 1392 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1394 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvInitialiseNewTask( pxTaskCode, pcName, ( uint32_t ) usStackDepth, pvParameters, uxPriority, pxCreatedTask, pxNewTCB, 0 );
-// # 1401 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1403 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvAddNewTaskToReadyList( pxNewTCB );
             xReturn = ( ( ( BaseType_t ) 1 ) );
         }
@@ -10795,14 +10797,16 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 /*@ requires TCB_p(pxNewTCB, ?stackSize) &*&
              stackSize == ulStackDepth * sizeof(StackType_t) &*&
              stackSize <= UINTPTR_MAX &*&
-             ulStackDepth > 0;
+             ulStackDepth > 0 &*&
+             // We assume that macro `configMAX_TASK_NAME_LEN` evaluates to 16.
+             chars(pcName, 16, _);
  @*/
 /*@ ensures true; 
  @*/
 {
     StackType_t * pxTopOfStack;
     UBaseType_t x;
-// # 1453 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1457 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     //@ open TCB_p(_,_);
 
     /* Avoid dependency on memset() if it is not required. */
@@ -10849,14 +10853,20 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             pxTopOfStack = ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception.  Avoiding casts between pointers and integers is not practical.  Size differences accounted for using portPOINTER_SIZE_TYPE type.  Checked by assert(). */
 
             /* Check the alignment of the calculated top of stack is correct. */
-// # 1513 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1517 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
-// # 1527 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1531 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+    //@ close TCB_p(pxNewTCB, stackSize); 
+
     /* Store the task name in the TCB. */
     if( pcName != 0 )
     {
         for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) 16; x++ )
+        /*@ invariant TCB_p(pxNewTCB, stackSize) &*&
+                      chars(pcName, 16, _);
+         @*/
         {
+            //@ open TCB_p(_, _);
             pxNewTCB->pcTaskName[ x ] = pcName[ x ];
 
             /* Don't copy all configMAX_TASK_NAME_LEN if the string is shorter than
@@ -10870,6 +10880,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             {
                                         ;
             }
+            //@ close TCB_p(_, _);
         }
 
         /* Ensure the name string is terminated in the case that the string length
@@ -10917,7 +10928,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         {
             pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U;
         }
-// # 1611 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1622 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* Avoid compiler warning about unreferenced parameter. */
             ( void ) xRegions;
@@ -10935,21 +10946,21 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             memset( ( void * ) &( pxNewTCB->ulNotifiedValue[ 0 ] ), 0x00, sizeof( pxNewTCB->ulNotifiedValue ) );
             memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) );
         }
-// # 1640 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1651 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             pxNewTCB->ucDelayAborted = ( ( BaseType_t ) 0 );
         }
-// # 1658 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1669 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Initialize the TCB stack to look as if the task was already running,
      * but had been interrupted by the scheduler.  The return address is set
      * to the start of the task function. Once the stack has been initialised
      * the top of stack variable is updated. */
-// # 1686 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1697 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* If the port has capability to detect stack overflow,
              * pass the stack end address to the stack initialization
              * function as well. */
-// # 1703 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1714 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                 {
                     pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters );
                 }
@@ -11158,7 +11169,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
                 if( xTaskRunningOnCore == xCoreID )
                 {
-                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1911, "uxSchedulerSuspended == 0") : (void)0);
+                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1922, "uxSchedulerSuspended == 0") : (void)0);
                     vTaskYieldWithinAPI();
                 }
                 else
@@ -11181,12 +11192,12 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         TickType_t xTimeToWake;
         BaseType_t xAlreadyYielded, xShouldDelay = ( ( BaseType_t ) 0 );
 
-        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1934, "pxPreviousWakeTime") : (void)0);
-        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1935, "( xTimeIncrement > 0U )") : (void)0);
+        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1945, "pxPreviousWakeTime") : (void)0);
+        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1946, "( xTimeIncrement > 0U )") : (void)0);
 
         vTaskSuspendAll();
         {
-            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1939, "uxSchedulerSuspended == 1") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1950, "uxSchedulerSuspended == 1") : (void)0);
 
             /* Minor optimisation.  The tick count cannot change in this
              * block. */
@@ -11272,7 +11283,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         {
             vTaskSuspendAll();
             {
-                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2025, "uxSchedulerSuspended == 1") : (void)0);
+                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2036, "uxSchedulerSuspended == 1") : (void)0);
                                  ;
 
                 /* A task that is removed from the event list while the
@@ -11326,7 +11337,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         const TCB_t * const pxTCB = xTask;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2079, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2090, "pxTCB") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -11502,7 +11513,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         BaseType_t xYieldForTask = ( ( BaseType_t ) 0 );
         BaseType_t xCoreID;
 
-        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2255, "( uxNewPriority < 32 )") : (void)0);
+        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2266, "( uxNewPriority < 32 )") : (void)0);
 
         /* Ensure the new priority is valid. */
         if( uxNewPriority >= ( UBaseType_t ) 32 )
@@ -11656,13 +11667,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
 /*-----------------------------------------------------------*/
-// # 2443 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2454 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2466 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2477 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2484 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2495 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2512 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2523 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -11739,7 +11750,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                     if( xTaskRunningOnCore == 0 )
                     {
                         /* The current task has just been suspended. */
-                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2588, "uxSchedulerSuspended == 0") : (void)0);
+                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2599, "uxSchedulerSuspended == 0") : (void)0);
                         vTaskYieldWithinAPI();
                     }
                     else
@@ -11753,7 +11764,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                 {
                     vTaskExitCritical();
 
-                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2602, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
+                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2613, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
 
                     /* The scheduler is not running, but the task that was pointed
                      * to by pxCurrentTCB has just been suspended and pxCurrentTCB
@@ -11800,7 +11811,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         /* Accesses xPendingReadyList so must be called from a critical section. */
 
         /* It does not make sense to check if the calling task is suspended. */
-        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2649, "xTask") : (void)0);
+        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2660, "xTask") : (void)0);
 
         /* Is the task being resumed actually in the suspended list? */
         if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &xSuspendedTaskList ) ) ? ( ( ( BaseType_t ) 1 ) ) : ( ( ( BaseType_t ) 0 ) ) ) != ( ( BaseType_t ) 0 ) )
@@ -11849,7 +11860,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
         /* It does not make sense to resume the calling task. */
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2698, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2709, "xTaskToResume") : (void)0);
 
         /* The parameter cannot be NULL as it is impossible to resume the
          * currently executing task. It is also impossible to resume a task
@@ -11908,7 +11919,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2757, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2768, "xTaskToResume") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -12029,7 +12040,7 @@ static BaseType_t prvCreateIdleTasks( void )
         {
                                     ;
         }
-// # 2925 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2936 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 if( xCoreID == 0 )
                 {
@@ -12041,7 +12052,7 @@ static BaseType_t prvCreateIdleTasks( void )
                                            ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */
                                            &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */
                 }
-// # 2948 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2959 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             }
 
     }
@@ -12078,7 +12089,7 @@ void vTaskStartScheduler( void )
          * so interrupts will automatically get re-enabled when the first task
          * starts to run. */
         assert_fct(false);
-// # 2998 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3009 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL;
         xSchedulerRunning = ( ( BaseType_t ) 1 );
         xTickCount = ( TickType_t ) 0;
@@ -12110,7 +12121,7 @@ void vTaskStartScheduler( void )
         /* This line will only be reached if the kernel could not be started,
          * because there was not enough FreeRTOS heap to create the idle task
          * or the timer task. */
-        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3029, "xReturn != ( -1 )") : (void)0);
+        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3040, "xReturn != ( -1 )") : (void)0);
     }
 
     /* Prevent compiler warnings if INCLUDE_xTaskGetIdleTaskHandle is set to 0,
@@ -12175,7 +12186,7 @@ void vTaskSuspendAll( void )
     }
 }
 /*----------------------------------------------------------*/
-// # 3156 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3167 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskResumeAll( void )
@@ -12198,7 +12209,7 @@ BaseType_t xTaskResumeAll( void )
 
             /* If uxSchedulerSuspended is zero then this function does not match a
              * previous call to vTaskSuspendAll(). */
-            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3178, "uxSchedulerSuspended") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3189, "uxSchedulerSuspended") : (void)0);
 
             --uxSchedulerSuspended;
             vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 0 ));
@@ -12356,7 +12367,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     /* If null is passed in here then the name of the calling task is being
      * queried. */
     pxTCB = ( ( ( xTaskToQuery ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToQuery ) );
-    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3336, "pxTCB") : (void)0);
+    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3347, "pxTCB") : (void)0);
     return &( pxTCB->pcTaskName[ 0 ] );
 }
 /*-----------------------------------------------------------*/
@@ -12449,7 +12460,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
         TCB_t * pxTCB;
 
         /* Task names will be truncated to configMAX_TASK_NAME_LEN - 1 bytes. */
-        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3429, "strlen( pcNameToQuery ) < 16") : (void)0);
+        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3440, "strlen( pcNameToQuery ) < 16") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12545,7 +12556,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                          * each task in the Suspended state. */
                         uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended );
                     }
-// # 3539 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3550 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         if( pulTotalRunTime != 0 )
                         {
@@ -12573,7 +12584,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     {
         /* If xTaskGetIdleTaskHandle() is called before the scheduler has been
          * started, then xIdleTaskHandle will be NULL. */
-        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3566, "( xIdleTaskHandle != 0 )") : (void)0);
+        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3577, "( xIdleTaskHandle != 0 )") : (void)0);
         return &( xIdleTaskHandle[ 0 ] );
     }
 
@@ -12584,7 +12595,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
  * This is to ensure vTaskStepTick() is available when user defined low power mode
  * implementations require configUSE_TICKLESS_IDLE to be set to a value other than
  * 1. */
-// # 3590 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3601 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
@@ -12593,7 +12604,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
 
     /* Must not be called with the scheduler suspended as the implementation
      * relies on xPendedTicks being wound down to 0 in xTaskResumeAll(). */
-    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3598, "uxSchedulerSuspended == 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3609, "uxSchedulerSuspended == 0") : (void)0);
 
     /* Use xPendedTicks to mimic xTicksToCatchUp number of ticks occurring when
      * the scheduler is suspended so the ticks are executed in xTaskResumeAll(). */
@@ -12612,7 +12623,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
         TCB_t * pxTCB = xTask;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3617, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3628, "pxTCB") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12711,7 +12722,7 @@ BaseType_t xTaskIncrementTick( void )
 
             if( xConstTickCount == ( TickType_t ) 0U ) /*lint !e774 'if' does not always evaluate to false as it is looking for an overflow. */
             {
-                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3716, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
+                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3727, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
             }
             else
             {
@@ -12894,13 +12905,13 @@ BaseType_t xTaskIncrementTick( void )
     return xSwitchRequired;
 }
 /*-----------------------------------------------------------*/
-// # 3928 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3939 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3952 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3963 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3977 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3988 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4010 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4021 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 void vTaskSwitchContext( BaseType_t xCoreID )
@@ -12918,7 +12929,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
     {
         /* vTaskSwitchContext() must never be called from within a critical section.
          * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */
-        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4027, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
+        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4038, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
 
         if( uxSchedulerSuspended != ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
         {
@@ -12930,7 +12941,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
         {
             xYieldPendings[ xCoreID ] = ( ( BaseType_t ) 0 );
                                     ;
-// # 4068 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4079 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             /* Check for stack overflow, if configured. */
             { const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } };
 
@@ -12947,7 +12958,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
                                    ;
 
             /* After the new task is switched in, update the global errno. */
-// # 4102 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4113 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
     }
     vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 0 ));
@@ -12958,7 +12969,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
 void vTaskPlaceOnEventList( List_t * const pxEventList,
                             const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4112, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4123, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH EITHER INTERRUPTS DISABLED OR THE
      * SCHEDULER SUSPENDED AND THE QUEUE BEING ACCESSED LOCKED. */
@@ -12977,11 +12988,11 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                      const TickType_t xItemValue,
                                      const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4131, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4142, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event groups implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4135, "uxSchedulerSuspended != 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4146, "uxSchedulerSuspended != 0") : (void)0);
 
     /* Store the item value in the event list item.  It is safe to access the
      * event list item here as interrupts won't access the event list item of a
@@ -13005,7 +13016,7 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                           TickType_t xTicksToWait,
                                           const BaseType_t xWaitIndefinitely )
     {
-        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4159, "pxEventList") : (void)0);
+        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4170, "pxEventList") : (void)0);
 
         /* This function should not be called by application code hence the
          * 'Restricted' in its name.  It is not part of the public API.  It is
@@ -13053,14 +13064,14 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
      * This function assumes that a check has already been made to ensure that
      * pxEventList is not empty. */
     pxUnblockedTCB = ( ( &( ( pxEventList )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4207, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4218, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( &( pxUnblockedTCB->xEventListItem ) );
 
     if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
     {
         ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) );
         ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ;
-// # 4228 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4239 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
     else
     {
@@ -13090,7 +13101,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event flags implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4257, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4268, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
 
     /* Store the new item value in the event list. */
     ( ( pxEventListItem )->xItemValue = ( xItemValue | 0x80000000UL ) );
@@ -13098,9 +13109,9 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
     /* Remove the event list form the event flag.  Interrupts do not access
      * event flags. */
     pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4265, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4276, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( pxEventListItem );
-// # 4282 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4293 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Remove the task from the delayed list and add it to the ready list.  The
      * scheduler is suspended so interrupts will not be accessing the ready
      * lists. */
@@ -13119,7 +13130,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
 void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut )
 {
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4300, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4311, "pxTimeOut") : (void)0);
     vTaskEnterCritical();
     {
         pxTimeOut->xOverflowCount = xNumOfOverflows;
@@ -13142,8 +13153,8 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
 {
     BaseType_t xReturn;
 
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4323, "pxTimeOut") : (void)0);
-    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4324, "pxTicksToWait") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4334, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4335, "pxTicksToWait") : (void)0);
 
     vTaskEnterCritical();
     {
@@ -13265,7 +13276,7 @@ void vTaskMissedYield( void )
  *
  * @todo additional conditional compiles to remove this function.
  */
-// # 4506 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4517 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * -----------------------------------------------------------
  * The Idle task.
@@ -13295,7 +13306,7 @@ static void prvIdleTask( void * pvParameters )
         /* See if any tasks have deleted themselves - if so then the idle task
          * is responsible for freeing the deleted task's TCB and stack. */
         prvCheckTasksWaitingTermination();
-// # 4547 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4558 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 /* When using preemption tasks of equal priority will be
                  * timesliced.  If a task that is sharing the idle priority is ready
@@ -13316,16 +13327,16 @@ static void prvIdleTask( void * pvParameters )
                                             ;
                 }
             }
-// # 4583 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4594 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         /* This conditional compilation should use inequality to 0, not equality
          * to 1.  This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when
          * user defined low power mode  implementations require
          * configUSE_TICKLESS_IDLE to be set to a value other than 1. */
-// # 4648 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4659 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 }
 /*-----------------------------------------------------------*/
-// # 4698 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4709 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13339,7 +13350,7 @@ static void prvIdleTask( void * pvParameters )
         if( xIndex < 5 )
         {
             pxTCB = ( ( ( xTaskToSet ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSet ) );
-            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4711, "pxTCB != 0") : (void)0);
+            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4722, "pxTCB != 0") : (void)0);
             pxTCB->pvThreadLocalStoragePointers[ xIndex ] = pvValue;
         }
     }
@@ -13370,7 +13381,7 @@ static void prvIdleTask( void * pvParameters )
 
 
 /*-----------------------------------------------------------*/
-// # 4758 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4769 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvInitialiseTaskLists( void )
@@ -13472,7 +13483,7 @@ static void prvCheckTasksWaitingTermination( void )
             {
                 pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority;
             }
-// # 4870 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4881 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 pxTaskStatus->ulRunTimeCounter = 0;
             }
@@ -13603,7 +13614,7 @@ static void prvCheckTasksWaitingTermination( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5039 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5050 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13660,7 +13671,7 @@ static void prvCheckTasksWaitingTermination( void )
                 free( (void*) pxTCB->pxStack);
                 free( (void*) pxTCB);
             }
-// # 5122 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5133 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 
 
@@ -13865,8 +13876,8 @@ static void prvResetNextTaskUnblockTime( void )
              * If the mutex is held by a task then it cannot be given from an
              * interrupt, and if a mutex is given by the holding task then it must
              * be the running state task. */
-            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5326, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5327, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5337, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5338, "pxTCB->uxMutexesHeld") : (void)0);
             ( pxTCB->uxMutexesHeld )--;
 
             /* Has the holder of the mutex inherited the priority of another
@@ -13952,7 +13963,7 @@ static void prvResetNextTaskUnblockTime( void )
         {
             /* If pxMutexHolder is not NULL then the holder must hold at least
              * one mutex. */
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5413, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5424, "pxTCB->uxMutexesHeld") : (void)0);
 
             /* Determine the priority to which the priority of the task that
              * holds the mutex should be set.  This will be the greater of the
@@ -13979,7 +13990,7 @@ static void prvResetNextTaskUnblockTime( void )
                     /* If a task has timed out because it already holds the
                      * mutex it was trying to obtain then it cannot of inherited
                      * its own priority. */
-                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5440, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
+                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5451, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
 
                     /* Disinherit the priority, remembering the previous
                      * priority to facilitate determining the subject task's
@@ -14110,7 +14121,7 @@ void vTaskYieldWithinAPI( void )
         {
             /* If pxCurrentTCB->uxCriticalNesting is zero then this function
              * does not match a previous call to vTaskEnterCritical(). */
-            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5571, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5582, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
 
             if( xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U )
             {
@@ -14160,11 +14171,11 @@ void vTaskYieldWithinAPI( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5647 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5658 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 5753 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5764 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
-// # 5880 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5891 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 TickType_t uxTaskResetEventItemValue( void )
@@ -14206,7 +14217,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         uint32_t ulReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5921, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5932, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14280,7 +14291,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5995, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6006, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14368,8 +14379,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         uint8_t ucOriginalNotifyState;
 
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6083, "uxIndexToNotify < 1") : (void)0);
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6084, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6094, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6095, "xTaskToNotify") : (void)0);
         pxTCB = xTaskToNotify;
 
         vTaskEnterCritical();
@@ -14422,7 +14433,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6137, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6148, "xTickCount == ( TickType_t ) 0") : (void)0);
 
                     break;
             }
@@ -14437,8 +14448,8 @@ TickType_t uxTaskResetEventItemValue( void )
                 ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
 
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6152, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
-// # 6171 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6163, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+// # 6182 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         prvYieldForTask( pxTCB, ( ( BaseType_t ) 0 ) );
                     }
@@ -14471,8 +14482,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6203, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6204, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6214, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6215, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14543,7 +14554,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6275, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6286, "xTickCount == ( TickType_t ) 0") : (void)0);
                     break;
             }
 
@@ -14554,7 +14565,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6286, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6297, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -14599,8 +14610,8 @@ TickType_t uxTaskResetEventItemValue( void )
         uint8_t ucOriginalNotifyState;
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6331, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6332, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6342, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6343, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14638,7 +14649,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6370, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6381, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -14679,7 +14690,7 @@ TickType_t uxTaskResetEventItemValue( void )
         TCB_t * pxTCB;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6411, "uxIndexToClear < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6422, "uxIndexToClear < 1") : (void)0);
 
         /* If null is passed in here then it is the calling task that is having
          * its notification state cleared. */
@@ -14732,7 +14743,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
 
 /*-----------------------------------------------------------*/
-// # 6480 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6491 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
@@ -14808,7 +14819,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                 }
             }
         }
-// # 6592 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6603 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 
 /* Code below here allows additional code to be inserted into this source file,
diff --git a/verification/verifast/proof/task_predicates.h b/verification/verifast/proof/task_predicates.h
index 71767c6863c..3226e58f125 100644
--- a/verification/verifast/proof/task_predicates.h
+++ b/verification/verifast/proof/task_predicates.h
@@ -26,7 +26,7 @@ predicate TCB_p(TCB_t * tcb, int stackSize) =
     tcb->xTaskRunState |-> _ &*&
     tcb->xIsIdle |-> _ &*&
     
-    // pcTaskName
+    // Assumes macro `configMAX_TASK_NAME_LEN` evaluates to 16.
     chars_(tcb->pcTaskName, 16, _) &*&
 
     tcb->uxCriticalNesting |-> _ &*&

From 40931d229d09eaf6a9bec6941d1ecd6d05dea8cd Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Tue, 25 Oct 2022 16:56:28 -0400
Subject: [PATCH 061/289] Justified `memset` of TCB fields in
 `prvInitialiseNewTask`.

Fields: `pxNewTCB->ucNotifyState` and `pxNewTCB->ulNotifiedValue`
---
 include/list.h                                |   2 +
 tasks.c                                       |  24 +
 .../verifast/preprocessed_files/tasks--pp.c   | 541 ++++++++++--------
 verification/verifast/proof/task_predicates.h |   6 +-
 .../proof/verifast_prelude_extended.h         |  53 ++
 5 files changed, 394 insertions(+), 232 deletions(-)
 create mode 100644 verification/verifast/proof/verifast_prelude_extended.h

diff --git a/include/list.h b/include/list.h
index 0491e057ff0..177c3daf76f 100644
--- a/include/list.h
+++ b/include/list.h
@@ -400,6 +400,8 @@ void vListInitialise( List_t * const pxList ) PRIVILEGED_FUNCTION;
  * \ingroup LinkedList
  */
 void vListInitialiseItem( ListItem_t * const pxItem ) PRIVILEGED_FUNCTION;
+//@ requires true;
+//@ ensures true;
 
 /*
  * Insert a list item into a list.  The item will be inserted into the list in
diff --git a/tasks.c b/tasks.c
index dccc3003a2b..f93ad8575b3 100644
--- a/tasks.c
+++ b/tasks.c
@@ -29,6 +29,7 @@
     #include "verifast_proof_defs.h"
     #include "task_predicates.h"
     #include "verifast_RP2040_axioms.h"
+    #include "verifast_prelude_extended.h"
 #endif
 
 /* Standard includes. */
@@ -1546,6 +1547,11 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
              * string is not accessible (extremely unlikely). */
             if( pcName[ x ] == ( char ) 0x00 )
             {
+                /* TODO: Why does VeriFast not report a loop invariant
+                 *       violation when we don't close the predicate?
+                 *       This seems like a bug.
+                 */
+                //@ close TCB_p(_, _);
                 break;
             }
             else
@@ -1555,15 +1561,19 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             //@ close TCB_p(_, _);
         }
 
+        //@ open TCB_p(_, _);
         /* Ensure the name string is terminated in the case that the string length
          * was greater or equal to configMAX_TASK_NAME_LEN. */
         pxNewTCB->pcTaskName[ configMAX_TASK_NAME_LEN - 1 ] = '\0';
+        //@ close TCB_p(_, _);
     }
     else
     {
+        //@ open TCB_p(_, _);
         /* The task has not been given a name, so just ensure there is a NULL
          * terminator when it is read out. */
         pxNewTCB->pcTaskName[ 0 ] = 0x00;
+        //@ close TCB_p(_, _);
     }
 
     /* This is used as an array index so must ensure it's not too large.  First
@@ -1577,6 +1587,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         mtCOVERAGE_TEST_MARKER();
     }
 
+    //@ open TCB_p(_, _);
     pxNewTCB->uxPriority = uxPriority;
     #if ( configUSE_MUTEXES == 1 )
         {
@@ -1584,10 +1595,13 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             pxNewTCB->uxMutexesHeld = 0;
         }
     #endif /* configUSE_MUTEXES */
+    //@ close TCB_p(_, _);
 
     vListInitialiseItem( &( pxNewTCB->xStateListItem ) );
     vListInitialiseItem( &( pxNewTCB->xEventListItem ) );
 
+    //@ open TCB_p(_, _);
+
     /* Set the pxNewTCB as a link back from the ListItem_t.  This is so we can get
      * back to  the containing TCB from a generic item in a list. */
     listSET_LIST_ITEM_OWNER( &( pxNewTCB->xStateListItem ), pxNewTCB );
@@ -1627,12 +1641,20 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 
     #if ( configNUM_THREAD_LOCAL_STORAGE_POINTERS != 0 )
         {
+            //@ pointers__to_chars_(pxNewTCB->pvThreadLocalStoragePointers);
+            //@ assert(chars_((char*) pxNewTCB->pvThreadLocalStoragePointers, _, _));
+            //@ assert(chars_(_, sizeof( pxNewTCB->pvThreadLocalStoragePointers ), _));
             memset( ( void * ) &( pxNewTCB->pvThreadLocalStoragePointers[ 0 ] ), 0x00, sizeof( pxNewTCB->pvThreadLocalStoragePointers ) );
         }
     #endif
 
     #if ( configUSE_TASK_NOTIFICATIONS == 1 )
         {
+            ///@ assert( integers__(pxNewTCB->ulNotifiedValue, _, _, 1, _) );
+            ///@ integers___to_integers_(pxNewTCB->ulNotifiedValue);
+        	///@ integers__to_chars(pxNewTCB->ulNotifiedValue);
+            //@integers___to_integers_(pxNewTCB->ulNotifiedValue);
+            //@ integers__to_chars(pxNewTCB->ulNotifiedValue);
             memset( ( void * ) &( pxNewTCB->ulNotifiedValue[ 0 ] ), 0x00, sizeof( pxNewTCB->ulNotifiedValue ) );
             memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) );
         }
@@ -1748,6 +1770,8 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
     {
         mtCOVERAGE_TEST_MARKER();
     }
+
+    //@ close TCB_p(_, _);
 }
 /*-----------------------------------------------------------*/
 
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index 2a72892db20..650a8b4d4a2 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -109,9 +109,11 @@ predicate TCB_p(TCB_t * tcb, int stackSize) =
     tcb->uxMutexesHeld |-> _ &*&
 
     // void * pvThreadLocalStoragePointers[ 5 ];
-    pointers_(tcb->pvThreadLocalStoragePointers, _, _) &*&
+    pointers_(tcb->pvThreadLocalStoragePointers, 5, _) &*&
 
-    integers__(tcb->ulNotifiedValue, _, _, _, _) &*&
+    // We assume that the macro `configTASK_NOTIFICATION_ARRAY_ENTRIES`
+    // evaluates to 1.
+    integers__(tcb->ulNotifiedValue, 4, false, 1, _) &*&
     
     uchars_(tcb->ucNotifyState, 1, _) &*&
 
@@ -151,6 +153,59 @@ requires true;
 ensures 0 <= (int) ptr &*& (int) ptr <= 4294967295;
 @*/
 // # 32 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/verifast_prelude_extended.h" 1
+
+
+
+/* This file contains axioms that would naturally fit into prelude.h
+ * but are missing.
+ */
+
+/* Reminder:
+
+predicate chars_(char *array, int count; list > cs) =
+    count == 0 ?
+        cs == nil
+    :
+        char_(array, ?c) &*& chars_(array + 1, count - 1, ?cs0) &*& cs == cons(c, cs0);
+
+predicate chars(char *array, int count; list cs) =
+    count == 0 ?
+        cs == nil
+    :
+        character(array, ?c) &*& chars(array + 1, count - 1, ?cs0) &*& cs == cons(c, cs0);
+
+
+lemma_auto void chars__to_chars(char *array);
+    requires [?f]chars_(array, ?count, ?cs) &*& cs == map(some, map(the, cs));
+    ensures [f]chars(array, count, map(the, cs));
+
+
+
+predicate integers__(void *p, int size, bool signed_, int count; list > vs) =
+    count == 0 ?
+        vs == nil
+    :
+        integer__(p, size, signed_, ?v0) &*& integers__(p + size, size, signed_, count - 1, ?vs0) &*& vs == cons(v0, vs0);
+
+predicate integers_(void *p, int size, bool signed_, int count; list vs) =
+    count == 0 ?
+        vs == nil
+    :
+        integer_(p, size, signed_, ?v0) &*& integers_(p + size, size, signed_, count - 1, ?vs0) &*& vs == cons(v0, vs0);
+
+
+ */
+
+
+
+
+/*@
+lemma_auto void integers___to_integers_(void *p);
+    requires [?f]integers__(p, ?size, ?signed_, ?count, _);
+    ensures [f]integers_(p, size, signed_, count, _);
+@*/
+// # 33 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
 
 /* Standard includes. */
@@ -173,40 +228,40 @@ typedef intptr_t ptrdiff_t;
 typedef intptr_t ssize_t;
 // # 5 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/malloc.h" 2
 
-/*@
-
-// In Standard C, freeing a null pointer is allowed and is a no-op.
-lemma_auto void malloc_block_null();
-    requires emp;
-    ensures malloc_block(0, 0);
-
-lemma void malloc_block_limits(void *array);
-    requires [?f]malloc_block(array, ?size);
-    ensures [f]malloc_block(array, size) &*& (void *)0 <= array &*& 0 <= size &*& array + size <= (void *)UINTPTR_MAX;
-
+/*@
+
+// In Standard C, freeing a null pointer is allowed and is a no-op.
+lemma_auto void malloc_block_null();
+    requires emp;
+    ensures malloc_block(0, 0);
+
+lemma void malloc_block_limits(void *array);
+    requires [?f]malloc_block(array, ?size);
+    ensures [f]malloc_block(array, size) &*& (void *)0 <= array &*& 0 <= size &*& array + size <= (void *)UINTPTR_MAX;
+
 @*/
 
 void *malloc(size_t size);
     //@ requires true;
-    /*@
-    ensures
-        result == 0 ?
-            emp
-        :
-            chars_(result, size, _) &*& malloc_block(result, size) &*&
-            (char *)0 < result && result + size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
+    /*@
+    ensures
+        result == 0 ?
+            emp
+        :
+            chars_(result, size, _) &*& malloc_block(result, size) &*&
+            (char *)0 < result && result + size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
     @*/
     //@ terminates;
 
 void *calloc(size_t nmemb, size_t size);
     //@ requires true;
-    /*@
-    ensures
-        result == 0 ?
-            emp
-        :
-            chars(result, nmemb * size, ?cs) &*& malloc_block(result, nmemb * size) &*& all_eq(cs, 0) == true &*&
-            (char *)0 < result && result + nmemb * size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
+    /*@
+    ensures
+        result == 0 ?
+            emp
+        :
+            chars(result, nmemb * size, ?cs) &*& malloc_block(result, nmemb * size) &*& all_eq(cs, 0) == true &*&
+            (char *)0 < result && result + nmemb * size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
     @*/
     //@ terminates;
 
@@ -217,16 +272,16 @@ void free(void *array);
 
 void *realloc(void *array, size_t newSize);
     //@ requires malloc_block(array, ?size) &*& chars(array, size, ?cs);
-    /*@
-    ensures
-        result == 0 ?
-            malloc_block(array, size) &*& chars(array, size, cs)
-        :
-            malloc_block(result, newSize) &*&
-            newSize <= size ?
-                chars(result, _, take(newSize, cs))
-            :
-                chars(result, _, cs) &*& chars(result + size, newSize - size, _);
+    /*@
+    ensures
+        result == 0 ?
+            malloc_block(array, size) &*& chars(array, size, cs)
+        :
+            malloc_block(result, newSize) &*&
+            newSize <= size ?
+                chars(result, _, take(newSize, cs))
+            :
+                chars(result, _, cs) &*& chars(result + size, newSize - size, _);
     @*/
     //@ terminates;
 // # 6 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdlib.h" 2
@@ -255,7 +310,7 @@ long long llabs(long long x);
     //@ requires LLONG_MIN < x;
     //@ ensures result == abs(x);
     //@ terminates;
-// # 36 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 37 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/string.h" 1
 
 
@@ -271,21 +326,21 @@ void memcpy(void *array, void *array0, size_t count);
     //@ ensures chars(array, count, cs0) &*& [f]chars(array0, count, cs0);
 
 void memmove(void *dest, void *src, size_t count);
-    /*@
-    requires
-        chars(src, count, ?cs) &*&
-        dest <= src ?
-            chars(dest, src - dest, _)
-        :
-            chars(src + count, dest - src, _);
+    /*@
+    requires
+        chars(src, count, ?cs) &*&
+        dest <= src ?
+            chars(dest, src - dest, _)
+        :
+            chars(src + count, dest - src, _);
     @*/
-    /*@
-    ensures
-        chars(dest, count, cs) &*&
-        dest <= src ?
-            chars(dest + count, src - dest, _)
-        :
-            chars(src, dest - src, _);
+    /*@
+    ensures
+        chars(dest, count, cs) &*&
+        dest <= src ?
+            chars(dest + count, src - dest, _)
+        :
+            chars(src, dest - src, _);
     @*/
 
 size_t strlen(char *string);
@@ -306,15 +361,15 @@ char *memchr(char *array, char c, size_t count);
 
 char* strchr(char *str, char c);
     //@ requires [?f]string(str, ?cs);
-    /*@ ensures
-            [f]string(str, cs) &*&
-            c == 0 ? 
-                result == str + length(cs)
-            : 
-                result == 0 ?
-                    mem(c, cs) == false
-                :
-                    mem(c, cs) == true &*& result == str + index_of(c, cs);
+    /*@ ensures
+            [f]string(str, cs) &*&
+            c == 0 ? 
+                result == str + length(cs)
+            : 
+                result == 0 ?
+                    mem(c, cs) == false
+                :
+                    mem(c, cs) == true &*& result == str + index_of(c, cs);
     @*/
 
 void* memset(void *array, char value, size_t size);
@@ -324,7 +379,7 @@ void* memset(void *array, char value, size_t size);
 char *strdup(char *string);
     //@ requires [?f]string(string, ?cs);
     //@ ensures [f]string(string, cs) &*& result == 0 ? true : string(result, cs) &*& malloc_block_chars(result, length(cs) + 1);
-// # 37 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 38 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
 /* Defining MPU_WRAPPERS_INCLUDED_FROM_API_FILE prevents task.h from redefining
  * all the API functions to use the MPU wrappers.  That should only be done when
@@ -648,33 +703,33 @@ typedef void (* TaskFunction_t)( void * );
  * must be set in the compiler's include path. */
 
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 1
-/*
- * FreeRTOS SMP Kernel V202110.00
- * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
- * Copyright (c) 2021 Raspberry Pi (Trading) Ltd.
- *
- * SPDX-License-Identifier: MIT AND BSD-3-Clause
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy of
- * this software and associated documentation files (the "Software"), to deal in
- * the Software without restriction, including without limitation the rights to
- * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
- * the Software, and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
- * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
- * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
- * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
- * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- *
- * https://www.FreeRTOS.org
- * https://github.com/FreeRTOS
- *
+/*
+ * FreeRTOS SMP Kernel V202110.00
+ * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
+ * Copyright (c) 2021 Raspberry Pi (Trading) Ltd.
+ *
+ * SPDX-License-Identifier: MIT AND BSD-3-Clause
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of
+ * this software and associated documentation files (the "Software"), to deal in
+ * the Software without restriction, including without limitation the rights to
+ * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+ * the Software, and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+ * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+ * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * https://www.FreeRTOS.org
+ * https://github.com/FreeRTOS
+ *
  */
 // # 37 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico.h" 1
@@ -4375,14 +4430,14 @@ int spin_lock_claim_unused(bool required);
 bool spin_lock_is_claimed(uint lock_num);
 // # 39 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 2
 
-/*-----------------------------------------------------------
- * Port specific definitions.
- *
- * The settings in this file configure FreeRTOS correctly for the
- * given hardware and compiler.
- *
- * These settings should not be altered.
- *-----------------------------------------------------------
+/*-----------------------------------------------------------
+ * Port specific definitions.
+ *
+ * The settings in this file configure FreeRTOS correctly for the
+ * given hardware and compiler.
+ *
+ * These settings should not be altered.
+ *-----------------------------------------------------------
  */
 
 /* Type definitions. */
@@ -4398,7 +4453,7 @@ bool spin_lock_is_claimed(uint lock_num);
         typedef uint32_t TickType_t;
 
 
-/* 32-bit tick type on a 32-bit architecture, so reads of the tick count do
+/* 32-bit tick type on a 32-bit architecture, so reads of the tick count do
  * not need to be guarded with a critical section. */
 
 
@@ -4409,13 +4464,13 @@ bool spin_lock_is_claimed(uint lock_num);
 
 
 
-        /* Reason for rewrite: VeriFast does not support the attriibute `used`. 
+        /* Reason for rewrite: VeriFast does not support the attriibute `used`. 
          */
 
 
 
 
-    /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config,
+    /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config,
      * as our FreeRTOSConfig.h header cannot be included by ASM code - which is what this affects in the SDK */
 
 
@@ -4480,11 +4535,11 @@ bool spin_lock_is_claimed(uint lock_num);
 
 
 
-    /* Note this is a single method with uxAcquire parameter since we have
-     * static vars, the method is always called with a compile time constant for
+    /* Note this is a single method with uxAcquire parameter since we have
+     * static vars, the method is always called with a compile time constant for
      * uxAcquire, and the compiler should dothe right thing! */
 
-        /* Reason for rewrite: VeriFast does not support local static variables.
+        /* Reason for rewrite: VeriFast does not support local static variables.
          */
 // # 226 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
 /*-----------------------------------------------------------*/
@@ -5092,7 +5147,7 @@ typedef StaticStreamBuffer_t StaticMessageBuffer_t;
 
 
 /* *INDENT-ON* */
-// # 45 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 46 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/task.h" 1
 /*
  * FreeRTOS SMP Kernel V202110.00
@@ -5505,6 +5560,8 @@ void vListInitialise( List_t * const pxList ) ;
  * \ingroup LinkedList
  */
 void vListInitialiseItem( ListItem_t * const pxItem ) ;
+//@ requires true;
+//@ ensures true;
 
 /*
  * Insert a list item into a list.  The item will be inserted into the list in
@@ -8609,7 +8666,7 @@ void vTaskYieldWithinAPI( void );
 
 
 /* *INDENT-ON* */
-// # 46 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 47 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/timers.h" 1
 /*
  * FreeRTOS SMP Kernel V202110.00
@@ -9950,7 +10007,7 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
 
 
 /* *INDENT-ON* */
-// # 47 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 48 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/stack_macros.h" 1
 /*
  * FreeRTOS SMP Kernel V202110.00
@@ -10011,7 +10068,7 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
 /*-----------------------------------------------------------*/
 
 /* Remove stack overflow macro if not being used. */
-// # 48 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 49 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
 
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_asm.h" 1
@@ -10039,7 +10096,7 @@ bool assert_fct(bool b)
  * VeriFast does not support embedding block statements that consist of
  * multiple elemts in expression contexts, e.g., `({e1; e2})`.
  */
-// # 51 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 52 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
 
 /* Lint e9021, e961 and e750 are suppressed as a MISRA exception justified
@@ -10050,7 +10107,7 @@ bool assert_fct(bool b)
 
 /* Set configUSE_STATS_FORMATTING_FUNCTIONS to 2 to include the stats formatting
  * functions but without including stdio.h here. */
-// # 79 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 80 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /* Values that can be assigned to the ucNotifyState member of the TCB. */
 
 
@@ -10107,18 +10164,18 @@ bool assert_fct(bool b)
 
 /* uxTopReadyPriority holds the priority of the highest priority ready
  * state task. */
-// # 143 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 144 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /*-----------------------------------------------------------*/
 
 /* Define away taskRESET_READY_PRIORITY() and portRESET_READY_PRIORITY() as
  * they are only required when a port optimised method of task selection is
  * being used. */
-// # 177 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 178 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 /* pxDelayedTaskList and pxOverflowDelayedTaskList are switched when the tick
  * count overflows. */
-// # 195 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 196 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 /*
@@ -10173,7 +10230,7 @@ typedef BaseType_t TaskRunning_t;
 typedef struct tskTaskControlBlock /* The old naming convention is used to prevent breaking kernel aware debuggers. */
 {
     volatile StackType_t * pxTopOfStack; /*< Points to the location of the last item placed on the tasks stack.  THIS MUST BE THE FIRST MEMBER OF THE TCB STRUCT. */
-// # 258 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 259 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     ListItem_t xStateListItem; /*< The list that the state list item of a task is reference from denotes the state of that task (Ready, Blocked, Suspended ). */
     ListItem_t xEventListItem; /*< Used to reference a task from an event list. */
     UBaseType_t uxPriority; /*< The priority of the task.  0 is the lowest priority. */
@@ -10181,7 +10238,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve
     volatile TaskRunning_t xTaskRunState; /*< Used to identify the core the task is running on, if any. */
     BaseType_t xIsIdle; /*< Used to identify the idle tasks. */
     char pcTaskName[ 16 ]; /*< Descriptive name given to the task when created.  Facilitates debugging only. */ /*lint !e971 Unqualified char types are allowed for strings and single characters only. */
-// # 275 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 276 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         UBaseType_t uxCriticalNesting; /*< Holds the critical section nesting depth for ports that do not maintain their own count in the port layer. */
 
 
@@ -10201,7 +10258,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve
 
 
         void * pvThreadLocalStoragePointers[ 5 ];
-// # 315 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 316 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         volatile uint32_t ulNotifiedValue[ 1 ];
         volatile uint8_t ucNotifyState[ 1 ];
 
@@ -10292,7 +10349,7 @@ const volatile UBaseType_t uxTopUsedPriority = 32 - 1U;
  * must not be done by an ISR. Reads must be protected by either lock and may be done by
  * either an ISR or a task. */
                 static volatile UBaseType_t uxSchedulerSuspended = ( UBaseType_t ) ( ( BaseType_t ) 0 );
-// # 415 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 416 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*lint -restore */
 
 /*-----------------------------------------------------------*/
@@ -10445,7 +10502,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
  * will exit the Blocked state.
  */
 static void prvResetNextTaskUnblockTime( void ) ;
-// # 579 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 580 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * Called after a Task_t structure has been allocated either statically or
  * dynamically to fill in the structure's members.
@@ -10477,9 +10534,9 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) ;
 
 
 /*-----------------------------------------------------------*/
-// # 629 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 630 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 712 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 713 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvYieldCore( BaseType_t xCoreID )
@@ -10521,8 +10578,8 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
     /* THIS FUNCTION MUST BE CALLED FROM A CRITICAL SECTION */
 
-    (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 753, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
-// # 766 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+    (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 754, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+// # 767 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     xLowestPriority = ( BaseType_t ) pxTCB->uxPriority;
 
     if( xPreemptEqualPriority == ( ( BaseType_t ) 0 ) )
@@ -10561,7 +10618,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
             {
                                         ;
             }
-// # 820 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 821 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
         else
         {
@@ -10574,7 +10631,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
         prvYieldCore( xLowestPriorityCore );
         xYieldCount++;
     }
-// # 840 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 841 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 /*-----------------------------------------------------------*/
 
@@ -10585,10 +10642,10 @@ static void prvYieldForTask( TCB_t * pxTCB,
         UBaseType_t uxCurrentPriority = uxTopReadyPriority;
         BaseType_t xTaskScheduled = ( ( BaseType_t ) 0 );
         BaseType_t xDecrementTopPriority = ( ( BaseType_t ) 1 );
-// # 858 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 859 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         while( xTaskScheduled == ( ( BaseType_t ) 0 ) )
         {
-// # 872 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 873 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             if( ( ( ( &( pxReadyTasksLists[ uxCurrentPriority ] ) )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) == ( ( BaseType_t ) 0 ) )
             {
 
@@ -10626,7 +10683,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     pxTCB = pxTaskItem->pvOwner;
 
                     /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */
-// # 925 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 926 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     if( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -1 ) )
                     {
 
@@ -10647,7 +10704,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     }
                     else if( pxTCB == pxCurrentTCBs[ xCoreID ] )
                     {
-                        (__builtin_expect(!(( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 945, "( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )") : (void)0);
+                        (__builtin_expect(!(( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 946, "( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )") : (void)0);
 
 
 
@@ -10691,21 +10748,21 @@ static void prvYieldForTask( TCB_t * pxTCB,
                 return ( ( BaseType_t ) 0 );
             }
 
-            (__builtin_expect(!(( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 989, "( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )") : (void)0);
+            (__builtin_expect(!(( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 990, "( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )") : (void)0);
             uxCurrentPriority--;
         }
 
-        (__builtin_expect(!(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 993, "( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )") : (void)0);
-// # 1069 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+        (__builtin_expect(!(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 994, "( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )") : (void)0);
+// # 1070 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         return ( ( BaseType_t ) 1 );
     }
-// # 1085 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1086 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1163 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1164 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1226 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1227 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1292 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1293 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -10722,7 +10779,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                  chars(pcName, 16, _);
      @*/
     //@ ensures true;
-// # 1321 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1322 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     {
         TCB_t * pxNewTCB;
         BaseType_t xReturn;
@@ -10730,7 +10787,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
         /* If the stack grows down then allocate the stack then the TCB so the stack
          * does not grow into the TCB.  Likewise if the stack grows up then allocate
          * the TCB then the stack. */
-// # 1351 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1352 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 StackType_t * pxStack;
 
@@ -10766,9 +10823,9 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
         if( pxNewTCB != 0 )
         {
-// # 1394 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1395 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvInitialiseNewTask( pxTaskCode, pcName, ( uint32_t ) usStackDepth, pvParameters, uxPriority, pxCreatedTask, pxNewTCB, 0 );
-// # 1403 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1404 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvAddNewTaskToReadyList( pxNewTCB );
             xReturn = ( ( ( BaseType_t ) 1 ) );
         }
@@ -10806,7 +10863,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 {
     StackType_t * pxTopOfStack;
     UBaseType_t x;
-// # 1457 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1458 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     //@ open TCB_p(_,_);
 
     /* Avoid dependency on memset() if it is not required. */
@@ -10853,9 +10910,9 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             pxTopOfStack = ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception.  Avoiding casts between pointers and integers is not practical.  Size differences accounted for using portPOINTER_SIZE_TYPE type.  Checked by assert(). */
 
             /* Check the alignment of the calculated top of stack is correct. */
-// # 1517 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1518 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
-// # 1531 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1532 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     //@ close TCB_p(pxNewTCB, stackSize); 
 
     /* Store the task name in the TCB. */
@@ -10874,6 +10931,11 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
              * string is not accessible (extremely unlikely). */
             if( pcName[ x ] == ( char ) 0x00 )
             {
+                /* TODO: Why does VeriFast not report a loop invariant
+                 *       violation when we don't close the predicate?
+                 *       This seems like a bug.
+                 */
+                //@ close TCB_p(_, _);
                 break;
             }
             else
@@ -10883,15 +10945,19 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             //@ close TCB_p(_, _);
         }
 
+        //@ open TCB_p(_, _);
         /* Ensure the name string is terminated in the case that the string length
          * was greater or equal to configMAX_TASK_NAME_LEN. */
         pxNewTCB->pcTaskName[ 16 - 1 ] = '\0';
+        //@ close TCB_p(_, _);
     }
     else
     {
+        //@ open TCB_p(_, _);
         /* The task has not been given a name, so just ensure there is a NULL
          * terminator when it is read out. */
         pxNewTCB->pcTaskName[ 0 ] = 0x00;
+        //@ close TCB_p(_, _);
     }
 
     /* This is used as an array index so must ensure it's not too large.  First
@@ -10905,6 +10971,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
                                 ;
     }
 
+    //@ open TCB_p(_, _);
     pxNewTCB->uxPriority = uxPriority;
 
         {
@@ -10912,10 +10979,13 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             pxNewTCB->uxMutexesHeld = 0;
         }
 
+    //@ close TCB_p(_, _);
 
     vListInitialiseItem( &( pxNewTCB->xStateListItem ) );
     vListInitialiseItem( &( pxNewTCB->xEventListItem ) );
 
+    //@ open TCB_p(_, _);
+
     /* Set the pxNewTCB as a link back from the ListItem_t.  This is so we can get
      * back to  the containing TCB from a generic item in a list. */
     ( ( &( pxNewTCB->xStateListItem ) )->pvOwner = ( void * ) ( pxNewTCB ) );
@@ -10928,7 +10998,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         {
             pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U;
         }
-// # 1622 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1636 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* Avoid compiler warning about unreferenced parameter. */
             ( void ) xRegions;
@@ -10937,30 +11007,39 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 
 
         {
+            //@ pointers__to_chars_(pxNewTCB->pvThreadLocalStoragePointers);
+            //@ assert(chars_((char*) pxNewTCB->pvThreadLocalStoragePointers, _, _));
+            //@ assert(chars_(_, sizeof( pxNewTCB->pvThreadLocalStoragePointers ), _));
             memset( ( void * ) &( pxNewTCB->pvThreadLocalStoragePointers[ 0 ] ), 0x00, sizeof( pxNewTCB->pvThreadLocalStoragePointers ) );
         }
 
 
 
         {
+            ///@ assert( integers__(pxNewTCB->ulNotifiedValue, _, _, 1, _) );
+            ///@ integers___to_integers_(pxNewTCB->ulNotifiedValue);
+         ///@ integers__to_chars(pxNewTCB->ulNotifiedValue);
+            //@integers___to_integers_(pxNewTCB->ulNotifiedValue);
+            //@ integers__to_chars(pxNewTCB->ulNotifiedValue);
             memset( ( void * ) &( pxNewTCB->ulNotifiedValue[ 0 ] ), 0x00, sizeof( pxNewTCB->ulNotifiedValue ) );
+            //@ uchars__to_chars_(pxNewTCB->ucNotifyState);
             memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) );
         }
-// # 1651 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1673 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             pxNewTCB->ucDelayAborted = ( ( BaseType_t ) 0 );
         }
-// # 1669 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1691 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Initialize the TCB stack to look as if the task was already running,
      * but had been interrupted by the scheduler.  The return address is set
      * to the start of the task function. Once the stack has been initialised
      * the top of stack variable is updated. */
-// # 1697 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1719 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* If the port has capability to detect stack overflow,
              * pass the stack end address to the stack initialization
              * function as well. */
-// # 1714 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1736 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                 {
                     pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters );
                 }
@@ -10998,6 +11077,8 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
     {
                                 ;
     }
+
+    //@ close TCB_p(_, _);
 }
 /*-----------------------------------------------------------*/
 
@@ -11169,7 +11250,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
                 if( xTaskRunningOnCore == xCoreID )
                 {
-                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1922, "uxSchedulerSuspended == 0") : (void)0);
+                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1946, "uxSchedulerSuspended == 0") : (void)0);
                     vTaskYieldWithinAPI();
                 }
                 else
@@ -11192,12 +11273,12 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         TickType_t xTimeToWake;
         BaseType_t xAlreadyYielded, xShouldDelay = ( ( BaseType_t ) 0 );
 
-        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1945, "pxPreviousWakeTime") : (void)0);
-        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1946, "( xTimeIncrement > 0U )") : (void)0);
+        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1969, "pxPreviousWakeTime") : (void)0);
+        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1970, "( xTimeIncrement > 0U )") : (void)0);
 
         vTaskSuspendAll();
         {
-            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1950, "uxSchedulerSuspended == 1") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1974, "uxSchedulerSuspended == 1") : (void)0);
 
             /* Minor optimisation.  The tick count cannot change in this
              * block. */
@@ -11283,7 +11364,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         {
             vTaskSuspendAll();
             {
-                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2036, "uxSchedulerSuspended == 1") : (void)0);
+                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2060, "uxSchedulerSuspended == 1") : (void)0);
                                  ;
 
                 /* A task that is removed from the event list while the
@@ -11337,7 +11418,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         const TCB_t * const pxTCB = xTask;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2090, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2114, "pxTCB") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -11513,7 +11594,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         BaseType_t xYieldForTask = ( ( BaseType_t ) 0 );
         BaseType_t xCoreID;
 
-        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2266, "( uxNewPriority < 32 )") : (void)0);
+        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2290, "( uxNewPriority < 32 )") : (void)0);
 
         /* Ensure the new priority is valid. */
         if( uxNewPriority >= ( UBaseType_t ) 32 )
@@ -11667,13 +11748,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
 /*-----------------------------------------------------------*/
-// # 2454 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2478 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2477 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2501 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2495 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2519 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2523 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2547 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -11750,7 +11831,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                     if( xTaskRunningOnCore == 0 )
                     {
                         /* The current task has just been suspended. */
-                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2599, "uxSchedulerSuspended == 0") : (void)0);
+                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2623, "uxSchedulerSuspended == 0") : (void)0);
                         vTaskYieldWithinAPI();
                     }
                     else
@@ -11764,7 +11845,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                 {
                     vTaskExitCritical();
 
-                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2613, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
+                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2637, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
 
                     /* The scheduler is not running, but the task that was pointed
                      * to by pxCurrentTCB has just been suspended and pxCurrentTCB
@@ -11811,7 +11892,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         /* Accesses xPendingReadyList so must be called from a critical section. */
 
         /* It does not make sense to check if the calling task is suspended. */
-        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2660, "xTask") : (void)0);
+        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2684, "xTask") : (void)0);
 
         /* Is the task being resumed actually in the suspended list? */
         if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &xSuspendedTaskList ) ) ? ( ( ( BaseType_t ) 1 ) ) : ( ( ( BaseType_t ) 0 ) ) ) != ( ( BaseType_t ) 0 ) )
@@ -11860,7 +11941,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
         /* It does not make sense to resume the calling task. */
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2709, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2733, "xTaskToResume") : (void)0);
 
         /* The parameter cannot be NULL as it is impossible to resume the
          * currently executing task. It is also impossible to resume a task
@@ -11919,7 +12000,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2768, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2792, "xTaskToResume") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -12040,7 +12121,7 @@ static BaseType_t prvCreateIdleTasks( void )
         {
                                     ;
         }
-// # 2936 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2960 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 if( xCoreID == 0 )
                 {
@@ -12052,7 +12133,7 @@ static BaseType_t prvCreateIdleTasks( void )
                                            ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */
                                            &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */
                 }
-// # 2959 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2983 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             }
 
     }
@@ -12089,7 +12170,7 @@ void vTaskStartScheduler( void )
          * so interrupts will automatically get re-enabled when the first task
          * starts to run. */
         assert_fct(false);
-// # 3009 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3033 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL;
         xSchedulerRunning = ( ( BaseType_t ) 1 );
         xTickCount = ( TickType_t ) 0;
@@ -12121,7 +12202,7 @@ void vTaskStartScheduler( void )
         /* This line will only be reached if the kernel could not be started,
          * because there was not enough FreeRTOS heap to create the idle task
          * or the timer task. */
-        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3040, "xReturn != ( -1 )") : (void)0);
+        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3064, "xReturn != ( -1 )") : (void)0);
     }
 
     /* Prevent compiler warnings if INCLUDE_xTaskGetIdleTaskHandle is set to 0,
@@ -12186,7 +12267,7 @@ void vTaskSuspendAll( void )
     }
 }
 /*----------------------------------------------------------*/
-// # 3167 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3191 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskResumeAll( void )
@@ -12209,7 +12290,7 @@ BaseType_t xTaskResumeAll( void )
 
             /* If uxSchedulerSuspended is zero then this function does not match a
              * previous call to vTaskSuspendAll(). */
-            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3189, "uxSchedulerSuspended") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3213, "uxSchedulerSuspended") : (void)0);
 
             --uxSchedulerSuspended;
             vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 0 ));
@@ -12367,7 +12448,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     /* If null is passed in here then the name of the calling task is being
      * queried. */
     pxTCB = ( ( ( xTaskToQuery ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToQuery ) );
-    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3347, "pxTCB") : (void)0);
+    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3371, "pxTCB") : (void)0);
     return &( pxTCB->pcTaskName[ 0 ] );
 }
 /*-----------------------------------------------------------*/
@@ -12460,7 +12541,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
         TCB_t * pxTCB;
 
         /* Task names will be truncated to configMAX_TASK_NAME_LEN - 1 bytes. */
-        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3440, "strlen( pcNameToQuery ) < 16") : (void)0);
+        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3464, "strlen( pcNameToQuery ) < 16") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12556,7 +12637,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                          * each task in the Suspended state. */
                         uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended );
                     }
-// # 3550 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3574 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         if( pulTotalRunTime != 0 )
                         {
@@ -12584,7 +12665,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     {
         /* If xTaskGetIdleTaskHandle() is called before the scheduler has been
          * started, then xIdleTaskHandle will be NULL. */
-        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3577, "( xIdleTaskHandle != 0 )") : (void)0);
+        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3601, "( xIdleTaskHandle != 0 )") : (void)0);
         return &( xIdleTaskHandle[ 0 ] );
     }
 
@@ -12595,7 +12676,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
  * This is to ensure vTaskStepTick() is available when user defined low power mode
  * implementations require configUSE_TICKLESS_IDLE to be set to a value other than
  * 1. */
-// # 3601 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3625 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
@@ -12604,7 +12685,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
 
     /* Must not be called with the scheduler suspended as the implementation
      * relies on xPendedTicks being wound down to 0 in xTaskResumeAll(). */
-    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3609, "uxSchedulerSuspended == 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3633, "uxSchedulerSuspended == 0") : (void)0);
 
     /* Use xPendedTicks to mimic xTicksToCatchUp number of ticks occurring when
      * the scheduler is suspended so the ticks are executed in xTaskResumeAll(). */
@@ -12623,7 +12704,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
         TCB_t * pxTCB = xTask;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3628, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3652, "pxTCB") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12722,7 +12803,7 @@ BaseType_t xTaskIncrementTick( void )
 
             if( xConstTickCount == ( TickType_t ) 0U ) /*lint !e774 'if' does not always evaluate to false as it is looking for an overflow. */
             {
-                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3727, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
+                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3751, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
             }
             else
             {
@@ -12905,13 +12986,13 @@ BaseType_t xTaskIncrementTick( void )
     return xSwitchRequired;
 }
 /*-----------------------------------------------------------*/
-// # 3939 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
-/*-----------------------------------------------------------*/
 // # 3963 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3988 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3987 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+/*-----------------------------------------------------------*/
+// # 4012 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4021 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4045 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 void vTaskSwitchContext( BaseType_t xCoreID )
@@ -12929,7 +13010,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
     {
         /* vTaskSwitchContext() must never be called from within a critical section.
          * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */
-        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4038, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
+        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4062, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
 
         if( uxSchedulerSuspended != ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
         {
@@ -12941,7 +13022,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
         {
             xYieldPendings[ xCoreID ] = ( ( BaseType_t ) 0 );
                                     ;
-// # 4079 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4103 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             /* Check for stack overflow, if configured. */
             { const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } };
 
@@ -12958,7 +13039,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
                                    ;
 
             /* After the new task is switched in, update the global errno. */
-// # 4113 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4137 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
     }
     vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 0 ));
@@ -12969,7 +13050,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
 void vTaskPlaceOnEventList( List_t * const pxEventList,
                             const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4123, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4147, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH EITHER INTERRUPTS DISABLED OR THE
      * SCHEDULER SUSPENDED AND THE QUEUE BEING ACCESSED LOCKED. */
@@ -12988,11 +13069,11 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                      const TickType_t xItemValue,
                                      const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4142, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4166, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event groups implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4146, "uxSchedulerSuspended != 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4170, "uxSchedulerSuspended != 0") : (void)0);
 
     /* Store the item value in the event list item.  It is safe to access the
      * event list item here as interrupts won't access the event list item of a
@@ -13016,7 +13097,7 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                           TickType_t xTicksToWait,
                                           const BaseType_t xWaitIndefinitely )
     {
-        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4170, "pxEventList") : (void)0);
+        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4194, "pxEventList") : (void)0);
 
         /* This function should not be called by application code hence the
          * 'Restricted' in its name.  It is not part of the public API.  It is
@@ -13064,14 +13145,14 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
      * This function assumes that a check has already been made to ensure that
      * pxEventList is not empty. */
     pxUnblockedTCB = ( ( &( ( pxEventList )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4218, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4242, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( &( pxUnblockedTCB->xEventListItem ) );
 
     if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
     {
         ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) );
         ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ;
-// # 4239 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4263 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
     else
     {
@@ -13101,7 +13182,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event flags implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4268, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4292, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
 
     /* Store the new item value in the event list. */
     ( ( pxEventListItem )->xItemValue = ( xItemValue | 0x80000000UL ) );
@@ -13109,9 +13190,9 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
     /* Remove the event list form the event flag.  Interrupts do not access
      * event flags. */
     pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4276, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4300, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( pxEventListItem );
-// # 4293 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4317 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Remove the task from the delayed list and add it to the ready list.  The
      * scheduler is suspended so interrupts will not be accessing the ready
      * lists. */
@@ -13130,7 +13211,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
 void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut )
 {
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4311, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4335, "pxTimeOut") : (void)0);
     vTaskEnterCritical();
     {
         pxTimeOut->xOverflowCount = xNumOfOverflows;
@@ -13153,8 +13234,8 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
 {
     BaseType_t xReturn;
 
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4334, "pxTimeOut") : (void)0);
-    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4335, "pxTicksToWait") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4358, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4359, "pxTicksToWait") : (void)0);
 
     vTaskEnterCritical();
     {
@@ -13276,7 +13357,7 @@ void vTaskMissedYield( void )
  *
  * @todo additional conditional compiles to remove this function.
  */
-// # 4517 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4541 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * -----------------------------------------------------------
  * The Idle task.
@@ -13306,7 +13387,7 @@ static void prvIdleTask( void * pvParameters )
         /* See if any tasks have deleted themselves - if so then the idle task
          * is responsible for freeing the deleted task's TCB and stack. */
         prvCheckTasksWaitingTermination();
-// # 4558 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4582 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 /* When using preemption tasks of equal priority will be
                  * timesliced.  If a task that is sharing the idle priority is ready
@@ -13327,16 +13408,16 @@ static void prvIdleTask( void * pvParameters )
                                             ;
                 }
             }
-// # 4594 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4618 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         /* This conditional compilation should use inequality to 0, not equality
          * to 1.  This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when
          * user defined low power mode  implementations require
          * configUSE_TICKLESS_IDLE to be set to a value other than 1. */
-// # 4659 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4683 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 }
 /*-----------------------------------------------------------*/
-// # 4709 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4733 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13350,7 +13431,7 @@ static void prvIdleTask( void * pvParameters )
         if( xIndex < 5 )
         {
             pxTCB = ( ( ( xTaskToSet ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSet ) );
-            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4722, "pxTCB != 0") : (void)0);
+            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4746, "pxTCB != 0") : (void)0);
             pxTCB->pvThreadLocalStoragePointers[ xIndex ] = pvValue;
         }
     }
@@ -13381,7 +13462,7 @@ static void prvIdleTask( void * pvParameters )
 
 
 /*-----------------------------------------------------------*/
-// # 4769 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4793 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvInitialiseTaskLists( void )
@@ -13483,7 +13564,7 @@ static void prvCheckTasksWaitingTermination( void )
             {
                 pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority;
             }
-// # 4881 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4905 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 pxTaskStatus->ulRunTimeCounter = 0;
             }
@@ -13614,7 +13695,7 @@ static void prvCheckTasksWaitingTermination( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5050 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5074 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13671,7 +13752,7 @@ static void prvCheckTasksWaitingTermination( void )
                 free( (void*) pxTCB->pxStack);
                 free( (void*) pxTCB);
             }
-// # 5133 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5157 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 
 
@@ -13876,8 +13957,8 @@ static void prvResetNextTaskUnblockTime( void )
              * If the mutex is held by a task then it cannot be given from an
              * interrupt, and if a mutex is given by the holding task then it must
              * be the running state task. */
-            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5337, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5338, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5361, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5362, "pxTCB->uxMutexesHeld") : (void)0);
             ( pxTCB->uxMutexesHeld )--;
 
             /* Has the holder of the mutex inherited the priority of another
@@ -13963,7 +14044,7 @@ static void prvResetNextTaskUnblockTime( void )
         {
             /* If pxMutexHolder is not NULL then the holder must hold at least
              * one mutex. */
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5424, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5448, "pxTCB->uxMutexesHeld") : (void)0);
 
             /* Determine the priority to which the priority of the task that
              * holds the mutex should be set.  This will be the greater of the
@@ -13990,7 +14071,7 @@ static void prvResetNextTaskUnblockTime( void )
                     /* If a task has timed out because it already holds the
                      * mutex it was trying to obtain then it cannot of inherited
                      * its own priority. */
-                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5451, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
+                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5475, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
 
                     /* Disinherit the priority, remembering the previous
                      * priority to facilitate determining the subject task's
@@ -14121,7 +14202,7 @@ void vTaskYieldWithinAPI( void )
         {
             /* If pxCurrentTCB->uxCriticalNesting is zero then this function
              * does not match a previous call to vTaskEnterCritical(). */
-            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5582, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5606, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
 
             if( xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U )
             {
@@ -14171,11 +14252,11 @@ void vTaskYieldWithinAPI( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5658 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5682 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 5764 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5788 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
-// # 5891 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5915 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 TickType_t uxTaskResetEventItemValue( void )
@@ -14217,7 +14298,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         uint32_t ulReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5932, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5956, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14291,7 +14372,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6006, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6030, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14379,8 +14460,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         uint8_t ucOriginalNotifyState;
 
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6094, "uxIndexToNotify < 1") : (void)0);
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6095, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6118, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6119, "xTaskToNotify") : (void)0);
         pxTCB = xTaskToNotify;
 
         vTaskEnterCritical();
@@ -14433,7 +14514,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6148, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6172, "xTickCount == ( TickType_t ) 0") : (void)0);
 
                     break;
             }
@@ -14448,8 +14529,8 @@ TickType_t uxTaskResetEventItemValue( void )
                 ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
 
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6163, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
-// # 6182 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6187, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+// # 6206 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         prvYieldForTask( pxTCB, ( ( BaseType_t ) 0 ) );
                     }
@@ -14482,8 +14563,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6214, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6215, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6238, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6239, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14554,7 +14635,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6286, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6310, "xTickCount == ( TickType_t ) 0") : (void)0);
                     break;
             }
 
@@ -14565,7 +14646,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6297, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6321, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -14610,8 +14691,8 @@ TickType_t uxTaskResetEventItemValue( void )
         uint8_t ucOriginalNotifyState;
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6342, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6343, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6366, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6367, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14649,7 +14730,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6381, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6405, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -14690,7 +14771,7 @@ TickType_t uxTaskResetEventItemValue( void )
         TCB_t * pxTCB;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6422, "uxIndexToClear < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6446, "uxIndexToClear < 1") : (void)0);
 
         /* If null is passed in here then it is the calling task that is having
          * its notification state cleared. */
@@ -14743,7 +14824,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
 
 /*-----------------------------------------------------------*/
-// # 6491 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6515 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
@@ -14819,7 +14900,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                 }
             }
         }
-// # 6603 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6627 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 
 /* Code below here allows additional code to be inserted into this source file,
diff --git a/verification/verifast/proof/task_predicates.h b/verification/verifast/proof/task_predicates.h
index 3226e58f125..443051ea34a 100644
--- a/verification/verifast/proof/task_predicates.h
+++ b/verification/verifast/proof/task_predicates.h
@@ -36,9 +36,11 @@ predicate TCB_p(TCB_t * tcb, int stackSize) =
     tcb->uxMutexesHeld |-> _ &*&
 
     // void * pvThreadLocalStoragePointers[ 5 ];
-    pointers_(tcb->pvThreadLocalStoragePointers, _, _) &*&
+    pointers_(tcb->pvThreadLocalStoragePointers, 5, _) &*&
 
-    integers__(tcb->ulNotifiedValue, _, _, _, _) &*&
+    // We assume that the macro `configTASK_NOTIFICATION_ARRAY_ENTRIES`
+    // evaluates to 1.
+    integers__(tcb->ulNotifiedValue, 4, false, 1, _) &*&
     
     uchars_(tcb->ucNotifyState, 1, _) &*&
 
diff --git a/verification/verifast/proof/verifast_prelude_extended.h b/verification/verifast/proof/verifast_prelude_extended.h
new file mode 100644
index 00000000000..1ac9e819669
--- /dev/null
+++ b/verification/verifast/proof/verifast_prelude_extended.h
@@ -0,0 +1,53 @@
+#ifndef VERIFAST_PRELUDE_EXTENDED_H
+#define VERIFAST_PRELUDE_EXTENDED_H
+
+/* This file contains axioms that would naturally fit into prelude.h
+ * but are missing.
+ */
+
+/* Reminder:
+
+predicate chars_(char *array, int count; list > cs) =
+    count == 0 ?
+        cs == nil
+    :
+        char_(array, ?c) &*& chars_(array + 1, count - 1, ?cs0) &*& cs == cons(c, cs0);
+
+predicate chars(char *array, int count; list cs) =
+    count == 0 ?
+        cs == nil
+    :
+        character(array, ?c) &*& chars(array + 1, count - 1, ?cs0) &*& cs == cons(c, cs0);
+
+
+lemma_auto void chars__to_chars(char *array);
+    requires [?f]chars_(array, ?count, ?cs) &*& cs == map(some, map(the, cs));
+    ensures [f]chars(array, count, map(the, cs));
+
+
+
+predicate integers__(void *p, int size, bool signed_, int count; list > vs) =
+    count == 0 ?
+        vs == nil
+    :
+        integer__(p, size, signed_, ?v0) &*& integers__(p + size, size, signed_, count - 1, ?vs0) &*& vs == cons(v0, vs0);
+
+predicate integers_(void *p, int size, bool signed_, int count; list vs) =
+    count == 0 ?
+        vs == nil
+    :
+        integer_(p, size, signed_, ?v0) &*& integers_(p + size, size, signed_, count - 1, ?vs0) &*& vs == cons(v0, vs0);
+
+
+ */
+
+
+
+
+/*@
+lemma_auto void integers___to_integers_(void *p);
+    requires [?f]integers__(p, ?size, ?signed_, ?count, _);
+    ensures [f]integers_(p, size, signed_, count, _);
+@*/
+
+#endif /* VERIFAST_PRELUDE_EXTENDED_H */
\ No newline at end of file

From a78bc21b26b91166200909d5b4c4556c9505f27c Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Wed, 26 Oct 2022 08:11:47 -0400
Subject: [PATCH 062/289] Simplified proof state in `prvInitialiseNewTask`.

---
 tasks.c                                       |   4 +
 .../verifast/preprocessed_files/tasks--pp.c   | 381 +++++++++---------
 2 files changed, 196 insertions(+), 189 deletions(-)

diff --git a/tasks.c b/tasks.c
index f93ad8575b3..cf993606ae5 100644
--- a/tasks.c
+++ b/tasks.c
@@ -1610,6 +1610,10 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
     listSET_LIST_ITEM_VALUE( &( pxNewTCB->xEventListItem ), ( TickType_t ) configMAX_PRIORITIES - ( TickType_t ) uxPriority ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */
     listSET_LIST_ITEM_OWNER( &( pxNewTCB->xEventListItem ), pxNewTCB );
 
+    // Closing predicates early simplifies the symbolic heap and proof debugging.
+    //@ close xLIST_ITEM(&pxNewTCB->xStateListItem, _, _, _, _);
+    //@ close xLIST_ITEM(&pxNewTCB->xEventListItem, _, _, _, _);
+
     #if ( portCRITICAL_NESTING_IN_TCB == 1 )
         {
             pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U;
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index 650a8b4d4a2..b57d23e4bd6 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -228,40 +228,40 @@ typedef intptr_t ptrdiff_t;
 typedef intptr_t ssize_t;
 // # 5 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/malloc.h" 2
 
-/*@
-
-// In Standard C, freeing a null pointer is allowed and is a no-op.
-lemma_auto void malloc_block_null();
-    requires emp;
-    ensures malloc_block(0, 0);
-
-lemma void malloc_block_limits(void *array);
-    requires [?f]malloc_block(array, ?size);
-    ensures [f]malloc_block(array, size) &*& (void *)0 <= array &*& 0 <= size &*& array + size <= (void *)UINTPTR_MAX;
-
+/*@
+
+// In Standard C, freeing a null pointer is allowed and is a no-op.
+lemma_auto void malloc_block_null();
+    requires emp;
+    ensures malloc_block(0, 0);
+
+lemma void malloc_block_limits(void *array);
+    requires [?f]malloc_block(array, ?size);
+    ensures [f]malloc_block(array, size) &*& (void *)0 <= array &*& 0 <= size &*& array + size <= (void *)UINTPTR_MAX;
+
 @*/
 
 void *malloc(size_t size);
     //@ requires true;
-    /*@
-    ensures
-        result == 0 ?
-            emp
-        :
-            chars_(result, size, _) &*& malloc_block(result, size) &*&
-            (char *)0 < result && result + size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
+    /*@
+    ensures
+        result == 0 ?
+            emp
+        :
+            chars_(result, size, _) &*& malloc_block(result, size) &*&
+            (char *)0 < result && result + size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
     @*/
     //@ terminates;
 
 void *calloc(size_t nmemb, size_t size);
     //@ requires true;
-    /*@
-    ensures
-        result == 0 ?
-            emp
-        :
-            chars(result, nmemb * size, ?cs) &*& malloc_block(result, nmemb * size) &*& all_eq(cs, 0) == true &*&
-            (char *)0 < result && result + nmemb * size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
+    /*@
+    ensures
+        result == 0 ?
+            emp
+        :
+            chars(result, nmemb * size, ?cs) &*& malloc_block(result, nmemb * size) &*& all_eq(cs, 0) == true &*&
+            (char *)0 < result && result + nmemb * size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
     @*/
     //@ terminates;
 
@@ -272,16 +272,16 @@ void free(void *array);
 
 void *realloc(void *array, size_t newSize);
     //@ requires malloc_block(array, ?size) &*& chars(array, size, ?cs);
-    /*@
-    ensures
-        result == 0 ?
-            malloc_block(array, size) &*& chars(array, size, cs)
-        :
-            malloc_block(result, newSize) &*&
-            newSize <= size ?
-                chars(result, _, take(newSize, cs))
-            :
-                chars(result, _, cs) &*& chars(result + size, newSize - size, _);
+    /*@
+    ensures
+        result == 0 ?
+            malloc_block(array, size) &*& chars(array, size, cs)
+        :
+            malloc_block(result, newSize) &*&
+            newSize <= size ?
+                chars(result, _, take(newSize, cs))
+            :
+                chars(result, _, cs) &*& chars(result + size, newSize - size, _);
     @*/
     //@ terminates;
 // # 6 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdlib.h" 2
@@ -326,21 +326,21 @@ void memcpy(void *array, void *array0, size_t count);
     //@ ensures chars(array, count, cs0) &*& [f]chars(array0, count, cs0);
 
 void memmove(void *dest, void *src, size_t count);
-    /*@
-    requires
-        chars(src, count, ?cs) &*&
-        dest <= src ?
-            chars(dest, src - dest, _)
-        :
-            chars(src + count, dest - src, _);
+    /*@
+    requires
+        chars(src, count, ?cs) &*&
+        dest <= src ?
+            chars(dest, src - dest, _)
+        :
+            chars(src + count, dest - src, _);
     @*/
-    /*@
-    ensures
-        chars(dest, count, cs) &*&
-        dest <= src ?
-            chars(dest + count, src - dest, _)
-        :
-            chars(src, dest - src, _);
+    /*@
+    ensures
+        chars(dest, count, cs) &*&
+        dest <= src ?
+            chars(dest + count, src - dest, _)
+        :
+            chars(src, dest - src, _);
     @*/
 
 size_t strlen(char *string);
@@ -361,15 +361,15 @@ char *memchr(char *array, char c, size_t count);
 
 char* strchr(char *str, char c);
     //@ requires [?f]string(str, ?cs);
-    /*@ ensures
-            [f]string(str, cs) &*&
-            c == 0 ? 
-                result == str + length(cs)
-            : 
-                result == 0 ?
-                    mem(c, cs) == false
-                :
-                    mem(c, cs) == true &*& result == str + index_of(c, cs);
+    /*@ ensures
+            [f]string(str, cs) &*&
+            c == 0 ? 
+                result == str + length(cs)
+            : 
+                result == 0 ?
+                    mem(c, cs) == false
+                :
+                    mem(c, cs) == true &*& result == str + index_of(c, cs);
     @*/
 
 void* memset(void *array, char value, size_t size);
@@ -703,33 +703,33 @@ typedef void (* TaskFunction_t)( void * );
  * must be set in the compiler's include path. */
 
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 1
-/*
- * FreeRTOS SMP Kernel V202110.00
- * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
- * Copyright (c) 2021 Raspberry Pi (Trading) Ltd.
- *
- * SPDX-License-Identifier: MIT AND BSD-3-Clause
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy of
- * this software and associated documentation files (the "Software"), to deal in
- * the Software without restriction, including without limitation the rights to
- * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
- * the Software, and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
- * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
- * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
- * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
- * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- *
- * https://www.FreeRTOS.org
- * https://github.com/FreeRTOS
- *
+/*
+ * FreeRTOS SMP Kernel V202110.00
+ * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
+ * Copyright (c) 2021 Raspberry Pi (Trading) Ltd.
+ *
+ * SPDX-License-Identifier: MIT AND BSD-3-Clause
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of
+ * this software and associated documentation files (the "Software"), to deal in
+ * the Software without restriction, including without limitation the rights to
+ * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+ * the Software, and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+ * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+ * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * https://www.FreeRTOS.org
+ * https://github.com/FreeRTOS
+ *
  */
 // # 37 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico.h" 1
@@ -4430,14 +4430,14 @@ int spin_lock_claim_unused(bool required);
 bool spin_lock_is_claimed(uint lock_num);
 // # 39 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 2
 
-/*-----------------------------------------------------------
- * Port specific definitions.
- *
- * The settings in this file configure FreeRTOS correctly for the
- * given hardware and compiler.
- *
- * These settings should not be altered.
- *-----------------------------------------------------------
+/*-----------------------------------------------------------
+ * Port specific definitions.
+ *
+ * The settings in this file configure FreeRTOS correctly for the
+ * given hardware and compiler.
+ *
+ * These settings should not be altered.
+ *-----------------------------------------------------------
  */
 
 /* Type definitions. */
@@ -4453,7 +4453,7 @@ bool spin_lock_is_claimed(uint lock_num);
         typedef uint32_t TickType_t;
 
 
-/* 32-bit tick type on a 32-bit architecture, so reads of the tick count do
+/* 32-bit tick type on a 32-bit architecture, so reads of the tick count do
  * not need to be guarded with a critical section. */
 
 
@@ -4464,13 +4464,13 @@ bool spin_lock_is_claimed(uint lock_num);
 
 
 
-        /* Reason for rewrite: VeriFast does not support the attriibute `used`. 
+        /* Reason for rewrite: VeriFast does not support the attriibute `used`. 
          */
 
 
 
 
-    /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config,
+    /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config,
      * as our FreeRTOSConfig.h header cannot be included by ASM code - which is what this affects in the SDK */
 
 
@@ -4535,11 +4535,11 @@ bool spin_lock_is_claimed(uint lock_num);
 
 
 
-    /* Note this is a single method with uxAcquire parameter since we have
-     * static vars, the method is always called with a compile time constant for
+    /* Note this is a single method with uxAcquire parameter since we have
+     * static vars, the method is always called with a compile time constant for
      * uxAcquire, and the compiler should dothe right thing! */
 
-        /* Reason for rewrite: VeriFast does not support local static variables.
+        /* Reason for rewrite: VeriFast does not support local static variables.
          */
 // # 226 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
 /*-----------------------------------------------------------*/
@@ -10994,11 +10994,15 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
     ( ( &( pxNewTCB->xEventListItem ) )->xItemValue = ( ( TickType_t ) 32 - ( TickType_t ) uxPriority ) ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */
     ( ( &( pxNewTCB->xEventListItem ) )->pvOwner = ( void * ) ( pxNewTCB ) );
 
+    // Closing predicates early simplifies the symbolic heap and proof debugging.
+    //@ close xLIST_ITEM(&pxNewTCB->xStateListItem, _, _, _, _);
+    //@ close xLIST_ITEM(&pxNewTCB->xEventListItem, _, _, _, _);
+
 
         {
             pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U;
         }
-// # 1636 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1640 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* Avoid compiler warning about unreferenced parameter. */
             ( void ) xRegions;
@@ -11022,24 +11026,23 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             //@integers___to_integers_(pxNewTCB->ulNotifiedValue);
             //@ integers__to_chars(pxNewTCB->ulNotifiedValue);
             memset( ( void * ) &( pxNewTCB->ulNotifiedValue[ 0 ] ), 0x00, sizeof( pxNewTCB->ulNotifiedValue ) );
-            //@ uchars__to_chars_(pxNewTCB->ucNotifyState);
             memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) );
         }
-// # 1673 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1677 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             pxNewTCB->ucDelayAborted = ( ( BaseType_t ) 0 );
         }
-// # 1691 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1695 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Initialize the TCB stack to look as if the task was already running,
      * but had been interrupted by the scheduler.  The return address is set
      * to the start of the task function. Once the stack has been initialised
      * the top of stack variable is updated. */
-// # 1719 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1723 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* If the port has capability to detect stack overflow,
              * pass the stack end address to the stack initialization
              * function as well. */
-// # 1736 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1740 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                 {
                     pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters );
                 }
@@ -11250,7 +11253,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
                 if( xTaskRunningOnCore == xCoreID )
                 {
-                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1946, "uxSchedulerSuspended == 0") : (void)0);
+                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1950, "uxSchedulerSuspended == 0") : (void)0);
                     vTaskYieldWithinAPI();
                 }
                 else
@@ -11273,12 +11276,12 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         TickType_t xTimeToWake;
         BaseType_t xAlreadyYielded, xShouldDelay = ( ( BaseType_t ) 0 );
 
-        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1969, "pxPreviousWakeTime") : (void)0);
-        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1970, "( xTimeIncrement > 0U )") : (void)0);
+        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1973, "pxPreviousWakeTime") : (void)0);
+        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1974, "( xTimeIncrement > 0U )") : (void)0);
 
         vTaskSuspendAll();
         {
-            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1974, "uxSchedulerSuspended == 1") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1978, "uxSchedulerSuspended == 1") : (void)0);
 
             /* Minor optimisation.  The tick count cannot change in this
              * block. */
@@ -11364,7 +11367,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         {
             vTaskSuspendAll();
             {
-                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2060, "uxSchedulerSuspended == 1") : (void)0);
+                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2064, "uxSchedulerSuspended == 1") : (void)0);
                                  ;
 
                 /* A task that is removed from the event list while the
@@ -11418,7 +11421,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         const TCB_t * const pxTCB = xTask;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2114, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2118, "pxTCB") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -11594,7 +11597,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         BaseType_t xYieldForTask = ( ( BaseType_t ) 0 );
         BaseType_t xCoreID;
 
-        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2290, "( uxNewPriority < 32 )") : (void)0);
+        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2294, "( uxNewPriority < 32 )") : (void)0);
 
         /* Ensure the new priority is valid. */
         if( uxNewPriority >= ( UBaseType_t ) 32 )
@@ -11748,13 +11751,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
 /*-----------------------------------------------------------*/
-// # 2478 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2482 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2501 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2505 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2519 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2523 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2547 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2551 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -11831,7 +11834,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                     if( xTaskRunningOnCore == 0 )
                     {
                         /* The current task has just been suspended. */
-                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2623, "uxSchedulerSuspended == 0") : (void)0);
+                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2627, "uxSchedulerSuspended == 0") : (void)0);
                         vTaskYieldWithinAPI();
                     }
                     else
@@ -11845,7 +11848,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                 {
                     vTaskExitCritical();
 
-                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2637, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
+                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2641, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
 
                     /* The scheduler is not running, but the task that was pointed
                      * to by pxCurrentTCB has just been suspended and pxCurrentTCB
@@ -11892,7 +11895,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         /* Accesses xPendingReadyList so must be called from a critical section. */
 
         /* It does not make sense to check if the calling task is suspended. */
-        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2684, "xTask") : (void)0);
+        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2688, "xTask") : (void)0);
 
         /* Is the task being resumed actually in the suspended list? */
         if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &xSuspendedTaskList ) ) ? ( ( ( BaseType_t ) 1 ) ) : ( ( ( BaseType_t ) 0 ) ) ) != ( ( BaseType_t ) 0 ) )
@@ -11941,7 +11944,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
         /* It does not make sense to resume the calling task. */
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2733, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2737, "xTaskToResume") : (void)0);
 
         /* The parameter cannot be NULL as it is impossible to resume the
          * currently executing task. It is also impossible to resume a task
@@ -12000,7 +12003,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2792, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2796, "xTaskToResume") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -12121,7 +12124,7 @@ static BaseType_t prvCreateIdleTasks( void )
         {
                                     ;
         }
-// # 2960 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2964 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 if( xCoreID == 0 )
                 {
@@ -12133,7 +12136,7 @@ static BaseType_t prvCreateIdleTasks( void )
                                            ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */
                                            &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */
                 }
-// # 2983 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2987 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             }
 
     }
@@ -12170,7 +12173,7 @@ void vTaskStartScheduler( void )
          * so interrupts will automatically get re-enabled when the first task
          * starts to run. */
         assert_fct(false);
-// # 3033 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3037 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL;
         xSchedulerRunning = ( ( BaseType_t ) 1 );
         xTickCount = ( TickType_t ) 0;
@@ -12202,7 +12205,7 @@ void vTaskStartScheduler( void )
         /* This line will only be reached if the kernel could not be started,
          * because there was not enough FreeRTOS heap to create the idle task
          * or the timer task. */
-        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3064, "xReturn != ( -1 )") : (void)0);
+        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3068, "xReturn != ( -1 )") : (void)0);
     }
 
     /* Prevent compiler warnings if INCLUDE_xTaskGetIdleTaskHandle is set to 0,
@@ -12267,7 +12270,7 @@ void vTaskSuspendAll( void )
     }
 }
 /*----------------------------------------------------------*/
-// # 3191 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3195 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskResumeAll( void )
@@ -12290,7 +12293,7 @@ BaseType_t xTaskResumeAll( void )
 
             /* If uxSchedulerSuspended is zero then this function does not match a
              * previous call to vTaskSuspendAll(). */
-            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3213, "uxSchedulerSuspended") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3217, "uxSchedulerSuspended") : (void)0);
 
             --uxSchedulerSuspended;
             vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 0 ));
@@ -12448,7 +12451,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     /* If null is passed in here then the name of the calling task is being
      * queried. */
     pxTCB = ( ( ( xTaskToQuery ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToQuery ) );
-    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3371, "pxTCB") : (void)0);
+    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3375, "pxTCB") : (void)0);
     return &( pxTCB->pcTaskName[ 0 ] );
 }
 /*-----------------------------------------------------------*/
@@ -12541,7 +12544,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
         TCB_t * pxTCB;
 
         /* Task names will be truncated to configMAX_TASK_NAME_LEN - 1 bytes. */
-        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3464, "strlen( pcNameToQuery ) < 16") : (void)0);
+        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3468, "strlen( pcNameToQuery ) < 16") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12637,7 +12640,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                          * each task in the Suspended state. */
                         uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended );
                     }
-// # 3574 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3578 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         if( pulTotalRunTime != 0 )
                         {
@@ -12665,7 +12668,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     {
         /* If xTaskGetIdleTaskHandle() is called before the scheduler has been
          * started, then xIdleTaskHandle will be NULL. */
-        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3601, "( xIdleTaskHandle != 0 )") : (void)0);
+        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3605, "( xIdleTaskHandle != 0 )") : (void)0);
         return &( xIdleTaskHandle[ 0 ] );
     }
 
@@ -12676,7 +12679,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
  * This is to ensure vTaskStepTick() is available when user defined low power mode
  * implementations require configUSE_TICKLESS_IDLE to be set to a value other than
  * 1. */
-// # 3625 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3629 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
@@ -12685,7 +12688,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
 
     /* Must not be called with the scheduler suspended as the implementation
      * relies on xPendedTicks being wound down to 0 in xTaskResumeAll(). */
-    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3633, "uxSchedulerSuspended == 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3637, "uxSchedulerSuspended == 0") : (void)0);
 
     /* Use xPendedTicks to mimic xTicksToCatchUp number of ticks occurring when
      * the scheduler is suspended so the ticks are executed in xTaskResumeAll(). */
@@ -12704,7 +12707,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
         TCB_t * pxTCB = xTask;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3652, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3656, "pxTCB") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12803,7 +12806,7 @@ BaseType_t xTaskIncrementTick( void )
 
             if( xConstTickCount == ( TickType_t ) 0U ) /*lint !e774 'if' does not always evaluate to false as it is looking for an overflow. */
             {
-                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3751, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
+                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3755, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
             }
             else
             {
@@ -12986,13 +12989,13 @@ BaseType_t xTaskIncrementTick( void )
     return xSwitchRequired;
 }
 /*-----------------------------------------------------------*/
-// # 3963 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3967 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3987 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3991 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4012 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4016 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4045 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4049 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 void vTaskSwitchContext( BaseType_t xCoreID )
@@ -13010,7 +13013,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
     {
         /* vTaskSwitchContext() must never be called from within a critical section.
          * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */
-        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4062, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
+        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4066, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
 
         if( uxSchedulerSuspended != ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
         {
@@ -13022,7 +13025,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
         {
             xYieldPendings[ xCoreID ] = ( ( BaseType_t ) 0 );
                                     ;
-// # 4103 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4107 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             /* Check for stack overflow, if configured. */
             { const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } };
 
@@ -13039,7 +13042,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
                                    ;
 
             /* After the new task is switched in, update the global errno. */
-// # 4137 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4141 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
     }
     vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 0 ));
@@ -13050,7 +13053,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
 void vTaskPlaceOnEventList( List_t * const pxEventList,
                             const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4147, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4151, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH EITHER INTERRUPTS DISABLED OR THE
      * SCHEDULER SUSPENDED AND THE QUEUE BEING ACCESSED LOCKED. */
@@ -13069,11 +13072,11 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                      const TickType_t xItemValue,
                                      const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4166, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4170, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event groups implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4170, "uxSchedulerSuspended != 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4174, "uxSchedulerSuspended != 0") : (void)0);
 
     /* Store the item value in the event list item.  It is safe to access the
      * event list item here as interrupts won't access the event list item of a
@@ -13097,7 +13100,7 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                           TickType_t xTicksToWait,
                                           const BaseType_t xWaitIndefinitely )
     {
-        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4194, "pxEventList") : (void)0);
+        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4198, "pxEventList") : (void)0);
 
         /* This function should not be called by application code hence the
          * 'Restricted' in its name.  It is not part of the public API.  It is
@@ -13145,14 +13148,14 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
      * This function assumes that a check has already been made to ensure that
      * pxEventList is not empty. */
     pxUnblockedTCB = ( ( &( ( pxEventList )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4242, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4246, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( &( pxUnblockedTCB->xEventListItem ) );
 
     if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
     {
         ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) );
         ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ;
-// # 4263 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4267 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
     else
     {
@@ -13182,7 +13185,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event flags implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4292, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4296, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
 
     /* Store the new item value in the event list. */
     ( ( pxEventListItem )->xItemValue = ( xItemValue | 0x80000000UL ) );
@@ -13190,9 +13193,9 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
     /* Remove the event list form the event flag.  Interrupts do not access
      * event flags. */
     pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4300, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4304, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( pxEventListItem );
-// # 4317 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4321 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Remove the task from the delayed list and add it to the ready list.  The
      * scheduler is suspended so interrupts will not be accessing the ready
      * lists. */
@@ -13211,7 +13214,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
 void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut )
 {
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4335, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4339, "pxTimeOut") : (void)0);
     vTaskEnterCritical();
     {
         pxTimeOut->xOverflowCount = xNumOfOverflows;
@@ -13234,8 +13237,8 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
 {
     BaseType_t xReturn;
 
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4358, "pxTimeOut") : (void)0);
-    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4359, "pxTicksToWait") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4362, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4363, "pxTicksToWait") : (void)0);
 
     vTaskEnterCritical();
     {
@@ -13357,7 +13360,7 @@ void vTaskMissedYield( void )
  *
  * @todo additional conditional compiles to remove this function.
  */
-// # 4541 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4545 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * -----------------------------------------------------------
  * The Idle task.
@@ -13387,7 +13390,7 @@ static void prvIdleTask( void * pvParameters )
         /* See if any tasks have deleted themselves - if so then the idle task
          * is responsible for freeing the deleted task's TCB and stack. */
         prvCheckTasksWaitingTermination();
-// # 4582 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4586 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 /* When using preemption tasks of equal priority will be
                  * timesliced.  If a task that is sharing the idle priority is ready
@@ -13408,16 +13411,16 @@ static void prvIdleTask( void * pvParameters )
                                             ;
                 }
             }
-// # 4618 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4622 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         /* This conditional compilation should use inequality to 0, not equality
          * to 1.  This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when
          * user defined low power mode  implementations require
          * configUSE_TICKLESS_IDLE to be set to a value other than 1. */
-// # 4683 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4687 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 }
 /*-----------------------------------------------------------*/
-// # 4733 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4737 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13431,7 +13434,7 @@ static void prvIdleTask( void * pvParameters )
         if( xIndex < 5 )
         {
             pxTCB = ( ( ( xTaskToSet ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSet ) );
-            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4746, "pxTCB != 0") : (void)0);
+            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4750, "pxTCB != 0") : (void)0);
             pxTCB->pvThreadLocalStoragePointers[ xIndex ] = pvValue;
         }
     }
@@ -13462,7 +13465,7 @@ static void prvIdleTask( void * pvParameters )
 
 
 /*-----------------------------------------------------------*/
-// # 4793 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4797 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvInitialiseTaskLists( void )
@@ -13564,7 +13567,7 @@ static void prvCheckTasksWaitingTermination( void )
             {
                 pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority;
             }
-// # 4905 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4909 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 pxTaskStatus->ulRunTimeCounter = 0;
             }
@@ -13695,7 +13698,7 @@ static void prvCheckTasksWaitingTermination( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5074 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5078 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13752,7 +13755,7 @@ static void prvCheckTasksWaitingTermination( void )
                 free( (void*) pxTCB->pxStack);
                 free( (void*) pxTCB);
             }
-// # 5157 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5161 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 
 
@@ -13957,8 +13960,8 @@ static void prvResetNextTaskUnblockTime( void )
              * If the mutex is held by a task then it cannot be given from an
              * interrupt, and if a mutex is given by the holding task then it must
              * be the running state task. */
-            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5361, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5362, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5365, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5366, "pxTCB->uxMutexesHeld") : (void)0);
             ( pxTCB->uxMutexesHeld )--;
 
             /* Has the holder of the mutex inherited the priority of another
@@ -14044,7 +14047,7 @@ static void prvResetNextTaskUnblockTime( void )
         {
             /* If pxMutexHolder is not NULL then the holder must hold at least
              * one mutex. */
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5448, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5452, "pxTCB->uxMutexesHeld") : (void)0);
 
             /* Determine the priority to which the priority of the task that
              * holds the mutex should be set.  This will be the greater of the
@@ -14071,7 +14074,7 @@ static void prvResetNextTaskUnblockTime( void )
                     /* If a task has timed out because it already holds the
                      * mutex it was trying to obtain then it cannot of inherited
                      * its own priority. */
-                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5475, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
+                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5479, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
 
                     /* Disinherit the priority, remembering the previous
                      * priority to facilitate determining the subject task's
@@ -14202,7 +14205,7 @@ void vTaskYieldWithinAPI( void )
         {
             /* If pxCurrentTCB->uxCriticalNesting is zero then this function
              * does not match a previous call to vTaskEnterCritical(). */
-            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5606, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5610, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
 
             if( xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U )
             {
@@ -14252,11 +14255,11 @@ void vTaskYieldWithinAPI( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5682 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5686 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 5788 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5792 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
-// # 5915 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5919 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 TickType_t uxTaskResetEventItemValue( void )
@@ -14298,7 +14301,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         uint32_t ulReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5956, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5960, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14372,7 +14375,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6030, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6034, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14460,8 +14463,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         uint8_t ucOriginalNotifyState;
 
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6118, "uxIndexToNotify < 1") : (void)0);
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6119, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6122, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6123, "xTaskToNotify") : (void)0);
         pxTCB = xTaskToNotify;
 
         vTaskEnterCritical();
@@ -14514,7 +14517,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6172, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6176, "xTickCount == ( TickType_t ) 0") : (void)0);
 
                     break;
             }
@@ -14529,8 +14532,8 @@ TickType_t uxTaskResetEventItemValue( void )
                 ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
 
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6187, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
-// # 6206 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6191, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+// # 6210 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         prvYieldForTask( pxTCB, ( ( BaseType_t ) 0 ) );
                     }
@@ -14563,8 +14566,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6238, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6239, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6242, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6243, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14635,7 +14638,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6310, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6314, "xTickCount == ( TickType_t ) 0") : (void)0);
                     break;
             }
 
@@ -14646,7 +14649,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6321, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6325, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -14691,8 +14694,8 @@ TickType_t uxTaskResetEventItemValue( void )
         uint8_t ucOriginalNotifyState;
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6366, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6367, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6370, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6371, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14730,7 +14733,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6405, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6409, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
                 {
@@ -14771,7 +14774,7 @@ TickType_t uxTaskResetEventItemValue( void )
         TCB_t * pxTCB;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6446, "uxIndexToClear < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6450, "uxIndexToClear < 1") : (void)0);
 
         /* If null is passed in here then it is the calling task that is having
          * its notification state cleared. */
@@ -14824,7 +14827,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
 
 /*-----------------------------------------------------------*/
-// # 6515 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6519 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
@@ -14900,7 +14903,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                 }
             }
         }
-// # 6627 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6631 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 
 /* Code below here allows additional code to be inserted into this source file,

From d3813796b372574a288e7631906bb39036e98142 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Wed, 26 Oct 2022 08:33:47 -0400
Subject: [PATCH 063/289] Justified `memset`-ing `pxNewTCB->ucNotifyState` in
 `prvInitialiseNewTask`.

---
 tasks.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tasks.c b/tasks.c
index cf993606ae5..823f045138d 100644
--- a/tasks.c
+++ b/tasks.c
@@ -1660,6 +1660,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             //@integers___to_integers_(pxNewTCB->ulNotifiedValue);
             //@ integers__to_chars(pxNewTCB->ulNotifiedValue);
             memset( ( void * ) &( pxNewTCB->ulNotifiedValue[ 0 ] ), 0x00, sizeof( pxNewTCB->ulNotifiedValue ) );
+            //@ uchars__to_chars_(pxNewTCB->ucNotifyState);
             memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) );
         }
     #endif

From 8bb4f13ae50b55eafa52c17c911c9c425ce1e98f Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Wed, 26 Oct 2022 09:14:11 -0400
Subject: [PATCH 064/289] Introduced new type-safe macro for unsigned `pdFALSE`
 and `pdTRUE`.

---
 tasks.c                                       |  25 +-
 .../verifast/preprocessed_files/tasks--pp.c   | 969 +++++++++---------
 .../proof_setup/verifast_proof_defs.h         |  13 +-
 3 files changed, 523 insertions(+), 484 deletions(-)

diff --git a/tasks.c b/tasks.c
index 823f045138d..fc0ac831a46 100644
--- a/tasks.c
+++ b/tasks.c
@@ -23,14 +23,7 @@
  * https://github.com/FreeRTOS
  *
  */
- 
-/* Verifast proof setup */
-#ifdef VERIFAST
-    #include "verifast_proof_defs.h"
-    #include "task_predicates.h"
-    #include "verifast_RP2040_axioms.h"
-    #include "verifast_prelude_extended.h"
-#endif
+
 
 /* Standard includes. */
 #include 
@@ -47,7 +40,16 @@
 #include "timers.h"
 #include "stack_macros.h"
 
+/* Verifast proof setup 
+ * 
+ * Note that redefinitions of macros must be included after
+ * original ones have been included.
+ */
 #ifdef VERIFAST
+    #include "verifast_proof_defs.h"
+    #include "task_predicates.h"
+    #include "verifast_RP2040_axioms.h"
+    #include "verifast_prelude_extended.h"
     #include "verifast_asm.h"
 #endif
 
@@ -1676,7 +1678,12 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 
     #if ( INCLUDE_xTaskAbortDelay == 1 )
         {
-            pxNewTCB->ucDelayAborted = pdFALSE;
+            #ifdef VERIFAST
+                /* Reason for rewrite: Assignment not type safe. */
+                pxNewTCB->ucDelayAborted = pd_U_FALSE;
+            #else
+                pxNewTCB->ucDelayAborted = pdFALSE;
+            #endif
         }
     #endif
 
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index b57d23e4bd6..fcdd0719e92 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -31,182 +31,6 @@
  *
  */
 
-/* Verifast proof setup */
-
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_proof_defs.h" 1
-/*
- * This file contains defines to configure the VeriFast proof setup.
- *
- */
-
-
-
-    // Delete keywords VeriFast canot parse (in some contexts)
-// # 30 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/task_predicates.h" 1
-
-
-
-
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/nathan/list_predicates.h" 1
-
-
-
-
-/*
- * The code below has been taken from:
- * pull request:
- * https://github.com/FreeRTOS/FreeRTOS/pull/836
- * file:
- * FreeRTOS/Test/VeriFast/include/proof/list.h
- *
- */
-
-/*@
-predicate xLIST_ITEM(
-	struct xLIST_ITEM *n,
-	TickType_t xItemValue,
-	struct xLIST_ITEM *pxNext,
-	struct xLIST_ITEM *pxPrevious,
-	struct xLIST *pxContainer;) =
-	n->xItemValue |-> xItemValue &*&
-	n->pxNext |-> pxNext &*&
-	n->pxPrevious |-> pxPrevious &*&
-	n->pvOwner |-> _ &*&
-	n->pxContainer |-> pxContainer;
-@*/
-// # 6 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/task_predicates.h" 2
-
-
-/*@
-// This predicate represents the memory corresponding to an
-// instance of type `TCB_t` aka `tskTaskControlBlock`.
-predicate TCB_p(TCB_t * tcb, int stackSize) =
-    malloc_block_tskTaskControlBlock(tcb) &*&
-    tcb->pxTopOfStack |-> _ &*&
-
-    xLIST_ITEM(&tcb->xStateListItem, _, _, _, _) &*&
-    struct_xLIST_ITEM_padding(&tcb->xStateListItem) &*&
-    xLIST_ITEM(&tcb->xEventListItem, _, _, _, _) &*&
-    struct_xLIST_ITEM_padding(&tcb->xEventListItem) &*&
-    
-    tcb->uxPriority |-> _ &*&
-
-    tcb->pxStack |-> ?stackPtr &*&
-    chars_((char*) stackPtr, stackSize, _) &*&
-    malloc_block_chars((char*) stackPtr, stackSize) &*&
-
-    tcb->xTaskRunState |-> _ &*&
-    tcb->xIsIdle |-> _ &*&
-    
-    // Assumes macro `configMAX_TASK_NAME_LEN` evaluates to 16.
-    chars_(tcb->pcTaskName, 16, _) &*&
-
-    tcb->uxCriticalNesting |-> _ &*&
-    tcb->uxTCBNumber |-> _ &*&
-    tcb->uxTaskNumber |-> _ &*&
-    tcb->uxBasePriority |-> _ &*&
-    tcb->uxMutexesHeld |-> _ &*&
-
-    // void * pvThreadLocalStoragePointers[ 5 ];
-    pointers_(tcb->pvThreadLocalStoragePointers, 5, _) &*&
-
-    // We assume that the macro `configTASK_NOTIFICATION_ARRAY_ENTRIES`
-    // evaluates to 1.
-    integers__(tcb->ulNotifiedValue, 4, false, 1, _) &*&
-    
-    uchars_(tcb->ucNotifyState, 1, _) &*&
-
-    tcb->ucDelayAborted |-> _;
-
-    
-@*/
-// # 31 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_RP2040_axioms.h" 1
-
-
-
-// # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdint.h" 1
-// # 18 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdint.h"
-typedef __int8 int8_t;
-typedef __int16 int16_t;
-typedef __int32 int32_t;
-typedef __int64 int64_t;
-typedef __int128 int128_t;
-
-typedef unsigned __int8 uint8_t;
-typedef unsigned __int16 uint16_t;
-typedef unsigned __int32 uint32_t;
-typedef unsigned __int64 uint64_t;
-typedef unsigned __int128 uint128_t;
-// # 5 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_RP2040_axioms.h" 2
-
-/*
- * The lemmas in this file axiomatize that the RP2040 architecture uses
- * 32bit pointers.
- */
-
-/*@
-// Axiomatizes that: 0 <= ptr <= 2^32 - 1
-lemma void uint32_t_ptr_range(uint32_t* ptr);
-requires true;
-ensures 0 <= (int) ptr &*& (int) ptr <= 4294967295;
-@*/
-// # 32 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
-// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/verifast_prelude_extended.h" 1
-
-
-
-/* This file contains axioms that would naturally fit into prelude.h
- * but are missing.
- */
-
-/* Reminder:
-
-predicate chars_(char *array, int count; list > cs) =
-    count == 0 ?
-        cs == nil
-    :
-        char_(array, ?c) &*& chars_(array + 1, count - 1, ?cs0) &*& cs == cons(c, cs0);
-
-predicate chars(char *array, int count; list cs) =
-    count == 0 ?
-        cs == nil
-    :
-        character(array, ?c) &*& chars(array + 1, count - 1, ?cs0) &*& cs == cons(c, cs0);
-
-
-lemma_auto void chars__to_chars(char *array);
-    requires [?f]chars_(array, ?count, ?cs) &*& cs == map(some, map(the, cs));
-    ensures [f]chars(array, count, map(the, cs));
-
-
-
-predicate integers__(void *p, int size, bool signed_, int count; list > vs) =
-    count == 0 ?
-        vs == nil
-    :
-        integer__(p, size, signed_, ?v0) &*& integers__(p + size, size, signed_, count - 1, ?vs0) &*& vs == cons(v0, vs0);
-
-predicate integers_(void *p, int size, bool signed_, int count; list vs) =
-    count == 0 ?
-        vs == nil
-    :
-        integer_(p, size, signed_, ?v0) &*& integers_(p + size, size, signed_, count - 1, ?vs0) &*& vs == cons(v0, vs0);
-
-
- */
-
-
-
-
-/*@
-lemma_auto void integers___to_integers_(void *p);
-    requires [?f]integers__(p, ?size, ?signed_, ?count, _);
-    ensures [f]integers_(p, size, signed_, count, _);
-@*/
-// # 33 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
-
 
 /* Standard includes. */
 // # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdlib.h" 1
@@ -310,7 +134,7 @@ long long llabs(long long x);
     //@ requires LLONG_MIN < x;
     //@ ensures result == abs(x);
     //@ terminates;
-// # 37 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 30 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/string.h" 1
 
 
@@ -379,7 +203,7 @@ void* memset(void *array, char value, size_t size);
 char *strdup(char *string);
     //@ requires [?f]string(string, ?cs);
     //@ ensures [f]string(string, cs) &*& result == 0 ? true : string(result, cs) &*& malloc_block_chars(result, length(cs) + 1);
-// # 38 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 31 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
 /* Defining MPU_WRAPPERS_INCLUDED_FROM_API_FILE prevents task.h from redefining
  * all the API functions to use the MPU wrappers.  That should only be done when
@@ -435,7 +259,20 @@ char *strdup(char *string);
  *     contains the typedefs required to build FreeRTOS.  Read the instructions
  *     in FreeRTOS/source/stdint.readme for more information.
  */
+// # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdint.h" 1
+// # 18 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdint.h"
+typedef __int8 int8_t;
+typedef __int16 int16_t;
+typedef __int32 int32_t;
+typedef __int64 int64_t;
+typedef __int128 int128_t;
 
+typedef unsigned __int8 uint8_t;
+typedef unsigned __int16 uint16_t;
+typedef unsigned __int32 uint32_t;
+typedef unsigned __int64 uint64_t;
+typedef unsigned __int128 uint128_t;
+// # 49 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h" 2
 
 /* *INDENT-OFF* */
 
@@ -915,6 +752,14 @@ typedef void (* TaskFunction_t)( void * );
 
 
     // Delete keywords VeriFast canot parse (in some contexts)
+
+
+
+    /* `projdefs.h` defines `pdFALSE` and `pdTRUE` as 0 and 1 of type
+     * `BaseType_t`. Both are assigned to variables smaller or
+     * unsigned types. While that's safe in practice, it is not
+     * type safe. Hence we define 
+     */
 // # 80 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 2 3 4
 // # 90 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4
 /* This SDK is designed to work with clang and specific versions of
@@ -5147,7 +4992,7 @@ typedef StaticStreamBuffer_t StaticMessageBuffer_t;
 
 
 /* *INDENT-ON* */
-// # 46 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 39 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/task.h" 1
 /*
  * FreeRTOS SMP Kernel V202110.00
@@ -8666,7 +8511,7 @@ void vTaskYieldWithinAPI( void );
 
 
 /* *INDENT-ON* */
-// # 47 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 40 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/timers.h" 1
 /*
  * FreeRTOS SMP Kernel V202110.00
@@ -10007,7 +9852,7 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
 
 
 /* *INDENT-ON* */
-// # 48 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 41 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/stack_macros.h" 1
 /*
  * FreeRTOS SMP Kernel V202110.00
@@ -10068,9 +9913,181 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
 /*-----------------------------------------------------------*/
 
 /* Remove stack overflow macro if not being used. */
-// # 49 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 42 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+
+/* Verifast proof setup 
+ * 
+ * Note that redefinitions of macros must be included after
+ * original ones have been included.
+ */
+
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_proof_defs.h" 1
+/*
+ * This file contains defines to configure the VeriFast proof setup.
+ *
+ */
+
+
+
+    // Delete keywords VeriFast canot parse (in some contexts)
+
+
+
+    /* `projdefs.h` defines `pdFALSE` and `pdTRUE` as 0 and 1 of type
+     * `BaseType_t`. Both are assigned to variables smaller or
+     * unsigned types. While that's safe in practice, it is not
+     * type safe. Hence we define 
+     */
+// # 50 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/task_predicates.h" 1
+
+
+
+
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/nathan/list_predicates.h" 1
+
+
+
+
+/*
+ * The code below has been taken from:
+ * pull request:
+ * https://github.com/FreeRTOS/FreeRTOS/pull/836
+ * file:
+ * FreeRTOS/Test/VeriFast/include/proof/list.h
+ *
+ */
+
+/*@
+predicate xLIST_ITEM(
+	struct xLIST_ITEM *n,
+	TickType_t xItemValue,
+	struct xLIST_ITEM *pxNext,
+	struct xLIST_ITEM *pxPrevious,
+	struct xLIST *pxContainer;) =
+	n->xItemValue |-> xItemValue &*&
+	n->pxNext |-> pxNext &*&
+	n->pxPrevious |-> pxPrevious &*&
+	n->pvOwner |-> _ &*&
+	n->pxContainer |-> pxContainer;
+@*/
+// # 6 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/task_predicates.h" 2
+
+
+/*@
+// This predicate represents the memory corresponding to an
+// instance of type `TCB_t` aka `tskTaskControlBlock`.
+predicate TCB_p(TCB_t * tcb, int stackSize) =
+    malloc_block_tskTaskControlBlock(tcb) &*&
+    tcb->pxTopOfStack |-> _ &*&
+
+    xLIST_ITEM(&tcb->xStateListItem, _, _, _, _) &*&
+    struct_xLIST_ITEM_padding(&tcb->xStateListItem) &*&
+    xLIST_ITEM(&tcb->xEventListItem, _, _, _, _) &*&
+    struct_xLIST_ITEM_padding(&tcb->xEventListItem) &*&
+    
+    tcb->uxPriority |-> _ &*&
+
+    tcb->pxStack |-> ?stackPtr &*&
+    chars_((char*) stackPtr, stackSize, _) &*&
+    malloc_block_chars((char*) stackPtr, stackSize) &*&
+
+    tcb->xTaskRunState |-> _ &*&
+    tcb->xIsIdle |-> _ &*&
+    
+    // Assumes macro `configMAX_TASK_NAME_LEN` evaluates to 16.
+    chars_(tcb->pcTaskName, 16, _) &*&
+
+    tcb->uxCriticalNesting |-> _ &*&
+    tcb->uxTCBNumber |-> _ &*&
+    tcb->uxTaskNumber |-> _ &*&
+    tcb->uxBasePriority |-> _ &*&
+    tcb->uxMutexesHeld |-> _ &*&
+
+    // void * pvThreadLocalStoragePointers[ 5 ];
+    pointers_(tcb->pvThreadLocalStoragePointers, 5, _) &*&
+
+    // We assume that the macro `configTASK_NOTIFICATION_ARRAY_ENTRIES`
+    // evaluates to 1.
+    integers__(tcb->ulNotifiedValue, 4, false, 1, _) &*&
+    uchars_(tcb->ucNotifyState, 1, _) &*&
+
+    tcb->ucDelayAborted |-> _;
+
+    
+@*/
+// # 51 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_RP2040_axioms.h" 1
+
+
+
+
+
+/*
+ * The lemmas in this file axiomatize that the RP2040 architecture uses
+ * 32bit pointers.
+ */
+
+/*@
+// Axiomatizes that: 0 <= ptr <= 2^32 - 1
+lemma void uint32_t_ptr_range(uint32_t* ptr);
+requires true;
+ensures 0 <= (int) ptr &*& (int) ptr <= 4294967295;
+@*/
+// # 52 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/verifast_prelude_extended.h" 1
+
+
+
+/* This file contains axioms that would naturally fit into prelude.h
+ * but are missing.
+ */
+
+/* Reminder:
+
+predicate chars_(char *array, int count; list > cs) =
+    count == 0 ?
+        cs == nil
+    :
+        char_(array, ?c) &*& chars_(array + 1, count - 1, ?cs0) &*& cs == cons(c, cs0);
+
+predicate chars(char *array, int count; list cs) =
+    count == 0 ?
+        cs == nil
+    :
+        character(array, ?c) &*& chars(array + 1, count - 1, ?cs0) &*& cs == cons(c, cs0);
+
 
+lemma_auto void chars__to_chars(char *array);
+    requires [?f]chars_(array, ?count, ?cs) &*& cs == map(some, map(the, cs));
+    ensures [f]chars(array, count, map(the, cs));
 
+
+
+predicate integers__(void *p, int size, bool signed_, int count; list > vs) =
+    count == 0 ?
+        vs == nil
+    :
+        integer__(p, size, signed_, ?v0) &*& integers__(p + size, size, signed_, count - 1, ?vs0) &*& vs == cons(v0, vs0);
+
+predicate integers_(void *p, int size, bool signed_, int count; list vs) =
+    count == 0 ?
+        vs == nil
+    :
+        integer_(p, size, signed_, ?v0) &*& integers_(p + size, size, signed_, count - 1, ?vs0) &*& vs == cons(v0, vs0);
+
+
+ */
+
+
+
+
+/*@
+lemma_auto void integers___to_integers_(void *p);
+    requires [?f]integers__(p, ?size, ?signed_, ?count, _);
+    ensures [f]integers_(p, size, signed_, count, _);
+@*/
+// # 53 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_asm.h" 1
 
 
@@ -10096,7 +10113,7 @@ bool assert_fct(bool b)
  * VeriFast does not support embedding block statements that consist of
  * multiple elemts in expression contexts, e.g., `({e1; e2})`.
  */
-// # 52 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 54 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
 
 /* Lint e9021, e961 and e750 are suppressed as a MISRA exception justified
@@ -10107,7 +10124,7 @@ bool assert_fct(bool b)
 
 /* Set configUSE_STATS_FORMATTING_FUNCTIONS to 2 to include the stats formatting
  * functions but without including stdio.h here. */
-// # 80 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 82 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /* Values that can be assigned to the ucNotifyState member of the TCB. */
 
 
@@ -10164,18 +10181,18 @@ bool assert_fct(bool b)
 
 /* uxTopReadyPriority holds the priority of the highest priority ready
  * state task. */
-// # 144 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 146 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /*-----------------------------------------------------------*/
 
 /* Define away taskRESET_READY_PRIORITY() and portRESET_READY_PRIORITY() as
  * they are only required when a port optimised method of task selection is
  * being used. */
-// # 178 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 180 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 /* pxDelayedTaskList and pxOverflowDelayedTaskList are switched when the tick
  * count overflows. */
-// # 196 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 198 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 /*
@@ -10230,7 +10247,7 @@ typedef BaseType_t TaskRunning_t;
 typedef struct tskTaskControlBlock /* The old naming convention is used to prevent breaking kernel aware debuggers. */
 {
     volatile StackType_t * pxTopOfStack; /*< Points to the location of the last item placed on the tasks stack.  THIS MUST BE THE FIRST MEMBER OF THE TCB STRUCT. */
-// # 259 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 261 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     ListItem_t xStateListItem; /*< The list that the state list item of a task is reference from denotes the state of that task (Ready, Blocked, Suspended ). */
     ListItem_t xEventListItem; /*< Used to reference a task from an event list. */
     UBaseType_t uxPriority; /*< The priority of the task.  0 is the lowest priority. */
@@ -10238,7 +10255,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve
     volatile TaskRunning_t xTaskRunState; /*< Used to identify the core the task is running on, if any. */
     BaseType_t xIsIdle; /*< Used to identify the idle tasks. */
     char pcTaskName[ 16 ]; /*< Descriptive name given to the task when created.  Facilitates debugging only. */ /*lint !e971 Unqualified char types are allowed for strings and single characters only. */
-// # 276 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 278 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         UBaseType_t uxCriticalNesting; /*< Holds the critical section nesting depth for ports that do not maintain their own count in the port layer. */
 
 
@@ -10258,7 +10275,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve
 
 
         void * pvThreadLocalStoragePointers[ 5 ];
-// # 316 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 318 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         volatile uint32_t ulNotifiedValue[ 1 ];
         volatile uint8_t ucNotifyState[ 1 ];
 
@@ -10321,9 +10338,9 @@ typedef tskTCB TCB_t;
                 static volatile UBaseType_t uxCurrentNumberOfTasks = ( UBaseType_t ) 0U;
                 static volatile TickType_t xTickCount = ( TickType_t ) 0;
                 static volatile UBaseType_t uxTopReadyPriority = ( ( UBaseType_t ) 0U );
-                static volatile BaseType_t xSchedulerRunning = ( ( BaseType_t ) 0 );
+                static volatile BaseType_t xSchedulerRunning = ( ( char ) 0 );
                 static volatile TickType_t xPendedTicks = ( TickType_t ) 0U;
-                static volatile BaseType_t xYieldPendings[ 1 ] = { ( ( BaseType_t ) 0 ) };
+                static volatile BaseType_t xYieldPendings[ 1 ] = { ( ( char ) 0 ) };
                 static volatile BaseType_t xNumOfOverflows = ( BaseType_t ) 0;
                 static UBaseType_t uxTaskNumber = ( UBaseType_t ) 0U;
                 static volatile TickType_t xNextTaskUnblockTime = ( TickType_t ) 0U; /* Initialised to portMAX_DELAY before the scheduler starts. */
@@ -10348,8 +10365,8 @@ const volatile UBaseType_t uxTopUsedPriority = 32 - 1U;
  * Updates to uxSchedulerSuspended must be protected by both the task and ISR locks and
  * must not be done by an ISR. Reads must be protected by either lock and may be done by
  * either an ISR or a task. */
-                static volatile UBaseType_t uxSchedulerSuspended = ( UBaseType_t ) ( ( BaseType_t ) 0 );
-// # 416 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+                static volatile UBaseType_t uxSchedulerSuspended = ( UBaseType_t ) ( ( char ) 0 );
+// # 418 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*lint -restore */
 
 /*-----------------------------------------------------------*/
@@ -10502,7 +10519,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
  * will exit the Blocked state.
  */
 static void prvResetNextTaskUnblockTime( void ) ;
-// # 580 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 582 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * Called after a Task_t structure has been allocated either statically or
  * dynamically to fill in the structure's members.
@@ -10534,9 +10551,9 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) ;
 
 
 /*-----------------------------------------------------------*/
-// # 630 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 632 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 713 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 715 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvYieldCore( BaseType_t xCoreID )
@@ -10546,13 +10563,13 @@ static void prvYieldCore( BaseType_t xCoreID )
 
     if( assert_fct(false) && ( xCoreID == 0 ) )
     {
-        xYieldPendings[ xCoreID ] = ( ( BaseType_t ) 1 );
+        xYieldPendings[ xCoreID ] = ( ( char ) 1 );
     }
     else if( pxCurrentTCBs[ xCoreID ]->xTaskRunState != ( TaskRunning_t ) ( -2 ) )
     {
         if( xCoreID == 0 )
         {
-            xYieldPendings[ xCoreID ] = ( ( BaseType_t ) 1 );
+            xYieldPendings[ xCoreID ] = ( ( char ) 1 );
         }
 
 
@@ -10578,11 +10595,11 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
     /* THIS FUNCTION MUST BE CALLED FROM A CRITICAL SECTION */
 
-    (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 754, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
-// # 767 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+    (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 756, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+// # 769 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     xLowestPriority = ( BaseType_t ) pxTCB->uxPriority;
 
-    if( xPreemptEqualPriority == ( ( BaseType_t ) 0 ) )
+    if( xPreemptEqualPriority == ( ( char ) 0 ) )
     {
         /* xLowestPriority will be decremented to -1 if the priority of pxTCB
          * is 0. This is ok as we will give system idle tasks a priority of -1 below. */
@@ -10595,7 +10612,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
         xTaskPriority = ( BaseType_t ) pxCurrentTCBs[ x ]->uxPriority - pxCurrentTCBs[ x ]->xIsIdle;
         xTaskRunState = pxCurrentTCBs[ x ]->xTaskRunState;
 
-        if( ( ( ( 0 <= xTaskRunState ) && ( xTaskRunState < 1 ) ) != ( ( BaseType_t ) 0 ) ) && ( xYieldPendings[ x ] == ( ( BaseType_t ) 0 ) ) )
+        if( ( ( ( 0 <= xTaskRunState ) && ( xTaskRunState < 1 ) ) != ( ( char ) 0 ) ) && ( xYieldPendings[ x ] == ( ( char ) 0 ) ) )
         {
             if( xTaskPriority <= xLowestPriority )
             {
@@ -10618,7 +10635,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
             {
                                         ;
             }
-// # 821 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 823 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
         else
         {
@@ -10631,7 +10648,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
         prvYieldCore( xLowestPriorityCore );
         xYieldCount++;
     }
-// # 841 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 843 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 /*-----------------------------------------------------------*/
 
@@ -10640,13 +10657,13 @@ static void prvYieldForTask( TCB_t * pxTCB,
     static BaseType_t prvSelectHighestPriorityTask( const BaseType_t xCoreID )
     {
         UBaseType_t uxCurrentPriority = uxTopReadyPriority;
-        BaseType_t xTaskScheduled = ( ( BaseType_t ) 0 );
-        BaseType_t xDecrementTopPriority = ( ( BaseType_t ) 1 );
-// # 859 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
-        while( xTaskScheduled == ( ( BaseType_t ) 0 ) )
+        BaseType_t xTaskScheduled = ( ( char ) 0 );
+        BaseType_t xDecrementTopPriority = ( ( char ) 1 );
+// # 861 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+        while( xTaskScheduled == ( ( char ) 0 ) )
         {
-// # 873 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
-            if( ( ( ( &( pxReadyTasksLists[ uxCurrentPriority ] ) )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) == ( ( BaseType_t ) 0 ) )
+// # 875 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+            if( ( ( ( &( pxReadyTasksLists[ uxCurrentPriority ] ) )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) == ( ( char ) 0 ) )
             {
 
                     /* Reason for rewrite: 
@@ -10667,7 +10684,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
                 /* The ready task list for uxCurrentPriority is not empty, so uxTopReadyPriority
                  * must not be decremented any further */
-                xDecrementTopPriority = ( ( BaseType_t ) 0 );
+                xDecrementTopPriority = ( ( char ) 0 );
 
                 do
                 {
@@ -10683,7 +10700,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     pxTCB = pxTaskItem->pvOwner;
 
                     /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */
-// # 926 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 928 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     if( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -1 ) )
                     {
 
@@ -10699,12 +10716,12 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
                             pxTCB->xTaskRunState = ( TaskRunning_t ) xCoreID;
                             pxCurrentTCBs[ xCoreID ] = pxTCB;
-                            xTaskScheduled = ( ( BaseType_t ) 1 );
+                            xTaskScheduled = ( ( char ) 1 );
                         }
                     }
                     else if( pxTCB == pxCurrentTCBs[ xCoreID ] )
                     {
-                        (__builtin_expect(!(( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 946, "( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )") : (void)0);
+                        (__builtin_expect(!(( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 948, "( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )") : (void)0);
 
 
 
@@ -10713,11 +10730,11 @@ static void prvYieldForTask( TCB_t * pxTCB,
                         {
                             /* The task is already running on this core, mark it as scheduled */
                             pxTCB->xTaskRunState = ( TaskRunning_t ) xCoreID;
-                            xTaskScheduled = ( ( BaseType_t ) 1 );
+                            xTaskScheduled = ( ( char ) 1 );
                         }
                     }
 
-                    if( xTaskScheduled != ( ( BaseType_t ) 0 ) )
+                    if( xTaskScheduled != ( ( char ) 0 ) )
                     {
                         /* Once a task has been selected to run on this core,
                          * move it to the end of the ready task list. */
@@ -10729,7 +10746,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
             }
             else
             {
-                if( xDecrementTopPriority != ( ( BaseType_t ) 0 ) )
+                if( xDecrementTopPriority != ( ( char ) 0 ) )
                 {
                     uxTopReadyPriority--;
 
@@ -10743,26 +10760,26 @@ static void prvYieldForTask( TCB_t * pxTCB,
             /* This function can get called by vTaskSuspend() before the scheduler is started.
              * In that case, since the idle tasks have not yet been created it is possible that we
              * won't find a new task to schedule. Return pdFALSE in this case. */
-            if( ( xSchedulerRunning == ( ( BaseType_t ) 0 ) ) && ( uxCurrentPriority == ( ( UBaseType_t ) 0U ) ) && ( xTaskScheduled == ( ( BaseType_t ) 0 ) ) )
+            if( ( xSchedulerRunning == ( ( char ) 0 ) ) && ( uxCurrentPriority == ( ( UBaseType_t ) 0U ) ) && ( xTaskScheduled == ( ( char ) 0 ) ) )
             {
-                return ( ( BaseType_t ) 0 );
+                return ( ( char ) 0 );
             }
 
-            (__builtin_expect(!(( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 990, "( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( BaseType_t ) 1 ) )") : (void)0);
+            (__builtin_expect(!(( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( char ) 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 992, "( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( char ) 1 ) )") : (void)0);
             uxCurrentPriority--;
         }
 
-        (__builtin_expect(!(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 994, "( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )") : (void)0);
-// # 1070 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
-        return ( ( BaseType_t ) 1 );
+        (__builtin_expect(!(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 996, "( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )") : (void)0);
+// # 1072 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+        return ( ( char ) 1 );
     }
-// # 1086 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1088 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1164 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1166 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1227 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1229 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1293 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1295 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -10779,7 +10796,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                  chars(pcName, 16, _);
      @*/
     //@ ensures true;
-// # 1322 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1324 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     {
         TCB_t * pxNewTCB;
         BaseType_t xReturn;
@@ -10787,7 +10804,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
         /* If the stack grows down then allocate the stack then the TCB so the stack
          * does not grow into the TCB.  Likewise if the stack grows up then allocate
          * the TCB then the stack. */
-// # 1352 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1354 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 StackType_t * pxStack;
 
@@ -10823,11 +10840,11 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
         if( pxNewTCB != 0 )
         {
-// # 1395 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1397 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvInitialiseNewTask( pxTaskCode, pcName, ( uint32_t ) usStackDepth, pvParameters, uxPriority, pxCreatedTask, pxNewTCB, 0 );
-// # 1404 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1406 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvAddNewTaskToReadyList( pxNewTCB );
-            xReturn = ( ( ( BaseType_t ) 1 ) );
+            xReturn = ( ( ( char ) 1 ) );
         }
         else
         {
@@ -10863,7 +10880,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 {
     StackType_t * pxTopOfStack;
     UBaseType_t x;
-// # 1458 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1460 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     //@ open TCB_p(_,_);
 
     /* Avoid dependency on memset() if it is not required. */
@@ -10910,9 +10927,9 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             pxTopOfStack = ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception.  Avoiding casts between pointers and integers is not practical.  Size differences accounted for using portPOINTER_SIZE_TYPE type.  Checked by assert(). */
 
             /* Check the alignment of the calculated top of stack is correct. */
-// # 1518 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1520 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
-// # 1532 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1534 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     //@ close TCB_p(pxNewTCB, stackSize); 
 
     /* Store the task name in the TCB. */
@@ -11002,7 +11019,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         {
             pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U;
         }
-// # 1640 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1642 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* Avoid compiler warning about unreferenced parameter. */
             ( void ) xRegions;
@@ -11026,23 +11043,29 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             //@integers___to_integers_(pxNewTCB->ulNotifiedValue);
             //@ integers__to_chars(pxNewTCB->ulNotifiedValue);
             memset( ( void * ) &( pxNewTCB->ulNotifiedValue[ 0 ] ), 0x00, sizeof( pxNewTCB->ulNotifiedValue ) );
+            //@ uchars__to_chars_(pxNewTCB->ucNotifyState);
             memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) );
         }
-// # 1677 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1680 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
-            pxNewTCB->ucDelayAborted = ( ( BaseType_t ) 0 );
+
+                /* Reason for rewrite: Assignment not type safe. */
+                pxNewTCB->ucDelayAborted = ( ( unsigned char ) ( ( char ) 0 ) );
+
+
+
         }
-// # 1695 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1703 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Initialize the TCB stack to look as if the task was already running,
      * but had been interrupted by the scheduler.  The return address is set
      * to the start of the task function. Once the stack has been initialised
      * the top of stack variable is updated. */
-// # 1723 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1731 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* If the port has capability to detect stack overflow,
              * pass the stack end address to the stack initialization
              * function as well. */
-// # 1740 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1748 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                 {
                     pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters );
                 }
@@ -11056,7 +11079,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
     /* Is this an idle task? */
     if( pxTaskCode == prvIdleTask )
     {
-        pxNewTCB->xIsIdle = ( ( BaseType_t ) 1 );
+        pxNewTCB->xIsIdle = ( ( char ) 1 );
     }
 
 
@@ -11067,7 +11090,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 
     else
     {
-        pxNewTCB->xIsIdle = ( ( BaseType_t ) 0 );
+        pxNewTCB->xIsIdle = ( ( char ) 0 );
     }
 
     if( pxCreatedTask != 0 )
@@ -11097,7 +11120,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
     {
         uxCurrentNumberOfTasks++;
 
-        if( xSchedulerRunning == ( ( BaseType_t ) 0 ) )
+        if( xSchedulerRunning == ( ( char ) 0 ) )
         {
             if( uxCurrentNumberOfTasks == ( UBaseType_t ) 1 )
             {
@@ -11111,7 +11134,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                                         ;
             }
 
-            if( pxNewTCB->xIsIdle != ( ( BaseType_t ) 0 ) )
+            if( pxNewTCB->xIsIdle != ( ( char ) 0 ) )
             {
                 BaseType_t xCoreID;
 
@@ -11146,13 +11169,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         ( void ) pxNewTCB;
 
-        if( xSchedulerRunning != ( ( BaseType_t ) 0 ) )
+        if( xSchedulerRunning != ( ( char ) 0 ) )
         {
             /* If the created task is of a higher priority than another
              * currently running task and preemption is on then it should
              * run now. */
 
-                prvYieldForTask( pxNewTCB, ( ( BaseType_t ) 0 ) );
+                prvYieldForTask( pxNewTCB, ( ( char ) 0 ) );
 
         }
         else
@@ -11245,7 +11268,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
             }
 
             /* Force a reschedule if the task that has just been deleted was running. */
-            if( ( xSchedulerRunning != ( ( BaseType_t ) 0 ) ) && ( ( ( 0 <= xTaskRunningOnCore ) && ( xTaskRunningOnCore < 1 ) ) ) )
+            if( ( xSchedulerRunning != ( ( char ) 0 ) ) && ( ( ( 0 <= xTaskRunningOnCore ) && ( xTaskRunningOnCore < 1 ) ) ) )
             {
                 BaseType_t xCoreID;
 
@@ -11253,7 +11276,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
                 if( xTaskRunningOnCore == xCoreID )
                 {
-                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1950, "uxSchedulerSuspended == 0") : (void)0);
+                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1958, "uxSchedulerSuspended == 0") : (void)0);
                     vTaskYieldWithinAPI();
                 }
                 else
@@ -11274,14 +11297,14 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                                 const TickType_t xTimeIncrement )
     {
         TickType_t xTimeToWake;
-        BaseType_t xAlreadyYielded, xShouldDelay = ( ( BaseType_t ) 0 );
+        BaseType_t xAlreadyYielded, xShouldDelay = ( ( char ) 0 );
 
-        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1973, "pxPreviousWakeTime") : (void)0);
-        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1974, "( xTimeIncrement > 0U )") : (void)0);
+        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1981, "pxPreviousWakeTime") : (void)0);
+        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1982, "( xTimeIncrement > 0U )") : (void)0);
 
         vTaskSuspendAll();
         {
-            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1978, "uxSchedulerSuspended == 1") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1986, "uxSchedulerSuspended == 1") : (void)0);
 
             /* Minor optimisation.  The tick count cannot change in this
              * block. */
@@ -11299,7 +11322,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                  * is the case it is as if neither time had overflowed. */
                 if( ( xTimeToWake < *pxPreviousWakeTime ) && ( xTimeToWake > xConstTickCount ) )
                 {
-                    xShouldDelay = ( ( BaseType_t ) 1 );
+                    xShouldDelay = ( ( char ) 1 );
                 }
                 else
                 {
@@ -11313,7 +11336,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                  * tick time is less than the wake time. */
                 if( ( xTimeToWake < *pxPreviousWakeTime ) || ( xTimeToWake > xConstTickCount ) )
                 {
-                    xShouldDelay = ( ( BaseType_t ) 1 );
+                    xShouldDelay = ( ( char ) 1 );
                 }
                 else
                 {
@@ -11324,13 +11347,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
             /* Update the wake time ready for the next call. */
             *pxPreviousWakeTime = xTimeToWake;
 
-            if( xShouldDelay != ( ( BaseType_t ) 0 ) )
+            if( xShouldDelay != ( ( char ) 0 ) )
             {
                                                     ;
 
                 /* prvAddCurrentTaskToDelayedList() needs the block time, not
                  * the time to wake, so subtract the current tick count. */
-                prvAddCurrentTaskToDelayedList( xTimeToWake - xConstTickCount, ( ( BaseType_t ) 0 ) );
+                prvAddCurrentTaskToDelayedList( xTimeToWake - xConstTickCount, ( ( char ) 0 ) );
             }
             else
             {
@@ -11341,7 +11364,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         /* Force a reschedule if xTaskResumeAll has not already done so, we may
          * have put ourselves to sleep. */
-        if( xAlreadyYielded == ( ( BaseType_t ) 0 ) )
+        if( xAlreadyYielded == ( ( char ) 0 ) )
         {
             vTaskYieldWithinAPI();
         }
@@ -11360,14 +11383,14 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
     void vTaskDelay( const TickType_t xTicksToDelay )
     {
-        BaseType_t xAlreadyYielded = ( ( BaseType_t ) 0 );
+        BaseType_t xAlreadyYielded = ( ( char ) 0 );
 
         /* A delay time of zero just forces a reschedule. */
         if( xTicksToDelay > ( TickType_t ) 0U )
         {
             vTaskSuspendAll();
             {
-                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2064, "uxSchedulerSuspended == 1") : (void)0);
+                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2072, "uxSchedulerSuspended == 1") : (void)0);
                                  ;
 
                 /* A task that is removed from the event list while the
@@ -11377,7 +11400,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                  *
                  * This task cannot be in an event list as it is the currently
                  * executing task. */
-                prvAddCurrentTaskToDelayedList( xTicksToDelay, ( ( BaseType_t ) 0 ) );
+                prvAddCurrentTaskToDelayedList( xTicksToDelay, ( ( char ) 0 ) );
             }
             xAlreadyYielded = xTaskResumeAll();
         }
@@ -11388,7 +11411,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         /* Force a reschedule if xTaskResumeAll has not already done so, we may
          * have put ourselves to sleep. */
-        if( xAlreadyYielded == ( ( BaseType_t ) 0 ) )
+        if( xAlreadyYielded == ( ( char ) 0 ) )
         {
             vTaskYieldWithinAPI();
         }
@@ -11421,7 +11444,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         const TCB_t * const pxTCB = xTask;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2118, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2126, "pxTCB") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -11593,11 +11616,11 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
     {
         TCB_t * pxTCB;
         UBaseType_t uxCurrentBasePriority, uxPriorityUsedOnEntry;
-        BaseType_t xYieldRequired = ( ( BaseType_t ) 0 );
-        BaseType_t xYieldForTask = ( ( BaseType_t ) 0 );
+        BaseType_t xYieldRequired = ( ( char ) 0 );
+        BaseType_t xYieldForTask = ( ( char ) 0 );
         BaseType_t xCoreID;
 
-        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2294, "( uxNewPriority < 32 )") : (void)0);
+        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2302, "( uxNewPriority < 32 )") : (void)0);
 
         /* Ensure the new priority is valid. */
         if( uxNewPriority >= ( UBaseType_t ) 32 )
@@ -11635,7 +11658,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                 {
                     /* The priority of a task is being raised so
                      * perform a yield for this task later. */
-                    xYieldForTask = ( ( BaseType_t ) 1 );
+                    xYieldForTask = ( ( char ) 1 );
                 }
                 else if( ( ( 0 <= pxTCB->xTaskRunState ) && ( pxTCB->xTaskRunState < 1 ) ) )
                 {
@@ -11647,7 +11670,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
                     {
                         xCoreID = ( BaseType_t ) pxTCB->xTaskRunState;
-                        xYieldRequired = ( ( BaseType_t ) 1 );
+                        xYieldRequired = ( ( char ) 1 );
                     }
                 }
                 else
@@ -11699,7 +11722,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                  * nothing more than change its priority variable. However, if
                  * the task is in a ready list it needs to be removed and placed
                  * in the list appropriate to its new priority. */
-                if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &( pxReadyTasksLists[ uxPriorityUsedOnEntry ] ) ) ) ? ( ( ( BaseType_t ) 1 ) ) : ( ( ( BaseType_t ) 0 ) ) ) != ( ( BaseType_t ) 0 ) )
+                if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &( pxReadyTasksLists[ uxPriorityUsedOnEntry ] ) ) ) ? ( ( ( char ) 1 ) ) : ( ( ( char ) 0 ) ) ) != ( ( char ) 0 ) )
                 {
                     /* The task is currently in its ready list - remove before
                      * adding it to its new ready list.  As we are in a critical
@@ -11723,17 +11746,17 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                     /* It's possible that xYieldForTask was already set to pdTRUE because
                      * its priority is being raised. However, since it is not in a ready list
                      * we don't actually need to yield for it. */
-                    xYieldForTask = ( ( BaseType_t ) 0 );
+                    xYieldForTask = ( ( char ) 0 );
                 }
 
 
-                    if( xYieldRequired != ( ( BaseType_t ) 0 ) )
+                    if( xYieldRequired != ( ( char ) 0 ) )
                     {
                         prvYieldCore( xCoreID );
                     }
-                    else if( xYieldForTask != ( ( BaseType_t ) 0 ) )
+                    else if( xYieldForTask != ( ( char ) 0 ) )
                     {
-                        prvYieldForTask( pxTCB, ( ( BaseType_t ) 1 ) );
+                        prvYieldForTask( pxTCB, ( ( char ) 1 ) );
                     }
                     else
                     {
@@ -11751,13 +11774,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
 /*-----------------------------------------------------------*/
-// # 2482 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2490 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2505 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2513 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2523 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2531 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2551 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2559 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -11816,7 +11839,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                 }
 
 
-            if( xSchedulerRunning != ( ( BaseType_t ) 0 ) )
+            if( xSchedulerRunning != ( ( char ) 0 ) )
             {
                 /* Reset the next expected unblock time in case it referred to the
                  * task that is now in the Suspended state. */
@@ -11829,12 +11852,12 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
             if( ( ( 0 <= xTaskRunningOnCore ) && ( xTaskRunningOnCore < 1 ) ) )
             {
-                if( xSchedulerRunning != ( ( BaseType_t ) 0 ) )
+                if( xSchedulerRunning != ( ( char ) 0 ) )
                 {
                     if( xTaskRunningOnCore == 0 )
                     {
                         /* The current task has just been suspended. */
-                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2627, "uxSchedulerSuspended == 0") : (void)0);
+                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2635, "uxSchedulerSuspended == 0") : (void)0);
                         vTaskYieldWithinAPI();
                     }
                     else
@@ -11848,7 +11871,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                 {
                     vTaskExitCritical();
 
-                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2641, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
+                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2649, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
 
                     /* The scheduler is not running, but the task that was pointed
                      * to by pxCurrentTCB has just been suspended and pxCurrentTCB
@@ -11867,7 +11890,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                         /* Attempt to switch in a new task. This could fail since the idle tasks
                          * haven't been created yet. If it does then set the core's TCB back to
                          * NULL. */
-                        if( prvSelectHighestPriorityTask( xTaskRunningOnCore ) == ( ( BaseType_t ) 0 ) )
+                        if( prvSelectHighestPriorityTask( xTaskRunningOnCore ) == ( ( char ) 0 ) )
                         {
                             pxTCB->xTaskRunState = ( TaskRunning_t ) ( -1 );
                             pxCurrentTCBs[ xTaskRunningOnCore ] = 0;
@@ -11889,25 +11912,25 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
     static BaseType_t prvTaskIsTaskSuspended( const TaskHandle_t xTask )
     {
-        BaseType_t xReturn = ( ( BaseType_t ) 0 );
+        BaseType_t xReturn = ( ( char ) 0 );
         const TCB_t * const pxTCB = xTask;
 
         /* Accesses xPendingReadyList so must be called from a critical section. */
 
         /* It does not make sense to check if the calling task is suspended. */
-        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2688, "xTask") : (void)0);
+        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2696, "xTask") : (void)0);
 
         /* Is the task being resumed actually in the suspended list? */
-        if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &xSuspendedTaskList ) ) ? ( ( ( BaseType_t ) 1 ) ) : ( ( ( BaseType_t ) 0 ) ) ) != ( ( BaseType_t ) 0 ) )
+        if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &xSuspendedTaskList ) ) ? ( ( ( char ) 1 ) ) : ( ( ( char ) 0 ) ) ) != ( ( char ) 0 ) )
         {
             /* Has the task already been resumed from within an ISR? */
-            if( ( ( ( &( pxTCB->xEventListItem ) )->pxContainer == ( &xPendingReadyList ) ) ? ( ( ( BaseType_t ) 1 ) ) : ( ( ( BaseType_t ) 0 ) ) ) == ( ( BaseType_t ) 0 ) )
+            if( ( ( ( &( pxTCB->xEventListItem ) )->pxContainer == ( &xPendingReadyList ) ) ? ( ( ( char ) 1 ) ) : ( ( ( char ) 0 ) ) ) == ( ( char ) 0 ) )
             {
                 /* Is it in the suspended list because it is in the Suspended
                  * state, or because is is blocked with no timeout? */
-                if( ( ( ( &( pxTCB->xEventListItem ) )->pxContainer == ( 0 ) ) ? ( ( ( BaseType_t ) 1 ) ) : ( ( ( BaseType_t ) 0 ) ) ) != ( ( BaseType_t ) 0 ) ) /*lint !e961.  The cast is only redundant when NULL is used. */
+                if( ( ( ( &( pxTCB->xEventListItem ) )->pxContainer == ( 0 ) ) ? ( ( ( char ) 1 ) ) : ( ( ( char ) 0 ) ) ) != ( ( char ) 0 ) ) /*lint !e961.  The cast is only redundant when NULL is used. */
                 {
-                    xReturn = ( ( BaseType_t ) 1 );
+                    xReturn = ( ( char ) 1 );
                 }
                 else
                 {
@@ -11944,7 +11967,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
         /* It does not make sense to resume the calling task. */
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2737, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2745, "xTaskToResume") : (void)0);
 
         /* The parameter cannot be NULL as it is impossible to resume the
          * currently executing task. It is also impossible to resume a task
@@ -11955,7 +11978,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         {
             vTaskEnterCritical();
             {
-                if( prvTaskIsTaskSuspended( pxTCB ) != ( ( BaseType_t ) 0 ) )
+                if( prvTaskIsTaskSuspended( pxTCB ) != ( ( char ) 0 ) )
                 {
                                              ;
 
@@ -11967,7 +11990,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                     /* A higher priority task may have just been resumed. */
 
                         {
-                            prvYieldForTask( pxTCB, ( ( BaseType_t ) 1 ) );
+                            prvYieldForTask( pxTCB, ( ( char ) 1 ) );
                         }
 
                 }
@@ -11992,7 +12015,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
     BaseType_t xTaskResumeFromISR( TaskHandle_t xTaskToResume )
     {
-        BaseType_t xYieldRequired = ( ( BaseType_t ) 0 );
+        BaseType_t xYieldRequired = ( ( char ) 0 );
 
             /* Reason for rewrite:
             * VeriFast does not support const pointers.
@@ -12003,7 +12026,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2796, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2804, "xTaskToResume") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -12025,12 +12048,12 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         uxSavedInterruptStatus = assert_fct(false);
         {
-            if( prvTaskIsTaskSuspended( pxTCB ) != ( ( BaseType_t ) 0 ) )
+            if( prvTaskIsTaskSuspended( pxTCB ) != ( ( char ) 0 ) )
             {
                                                   ;
 
                 /* Check the ready lists can be accessed. */
-                if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
+                if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) )
                 {
                     /* Ready lists can be accessed so move the task from the
                      * suspended list to the ready list directly. */
@@ -12047,11 +12070,11 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                 }
 
 
-                    prvYieldForTask( pxTCB, ( ( BaseType_t ) 1 ) );
+                    prvYieldForTask( pxTCB, ( ( char ) 1 ) );
 
-                    if( xYieldPendings[ 0 ] != ( ( BaseType_t ) 0 ) )
+                    if( xYieldPendings[ 0 ] != ( ( char ) 0 ) )
                     {
-                        xYieldRequired = ( ( BaseType_t ) 1 );
+                        xYieldRequired = ( ( char ) 1 );
                     }
 
             }
@@ -12070,7 +12093,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 static BaseType_t prvCreateIdleTasks( void )
 {
-    BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
+    BaseType_t xReturn = ( ( ( char ) 1 ) );
     BaseType_t xCoreID;
     char cIdleName[ 16 ];
 
@@ -12079,7 +12102,7 @@ static BaseType_t prvCreateIdleTasks( void )
     {
         BaseType_t x;
 
-        if( xReturn == ( ( ( BaseType_t ) 0 ) ) )
+        if( xReturn == ( ( ( char ) 0 ) ) )
         {
             break;
         }
@@ -12124,7 +12147,7 @@ static BaseType_t prvCreateIdleTasks( void )
         {
                                     ;
         }
-// # 2964 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2972 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 if( xCoreID == 0 )
                 {
@@ -12136,7 +12159,7 @@ static BaseType_t prvCreateIdleTasks( void )
                                            ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */
                                            &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */
                 }
-// # 2987 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2995 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             }
 
     }
@@ -12156,7 +12179,7 @@ void vTaskStartScheduler( void )
 
     xReturn = prvCreateIdleTasks();
 
-    if( xReturn == ( ( ( BaseType_t ) 1 ) ) )
+    if( xReturn == ( ( ( char ) 1 ) ) )
     {
         /* freertos_tasks_c_additions_init() should only be called if the user
          * definable macro FREERTOS_TASKS_C_ADDITIONS_INIT() is defined, as that is
@@ -12173,9 +12196,9 @@ void vTaskStartScheduler( void )
          * so interrupts will automatically get re-enabled when the first task
          * starts to run. */
         assert_fct(false);
-// # 3037 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3045 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL;
-        xSchedulerRunning = ( ( BaseType_t ) 1 );
+        xSchedulerRunning = ( ( char ) 1 );
         xTickCount = ( TickType_t ) 0;
 
         /* If configGENERATE_RUN_TIME_STATS is defined then the following
@@ -12190,7 +12213,7 @@ void vTaskStartScheduler( void )
 
         /* Setting up the timer tick is hardware specific and thus in the
          * portable interface. */
-        if( xPortStartScheduler() != ( ( BaseType_t ) 0 ) )
+        if( xPortStartScheduler() != ( ( char ) 0 ) )
         {
             /* Should not reach here as if the scheduler is running the
              * function will not return. */
@@ -12205,7 +12228,7 @@ void vTaskStartScheduler( void )
         /* This line will only be reached if the kernel could not be started,
          * because there was not enough FreeRTOS heap to create the idle task
          * or the timer task. */
-        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3068, "xReturn != ( -1 )") : (void)0);
+        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3076, "xReturn != ( -1 )") : (void)0);
     }
 
     /* Prevent compiler warnings if INCLUDE_xTaskGetIdleTaskHandle is set to 0,
@@ -12224,7 +12247,7 @@ void vTaskEndScheduler( void )
      * routine so the original ISRs can be restored if necessary.  The port
      * layer must ensure interrupts enable  bit is left in the correct state. */
     assert_fct(false);
-    xSchedulerRunning = ( ( BaseType_t ) 0 );
+    xSchedulerRunning = ( ( char ) 0 );
     vPortEndScheduler();
 }
 /*----------------------------------------------------------*/
@@ -12236,7 +12259,7 @@ void vTaskSuspendAll( void )
     /* This must only be called from within a task */
                           ;
 
-    if( xSchedulerRunning != ( ( BaseType_t ) 0 ) )
+    if( xSchedulerRunning != ( ( char ) 0 ) )
     {
         /* writes to uxSchedulerSuspended must be protected by both the task AND ISR locks.
          * We must disable interrupts before we grab the locks in the event that this task is
@@ -12249,13 +12272,13 @@ void vTaskSuspendAll( void )
          * do not otherwise exhibit real time behaviour. */
                               ;
 
-        vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 1 ));
-        vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 1 ));
+        vPortRecursiveLock(1, spin_lock_instance(15), ( ( char ) 1 ));
+        vPortRecursiveLock(0, spin_lock_instance(14), ( ( char ) 1 ));
 
         /* The scheduler is suspended if uxSchedulerSuspended is non-zero.  An increment
          * is used to allow calls to vTaskSuspendAll() to nest. */
         ++uxSchedulerSuspended;
-        vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 0 ));
+        vPortRecursiveLock(0, spin_lock_instance(14), ( ( char ) 0 ));
 
         if( ( uxSchedulerSuspended == 1U ) && ( xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0U ) )
         {
@@ -12270,15 +12293,15 @@ void vTaskSuspendAll( void )
     }
 }
 /*----------------------------------------------------------*/
-// # 3195 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3203 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskResumeAll( void )
 {
     TCB_t * pxTCB = 0;
-    BaseType_t xAlreadyYielded = ( ( BaseType_t ) 0 );
+    BaseType_t xAlreadyYielded = ( ( char ) 0 );
 
-    if( xSchedulerRunning != ( ( BaseType_t ) 0 ) )
+    if( xSchedulerRunning != ( ( char ) 0 ) )
     {
         /* It is possible that an ISR caused a task to be removed from an event
          * list while the scheduler was suspended.  If this was the case then the
@@ -12293,18 +12316,18 @@ BaseType_t xTaskResumeAll( void )
 
             /* If uxSchedulerSuspended is zero then this function does not match a
              * previous call to vTaskSuspendAll(). */
-            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3217, "uxSchedulerSuspended") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3225, "uxSchedulerSuspended") : (void)0);
 
             --uxSchedulerSuspended;
-            vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 0 ));
+            vPortRecursiveLock(1, spin_lock_instance(15), ( ( char ) 0 ));
 
-            if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
+            if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) )
             {
                 if( uxCurrentNumberOfTasks > ( UBaseType_t ) 0U )
                 {
                     /* Move any readied tasks from the pending list into the
                      * appropriate ready list. */
-                    while( ( ( ( &xPendingReadyList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) == ( ( BaseType_t ) 0 ) )
+                    while( ( ( ( &xPendingReadyList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) == ( ( char ) 0 ) )
                     {
                         pxTCB = ( ( &( ( ( &xPendingReadyList ) )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
                         ( void ) uxListRemove( &( pxTCB->xEventListItem ) );
@@ -12343,11 +12366,11 @@ BaseType_t xTaskResumeAll( void )
                         {
                             do
                             {
-                                if( xTaskIncrementTick() != ( ( BaseType_t ) 0 ) )
+                                if( xTaskIncrementTick() != ( ( char ) 0 ) )
                                 {
                                     /* other cores are interrupted from
                                      * within xTaskIncrementTick(). */
-                                    xYieldPendings[ xCoreID ] = ( ( BaseType_t ) 1 );
+                                    xYieldPendings[ xCoreID ] = ( ( char ) 1 );
                                 }
                                 else
                                 {
@@ -12365,12 +12388,12 @@ BaseType_t xTaskResumeAll( void )
                         }
                     }
 
-                    if( xYieldPendings[ xCoreID ] != ( ( BaseType_t ) 0 ) )
+                    if( xYieldPendings[ xCoreID ] != ( ( char ) 0 ) )
                     {
                         /* If xYieldPendings is true then taskEXIT_CRITICAL()
                          * will yield, so make sure we return true to let the
                          * caller know a yield has already happened. */
-                        xAlreadyYielded = ( ( BaseType_t ) 1 );
+                        xAlreadyYielded = ( ( char ) 1 );
                     }
                 }
             }
@@ -12451,7 +12474,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     /* If null is passed in here then the name of the calling task is being
      * queried. */
     pxTCB = ( ( ( xTaskToQuery ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToQuery ) );
-    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3375, "pxTCB") : (void)0);
+    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3383, "pxTCB") : (void)0);
     return &( pxTCB->pcTaskName[ 0 ] );
 }
 /*-----------------------------------------------------------*/
@@ -12489,7 +12512,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
 
                 /* Check each character in the name looking for a match or
                  * mismatch. */
-                xBreakLoop = ( ( BaseType_t ) 0 );
+                xBreakLoop = ( ( char ) 0 );
 
                 for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) 16; x++ )
                 {
@@ -12498,21 +12521,21 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                     if( cNextChar != pcNameToQuery[ x ] )
                     {
                         /* Characters didn't match. */
-                        xBreakLoop = ( ( BaseType_t ) 1 );
+                        xBreakLoop = ( ( char ) 1 );
                     }
                     else if( cNextChar == ( char ) 0x00 )
                     {
                         /* Both strings terminated, a match must have been
                          * found. */
                         pxReturn = pxNextTCB;
-                        xBreakLoop = ( ( BaseType_t ) 1 );
+                        xBreakLoop = ( ( char ) 1 );
                     }
                     else
                     {
                                                 ;
                     }
 
-                    if( xBreakLoop != ( ( BaseType_t ) 0 ) )
+                    if( xBreakLoop != ( ( char ) 0 ) )
                     {
                         break;
                     }
@@ -12544,7 +12567,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
         TCB_t * pxTCB;
 
         /* Task names will be truncated to configMAX_TASK_NAME_LEN - 1 bytes. */
-        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3468, "strlen( pcNameToQuery ) < 16") : (void)0);
+        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3476, "strlen( pcNameToQuery ) < 16") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12640,7 +12663,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                          * each task in the Suspended state. */
                         uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended );
                     }
-// # 3578 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3586 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         if( pulTotalRunTime != 0 )
                         {
@@ -12668,7 +12691,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     {
         /* If xTaskGetIdleTaskHandle() is called before the scheduler has been
          * started, then xIdleTaskHandle will be NULL. */
-        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3605, "( xIdleTaskHandle != 0 )") : (void)0);
+        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3613, "( xIdleTaskHandle != 0 )") : (void)0);
         return &( xIdleTaskHandle[ 0 ] );
     }
 
@@ -12679,7 +12702,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
  * This is to ensure vTaskStepTick() is available when user defined low power mode
  * implementations require configUSE_TICKLESS_IDLE to be set to a value other than
  * 1. */
-// # 3629 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3637 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
@@ -12688,7 +12711,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
 
     /* Must not be called with the scheduler suspended as the implementation
      * relies on xPendedTicks being wound down to 0 in xTaskResumeAll(). */
-    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3637, "uxSchedulerSuspended == 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3645, "uxSchedulerSuspended == 0") : (void)0);
 
     /* Use xPendedTicks to mimic xTicksToCatchUp number of ticks occurring when
      * the scheduler is suspended so the ticks are executed in xTaskResumeAll(). */
@@ -12707,7 +12730,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
         TCB_t * pxTCB = xTask;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3656, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3664, "pxTCB") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12715,7 +12738,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
              * it is actually in the Blocked state. */
             if( eTaskGetState( xTask ) == eBlocked )
             {
-                xReturn = ( ( ( BaseType_t ) 1 ) );
+                xReturn = ( ( ( char ) 1 ) );
 
                 /* Remove the reference to the task from the blocked list.  An
                  * interrupt won't touch the xStateListItem because the
@@ -12735,7 +12758,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
                         /* This lets the task know it was forcibly removed from the
                          * blocked state so it should not re-evaluate its block time and
                          * then block again. */
-                        pxTCB->ucDelayAborted = ( ( BaseType_t ) 1 );
+                        pxTCB->ucDelayAborted = ( ( char ) 1 );
                     }
                     else
                     {
@@ -12753,7 +12776,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
                     {
                         vTaskEnterCritical();
                         {
-                            prvYieldForTask( pxTCB, ( ( BaseType_t ) 0 ) );
+                            prvYieldForTask( pxTCB, ( ( char ) 0 ) );
                         }
                         vTaskExitCritical();
                     }
@@ -12761,7 +12784,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
             }
             else
             {
-                xReturn = ( ( ( BaseType_t ) 0 ) );
+                xReturn = ( ( ( char ) 0 ) );
             }
         }
         ( void ) xTaskResumeAll();
@@ -12776,11 +12799,11 @@ BaseType_t xTaskIncrementTick( void )
 {
     TCB_t * pxTCB;
     TickType_t xItemValue;
-    BaseType_t xSwitchRequired = ( ( BaseType_t ) 0 );
+    BaseType_t xSwitchRequired = ( ( char ) 0 );
 
 
         UBaseType_t x;
-        BaseType_t xCoreYieldList[ 1 ] = { ( ( BaseType_t ) 0 ) };
+        BaseType_t xCoreYieldList[ 1 ] = { ( ( char ) 0 ) };
 
 
     vTaskEnterCritical();
@@ -12794,7 +12817,7 @@ BaseType_t xTaskIncrementTick( void )
          * responsibility to increment the tick, or increment the pended ticks if the
          * scheduler is suspended.  If pended ticks is greater than zero, the core that
          * calls xTaskResumeAll has the responsibility to increment the tick. */
-        if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
+        if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) )
         {
             /* Minor optimisation.  The tick count cannot change in this
              * block. */
@@ -12806,7 +12829,7 @@ BaseType_t xTaskIncrementTick( void )
 
             if( xConstTickCount == ( TickType_t ) 0U ) /*lint !e774 'if' does not always evaluate to false as it is looking for an overflow. */
             {
-                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3755, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
+                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3763, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
             }
             else
             {
@@ -12821,7 +12844,7 @@ BaseType_t xTaskIncrementTick( void )
             {
                 for( ; ; )
                 {
-                    if( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) != ( ( BaseType_t ) 0 ) )
+                    if( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) != ( ( char ) 0 ) )
                     {
                         /* The delayed list is empty.  Set xNextTaskUnblockTime
                          * to the maximum possible value so it is extremely
@@ -12877,7 +12900,7 @@ BaseType_t xTaskIncrementTick( void )
                          * context switch if preemption is turned off. */
 
                             {
-                                prvYieldForTask( pxTCB, ( ( BaseType_t ) 1 ) );
+                                prvYieldForTask( pxTCB, ( ( char ) 1 ) );
                             }
 
                     }
@@ -12898,7 +12921,7 @@ BaseType_t xTaskIncrementTick( void )
                     {
                         if( ( ( &( pxReadyTasksLists[ pxCurrentTCBs[ x ]->uxPriority ] ) )->uxNumberOfItems ) > ( UBaseType_t ) 1 )
                         {
-                            xCoreYieldList[ x ] = ( ( BaseType_t ) 1 );
+                            xCoreYieldList[ x ] = ( ( char ) 1 );
                         }
                         else
                         {
@@ -12927,9 +12950,9 @@ BaseType_t xTaskIncrementTick( void )
                 {
                     for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) 1; x++ )
                     {
-                        if( xYieldPendings[ x ] != ( ( BaseType_t ) 0 ) )
+                        if( xYieldPendings[ x ] != ( ( char ) 0 ) )
                         {
-                            xCoreYieldList[ x ] = ( ( BaseType_t ) 1 );
+                            xCoreYieldList[ x ] = ( ( char ) 1 );
                         }
                         else
                         {
@@ -12951,11 +12974,11 @@ BaseType_t xTaskIncrementTick( void )
 
 
                         {
-                            if( xCoreYieldList[ x ] != ( ( BaseType_t ) 0 ) )
+                            if( xCoreYieldList[ x ] != ( ( char ) 0 ) )
                             {
                                 if( x == xCoreID )
                                 {
-                                    xSwitchRequired = ( ( BaseType_t ) 1 );
+                                    xSwitchRequired = ( ( char ) 1 );
                                 }
                                 else
                                 {
@@ -12989,13 +13012,13 @@ BaseType_t xTaskIncrementTick( void )
     return xSwitchRequired;
 }
 /*-----------------------------------------------------------*/
-// # 3967 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3975 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3991 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3999 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4016 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4024 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4049 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4057 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 void vTaskSwitchContext( BaseType_t xCoreID )
@@ -13008,24 +13031,24 @@ void vTaskSwitchContext( BaseType_t xCoreID )
      *  and move on if another core suspended the scheduler. We should only
      *  do that if the current core has suspended the scheduler. */
 
-    vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 1 )); /* Must always acquire the task lock first */
-    vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 1 ));
+    vPortRecursiveLock(1, spin_lock_instance(15), ( ( char ) 1 )); /* Must always acquire the task lock first */
+    vPortRecursiveLock(0, spin_lock_instance(14), ( ( char ) 1 ));
     {
         /* vTaskSwitchContext() must never be called from within a critical section.
          * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */
-        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4066, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
+        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4074, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
 
-        if( uxSchedulerSuspended != ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
+        if( uxSchedulerSuspended != ( UBaseType_t ) ( ( char ) 0 ) )
         {
             /* The scheduler is currently suspended - do not allow a context
              * switch. */
-            xYieldPendings[ xCoreID ] = ( ( BaseType_t ) 1 );
+            xYieldPendings[ xCoreID ] = ( ( char ) 1 );
         }
         else
         {
-            xYieldPendings[ xCoreID ] = ( ( BaseType_t ) 0 );
+            xYieldPendings[ xCoreID ] = ( ( char ) 0 );
                                     ;
-// # 4107 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4115 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             /* Check for stack overflow, if configured. */
             { const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } };
 
@@ -13042,18 +13065,18 @@ void vTaskSwitchContext( BaseType_t xCoreID )
                                    ;
 
             /* After the new task is switched in, update the global errno. */
-// # 4141 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4149 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
     }
-    vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 0 ));
-    vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 0 ));
+    vPortRecursiveLock(0, spin_lock_instance(14), ( ( char ) 0 ));
+    vPortRecursiveLock(1, spin_lock_instance(15), ( ( char ) 0 ));
 }
 /*-----------------------------------------------------------*/
 
 void vTaskPlaceOnEventList( List_t * const pxEventList,
                             const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4151, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4159, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH EITHER INTERRUPTS DISABLED OR THE
      * SCHEDULER SUSPENDED AND THE QUEUE BEING ACCESSED LOCKED. */
@@ -13064,7 +13087,7 @@ void vTaskPlaceOnEventList( List_t * const pxEventList,
      * list is locked, preventing simultaneous access from interrupts. */
     vListInsert( pxEventList, &( xTaskGetCurrentTaskHandle()->xEventListItem ) );
 
-    prvAddCurrentTaskToDelayedList( xTicksToWait, ( ( BaseType_t ) 1 ) );
+    prvAddCurrentTaskToDelayedList( xTicksToWait, ( ( char ) 1 ) );
 }
 /*-----------------------------------------------------------*/
 
@@ -13072,11 +13095,11 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                      const TickType_t xItemValue,
                                      const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4170, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4178, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event groups implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4174, "uxSchedulerSuspended != 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4182, "uxSchedulerSuspended != 0") : (void)0);
 
     /* Store the item value in the event list item.  It is safe to access the
      * event list item here as interrupts won't access the event list item of a
@@ -13090,7 +13113,7 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
      * the task level). */
     vListInsertEnd( pxEventList, &( xTaskGetCurrentTaskHandle()->xEventListItem ) );
 
-    prvAddCurrentTaskToDelayedList( xTicksToWait, ( ( BaseType_t ) 1 ) );
+    prvAddCurrentTaskToDelayedList( xTicksToWait, ( ( char ) 1 ) );
 }
 /*-----------------------------------------------------------*/
 
@@ -13100,7 +13123,7 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                           TickType_t xTicksToWait,
                                           const BaseType_t xWaitIndefinitely )
     {
-        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4198, "pxEventList") : (void)0);
+        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4206, "pxEventList") : (void)0);
 
         /* This function should not be called by application code hence the
          * 'Restricted' in its name.  It is not part of the public API.  It is
@@ -13117,7 +13140,7 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
         /* If the task should block indefinitely then set the block time to a
          * value that will be recognised as an indefinite delay inside the
          * prvAddCurrentTaskToDelayedList() function. */
-        if( xWaitIndefinitely != ( ( BaseType_t ) 0 ) )
+        if( xWaitIndefinitely != ( ( char ) 0 ) )
         {
             xTicksToWait = ( TickType_t ) 0xffffffffUL;
         }
@@ -13148,14 +13171,14 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
      * This function assumes that a check has already been made to ensure that
      * pxEventList is not empty. */
     pxUnblockedTCB = ( ( &( ( pxEventList )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4246, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4254, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( &( pxUnblockedTCB->xEventListItem ) );
 
-    if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
+    if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) )
     {
         ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) );
         ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ;
-// # 4267 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4275 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
     else
     {
@@ -13164,13 +13187,13 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
         vListInsertEnd( &( xPendingReadyList ), &( pxUnblockedTCB->xEventListItem ) );
     }
 
-    xReturn = ( ( BaseType_t ) 0 );
+    xReturn = ( ( char ) 0 );
 
-        prvYieldForTask( pxUnblockedTCB, ( ( BaseType_t ) 0 ) );
+        prvYieldForTask( pxUnblockedTCB, ( ( char ) 0 ) );
 
-        if( xYieldPendings[ 0 ] != ( ( BaseType_t ) 0 ) )
+        if( xYieldPendings[ 0 ] != ( ( char ) 0 ) )
         {
-            xReturn = ( ( BaseType_t ) 1 );
+            xReturn = ( ( char ) 1 );
         }
 
 
@@ -13185,7 +13208,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event flags implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != ( ( BaseType_t ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4296, "uxSchedulerSuspended != ( ( BaseType_t ) 0 )") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != ( ( char ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4304, "uxSchedulerSuspended != ( ( char ) 0 )") : (void)0);
 
     /* Store the new item value in the event list. */
     ( ( pxEventListItem )->xItemValue = ( xItemValue | 0x80000000UL ) );
@@ -13193,9 +13216,9 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
     /* Remove the event list form the event flag.  Interrupts do not access
      * event flags. */
     pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4304, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4312, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( pxEventListItem );
-// # 4321 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4329 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Remove the task from the delayed list and add it to the ready list.  The
      * scheduler is suspended so interrupts will not be accessing the ready
      * lists. */
@@ -13205,7 +13228,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
         vTaskEnterCritical();
         {
-            prvYieldForTask( pxUnblockedTCB, ( ( BaseType_t ) 0 ) );
+            prvYieldForTask( pxUnblockedTCB, ( ( char ) 0 ) );
         }
         vTaskExitCritical();
 
@@ -13214,7 +13237,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
 void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut )
 {
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4339, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4347, "pxTimeOut") : (void)0);
     vTaskEnterCritical();
     {
         pxTimeOut->xOverflowCount = xNumOfOverflows;
@@ -13237,8 +13260,8 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
 {
     BaseType_t xReturn;
 
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4362, "pxTimeOut") : (void)0);
-    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4363, "pxTicksToWait") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4370, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4371, "pxTicksToWait") : (void)0);
 
     vTaskEnterCritical();
     {
@@ -13247,12 +13270,12 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
         const TickType_t xElapsedTime = xConstTickCount - pxTimeOut->xTimeOnEntering;
 
 
-            if( xTaskGetCurrentTaskHandle()->ucDelayAborted != ( uint8_t ) ( ( BaseType_t ) 0 ) )
+            if( xTaskGetCurrentTaskHandle()->ucDelayAborted != ( uint8_t ) ( ( char ) 0 ) )
             {
                 /* The delay was aborted, which is not the same as a time out,
                  * but has the same result. */
-                xTaskGetCurrentTaskHandle()->ucDelayAborted = ( ( BaseType_t ) 0 );
-                xReturn = ( ( BaseType_t ) 1 );
+                xTaskGetCurrentTaskHandle()->ucDelayAborted = ( ( char ) 0 );
+                xReturn = ( ( char ) 1 );
             }
             else
 
@@ -13263,7 +13286,7 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
                 /* If INCLUDE_vTaskSuspend is set to 1 and the block time
                  * specified is the maximum block time then the task should block
                  * indefinitely, and therefore never time out. */
-                xReturn = ( ( BaseType_t ) 0 );
+                xReturn = ( ( char ) 0 );
             }
             else
 
@@ -13275,7 +13298,7 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
              * vTaskSetTimeOut() was called.  It must have wrapped all the way
              * around and gone past again. This passed since vTaskSetTimeout()
              * was called. */
-            xReturn = ( ( BaseType_t ) 1 );
+            xReturn = ( ( char ) 1 );
             *pxTicksToWait = ( TickType_t ) 0;
         }
         else if( xElapsedTime < *pxTicksToWait ) /*lint !e961 Explicit casting is only redundant with some compilers, whereas others require it to prevent integer conversion errors. */
@@ -13283,12 +13306,12 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
             /* Not a genuine timeout. Adjust parameters for time remaining. */
             *pxTicksToWait -= xElapsedTime;
             vTaskInternalSetTimeOutState( pxTimeOut );
-            xReturn = ( ( BaseType_t ) 0 );
+            xReturn = ( ( char ) 0 );
         }
         else
         {
             *pxTicksToWait = ( TickType_t ) 0;
-            xReturn = ( ( BaseType_t ) 1 );
+            xReturn = ( ( char ) 1 );
         }
     }
     vTaskExitCritical();
@@ -13300,7 +13323,7 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
 void vTaskMissedYield( void )
 {
     /* Must be called from within a critical section */
-    xYieldPendings[ 0 ] = ( ( BaseType_t ) 1 );
+    xYieldPendings[ 0 ] = ( ( char ) 1 );
 }
 /*-----------------------------------------------------------*/
 
@@ -13360,7 +13383,7 @@ void vTaskMissedYield( void )
  *
  * @todo additional conditional compiles to remove this function.
  */
-// # 4545 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4553 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * -----------------------------------------------------------
  * The Idle task.
@@ -13390,7 +13413,7 @@ static void prvIdleTask( void * pvParameters )
         /* See if any tasks have deleted themselves - if so then the idle task
          * is responsible for freeing the deleted task's TCB and stack. */
         prvCheckTasksWaitingTermination();
-// # 4586 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4594 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 /* When using preemption tasks of equal priority will be
                  * timesliced.  If a task that is sharing the idle priority is ready
@@ -13411,16 +13434,16 @@ static void prvIdleTask( void * pvParameters )
                                             ;
                 }
             }
-// # 4622 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4630 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         /* This conditional compilation should use inequality to 0, not equality
          * to 1.  This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when
          * user defined low power mode  implementations require
          * configUSE_TICKLESS_IDLE to be set to a value other than 1. */
-// # 4687 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4695 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 }
 /*-----------------------------------------------------------*/
-// # 4737 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4745 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13434,7 +13457,7 @@ static void prvIdleTask( void * pvParameters )
         if( xIndex < 5 )
         {
             pxTCB = ( ( ( xTaskToSet ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSet ) );
-            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4750, "pxTCB != 0") : (void)0);
+            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4758, "pxTCB != 0") : (void)0);
             pxTCB->pvThreadLocalStoragePointers[ xIndex ] = pvValue;
         }
     }
@@ -13465,7 +13488,7 @@ static void prvIdleTask( void * pvParameters )
 
 
 /*-----------------------------------------------------------*/
-// # 4797 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4805 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvInitialiseTaskLists( void )
@@ -13567,7 +13590,7 @@ static void prvCheckTasksWaitingTermination( void )
             {
                 pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority;
             }
-// # 4909 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4917 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 pxTaskStatus->ulRunTimeCounter = 0;
             }
@@ -13613,7 +13636,7 @@ static void prvCheckTasksWaitingTermination( void )
 
         /* Obtaining the stack space takes some time, so the xGetFreeStackSpace
          * parameter is provided to allow it to be skipped. */
-        if( xGetFreeStackSpace != ( ( BaseType_t ) 0 ) )
+        if( xGetFreeStackSpace != ( ( char ) 0 ) )
         {
 
 
@@ -13664,7 +13687,7 @@ static void prvCheckTasksWaitingTermination( void )
             do
             {
                 { List_t * pxConstList = ( pxList ); ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; if( ( void * ) ( pxConstList )->pxIndex == ( void * ) &( ( pxConstList )->xListEnd ) ) { ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; } ( pxNextTCB ) = ( pxConstList )->pxIndex->pvOwner; }; /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-                vTaskGetInfo( ( TaskHandle_t ) pxNextTCB, &( pxTaskStatusArray[ uxTask ] ), ( ( BaseType_t ) 1 ), eState );
+                vTaskGetInfo( ( TaskHandle_t ) pxNextTCB, &( pxTaskStatusArray[ uxTask ] ), ( ( char ) 1 ), eState );
                 uxTask++;
             } while( pxNextTCB != pxFirstTCB );
         }
@@ -13698,7 +13721,7 @@ static void prvCheckTasksWaitingTermination( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5078 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5086 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13755,7 +13778,7 @@ static void prvCheckTasksWaitingTermination( void )
                 free( (void*) pxTCB->pxStack);
                 free( (void*) pxTCB);
             }
-// # 5161 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5169 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 
 
@@ -13763,7 +13786,7 @@ static void prvCheckTasksWaitingTermination( void )
 
 static void prvResetNextTaskUnblockTime( void )
 {
-    if( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( BaseType_t ) 1 ) : ( ( BaseType_t ) 0 ) ) != ( ( BaseType_t ) 0 ) )
+    if( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) != ( ( char ) 0 ) )
     {
         /* The new current delayed list is empty.  Set xNextTaskUnblockTime to
          * the maximum possible value so it is  extremely unlikely that the
@@ -13800,7 +13823,7 @@ static void prvResetNextTaskUnblockTime( void )
     {
         TaskHandle_t xReturn = 0;
 
-        if( ( ( BaseType_t ) ( ( 0 <= xCoreID ) && ( xCoreID < 1 ) ) ) != ( ( BaseType_t ) 0 ) )
+        if( ( ( BaseType_t ) ( ( 0 <= xCoreID ) && ( xCoreID < 1 ) ) ) != ( ( char ) 0 ) )
         {
             xReturn = pxCurrentTCBs[ xCoreID ];
         }
@@ -13817,7 +13840,7 @@ static void prvResetNextTaskUnblockTime( void )
     {
         BaseType_t xReturn;
 
-        if( xSchedulerRunning == ( ( BaseType_t ) 0 ) )
+        if( xSchedulerRunning == ( ( char ) 0 ) )
         {
             xReturn = ( ( BaseType_t ) 1 );
         }
@@ -13825,7 +13848,7 @@ static void prvResetNextTaskUnblockTime( void )
         {
             vTaskEnterCritical();
             {
-                if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
+                if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) )
                 {
                     xReturn = ( ( BaseType_t ) 2 );
                 }
@@ -13855,7 +13878,7 @@ static void prvResetNextTaskUnblockTime( void )
 
 
 
-        BaseType_t xReturn = ( ( BaseType_t ) 0 );
+        BaseType_t xReturn = ( ( char ) 0 );
 
         /* If the mutex was given back by an interrupt while the queue was
          * locked then the mutex holder might now be NULL.  _RB_ Is this still
@@ -13881,7 +13904,7 @@ static void prvResetNextTaskUnblockTime( void )
 
                 /* If the task being modified is in the ready state it will need
                  * to be moved into a new list. */
-                if( ( ( ( &( pxMutexHolderTCB->xStateListItem ) )->pxContainer == ( &( pxReadyTasksLists[ pxMutexHolderTCB->uxPriority ] ) ) ) ? ( ( ( BaseType_t ) 1 ) ) : ( ( ( BaseType_t ) 0 ) ) ) != ( ( BaseType_t ) 0 ) )
+                if( ( ( ( &( pxMutexHolderTCB->xStateListItem ) )->pxContainer == ( &( pxReadyTasksLists[ pxMutexHolderTCB->uxPriority ] ) ) ) ? ( ( ( char ) 1 ) ) : ( ( ( char ) 0 ) ) ) != ( ( char ) 0 ) )
                 {
                     if( uxListRemove( &( pxMutexHolderTCB->xStateListItem ) ) == ( UBaseType_t ) 0 )
                     {
@@ -13908,7 +13931,7 @@ static void prvResetNextTaskUnblockTime( void )
                                                                                         ;
 
                 /* Inheritance occurred. */
-                xReturn = ( ( BaseType_t ) 1 );
+                xReturn = ( ( char ) 1 );
             }
             else
             {
@@ -13921,7 +13944,7 @@ static void prvResetNextTaskUnblockTime( void )
                      * Therefore the mutex holder must have already inherited a
                      * priority, but inheritance would have occurred if that had
                      * not been the case. */
-                    xReturn = ( ( BaseType_t ) 1 );
+                    xReturn = ( ( char ) 1 );
                 }
                 else
                 {
@@ -13952,7 +13975,7 @@ static void prvResetNextTaskUnblockTime( void )
 
 
 
-        BaseType_t xReturn = ( ( BaseType_t ) 0 );
+        BaseType_t xReturn = ( ( char ) 0 );
 
         if( pxMutexHolder != 0 )
         {
@@ -13960,8 +13983,8 @@ static void prvResetNextTaskUnblockTime( void )
              * If the mutex is held by a task then it cannot be given from an
              * interrupt, and if a mutex is given by the holding task then it must
              * be the running state task. */
-            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5365, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5366, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5373, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5374, "pxTCB->uxMutexesHeld") : (void)0);
             ( pxTCB->uxMutexesHeld )--;
 
             /* Has the holder of the mutex inherited the priority of another
@@ -14004,7 +14027,7 @@ static void prvResetNextTaskUnblockTime( void )
                      * returned, even if a task was waiting on it, then a context
                      * switch should occur when the last mutex is returned whether
                      * a task is waiting on it or not. */
-                    xReturn = ( ( BaseType_t ) 1 );
+                    xReturn = ( ( char ) 1 );
                 }
                 else
                 {
@@ -14047,7 +14070,7 @@ static void prvResetNextTaskUnblockTime( void )
         {
             /* If pxMutexHolder is not NULL then the holder must hold at least
              * one mutex. */
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5452, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5460, "pxTCB->uxMutexesHeld") : (void)0);
 
             /* Determine the priority to which the priority of the task that
              * holds the mutex should be set.  This will be the greater of the
@@ -14074,7 +14097,7 @@ static void prvResetNextTaskUnblockTime( void )
                     /* If a task has timed out because it already holds the
                      * mutex it was trying to obtain then it cannot of inherited
                      * its own priority. */
-                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5479, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
+                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5487, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
 
                     /* Disinherit the priority, remembering the previous
                      * priority to facilitate determining the subject task's
@@ -14100,7 +14123,7 @@ static void prvResetNextTaskUnblockTime( void )
                      * from its current state list if it is in the Ready state as
                      * the task's priority is going to change and there is one
                      * Ready list per priority. */
-                    if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &( pxReadyTasksLists[ uxPriorityUsedOnEntry ] ) ) ) ? ( ( ( BaseType_t ) 1 ) ) : ( ( ( BaseType_t ) 0 ) ) ) != ( ( BaseType_t ) 0 ) )
+                    if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &( pxReadyTasksLists[ uxPriorityUsedOnEntry ] ) ) ) ? ( ( ( char ) 1 ) ) : ( ( ( char ) 0 ) ) ) != ( ( char ) 0 ) )
                     {
                         if( uxListRemove( &( pxTCB->xStateListItem ) ) == ( UBaseType_t ) 0 )
                         {
@@ -14153,7 +14176,7 @@ void vTaskYieldWithinAPI( void )
     }
     else
     {
-        xYieldPendings[ 0 ] = ( ( BaseType_t ) 1 );
+        xYieldPendings[ 0 ] = ( ( char ) 1 );
     }
 }
 /*-----------------------------------------------------------*/
@@ -14164,16 +14187,16 @@ void vTaskYieldWithinAPI( void )
     {
         assert_fct(false);
 
-        if( xSchedulerRunning != ( ( BaseType_t ) 0 ) )
+        if( xSchedulerRunning != ( ( char ) 0 ) )
         {
             if( xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0U )
             {
-                if( assert_fct(false) == ( ( BaseType_t ) 0 ) )
+                if( assert_fct(false) == ( ( char ) 0 ) )
                 {
-                    vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 1 ));
+                    vPortRecursiveLock(1, spin_lock_instance(15), ( ( char ) 1 ));
                 }
 
-                vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 1 ));
+                vPortRecursiveLock(0, spin_lock_instance(14), ( ( char ) 1 ));
             }
 
             ( xTaskGetCurrentTaskHandle()->uxCriticalNesting )++;
@@ -14201,11 +14224,11 @@ void vTaskYieldWithinAPI( void )
 
     void vTaskExitCritical( void )
     {
-        if( xSchedulerRunning != ( ( BaseType_t ) 0 ) )
+        if( xSchedulerRunning != ( ( char ) 0 ) )
         {
             /* If pxCurrentTCB->uxCriticalNesting is zero then this function
              * does not match a previous call to vTaskEnterCritical(). */
-            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5610, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5618, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
 
             if( xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U )
             {
@@ -14213,18 +14236,18 @@ void vTaskYieldWithinAPI( void )
 
                 if( xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0U )
                 {
-                    vPortRecursiveLock(0, spin_lock_instance(14), ( ( BaseType_t ) 0 ));
+                    vPortRecursiveLock(0, spin_lock_instance(14), ( ( char ) 0 ));
 
-                    if( assert_fct(false) == ( ( BaseType_t ) 0 ) )
+                    if( assert_fct(false) == ( ( char ) 0 ) )
                     {
-                        vPortRecursiveLock(1, spin_lock_instance(15), ( ( BaseType_t ) 0 ));
+                        vPortRecursiveLock(1, spin_lock_instance(15), ( ( char ) 0 ));
                         vPortEnableInterrupts();
 
                         /* When a task yields in a critical section it just sets
                          * xYieldPending to true. So now that we have exited the
                          * critical section check if xYieldPending is true, and
                          * if so yield. */
-                        if( prvGetCurrentYieldPending() != ( ( BaseType_t ) 0 ) )
+                        if( prvGetCurrentYieldPending() != ( ( char ) 0 ) )
                         {
                             vPortYield();
                         }
@@ -14255,11 +14278,11 @@ void vTaskYieldWithinAPI( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5686 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5694 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 5792 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5800 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
-// # 5919 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5927 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 TickType_t uxTaskResetEventItemValue( void )
@@ -14301,7 +14324,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         uint32_t ulReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5960, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5968, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14313,7 +14336,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
                 if( xTicksToWait > ( TickType_t ) 0 )
                 {
-                    prvAddCurrentTaskToDelayedList( xTicksToWait, ( ( BaseType_t ) 1 ) );
+                    prvAddCurrentTaskToDelayedList( xTicksToWait, ( ( char ) 1 ) );
                                                                 ;
 
                     /* All ports are written to allow a yield in a critical
@@ -14341,7 +14364,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
             if( ulReturn != 0UL )
             {
-                if( xClearCountOnExit != ( ( BaseType_t ) 0 ) )
+                if( xClearCountOnExit != ( ( char ) 0 ) )
                 {
                     xTaskGetCurrentTaskHandle()->ulNotifiedValue[ uxIndexToWait ] = 0UL;
                 }
@@ -14375,7 +14398,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6034, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6042, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14392,7 +14415,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
                 if( xTicksToWait > ( TickType_t ) 0 )
                 {
-                    prvAddCurrentTaskToDelayedList( xTicksToWait, ( ( BaseType_t ) 1 ) );
+                    prvAddCurrentTaskToDelayedList( xTicksToWait, ( ( char ) 1 ) );
                                                                 ;
 
                     /* All ports are written to allow a yield in a critical
@@ -14431,14 +14454,14 @@ TickType_t uxTaskResetEventItemValue( void )
             if( xTaskGetCurrentTaskHandle()->ucNotifyState[ uxIndexToWait ] != ( ( uint8_t ) 2 ) )
             {
                 /* A notification was not received. */
-                xReturn = ( ( BaseType_t ) 0 );
+                xReturn = ( ( char ) 0 );
             }
             else
             {
                 /* A notification was already pending or a notification was
                  * received while the task was waiting. */
                 xTaskGetCurrentTaskHandle()->ulNotifiedValue[ uxIndexToWait ] &= ~ulBitsToClearOnExit;
-                xReturn = ( ( BaseType_t ) 1 );
+                xReturn = ( ( char ) 1 );
             }
 
             xTaskGetCurrentTaskHandle()->ucNotifyState[ uxIndexToWait ] = ( ( uint8_t ) 0 );
@@ -14460,11 +14483,11 @@ TickType_t uxTaskResetEventItemValue( void )
                                    uint32_t * pulPreviousNotificationValue )
     {
         TCB_t * pxTCB;
-        BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
+        BaseType_t xReturn = ( ( ( char ) 1 ) );
         uint8_t ucOriginalNotifyState;
 
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6122, "uxIndexToNotify < 1") : (void)0);
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6123, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6130, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6131, "xTaskToNotify") : (void)0);
         pxTCB = xTaskToNotify;
 
         vTaskEnterCritical();
@@ -14501,7 +14524,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     else
                     {
                         /* The value could not be written to the task. */
-                        xReturn = ( ( ( BaseType_t ) 0 ) );
+                        xReturn = ( ( ( char ) 0 ) );
                     }
 
                     break;
@@ -14517,7 +14540,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6176, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6184, "xTickCount == ( TickType_t ) 0") : (void)0);
 
                     break;
             }
@@ -14532,10 +14555,10 @@ TickType_t uxTaskResetEventItemValue( void )
                 ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
 
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6191, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
-// # 6210 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6199, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+// # 6218 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
-                        prvYieldForTask( pxTCB, ( ( BaseType_t ) 0 ) );
+                        prvYieldForTask( pxTCB, ( ( char ) 0 ) );
                     }
 
             }
@@ -14563,11 +14586,11 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         TCB_t * pxTCB;
         uint8_t ucOriginalNotifyState;
-        BaseType_t xReturn = ( ( ( BaseType_t ) 1 ) );
+        BaseType_t xReturn = ( ( ( char ) 1 ) );
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6242, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6243, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6250, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6251, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14622,7 +14645,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     else
                     {
                         /* The value could not be written to the task. */
-                        xReturn = ( ( ( BaseType_t ) 0 ) );
+                        xReturn = ( ( ( char ) 0 ) );
                     }
 
                     break;
@@ -14638,7 +14661,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6314, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6322, "xTickCount == ( TickType_t ) 0") : (void)0);
                     break;
             }
 
@@ -14649,9 +14672,9 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6325, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6333, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
-                if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
+                if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) )
                 {
                     ( void ) uxListRemove( &( pxTCB->xStateListItem ) );
                     ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
@@ -14664,13 +14687,13 @@ TickType_t uxTaskResetEventItemValue( void )
                 }
 
 
-                    prvYieldForTask( pxTCB, ( ( BaseType_t ) 0 ) );
+                    prvYieldForTask( pxTCB, ( ( char ) 0 ) );
 
-                    if( xYieldPendings[ 0 ] == ( ( BaseType_t ) 1 ) )
+                    if( xYieldPendings[ 0 ] == ( ( char ) 1 ) )
                     {
                         if( pxHigherPriorityTaskWoken != 0 )
                         {
-                            *pxHigherPriorityTaskWoken = ( ( BaseType_t ) 1 );
+                            *pxHigherPriorityTaskWoken = ( ( char ) 1 );
                         }
                     }
 
@@ -14694,8 +14717,8 @@ TickType_t uxTaskResetEventItemValue( void )
         uint8_t ucOriginalNotifyState;
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6370, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6371, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6378, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6379, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14733,9 +14756,9 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6409, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6417, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
-                if( uxSchedulerSuspended == ( UBaseType_t ) ( ( BaseType_t ) 0 ) )
+                if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) )
                 {
                     ( void ) uxListRemove( &( pxTCB->xStateListItem ) );
                     ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
@@ -14748,13 +14771,13 @@ TickType_t uxTaskResetEventItemValue( void )
                 }
 
 
-                    prvYieldForTask( pxTCB, ( ( BaseType_t ) 0 ) );
+                    prvYieldForTask( pxTCB, ( ( char ) 0 ) );
 
-                    if( xYieldPendings[ 0 ] == ( ( BaseType_t ) 1 ) )
+                    if( xYieldPendings[ 0 ] == ( ( char ) 1 ) )
                     {
                         if( pxHigherPriorityTaskWoken != 0 )
                         {
-                            *pxHigherPriorityTaskWoken = ( ( BaseType_t ) 1 );
+                            *pxHigherPriorityTaskWoken = ( ( char ) 1 );
                         }
                     }
 
@@ -14774,7 +14797,7 @@ TickType_t uxTaskResetEventItemValue( void )
         TCB_t * pxTCB;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6450, "uxIndexToClear < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6458, "uxIndexToClear < 1") : (void)0);
 
         /* If null is passed in here then it is the calling task that is having
          * its notification state cleared. */
@@ -14785,11 +14808,11 @@ TickType_t uxTaskResetEventItemValue( void )
             if( pxTCB->ucNotifyState[ uxIndexToClear ] == ( ( uint8_t ) 2 ) )
             {
                 pxTCB->ucNotifyState[ uxIndexToClear ] = ( ( uint8_t ) 0 );
-                xReturn = ( ( ( BaseType_t ) 1 ) );
+                xReturn = ( ( ( char ) 1 ) );
             }
             else
             {
-                xReturn = ( ( ( BaseType_t ) 0 ) );
+                xReturn = ( ( ( char ) 0 ) );
             }
         }
         vTaskExitCritical();
@@ -14827,7 +14850,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
 
 /*-----------------------------------------------------------*/
-// # 6519 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6527 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
@@ -14841,7 +14864,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
             /* About to enter a delayed list, so ensure the ucDelayAborted flag is
              * reset to pdFALSE so it can be detected as having been set to pdTRUE
              * when the task leaves the Blocked state. */
-            xTaskGetCurrentTaskHandle()->ucDelayAborted = ( ( BaseType_t ) 0 );
+            xTaskGetCurrentTaskHandle()->ucDelayAborted = ( ( char ) 0 );
         }
 
 
@@ -14860,7 +14883,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
 
 
         {
-            if( ( xTicksToWait == ( TickType_t ) 0xffffffffUL ) && ( xCanBlockIndefinitely != ( ( BaseType_t ) 0 ) ) )
+            if( ( xTicksToWait == ( TickType_t ) 0xffffffffUL ) && ( xCanBlockIndefinitely != ( ( char ) 0 ) ) )
             {
                 /* Add the task to the suspended task list instead of a delayed task
                  * list to ensure it is not woken by a timing event.  It will block
@@ -14903,7 +14926,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                 }
             }
         }
-// # 6631 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6639 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 
 /* Code below here allows additional code to be inserted into this source file,
diff --git a/verification/verifast/proof_setup/verifast_proof_defs.h b/verification/verifast/proof_setup/verifast_proof_defs.h
index 2f3da0f98ba..a3a28a9ae6f 100644
--- a/verification/verifast/proof_setup/verifast_proof_defs.h
+++ b/verification/verifast/proof_setup/verifast_proof_defs.h
@@ -9,6 +9,15 @@
     #define inline
     #define __always_inline
 
-    #undef assert
-    #define assert(x) BLUB(x)
+    /* `projdefs.h` defines `pdFALSE` and `pdTRUE` as 0 and 1 of type
+     * `BaseType_t`. Both are assigned to variables smaller or
+     * unsigned types. While that's safe in practice, it is not
+     * type safe. Hence we define 
+     */
+    #undef pdFALSE
+    #undef pdTRUE
+    #define pdFALSE             ( ( char ) 0 )
+    #define pdTRUE              ( ( char ) 1 )
+    #define pd_U_FALSE          ( ( unsigned char ) pdFALSE )
+    #define pd_U_TRUE           ( ( unsigned char ) pdTRUE )
 #endif /* VERIFAST_DEFS_H */

From b5f0b2f74db04b2f280eca99e043d261fdc6eb42 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Wed, 26 Oct 2022 10:08:29 -0400
Subject: [PATCH 065/289] Added snippet from RP2040 port.c to verification code
 base to allow verification of contract from portable.h

---
 include/portable.h                            |   2 +
 portable/ThirdParty/GCC/RP2040/port.c         |   2 +
 tasks.c                                       |   2 +
 .../preprocess_tasks_c.sh                     |   1 +
 .../verifast/preprocessed_files/tasks--pp.c   | 314 +++++++++++-------
 .../proof/snippets/rp2040_port_c_snippets.c   |  72 ++++
 verification/verifast/proof/task_predicates.h |   1 -
 7 files changed, 268 insertions(+), 126 deletions(-)
 create mode 100644 verification/verifast/proof/snippets/rp2040_port_c_snippets.c

diff --git a/include/portable.h b/include/portable.h
index e5afd4592f9..246a8373bc6 100644
--- a/include/portable.h
+++ b/include/portable.h
@@ -128,6 +128,8 @@
         StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
                                              TaskFunction_t pxCode,
                                              void * pvParameters ) PRIVILEGED_FUNCTION;
+        //@ requires true;
+        //@ ensures true;
     #endif
 #endif /* if ( portUSING_MPU_WRAPPERS == 1 ) */
 
diff --git a/portable/ThirdParty/GCC/RP2040/port.c b/portable/ThirdParty/GCC/RP2040/port.c
index bc77140e6e4..bc8f0ad4d01 100644
--- a/portable/ThirdParty/GCC/RP2040/port.c
+++ b/portable/ThirdParty/GCC/RP2040/port.c
@@ -170,6 +170,8 @@ static uint8_t ucPrimaryCoreNum = INVALID_PRIMARY_CORE_NUM;
 StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
                                      TaskFunction_t pxCode,
                                      void * pvParameters )
+//@ requires true;
+//@ ensures true;
 {
     /* Simulate the stack frame as it would be created by a context switch
      * interrupt. */
diff --git a/tasks.c b/tasks.c
index fc0ac831a46..cf4f475710e 100644
--- a/tasks.c
+++ b/tasks.c
@@ -51,6 +51,8 @@
     #include "verifast_RP2040_axioms.h"
     #include "verifast_prelude_extended.h"
     #include "verifast_asm.h"
+
+    #include "snippets/rp2040_port_c_snippets.c"
 #endif
 
 /* Lint e9021, e961 and e750 are suppressed as a MISRA exception justified
diff --git a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
index e2f340e8942..bb704d43d83 100755
--- a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
+++ b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
@@ -49,6 +49,7 @@ clang -E -C  -DFREE_RTOS_KERNEL_SMP=1 -DLIB_FREERTOS_KERNEL=1 -DLIB_PICO_BIT_OPS
 -I"$PROOF_FILES_DIR" \
 -I"$SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore" \
 -I"$REPO_BASE_DIR/portable/ThirdParty/GCC/RP2040/include" \
+-I"$REPO_BASE_DIR/portable/ThirdParty/GCC/RP2040" \
 -I"$REPO_BASE_DIR/include" \
 -I"$PICO_SDK_DIR/src/common/pico_base/include" \
 -I"$SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base" \
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index fcdd0719e92..91d2257e175 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -4449,6 +4449,8 @@ bool spin_lock_is_claimed(uint lock_num);
         StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
                                              TaskFunction_t pxCode,
                                              void * pvParameters ) ;
+        //@ requires true;
+        //@ ensures true;
 
 
 
@@ -4504,11 +4506,11 @@ void vPortGetHeapStats( HeapStats_t * pxHeapStats );
      * Reversely, calling `free` cleans up all the predicates instantiated
      * by `malloc`.
      */
-// # 197 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/portable.h"
+// # 199 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/portable.h"
 void vPortInitialiseBlocks( void ) ;
 size_t xPortGetFreeHeapSize( void ) ;
 size_t xPortGetMinimumEverFreeHeapSize( void ) ;
-// # 209 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/portable.h"
+// # 211 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/portable.h"
 /*
  * Setup the hardware ready for the scheduler to take control.  This generally
  * sets up a tick interrupt and sets timers for the correct tick frequency.
@@ -4529,7 +4531,7 @@ void vPortEndScheduler( void ) ;
  * Fills the xMPUSettings structure with the memory region information
  * contained in xRegions.
  */
-// # 237 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/portable.h"
+// # 239 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/portable.h"
 /* *INDENT-OFF* */
 
 
@@ -10115,6 +10117,68 @@ bool assert_fct(bool b)
  */
 // # 54 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/snippets/rp2040_port_c_snippets.c" 1
+/*
+ * This file contains code snippets from:
+ * portable/ThirdParty/GCC/RP2040/port.c
+ */
+
+
+
+// Note currently we support configNUM_CORES == 1 with SMP, thought it isn't 100% clear why you wouldn't
+// just use the non SMP version; keeping around for now in case the code bases are merged.
+
+
+/* Constants required to manipulate the NVIC. */
+// # 27 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/snippets/rp2040_port_c_snippets.c"
+/* Constants required to set up the initial stack. */
+
+
+/* The systick is a 24-bit counter. */
+
+
+/* A fiddle factor to estimate the number of SysTick counts that would have
+ * occurred while the SysTick counter is stopped during tickless idle
+ * calculations. */
+
+
+
+
+/* Let the user override the pre-loading of the initial LR with the address of
+ * prvTaskExitError() in case it messes up unwinding of the stack in the
+ * debugger. */
+
+
+
+
+
+
+
+/*
+ * See header file for description.
+ */
+StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
+                                     TaskFunction_t pxCode,
+                                     void * pvParameters )
+//@ requires true;
+//@ ensures true;
+{
+    /* Simulate the stack frame as it would be created by a context switch
+     * interrupt. */
+    pxTopOfStack--; /* Offset added to account for the way the MCU uses the stack on entry/exit of interrupts. */
+    *pxTopOfStack = ( 0x01000000 ); /* xPSR */
+    pxTopOfStack--;
+    *pxTopOfStack = ( StackType_t ) pxCode; /* PC */
+    pxTopOfStack--;
+    *pxTopOfStack = ( StackType_t ) prvTaskExitError; /* LR */
+    pxTopOfStack -= 5; /* R12, R3, R2 and R1. */
+    *pxTopOfStack = ( StackType_t ) pvParameters; /* R0 */
+    pxTopOfStack -= 8; /* R11..R4. */
+
+    return pxTopOfStack;
+}
+// # 56 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+
 
 /* Lint e9021, e961 and e750 are suppressed as a MISRA exception justified
  * because the MPU ports require MPU_WRAPPERS_INCLUDED_FROM_API_FILE to be defined
@@ -10124,7 +10188,7 @@ bool assert_fct(bool b)
 
 /* Set configUSE_STATS_FORMATTING_FUNCTIONS to 2 to include the stats formatting
  * functions but without including stdio.h here. */
-// # 82 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 84 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /* Values that can be assigned to the ucNotifyState member of the TCB. */
 
 
@@ -10181,18 +10245,18 @@ bool assert_fct(bool b)
 
 /* uxTopReadyPriority holds the priority of the highest priority ready
  * state task. */
-// # 146 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 148 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /*-----------------------------------------------------------*/
 
 /* Define away taskRESET_READY_PRIORITY() and portRESET_READY_PRIORITY() as
  * they are only required when a port optimised method of task selection is
  * being used. */
-// # 180 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 182 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 /* pxDelayedTaskList and pxOverflowDelayedTaskList are switched when the tick
  * count overflows. */
-// # 198 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 200 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 /*
@@ -10247,7 +10311,7 @@ typedef BaseType_t TaskRunning_t;
 typedef struct tskTaskControlBlock /* The old naming convention is used to prevent breaking kernel aware debuggers. */
 {
     volatile StackType_t * pxTopOfStack; /*< Points to the location of the last item placed on the tasks stack.  THIS MUST BE THE FIRST MEMBER OF THE TCB STRUCT. */
-// # 261 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 263 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     ListItem_t xStateListItem; /*< The list that the state list item of a task is reference from denotes the state of that task (Ready, Blocked, Suspended ). */
     ListItem_t xEventListItem; /*< Used to reference a task from an event list. */
     UBaseType_t uxPriority; /*< The priority of the task.  0 is the lowest priority. */
@@ -10255,7 +10319,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve
     volatile TaskRunning_t xTaskRunState; /*< Used to identify the core the task is running on, if any. */
     BaseType_t xIsIdle; /*< Used to identify the idle tasks. */
     char pcTaskName[ 16 ]; /*< Descriptive name given to the task when created.  Facilitates debugging only. */ /*lint !e971 Unqualified char types are allowed for strings and single characters only. */
-// # 278 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 280 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         UBaseType_t uxCriticalNesting; /*< Holds the critical section nesting depth for ports that do not maintain their own count in the port layer. */
 
 
@@ -10275,7 +10339,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve
 
 
         void * pvThreadLocalStoragePointers[ 5 ];
-// # 318 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 320 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         volatile uint32_t ulNotifiedValue[ 1 ];
         volatile uint8_t ucNotifyState[ 1 ];
 
@@ -10366,7 +10430,7 @@ const volatile UBaseType_t uxTopUsedPriority = 32 - 1U;
  * must not be done by an ISR. Reads must be protected by either lock and may be done by
  * either an ISR or a task. */
                 static volatile UBaseType_t uxSchedulerSuspended = ( UBaseType_t ) ( ( char ) 0 );
-// # 418 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 420 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*lint -restore */
 
 /*-----------------------------------------------------------*/
@@ -10519,7 +10583,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
  * will exit the Blocked state.
  */
 static void prvResetNextTaskUnblockTime( void ) ;
-// # 582 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 584 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * Called after a Task_t structure has been allocated either statically or
  * dynamically to fill in the structure's members.
@@ -10551,9 +10615,9 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) ;
 
 
 /*-----------------------------------------------------------*/
-// # 632 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 634 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 715 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 717 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvYieldCore( BaseType_t xCoreID )
@@ -10595,8 +10659,8 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
     /* THIS FUNCTION MUST BE CALLED FROM A CRITICAL SECTION */
 
-    (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 756, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
-// # 769 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+    (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 758, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+// # 771 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     xLowestPriority = ( BaseType_t ) pxTCB->uxPriority;
 
     if( xPreemptEqualPriority == ( ( char ) 0 ) )
@@ -10635,7 +10699,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
             {
                                         ;
             }
-// # 823 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 825 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
         else
         {
@@ -10648,7 +10712,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
         prvYieldCore( xLowestPriorityCore );
         xYieldCount++;
     }
-// # 843 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 845 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 /*-----------------------------------------------------------*/
 
@@ -10659,10 +10723,10 @@ static void prvYieldForTask( TCB_t * pxTCB,
         UBaseType_t uxCurrentPriority = uxTopReadyPriority;
         BaseType_t xTaskScheduled = ( ( char ) 0 );
         BaseType_t xDecrementTopPriority = ( ( char ) 1 );
-// # 861 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 863 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         while( xTaskScheduled == ( ( char ) 0 ) )
         {
-// # 875 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 877 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             if( ( ( ( &( pxReadyTasksLists[ uxCurrentPriority ] ) )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) == ( ( char ) 0 ) )
             {
 
@@ -10700,7 +10764,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     pxTCB = pxTaskItem->pvOwner;
 
                     /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */
-// # 928 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 930 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     if( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -1 ) )
                     {
 
@@ -10721,7 +10785,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     }
                     else if( pxTCB == pxCurrentTCBs[ xCoreID ] )
                     {
-                        (__builtin_expect(!(( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 948, "( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )") : (void)0);
+                        (__builtin_expect(!(( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 950, "( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )") : (void)0);
 
 
 
@@ -10765,21 +10829,21 @@ static void prvYieldForTask( TCB_t * pxTCB,
                 return ( ( char ) 0 );
             }
 
-            (__builtin_expect(!(( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( char ) 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 992, "( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( char ) 1 ) )") : (void)0);
+            (__builtin_expect(!(( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( char ) 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 994, "( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( char ) 1 ) )") : (void)0);
             uxCurrentPriority--;
         }
 
-        (__builtin_expect(!(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 996, "( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )") : (void)0);
-// # 1072 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+        (__builtin_expect(!(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 998, "( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )") : (void)0);
+// # 1074 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         return ( ( char ) 1 );
     }
-// # 1088 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1090 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1166 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1168 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1229 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1231 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1295 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1297 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -10796,7 +10860,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                  chars(pcName, 16, _);
      @*/
     //@ ensures true;
-// # 1324 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1326 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     {
         TCB_t * pxNewTCB;
         BaseType_t xReturn;
@@ -10804,7 +10868,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
         /* If the stack grows down then allocate the stack then the TCB so the stack
          * does not grow into the TCB.  Likewise if the stack grows up then allocate
          * the TCB then the stack. */
-// # 1354 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1356 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 StackType_t * pxStack;
 
@@ -10840,9 +10904,9 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
         if( pxNewTCB != 0 )
         {
-// # 1397 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1399 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvInitialiseNewTask( pxTaskCode, pcName, ( uint32_t ) usStackDepth, pvParameters, uxPriority, pxCreatedTask, pxNewTCB, 0 );
-// # 1406 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1408 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvAddNewTaskToReadyList( pxNewTCB );
             xReturn = ( ( ( char ) 1 ) );
         }
@@ -10880,7 +10944,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 {
     StackType_t * pxTopOfStack;
     UBaseType_t x;
-// # 1460 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1462 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     //@ open TCB_p(_,_);
 
     /* Avoid dependency on memset() if it is not required. */
@@ -10927,9 +10991,9 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             pxTopOfStack = ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception.  Avoiding casts between pointers and integers is not practical.  Size differences accounted for using portPOINTER_SIZE_TYPE type.  Checked by assert(). */
 
             /* Check the alignment of the calculated top of stack is correct. */
-// # 1520 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1522 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
-// # 1534 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1536 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     //@ close TCB_p(pxNewTCB, stackSize); 
 
     /* Store the task name in the TCB. */
@@ -11019,7 +11083,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         {
             pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U;
         }
-// # 1642 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1644 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* Avoid compiler warning about unreferenced parameter. */
             ( void ) xRegions;
@@ -11046,7 +11110,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             //@ uchars__to_chars_(pxNewTCB->ucNotifyState);
             memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) );
         }
-// # 1680 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1682 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
 
                 /* Reason for rewrite: Assignment not type safe. */
@@ -11055,17 +11119,17 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 
 
         }
-// # 1703 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1705 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Initialize the TCB stack to look as if the task was already running,
      * but had been interrupted by the scheduler.  The return address is set
      * to the start of the task function. Once the stack has been initialised
      * the top of stack variable is updated. */
-// # 1731 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1733 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* If the port has capability to detect stack overflow,
              * pass the stack end address to the stack initialization
              * function as well. */
-// # 1748 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1750 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                 {
                     pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters );
                 }
@@ -11276,7 +11340,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
                 if( xTaskRunningOnCore == xCoreID )
                 {
-                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1958, "uxSchedulerSuspended == 0") : (void)0);
+                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1960, "uxSchedulerSuspended == 0") : (void)0);
                     vTaskYieldWithinAPI();
                 }
                 else
@@ -11299,12 +11363,12 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         TickType_t xTimeToWake;
         BaseType_t xAlreadyYielded, xShouldDelay = ( ( char ) 0 );
 
-        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1981, "pxPreviousWakeTime") : (void)0);
-        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1982, "( xTimeIncrement > 0U )") : (void)0);
+        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1983, "pxPreviousWakeTime") : (void)0);
+        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1984, "( xTimeIncrement > 0U )") : (void)0);
 
         vTaskSuspendAll();
         {
-            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1986, "uxSchedulerSuspended == 1") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1988, "uxSchedulerSuspended == 1") : (void)0);
 
             /* Minor optimisation.  The tick count cannot change in this
              * block. */
@@ -11390,7 +11454,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         {
             vTaskSuspendAll();
             {
-                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2072, "uxSchedulerSuspended == 1") : (void)0);
+                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2074, "uxSchedulerSuspended == 1") : (void)0);
                                  ;
 
                 /* A task that is removed from the event list while the
@@ -11444,7 +11508,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         const TCB_t * const pxTCB = xTask;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2126, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2128, "pxTCB") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -11620,7 +11684,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         BaseType_t xYieldForTask = ( ( char ) 0 );
         BaseType_t xCoreID;
 
-        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2302, "( uxNewPriority < 32 )") : (void)0);
+        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2304, "( uxNewPriority < 32 )") : (void)0);
 
         /* Ensure the new priority is valid. */
         if( uxNewPriority >= ( UBaseType_t ) 32 )
@@ -11774,13 +11838,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
 /*-----------------------------------------------------------*/
-// # 2490 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2492 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2513 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2515 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2531 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2533 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2559 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2561 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -11857,7 +11921,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                     if( xTaskRunningOnCore == 0 )
                     {
                         /* The current task has just been suspended. */
-                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2635, "uxSchedulerSuspended == 0") : (void)0);
+                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2637, "uxSchedulerSuspended == 0") : (void)0);
                         vTaskYieldWithinAPI();
                     }
                     else
@@ -11871,7 +11935,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                 {
                     vTaskExitCritical();
 
-                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2649, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
+                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2651, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
 
                     /* The scheduler is not running, but the task that was pointed
                      * to by pxCurrentTCB has just been suspended and pxCurrentTCB
@@ -11918,7 +11982,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         /* Accesses xPendingReadyList so must be called from a critical section. */
 
         /* It does not make sense to check if the calling task is suspended. */
-        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2696, "xTask") : (void)0);
+        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2698, "xTask") : (void)0);
 
         /* Is the task being resumed actually in the suspended list? */
         if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &xSuspendedTaskList ) ) ? ( ( ( char ) 1 ) ) : ( ( ( char ) 0 ) ) ) != ( ( char ) 0 ) )
@@ -11967,7 +12031,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
         /* It does not make sense to resume the calling task. */
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2745, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2747, "xTaskToResume") : (void)0);
 
         /* The parameter cannot be NULL as it is impossible to resume the
          * currently executing task. It is also impossible to resume a task
@@ -12026,7 +12090,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2804, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2806, "xTaskToResume") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -12147,7 +12211,7 @@ static BaseType_t prvCreateIdleTasks( void )
         {
                                     ;
         }
-// # 2972 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2974 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 if( xCoreID == 0 )
                 {
@@ -12159,7 +12223,7 @@ static BaseType_t prvCreateIdleTasks( void )
                                            ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */
                                            &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */
                 }
-// # 2995 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2997 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             }
 
     }
@@ -12196,7 +12260,7 @@ void vTaskStartScheduler( void )
          * so interrupts will automatically get re-enabled when the first task
          * starts to run. */
         assert_fct(false);
-// # 3045 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3047 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL;
         xSchedulerRunning = ( ( char ) 1 );
         xTickCount = ( TickType_t ) 0;
@@ -12228,7 +12292,7 @@ void vTaskStartScheduler( void )
         /* This line will only be reached if the kernel could not be started,
          * because there was not enough FreeRTOS heap to create the idle task
          * or the timer task. */
-        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3076, "xReturn != ( -1 )") : (void)0);
+        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3078, "xReturn != ( -1 )") : (void)0);
     }
 
     /* Prevent compiler warnings if INCLUDE_xTaskGetIdleTaskHandle is set to 0,
@@ -12293,7 +12357,7 @@ void vTaskSuspendAll( void )
     }
 }
 /*----------------------------------------------------------*/
-// # 3203 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3205 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskResumeAll( void )
@@ -12316,7 +12380,7 @@ BaseType_t xTaskResumeAll( void )
 
             /* If uxSchedulerSuspended is zero then this function does not match a
              * previous call to vTaskSuspendAll(). */
-            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3225, "uxSchedulerSuspended") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3227, "uxSchedulerSuspended") : (void)0);
 
             --uxSchedulerSuspended;
             vPortRecursiveLock(1, spin_lock_instance(15), ( ( char ) 0 ));
@@ -12474,7 +12538,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     /* If null is passed in here then the name of the calling task is being
      * queried. */
     pxTCB = ( ( ( xTaskToQuery ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToQuery ) );
-    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3383, "pxTCB") : (void)0);
+    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3385, "pxTCB") : (void)0);
     return &( pxTCB->pcTaskName[ 0 ] );
 }
 /*-----------------------------------------------------------*/
@@ -12567,7 +12631,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
         TCB_t * pxTCB;
 
         /* Task names will be truncated to configMAX_TASK_NAME_LEN - 1 bytes. */
-        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3476, "strlen( pcNameToQuery ) < 16") : (void)0);
+        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3478, "strlen( pcNameToQuery ) < 16") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12663,7 +12727,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                          * each task in the Suspended state. */
                         uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended );
                     }
-// # 3586 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3588 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         if( pulTotalRunTime != 0 )
                         {
@@ -12691,7 +12755,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     {
         /* If xTaskGetIdleTaskHandle() is called before the scheduler has been
          * started, then xIdleTaskHandle will be NULL. */
-        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3613, "( xIdleTaskHandle != 0 )") : (void)0);
+        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3615, "( xIdleTaskHandle != 0 )") : (void)0);
         return &( xIdleTaskHandle[ 0 ] );
     }
 
@@ -12702,7 +12766,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
  * This is to ensure vTaskStepTick() is available when user defined low power mode
  * implementations require configUSE_TICKLESS_IDLE to be set to a value other than
  * 1. */
-// # 3637 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3639 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
@@ -12711,7 +12775,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
 
     /* Must not be called with the scheduler suspended as the implementation
      * relies on xPendedTicks being wound down to 0 in xTaskResumeAll(). */
-    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3645, "uxSchedulerSuspended == 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3647, "uxSchedulerSuspended == 0") : (void)0);
 
     /* Use xPendedTicks to mimic xTicksToCatchUp number of ticks occurring when
      * the scheduler is suspended so the ticks are executed in xTaskResumeAll(). */
@@ -12730,7 +12794,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
         TCB_t * pxTCB = xTask;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3664, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3666, "pxTCB") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12829,7 +12893,7 @@ BaseType_t xTaskIncrementTick( void )
 
             if( xConstTickCount == ( TickType_t ) 0U ) /*lint !e774 'if' does not always evaluate to false as it is looking for an overflow. */
             {
-                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3763, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
+                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3765, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
             }
             else
             {
@@ -13012,13 +13076,13 @@ BaseType_t xTaskIncrementTick( void )
     return xSwitchRequired;
 }
 /*-----------------------------------------------------------*/
-// # 3975 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3977 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 3999 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4001 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4024 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4026 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4057 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4059 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 void vTaskSwitchContext( BaseType_t xCoreID )
@@ -13036,7 +13100,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
     {
         /* vTaskSwitchContext() must never be called from within a critical section.
          * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */
-        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4074, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
+        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4076, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
 
         if( uxSchedulerSuspended != ( UBaseType_t ) ( ( char ) 0 ) )
         {
@@ -13048,7 +13112,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
         {
             xYieldPendings[ xCoreID ] = ( ( char ) 0 );
                                     ;
-// # 4115 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4117 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             /* Check for stack overflow, if configured. */
             { const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } };
 
@@ -13065,7 +13129,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
                                    ;
 
             /* After the new task is switched in, update the global errno. */
-// # 4149 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4151 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
     }
     vPortRecursiveLock(0, spin_lock_instance(14), ( ( char ) 0 ));
@@ -13076,7 +13140,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
 void vTaskPlaceOnEventList( List_t * const pxEventList,
                             const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4159, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4161, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH EITHER INTERRUPTS DISABLED OR THE
      * SCHEDULER SUSPENDED AND THE QUEUE BEING ACCESSED LOCKED. */
@@ -13095,11 +13159,11 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                      const TickType_t xItemValue,
                                      const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4178, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4180, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event groups implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4182, "uxSchedulerSuspended != 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4184, "uxSchedulerSuspended != 0") : (void)0);
 
     /* Store the item value in the event list item.  It is safe to access the
      * event list item here as interrupts won't access the event list item of a
@@ -13123,7 +13187,7 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                           TickType_t xTicksToWait,
                                           const BaseType_t xWaitIndefinitely )
     {
-        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4206, "pxEventList") : (void)0);
+        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4208, "pxEventList") : (void)0);
 
         /* This function should not be called by application code hence the
          * 'Restricted' in its name.  It is not part of the public API.  It is
@@ -13171,14 +13235,14 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
      * This function assumes that a check has already been made to ensure that
      * pxEventList is not empty. */
     pxUnblockedTCB = ( ( &( ( pxEventList )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4254, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4256, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( &( pxUnblockedTCB->xEventListItem ) );
 
     if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) )
     {
         ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) );
         ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ;
-// # 4275 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4277 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
     else
     {
@@ -13208,7 +13272,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event flags implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != ( ( char ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4304, "uxSchedulerSuspended != ( ( char ) 0 )") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != ( ( char ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4306, "uxSchedulerSuspended != ( ( char ) 0 )") : (void)0);
 
     /* Store the new item value in the event list. */
     ( ( pxEventListItem )->xItemValue = ( xItemValue | 0x80000000UL ) );
@@ -13216,9 +13280,9 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
     /* Remove the event list form the event flag.  Interrupts do not access
      * event flags. */
     pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4312, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4314, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( pxEventListItem );
-// # 4329 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4331 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Remove the task from the delayed list and add it to the ready list.  The
      * scheduler is suspended so interrupts will not be accessing the ready
      * lists. */
@@ -13237,7 +13301,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
 void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut )
 {
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4347, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4349, "pxTimeOut") : (void)0);
     vTaskEnterCritical();
     {
         pxTimeOut->xOverflowCount = xNumOfOverflows;
@@ -13260,8 +13324,8 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
 {
     BaseType_t xReturn;
 
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4370, "pxTimeOut") : (void)0);
-    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4371, "pxTicksToWait") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4372, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4373, "pxTicksToWait") : (void)0);
 
     vTaskEnterCritical();
     {
@@ -13383,7 +13447,7 @@ void vTaskMissedYield( void )
  *
  * @todo additional conditional compiles to remove this function.
  */
-// # 4553 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4555 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * -----------------------------------------------------------
  * The Idle task.
@@ -13413,7 +13477,7 @@ static void prvIdleTask( void * pvParameters )
         /* See if any tasks have deleted themselves - if so then the idle task
          * is responsible for freeing the deleted task's TCB and stack. */
         prvCheckTasksWaitingTermination();
-// # 4594 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4596 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 /* When using preemption tasks of equal priority will be
                  * timesliced.  If a task that is sharing the idle priority is ready
@@ -13434,16 +13498,16 @@ static void prvIdleTask( void * pvParameters )
                                             ;
                 }
             }
-// # 4630 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4632 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         /* This conditional compilation should use inequality to 0, not equality
          * to 1.  This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when
          * user defined low power mode  implementations require
          * configUSE_TICKLESS_IDLE to be set to a value other than 1. */
-// # 4695 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4697 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 }
 /*-----------------------------------------------------------*/
-// # 4745 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4747 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13457,7 +13521,7 @@ static void prvIdleTask( void * pvParameters )
         if( xIndex < 5 )
         {
             pxTCB = ( ( ( xTaskToSet ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSet ) );
-            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4758, "pxTCB != 0") : (void)0);
+            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4760, "pxTCB != 0") : (void)0);
             pxTCB->pvThreadLocalStoragePointers[ xIndex ] = pvValue;
         }
     }
@@ -13488,7 +13552,7 @@ static void prvIdleTask( void * pvParameters )
 
 
 /*-----------------------------------------------------------*/
-// # 4805 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4807 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvInitialiseTaskLists( void )
@@ -13590,7 +13654,7 @@ static void prvCheckTasksWaitingTermination( void )
             {
                 pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority;
             }
-// # 4917 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4919 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 pxTaskStatus->ulRunTimeCounter = 0;
             }
@@ -13721,7 +13785,7 @@ static void prvCheckTasksWaitingTermination( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5086 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5088 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13778,7 +13842,7 @@ static void prvCheckTasksWaitingTermination( void )
                 free( (void*) pxTCB->pxStack);
                 free( (void*) pxTCB);
             }
-// # 5169 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5171 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 
 
@@ -13983,8 +14047,8 @@ static void prvResetNextTaskUnblockTime( void )
              * If the mutex is held by a task then it cannot be given from an
              * interrupt, and if a mutex is given by the holding task then it must
              * be the running state task. */
-            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5373, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5374, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5375, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5376, "pxTCB->uxMutexesHeld") : (void)0);
             ( pxTCB->uxMutexesHeld )--;
 
             /* Has the holder of the mutex inherited the priority of another
@@ -14070,7 +14134,7 @@ static void prvResetNextTaskUnblockTime( void )
         {
             /* If pxMutexHolder is not NULL then the holder must hold at least
              * one mutex. */
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5460, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5462, "pxTCB->uxMutexesHeld") : (void)0);
 
             /* Determine the priority to which the priority of the task that
              * holds the mutex should be set.  This will be the greater of the
@@ -14097,7 +14161,7 @@ static void prvResetNextTaskUnblockTime( void )
                     /* If a task has timed out because it already holds the
                      * mutex it was trying to obtain then it cannot of inherited
                      * its own priority. */
-                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5487, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
+                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5489, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
 
                     /* Disinherit the priority, remembering the previous
                      * priority to facilitate determining the subject task's
@@ -14228,7 +14292,7 @@ void vTaskYieldWithinAPI( void )
         {
             /* If pxCurrentTCB->uxCriticalNesting is zero then this function
              * does not match a previous call to vTaskEnterCritical(). */
-            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5618, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5620, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
 
             if( xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U )
             {
@@ -14278,11 +14342,11 @@ void vTaskYieldWithinAPI( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5694 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5696 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 5800 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5802 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
-// # 5927 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5929 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 TickType_t uxTaskResetEventItemValue( void )
@@ -14324,7 +14388,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         uint32_t ulReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5968, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5970, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14398,7 +14462,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6042, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6044, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14486,8 +14550,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( char ) 1 ) );
         uint8_t ucOriginalNotifyState;
 
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6130, "uxIndexToNotify < 1") : (void)0);
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6131, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6132, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6133, "xTaskToNotify") : (void)0);
         pxTCB = xTaskToNotify;
 
         vTaskEnterCritical();
@@ -14540,7 +14604,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6184, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6186, "xTickCount == ( TickType_t ) 0") : (void)0);
 
                     break;
             }
@@ -14555,8 +14619,8 @@ TickType_t uxTaskResetEventItemValue( void )
                 ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
 
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6199, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
-// # 6218 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6201, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+// # 6220 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         prvYieldForTask( pxTCB, ( ( char ) 0 ) );
                     }
@@ -14589,8 +14653,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( char ) 1 ) );
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6250, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6251, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6252, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6253, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14661,7 +14725,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6322, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6324, "xTickCount == ( TickType_t ) 0") : (void)0);
                     break;
             }
 
@@ -14672,7 +14736,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6333, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6335, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) )
                 {
@@ -14717,8 +14781,8 @@ TickType_t uxTaskResetEventItemValue( void )
         uint8_t ucOriginalNotifyState;
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6378, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6379, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6380, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6381, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14756,7 +14820,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6417, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6419, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) )
                 {
@@ -14797,7 +14861,7 @@ TickType_t uxTaskResetEventItemValue( void )
         TCB_t * pxTCB;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6458, "uxIndexToClear < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6460, "uxIndexToClear < 1") : (void)0);
 
         /* If null is passed in here then it is the calling task that is having
          * its notification state cleared. */
@@ -14850,7 +14914,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
 
 /*-----------------------------------------------------------*/
-// # 6527 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6529 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
@@ -14926,7 +14990,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                 }
             }
         }
-// # 6639 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6641 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 
 /* Code below here allows additional code to be inserted into this source file,
diff --git a/verification/verifast/proof/snippets/rp2040_port_c_snippets.c b/verification/verifast/proof/snippets/rp2040_port_c_snippets.c
new file mode 100644
index 00000000000..a86f657e1f5
--- /dev/null
+++ b/verification/verifast/proof/snippets/rp2040_port_c_snippets.c
@@ -0,0 +1,72 @@
+/*
+ * This file contains code snippets from:
+ * portable/ThirdParty/GCC/RP2040/port.c
+ */
+
+
+
+// Note currently we support configNUM_CORES == 1 with SMP, thought it isn't 100% clear why you wouldn't
+// just use the non SMP version; keeping around for now in case the code bases are merged.
+#define portRUNNING_ON_BOTH_CORES (configNUM_CORES == portMAX_CORE_COUNT)
+
+/* Constants required to manipulate the NVIC. */
+#define portNVIC_SYSTICK_CTRL_REG             ( *( ( volatile uint32_t * ) 0xe000e010 ) )
+#define portNVIC_SYSTICK_LOAD_REG             ( *( ( volatile uint32_t * ) 0xe000e014 ) )
+#define portNVIC_SYSTICK_CURRENT_VALUE_REG    ( *( ( volatile uint32_t * ) 0xe000e018 ) )
+#define portNVIC_INT_CTRL_REG                 ( *( ( volatile uint32_t * ) 0xe000ed04 ) )
+#define portNVIC_SHPR3_REG                    ( *( ( volatile uint32_t * ) 0xe000ed20 ) )
+#define portNVIC_SYSTICK_CLK_BIT              ( 1UL << 2UL )
+#define portNVIC_SYSTICK_INT_BIT              ( 1UL << 1UL )
+#define portNVIC_SYSTICK_ENABLE_BIT           ( 1UL << 0UL )
+#define portNVIC_SYSTICK_COUNT_FLAG_BIT       ( 1UL << 16UL )
+#define portNVIC_PENDSVSET_BIT                ( 1UL << 28UL )
+#define portMIN_INTERRUPT_PRIORITY            ( 255UL )
+#define portNVIC_PENDSV_PRI                   ( portMIN_INTERRUPT_PRIORITY << 16UL )
+#define portNVIC_SYSTICK_PRI                  ( portMIN_INTERRUPT_PRIORITY << 24UL )
+
+/* Constants required to set up the initial stack. */
+#define portINITIAL_XPSR                      ( 0x01000000 )
+
+/* The systick is a 24-bit counter. */
+#define portMAX_24_BIT_NUMBER                 ( 0xffffffUL )
+
+/* A fiddle factor to estimate the number of SysTick counts that would have
+ * occurred while the SysTick counter is stopped during tickless idle
+ * calculations. */
+#ifndef portMISSED_COUNTS_FACTOR
+    #define portMISSED_COUNTS_FACTOR    ( 45UL )
+#endif
+
+/* Let the user override the pre-loading of the initial LR with the address of
+ * prvTaskExitError() in case it messes up unwinding of the stack in the
+ * debugger. */
+#ifdef configTASK_RETURN_ADDRESS
+    #define portTASK_RETURN_ADDRESS    configTASK_RETURN_ADDRESS
+#else
+    #define portTASK_RETURN_ADDRESS    prvTaskExitError
+#endif
+
+
+/*
+ * See header file for description.
+ */
+StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
+                                     TaskFunction_t pxCode,
+                                     void * pvParameters )
+//@ requires true;
+//@ ensures true;
+{
+    /* Simulate the stack frame as it would be created by a context switch
+     * interrupt. */
+    pxTopOfStack--;                                          /* Offset added to account for the way the MCU uses the stack on entry/exit of interrupts. */
+    *pxTopOfStack = portINITIAL_XPSR;                        /* xPSR */
+    pxTopOfStack--;
+    *pxTopOfStack = ( StackType_t ) pxCode;                  /* PC */
+    pxTopOfStack--;
+    *pxTopOfStack = ( StackType_t ) portTASK_RETURN_ADDRESS; /* LR */
+    pxTopOfStack -= 5;                                       /* R12, R3, R2 and R1. */
+    *pxTopOfStack = ( StackType_t ) pvParameters;            /* R0 */
+    pxTopOfStack -= 8;                                       /* R11..R4. */
+
+    return pxTopOfStack;
+}
\ No newline at end of file
diff --git a/verification/verifast/proof/task_predicates.h b/verification/verifast/proof/task_predicates.h
index 443051ea34a..b222813bd7b 100644
--- a/verification/verifast/proof/task_predicates.h
+++ b/verification/verifast/proof/task_predicates.h
@@ -41,7 +41,6 @@ predicate TCB_p(TCB_t * tcb, int stackSize) =
     // We assume that the macro `configTASK_NOTIFICATION_ARRAY_ENTRIES`
     // evaluates to 1.
     integers__(tcb->ulNotifiedValue, 4, false, 1, _) &*&
-    
     uchars_(tcb->ucNotifyState, 1, _) &*&
 
     tcb->ucDelayAborted |-> _;

From b185c29a7bfac7ffb9478ffde902bb6af2327e6d Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Wed, 26 Oct 2022 10:30:05 -0400
Subject: [PATCH 066/289] Typo.

---
 tasks.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tasks.c b/tasks.c
index cf4f475710e..302c581c28e 100644
--- a/tasks.c
+++ b/tasks.c
@@ -1500,7 +1500,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             //@ assume( 0 <= (( (uint32_t) pxTopOfStack) & ~(7)) );
 
             // TODO: How can we prove this?
-            // Assume that now overflow occurs.
+            // Assume that no overflow occurs.
             //@ assume(  (((uint32_t) pxTopOfStack) & ~7) <= UINTPTR_MAX);
             pxTopOfStack = ( StackType_t * ) ( ( ( portPOINTER_SIZE_TYPE ) pxTopOfStack ) & ( ~( ( portPOINTER_SIZE_TYPE ) portBYTE_ALIGNMENT_MASK ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception.  Avoiding casts between pointers and integers is not practical.  Size differences accounted for using portPOINTER_SIZE_TYPE type.  Checked by assert(). */
 

From 2b82220cec22aef63e6a47cf9db9e9466d72efcf Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Thu, 27 Oct 2022 12:43:10 -0400
Subject: [PATCH 067/289] Refined stack predicate, validated it and verified
 `pxPortInitialiseStack` impl from RP2040 port.

---
 include/portable.h                            |   4 +-
 tasks.c                                       |   1 +
 .../verifast/preprocessed_files/tasks--pp.c   | 337 ++++++++++++------
 .../proof/snippets/rp2040_port_c_snippets.c   | 135 ++++++-
 .../proof_setup/verifast_RP2040_axioms.h      |   7 +-
 5 files changed, 377 insertions(+), 107 deletions(-)

diff --git a/include/portable.h b/include/portable.h
index 246a8373bc6..d9bb2e72089 100644
--- a/include/portable.h
+++ b/include/portable.h
@@ -128,8 +128,8 @@
         StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
                                              TaskFunction_t pxCode,
                                              void * pvParameters ) PRIVILEGED_FUNCTION;
-        //@ requires true;
-        //@ ensures true;
+        ///@ requires true;
+        ///@ ensures true;
     #endif
 #endif /* if ( portUSING_MPU_WRAPPERS == 1 ) */
 
diff --git a/tasks.c b/tasks.c
index 302c581c28e..1792c97ed20 100644
--- a/tasks.c
+++ b/tasks.c
@@ -1371,6 +1371,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                         //@ close xLIST_ITEM(&pxNewTCB->xStateListItem, _, _, _, _);
                         //@ close xLIST_ITEM(&pxNewTCB->xEventListItem, _, _, _, _);
                         //@ close TCB_p(pxNewTCB, ((size_t) usStackDepth) * sizeof(StackType_t)); 
+                        //@ assert(false);
                     }
                     else
                     {
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index 91d2257e175..339004bf6a7 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -4449,8 +4449,8 @@ bool spin_lock_is_claimed(uint lock_num);
         StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
                                              TaskFunction_t pxCode,
                                              void * pvParameters ) ;
-        //@ requires true;
-        //@ ensures true;
+        ///@ requires true;
+        ///@ ensures true;
 
 
 
@@ -10032,7 +10032,12 @@ predicate TCB_p(TCB_t * tcb, int stackSize) =
 
 /*@
 // Axiomatizes that: 0 <= ptr <= 2^32 - 1
-lemma void uint32_t_ptr_range(uint32_t* ptr);
+//lemma void uint32_t_ptr_range(uint32_t* ptr);
+//requires true;
+//ensures 0 <= (int) ptr &*& (int) ptr <= 4294967295;
+
+// Axiomatizes that: 0 <= ptr <= 2^32 - 1
+lemma void ptr_range(t* ptr);
 requires true;
 ensures 0 <= (int) ptr &*& (int) ptr <= 4294967295;
 @*/
@@ -10153,6 +10158,112 @@ bool assert_fct(bool b)
 
 
 
+/*
+ * Setup the timer to generate the tick interrupts.  The implementation in this
+ * file is weak to allow application writers to change the timer used to
+ * generate the tick interrupt.
+ */
+void vPortSetupTimerInterrupt( void );
+
+/*
+ * Exception handlers.
+ */
+void xPortPendSVHandler( void ) ;
+void xPortSysTickHandler( void );
+void vPortSVCHandler( void );
+
+/*
+ * Start first task is a separate function so it can be tested in isolation.
+ */
+static void vPortStartFirstTask( void ) ;
+
+/*
+ * Used to catch tasks that attempt to return from their implementing function.
+ */
+static void prvTaskExitError( void );
+
+/*@
+// Represents a stack that grows down.
+predicate stack_p(StackType_t * pxStack, uint32_t ulStackDepth, StackType_t * pxTopOfStack, uint32_t freeCells) =
+	integers_(pxStack, sizeof(StackType_t), false, ulStackDepth, _) &*&
+    ulStackDepth > 0 &*&
+    freeCells >= 0 &*&
+    pxTopOfStack == pxStack + freeCells -1 &*&
+    0 <= freeCells &*& freeCells <= ulStackDepth;
+//	usedMem == pxStack - pxTopOfStack
+//	freeMem == ulStackDepth - usedMem
+	//freeCells * sizeof(StackType_t) == ulStackDepth * sizeof(StackType_t) - ((char*) pxStack - (char*) pxTopOfStack) &*&
+//	usedCells * sizeof(StackType_t) == ((char*) pxStack - (char*) pxTopOfStack);
+@*/
+
+/*/@
+lemma void split_stack(StackType_t * pxStack, int offset)
+requires stack_p(pxStack,?ulStackDepth, ?pxTopOfStack, ?freeMem, _) &*& 0 <= offset &*& 
+                offset * sizeof(StackType_t) < ulStackDepth;
+ensures integers_(pxStack, sizeof(StackType_t), true, offset * sizeof(StackType_t), _) &*&
+                integers_(pxStack + offset * sizeof(StackType_t), sizeof(StackType_t), true, ulStackDepth - offset * sizeof(StackType_t), _) ;
+{
+	open stack_p(_, _, _, _);
+	integers__split(pxStack, offset * sizeof(StackType_t) );
+}
+@*/
+
+/*@
+lemma void getTopOfStack(StackType_t* pxStack, StackType_t* pxTopOfStack)
+requires stack_p(pxStack,?ulStackDepth, pxTopOfStack, ?freeCells) &*&
+                 freeCells > 0;
+ensures // free cells minus top cell
+        integers_(pxStack, sizeof(StackType_t), false, freeCells-1, _)	&*&
+        // top stack cell
+		integer_(pxStack + freeCells-1, sizeof(StackType_t), false, _) &*&
+        // used stack cells
+		integers_(pxStack + freeCells, sizeof(StackType_t), false, 
+                  ulStackDepth - freeCells, _) &*&
+        // stack contraints necessary to close `stack_p` again
+        ulStackDepth > 0 &*&
+        freeCells >= 0 &*&
+        pxTopOfStack == pxStack + freeCells -1 &*&
+        0 <= freeCells &*& freeCells <= ulStackDepth;
+{
+    open stack_p(_, _, _, _);
+    integers__split(pxStack, freeCells-1);
+    open integers_(pxStack + (freeCells-1), _, _, _, _);
+}
+@*/
+
+
+// -------------------------------------------------
+// Validate stack predicate
+
+/* Simulates creation and initialisation of a stack that grows down as on RP2040.
+ */
+StackType_t* test_stack_pred(uint32_t depth)
+/*@ requires depth * sizeof(StackType_t) <= UINTPTR_MAX &*&
+             depth <= UINT_MAX &*&
+             depth > 0;
+ @*/
+/*@ ensures result == 0 ? true : stack_p(result, depth, ?top, depth) &*&
+            malloc_block_chars((char*) result, depth * sizeof(StackType_t));
+@*/
+{
+ StackType_t * stack;
+
+
+    /* Allocate space for the stack used by the task being created. */
+    stack = (StackType_t*) malloc( ( ( ( size_t ) depth ) * sizeof( StackType_t ) ) );
+    if(stack == 0) return 0;
+
+    memset(stack, 0, (unsigned int ) depth * sizeof(StackType_t));
+
+    StackType_t* top = stack + depth -1;
+
+    //@ chars_to_integers_(stack, sizeof(StackType_t), false, depth); 
+    //@ close stack_p(stack, depth, top, depth);
+    // integers_(stack0, 4, false, depth, _)
+    return stack;
+}
+// -------------------------------------------------
+
 
 /*
  * See header file for description.
@@ -10160,21 +10271,44 @@ bool assert_fct(bool b)
 StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
                                      TaskFunction_t pxCode,
                                      void * pvParameters )
-//@ requires true;
-//@ ensures true;
+/*@ requires pxTopOfStack > 0 &*&
+             stack_p(?pxStack, ?ulStackDepth, pxTopOfStack, ulStackDepth) &*&
+             ulStackDepth > 16;
+  @*/
+//@ ensures stack_p(pxStack, ulStackDepth, pxTopOfStack-16, ulStackDepth-16);
 {
+    //@ StackType_t* oldTop = pxTopOfStack;
+    //@ open stack_p(pxStack, ulStackDepth, pxTopOfStack, ulStackDepth);
+    ///@ close stack_p(pxStack, ulStackDepth, pxTopOfStack-1, ulStackDepth-1);
+    ///@ getTopOfStack(pxStack, pxTopOfStack-1);
+    //@ integers__split(pxStack, ulStackDepth-2);
+
     /* Simulate the stack frame as it would be created by a context switch
      * interrupt. */
     pxTopOfStack--; /* Offset added to account for the way the MCU uses the stack on entry/exit of interrupts. */
     *pxTopOfStack = ( 0x01000000 ); /* xPSR */
     pxTopOfStack--;
+    //@ close integers_(oldTop-1, sizeof(StackType_t), false, 2, _);
+    //@ integers__join(pxStack);
+    //@ ptr_range(pxCode);
+    //@ integers__split(pxStack, ulStackDepth-3);
     *pxTopOfStack = ( StackType_t ) pxCode; /* PC */
+    //@ close integers_(oldTop-2, sizeof(StackType_t), false, 3, _);
     pxTopOfStack--;
+    //@ ptr_range(prvTaskExitError);
+    //@ integers__join(pxStack);
+    //@ integers__split(pxStack, ulStackDepth-4);
     *pxTopOfStack = ( StackType_t ) prvTaskExitError; /* LR */
+    //@ close integers_(oldTop-3, sizeof(StackType_t), false, 4, _);
+    //@ integers__join(pxStack);
     pxTopOfStack -= 5; /* R12, R3, R2 and R1. */
+    //@ ptr_range(pvParameters);
+    //@ integers__split(pxStack, ulStackDepth-9);
     *pxTopOfStack = ( StackType_t ) pvParameters; /* R0 */
+    //@ close integers_(oldTop-8, sizeof(StackType_t), false, 9, _);
+    //@ integers__join(pxStack);
     pxTopOfStack -= 8; /* R11..R4. */
-
+    //@ close stack_p(pxStack, ulStackDepth, pxTopOfStack, ulStackDepth-16);
     return pxTopOfStack;
 }
 // # 56 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
@@ -10887,6 +11021,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                         //@ close xLIST_ITEM(&pxNewTCB->xStateListItem, _, _, _, _);
                         //@ close xLIST_ITEM(&pxNewTCB->xEventListItem, _, _, _, _);
                         //@ close TCB_p(pxNewTCB, ((size_t) usStackDepth) * sizeof(StackType_t)); 
+                        //@ assert(false);
                     }
                     else
                     {
@@ -10904,9 +11039,9 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
         if( pxNewTCB != 0 )
         {
-// # 1399 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1400 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvInitialiseNewTask( pxTaskCode, pcName, ( uint32_t ) usStackDepth, pvParameters, uxPriority, pxCreatedTask, pxNewTCB, 0 );
-// # 1408 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1409 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvAddNewTaskToReadyList( pxNewTCB );
             xReturn = ( ( ( char ) 1 ) );
         }
@@ -10944,7 +11079,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 {
     StackType_t * pxTopOfStack;
     UBaseType_t x;
-// # 1462 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1463 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     //@ open TCB_p(_,_);
 
     /* Avoid dependency on memset() if it is not required. */
@@ -10986,14 +11121,14 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             //@ assume( 0 <= (( (uint32_t) pxTopOfStack) & ~(7)) );
 
             // TODO: How can we prove this?
-            // Assume that now overflow occurs.
+            // Assume that no overflow occurs.
             //@ assume(  (((uint32_t) pxTopOfStack) & ~7) <= UINTPTR_MAX);
             pxTopOfStack = ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception.  Avoiding casts between pointers and integers is not practical.  Size differences accounted for using portPOINTER_SIZE_TYPE type.  Checked by assert(). */
 
             /* Check the alignment of the calculated top of stack is correct. */
-// # 1522 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1523 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
-// # 1536 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1537 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     //@ close TCB_p(pxNewTCB, stackSize); 
 
     /* Store the task name in the TCB. */
@@ -11083,7 +11218,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         {
             pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U;
         }
-// # 1644 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1645 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* Avoid compiler warning about unreferenced parameter. */
             ( void ) xRegions;
@@ -11110,7 +11245,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             //@ uchars__to_chars_(pxNewTCB->ucNotifyState);
             memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) );
         }
-// # 1682 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1683 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
 
                 /* Reason for rewrite: Assignment not type safe. */
@@ -11119,17 +11254,17 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 
 
         }
-// # 1705 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1706 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Initialize the TCB stack to look as if the task was already running,
      * but had been interrupted by the scheduler.  The return address is set
      * to the start of the task function. Once the stack has been initialised
      * the top of stack variable is updated. */
-// # 1733 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1734 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* If the port has capability to detect stack overflow,
              * pass the stack end address to the stack initialization
              * function as well. */
-// # 1750 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1751 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                 {
                     pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters );
                 }
@@ -11340,7 +11475,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
                 if( xTaskRunningOnCore == xCoreID )
                 {
-                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1960, "uxSchedulerSuspended == 0") : (void)0);
+                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1961, "uxSchedulerSuspended == 0") : (void)0);
                     vTaskYieldWithinAPI();
                 }
                 else
@@ -11363,12 +11498,12 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         TickType_t xTimeToWake;
         BaseType_t xAlreadyYielded, xShouldDelay = ( ( char ) 0 );
 
-        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1983, "pxPreviousWakeTime") : (void)0);
-        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1984, "( xTimeIncrement > 0U )") : (void)0);
+        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1984, "pxPreviousWakeTime") : (void)0);
+        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1985, "( xTimeIncrement > 0U )") : (void)0);
 
         vTaskSuspendAll();
         {
-            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1988, "uxSchedulerSuspended == 1") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1989, "uxSchedulerSuspended == 1") : (void)0);
 
             /* Minor optimisation.  The tick count cannot change in this
              * block. */
@@ -11454,7 +11589,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         {
             vTaskSuspendAll();
             {
-                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2074, "uxSchedulerSuspended == 1") : (void)0);
+                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2075, "uxSchedulerSuspended == 1") : (void)0);
                                  ;
 
                 /* A task that is removed from the event list while the
@@ -11508,7 +11643,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         const TCB_t * const pxTCB = xTask;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2128, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2129, "pxTCB") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -11684,7 +11819,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         BaseType_t xYieldForTask = ( ( char ) 0 );
         BaseType_t xCoreID;
 
-        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2304, "( uxNewPriority < 32 )") : (void)0);
+        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2305, "( uxNewPriority < 32 )") : (void)0);
 
         /* Ensure the new priority is valid. */
         if( uxNewPriority >= ( UBaseType_t ) 32 )
@@ -11838,13 +11973,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
 /*-----------------------------------------------------------*/
-// # 2492 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2493 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2515 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2516 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2533 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2534 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2561 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2562 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -11921,7 +12056,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                     if( xTaskRunningOnCore == 0 )
                     {
                         /* The current task has just been suspended. */
-                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2637, "uxSchedulerSuspended == 0") : (void)0);
+                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2638, "uxSchedulerSuspended == 0") : (void)0);
                         vTaskYieldWithinAPI();
                     }
                     else
@@ -11935,7 +12070,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                 {
                     vTaskExitCritical();
 
-                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2651, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
+                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2652, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
 
                     /* The scheduler is not running, but the task that was pointed
                      * to by pxCurrentTCB has just been suspended and pxCurrentTCB
@@ -11982,7 +12117,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         /* Accesses xPendingReadyList so must be called from a critical section. */
 
         /* It does not make sense to check if the calling task is suspended. */
-        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2698, "xTask") : (void)0);
+        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2699, "xTask") : (void)0);
 
         /* Is the task being resumed actually in the suspended list? */
         if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &xSuspendedTaskList ) ) ? ( ( ( char ) 1 ) ) : ( ( ( char ) 0 ) ) ) != ( ( char ) 0 ) )
@@ -12031,7 +12166,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
         /* It does not make sense to resume the calling task. */
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2747, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2748, "xTaskToResume") : (void)0);
 
         /* The parameter cannot be NULL as it is impossible to resume the
          * currently executing task. It is also impossible to resume a task
@@ -12090,7 +12225,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2806, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2807, "xTaskToResume") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -12211,7 +12346,7 @@ static BaseType_t prvCreateIdleTasks( void )
         {
                                     ;
         }
-// # 2974 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2975 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 if( xCoreID == 0 )
                 {
@@ -12223,7 +12358,7 @@ static BaseType_t prvCreateIdleTasks( void )
                                            ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */
                                            &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */
                 }
-// # 2997 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2998 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             }
 
     }
@@ -12260,7 +12395,7 @@ void vTaskStartScheduler( void )
          * so interrupts will automatically get re-enabled when the first task
          * starts to run. */
         assert_fct(false);
-// # 3047 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3048 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL;
         xSchedulerRunning = ( ( char ) 1 );
         xTickCount = ( TickType_t ) 0;
@@ -12292,7 +12427,7 @@ void vTaskStartScheduler( void )
         /* This line will only be reached if the kernel could not be started,
          * because there was not enough FreeRTOS heap to create the idle task
          * or the timer task. */
-        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3078, "xReturn != ( -1 )") : (void)0);
+        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3079, "xReturn != ( -1 )") : (void)0);
     }
 
     /* Prevent compiler warnings if INCLUDE_xTaskGetIdleTaskHandle is set to 0,
@@ -12357,7 +12492,7 @@ void vTaskSuspendAll( void )
     }
 }
 /*----------------------------------------------------------*/
-// # 3205 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3206 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskResumeAll( void )
@@ -12380,7 +12515,7 @@ BaseType_t xTaskResumeAll( void )
 
             /* If uxSchedulerSuspended is zero then this function does not match a
              * previous call to vTaskSuspendAll(). */
-            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3227, "uxSchedulerSuspended") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3228, "uxSchedulerSuspended") : (void)0);
 
             --uxSchedulerSuspended;
             vPortRecursiveLock(1, spin_lock_instance(15), ( ( char ) 0 ));
@@ -12538,7 +12673,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     /* If null is passed in here then the name of the calling task is being
      * queried. */
     pxTCB = ( ( ( xTaskToQuery ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToQuery ) );
-    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3385, "pxTCB") : (void)0);
+    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3386, "pxTCB") : (void)0);
     return &( pxTCB->pcTaskName[ 0 ] );
 }
 /*-----------------------------------------------------------*/
@@ -12631,7 +12766,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
         TCB_t * pxTCB;
 
         /* Task names will be truncated to configMAX_TASK_NAME_LEN - 1 bytes. */
-        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3478, "strlen( pcNameToQuery ) < 16") : (void)0);
+        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3479, "strlen( pcNameToQuery ) < 16") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12727,7 +12862,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                          * each task in the Suspended state. */
                         uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended );
                     }
-// # 3588 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3589 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         if( pulTotalRunTime != 0 )
                         {
@@ -12755,7 +12890,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     {
         /* If xTaskGetIdleTaskHandle() is called before the scheduler has been
          * started, then xIdleTaskHandle will be NULL. */
-        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3615, "( xIdleTaskHandle != 0 )") : (void)0);
+        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3616, "( xIdleTaskHandle != 0 )") : (void)0);
         return &( xIdleTaskHandle[ 0 ] );
     }
 
@@ -12766,7 +12901,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
  * This is to ensure vTaskStepTick() is available when user defined low power mode
  * implementations require configUSE_TICKLESS_IDLE to be set to a value other than
  * 1. */
-// # 3639 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3640 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
@@ -12775,7 +12910,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
 
     /* Must not be called with the scheduler suspended as the implementation
      * relies on xPendedTicks being wound down to 0 in xTaskResumeAll(). */
-    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3647, "uxSchedulerSuspended == 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3648, "uxSchedulerSuspended == 0") : (void)0);
 
     /* Use xPendedTicks to mimic xTicksToCatchUp number of ticks occurring when
      * the scheduler is suspended so the ticks are executed in xTaskResumeAll(). */
@@ -12794,7 +12929,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
         TCB_t * pxTCB = xTask;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3666, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3667, "pxTCB") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12893,7 +13028,7 @@ BaseType_t xTaskIncrementTick( void )
 
             if( xConstTickCount == ( TickType_t ) 0U ) /*lint !e774 'if' does not always evaluate to false as it is looking for an overflow. */
             {
-                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3765, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
+                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3766, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
             }
             else
             {
@@ -13076,13 +13211,13 @@ BaseType_t xTaskIncrementTick( void )
     return xSwitchRequired;
 }
 /*-----------------------------------------------------------*/
-// # 3977 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3978 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4001 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4002 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4026 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4027 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4059 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4060 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 void vTaskSwitchContext( BaseType_t xCoreID )
@@ -13100,7 +13235,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
     {
         /* vTaskSwitchContext() must never be called from within a critical section.
          * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */
-        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4076, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
+        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4077, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
 
         if( uxSchedulerSuspended != ( UBaseType_t ) ( ( char ) 0 ) )
         {
@@ -13112,7 +13247,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
         {
             xYieldPendings[ xCoreID ] = ( ( char ) 0 );
                                     ;
-// # 4117 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4118 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             /* Check for stack overflow, if configured. */
             { const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } };
 
@@ -13129,7 +13264,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
                                    ;
 
             /* After the new task is switched in, update the global errno. */
-// # 4151 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4152 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
     }
     vPortRecursiveLock(0, spin_lock_instance(14), ( ( char ) 0 ));
@@ -13140,7 +13275,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
 void vTaskPlaceOnEventList( List_t * const pxEventList,
                             const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4161, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4162, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH EITHER INTERRUPTS DISABLED OR THE
      * SCHEDULER SUSPENDED AND THE QUEUE BEING ACCESSED LOCKED. */
@@ -13159,11 +13294,11 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                      const TickType_t xItemValue,
                                      const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4180, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4181, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event groups implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4184, "uxSchedulerSuspended != 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4185, "uxSchedulerSuspended != 0") : (void)0);
 
     /* Store the item value in the event list item.  It is safe to access the
      * event list item here as interrupts won't access the event list item of a
@@ -13187,7 +13322,7 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                           TickType_t xTicksToWait,
                                           const BaseType_t xWaitIndefinitely )
     {
-        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4208, "pxEventList") : (void)0);
+        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4209, "pxEventList") : (void)0);
 
         /* This function should not be called by application code hence the
          * 'Restricted' in its name.  It is not part of the public API.  It is
@@ -13235,14 +13370,14 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
      * This function assumes that a check has already been made to ensure that
      * pxEventList is not empty. */
     pxUnblockedTCB = ( ( &( ( pxEventList )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4256, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4257, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( &( pxUnblockedTCB->xEventListItem ) );
 
     if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) )
     {
         ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) );
         ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ;
-// # 4277 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4278 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
     else
     {
@@ -13272,7 +13407,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event flags implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != ( ( char ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4306, "uxSchedulerSuspended != ( ( char ) 0 )") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != ( ( char ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4307, "uxSchedulerSuspended != ( ( char ) 0 )") : (void)0);
 
     /* Store the new item value in the event list. */
     ( ( pxEventListItem )->xItemValue = ( xItemValue | 0x80000000UL ) );
@@ -13280,9 +13415,9 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
     /* Remove the event list form the event flag.  Interrupts do not access
      * event flags. */
     pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4314, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4315, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( pxEventListItem );
-// # 4331 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4332 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Remove the task from the delayed list and add it to the ready list.  The
      * scheduler is suspended so interrupts will not be accessing the ready
      * lists. */
@@ -13301,7 +13436,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
 void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut )
 {
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4349, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4350, "pxTimeOut") : (void)0);
     vTaskEnterCritical();
     {
         pxTimeOut->xOverflowCount = xNumOfOverflows;
@@ -13324,8 +13459,8 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
 {
     BaseType_t xReturn;
 
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4372, "pxTimeOut") : (void)0);
-    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4373, "pxTicksToWait") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4373, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4374, "pxTicksToWait") : (void)0);
 
     vTaskEnterCritical();
     {
@@ -13447,7 +13582,7 @@ void vTaskMissedYield( void )
  *
  * @todo additional conditional compiles to remove this function.
  */
-// # 4555 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4556 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * -----------------------------------------------------------
  * The Idle task.
@@ -13477,7 +13612,7 @@ static void prvIdleTask( void * pvParameters )
         /* See if any tasks have deleted themselves - if so then the idle task
          * is responsible for freeing the deleted task's TCB and stack. */
         prvCheckTasksWaitingTermination();
-// # 4596 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4597 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 /* When using preemption tasks of equal priority will be
                  * timesliced.  If a task that is sharing the idle priority is ready
@@ -13498,16 +13633,16 @@ static void prvIdleTask( void * pvParameters )
                                             ;
                 }
             }
-// # 4632 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4633 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         /* This conditional compilation should use inequality to 0, not equality
          * to 1.  This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when
          * user defined low power mode  implementations require
          * configUSE_TICKLESS_IDLE to be set to a value other than 1. */
-// # 4697 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4698 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 }
 /*-----------------------------------------------------------*/
-// # 4747 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4748 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13521,7 +13656,7 @@ static void prvIdleTask( void * pvParameters )
         if( xIndex < 5 )
         {
             pxTCB = ( ( ( xTaskToSet ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSet ) );
-            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4760, "pxTCB != 0") : (void)0);
+            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4761, "pxTCB != 0") : (void)0);
             pxTCB->pvThreadLocalStoragePointers[ xIndex ] = pvValue;
         }
     }
@@ -13552,7 +13687,7 @@ static void prvIdleTask( void * pvParameters )
 
 
 /*-----------------------------------------------------------*/
-// # 4807 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4808 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvInitialiseTaskLists( void )
@@ -13654,7 +13789,7 @@ static void prvCheckTasksWaitingTermination( void )
             {
                 pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority;
             }
-// # 4919 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4920 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 pxTaskStatus->ulRunTimeCounter = 0;
             }
@@ -13785,7 +13920,7 @@ static void prvCheckTasksWaitingTermination( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5088 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5089 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13842,7 +13977,7 @@ static void prvCheckTasksWaitingTermination( void )
                 free( (void*) pxTCB->pxStack);
                 free( (void*) pxTCB);
             }
-// # 5171 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5172 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 
 
@@ -14047,8 +14182,8 @@ static void prvResetNextTaskUnblockTime( void )
              * If the mutex is held by a task then it cannot be given from an
              * interrupt, and if a mutex is given by the holding task then it must
              * be the running state task. */
-            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5375, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5376, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5376, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5377, "pxTCB->uxMutexesHeld") : (void)0);
             ( pxTCB->uxMutexesHeld )--;
 
             /* Has the holder of the mutex inherited the priority of another
@@ -14134,7 +14269,7 @@ static void prvResetNextTaskUnblockTime( void )
         {
             /* If pxMutexHolder is not NULL then the holder must hold at least
              * one mutex. */
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5462, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5463, "pxTCB->uxMutexesHeld") : (void)0);
 
             /* Determine the priority to which the priority of the task that
              * holds the mutex should be set.  This will be the greater of the
@@ -14161,7 +14296,7 @@ static void prvResetNextTaskUnblockTime( void )
                     /* If a task has timed out because it already holds the
                      * mutex it was trying to obtain then it cannot of inherited
                      * its own priority. */
-                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5489, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
+                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5490, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
 
                     /* Disinherit the priority, remembering the previous
                      * priority to facilitate determining the subject task's
@@ -14292,7 +14427,7 @@ void vTaskYieldWithinAPI( void )
         {
             /* If pxCurrentTCB->uxCriticalNesting is zero then this function
              * does not match a previous call to vTaskEnterCritical(). */
-            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5620, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5621, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
 
             if( xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U )
             {
@@ -14342,11 +14477,11 @@ void vTaskYieldWithinAPI( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5696 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5697 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 5802 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5803 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
-// # 5929 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5930 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 TickType_t uxTaskResetEventItemValue( void )
@@ -14388,7 +14523,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         uint32_t ulReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5970, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5971, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14462,7 +14597,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6044, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6045, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14550,8 +14685,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( char ) 1 ) );
         uint8_t ucOriginalNotifyState;
 
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6132, "uxIndexToNotify < 1") : (void)0);
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6133, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6133, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6134, "xTaskToNotify") : (void)0);
         pxTCB = xTaskToNotify;
 
         vTaskEnterCritical();
@@ -14604,7 +14739,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6186, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6187, "xTickCount == ( TickType_t ) 0") : (void)0);
 
                     break;
             }
@@ -14619,8 +14754,8 @@ TickType_t uxTaskResetEventItemValue( void )
                 ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
 
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6201, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
-// # 6220 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6202, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+// # 6221 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         prvYieldForTask( pxTCB, ( ( char ) 0 ) );
                     }
@@ -14653,8 +14788,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( char ) 1 ) );
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6252, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6253, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6253, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6254, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14725,7 +14860,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6324, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6325, "xTickCount == ( TickType_t ) 0") : (void)0);
                     break;
             }
 
@@ -14736,7 +14871,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6335, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6336, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) )
                 {
@@ -14781,8 +14916,8 @@ TickType_t uxTaskResetEventItemValue( void )
         uint8_t ucOriginalNotifyState;
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6380, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6381, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6381, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6382, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14820,7 +14955,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6419, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6420, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) )
                 {
@@ -14861,7 +14996,7 @@ TickType_t uxTaskResetEventItemValue( void )
         TCB_t * pxTCB;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6460, "uxIndexToClear < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6461, "uxIndexToClear < 1") : (void)0);
 
         /* If null is passed in here then it is the calling task that is having
          * its notification state cleared. */
@@ -14914,7 +15049,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
 
 /*-----------------------------------------------------------*/
-// # 6529 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6530 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
@@ -14990,7 +15125,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                 }
             }
         }
-// # 6641 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6642 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 
 /* Code below here allows additional code to be inserted into this source file,
diff --git a/verification/verifast/proof/snippets/rp2040_port_c_snippets.c b/verification/verifast/proof/snippets/rp2040_port_c_snippets.c
index a86f657e1f5..000c7b966b0 100644
--- a/verification/verifast/proof/snippets/rp2040_port_c_snippets.c
+++ b/verification/verifast/proof/snippets/rp2040_port_c_snippets.c
@@ -46,6 +46,112 @@
     #define portTASK_RETURN_ADDRESS    prvTaskExitError
 #endif
 
+/*
+ * Setup the timer to generate the tick interrupts.  The implementation in this
+ * file is weak to allow application writers to change the timer used to
+ * generate the tick interrupt.
+ */
+void vPortSetupTimerInterrupt( void );
+
+/*
+ * Exception handlers.
+ */
+void xPortPendSVHandler( void ) __attribute__( ( naked ) );
+void xPortSysTickHandler( void );
+void vPortSVCHandler( void );
+
+/*
+ * Start first task is a separate function so it can be tested in isolation.
+ */
+static void vPortStartFirstTask( void ) __attribute__( ( naked ) );
+
+/*
+ * Used to catch tasks that attempt to return from their implementing function.
+ */
+static void prvTaskExitError( void );
+
+/*@
+// Represents a stack that grows down.
+predicate stack_p(StackType_t * pxStack, uint32_t ulStackDepth, StackType_t * pxTopOfStack, uint32_t freeCells) =
+	integers_(pxStack, sizeof(StackType_t), false, ulStackDepth, _) &*&
+    ulStackDepth > 0 &*&
+    freeCells >= 0 &*&
+    pxTopOfStack == pxStack + freeCells -1 &*&
+    0 <= freeCells &*& freeCells <= ulStackDepth;
+//	usedMem == pxStack - pxTopOfStack
+//	freeMem == ulStackDepth - usedMem
+	//freeCells * sizeof(StackType_t) == ulStackDepth * sizeof(StackType_t) - ((char*) pxStack - (char*) pxTopOfStack) &*&
+//	usedCells * sizeof(StackType_t) == ((char*) pxStack - (char*) pxTopOfStack);
+@*/
+
+/*/@
+lemma void split_stack(StackType_t * pxStack, int offset)
+requires stack_p(pxStack,?ulStackDepth, ?pxTopOfStack, ?freeMem, _) &*& 0 <= offset &*& 
+                offset * sizeof(StackType_t) < ulStackDepth;
+ensures integers_(pxStack, sizeof(StackType_t), true, offset * sizeof(StackType_t), _) &*&
+                integers_(pxStack + offset * sizeof(StackType_t), sizeof(StackType_t), true, ulStackDepth - offset * sizeof(StackType_t), _) ;
+{
+	open stack_p(_, _, _, _);
+	integers__split(pxStack, offset * sizeof(StackType_t) );
+}
+@*/
+
+/*@
+lemma void getTopOfStack(StackType_t* pxStack, StackType_t* pxTopOfStack)
+requires stack_p(pxStack,?ulStackDepth, pxTopOfStack, ?freeCells) &*&
+                 freeCells > 0;
+ensures // free cells minus top cell
+        integers_(pxStack, sizeof(StackType_t), false, freeCells-1, _)	&*&
+        // top stack cell
+		integer_(pxStack + freeCells-1, sizeof(StackType_t), false, _) &*&
+        // used stack cells
+		integers_(pxStack + freeCells, sizeof(StackType_t), false, 
+                  ulStackDepth - freeCells, _) &*&
+        // stack contraints necessary to close `stack_p` again
+        ulStackDepth > 0 &*&
+        freeCells >= 0 &*&
+        pxTopOfStack == pxStack + freeCells -1 &*&
+        0 <= freeCells &*& freeCells <= ulStackDepth;
+{
+    open stack_p(_, _, _, _);
+    integers__split(pxStack, freeCells-1);
+    open integers_(pxStack + (freeCells-1), _, _, _, _);
+}
+@*/
+
+
+// -------------------------------------------------
+// Validate stack predicate
+
+/* Simulates creation and initialisation of a stack that grows down as on RP2040.
+ */
+StackType_t* test_stack_pred(uint32_t depth)
+/*@ requires depth * sizeof(StackType_t) <= UINTPTR_MAX &*&
+             depth <= UINT_MAX &*&
+             depth > 0;
+ @*/
+/*@ ensures result == 0 ? true : stack_p(result, depth, ?top, depth) &*&
+            malloc_block_chars((char*) result, depth * sizeof(StackType_t));
+@*/
+{
+	StackType_t * stack;
+
+
+    /* Allocate space for the stack used by the task being created. */
+    stack = (StackType_t*) malloc( ( ( ( size_t ) depth ) * sizeof( StackType_t ) ) );
+    if(stack == 0) return 0;
+                
+    memset(stack, 0, (unsigned int ) depth * sizeof(StackType_t));
+                
+    StackType_t* top = stack + depth -1;
+           
+    //@ chars_to_integers_(stack, sizeof(StackType_t), false, depth); 
+    //@ close stack_p(stack, depth, top, depth);
+    // integers_(stack0, 4, false, depth, _)
+    return stack;
+}
+// -------------------------------------------------
+
 
 /*
  * See header file for description.
@@ -53,20 +159,43 @@
 StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
                                      TaskFunction_t pxCode,
                                      void * pvParameters )
-//@ requires true;
-//@ ensures true;
+/*@ requires pxTopOfStack > 0 &*&
+             stack_p(?pxStack, ?ulStackDepth, pxTopOfStack, ulStackDepth) &*&
+             ulStackDepth > 16;
+  @*/
+//@ ensures stack_p(pxStack, ulStackDepth, pxTopOfStack-16, ulStackDepth-16);
 {
+    //@ StackType_t* oldTop = pxTopOfStack;
+    //@ open stack_p(pxStack, ulStackDepth, pxTopOfStack, ulStackDepth);
+    ///@ close stack_p(pxStack, ulStackDepth, pxTopOfStack-1, ulStackDepth-1);
+    ///@ getTopOfStack(pxStack, pxTopOfStack-1);
+    //@ integers__split(pxStack, ulStackDepth-2);
+
     /* Simulate the stack frame as it would be created by a context switch
      * interrupt. */
     pxTopOfStack--;                                          /* Offset added to account for the way the MCU uses the stack on entry/exit of interrupts. */
     *pxTopOfStack = portINITIAL_XPSR;                        /* xPSR */
     pxTopOfStack--;
+    //@ close integers_(oldTop-1, sizeof(StackType_t), false, 2, _);
+    //@ integers__join(pxStack);
+    //@ ptr_range(pxCode);
+    //@ integers__split(pxStack, ulStackDepth-3);
     *pxTopOfStack = ( StackType_t ) pxCode;                  /* PC */
+    //@ close integers_(oldTop-2, sizeof(StackType_t), false, 3, _);
     pxTopOfStack--;
+    //@ ptr_range(prvTaskExitError);
+    //@ integers__join(pxStack);
+    //@ integers__split(pxStack, ulStackDepth-4);
     *pxTopOfStack = ( StackType_t ) portTASK_RETURN_ADDRESS; /* LR */
+    //@ close integers_(oldTop-3, sizeof(StackType_t), false, 4, _);
+    //@ integers__join(pxStack);
     pxTopOfStack -= 5;                                       /* R12, R3, R2 and R1. */
+    //@ ptr_range(pvParameters);
+    //@ integers__split(pxStack, ulStackDepth-9);
     *pxTopOfStack = ( StackType_t ) pvParameters;            /* R0 */
+    //@ close integers_(oldTop-8, sizeof(StackType_t), false, 9, _);
+    //@ integers__join(pxStack);
     pxTopOfStack -= 8;                                       /* R11..R4. */
-
+    //@ close stack_p(pxStack, ulStackDepth, pxTopOfStack, ulStackDepth-16);
     return pxTopOfStack;
 }
\ No newline at end of file
diff --git a/verification/verifast/proof_setup/verifast_RP2040_axioms.h b/verification/verifast/proof_setup/verifast_RP2040_axioms.h
index 855727be504..cb98685874a 100644
--- a/verification/verifast/proof_setup/verifast_RP2040_axioms.h
+++ b/verification/verifast/proof_setup/verifast_RP2040_axioms.h
@@ -10,7 +10,12 @@
 
 /*@
 // Axiomatizes that: 0 <= ptr <= 2^32 - 1
-lemma void uint32_t_ptr_range(uint32_t* ptr);
+//lemma void uint32_t_ptr_range(uint32_t* ptr);
+//requires true;
+//ensures 0 <= (int) ptr &*& (int) ptr <= 4294967295;
+
+// Axiomatizes that: 0 <= ptr <= 2^32 - 1
+lemma void ptr_range(t* ptr);
 requires true;
 ensures 0 <= (int) ptr &*& (int) ptr <= 4294967295;
 @*/

From 2bcdc31ff8e47c0bf711cdf14ff541495bea04a1 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Thu, 27 Oct 2022 12:45:38 -0400
Subject: [PATCH 068/289] Deleted deprecated version of pointer size axiom.

---
 tasks.c                                       |   3 +-
 .../verifast/preprocessed_files/tasks--pp.c   | 196 +++++++++---------
 .../proof_setup/verifast_RP2040_axioms.h      |   5 -
 3 files changed, 96 insertions(+), 108 deletions(-)

diff --git a/tasks.c b/tasks.c
index 1792c97ed20..06ac7c498c2 100644
--- a/tasks.c
+++ b/tasks.c
@@ -1371,7 +1371,6 @@ static void prvYieldForTask( TCB_t * pxTCB,
                         //@ close xLIST_ITEM(&pxNewTCB->xStateListItem, _, _, _, _);
                         //@ close xLIST_ITEM(&pxNewTCB->xEventListItem, _, _, _, _);
                         //@ close TCB_p(pxNewTCB, ((size_t) usStackDepth) * sizeof(StackType_t)); 
-                        //@ assert(false);
                     }
                     else
                     {
@@ -1494,7 +1493,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             pxTopOfStack = &( pxNewTCB->pxStack[ ulStackDepth - ( uint32_t ) 1 ] );
             
             // Axiomatize that pointers on RP2040 are 32bit
-            //@ uint32_t_ptr_range(pxTopOfStack);
+            //@ ptr_range(pxTopOfStack);
 
             // TODO: How can we prove this?
             // Assume that no underflow occurs
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index 339004bf6a7..ca4ec16591d 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -10031,11 +10031,6 @@ predicate TCB_p(TCB_t * tcb, int stackSize) =
  */
 
 /*@
-// Axiomatizes that: 0 <= ptr <= 2^32 - 1
-//lemma void uint32_t_ptr_range(uint32_t* ptr);
-//requires true;
-//ensures 0 <= (int) ptr &*& (int) ptr <= 4294967295;
-
 // Axiomatizes that: 0 <= ptr <= 2^32 - 1
 lemma void ptr_range(t* ptr);
 requires true;
@@ -11021,7 +11016,6 @@ static void prvYieldForTask( TCB_t * pxTCB,
                         //@ close xLIST_ITEM(&pxNewTCB->xStateListItem, _, _, _, _);
                         //@ close xLIST_ITEM(&pxNewTCB->xEventListItem, _, _, _, _);
                         //@ close TCB_p(pxNewTCB, ((size_t) usStackDepth) * sizeof(StackType_t)); 
-                        //@ assert(false);
                     }
                     else
                     {
@@ -11039,9 +11033,9 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
         if( pxNewTCB != 0 )
         {
-// # 1400 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1399 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvInitialiseNewTask( pxTaskCode, pcName, ( uint32_t ) usStackDepth, pvParameters, uxPriority, pxCreatedTask, pxNewTCB, 0 );
-// # 1409 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1408 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvAddNewTaskToReadyList( pxNewTCB );
             xReturn = ( ( ( char ) 1 ) );
         }
@@ -11079,7 +11073,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 {
     StackType_t * pxTopOfStack;
     UBaseType_t x;
-// # 1463 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1462 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     //@ open TCB_p(_,_);
 
     /* Avoid dependency on memset() if it is not required. */
@@ -11114,7 +11108,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             pxTopOfStack = &( pxNewTCB->pxStack[ ulStackDepth - ( uint32_t ) 1 ] );
 
             // Axiomatize that pointers on RP2040 are 32bit
-            //@ uint32_t_ptr_range(pxTopOfStack);
+            //@ ptr_range(pxTopOfStack);
 
             // TODO: How can we prove this?
             // Assume that no underflow occurs
@@ -11126,9 +11120,9 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             pxTopOfStack = ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception.  Avoiding casts between pointers and integers is not practical.  Size differences accounted for using portPOINTER_SIZE_TYPE type.  Checked by assert(). */
 
             /* Check the alignment of the calculated top of stack is correct. */
-// # 1523 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1522 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
-// # 1537 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1536 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     //@ close TCB_p(pxNewTCB, stackSize); 
 
     /* Store the task name in the TCB. */
@@ -11218,7 +11212,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         {
             pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U;
         }
-// # 1645 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1644 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* Avoid compiler warning about unreferenced parameter. */
             ( void ) xRegions;
@@ -11245,7 +11239,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             //@ uchars__to_chars_(pxNewTCB->ucNotifyState);
             memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) );
         }
-// # 1683 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1682 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
 
                 /* Reason for rewrite: Assignment not type safe. */
@@ -11254,17 +11248,17 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 
 
         }
-// # 1706 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1705 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Initialize the TCB stack to look as if the task was already running,
      * but had been interrupted by the scheduler.  The return address is set
      * to the start of the task function. Once the stack has been initialised
      * the top of stack variable is updated. */
-// # 1734 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1733 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* If the port has capability to detect stack overflow,
              * pass the stack end address to the stack initialization
              * function as well. */
-// # 1751 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1750 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                 {
                     pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters );
                 }
@@ -11475,7 +11469,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
                 if( xTaskRunningOnCore == xCoreID )
                 {
-                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1961, "uxSchedulerSuspended == 0") : (void)0);
+                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1960, "uxSchedulerSuspended == 0") : (void)0);
                     vTaskYieldWithinAPI();
                 }
                 else
@@ -11498,12 +11492,12 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         TickType_t xTimeToWake;
         BaseType_t xAlreadyYielded, xShouldDelay = ( ( char ) 0 );
 
-        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1984, "pxPreviousWakeTime") : (void)0);
-        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1985, "( xTimeIncrement > 0U )") : (void)0);
+        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1983, "pxPreviousWakeTime") : (void)0);
+        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1984, "( xTimeIncrement > 0U )") : (void)0);
 
         vTaskSuspendAll();
         {
-            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1989, "uxSchedulerSuspended == 1") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1988, "uxSchedulerSuspended == 1") : (void)0);
 
             /* Minor optimisation.  The tick count cannot change in this
              * block. */
@@ -11589,7 +11583,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         {
             vTaskSuspendAll();
             {
-                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2075, "uxSchedulerSuspended == 1") : (void)0);
+                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2074, "uxSchedulerSuspended == 1") : (void)0);
                                  ;
 
                 /* A task that is removed from the event list while the
@@ -11643,7 +11637,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         const TCB_t * const pxTCB = xTask;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2129, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2128, "pxTCB") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -11819,7 +11813,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         BaseType_t xYieldForTask = ( ( char ) 0 );
         BaseType_t xCoreID;
 
-        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2305, "( uxNewPriority < 32 )") : (void)0);
+        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2304, "( uxNewPriority < 32 )") : (void)0);
 
         /* Ensure the new priority is valid. */
         if( uxNewPriority >= ( UBaseType_t ) 32 )
@@ -11973,13 +11967,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
 /*-----------------------------------------------------------*/
-// # 2493 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2492 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2516 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2515 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2534 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2533 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2562 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2561 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -12056,7 +12050,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                     if( xTaskRunningOnCore == 0 )
                     {
                         /* The current task has just been suspended. */
-                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2638, "uxSchedulerSuspended == 0") : (void)0);
+                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2637, "uxSchedulerSuspended == 0") : (void)0);
                         vTaskYieldWithinAPI();
                     }
                     else
@@ -12070,7 +12064,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                 {
                     vTaskExitCritical();
 
-                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2652, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
+                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2651, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
 
                     /* The scheduler is not running, but the task that was pointed
                      * to by pxCurrentTCB has just been suspended and pxCurrentTCB
@@ -12117,7 +12111,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         /* Accesses xPendingReadyList so must be called from a critical section. */
 
         /* It does not make sense to check if the calling task is suspended. */
-        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2699, "xTask") : (void)0);
+        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2698, "xTask") : (void)0);
 
         /* Is the task being resumed actually in the suspended list? */
         if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &xSuspendedTaskList ) ) ? ( ( ( char ) 1 ) ) : ( ( ( char ) 0 ) ) ) != ( ( char ) 0 ) )
@@ -12166,7 +12160,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
         /* It does not make sense to resume the calling task. */
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2748, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2747, "xTaskToResume") : (void)0);
 
         /* The parameter cannot be NULL as it is impossible to resume the
          * currently executing task. It is also impossible to resume a task
@@ -12225,7 +12219,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2807, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2806, "xTaskToResume") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -12346,7 +12340,7 @@ static BaseType_t prvCreateIdleTasks( void )
         {
                                     ;
         }
-// # 2975 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2974 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 if( xCoreID == 0 )
                 {
@@ -12358,7 +12352,7 @@ static BaseType_t prvCreateIdleTasks( void )
                                            ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */
                                            &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */
                 }
-// # 2998 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2997 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             }
 
     }
@@ -12395,7 +12389,7 @@ void vTaskStartScheduler( void )
          * so interrupts will automatically get re-enabled when the first task
          * starts to run. */
         assert_fct(false);
-// # 3048 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3047 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL;
         xSchedulerRunning = ( ( char ) 1 );
         xTickCount = ( TickType_t ) 0;
@@ -12427,7 +12421,7 @@ void vTaskStartScheduler( void )
         /* This line will only be reached if the kernel could not be started,
          * because there was not enough FreeRTOS heap to create the idle task
          * or the timer task. */
-        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3079, "xReturn != ( -1 )") : (void)0);
+        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3078, "xReturn != ( -1 )") : (void)0);
     }
 
     /* Prevent compiler warnings if INCLUDE_xTaskGetIdleTaskHandle is set to 0,
@@ -12492,7 +12486,7 @@ void vTaskSuspendAll( void )
     }
 }
 /*----------------------------------------------------------*/
-// # 3206 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3205 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskResumeAll( void )
@@ -12515,7 +12509,7 @@ BaseType_t xTaskResumeAll( void )
 
             /* If uxSchedulerSuspended is zero then this function does not match a
              * previous call to vTaskSuspendAll(). */
-            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3228, "uxSchedulerSuspended") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3227, "uxSchedulerSuspended") : (void)0);
 
             --uxSchedulerSuspended;
             vPortRecursiveLock(1, spin_lock_instance(15), ( ( char ) 0 ));
@@ -12673,7 +12667,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     /* If null is passed in here then the name of the calling task is being
      * queried. */
     pxTCB = ( ( ( xTaskToQuery ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToQuery ) );
-    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3386, "pxTCB") : (void)0);
+    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3385, "pxTCB") : (void)0);
     return &( pxTCB->pcTaskName[ 0 ] );
 }
 /*-----------------------------------------------------------*/
@@ -12766,7 +12760,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
         TCB_t * pxTCB;
 
         /* Task names will be truncated to configMAX_TASK_NAME_LEN - 1 bytes. */
-        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3479, "strlen( pcNameToQuery ) < 16") : (void)0);
+        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3478, "strlen( pcNameToQuery ) < 16") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12862,7 +12856,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                          * each task in the Suspended state. */
                         uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended );
                     }
-// # 3589 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3588 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         if( pulTotalRunTime != 0 )
                         {
@@ -12890,7 +12884,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     {
         /* If xTaskGetIdleTaskHandle() is called before the scheduler has been
          * started, then xIdleTaskHandle will be NULL. */
-        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3616, "( xIdleTaskHandle != 0 )") : (void)0);
+        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3615, "( xIdleTaskHandle != 0 )") : (void)0);
         return &( xIdleTaskHandle[ 0 ] );
     }
 
@@ -12901,7 +12895,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
  * This is to ensure vTaskStepTick() is available when user defined low power mode
  * implementations require configUSE_TICKLESS_IDLE to be set to a value other than
  * 1. */
-// # 3640 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3639 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
@@ -12910,7 +12904,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
 
     /* Must not be called with the scheduler suspended as the implementation
      * relies on xPendedTicks being wound down to 0 in xTaskResumeAll(). */
-    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3648, "uxSchedulerSuspended == 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3647, "uxSchedulerSuspended == 0") : (void)0);
 
     /* Use xPendedTicks to mimic xTicksToCatchUp number of ticks occurring when
      * the scheduler is suspended so the ticks are executed in xTaskResumeAll(). */
@@ -12929,7 +12923,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
         TCB_t * pxTCB = xTask;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3667, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3666, "pxTCB") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -13028,7 +13022,7 @@ BaseType_t xTaskIncrementTick( void )
 
             if( xConstTickCount == ( TickType_t ) 0U ) /*lint !e774 'if' does not always evaluate to false as it is looking for an overflow. */
             {
-                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3766, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
+                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3765, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
             }
             else
             {
@@ -13211,13 +13205,13 @@ BaseType_t xTaskIncrementTick( void )
     return xSwitchRequired;
 }
 /*-----------------------------------------------------------*/
-// # 3978 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3977 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4002 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4001 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4027 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4026 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4060 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4059 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 void vTaskSwitchContext( BaseType_t xCoreID )
@@ -13235,7 +13229,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
     {
         /* vTaskSwitchContext() must never be called from within a critical section.
          * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */
-        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4077, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
+        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4076, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
 
         if( uxSchedulerSuspended != ( UBaseType_t ) ( ( char ) 0 ) )
         {
@@ -13247,7 +13241,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
         {
             xYieldPendings[ xCoreID ] = ( ( char ) 0 );
                                     ;
-// # 4118 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4117 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             /* Check for stack overflow, if configured. */
             { const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } };
 
@@ -13264,7 +13258,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
                                    ;
 
             /* After the new task is switched in, update the global errno. */
-// # 4152 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4151 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
     }
     vPortRecursiveLock(0, spin_lock_instance(14), ( ( char ) 0 ));
@@ -13275,7 +13269,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
 void vTaskPlaceOnEventList( List_t * const pxEventList,
                             const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4162, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4161, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH EITHER INTERRUPTS DISABLED OR THE
      * SCHEDULER SUSPENDED AND THE QUEUE BEING ACCESSED LOCKED. */
@@ -13294,11 +13288,11 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                      const TickType_t xItemValue,
                                      const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4181, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4180, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event groups implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4185, "uxSchedulerSuspended != 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4184, "uxSchedulerSuspended != 0") : (void)0);
 
     /* Store the item value in the event list item.  It is safe to access the
      * event list item here as interrupts won't access the event list item of a
@@ -13322,7 +13316,7 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                           TickType_t xTicksToWait,
                                           const BaseType_t xWaitIndefinitely )
     {
-        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4209, "pxEventList") : (void)0);
+        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4208, "pxEventList") : (void)0);
 
         /* This function should not be called by application code hence the
          * 'Restricted' in its name.  It is not part of the public API.  It is
@@ -13370,14 +13364,14 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
      * This function assumes that a check has already been made to ensure that
      * pxEventList is not empty. */
     pxUnblockedTCB = ( ( &( ( pxEventList )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4257, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4256, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( &( pxUnblockedTCB->xEventListItem ) );
 
     if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) )
     {
         ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) );
         ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ;
-// # 4278 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4277 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
     else
     {
@@ -13407,7 +13401,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event flags implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != ( ( char ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4307, "uxSchedulerSuspended != ( ( char ) 0 )") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != ( ( char ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4306, "uxSchedulerSuspended != ( ( char ) 0 )") : (void)0);
 
     /* Store the new item value in the event list. */
     ( ( pxEventListItem )->xItemValue = ( xItemValue | 0x80000000UL ) );
@@ -13415,9 +13409,9 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
     /* Remove the event list form the event flag.  Interrupts do not access
      * event flags. */
     pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4315, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4314, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( pxEventListItem );
-// # 4332 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4331 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Remove the task from the delayed list and add it to the ready list.  The
      * scheduler is suspended so interrupts will not be accessing the ready
      * lists. */
@@ -13436,7 +13430,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
 void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut )
 {
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4350, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4349, "pxTimeOut") : (void)0);
     vTaskEnterCritical();
     {
         pxTimeOut->xOverflowCount = xNumOfOverflows;
@@ -13459,8 +13453,8 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
 {
     BaseType_t xReturn;
 
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4373, "pxTimeOut") : (void)0);
-    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4374, "pxTicksToWait") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4372, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4373, "pxTicksToWait") : (void)0);
 
     vTaskEnterCritical();
     {
@@ -13582,7 +13576,7 @@ void vTaskMissedYield( void )
  *
  * @todo additional conditional compiles to remove this function.
  */
-// # 4556 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4555 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * -----------------------------------------------------------
  * The Idle task.
@@ -13612,7 +13606,7 @@ static void prvIdleTask( void * pvParameters )
         /* See if any tasks have deleted themselves - if so then the idle task
          * is responsible for freeing the deleted task's TCB and stack. */
         prvCheckTasksWaitingTermination();
-// # 4597 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4596 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 /* When using preemption tasks of equal priority will be
                  * timesliced.  If a task that is sharing the idle priority is ready
@@ -13633,16 +13627,16 @@ static void prvIdleTask( void * pvParameters )
                                             ;
                 }
             }
-// # 4633 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4632 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         /* This conditional compilation should use inequality to 0, not equality
          * to 1.  This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when
          * user defined low power mode  implementations require
          * configUSE_TICKLESS_IDLE to be set to a value other than 1. */
-// # 4698 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4697 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 }
 /*-----------------------------------------------------------*/
-// # 4748 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4747 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13656,7 +13650,7 @@ static void prvIdleTask( void * pvParameters )
         if( xIndex < 5 )
         {
             pxTCB = ( ( ( xTaskToSet ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSet ) );
-            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4761, "pxTCB != 0") : (void)0);
+            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4760, "pxTCB != 0") : (void)0);
             pxTCB->pvThreadLocalStoragePointers[ xIndex ] = pvValue;
         }
     }
@@ -13687,7 +13681,7 @@ static void prvIdleTask( void * pvParameters )
 
 
 /*-----------------------------------------------------------*/
-// # 4808 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4807 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvInitialiseTaskLists( void )
@@ -13789,7 +13783,7 @@ static void prvCheckTasksWaitingTermination( void )
             {
                 pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority;
             }
-// # 4920 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4919 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 pxTaskStatus->ulRunTimeCounter = 0;
             }
@@ -13920,7 +13914,7 @@ static void prvCheckTasksWaitingTermination( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5089 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5088 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13977,7 +13971,7 @@ static void prvCheckTasksWaitingTermination( void )
                 free( (void*) pxTCB->pxStack);
                 free( (void*) pxTCB);
             }
-// # 5172 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5171 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 
 
@@ -14182,8 +14176,8 @@ static void prvResetNextTaskUnblockTime( void )
              * If the mutex is held by a task then it cannot be given from an
              * interrupt, and if a mutex is given by the holding task then it must
              * be the running state task. */
-            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5376, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5377, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5375, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5376, "pxTCB->uxMutexesHeld") : (void)0);
             ( pxTCB->uxMutexesHeld )--;
 
             /* Has the holder of the mutex inherited the priority of another
@@ -14269,7 +14263,7 @@ static void prvResetNextTaskUnblockTime( void )
         {
             /* If pxMutexHolder is not NULL then the holder must hold at least
              * one mutex. */
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5463, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5462, "pxTCB->uxMutexesHeld") : (void)0);
 
             /* Determine the priority to which the priority of the task that
              * holds the mutex should be set.  This will be the greater of the
@@ -14296,7 +14290,7 @@ static void prvResetNextTaskUnblockTime( void )
                     /* If a task has timed out because it already holds the
                      * mutex it was trying to obtain then it cannot of inherited
                      * its own priority. */
-                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5490, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
+                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5489, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
 
                     /* Disinherit the priority, remembering the previous
                      * priority to facilitate determining the subject task's
@@ -14427,7 +14421,7 @@ void vTaskYieldWithinAPI( void )
         {
             /* If pxCurrentTCB->uxCriticalNesting is zero then this function
              * does not match a previous call to vTaskEnterCritical(). */
-            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5621, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5620, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
 
             if( xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U )
             {
@@ -14477,11 +14471,11 @@ void vTaskYieldWithinAPI( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5697 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5696 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 5803 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5802 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
-// # 5930 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5929 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 TickType_t uxTaskResetEventItemValue( void )
@@ -14523,7 +14517,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         uint32_t ulReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5971, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5970, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14597,7 +14591,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6045, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6044, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14685,8 +14679,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( char ) 1 ) );
         uint8_t ucOriginalNotifyState;
 
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6133, "uxIndexToNotify < 1") : (void)0);
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6134, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6132, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6133, "xTaskToNotify") : (void)0);
         pxTCB = xTaskToNotify;
 
         vTaskEnterCritical();
@@ -14739,7 +14733,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6187, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6186, "xTickCount == ( TickType_t ) 0") : (void)0);
 
                     break;
             }
@@ -14754,8 +14748,8 @@ TickType_t uxTaskResetEventItemValue( void )
                 ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
 
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6202, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
-// # 6221 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6201, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+// # 6220 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         prvYieldForTask( pxTCB, ( ( char ) 0 ) );
                     }
@@ -14788,8 +14782,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( char ) 1 ) );
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6253, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6254, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6252, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6253, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14860,7 +14854,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6325, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6324, "xTickCount == ( TickType_t ) 0") : (void)0);
                     break;
             }
 
@@ -14871,7 +14865,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6336, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6335, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) )
                 {
@@ -14916,8 +14910,8 @@ TickType_t uxTaskResetEventItemValue( void )
         uint8_t ucOriginalNotifyState;
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6381, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6382, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6380, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6381, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14955,7 +14949,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6420, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6419, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) )
                 {
@@ -14996,7 +14990,7 @@ TickType_t uxTaskResetEventItemValue( void )
         TCB_t * pxTCB;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6461, "uxIndexToClear < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6460, "uxIndexToClear < 1") : (void)0);
 
         /* If null is passed in here then it is the calling task that is having
          * its notification state cleared. */
@@ -15049,7 +15043,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
 
 /*-----------------------------------------------------------*/
-// # 6530 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6529 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
@@ -15125,7 +15119,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                 }
             }
         }
-// # 6642 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6641 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 
 /* Code below here allows additional code to be inserted into this source file,
diff --git a/verification/verifast/proof_setup/verifast_RP2040_axioms.h b/verification/verifast/proof_setup/verifast_RP2040_axioms.h
index cb98685874a..bcbc2e80230 100644
--- a/verification/verifast/proof_setup/verifast_RP2040_axioms.h
+++ b/verification/verifast/proof_setup/verifast_RP2040_axioms.h
@@ -9,11 +9,6 @@
  */
 
 /*@
-// Axiomatizes that: 0 <= ptr <= 2^32 - 1
-//lemma void uint32_t_ptr_range(uint32_t* ptr);
-//requires true;
-//ensures 0 <= (int) ptr &*& (int) ptr <= 4294967295;
-
 // Axiomatizes that: 0 <= ptr <= 2^32 - 1
 lemma void ptr_range(t* ptr);
 requires true;

From e238d791abcbc5ea3fc17dae71956477809e44f5 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Thu, 27 Oct 2022 12:51:24 -0400
Subject: [PATCH 069/289] Moved stack predicate and lemmas to separate header.

---
 tasks.c                                       |   1 +
 .../verifast/preprocessed_files/tasks--pp.c   | 356 +++++++++---------
 .../proof/snippets/rp2040_port_c_snippets.c   |  47 ---
 .../verifast/proof/stack_predicates.h         |  56 +++
 4 files changed, 239 insertions(+), 221 deletions(-)
 create mode 100644 verification/verifast/proof/stack_predicates.h

diff --git a/tasks.c b/tasks.c
index 06ac7c498c2..b5d84e20617 100644
--- a/tasks.c
+++ b/tasks.c
@@ -47,6 +47,7 @@
  */
 #ifdef VERIFAST
     #include "verifast_proof_defs.h"
+    #include "stack_predicates.h"
     #include "task_predicates.h"
     #include "verifast_RP2040_axioms.h"
     #include "verifast_prelude_extended.h"
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index ca4ec16591d..16afe1f464f 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -9941,6 +9941,61 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
      * type safe. Hence we define 
      */
 // # 50 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/stack_predicates.h" 1
+
+
+
+
+/*@
+// Represents a stack that grows down (cf. RP2040 stack)
+predicate stack_p(StackType_t * pxStack, uint32_t ulStackDepth, StackType_t * pxTopOfStack, uint32_t freeCells) =
+	integers_(pxStack, sizeof(StackType_t), false, ulStackDepth, _) &*&
+    ulStackDepth > 0 &*&
+    freeCells >= 0 &*&
+    pxTopOfStack == pxStack + freeCells -1 &*&
+    0 <= freeCells &*& freeCells <= ulStackDepth;
+//	usedMem == pxStack - pxTopOfStack
+//	freeMem == ulStackDepth - usedMem
+	//freeCells * sizeof(StackType_t) == ulStackDepth * sizeof(StackType_t) - ((char*) pxStack - (char*) pxTopOfStack) &*&
+//	usedCells * sizeof(StackType_t) == ((char*) pxStack - (char*) pxTopOfStack);
+@*/
+
+/*/@
+lemma void split_stack(StackType_t * pxStack, int offset)
+requires stack_p(pxStack,?ulStackDepth, ?pxTopOfStack, ?freeMem, _) &*& 0 <= offset &*& 
+                offset * sizeof(StackType_t) < ulStackDepth;
+ensures integers_(pxStack, sizeof(StackType_t), true, offset * sizeof(StackType_t), _) &*&
+                integers_(pxStack + offset * sizeof(StackType_t), sizeof(StackType_t), true, ulStackDepth - offset * sizeof(StackType_t), _) ;
+{
+	open stack_p(_, _, _, _);
+	integers__split(pxStack, offset * sizeof(StackType_t) );
+}
+@*/
+
+/*@
+// TODO: Do we need this lemma or is it usually cleaner to split stack manually?
+lemma void getTopOfStack(StackType_t* pxStack, StackType_t* pxTopOfStack)
+requires stack_p(pxStack,?ulStackDepth, pxTopOfStack, ?freeCells) &*&
+                 freeCells > 0;
+ensures // free cells minus top cell
+        integers_(pxStack, sizeof(StackType_t), false, freeCells-1, _)	&*&
+        // top stack cell
+		integer_(pxStack + freeCells-1, sizeof(StackType_t), false, _) &*&
+        // used stack cells
+		integers_(pxStack + freeCells, sizeof(StackType_t), false, 
+                  ulStackDepth - freeCells, _) &*&
+        // stack contraints necessary to close `stack_p` again
+        ulStackDepth > 0 &*&
+        freeCells >= 0 &*&
+        pxTopOfStack == pxStack + freeCells -1 &*&
+        0 <= freeCells &*& freeCells <= ulStackDepth;
+{
+    open stack_p(_, _, _, _);
+    integers__split(pxStack, freeCells-1);
+    open integers_(pxStack + (freeCells-1), _, _, _, _);
+}
+@*/
+// # 51 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/task_predicates.h" 1
 
 
@@ -10018,7 +10073,7 @@ predicate TCB_p(TCB_t * tcb, int stackSize) =
 
     
 @*/
-// # 51 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 52 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_RP2040_axioms.h" 1
 
 
@@ -10036,7 +10091,7 @@ lemma void ptr_range(t* ptr);
 requires true;
 ensures 0 <= (int) ptr &*& (int) ptr <= 4294967295;
 @*/
-// # 52 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 53 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/verifast_prelude_extended.h" 1
 
 
@@ -10089,7 +10144,7 @@ lemma_auto void integers___to_integers_(void *p);
     requires [?f]integers__(p, ?size, ?signed_, ?count, _);
     ensures [f]integers_(p, size, signed_, count, _);
 @*/
-// # 53 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 54 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_asm.h" 1
 
 
@@ -10115,7 +10170,7 @@ bool assert_fct(bool b)
  * VeriFast does not support embedding block statements that consist of
  * multiple elemts in expression contexts, e.g., `({e1; e2})`.
  */
-// # 54 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 55 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/snippets/rp2040_port_c_snippets.c" 1
 /*
@@ -10177,54 +10232,7 @@ static void vPortStartFirstTask( void ) ;
  */
 static void prvTaskExitError( void );
 
-/*@
-// Represents a stack that grows down.
-predicate stack_p(StackType_t * pxStack, uint32_t ulStackDepth, StackType_t * pxTopOfStack, uint32_t freeCells) =
-	integers_(pxStack, sizeof(StackType_t), false, ulStackDepth, _) &*&
-    ulStackDepth > 0 &*&
-    freeCells >= 0 &*&
-    pxTopOfStack == pxStack + freeCells -1 &*&
-    0 <= freeCells &*& freeCells <= ulStackDepth;
-//	usedMem == pxStack - pxTopOfStack
-//	freeMem == ulStackDepth - usedMem
-	//freeCells * sizeof(StackType_t) == ulStackDepth * sizeof(StackType_t) - ((char*) pxStack - (char*) pxTopOfStack) &*&
-//	usedCells * sizeof(StackType_t) == ((char*) pxStack - (char*) pxTopOfStack);
-@*/
-
-/*/@
-lemma void split_stack(StackType_t * pxStack, int offset)
-requires stack_p(pxStack,?ulStackDepth, ?pxTopOfStack, ?freeMem, _) &*& 0 <= offset &*& 
-                offset * sizeof(StackType_t) < ulStackDepth;
-ensures integers_(pxStack, sizeof(StackType_t), true, offset * sizeof(StackType_t), _) &*&
-                integers_(pxStack + offset * sizeof(StackType_t), sizeof(StackType_t), true, ulStackDepth - offset * sizeof(StackType_t), _) ;
-{
-	open stack_p(_, _, _, _);
-	integers__split(pxStack, offset * sizeof(StackType_t) );
-}
-@*/
 
-/*@
-lemma void getTopOfStack(StackType_t* pxStack, StackType_t* pxTopOfStack)
-requires stack_p(pxStack,?ulStackDepth, pxTopOfStack, ?freeCells) &*&
-                 freeCells > 0;
-ensures // free cells minus top cell
-        integers_(pxStack, sizeof(StackType_t), false, freeCells-1, _)	&*&
-        // top stack cell
-		integer_(pxStack + freeCells-1, sizeof(StackType_t), false, _) &*&
-        // used stack cells
-		integers_(pxStack + freeCells, sizeof(StackType_t), false, 
-                  ulStackDepth - freeCells, _) &*&
-        // stack contraints necessary to close `stack_p` again
-        ulStackDepth > 0 &*&
-        freeCells >= 0 &*&
-        pxTopOfStack == pxStack + freeCells -1 &*&
-        0 <= freeCells &*& freeCells <= ulStackDepth;
-{
-    open stack_p(_, _, _, _);
-    integers__split(pxStack, freeCells-1);
-    open integers_(pxStack + (freeCells-1), _, _, _, _);
-}
-@*/
 
 
 // -------------------------------------------------
@@ -10306,7 +10314,7 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
     //@ close stack_p(pxStack, ulStackDepth, pxTopOfStack, ulStackDepth-16);
     return pxTopOfStack;
 }
-// # 56 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 57 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
 
 /* Lint e9021, e961 and e750 are suppressed as a MISRA exception justified
@@ -10317,7 +10325,7 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
 
 /* Set configUSE_STATS_FORMATTING_FUNCTIONS to 2 to include the stats formatting
  * functions but without including stdio.h here. */
-// # 84 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 85 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /* Values that can be assigned to the ucNotifyState member of the TCB. */
 
 
@@ -10374,18 +10382,18 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
 
 /* uxTopReadyPriority holds the priority of the highest priority ready
  * state task. */
-// # 148 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 149 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /*-----------------------------------------------------------*/
 
 /* Define away taskRESET_READY_PRIORITY() and portRESET_READY_PRIORITY() as
  * they are only required when a port optimised method of task selection is
  * being used. */
-// # 182 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 183 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 /* pxDelayedTaskList and pxOverflowDelayedTaskList are switched when the tick
  * count overflows. */
-// # 200 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 201 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 /*
@@ -10440,7 +10448,7 @@ typedef BaseType_t TaskRunning_t;
 typedef struct tskTaskControlBlock /* The old naming convention is used to prevent breaking kernel aware debuggers. */
 {
     volatile StackType_t * pxTopOfStack; /*< Points to the location of the last item placed on the tasks stack.  THIS MUST BE THE FIRST MEMBER OF THE TCB STRUCT. */
-// # 263 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 264 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     ListItem_t xStateListItem; /*< The list that the state list item of a task is reference from denotes the state of that task (Ready, Blocked, Suspended ). */
     ListItem_t xEventListItem; /*< Used to reference a task from an event list. */
     UBaseType_t uxPriority; /*< The priority of the task.  0 is the lowest priority. */
@@ -10448,7 +10456,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve
     volatile TaskRunning_t xTaskRunState; /*< Used to identify the core the task is running on, if any. */
     BaseType_t xIsIdle; /*< Used to identify the idle tasks. */
     char pcTaskName[ 16 ]; /*< Descriptive name given to the task when created.  Facilitates debugging only. */ /*lint !e971 Unqualified char types are allowed for strings and single characters only. */
-// # 280 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 281 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         UBaseType_t uxCriticalNesting; /*< Holds the critical section nesting depth for ports that do not maintain their own count in the port layer. */
 
 
@@ -10468,7 +10476,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve
 
 
         void * pvThreadLocalStoragePointers[ 5 ];
-// # 320 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 321 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         volatile uint32_t ulNotifiedValue[ 1 ];
         volatile uint8_t ucNotifyState[ 1 ];
 
@@ -10559,7 +10567,7 @@ const volatile UBaseType_t uxTopUsedPriority = 32 - 1U;
  * must not be done by an ISR. Reads must be protected by either lock and may be done by
  * either an ISR or a task. */
                 static volatile UBaseType_t uxSchedulerSuspended = ( UBaseType_t ) ( ( char ) 0 );
-// # 420 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 421 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*lint -restore */
 
 /*-----------------------------------------------------------*/
@@ -10712,7 +10720,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
  * will exit the Blocked state.
  */
 static void prvResetNextTaskUnblockTime( void ) ;
-// # 584 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 585 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * Called after a Task_t structure has been allocated either statically or
  * dynamically to fill in the structure's members.
@@ -10744,9 +10752,9 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) ;
 
 
 /*-----------------------------------------------------------*/
-// # 634 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 635 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 717 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 718 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvYieldCore( BaseType_t xCoreID )
@@ -10788,8 +10796,8 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
     /* THIS FUNCTION MUST BE CALLED FROM A CRITICAL SECTION */
 
-    (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 758, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
-// # 771 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+    (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 759, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+// # 772 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     xLowestPriority = ( BaseType_t ) pxTCB->uxPriority;
 
     if( xPreemptEqualPriority == ( ( char ) 0 ) )
@@ -10828,7 +10836,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
             {
                                         ;
             }
-// # 825 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 826 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
         else
         {
@@ -10841,7 +10849,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
         prvYieldCore( xLowestPriorityCore );
         xYieldCount++;
     }
-// # 845 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 846 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 /*-----------------------------------------------------------*/
 
@@ -10852,10 +10860,10 @@ static void prvYieldForTask( TCB_t * pxTCB,
         UBaseType_t uxCurrentPriority = uxTopReadyPriority;
         BaseType_t xTaskScheduled = ( ( char ) 0 );
         BaseType_t xDecrementTopPriority = ( ( char ) 1 );
-// # 863 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 864 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         while( xTaskScheduled == ( ( char ) 0 ) )
         {
-// # 877 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 878 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             if( ( ( ( &( pxReadyTasksLists[ uxCurrentPriority ] ) )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) == ( ( char ) 0 ) )
             {
 
@@ -10893,7 +10901,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     pxTCB = pxTaskItem->pvOwner;
 
                     /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */
-// # 930 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 931 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     if( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -1 ) )
                     {
 
@@ -10914,7 +10922,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     }
                     else if( pxTCB == pxCurrentTCBs[ xCoreID ] )
                     {
-                        (__builtin_expect(!(( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 950, "( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )") : (void)0);
+                        (__builtin_expect(!(( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 951, "( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )") : (void)0);
 
 
 
@@ -10958,21 +10966,21 @@ static void prvYieldForTask( TCB_t * pxTCB,
                 return ( ( char ) 0 );
             }
 
-            (__builtin_expect(!(( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( char ) 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 994, "( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( char ) 1 ) )") : (void)0);
+            (__builtin_expect(!(( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( char ) 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 995, "( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( char ) 1 ) )") : (void)0);
             uxCurrentPriority--;
         }
 
-        (__builtin_expect(!(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 998, "( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )") : (void)0);
-// # 1074 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+        (__builtin_expect(!(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 999, "( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )") : (void)0);
+// # 1075 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         return ( ( char ) 1 );
     }
-// # 1090 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1091 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1168 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1169 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1231 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1232 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1297 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1298 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -10989,7 +10997,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                  chars(pcName, 16, _);
      @*/
     //@ ensures true;
-// # 1326 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1327 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     {
         TCB_t * pxNewTCB;
         BaseType_t xReturn;
@@ -10997,7 +11005,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
         /* If the stack grows down then allocate the stack then the TCB so the stack
          * does not grow into the TCB.  Likewise if the stack grows up then allocate
          * the TCB then the stack. */
-// # 1356 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1357 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 StackType_t * pxStack;
 
@@ -11033,9 +11041,9 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
         if( pxNewTCB != 0 )
         {
-// # 1399 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1400 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvInitialiseNewTask( pxTaskCode, pcName, ( uint32_t ) usStackDepth, pvParameters, uxPriority, pxCreatedTask, pxNewTCB, 0 );
-// # 1408 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1409 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvAddNewTaskToReadyList( pxNewTCB );
             xReturn = ( ( ( char ) 1 ) );
         }
@@ -11073,7 +11081,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 {
     StackType_t * pxTopOfStack;
     UBaseType_t x;
-// # 1462 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1463 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     //@ open TCB_p(_,_);
 
     /* Avoid dependency on memset() if it is not required. */
@@ -11120,9 +11128,9 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             pxTopOfStack = ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception.  Avoiding casts between pointers and integers is not practical.  Size differences accounted for using portPOINTER_SIZE_TYPE type.  Checked by assert(). */
 
             /* Check the alignment of the calculated top of stack is correct. */
-// # 1522 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1523 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
-// # 1536 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1537 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     //@ close TCB_p(pxNewTCB, stackSize); 
 
     /* Store the task name in the TCB. */
@@ -11212,7 +11220,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         {
             pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U;
         }
-// # 1644 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1645 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* Avoid compiler warning about unreferenced parameter. */
             ( void ) xRegions;
@@ -11239,7 +11247,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             //@ uchars__to_chars_(pxNewTCB->ucNotifyState);
             memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) );
         }
-// # 1682 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1683 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
 
                 /* Reason for rewrite: Assignment not type safe. */
@@ -11248,17 +11256,17 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 
 
         }
-// # 1705 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1706 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Initialize the TCB stack to look as if the task was already running,
      * but had been interrupted by the scheduler.  The return address is set
      * to the start of the task function. Once the stack has been initialised
      * the top of stack variable is updated. */
-// # 1733 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1734 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* If the port has capability to detect stack overflow,
              * pass the stack end address to the stack initialization
              * function as well. */
-// # 1750 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1751 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                 {
                     pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters );
                 }
@@ -11469,7 +11477,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
                 if( xTaskRunningOnCore == xCoreID )
                 {
-                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1960, "uxSchedulerSuspended == 0") : (void)0);
+                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1961, "uxSchedulerSuspended == 0") : (void)0);
                     vTaskYieldWithinAPI();
                 }
                 else
@@ -11492,12 +11500,12 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         TickType_t xTimeToWake;
         BaseType_t xAlreadyYielded, xShouldDelay = ( ( char ) 0 );
 
-        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1983, "pxPreviousWakeTime") : (void)0);
-        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1984, "( xTimeIncrement > 0U )") : (void)0);
+        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1984, "pxPreviousWakeTime") : (void)0);
+        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1985, "( xTimeIncrement > 0U )") : (void)0);
 
         vTaskSuspendAll();
         {
-            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1988, "uxSchedulerSuspended == 1") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1989, "uxSchedulerSuspended == 1") : (void)0);
 
             /* Minor optimisation.  The tick count cannot change in this
              * block. */
@@ -11583,7 +11591,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         {
             vTaskSuspendAll();
             {
-                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2074, "uxSchedulerSuspended == 1") : (void)0);
+                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2075, "uxSchedulerSuspended == 1") : (void)0);
                                  ;
 
                 /* A task that is removed from the event list while the
@@ -11637,7 +11645,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         const TCB_t * const pxTCB = xTask;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2128, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2129, "pxTCB") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -11813,7 +11821,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         BaseType_t xYieldForTask = ( ( char ) 0 );
         BaseType_t xCoreID;
 
-        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2304, "( uxNewPriority < 32 )") : (void)0);
+        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2305, "( uxNewPriority < 32 )") : (void)0);
 
         /* Ensure the new priority is valid. */
         if( uxNewPriority >= ( UBaseType_t ) 32 )
@@ -11967,13 +11975,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
 /*-----------------------------------------------------------*/
-// # 2492 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2493 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2515 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2516 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2533 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2534 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2561 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2562 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -12050,7 +12058,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                     if( xTaskRunningOnCore == 0 )
                     {
                         /* The current task has just been suspended. */
-                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2637, "uxSchedulerSuspended == 0") : (void)0);
+                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2638, "uxSchedulerSuspended == 0") : (void)0);
                         vTaskYieldWithinAPI();
                     }
                     else
@@ -12064,7 +12072,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                 {
                     vTaskExitCritical();
 
-                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2651, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
+                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2652, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
 
                     /* The scheduler is not running, but the task that was pointed
                      * to by pxCurrentTCB has just been suspended and pxCurrentTCB
@@ -12111,7 +12119,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         /* Accesses xPendingReadyList so must be called from a critical section. */
 
         /* It does not make sense to check if the calling task is suspended. */
-        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2698, "xTask") : (void)0);
+        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2699, "xTask") : (void)0);
 
         /* Is the task being resumed actually in the suspended list? */
         if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &xSuspendedTaskList ) ) ? ( ( ( char ) 1 ) ) : ( ( ( char ) 0 ) ) ) != ( ( char ) 0 ) )
@@ -12160,7 +12168,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
         /* It does not make sense to resume the calling task. */
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2747, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2748, "xTaskToResume") : (void)0);
 
         /* The parameter cannot be NULL as it is impossible to resume the
          * currently executing task. It is also impossible to resume a task
@@ -12219,7 +12227,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2806, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2807, "xTaskToResume") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -12340,7 +12348,7 @@ static BaseType_t prvCreateIdleTasks( void )
         {
                                     ;
         }
-// # 2974 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2975 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 if( xCoreID == 0 )
                 {
@@ -12352,7 +12360,7 @@ static BaseType_t prvCreateIdleTasks( void )
                                            ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */
                                            &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */
                 }
-// # 2997 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2998 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             }
 
     }
@@ -12389,7 +12397,7 @@ void vTaskStartScheduler( void )
          * so interrupts will automatically get re-enabled when the first task
          * starts to run. */
         assert_fct(false);
-// # 3047 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3048 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL;
         xSchedulerRunning = ( ( char ) 1 );
         xTickCount = ( TickType_t ) 0;
@@ -12421,7 +12429,7 @@ void vTaskStartScheduler( void )
         /* This line will only be reached if the kernel could not be started,
          * because there was not enough FreeRTOS heap to create the idle task
          * or the timer task. */
-        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3078, "xReturn != ( -1 )") : (void)0);
+        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3079, "xReturn != ( -1 )") : (void)0);
     }
 
     /* Prevent compiler warnings if INCLUDE_xTaskGetIdleTaskHandle is set to 0,
@@ -12486,7 +12494,7 @@ void vTaskSuspendAll( void )
     }
 }
 /*----------------------------------------------------------*/
-// # 3205 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3206 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskResumeAll( void )
@@ -12509,7 +12517,7 @@ BaseType_t xTaskResumeAll( void )
 
             /* If uxSchedulerSuspended is zero then this function does not match a
              * previous call to vTaskSuspendAll(). */
-            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3227, "uxSchedulerSuspended") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3228, "uxSchedulerSuspended") : (void)0);
 
             --uxSchedulerSuspended;
             vPortRecursiveLock(1, spin_lock_instance(15), ( ( char ) 0 ));
@@ -12667,7 +12675,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     /* If null is passed in here then the name of the calling task is being
      * queried. */
     pxTCB = ( ( ( xTaskToQuery ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToQuery ) );
-    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3385, "pxTCB") : (void)0);
+    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3386, "pxTCB") : (void)0);
     return &( pxTCB->pcTaskName[ 0 ] );
 }
 /*-----------------------------------------------------------*/
@@ -12760,7 +12768,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
         TCB_t * pxTCB;
 
         /* Task names will be truncated to configMAX_TASK_NAME_LEN - 1 bytes. */
-        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3478, "strlen( pcNameToQuery ) < 16") : (void)0);
+        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3479, "strlen( pcNameToQuery ) < 16") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12856,7 +12864,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                          * each task in the Suspended state. */
                         uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended );
                     }
-// # 3588 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3589 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         if( pulTotalRunTime != 0 )
                         {
@@ -12884,7 +12892,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     {
         /* If xTaskGetIdleTaskHandle() is called before the scheduler has been
          * started, then xIdleTaskHandle will be NULL. */
-        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3615, "( xIdleTaskHandle != 0 )") : (void)0);
+        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3616, "( xIdleTaskHandle != 0 )") : (void)0);
         return &( xIdleTaskHandle[ 0 ] );
     }
 
@@ -12895,7 +12903,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
  * This is to ensure vTaskStepTick() is available when user defined low power mode
  * implementations require configUSE_TICKLESS_IDLE to be set to a value other than
  * 1. */
-// # 3639 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3640 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
@@ -12904,7 +12912,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
 
     /* Must not be called with the scheduler suspended as the implementation
      * relies on xPendedTicks being wound down to 0 in xTaskResumeAll(). */
-    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3647, "uxSchedulerSuspended == 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3648, "uxSchedulerSuspended == 0") : (void)0);
 
     /* Use xPendedTicks to mimic xTicksToCatchUp number of ticks occurring when
      * the scheduler is suspended so the ticks are executed in xTaskResumeAll(). */
@@ -12923,7 +12931,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
         TCB_t * pxTCB = xTask;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3666, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3667, "pxTCB") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -13022,7 +13030,7 @@ BaseType_t xTaskIncrementTick( void )
 
             if( xConstTickCount == ( TickType_t ) 0U ) /*lint !e774 'if' does not always evaluate to false as it is looking for an overflow. */
             {
-                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3765, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
+                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3766, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
             }
             else
             {
@@ -13205,13 +13213,13 @@ BaseType_t xTaskIncrementTick( void )
     return xSwitchRequired;
 }
 /*-----------------------------------------------------------*/
-// # 3977 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3978 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4001 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4002 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4026 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4027 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4059 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4060 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 void vTaskSwitchContext( BaseType_t xCoreID )
@@ -13229,7 +13237,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
     {
         /* vTaskSwitchContext() must never be called from within a critical section.
          * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */
-        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4076, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
+        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4077, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
 
         if( uxSchedulerSuspended != ( UBaseType_t ) ( ( char ) 0 ) )
         {
@@ -13241,7 +13249,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
         {
             xYieldPendings[ xCoreID ] = ( ( char ) 0 );
                                     ;
-// # 4117 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4118 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             /* Check for stack overflow, if configured. */
             { const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } };
 
@@ -13258,7 +13266,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
                                    ;
 
             /* After the new task is switched in, update the global errno. */
-// # 4151 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4152 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
     }
     vPortRecursiveLock(0, spin_lock_instance(14), ( ( char ) 0 ));
@@ -13269,7 +13277,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
 void vTaskPlaceOnEventList( List_t * const pxEventList,
                             const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4161, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4162, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH EITHER INTERRUPTS DISABLED OR THE
      * SCHEDULER SUSPENDED AND THE QUEUE BEING ACCESSED LOCKED. */
@@ -13288,11 +13296,11 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                      const TickType_t xItemValue,
                                      const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4180, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4181, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event groups implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4184, "uxSchedulerSuspended != 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4185, "uxSchedulerSuspended != 0") : (void)0);
 
     /* Store the item value in the event list item.  It is safe to access the
      * event list item here as interrupts won't access the event list item of a
@@ -13316,7 +13324,7 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                           TickType_t xTicksToWait,
                                           const BaseType_t xWaitIndefinitely )
     {
-        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4208, "pxEventList") : (void)0);
+        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4209, "pxEventList") : (void)0);
 
         /* This function should not be called by application code hence the
          * 'Restricted' in its name.  It is not part of the public API.  It is
@@ -13364,14 +13372,14 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
      * This function assumes that a check has already been made to ensure that
      * pxEventList is not empty. */
     pxUnblockedTCB = ( ( &( ( pxEventList )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4256, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4257, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( &( pxUnblockedTCB->xEventListItem ) );
 
     if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) )
     {
         ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) );
         ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ;
-// # 4277 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4278 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
     else
     {
@@ -13401,7 +13409,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event flags implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != ( ( char ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4306, "uxSchedulerSuspended != ( ( char ) 0 )") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != ( ( char ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4307, "uxSchedulerSuspended != ( ( char ) 0 )") : (void)0);
 
     /* Store the new item value in the event list. */
     ( ( pxEventListItem )->xItemValue = ( xItemValue | 0x80000000UL ) );
@@ -13409,9 +13417,9 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
     /* Remove the event list form the event flag.  Interrupts do not access
      * event flags. */
     pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4314, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4315, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( pxEventListItem );
-// # 4331 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4332 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Remove the task from the delayed list and add it to the ready list.  The
      * scheduler is suspended so interrupts will not be accessing the ready
      * lists. */
@@ -13430,7 +13438,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
 void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut )
 {
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4349, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4350, "pxTimeOut") : (void)0);
     vTaskEnterCritical();
     {
         pxTimeOut->xOverflowCount = xNumOfOverflows;
@@ -13453,8 +13461,8 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
 {
     BaseType_t xReturn;
 
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4372, "pxTimeOut") : (void)0);
-    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4373, "pxTicksToWait") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4373, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4374, "pxTicksToWait") : (void)0);
 
     vTaskEnterCritical();
     {
@@ -13576,7 +13584,7 @@ void vTaskMissedYield( void )
  *
  * @todo additional conditional compiles to remove this function.
  */
-// # 4555 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4556 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * -----------------------------------------------------------
  * The Idle task.
@@ -13606,7 +13614,7 @@ static void prvIdleTask( void * pvParameters )
         /* See if any tasks have deleted themselves - if so then the idle task
          * is responsible for freeing the deleted task's TCB and stack. */
         prvCheckTasksWaitingTermination();
-// # 4596 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4597 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 /* When using preemption tasks of equal priority will be
                  * timesliced.  If a task that is sharing the idle priority is ready
@@ -13627,16 +13635,16 @@ static void prvIdleTask( void * pvParameters )
                                             ;
                 }
             }
-// # 4632 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4633 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         /* This conditional compilation should use inequality to 0, not equality
          * to 1.  This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when
          * user defined low power mode  implementations require
          * configUSE_TICKLESS_IDLE to be set to a value other than 1. */
-// # 4697 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4698 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 }
 /*-----------------------------------------------------------*/
-// # 4747 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4748 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13650,7 +13658,7 @@ static void prvIdleTask( void * pvParameters )
         if( xIndex < 5 )
         {
             pxTCB = ( ( ( xTaskToSet ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSet ) );
-            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4760, "pxTCB != 0") : (void)0);
+            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4761, "pxTCB != 0") : (void)0);
             pxTCB->pvThreadLocalStoragePointers[ xIndex ] = pvValue;
         }
     }
@@ -13681,7 +13689,7 @@ static void prvIdleTask( void * pvParameters )
 
 
 /*-----------------------------------------------------------*/
-// # 4807 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4808 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvInitialiseTaskLists( void )
@@ -13783,7 +13791,7 @@ static void prvCheckTasksWaitingTermination( void )
             {
                 pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority;
             }
-// # 4919 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4920 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 pxTaskStatus->ulRunTimeCounter = 0;
             }
@@ -13914,7 +13922,7 @@ static void prvCheckTasksWaitingTermination( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5088 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5089 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13971,7 +13979,7 @@ static void prvCheckTasksWaitingTermination( void )
                 free( (void*) pxTCB->pxStack);
                 free( (void*) pxTCB);
             }
-// # 5171 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5172 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 
 
@@ -14176,8 +14184,8 @@ static void prvResetNextTaskUnblockTime( void )
              * If the mutex is held by a task then it cannot be given from an
              * interrupt, and if a mutex is given by the holding task then it must
              * be the running state task. */
-            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5375, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5376, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5376, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5377, "pxTCB->uxMutexesHeld") : (void)0);
             ( pxTCB->uxMutexesHeld )--;
 
             /* Has the holder of the mutex inherited the priority of another
@@ -14263,7 +14271,7 @@ static void prvResetNextTaskUnblockTime( void )
         {
             /* If pxMutexHolder is not NULL then the holder must hold at least
              * one mutex. */
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5462, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5463, "pxTCB->uxMutexesHeld") : (void)0);
 
             /* Determine the priority to which the priority of the task that
              * holds the mutex should be set.  This will be the greater of the
@@ -14290,7 +14298,7 @@ static void prvResetNextTaskUnblockTime( void )
                     /* If a task has timed out because it already holds the
                      * mutex it was trying to obtain then it cannot of inherited
                      * its own priority. */
-                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5489, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
+                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5490, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
 
                     /* Disinherit the priority, remembering the previous
                      * priority to facilitate determining the subject task's
@@ -14421,7 +14429,7 @@ void vTaskYieldWithinAPI( void )
         {
             /* If pxCurrentTCB->uxCriticalNesting is zero then this function
              * does not match a previous call to vTaskEnterCritical(). */
-            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5620, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5621, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
 
             if( xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U )
             {
@@ -14471,11 +14479,11 @@ void vTaskYieldWithinAPI( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5696 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5697 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 5802 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5803 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
-// # 5929 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5930 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 TickType_t uxTaskResetEventItemValue( void )
@@ -14517,7 +14525,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         uint32_t ulReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5970, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5971, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14591,7 +14599,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6044, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6045, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14679,8 +14687,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( char ) 1 ) );
         uint8_t ucOriginalNotifyState;
 
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6132, "uxIndexToNotify < 1") : (void)0);
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6133, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6133, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6134, "xTaskToNotify") : (void)0);
         pxTCB = xTaskToNotify;
 
         vTaskEnterCritical();
@@ -14733,7 +14741,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6186, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6187, "xTickCount == ( TickType_t ) 0") : (void)0);
 
                     break;
             }
@@ -14748,8 +14756,8 @@ TickType_t uxTaskResetEventItemValue( void )
                 ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
 
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6201, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
-// # 6220 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6202, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+// # 6221 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         prvYieldForTask( pxTCB, ( ( char ) 0 ) );
                     }
@@ -14782,8 +14790,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( char ) 1 ) );
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6252, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6253, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6253, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6254, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14854,7 +14862,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6324, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6325, "xTickCount == ( TickType_t ) 0") : (void)0);
                     break;
             }
 
@@ -14865,7 +14873,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6335, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6336, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) )
                 {
@@ -14910,8 +14918,8 @@ TickType_t uxTaskResetEventItemValue( void )
         uint8_t ucOriginalNotifyState;
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6380, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6381, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6381, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6382, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14949,7 +14957,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6419, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6420, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) )
                 {
@@ -14990,7 +14998,7 @@ TickType_t uxTaskResetEventItemValue( void )
         TCB_t * pxTCB;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6460, "uxIndexToClear < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6461, "uxIndexToClear < 1") : (void)0);
 
         /* If null is passed in here then it is the calling task that is having
          * its notification state cleared. */
@@ -15043,7 +15051,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
 
 /*-----------------------------------------------------------*/
-// # 6529 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6530 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
@@ -15119,7 +15127,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                 }
             }
         }
-// # 6641 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6642 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 
 /* Code below here allows additional code to be inserted into this source file,
diff --git a/verification/verifast/proof/snippets/rp2040_port_c_snippets.c b/verification/verifast/proof/snippets/rp2040_port_c_snippets.c
index 000c7b966b0..fad6c90bc22 100644
--- a/verification/verifast/proof/snippets/rp2040_port_c_snippets.c
+++ b/verification/verifast/proof/snippets/rp2040_port_c_snippets.c
@@ -70,54 +70,7 @@ static void vPortStartFirstTask( void ) __attribute__( ( naked ) );
  */
 static void prvTaskExitError( void );
 
-/*@
-// Represents a stack that grows down.
-predicate stack_p(StackType_t * pxStack, uint32_t ulStackDepth, StackType_t * pxTopOfStack, uint32_t freeCells) =
-	integers_(pxStack, sizeof(StackType_t), false, ulStackDepth, _) &*&
-    ulStackDepth > 0 &*&
-    freeCells >= 0 &*&
-    pxTopOfStack == pxStack + freeCells -1 &*&
-    0 <= freeCells &*& freeCells <= ulStackDepth;
-//	usedMem == pxStack - pxTopOfStack
-//	freeMem == ulStackDepth - usedMem
-	//freeCells * sizeof(StackType_t) == ulStackDepth * sizeof(StackType_t) - ((char*) pxStack - (char*) pxTopOfStack) &*&
-//	usedCells * sizeof(StackType_t) == ((char*) pxStack - (char*) pxTopOfStack);
-@*/
-
-/*/@
-lemma void split_stack(StackType_t * pxStack, int offset)
-requires stack_p(pxStack,?ulStackDepth, ?pxTopOfStack, ?freeMem, _) &*& 0 <= offset &*& 
-                offset * sizeof(StackType_t) < ulStackDepth;
-ensures integers_(pxStack, sizeof(StackType_t), true, offset * sizeof(StackType_t), _) &*&
-                integers_(pxStack + offset * sizeof(StackType_t), sizeof(StackType_t), true, ulStackDepth - offset * sizeof(StackType_t), _) ;
-{
-	open stack_p(_, _, _, _);
-	integers__split(pxStack, offset * sizeof(StackType_t) );
-}
-@*/
 
-/*@
-lemma void getTopOfStack(StackType_t* pxStack, StackType_t* pxTopOfStack)
-requires stack_p(pxStack,?ulStackDepth, pxTopOfStack, ?freeCells) &*&
-                 freeCells > 0;
-ensures // free cells minus top cell
-        integers_(pxStack, sizeof(StackType_t), false, freeCells-1, _)	&*&
-        // top stack cell
-		integer_(pxStack + freeCells-1, sizeof(StackType_t), false, _) &*&
-        // used stack cells
-		integers_(pxStack + freeCells, sizeof(StackType_t), false, 
-                  ulStackDepth - freeCells, _) &*&
-        // stack contraints necessary to close `stack_p` again
-        ulStackDepth > 0 &*&
-        freeCells >= 0 &*&
-        pxTopOfStack == pxStack + freeCells -1 &*&
-        0 <= freeCells &*& freeCells <= ulStackDepth;
-{
-    open stack_p(_, _, _, _);
-    integers__split(pxStack, freeCells-1);
-    open integers_(pxStack + (freeCells-1), _, _, _, _);
-}
-@*/
 
 
 // -------------------------------------------------
diff --git a/verification/verifast/proof/stack_predicates.h b/verification/verifast/proof/stack_predicates.h
new file mode 100644
index 00000000000..4375451bae6
--- /dev/null
+++ b/verification/verifast/proof/stack_predicates.h
@@ -0,0 +1,56 @@
+#ifndef STACK_PREDICATES
+#define STACK_PREDICATES
+
+
+/*@
+// Represents a stack that grows down (cf. RP2040 stack)
+predicate stack_p(StackType_t * pxStack, uint32_t ulStackDepth, StackType_t * pxTopOfStack, uint32_t freeCells) =
+	integers_(pxStack, sizeof(StackType_t), false, ulStackDepth, _) &*&
+    ulStackDepth > 0 &*&
+    freeCells >= 0 &*&
+    pxTopOfStack == pxStack + freeCells -1 &*&
+    0 <= freeCells &*& freeCells <= ulStackDepth;
+//	usedMem == pxStack - pxTopOfStack
+//	freeMem == ulStackDepth - usedMem
+	//freeCells * sizeof(StackType_t) == ulStackDepth * sizeof(StackType_t) - ((char*) pxStack - (char*) pxTopOfStack) &*&
+//	usedCells * sizeof(StackType_t) == ((char*) pxStack - (char*) pxTopOfStack);
+@*/
+
+/*/@
+lemma void split_stack(StackType_t * pxStack, int offset)
+requires stack_p(pxStack,?ulStackDepth, ?pxTopOfStack, ?freeMem, _) &*& 0 <= offset &*& 
+                offset * sizeof(StackType_t) < ulStackDepth;
+ensures integers_(pxStack, sizeof(StackType_t), true, offset * sizeof(StackType_t), _) &*&
+                integers_(pxStack + offset * sizeof(StackType_t), sizeof(StackType_t), true, ulStackDepth - offset * sizeof(StackType_t), _) ;
+{
+	open stack_p(_, _, _, _);
+	integers__split(pxStack, offset * sizeof(StackType_t) );
+}
+@*/
+
+/*@
+// TODO: Do we need this lemma or is it usually cleaner to split stack manually?
+lemma void getTopOfStack(StackType_t* pxStack, StackType_t* pxTopOfStack)
+requires stack_p(pxStack,?ulStackDepth, pxTopOfStack, ?freeCells) &*&
+                 freeCells > 0;
+ensures // free cells minus top cell
+        integers_(pxStack, sizeof(StackType_t), false, freeCells-1, _)	&*&
+        // top stack cell
+		integer_(pxStack + freeCells-1, sizeof(StackType_t), false, _) &*&
+        // used stack cells
+		integers_(pxStack + freeCells, sizeof(StackType_t), false, 
+                  ulStackDepth - freeCells, _) &*&
+        // stack contraints necessary to close `stack_p` again
+        ulStackDepth > 0 &*&
+        freeCells >= 0 &*&
+        pxTopOfStack == pxStack + freeCells -1 &*&
+        0 <= freeCells &*& freeCells <= ulStackDepth;
+{
+    open stack_p(_, _, _, _);
+    integers__split(pxStack, freeCells-1);
+    open integers_(pxStack + (freeCells-1), _, _, _, _);
+}
+@*/
+
+
+#endif /* STACK_PREDICATES */
\ No newline at end of file

From 551d1da6281b84fe86a5d7bbf83d58f3af06fda4 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Thu, 27 Oct 2022 12:58:18 -0400
Subject: [PATCH 070/289] Renamed `TCB_p` predicate into `uninit_TCB_p`.

---
 tasks.c                                       | 32 +++++++--------
 .../verifast/preprocessed_files/tasks--pp.c   | 39 +++++++++----------
 verification/verifast/proof/task_predicates.h |  7 ++--
 3 files changed, 38 insertions(+), 40 deletions(-)

diff --git a/tasks.c b/tasks.c
index b5d84e20617..f2a8c40552e 100644
--- a/tasks.c
+++ b/tasks.c
@@ -1371,7 +1371,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                         pxNewTCB->pxStack = pxStack;
                         //@ close xLIST_ITEM(&pxNewTCB->xStateListItem, _, _, _, _);
                         //@ close xLIST_ITEM(&pxNewTCB->xEventListItem, _, _, _, _);
-                        //@ close TCB_p(pxNewTCB, ((size_t) usStackDepth) * sizeof(StackType_t)); 
+                        //@ close uninit_TCB_p(pxNewTCB, ((size_t) usStackDepth) * sizeof(StackType_t)); 
                     }
                     else
                     {
@@ -1431,7 +1431,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
                                   TaskHandle_t * const pxCreatedTask,
                                   TCB_t * pxNewTCB,
                                   const MemoryRegion_t * const xRegions )
-/*@ requires TCB_p(pxNewTCB, ?stackSize) &*&
+/*@ requires uninit_TCB_p(pxNewTCB, ?stackSize) &*&
              stackSize == ulStackDepth * sizeof(StackType_t) &*&
              stackSize <= UINTPTR_MAX &*&
              ulStackDepth > 0 &*&
@@ -1460,7 +1460,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
     #endif /* portUSING_MPU_WRAPPERS == 1 */
 
 
-    //@ open TCB_p(_,_);
+    //@ open uninit_TCB_p(_,_);
 
     /* Avoid dependency on memset() if it is not required. */
     #if ( tskSET_NEW_STACKS_TO_KNOWN_VALUE == 1 )
@@ -1534,17 +1534,17 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         }
     #endif /* portSTACK_GROWTH */
 
-    //@ close TCB_p(pxNewTCB, stackSize); 
+    //@ close uninit_TCB_p(pxNewTCB, stackSize); 
 
     /* Store the task name in the TCB. */
     if( pcName != NULL )
     {
         for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) configMAX_TASK_NAME_LEN; x++ )
-        /*@ invariant TCB_p(pxNewTCB, stackSize) &*&
+        /*@ invariant uninit_TCB_p(pxNewTCB, stackSize) &*&
                       chars(pcName, 16, _);
          @*/
         {
-            //@ open TCB_p(_, _);
+            //@ open uninit_TCB_p(_, _);
             pxNewTCB->pcTaskName[ x ] = pcName[ x ];
 
             /* Don't copy all configMAX_TASK_NAME_LEN if the string is shorter than
@@ -1556,29 +1556,29 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
                  *       violation when we don't close the predicate?
                  *       This seems like a bug.
                  */
-                //@ close TCB_p(_, _);
+                //@ close uninit_TCB_p(_, _);
                 break;
             }
             else
             {
                 mtCOVERAGE_TEST_MARKER();
             }
-            //@ close TCB_p(_, _);
+            //@ close uninit_TCB_p(_, _);
         }
 
-        //@ open TCB_p(_, _);
+        //@ open uninit_TCB_p(_, _);
         /* Ensure the name string is terminated in the case that the string length
          * was greater or equal to configMAX_TASK_NAME_LEN. */
         pxNewTCB->pcTaskName[ configMAX_TASK_NAME_LEN - 1 ] = '\0';
-        //@ close TCB_p(_, _);
+        //@ close uninit_TCB_p(_, _);
     }
     else
     {
-        //@ open TCB_p(_, _);
+        //@ open uninit_TCB_p(_, _);
         /* The task has not been given a name, so just ensure there is a NULL
          * terminator when it is read out. */
         pxNewTCB->pcTaskName[ 0 ] = 0x00;
-        //@ close TCB_p(_, _);
+        //@ close uninit_TCB_p(_, _);
     }
 
     /* This is used as an array index so must ensure it's not too large.  First
@@ -1592,7 +1592,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         mtCOVERAGE_TEST_MARKER();
     }
 
-    //@ open TCB_p(_, _);
+    //@ open uninit_TCB_p(_, _);
     pxNewTCB->uxPriority = uxPriority;
     #if ( configUSE_MUTEXES == 1 )
         {
@@ -1600,12 +1600,12 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             pxNewTCB->uxMutexesHeld = 0;
         }
     #endif /* configUSE_MUTEXES */
-    //@ close TCB_p(_, _);
+    //@ close uninit_TCB_p(_, _);
 
     vListInitialiseItem( &( pxNewTCB->xStateListItem ) );
     vListInitialiseItem( &( pxNewTCB->xEventListItem ) );
 
-    //@ open TCB_p(_, _);
+    //@ open uninit_TCB_p(_, _);
 
     /* Set the pxNewTCB as a link back from the ListItem_t.  This is so we can get
      * back to  the containing TCB from a generic item in a list. */
@@ -1786,7 +1786,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         mtCOVERAGE_TEST_MARKER();
     }
 
-    //@ close TCB_p(_, _);
+    //@ close uninit_TCB_p(_, _);
 }
 /*-----------------------------------------------------------*/
 
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index 16afe1f464f..3b6a3efee00 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -10032,9 +10032,10 @@ predicate xLIST_ITEM(
 
 
 /*@
+
 // This predicate represents the memory corresponding to an
-// instance of type `TCB_t` aka `tskTaskControlBlock`.
-predicate TCB_p(TCB_t * tcb, int stackSize) =
+// uninitialised instance of type `TCB_t` aka `tskTaskControlBlock`.
+predicate uninit_TCB_p(TCB_t * tcb, int stackSize) =
     malloc_block_tskTaskControlBlock(tcb) &*&
     tcb->pxTopOfStack |-> _ &*&
 
@@ -10070,8 +10071,6 @@ predicate TCB_p(TCB_t * tcb, int stackSize) =
     uchars_(tcb->ucNotifyState, 1, _) &*&
 
     tcb->ucDelayAborted |-> _;
-
-    
 @*/
 // # 52 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_RP2040_axioms.h" 1
@@ -11023,7 +11022,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                         pxNewTCB->pxStack = pxStack;
                         //@ close xLIST_ITEM(&pxNewTCB->xStateListItem, _, _, _, _);
                         //@ close xLIST_ITEM(&pxNewTCB->xEventListItem, _, _, _, _);
-                        //@ close TCB_p(pxNewTCB, ((size_t) usStackDepth) * sizeof(StackType_t)); 
+                        //@ close uninit_TCB_p(pxNewTCB, ((size_t) usStackDepth) * sizeof(StackType_t)); 
                     }
                     else
                     {
@@ -11069,7 +11068,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
                                   TaskHandle_t * const pxCreatedTask,
                                   TCB_t * pxNewTCB,
                                   const MemoryRegion_t * const xRegions )
-/*@ requires TCB_p(pxNewTCB, ?stackSize) &*&
+/*@ requires uninit_TCB_p(pxNewTCB, ?stackSize) &*&
              stackSize == ulStackDepth * sizeof(StackType_t) &*&
              stackSize <= UINTPTR_MAX &*&
              ulStackDepth > 0 &*&
@@ -11082,7 +11081,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
     StackType_t * pxTopOfStack;
     UBaseType_t x;
 // # 1463 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
-    //@ open TCB_p(_,_);
+    //@ open uninit_TCB_p(_,_);
 
     /* Avoid dependency on memset() if it is not required. */
 
@@ -11131,17 +11130,17 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 // # 1523 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
 // # 1537 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
-    //@ close TCB_p(pxNewTCB, stackSize); 
+    //@ close uninit_TCB_p(pxNewTCB, stackSize); 
 
     /* Store the task name in the TCB. */
     if( pcName != 0 )
     {
         for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) 16; x++ )
-        /*@ invariant TCB_p(pxNewTCB, stackSize) &*&
+        /*@ invariant uninit_TCB_p(pxNewTCB, stackSize) &*&
                       chars(pcName, 16, _);
          @*/
         {
-            //@ open TCB_p(_, _);
+            //@ open uninit_TCB_p(_, _);
             pxNewTCB->pcTaskName[ x ] = pcName[ x ];
 
             /* Don't copy all configMAX_TASK_NAME_LEN if the string is shorter than
@@ -11153,29 +11152,29 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
                  *       violation when we don't close the predicate?
                  *       This seems like a bug.
                  */
-                //@ close TCB_p(_, _);
+                //@ close uninit_TCB_p(_, _);
                 break;
             }
             else
             {
                                         ;
             }
-            //@ close TCB_p(_, _);
+            //@ close uninit_TCB_p(_, _);
         }
 
-        //@ open TCB_p(_, _);
+        //@ open uninit_TCB_p(_, _);
         /* Ensure the name string is terminated in the case that the string length
          * was greater or equal to configMAX_TASK_NAME_LEN. */
         pxNewTCB->pcTaskName[ 16 - 1 ] = '\0';
-        //@ close TCB_p(_, _);
+        //@ close uninit_TCB_p(_, _);
     }
     else
     {
-        //@ open TCB_p(_, _);
+        //@ open uninit_TCB_p(_, _);
         /* The task has not been given a name, so just ensure there is a NULL
          * terminator when it is read out. */
         pxNewTCB->pcTaskName[ 0 ] = 0x00;
-        //@ close TCB_p(_, _);
+        //@ close uninit_TCB_p(_, _);
     }
 
     /* This is used as an array index so must ensure it's not too large.  First
@@ -11189,7 +11188,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
                                 ;
     }
 
-    //@ open TCB_p(_, _);
+    //@ open uninit_TCB_p(_, _);
     pxNewTCB->uxPriority = uxPriority;
 
         {
@@ -11197,12 +11196,12 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             pxNewTCB->uxMutexesHeld = 0;
         }
 
-    //@ close TCB_p(_, _);
+    //@ close uninit_TCB_p(_, _);
 
     vListInitialiseItem( &( pxNewTCB->xStateListItem ) );
     vListInitialiseItem( &( pxNewTCB->xEventListItem ) );
 
-    //@ open TCB_p(_, _);
+    //@ open uninit_TCB_p(_, _);
 
     /* Set the pxNewTCB as a link back from the ListItem_t.  This is so we can get
      * back to  the containing TCB from a generic item in a list. */
@@ -11305,7 +11304,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
                                 ;
     }
 
-    //@ close TCB_p(_, _);
+    //@ close uninit_TCB_p(_, _);
 }
 /*-----------------------------------------------------------*/
 
diff --git a/verification/verifast/proof/task_predicates.h b/verification/verifast/proof/task_predicates.h
index b222813bd7b..01b3c46f6bc 100644
--- a/verification/verifast/proof/task_predicates.h
+++ b/verification/verifast/proof/task_predicates.h
@@ -6,9 +6,10 @@
 
 
 /*@
+
 // This predicate represents the memory corresponding to an
-// instance of type `TCB_t` aka `tskTaskControlBlock`.
-predicate TCB_p(TCB_t * tcb, int stackSize) =
+// uninitialised instance of type `TCB_t` aka `tskTaskControlBlock`.
+predicate uninit_TCB_p(TCB_t * tcb, int stackSize) =
     malloc_block_tskTaskControlBlock(tcb) &*&
     tcb->pxTopOfStack |-> _ &*&
 
@@ -44,8 +45,6 @@ predicate TCB_p(TCB_t * tcb, int stackSize) =
     uchars_(tcb->ucNotifyState, 1, _) &*&
 
     tcb->ucDelayAborted |-> _;
-
-    
 @*/
 
 #endif /* TASKS_GH */
\ No newline at end of file

From 52608179722f6de5f278f3ce0dc6b2196fb13297 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Thu, 27 Oct 2022 19:23:17 -0400
Subject: [PATCH 071/289] Added comment on VF command line options to startup
 script

---
 verification/verifast/start-vfide--preprocessed.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/verification/verifast/start-vfide--preprocessed.sh b/verification/verifast/start-vfide--preprocessed.sh
index 93d47a6fd17..2407bf9abca 100755
--- a/verification/verifast/start-vfide--preprocessed.sh
+++ b/verification/verifast/start-vfide--preprocessed.sh
@@ -24,4 +24,6 @@ cd "$START_WD"
 echo "\n\nPreprocessing script finished\n\n"
 
 "$VF_DIR/bin/vfide" "$PP_TASK_C" \
-    -codeFont "$FONT_SIZE" -traceFont "$FONT_SIZE"
+    -codeFont "$FONT_SIZE" -traceFont "$FONT_SIZE" \
+#    -target 32bit -prover z3v4.5 \
+# TODO: If we set the target to 32bit, VF create `uint` chunks instead of `char` chunks during malloc

From 06b924d81892eba238a6b4af5dc60be2b310b528 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Fri, 28 Oct 2022 13:24:01 -0400
Subject: [PATCH 072/289] Verified alignment properties of stack top pointer.

---
 tasks.c                                       |  30 +-
 .../verifast/preprocessed_files/tasks--pp.c   | 499 +++++++++---------
 verification/verifast/proof/task_predicates.h |   1 +
 .../verifast/start-vfide--preprocessed.sh     |   3 +
 4 files changed, 295 insertions(+), 238 deletions(-)

diff --git a/tasks.c b/tasks.c
index f2a8c40552e..e919f6c7ad5 100644
--- a/tasks.c
+++ b/tasks.c
@@ -24,6 +24,14 @@
  *
  */
 
+#ifdef VERIFAST
+    /* Ghost header include must occur before any non-ghost includes or other
+     * non-ghost code. Otherwise VeriFast will report an unspecific parse error.
+     */
+
+    //@ #include 
+#endif /* VERIFAST */
+
 
 /* Standard includes. */
 #include 
@@ -1371,6 +1379,8 @@ static void prvYieldForTask( TCB_t * pxTCB,
                         pxNewTCB->pxStack = pxStack;
                         //@ close xLIST_ITEM(&pxNewTCB->xStateListItem, _, _, _, _);
                         //@ close xLIST_ITEM(&pxNewTCB->xEventListItem, _, _, _, _);
+                        //@ chars__limits((char*) pxNewTCB->pxStack);
+                        //@ assert( pxNewTCB->pxStack + (size_t) usStackDepth <= (StackType_t*) UINTPTR_MAX );
                         //@ close uninit_TCB_p(pxNewTCB, ((size_t) usStackDepth) * sizeof(StackType_t)); 
                     }
                     else
@@ -1492,18 +1502,34 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
     #if ( portSTACK_GROWTH < 0 )
         {
             pxTopOfStack = &( pxNewTCB->pxStack[ ulStackDepth - ( uint32_t ) 1 ] );
+            //@ StackType_t* gOldTop = pxTopOfStack;
             
             // Axiomatize that pointers on RP2040 are 32bit
             //@ ptr_range(pxTopOfStack);
 
             // TODO: How can we prove this?
             // Assume that no underflow occurs
-            //@ assume( 0 <= (( (uint32_t) pxTopOfStack) & ~(7)) );
+            ///@ assume( 0 <= (( (uint32_t) pxTopOfStack) & ~(7)) );
+
+            /* Convert top and mask to VeriFast bitvectors and establish
+             * relation to C variables.
+             * Note that on RP2040:
+             * - `portPOINTER_SIZE_TYPE` == `uint32_t`
+             * - `portBYTE_ALIGNMENT_MASK` == `0x0007`
+             */
+            //@ uint32_t gMask = 0x0007;
+            //@ Z gzTop = Z_of_uint32((int) pxTopOfStack);
+            //@ Z gzMask = Z_of_uint32((int) gMask);
+            //@ bitnot_def(gMask, gzMask);
+            //@ bitand_def((int) pxTopOfStack, gzTop, ~gMask, Z_not(gzMask));
 
             // TODO: How can we prove this?
             // Assume that no overflow occurs.
-            //@ assume(  (((uint32_t) pxTopOfStack) & ~7) <= UINTPTR_MAX);
+            ///@ assume(  (((uint32_t) pxTopOfStack) & ~7) <= UINTPTR_MAX);
             pxTopOfStack = ( StackType_t * ) ( ( ( portPOINTER_SIZE_TYPE ) pxTopOfStack ) & ( ~( ( portPOINTER_SIZE_TYPE ) portBYTE_ALIGNMENT_MASK ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception.  Avoiding casts between pointers and integers is not practical.  Size differences accounted for using portPOINTER_SIZE_TYPE type.  Checked by assert(). */
+            //@ assert( pxTopOfStack <= gOldTop );
+            //@ assert( gOldTop - 7 <= pxTopOfStack );
+            //@ assert(false);
 
             /* Check the alignment of the calculated top of stack is correct. */
             
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index 3b6a3efee00..2f2a4acb7e7 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -32,6 +32,14 @@
  */
 
 
+    /* Ghost header include must occur before any non-ghost includes or other
+     * non-ghost code. Otherwise VeriFast will report an unspecific parse error.
+     */
+
+    //@ #include 
+
+
+
 /* Standard includes. */
 // # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdlib.h" 1
 
@@ -52,40 +60,40 @@ typedef intptr_t ptrdiff_t;
 typedef intptr_t ssize_t;
 // # 5 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/malloc.h" 2
 
-/*@
-
-// In Standard C, freeing a null pointer is allowed and is a no-op.
-lemma_auto void malloc_block_null();
-    requires emp;
-    ensures malloc_block(0, 0);
-
-lemma void malloc_block_limits(void *array);
-    requires [?f]malloc_block(array, ?size);
-    ensures [f]malloc_block(array, size) &*& (void *)0 <= array &*& 0 <= size &*& array + size <= (void *)UINTPTR_MAX;
-
+/*@
+
+// In Standard C, freeing a null pointer is allowed and is a no-op.
+lemma_auto void malloc_block_null();
+    requires emp;
+    ensures malloc_block(0, 0);
+
+lemma void malloc_block_limits(void *array);
+    requires [?f]malloc_block(array, ?size);
+    ensures [f]malloc_block(array, size) &*& (void *)0 <= array &*& 0 <= size &*& array + size <= (void *)UINTPTR_MAX;
+
 @*/
 
 void *malloc(size_t size);
     //@ requires true;
-    /*@
-    ensures
-        result == 0 ?
-            emp
-        :
-            chars_(result, size, _) &*& malloc_block(result, size) &*&
-            (char *)0 < result && result + size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
+    /*@
+    ensures
+        result == 0 ?
+            emp
+        :
+            chars_(result, size, _) &*& malloc_block(result, size) &*&
+            (char *)0 < result && result + size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
     @*/
     //@ terminates;
 
 void *calloc(size_t nmemb, size_t size);
     //@ requires true;
-    /*@
-    ensures
-        result == 0 ?
-            emp
-        :
-            chars(result, nmemb * size, ?cs) &*& malloc_block(result, nmemb * size) &*& all_eq(cs, 0) == true &*&
-            (char *)0 < result && result + nmemb * size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
+    /*@
+    ensures
+        result == 0 ?
+            emp
+        :
+            chars(result, nmemb * size, ?cs) &*& malloc_block(result, nmemb * size) &*& all_eq(cs, 0) == true &*&
+            (char *)0 < result && result + nmemb * size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
     @*/
     //@ terminates;
 
@@ -96,16 +104,16 @@ void free(void *array);
 
 void *realloc(void *array, size_t newSize);
     //@ requires malloc_block(array, ?size) &*& chars(array, size, ?cs);
-    /*@
-    ensures
-        result == 0 ?
-            malloc_block(array, size) &*& chars(array, size, cs)
-        :
-            malloc_block(result, newSize) &*&
-            newSize <= size ?
-                chars(result, _, take(newSize, cs))
-            :
-                chars(result, _, cs) &*& chars(result + size, newSize - size, _);
+    /*@
+    ensures
+        result == 0 ?
+            malloc_block(array, size) &*& chars(array, size, cs)
+        :
+            malloc_block(result, newSize) &*&
+            newSize <= size ?
+                chars(result, _, take(newSize, cs))
+            :
+                chars(result, _, cs) &*& chars(result + size, newSize - size, _);
     @*/
     //@ terminates;
 // # 6 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdlib.h" 2
@@ -134,7 +142,7 @@ long long llabs(long long x);
     //@ requires LLONG_MIN < x;
     //@ ensures result == abs(x);
     //@ terminates;
-// # 30 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 38 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/string.h" 1
 
 
@@ -150,21 +158,21 @@ void memcpy(void *array, void *array0, size_t count);
     //@ ensures chars(array, count, cs0) &*& [f]chars(array0, count, cs0);
 
 void memmove(void *dest, void *src, size_t count);
-    /*@
-    requires
-        chars(src, count, ?cs) &*&
-        dest <= src ?
-            chars(dest, src - dest, _)
-        :
-            chars(src + count, dest - src, _);
+    /*@
+    requires
+        chars(src, count, ?cs) &*&
+        dest <= src ?
+            chars(dest, src - dest, _)
+        :
+            chars(src + count, dest - src, _);
     @*/
-    /*@
-    ensures
-        chars(dest, count, cs) &*&
-        dest <= src ?
-            chars(dest + count, src - dest, _)
-        :
-            chars(src, dest - src, _);
+    /*@
+    ensures
+        chars(dest, count, cs) &*&
+        dest <= src ?
+            chars(dest + count, src - dest, _)
+        :
+            chars(src, dest - src, _);
     @*/
 
 size_t strlen(char *string);
@@ -185,15 +193,15 @@ char *memchr(char *array, char c, size_t count);
 
 char* strchr(char *str, char c);
     //@ requires [?f]string(str, ?cs);
-    /*@ ensures
-            [f]string(str, cs) &*&
-            c == 0 ? 
-                result == str + length(cs)
-            : 
-                result == 0 ?
-                    mem(c, cs) == false
-                :
-                    mem(c, cs) == true &*& result == str + index_of(c, cs);
+    /*@ ensures
+            [f]string(str, cs) &*&
+            c == 0 ? 
+                result == str + length(cs)
+            : 
+                result == 0 ?
+                    mem(c, cs) == false
+                :
+                    mem(c, cs) == true &*& result == str + index_of(c, cs);
     @*/
 
 void* memset(void *array, char value, size_t size);
@@ -203,7 +211,7 @@ void* memset(void *array, char value, size_t size);
 char *strdup(char *string);
     //@ requires [?f]string(string, ?cs);
     //@ ensures [f]string(string, cs) &*& result == 0 ? true : string(result, cs) &*& malloc_block_chars(result, length(cs) + 1);
-// # 31 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 39 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
 /* Defining MPU_WRAPPERS_INCLUDED_FROM_API_FILE prevents task.h from redefining
  * all the API functions to use the MPU wrappers.  That should only be done when
@@ -540,33 +548,33 @@ typedef void (* TaskFunction_t)( void * );
  * must be set in the compiler's include path. */
 
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 1
-/*
- * FreeRTOS SMP Kernel V202110.00
- * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
- * Copyright (c) 2021 Raspberry Pi (Trading) Ltd.
- *
- * SPDX-License-Identifier: MIT AND BSD-3-Clause
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy of
- * this software and associated documentation files (the "Software"), to deal in
- * the Software without restriction, including without limitation the rights to
- * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
- * the Software, and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
- * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
- * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
- * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
- * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- *
- * https://www.FreeRTOS.org
- * https://github.com/FreeRTOS
- *
+/*
+ * FreeRTOS SMP Kernel V202110.00
+ * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
+ * Copyright (c) 2021 Raspberry Pi (Trading) Ltd.
+ *
+ * SPDX-License-Identifier: MIT AND BSD-3-Clause
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of
+ * this software and associated documentation files (the "Software"), to deal in
+ * the Software without restriction, including without limitation the rights to
+ * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+ * the Software, and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+ * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+ * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * https://www.FreeRTOS.org
+ * https://github.com/FreeRTOS
+ *
  */
 // # 37 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico.h" 1
@@ -4275,14 +4283,14 @@ int spin_lock_claim_unused(bool required);
 bool spin_lock_is_claimed(uint lock_num);
 // # 39 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 2
 
-/*-----------------------------------------------------------
- * Port specific definitions.
- *
- * The settings in this file configure FreeRTOS correctly for the
- * given hardware and compiler.
- *
- * These settings should not be altered.
- *-----------------------------------------------------------
+/*-----------------------------------------------------------
+ * Port specific definitions.
+ *
+ * The settings in this file configure FreeRTOS correctly for the
+ * given hardware and compiler.
+ *
+ * These settings should not be altered.
+ *-----------------------------------------------------------
  */
 
 /* Type definitions. */
@@ -4298,7 +4306,7 @@ bool spin_lock_is_claimed(uint lock_num);
         typedef uint32_t TickType_t;
 
 
-/* 32-bit tick type on a 32-bit architecture, so reads of the tick count do
+/* 32-bit tick type on a 32-bit architecture, so reads of the tick count do
  * not need to be guarded with a critical section. */
 
 
@@ -4309,13 +4317,13 @@ bool spin_lock_is_claimed(uint lock_num);
 
 
 
-        /* Reason for rewrite: VeriFast does not support the attriibute `used`. 
+        /* Reason for rewrite: VeriFast does not support the attriibute `used`. 
          */
 
 
 
 
-    /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config,
+    /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config,
      * as our FreeRTOSConfig.h header cannot be included by ASM code - which is what this affects in the SDK */
 
 
@@ -4380,11 +4388,11 @@ bool spin_lock_is_claimed(uint lock_num);
 
 
 
-    /* Note this is a single method with uxAcquire parameter since we have
-     * static vars, the method is always called with a compile time constant for
+    /* Note this is a single method with uxAcquire parameter since we have
+     * static vars, the method is always called with a compile time constant for
      * uxAcquire, and the compiler should dothe right thing! */
 
-        /* Reason for rewrite: VeriFast does not support local static variables.
+        /* Reason for rewrite: VeriFast does not support local static variables.
          */
 // # 226 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
 /*-----------------------------------------------------------*/
@@ -4994,7 +5002,7 @@ typedef StaticStreamBuffer_t StaticMessageBuffer_t;
 
 
 /* *INDENT-ON* */
-// # 39 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 47 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/task.h" 1
 /*
  * FreeRTOS SMP Kernel V202110.00
@@ -8513,7 +8521,7 @@ void vTaskYieldWithinAPI( void );
 
 
 /* *INDENT-ON* */
-// # 40 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 48 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/timers.h" 1
 /*
  * FreeRTOS SMP Kernel V202110.00
@@ -9854,7 +9862,7 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
 
 
 /* *INDENT-ON* */
-// # 41 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 49 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/stack_macros.h" 1
 /*
  * FreeRTOS SMP Kernel V202110.00
@@ -9915,7 +9923,7 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
 /*-----------------------------------------------------------*/
 
 /* Remove stack overflow macro if not being used. */
-// # 42 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 50 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
 /* Verifast proof setup 
  * 
@@ -9940,7 +9948,7 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
      * unsigned types. While that's safe in practice, it is not
      * type safe. Hence we define 
      */
-// # 50 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 58 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/stack_predicates.h" 1
 
 
@@ -9995,7 +10003,7 @@ ensures // free cells minus top cell
     open integers_(pxStack + (freeCells-1), _, _, _, _);
 }
 @*/
-// # 51 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 59 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/task_predicates.h" 1
 
 
@@ -10047,6 +10055,7 @@ predicate uninit_TCB_p(TCB_t * tcb, int stackSize) =
     tcb->uxPriority |-> _ &*&
 
     tcb->pxStack |-> ?stackPtr &*&
+    (char*) stackPtr + stackSize <=  (char*) UINTPTR_MAX &*&
     chars_((char*) stackPtr, stackSize, _) &*&
     malloc_block_chars((char*) stackPtr, stackSize) &*&
 
@@ -10072,7 +10081,7 @@ predicate uninit_TCB_p(TCB_t * tcb, int stackSize) =
 
     tcb->ucDelayAborted |-> _;
 @*/
-// # 52 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 60 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_RP2040_axioms.h" 1
 
 
@@ -10090,7 +10099,7 @@ lemma void ptr_range(t* ptr);
 requires true;
 ensures 0 <= (int) ptr &*& (int) ptr <= 4294967295;
 @*/
-// # 53 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 61 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/verifast_prelude_extended.h" 1
 
 
@@ -10143,7 +10152,7 @@ lemma_auto void integers___to_integers_(void *p);
     requires [?f]integers__(p, ?size, ?signed_, ?count, _);
     ensures [f]integers_(p, size, signed_, count, _);
 @*/
-// # 54 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 62 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_asm.h" 1
 
 
@@ -10169,7 +10178,7 @@ bool assert_fct(bool b)
  * VeriFast does not support embedding block statements that consist of
  * multiple elemts in expression contexts, e.g., `({e1; e2})`.
  */
-// # 55 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 63 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/snippets/rp2040_port_c_snippets.c" 1
 /*
@@ -10313,7 +10322,7 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
     //@ close stack_p(pxStack, ulStackDepth, pxTopOfStack, ulStackDepth-16);
     return pxTopOfStack;
 }
-// # 57 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 65 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
 
 /* Lint e9021, e961 and e750 are suppressed as a MISRA exception justified
@@ -10324,7 +10333,7 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
 
 /* Set configUSE_STATS_FORMATTING_FUNCTIONS to 2 to include the stats formatting
  * functions but without including stdio.h here. */
-// # 85 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 93 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /* Values that can be assigned to the ucNotifyState member of the TCB. */
 
 
@@ -10381,18 +10390,18 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
 
 /* uxTopReadyPriority holds the priority of the highest priority ready
  * state task. */
-// # 149 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 157 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /*-----------------------------------------------------------*/
 
 /* Define away taskRESET_READY_PRIORITY() and portRESET_READY_PRIORITY() as
  * they are only required when a port optimised method of task selection is
  * being used. */
-// # 183 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 191 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 /* pxDelayedTaskList and pxOverflowDelayedTaskList are switched when the tick
  * count overflows. */
-// # 201 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 209 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 /*
@@ -10447,7 +10456,7 @@ typedef BaseType_t TaskRunning_t;
 typedef struct tskTaskControlBlock /* The old naming convention is used to prevent breaking kernel aware debuggers. */
 {
     volatile StackType_t * pxTopOfStack; /*< Points to the location of the last item placed on the tasks stack.  THIS MUST BE THE FIRST MEMBER OF THE TCB STRUCT. */
-// # 264 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 272 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     ListItem_t xStateListItem; /*< The list that the state list item of a task is reference from denotes the state of that task (Ready, Blocked, Suspended ). */
     ListItem_t xEventListItem; /*< Used to reference a task from an event list. */
     UBaseType_t uxPriority; /*< The priority of the task.  0 is the lowest priority. */
@@ -10455,7 +10464,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve
     volatile TaskRunning_t xTaskRunState; /*< Used to identify the core the task is running on, if any. */
     BaseType_t xIsIdle; /*< Used to identify the idle tasks. */
     char pcTaskName[ 16 ]; /*< Descriptive name given to the task when created.  Facilitates debugging only. */ /*lint !e971 Unqualified char types are allowed for strings and single characters only. */
-// # 281 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 289 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         UBaseType_t uxCriticalNesting; /*< Holds the critical section nesting depth for ports that do not maintain their own count in the port layer. */
 
 
@@ -10475,7 +10484,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve
 
 
         void * pvThreadLocalStoragePointers[ 5 ];
-// # 321 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 329 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         volatile uint32_t ulNotifiedValue[ 1 ];
         volatile uint8_t ucNotifyState[ 1 ];
 
@@ -10566,7 +10575,7 @@ const volatile UBaseType_t uxTopUsedPriority = 32 - 1U;
  * must not be done by an ISR. Reads must be protected by either lock and may be done by
  * either an ISR or a task. */
                 static volatile UBaseType_t uxSchedulerSuspended = ( UBaseType_t ) ( ( char ) 0 );
-// # 421 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 429 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*lint -restore */
 
 /*-----------------------------------------------------------*/
@@ -10719,7 +10728,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
  * will exit the Blocked state.
  */
 static void prvResetNextTaskUnblockTime( void ) ;
-// # 585 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 593 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * Called after a Task_t structure has been allocated either statically or
  * dynamically to fill in the structure's members.
@@ -10751,9 +10760,9 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) ;
 
 
 /*-----------------------------------------------------------*/
-// # 635 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 643 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 718 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 726 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvYieldCore( BaseType_t xCoreID )
@@ -10795,8 +10804,8 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
     /* THIS FUNCTION MUST BE CALLED FROM A CRITICAL SECTION */
 
-    (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 759, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
-// # 772 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+    (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 767, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+// # 780 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     xLowestPriority = ( BaseType_t ) pxTCB->uxPriority;
 
     if( xPreemptEqualPriority == ( ( char ) 0 ) )
@@ -10835,7 +10844,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
             {
                                         ;
             }
-// # 826 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 834 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
         else
         {
@@ -10848,7 +10857,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
         prvYieldCore( xLowestPriorityCore );
         xYieldCount++;
     }
-// # 846 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 854 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 /*-----------------------------------------------------------*/
 
@@ -10859,10 +10868,10 @@ static void prvYieldForTask( TCB_t * pxTCB,
         UBaseType_t uxCurrentPriority = uxTopReadyPriority;
         BaseType_t xTaskScheduled = ( ( char ) 0 );
         BaseType_t xDecrementTopPriority = ( ( char ) 1 );
-// # 864 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 872 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         while( xTaskScheduled == ( ( char ) 0 ) )
         {
-// # 878 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 886 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             if( ( ( ( &( pxReadyTasksLists[ uxCurrentPriority ] ) )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) == ( ( char ) 0 ) )
             {
 
@@ -10900,7 +10909,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     pxTCB = pxTaskItem->pvOwner;
 
                     /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */
-// # 931 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 939 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     if( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -1 ) )
                     {
 
@@ -10921,7 +10930,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     }
                     else if( pxTCB == pxCurrentTCBs[ xCoreID ] )
                     {
-                        (__builtin_expect(!(( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 951, "( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )") : (void)0);
+                        (__builtin_expect(!(( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 959, "( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )") : (void)0);
 
 
 
@@ -10965,21 +10974,21 @@ static void prvYieldForTask( TCB_t * pxTCB,
                 return ( ( char ) 0 );
             }
 
-            (__builtin_expect(!(( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( char ) 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 995, "( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( char ) 1 ) )") : (void)0);
+            (__builtin_expect(!(( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( char ) 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1003, "( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( char ) 1 ) )") : (void)0);
             uxCurrentPriority--;
         }
 
-        (__builtin_expect(!(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 999, "( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )") : (void)0);
-// # 1075 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+        (__builtin_expect(!(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1007, "( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )") : (void)0);
+// # 1083 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         return ( ( char ) 1 );
     }
-// # 1091 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1099 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1169 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1177 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1232 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1240 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1298 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1306 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -10996,7 +11005,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                  chars(pcName, 16, _);
      @*/
     //@ ensures true;
-// # 1327 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1335 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     {
         TCB_t * pxNewTCB;
         BaseType_t xReturn;
@@ -11004,7 +11013,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
         /* If the stack grows down then allocate the stack then the TCB so the stack
          * does not grow into the TCB.  Likewise if the stack grows up then allocate
          * the TCB then the stack. */
-// # 1357 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1365 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 StackType_t * pxStack;
 
@@ -11022,6 +11031,8 @@ static void prvYieldForTask( TCB_t * pxTCB,
                         pxNewTCB->pxStack = pxStack;
                         //@ close xLIST_ITEM(&pxNewTCB->xStateListItem, _, _, _, _);
                         //@ close xLIST_ITEM(&pxNewTCB->xEventListItem, _, _, _, _);
+                        //@ chars__limits((char*) pxNewTCB->pxStack);
+                        //@ assert( pxNewTCB->pxStack + (size_t) usStackDepth <= (StackType_t*) UINTPTR_MAX );
                         //@ close uninit_TCB_p(pxNewTCB, ((size_t) usStackDepth) * sizeof(StackType_t)); 
                     }
                     else
@@ -11040,9 +11051,9 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
         if( pxNewTCB != 0 )
         {
-// # 1400 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1410 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvInitialiseNewTask( pxTaskCode, pcName, ( uint32_t ) usStackDepth, pvParameters, uxPriority, pxCreatedTask, pxNewTCB, 0 );
-// # 1409 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1419 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvAddNewTaskToReadyList( pxNewTCB );
             xReturn = ( ( ( char ) 1 ) );
         }
@@ -11080,7 +11091,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 {
     StackType_t * pxTopOfStack;
     UBaseType_t x;
-// # 1463 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1473 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     //@ open uninit_TCB_p(_,_);
 
     /* Avoid dependency on memset() if it is not required. */
@@ -11113,23 +11124,39 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 
         {
             pxTopOfStack = &( pxNewTCB->pxStack[ ulStackDepth - ( uint32_t ) 1 ] );
+            //@ StackType_t* gOldTop = pxTopOfStack;
 
             // Axiomatize that pointers on RP2040 are 32bit
             //@ ptr_range(pxTopOfStack);
 
             // TODO: How can we prove this?
             // Assume that no underflow occurs
-            //@ assume( 0 <= (( (uint32_t) pxTopOfStack) & ~(7)) );
+            ///@ assume( 0 <= (( (uint32_t) pxTopOfStack) & ~(7)) );
+
+            /* Convert top and mask to VeriFast bitvectors and establish
+             * relation to C variables.
+             * Note that on RP2040:
+             * - `portPOINTER_SIZE_TYPE` == `uint32_t`
+             * - `portBYTE_ALIGNMENT_MASK` == `0x0007`
+             */
+            //@ uint32_t gMask = 0x0007;
+            //@ Z gzTop = Z_of_uint32((int) pxTopOfStack);
+            //@ Z gzMask = Z_of_uint32((int) gMask);
+            //@ bitnot_def(gMask, gzMask);
+            //@ bitand_def((int) pxTopOfStack, gzTop, ~gMask, Z_not(gzMask));
 
             // TODO: How can we prove this?
             // Assume that no overflow occurs.
-            //@ assume(  (((uint32_t) pxTopOfStack) & ~7) <= UINTPTR_MAX);
+            ///@ assume(  (((uint32_t) pxTopOfStack) & ~7) <= UINTPTR_MAX);
             pxTopOfStack = ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception.  Avoiding casts between pointers and integers is not practical.  Size differences accounted for using portPOINTER_SIZE_TYPE type.  Checked by assert(). */
+            //@ assert( pxTopOfStack <= gOldTop );
+            //@ assert( gOldTop - 7 <= pxTopOfStack );
+            //@ assert(false);
 
             /* Check the alignment of the calculated top of stack is correct. */
-// # 1523 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1549 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
-// # 1537 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1563 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     //@ close uninit_TCB_p(pxNewTCB, stackSize); 
 
     /* Store the task name in the TCB. */
@@ -11219,7 +11246,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         {
             pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U;
         }
-// # 1645 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1671 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* Avoid compiler warning about unreferenced parameter. */
             ( void ) xRegions;
@@ -11246,7 +11273,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             //@ uchars__to_chars_(pxNewTCB->ucNotifyState);
             memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) );
         }
-// # 1683 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1709 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
 
                 /* Reason for rewrite: Assignment not type safe. */
@@ -11255,17 +11282,17 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 
 
         }
-// # 1706 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1732 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Initialize the TCB stack to look as if the task was already running,
      * but had been interrupted by the scheduler.  The return address is set
      * to the start of the task function. Once the stack has been initialised
      * the top of stack variable is updated. */
-// # 1734 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1760 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* If the port has capability to detect stack overflow,
              * pass the stack end address to the stack initialization
              * function as well. */
-// # 1751 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1777 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                 {
                     pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters );
                 }
@@ -11476,7 +11503,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
                 if( xTaskRunningOnCore == xCoreID )
                 {
-                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1961, "uxSchedulerSuspended == 0") : (void)0);
+                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1987, "uxSchedulerSuspended == 0") : (void)0);
                     vTaskYieldWithinAPI();
                 }
                 else
@@ -11499,12 +11526,12 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         TickType_t xTimeToWake;
         BaseType_t xAlreadyYielded, xShouldDelay = ( ( char ) 0 );
 
-        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1984, "pxPreviousWakeTime") : (void)0);
-        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1985, "( xTimeIncrement > 0U )") : (void)0);
+        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2010, "pxPreviousWakeTime") : (void)0);
+        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2011, "( xTimeIncrement > 0U )") : (void)0);
 
         vTaskSuspendAll();
         {
-            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1989, "uxSchedulerSuspended == 1") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2015, "uxSchedulerSuspended == 1") : (void)0);
 
             /* Minor optimisation.  The tick count cannot change in this
              * block. */
@@ -11590,7 +11617,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         {
             vTaskSuspendAll();
             {
-                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2075, "uxSchedulerSuspended == 1") : (void)0);
+                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2101, "uxSchedulerSuspended == 1") : (void)0);
                                  ;
 
                 /* A task that is removed from the event list while the
@@ -11644,7 +11671,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         const TCB_t * const pxTCB = xTask;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2129, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2155, "pxTCB") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -11820,7 +11847,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         BaseType_t xYieldForTask = ( ( char ) 0 );
         BaseType_t xCoreID;
 
-        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2305, "( uxNewPriority < 32 )") : (void)0);
+        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2331, "( uxNewPriority < 32 )") : (void)0);
 
         /* Ensure the new priority is valid. */
         if( uxNewPriority >= ( UBaseType_t ) 32 )
@@ -11974,13 +12001,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
 /*-----------------------------------------------------------*/
-// # 2493 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2519 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2516 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2542 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2534 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2560 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2562 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2588 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -12057,7 +12084,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                     if( xTaskRunningOnCore == 0 )
                     {
                         /* The current task has just been suspended. */
-                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2638, "uxSchedulerSuspended == 0") : (void)0);
+                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2664, "uxSchedulerSuspended == 0") : (void)0);
                         vTaskYieldWithinAPI();
                     }
                     else
@@ -12071,7 +12098,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                 {
                     vTaskExitCritical();
 
-                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2652, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
+                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2678, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
 
                     /* The scheduler is not running, but the task that was pointed
                      * to by pxCurrentTCB has just been suspended and pxCurrentTCB
@@ -12118,7 +12145,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         /* Accesses xPendingReadyList so must be called from a critical section. */
 
         /* It does not make sense to check if the calling task is suspended. */
-        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2699, "xTask") : (void)0);
+        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2725, "xTask") : (void)0);
 
         /* Is the task being resumed actually in the suspended list? */
         if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &xSuspendedTaskList ) ) ? ( ( ( char ) 1 ) ) : ( ( ( char ) 0 ) ) ) != ( ( char ) 0 ) )
@@ -12167,7 +12194,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
         /* It does not make sense to resume the calling task. */
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2748, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2774, "xTaskToResume") : (void)0);
 
         /* The parameter cannot be NULL as it is impossible to resume the
          * currently executing task. It is also impossible to resume a task
@@ -12226,7 +12253,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2807, "xTaskToResume") : (void)0);
+        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2833, "xTaskToResume") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -12347,7 +12374,7 @@ static BaseType_t prvCreateIdleTasks( void )
         {
                                     ;
         }
-// # 2975 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3001 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 if( xCoreID == 0 )
                 {
@@ -12359,7 +12386,7 @@ static BaseType_t prvCreateIdleTasks( void )
                                            ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */
                                            &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */
                 }
-// # 2998 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3024 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             }
 
     }
@@ -12396,7 +12423,7 @@ void vTaskStartScheduler( void )
          * so interrupts will automatically get re-enabled when the first task
          * starts to run. */
         assert_fct(false);
-// # 3048 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3074 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL;
         xSchedulerRunning = ( ( char ) 1 );
         xTickCount = ( TickType_t ) 0;
@@ -12428,7 +12455,7 @@ void vTaskStartScheduler( void )
         /* This line will only be reached if the kernel could not be started,
          * because there was not enough FreeRTOS heap to create the idle task
          * or the timer task. */
-        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3079, "xReturn != ( -1 )") : (void)0);
+        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3105, "xReturn != ( -1 )") : (void)0);
     }
 
     /* Prevent compiler warnings if INCLUDE_xTaskGetIdleTaskHandle is set to 0,
@@ -12493,7 +12520,7 @@ void vTaskSuspendAll( void )
     }
 }
 /*----------------------------------------------------------*/
-// # 3206 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3232 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskResumeAll( void )
@@ -12516,7 +12543,7 @@ BaseType_t xTaskResumeAll( void )
 
             /* If uxSchedulerSuspended is zero then this function does not match a
              * previous call to vTaskSuspendAll(). */
-            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3228, "uxSchedulerSuspended") : (void)0);
+            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3254, "uxSchedulerSuspended") : (void)0);
 
             --uxSchedulerSuspended;
             vPortRecursiveLock(1, spin_lock_instance(15), ( ( char ) 0 ));
@@ -12674,7 +12701,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     /* If null is passed in here then the name of the calling task is being
      * queried. */
     pxTCB = ( ( ( xTaskToQuery ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToQuery ) );
-    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3386, "pxTCB") : (void)0);
+    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3412, "pxTCB") : (void)0);
     return &( pxTCB->pcTaskName[ 0 ] );
 }
 /*-----------------------------------------------------------*/
@@ -12767,7 +12794,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
         TCB_t * pxTCB;
 
         /* Task names will be truncated to configMAX_TASK_NAME_LEN - 1 bytes. */
-        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3479, "strlen( pcNameToQuery ) < 16") : (void)0);
+        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3505, "strlen( pcNameToQuery ) < 16") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -12863,7 +12890,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                          * each task in the Suspended state. */
                         uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended );
                     }
-// # 3589 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3615 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         if( pulTotalRunTime != 0 )
                         {
@@ -12891,7 +12918,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     {
         /* If xTaskGetIdleTaskHandle() is called before the scheduler has been
          * started, then xIdleTaskHandle will be NULL. */
-        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3616, "( xIdleTaskHandle != 0 )") : (void)0);
+        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3642, "( xIdleTaskHandle != 0 )") : (void)0);
         return &( xIdleTaskHandle[ 0 ] );
     }
 
@@ -12902,7 +12929,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
  * This is to ensure vTaskStepTick() is available when user defined low power mode
  * implementations require configUSE_TICKLESS_IDLE to be set to a value other than
  * 1. */
-// # 3640 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3666 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
@@ -12911,7 +12938,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
 
     /* Must not be called with the scheduler suspended as the implementation
      * relies on xPendedTicks being wound down to 0 in xTaskResumeAll(). */
-    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3648, "uxSchedulerSuspended == 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3674, "uxSchedulerSuspended == 0") : (void)0);
 
     /* Use xPendedTicks to mimic xTicksToCatchUp number of ticks occurring when
      * the scheduler is suspended so the ticks are executed in xTaskResumeAll(). */
@@ -12930,7 +12957,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
         TCB_t * pxTCB = xTask;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3667, "pxTCB") : (void)0);
+        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3693, "pxTCB") : (void)0);
 
         vTaskSuspendAll();
         {
@@ -13029,7 +13056,7 @@ BaseType_t xTaskIncrementTick( void )
 
             if( xConstTickCount == ( TickType_t ) 0U ) /*lint !e774 'if' does not always evaluate to false as it is looking for an overflow. */
             {
-                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3766, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
+                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3792, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
             }
             else
             {
@@ -13212,13 +13239,13 @@ BaseType_t xTaskIncrementTick( void )
     return xSwitchRequired;
 }
 /*-----------------------------------------------------------*/
-// # 3978 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4004 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4002 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4028 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4027 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4053 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4060 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4086 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 void vTaskSwitchContext( BaseType_t xCoreID )
@@ -13236,7 +13263,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
     {
         /* vTaskSwitchContext() must never be called from within a critical section.
          * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */
-        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4077, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
+        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4103, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
 
         if( uxSchedulerSuspended != ( UBaseType_t ) ( ( char ) 0 ) )
         {
@@ -13248,7 +13275,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
         {
             xYieldPendings[ xCoreID ] = ( ( char ) 0 );
                                     ;
-// # 4118 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4144 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             /* Check for stack overflow, if configured. */
             { const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } };
 
@@ -13265,7 +13292,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
                                    ;
 
             /* After the new task is switched in, update the global errno. */
-// # 4152 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4178 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
     }
     vPortRecursiveLock(0, spin_lock_instance(14), ( ( char ) 0 ));
@@ -13276,7 +13303,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
 void vTaskPlaceOnEventList( List_t * const pxEventList,
                             const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4162, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4188, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH EITHER INTERRUPTS DISABLED OR THE
      * SCHEDULER SUSPENDED AND THE QUEUE BEING ACCESSED LOCKED. */
@@ -13295,11 +13322,11 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                      const TickType_t xItemValue,
                                      const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4181, "pxEventList") : (void)0);
+    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4207, "pxEventList") : (void)0);
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event groups implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4185, "uxSchedulerSuspended != 0") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4211, "uxSchedulerSuspended != 0") : (void)0);
 
     /* Store the item value in the event list item.  It is safe to access the
      * event list item here as interrupts won't access the event list item of a
@@ -13323,7 +13350,7 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                           TickType_t xTicksToWait,
                                           const BaseType_t xWaitIndefinitely )
     {
-        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4209, "pxEventList") : (void)0);
+        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4235, "pxEventList") : (void)0);
 
         /* This function should not be called by application code hence the
          * 'Restricted' in its name.  It is not part of the public API.  It is
@@ -13371,14 +13398,14 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
      * This function assumes that a check has already been made to ensure that
      * pxEventList is not empty. */
     pxUnblockedTCB = ( ( &( ( pxEventList )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4257, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4283, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( &( pxUnblockedTCB->xEventListItem ) );
 
     if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) )
     {
         ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) );
         ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ;
-// # 4278 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4304 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
     else
     {
@@ -13408,7 +13435,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event flags implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != ( ( char ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4307, "uxSchedulerSuspended != ( ( char ) 0 )") : (void)0);
+    (__builtin_expect(!(uxSchedulerSuspended != ( ( char ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4333, "uxSchedulerSuspended != ( ( char ) 0 )") : (void)0);
 
     /* Store the new item value in the event list. */
     ( ( pxEventListItem )->xItemValue = ( xItemValue | 0x80000000UL ) );
@@ -13416,9 +13443,9 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
     /* Remove the event list form the event flag.  Interrupts do not access
      * event flags. */
     pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4315, "pxUnblockedTCB") : (void)0);
+    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4341, "pxUnblockedTCB") : (void)0);
     ( void ) uxListRemove( pxEventListItem );
-// # 4332 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4358 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Remove the task from the delayed list and add it to the ready list.  The
      * scheduler is suspended so interrupts will not be accessing the ready
      * lists. */
@@ -13437,7 +13464,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
 void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut )
 {
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4350, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4376, "pxTimeOut") : (void)0);
     vTaskEnterCritical();
     {
         pxTimeOut->xOverflowCount = xNumOfOverflows;
@@ -13460,8 +13487,8 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
 {
     BaseType_t xReturn;
 
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4373, "pxTimeOut") : (void)0);
-    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4374, "pxTicksToWait") : (void)0);
+    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4399, "pxTimeOut") : (void)0);
+    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4400, "pxTicksToWait") : (void)0);
 
     vTaskEnterCritical();
     {
@@ -13583,7 +13610,7 @@ void vTaskMissedYield( void )
  *
  * @todo additional conditional compiles to remove this function.
  */
-// # 4556 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4582 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * -----------------------------------------------------------
  * The Idle task.
@@ -13613,7 +13640,7 @@ static void prvIdleTask( void * pvParameters )
         /* See if any tasks have deleted themselves - if so then the idle task
          * is responsible for freeing the deleted task's TCB and stack. */
         prvCheckTasksWaitingTermination();
-// # 4597 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4623 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 /* When using preemption tasks of equal priority will be
                  * timesliced.  If a task that is sharing the idle priority is ready
@@ -13634,16 +13661,16 @@ static void prvIdleTask( void * pvParameters )
                                             ;
                 }
             }
-// # 4633 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4659 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         /* This conditional compilation should use inequality to 0, not equality
          * to 1.  This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when
          * user defined low power mode  implementations require
          * configUSE_TICKLESS_IDLE to be set to a value other than 1. */
-// # 4698 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4724 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 }
 /*-----------------------------------------------------------*/
-// # 4748 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4774 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13657,7 +13684,7 @@ static void prvIdleTask( void * pvParameters )
         if( xIndex < 5 )
         {
             pxTCB = ( ( ( xTaskToSet ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSet ) );
-            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4761, "pxTCB != 0") : (void)0);
+            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4787, "pxTCB != 0") : (void)0);
             pxTCB->pvThreadLocalStoragePointers[ xIndex ] = pvValue;
         }
     }
@@ -13688,7 +13715,7 @@ static void prvIdleTask( void * pvParameters )
 
 
 /*-----------------------------------------------------------*/
-// # 4808 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4834 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvInitialiseTaskLists( void )
@@ -13790,7 +13817,7 @@ static void prvCheckTasksWaitingTermination( void )
             {
                 pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority;
             }
-// # 4920 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4946 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 pxTaskStatus->ulRunTimeCounter = 0;
             }
@@ -13921,7 +13948,7 @@ static void prvCheckTasksWaitingTermination( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5089 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5115 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13978,7 +14005,7 @@ static void prvCheckTasksWaitingTermination( void )
                 free( (void*) pxTCB->pxStack);
                 free( (void*) pxTCB);
             }
-// # 5172 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5198 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 
 
@@ -14183,8 +14210,8 @@ static void prvResetNextTaskUnblockTime( void )
              * If the mutex is held by a task then it cannot be given from an
              * interrupt, and if a mutex is given by the holding task then it must
              * be the running state task. */
-            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5376, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5377, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5402, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5403, "pxTCB->uxMutexesHeld") : (void)0);
             ( pxTCB->uxMutexesHeld )--;
 
             /* Has the holder of the mutex inherited the priority of another
@@ -14270,7 +14297,7 @@ static void prvResetNextTaskUnblockTime( void )
         {
             /* If pxMutexHolder is not NULL then the holder must hold at least
              * one mutex. */
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5463, "pxTCB->uxMutexesHeld") : (void)0);
+            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5489, "pxTCB->uxMutexesHeld") : (void)0);
 
             /* Determine the priority to which the priority of the task that
              * holds the mutex should be set.  This will be the greater of the
@@ -14297,7 +14324,7 @@ static void prvResetNextTaskUnblockTime( void )
                     /* If a task has timed out because it already holds the
                      * mutex it was trying to obtain then it cannot of inherited
                      * its own priority. */
-                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5490, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
+                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5516, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
 
                     /* Disinherit the priority, remembering the previous
                      * priority to facilitate determining the subject task's
@@ -14428,7 +14455,7 @@ void vTaskYieldWithinAPI( void )
         {
             /* If pxCurrentTCB->uxCriticalNesting is zero then this function
              * does not match a previous call to vTaskEnterCritical(). */
-            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5621, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5647, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
 
             if( xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U )
             {
@@ -14478,11 +14505,11 @@ void vTaskYieldWithinAPI( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5697 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5723 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 5803 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5829 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
-// # 5930 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5956 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 TickType_t uxTaskResetEventItemValue( void )
@@ -14524,7 +14551,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         uint32_t ulReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5971, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5997, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14598,7 +14625,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6045, "uxIndexToWait < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6071, "uxIndexToWait < 1") : (void)0);
 
         vTaskEnterCritical();
         {
@@ -14686,8 +14713,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( char ) 1 ) );
         uint8_t ucOriginalNotifyState;
 
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6133, "uxIndexToNotify < 1") : (void)0);
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6134, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6159, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6160, "xTaskToNotify") : (void)0);
         pxTCB = xTaskToNotify;
 
         vTaskEnterCritical();
@@ -14740,7 +14767,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6187, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6213, "xTickCount == ( TickType_t ) 0") : (void)0);
 
                     break;
             }
@@ -14755,8 +14782,8 @@ TickType_t uxTaskResetEventItemValue( void )
                 ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
 
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6202, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
-// # 6221 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6228, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+// # 6247 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         prvYieldForTask( pxTCB, ( ( char ) 0 ) );
                     }
@@ -14789,8 +14816,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( char ) 1 ) );
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6253, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6254, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6279, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6280, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14861,7 +14888,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6325, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6351, "xTickCount == ( TickType_t ) 0") : (void)0);
                     break;
             }
 
@@ -14872,7 +14899,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6336, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6362, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) )
                 {
@@ -14917,8 +14944,8 @@ TickType_t uxTaskResetEventItemValue( void )
         uint8_t ucOriginalNotifyState;
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6381, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6382, "uxIndexToNotify < 1") : (void)0);
+        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6407, "xTaskToNotify") : (void)0);
+        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6408, "uxIndexToNotify < 1") : (void)0);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14956,7 +14983,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6420, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6446, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) )
                 {
@@ -14997,7 +15024,7 @@ TickType_t uxTaskResetEventItemValue( void )
         TCB_t * pxTCB;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6461, "uxIndexToClear < 1") : (void)0);
+        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6487, "uxIndexToClear < 1") : (void)0);
 
         /* If null is passed in here then it is the calling task that is having
          * its notification state cleared. */
@@ -15050,7 +15077,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
 
 /*-----------------------------------------------------------*/
-// # 6530 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6556 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
@@ -15126,7 +15153,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                 }
             }
         }
-// # 6642 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6668 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 
 /* Code below here allows additional code to be inserted into this source file,
diff --git a/verification/verifast/proof/task_predicates.h b/verification/verifast/proof/task_predicates.h
index 01b3c46f6bc..bf6af88b540 100644
--- a/verification/verifast/proof/task_predicates.h
+++ b/verification/verifast/proof/task_predicates.h
@@ -21,6 +21,7 @@ predicate uninit_TCB_p(TCB_t * tcb, int stackSize) =
     tcb->uxPriority |-> _ &*&
 
     tcb->pxStack |-> ?stackPtr &*&
+    (char*) stackPtr + stackSize <=  (char*) UINTPTR_MAX &*& &*&
     chars_((char*) stackPtr, stackSize, _) &*&
     malloc_block_chars((char*) stackPtr, stackSize) &*&
 
diff --git a/verification/verifast/start-vfide--preprocessed.sh b/verification/verifast/start-vfide--preprocessed.sh
index 2407bf9abca..59c16dfdb05 100755
--- a/verification/verifast/start-vfide--preprocessed.sh
+++ b/verification/verifast/start-vfide--preprocessed.sh
@@ -23,7 +23,10 @@ cd "$START_WD"
 
 echo "\n\nPreprocessing script finished\n\n"
 
+# Remarks:
+# - Need z3v4.5 to handle bitvector arithmetic
 "$VF_DIR/bin/vfide" "$PP_TASK_C" \
     -codeFont "$FONT_SIZE" -traceFont "$FONT_SIZE" \
+    -prover z3v4.5
 #    -target 32bit -prover z3v4.5 \
 # TODO: If we set the target to 32bit, VF create `uint` chunks instead of `char` chunks during malloc

From eedbfe3255612320c37019938cb4e31fb8d2cf32 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Fri, 28 Oct 2022 13:26:17 -0400
Subject: [PATCH 073/289] Typo.

---
 verification/verifast/proof/task_predicates.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/verification/verifast/proof/task_predicates.h b/verification/verifast/proof/task_predicates.h
index bf6af88b540..0f3a288df7c 100644
--- a/verification/verifast/proof/task_predicates.h
+++ b/verification/verifast/proof/task_predicates.h
@@ -21,7 +21,7 @@ predicate uninit_TCB_p(TCB_t * tcb, int stackSize) =
     tcb->uxPriority |-> _ &*&
 
     tcb->pxStack |-> ?stackPtr &*&
-    (char*) stackPtr + stackSize <=  (char*) UINTPTR_MAX &*& &*&
+    (char*) stackPtr + stackSize <=  (char*) UINTPTR_MAX &*&
     chars_((char*) stackPtr, stackSize, _) &*&
     malloc_block_chars((char*) stackPtr, stackSize) &*&
 

From ead381f413c4a317d9ef4cfe699e436bcaf4b099 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Fri, 28 Oct 2022 13:59:45 -0400
Subject: [PATCH 074/289] Verified alignment check of stack top pointer.

---
 tasks.c                                       |  28 +-
 .../verifast/preprocessed_files/tasks--pp.c   | 480 +++++++++---------
 .../verifast/proof/verifast_bitops_extended.h |  10 +
 .../proof_setup/verifast_proof_defs.h         |   4 +
 4 files changed, 273 insertions(+), 249 deletions(-)
 create mode 100644 verification/verifast/proof/verifast_bitops_extended.h

diff --git a/tasks.c b/tasks.c
index e919f6c7ad5..d06c9305f22 100644
--- a/tasks.c
+++ b/tasks.c
@@ -59,6 +59,7 @@
     #include "task_predicates.h"
     #include "verifast_RP2040_axioms.h"
     #include "verifast_prelude_extended.h"
+    #include "verifast_bitops_extended.h"
     #include "verifast_asm.h"
 
     #include "snippets/rp2040_port_c_snippets.c"
@@ -1507,10 +1508,6 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             // Axiomatize that pointers on RP2040 are 32bit
             //@ ptr_range(pxTopOfStack);
 
-            // TODO: How can we prove this?
-            // Assume that no underflow occurs
-            ///@ assume( 0 <= (( (uint32_t) pxTopOfStack) & ~(7)) );
-
             /* Convert top and mask to VeriFast bitvectors and establish
              * relation to C variables.
              * Note that on RP2040:
@@ -1523,21 +1520,22 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             //@ bitnot_def(gMask, gzMask);
             //@ bitand_def((int) pxTopOfStack, gzTop, ~gMask, Z_not(gzMask));
 
-            // TODO: How can we prove this?
-            // Assume that no overflow occurs.
-            ///@ assume(  (((uint32_t) pxTopOfStack) & ~7) <= UINTPTR_MAX);
             pxTopOfStack = ( StackType_t * ) ( ( ( portPOINTER_SIZE_TYPE ) pxTopOfStack ) & ( ~( ( portPOINTER_SIZE_TYPE ) portBYTE_ALIGNMENT_MASK ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception.  Avoiding casts between pointers and integers is not practical.  Size differences accounted for using portPOINTER_SIZE_TYPE type.  Checked by assert(). */
-            //@ assert( pxTopOfStack <= gOldTop );
-            //@ assert( gOldTop - 7 <= pxTopOfStack );
-            //@ assert(false);
+            
+            // The following alignment assertions hold but take very long to verify.
+            ///@ assert( pxTopOfStack <= gOldTop );
+            ///@ assert( gOldTop - 7 <= pxTopOfStack );
 
             /* Check the alignment of the calculated top of stack is correct. */
             
-            #ifndef VERIFAST
-                // TODO: Figure out how to handle configASSERT/__builtin_expect
-                // maybe replace by VF assertion.
-                configASSERT( ( ( ( portPOINTER_SIZE_TYPE ) pxTopOfStack & ( portPOINTER_SIZE_TYPE ) portBYTE_ALIGNMENT_MASK ) == 0UL ) );
-            #endif /* VERIFAST */
+            
+            // Same as above but for aligned top pointer:
+            //@ Z gzAlignedTop = Z_of_uint32((int) pxTopOfStack);
+            //@ bitand_def((int) pxTopOfStack, gzAlignedTop, gMask, gzMask);
+
+            configASSERT( ( ( ( portPOINTER_SIZE_TYPE ) pxTopOfStack & ( portPOINTER_SIZE_TYPE ) portBYTE_ALIGNMENT_MASK ) == 0UL ) );            
+            //@ assert(false);
+
 
             #if ( configRECORD_STACK_HIGH_ADDRESS == 1 )
                 {
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index 2f2a4acb7e7..85ed67ae61e 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -60,40 +60,40 @@ typedef intptr_t ptrdiff_t;
 typedef intptr_t ssize_t;
 // # 5 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/malloc.h" 2
 
-/*@
-
-// In Standard C, freeing a null pointer is allowed and is a no-op.
-lemma_auto void malloc_block_null();
-    requires emp;
-    ensures malloc_block(0, 0);
-
-lemma void malloc_block_limits(void *array);
-    requires [?f]malloc_block(array, ?size);
-    ensures [f]malloc_block(array, size) &*& (void *)0 <= array &*& 0 <= size &*& array + size <= (void *)UINTPTR_MAX;
-
+/*@
+
+// In Standard C, freeing a null pointer is allowed and is a no-op.
+lemma_auto void malloc_block_null();
+    requires emp;
+    ensures malloc_block(0, 0);
+
+lemma void malloc_block_limits(void *array);
+    requires [?f]malloc_block(array, ?size);
+    ensures [f]malloc_block(array, size) &*& (void *)0 <= array &*& 0 <= size &*& array + size <= (void *)UINTPTR_MAX;
+
 @*/
 
 void *malloc(size_t size);
     //@ requires true;
-    /*@
-    ensures
-        result == 0 ?
-            emp
-        :
-            chars_(result, size, _) &*& malloc_block(result, size) &*&
-            (char *)0 < result && result + size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
+    /*@
+    ensures
+        result == 0 ?
+            emp
+        :
+            chars_(result, size, _) &*& malloc_block(result, size) &*&
+            (char *)0 < result && result + size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
     @*/
     //@ terminates;
 
 void *calloc(size_t nmemb, size_t size);
     //@ requires true;
-    /*@
-    ensures
-        result == 0 ?
-            emp
-        :
-            chars(result, nmemb * size, ?cs) &*& malloc_block(result, nmemb * size) &*& all_eq(cs, 0) == true &*&
-            (char *)0 < result && result + nmemb * size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
+    /*@
+    ensures
+        result == 0 ?
+            emp
+        :
+            chars(result, nmemb * size, ?cs) &*& malloc_block(result, nmemb * size) &*& all_eq(cs, 0) == true &*&
+            (char *)0 < result && result + nmemb * size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
     @*/
     //@ terminates;
 
@@ -104,16 +104,16 @@ void free(void *array);
 
 void *realloc(void *array, size_t newSize);
     //@ requires malloc_block(array, ?size) &*& chars(array, size, ?cs);
-    /*@
-    ensures
-        result == 0 ?
-            malloc_block(array, size) &*& chars(array, size, cs)
-        :
-            malloc_block(result, newSize) &*&
-            newSize <= size ?
-                chars(result, _, take(newSize, cs))
-            :
-                chars(result, _, cs) &*& chars(result + size, newSize - size, _);
+    /*@
+    ensures
+        result == 0 ?
+            malloc_block(array, size) &*& chars(array, size, cs)
+        :
+            malloc_block(result, newSize) &*&
+            newSize <= size ?
+                chars(result, _, take(newSize, cs))
+            :
+                chars(result, _, cs) &*& chars(result + size, newSize - size, _);
     @*/
     //@ terminates;
 // # 6 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdlib.h" 2
@@ -158,21 +158,21 @@ void memcpy(void *array, void *array0, size_t count);
     //@ ensures chars(array, count, cs0) &*& [f]chars(array0, count, cs0);
 
 void memmove(void *dest, void *src, size_t count);
-    /*@
-    requires
-        chars(src, count, ?cs) &*&
-        dest <= src ?
-            chars(dest, src - dest, _)
-        :
-            chars(src + count, dest - src, _);
+    /*@
+    requires
+        chars(src, count, ?cs) &*&
+        dest <= src ?
+            chars(dest, src - dest, _)
+        :
+            chars(src + count, dest - src, _);
     @*/
-    /*@
-    ensures
-        chars(dest, count, cs) &*&
-        dest <= src ?
-            chars(dest + count, src - dest, _)
-        :
-            chars(src, dest - src, _);
+    /*@
+    ensures
+        chars(dest, count, cs) &*&
+        dest <= src ?
+            chars(dest + count, src - dest, _)
+        :
+            chars(src, dest - src, _);
     @*/
 
 size_t strlen(char *string);
@@ -193,15 +193,15 @@ char *memchr(char *array, char c, size_t count);
 
 char* strchr(char *str, char c);
     //@ requires [?f]string(str, ?cs);
-    /*@ ensures
-            [f]string(str, cs) &*&
-            c == 0 ? 
-                result == str + length(cs)
-            : 
-                result == 0 ?
-                    mem(c, cs) == false
-                :
-                    mem(c, cs) == true &*& result == str + index_of(c, cs);
+    /*@ ensures
+            [f]string(str, cs) &*&
+            c == 0 ? 
+                result == str + length(cs)
+            : 
+                result == 0 ?
+                    mem(c, cs) == false
+                :
+                    mem(c, cs) == true &*& result == str + index_of(c, cs);
     @*/
 
 void* memset(void *array, char value, size_t size);
@@ -548,33 +548,33 @@ typedef void (* TaskFunction_t)( void * );
  * must be set in the compiler's include path. */
 
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 1
-/*
- * FreeRTOS SMP Kernel V202110.00
- * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
- * Copyright (c) 2021 Raspberry Pi (Trading) Ltd.
- *
- * SPDX-License-Identifier: MIT AND BSD-3-Clause
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy of
- * this software and associated documentation files (the "Software"), to deal in
- * the Software without restriction, including without limitation the rights to
- * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
- * the Software, and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
- * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
- * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
- * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
- * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- *
- * https://www.FreeRTOS.org
- * https://github.com/FreeRTOS
- *
+/*
+ * FreeRTOS SMP Kernel V202110.00
+ * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
+ * Copyright (c) 2021 Raspberry Pi (Trading) Ltd.
+ *
+ * SPDX-License-Identifier: MIT AND BSD-3-Clause
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of
+ * this software and associated documentation files (the "Software"), to deal in
+ * the Software without restriction, including without limitation the rights to
+ * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+ * the Software, and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+ * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+ * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * https://www.FreeRTOS.org
+ * https://github.com/FreeRTOS
+ *
  */
 // # 37 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico.h" 1
@@ -4283,14 +4283,14 @@ int spin_lock_claim_unused(bool required);
 bool spin_lock_is_claimed(uint lock_num);
 // # 39 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 2
 
-/*-----------------------------------------------------------
- * Port specific definitions.
- *
- * The settings in this file configure FreeRTOS correctly for the
- * given hardware and compiler.
- *
- * These settings should not be altered.
- *-----------------------------------------------------------
+/*-----------------------------------------------------------
+ * Port specific definitions.
+ *
+ * The settings in this file configure FreeRTOS correctly for the
+ * given hardware and compiler.
+ *
+ * These settings should not be altered.
+ *-----------------------------------------------------------
  */
 
 /* Type definitions. */
@@ -4306,7 +4306,7 @@ bool spin_lock_is_claimed(uint lock_num);
         typedef uint32_t TickType_t;
 
 
-/* 32-bit tick type on a 32-bit architecture, so reads of the tick count do
+/* 32-bit tick type on a 32-bit architecture, so reads of the tick count do
  * not need to be guarded with a critical section. */
 
 
@@ -4317,13 +4317,13 @@ bool spin_lock_is_claimed(uint lock_num);
 
 
 
-        /* Reason for rewrite: VeriFast does not support the attriibute `used`. 
+        /* Reason for rewrite: VeriFast does not support the attriibute `used`. 
          */
 
 
 
 
-    /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config,
+    /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config,
      * as our FreeRTOSConfig.h header cannot be included by ASM code - which is what this affects in the SDK */
 
 
@@ -4388,11 +4388,11 @@ bool spin_lock_is_claimed(uint lock_num);
 
 
 
-    /* Note this is a single method with uxAcquire parameter since we have
-     * static vars, the method is always called with a compile time constant for
+    /* Note this is a single method with uxAcquire parameter since we have
+     * static vars, the method is always called with a compile time constant for
      * uxAcquire, and the compiler should dothe right thing! */
 
-        /* Reason for rewrite: VeriFast does not support local static variables.
+        /* Reason for rewrite: VeriFast does not support local static variables.
          */
 // # 226 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
 /*-----------------------------------------------------------*/
@@ -10153,6 +10153,16 @@ lemma_auto void integers___to_integers_(void *p);
     ensures [f]integers_(p, size, signed_, count, _);
 @*/
 // # 62 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/verifast_bitops_extended.h" 1
+
+
+
+/*@
+lemma void bitand_idempotent_right(int l, int r);
+requires true;
+ensures (l & r) == ((l & r) & r);
+@*/
+// # 63 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_asm.h" 1
 
 
@@ -10166,7 +10176,7 @@ lemma_auto void integers___to_integers_(void *p);
  * in many contexts where function calls are permitted. */
 bool assert_fct(bool b)
 {
-    (__builtin_expect(!(b), 0) ? __assert_rtn ((const char *)-1L, "verifast_asm.h", 13, "b") : (void)0);
+    assert(b);
     return b;
 }
 
@@ -10178,7 +10188,7 @@ bool assert_fct(bool b)
  * VeriFast does not support embedding block statements that consist of
  * multiple elemts in expression contexts, e.g., `({e1; e2})`.
  */
-// # 63 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 64 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/snippets/rp2040_port_c_snippets.c" 1
 /*
@@ -10322,7 +10332,7 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
     //@ close stack_p(pxStack, ulStackDepth, pxTopOfStack, ulStackDepth-16);
     return pxTopOfStack;
 }
-// # 65 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
+// # 66 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 
 
 /* Lint e9021, e961 and e750 are suppressed as a MISRA exception justified
@@ -10333,7 +10343,7 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
 
 /* Set configUSE_STATS_FORMATTING_FUNCTIONS to 2 to include the stats formatting
  * functions but without including stdio.h here. */
-// # 93 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 94 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /* Values that can be assigned to the ucNotifyState member of the TCB. */
 
 
@@ -10390,18 +10400,18 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
 
 /* uxTopReadyPriority holds the priority of the highest priority ready
  * state task. */
-// # 157 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 158 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /*-----------------------------------------------------------*/
 
 /* Define away taskRESET_READY_PRIORITY() and portRESET_READY_PRIORITY() as
  * they are only required when a port optimised method of task selection is
  * being used. */
-// # 191 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 192 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 /* pxDelayedTaskList and pxOverflowDelayedTaskList are switched when the tick
  * count overflows. */
-// # 209 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 210 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 /*
@@ -10456,7 +10466,7 @@ typedef BaseType_t TaskRunning_t;
 typedef struct tskTaskControlBlock /* The old naming convention is used to prevent breaking kernel aware debuggers. */
 {
     volatile StackType_t * pxTopOfStack; /*< Points to the location of the last item placed on the tasks stack.  THIS MUST BE THE FIRST MEMBER OF THE TCB STRUCT. */
-// # 272 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 273 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     ListItem_t xStateListItem; /*< The list that the state list item of a task is reference from denotes the state of that task (Ready, Blocked, Suspended ). */
     ListItem_t xEventListItem; /*< Used to reference a task from an event list. */
     UBaseType_t uxPriority; /*< The priority of the task.  0 is the lowest priority. */
@@ -10464,7 +10474,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve
     volatile TaskRunning_t xTaskRunState; /*< Used to identify the core the task is running on, if any. */
     BaseType_t xIsIdle; /*< Used to identify the idle tasks. */
     char pcTaskName[ 16 ]; /*< Descriptive name given to the task when created.  Facilitates debugging only. */ /*lint !e971 Unqualified char types are allowed for strings and single characters only. */
-// # 289 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 290 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         UBaseType_t uxCriticalNesting; /*< Holds the critical section nesting depth for ports that do not maintain their own count in the port layer. */
 
 
@@ -10484,7 +10494,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve
 
 
         void * pvThreadLocalStoragePointers[ 5 ];
-// # 329 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 330 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         volatile uint32_t ulNotifiedValue[ 1 ];
         volatile uint8_t ucNotifyState[ 1 ];
 
@@ -10575,7 +10585,7 @@ const volatile UBaseType_t uxTopUsedPriority = 32 - 1U;
  * must not be done by an ISR. Reads must be protected by either lock and may be done by
  * either an ISR or a task. */
                 static volatile UBaseType_t uxSchedulerSuspended = ( UBaseType_t ) ( ( char ) 0 );
-// # 429 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 430 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*lint -restore */
 
 /*-----------------------------------------------------------*/
@@ -10728,7 +10738,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
  * will exit the Blocked state.
  */
 static void prvResetNextTaskUnblockTime( void ) ;
-// # 593 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 594 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * Called after a Task_t structure has been allocated either statically or
  * dynamically to fill in the structure's members.
@@ -10760,9 +10770,9 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) ;
 
 
 /*-----------------------------------------------------------*/
-// # 643 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 644 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 726 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 727 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvYieldCore( BaseType_t xCoreID )
@@ -10804,8 +10814,8 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
     /* THIS FUNCTION MUST BE CALLED FROM A CRITICAL SECTION */
 
-    (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 767, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
-// # 780 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+    assert(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U);
+// # 781 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     xLowestPriority = ( BaseType_t ) pxTCB->uxPriority;
 
     if( xPreemptEqualPriority == ( ( char ) 0 ) )
@@ -10844,7 +10854,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
             {
                                         ;
             }
-// # 834 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 835 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
         else
         {
@@ -10857,7 +10867,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
         prvYieldCore( xLowestPriorityCore );
         xYieldCount++;
     }
-// # 854 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 855 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 /*-----------------------------------------------------------*/
 
@@ -10868,10 +10878,10 @@ static void prvYieldForTask( TCB_t * pxTCB,
         UBaseType_t uxCurrentPriority = uxTopReadyPriority;
         BaseType_t xTaskScheduled = ( ( char ) 0 );
         BaseType_t xDecrementTopPriority = ( ( char ) 1 );
-// # 872 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 873 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         while( xTaskScheduled == ( ( char ) 0 ) )
         {
-// # 886 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 887 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             if( ( ( ( &( pxReadyTasksLists[ uxCurrentPriority ] ) )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) == ( ( char ) 0 ) )
             {
 
@@ -10909,7 +10919,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     pxTCB = pxTaskItem->pvOwner;
 
                     /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */
-// # 939 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 940 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     if( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -1 ) )
                     {
 
@@ -10930,7 +10940,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                     }
                     else if( pxTCB == pxCurrentTCBs[ xCoreID ] )
                     {
-                        (__builtin_expect(!(( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 959, "( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )") : (void)0);
+                        assert(( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) ));
 
 
 
@@ -10974,21 +10984,21 @@ static void prvYieldForTask( TCB_t * pxTCB,
                 return ( ( char ) 0 );
             }
 
-            (__builtin_expect(!(( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( char ) 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1003, "( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( char ) 1 ) )") : (void)0);
+            assert(( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( char ) 1 ) ));
             uxCurrentPriority--;
         }
 
-        (__builtin_expect(!(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1007, "( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )") : (void)0);
-// # 1083 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+        assert(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) ));
+// # 1084 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         return ( ( char ) 1 );
     }
-// # 1099 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1100 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1177 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1178 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1240 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1241 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 1306 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1307 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -11005,7 +11015,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                  chars(pcName, 16, _);
      @*/
     //@ ensures true;
-// # 1335 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1336 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     {
         TCB_t * pxNewTCB;
         BaseType_t xReturn;
@@ -11013,7 +11023,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
         /* If the stack grows down then allocate the stack then the TCB so the stack
          * does not grow into the TCB.  Likewise if the stack grows up then allocate
          * the TCB then the stack. */
-// # 1365 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1366 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 StackType_t * pxStack;
 
@@ -11051,9 +11061,9 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
         if( pxNewTCB != 0 )
         {
-// # 1410 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1411 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvInitialiseNewTask( pxTaskCode, pcName, ( uint32_t ) usStackDepth, pvParameters, uxPriority, pxCreatedTask, pxNewTCB, 0 );
-// # 1419 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1420 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvAddNewTaskToReadyList( pxNewTCB );
             xReturn = ( ( ( char ) 1 ) );
         }
@@ -11091,7 +11101,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 {
     StackType_t * pxTopOfStack;
     UBaseType_t x;
-// # 1473 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1474 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     //@ open uninit_TCB_p(_,_);
 
     /* Avoid dependency on memset() if it is not required. */
@@ -11129,10 +11139,6 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             // Axiomatize that pointers on RP2040 are 32bit
             //@ ptr_range(pxTopOfStack);
 
-            // TODO: How can we prove this?
-            // Assume that no underflow occurs
-            ///@ assume( 0 <= (( (uint32_t) pxTopOfStack) & ~(7)) );
-
             /* Convert top and mask to VeriFast bitvectors and establish
              * relation to C variables.
              * Note that on RP2040:
@@ -11145,18 +11151,24 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             //@ bitnot_def(gMask, gzMask);
             //@ bitand_def((int) pxTopOfStack, gzTop, ~gMask, Z_not(gzMask));
 
-            // TODO: How can we prove this?
-            // Assume that no overflow occurs.
-            ///@ assume(  (((uint32_t) pxTopOfStack) & ~7) <= UINTPTR_MAX);
             pxTopOfStack = ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception.  Avoiding casts between pointers and integers is not practical.  Size differences accounted for using portPOINTER_SIZE_TYPE type.  Checked by assert(). */
-            //@ assert( pxTopOfStack <= gOldTop );
-            //@ assert( gOldTop - 7 <= pxTopOfStack );
-            //@ assert(false);
+
+            // The following alignment assertions hold but take very long to verify.
+            ///@ assert( pxTopOfStack <= gOldTop );
+            ///@ assert( gOldTop - 7 <= pxTopOfStack );
 
             /* Check the alignment of the calculated top of stack is correct. */
-// # 1549 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+
+
+            // Same as above but for aligned top pointer:
+            //@ Z gzAlignedTop = Z_of_uint32((int) pxTopOfStack);
+            //@ bitand_def((int) pxTopOfStack, gzAlignedTop, gMask, gzMask);
+
+            assert(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL ));
+            //@ assert(false);
+// # 1547 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
-// # 1563 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1561 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     //@ close uninit_TCB_p(pxNewTCB, stackSize); 
 
     /* Store the task name in the TCB. */
@@ -11246,7 +11258,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         {
             pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U;
         }
-// # 1671 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1669 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* Avoid compiler warning about unreferenced parameter. */
             ( void ) xRegions;
@@ -11273,7 +11285,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             //@ uchars__to_chars_(pxNewTCB->ucNotifyState);
             memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) );
         }
-// # 1709 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1707 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
 
                 /* Reason for rewrite: Assignment not type safe. */
@@ -11282,17 +11294,17 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 
 
         }
-// # 1732 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1730 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Initialize the TCB stack to look as if the task was already running,
      * but had been interrupted by the scheduler.  The return address is set
      * to the start of the task function. Once the stack has been initialised
      * the top of stack variable is updated. */
-// # 1760 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1758 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* If the port has capability to detect stack overflow,
              * pass the stack end address to the stack initialization
              * function as well. */
-// # 1777 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1775 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                 {
                     pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters );
                 }
@@ -11503,7 +11515,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
                 if( xTaskRunningOnCore == xCoreID )
                 {
-                    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 1987, "uxSchedulerSuspended == 0") : (void)0);
+                    assert(uxSchedulerSuspended == 0);
                     vTaskYieldWithinAPI();
                 }
                 else
@@ -11526,12 +11538,12 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         TickType_t xTimeToWake;
         BaseType_t xAlreadyYielded, xShouldDelay = ( ( char ) 0 );
 
-        (__builtin_expect(!(pxPreviousWakeTime), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2010, "pxPreviousWakeTime") : (void)0);
-        (__builtin_expect(!(( xTimeIncrement > 0U )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2011, "( xTimeIncrement > 0U )") : (void)0);
+        assert(pxPreviousWakeTime);
+        assert(( xTimeIncrement > 0U ));
 
         vTaskSuspendAll();
         {
-            (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2015, "uxSchedulerSuspended == 1") : (void)0);
+            assert(uxSchedulerSuspended == 1);
 
             /* Minor optimisation.  The tick count cannot change in this
              * block. */
@@ -11617,7 +11629,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         {
             vTaskSuspendAll();
             {
-                (__builtin_expect(!(uxSchedulerSuspended == 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2101, "uxSchedulerSuspended == 1") : (void)0);
+                assert(uxSchedulerSuspended == 1);
                                  ;
 
                 /* A task that is removed from the event list while the
@@ -11671,7 +11683,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         const TCB_t * const pxTCB = xTask;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2155, "pxTCB") : (void)0);
+        assert(pxTCB);
 
         vTaskEnterCritical();
         {
@@ -11847,7 +11859,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         BaseType_t xYieldForTask = ( ( char ) 0 );
         BaseType_t xCoreID;
 
-        (__builtin_expect(!(( uxNewPriority < 32 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2331, "( uxNewPriority < 32 )") : (void)0);
+        assert(( uxNewPriority < 32 ));
 
         /* Ensure the new priority is valid. */
         if( uxNewPriority >= ( UBaseType_t ) 32 )
@@ -12001,13 +12013,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
 /*-----------------------------------------------------------*/
-// # 2519 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2517 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2542 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2540 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2560 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2558 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2588 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2586 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -12084,7 +12096,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                     if( xTaskRunningOnCore == 0 )
                     {
                         /* The current task has just been suspended. */
-                        (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2664, "uxSchedulerSuspended == 0") : (void)0);
+                        assert(uxSchedulerSuspended == 0);
                         vTaskYieldWithinAPI();
                     }
                     else
@@ -12098,7 +12110,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                 {
                     vTaskExitCritical();
 
-                    (__builtin_expect(!(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2678, "pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]") : (void)0);
+                    assert(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]);
 
                     /* The scheduler is not running, but the task that was pointed
                      * to by pxCurrentTCB has just been suspended and pxCurrentTCB
@@ -12145,7 +12157,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
         /* Accesses xPendingReadyList so must be called from a critical section. */
 
         /* It does not make sense to check if the calling task is suspended. */
-        (__builtin_expect(!(xTask), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2725, "xTask") : (void)0);
+        assert(xTask);
 
         /* Is the task being resumed actually in the suspended list? */
         if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &xSuspendedTaskList ) ) ? ( ( ( char ) 1 ) ) : ( ( ( char ) 0 ) ) ) != ( ( char ) 0 ) )
@@ -12194,7 +12206,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
         /* It does not make sense to resume the calling task. */
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2774, "xTaskToResume") : (void)0);
+        assert(xTaskToResume);
 
         /* The parameter cannot be NULL as it is impossible to resume the
          * currently executing task. It is also impossible to resume a task
@@ -12253,7 +12265,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToResume), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 2833, "xTaskToResume") : (void)0);
+        assert(xTaskToResume);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -12374,7 +12386,7 @@ static BaseType_t prvCreateIdleTasks( void )
         {
                                     ;
         }
-// # 3001 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2999 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 if( xCoreID == 0 )
                 {
@@ -12386,7 +12398,7 @@ static BaseType_t prvCreateIdleTasks( void )
                                            ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */
                                            &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */
                 }
-// # 3024 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3022 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             }
 
     }
@@ -12423,7 +12435,7 @@ void vTaskStartScheduler( void )
          * so interrupts will automatically get re-enabled when the first task
          * starts to run. */
         assert_fct(false);
-// # 3074 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3072 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL;
         xSchedulerRunning = ( ( char ) 1 );
         xTickCount = ( TickType_t ) 0;
@@ -12455,7 +12467,7 @@ void vTaskStartScheduler( void )
         /* This line will only be reached if the kernel could not be started,
          * because there was not enough FreeRTOS heap to create the idle task
          * or the timer task. */
-        (__builtin_expect(!(xReturn != ( -1 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3105, "xReturn != ( -1 )") : (void)0);
+        assert(xReturn != ( -1 ));
     }
 
     /* Prevent compiler warnings if INCLUDE_xTaskGetIdleTaskHandle is set to 0,
@@ -12520,7 +12532,7 @@ void vTaskSuspendAll( void )
     }
 }
 /*----------------------------------------------------------*/
-// # 3232 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3230 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskResumeAll( void )
@@ -12543,7 +12555,7 @@ BaseType_t xTaskResumeAll( void )
 
             /* If uxSchedulerSuspended is zero then this function does not match a
              * previous call to vTaskSuspendAll(). */
-            (__builtin_expect(!(uxSchedulerSuspended), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3254, "uxSchedulerSuspended") : (void)0);
+            assert(uxSchedulerSuspended);
 
             --uxSchedulerSuspended;
             vPortRecursiveLock(1, spin_lock_instance(15), ( ( char ) 0 ));
@@ -12701,7 +12713,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     /* If null is passed in here then the name of the calling task is being
      * queried. */
     pxTCB = ( ( ( xTaskToQuery ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToQuery ) );
-    (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3412, "pxTCB") : (void)0);
+    assert(pxTCB);
     return &( pxTCB->pcTaskName[ 0 ] );
 }
 /*-----------------------------------------------------------*/
@@ -12794,7 +12806,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
         TCB_t * pxTCB;
 
         /* Task names will be truncated to configMAX_TASK_NAME_LEN - 1 bytes. */
-        (__builtin_expect(!(strlen( pcNameToQuery ) < 16), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3505, "strlen( pcNameToQuery ) < 16") : (void)0);
+        assert(strlen( pcNameToQuery ) < 16);
 
         vTaskSuspendAll();
         {
@@ -12890,7 +12902,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                          * each task in the Suspended state. */
                         uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended );
                     }
-// # 3615 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3613 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         if( pulTotalRunTime != 0 )
                         {
@@ -12918,7 +12930,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
     {
         /* If xTaskGetIdleTaskHandle() is called before the scheduler has been
          * started, then xIdleTaskHandle will be NULL. */
-        (__builtin_expect(!(( xIdleTaskHandle != 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3642, "( xIdleTaskHandle != 0 )") : (void)0);
+        assert(( xIdleTaskHandle != 0 ));
         return &( xIdleTaskHandle[ 0 ] );
     }
 
@@ -12929,7 +12941,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
  * This is to ensure vTaskStepTick() is available when user defined low power mode
  * implementations require configUSE_TICKLESS_IDLE to be set to a value other than
  * 1. */
-// # 3666 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3664 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
@@ -12938,7 +12950,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
 
     /* Must not be called with the scheduler suspended as the implementation
      * relies on xPendedTicks being wound down to 0 in xTaskResumeAll(). */
-    (__builtin_expect(!(uxSchedulerSuspended == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3674, "uxSchedulerSuspended == 0") : (void)0);
+    assert(uxSchedulerSuspended == 0);
 
     /* Use xPendedTicks to mimic xTicksToCatchUp number of ticks occurring when
      * the scheduler is suspended so the ticks are executed in xTaskResumeAll(). */
@@ -12957,7 +12969,7 @@ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
         TCB_t * pxTCB = xTask;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(pxTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3693, "pxTCB") : (void)0);
+        assert(pxTCB);
 
         vTaskSuspendAll();
         {
@@ -13056,7 +13068,7 @@ BaseType_t xTaskIncrementTick( void )
 
             if( xConstTickCount == ( TickType_t ) 0U ) /*lint !e774 'if' does not always evaluate to false as it is looking for an overflow. */
             {
-                { List_t * pxTemp; (__builtin_expect(!(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 3792, "( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) )") : (void)0); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
+                { List_t * pxTemp; assert(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) )); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); };
             }
             else
             {
@@ -13239,13 +13251,13 @@ BaseType_t xTaskIncrementTick( void )
     return xSwitchRequired;
 }
 /*-----------------------------------------------------------*/
-// # 4004 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4002 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4028 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4026 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4053 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4051 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4086 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4084 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 void vTaskSwitchContext( BaseType_t xCoreID )
@@ -13263,7 +13275,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
     {
         /* vTaskSwitchContext() must never be called from within a critical section.
          * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */
-        (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4103, "xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0") : (void)0);
+        assert(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0);
 
         if( uxSchedulerSuspended != ( UBaseType_t ) ( ( char ) 0 ) )
         {
@@ -13275,7 +13287,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
         {
             xYieldPendings[ xCoreID ] = ( ( char ) 0 );
                                     ;
-// # 4144 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4142 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             /* Check for stack overflow, if configured. */
             { const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } };
 
@@ -13292,7 +13304,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
                                    ;
 
             /* After the new task is switched in, update the global errno. */
-// # 4178 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4176 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
     }
     vPortRecursiveLock(0, spin_lock_instance(14), ( ( char ) 0 ));
@@ -13303,7 +13315,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
 void vTaskPlaceOnEventList( List_t * const pxEventList,
                             const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4188, "pxEventList") : (void)0);
+    assert(pxEventList);
 
     /* THIS FUNCTION MUST BE CALLED WITH EITHER INTERRUPTS DISABLED OR THE
      * SCHEDULER SUSPENDED AND THE QUEUE BEING ACCESSED LOCKED. */
@@ -13322,11 +13334,11 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                      const TickType_t xItemValue,
                                      const TickType_t xTicksToWait )
 {
-    (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4207, "pxEventList") : (void)0);
+    assert(pxEventList);
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event groups implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4211, "uxSchedulerSuspended != 0") : (void)0);
+    assert(uxSchedulerSuspended != 0);
 
     /* Store the item value in the event list item.  It is safe to access the
      * event list item here as interrupts won't access the event list item of a
@@ -13350,7 +13362,7 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList,
                                           TickType_t xTicksToWait,
                                           const BaseType_t xWaitIndefinitely )
     {
-        (__builtin_expect(!(pxEventList), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4235, "pxEventList") : (void)0);
+        assert(pxEventList);
 
         /* This function should not be called by application code hence the
          * 'Restricted' in its name.  It is not part of the public API.  It is
@@ -13398,14 +13410,14 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
      * This function assumes that a check has already been made to ensure that
      * pxEventList is not empty. */
     pxUnblockedTCB = ( ( &( ( pxEventList )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4283, "pxUnblockedTCB") : (void)0);
+    assert(pxUnblockedTCB);
     ( void ) uxListRemove( &( pxUnblockedTCB->xEventListItem ) );
 
     if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) )
     {
         ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) );
         ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ;
-// # 4304 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4302 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
     else
     {
@@ -13435,7 +13447,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
     /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED.  It is used by
      * the event flags implementation. */
-    (__builtin_expect(!(uxSchedulerSuspended != ( ( char ) 0 )), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4333, "uxSchedulerSuspended != ( ( char ) 0 )") : (void)0);
+    assert(uxSchedulerSuspended != ( ( char ) 0 ));
 
     /* Store the new item value in the event list. */
     ( ( pxEventListItem )->xItemValue = ( xItemValue | 0x80000000UL ) );
@@ -13443,9 +13455,9 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
     /* Remove the event list form the event flag.  Interrupts do not access
      * event flags. */
     pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
-    (__builtin_expect(!(pxUnblockedTCB), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4341, "pxUnblockedTCB") : (void)0);
+    assert(pxUnblockedTCB);
     ( void ) uxListRemove( pxEventListItem );
-// # 4358 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4356 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Remove the task from the delayed list and add it to the ready list.  The
      * scheduler is suspended so interrupts will not be accessing the ready
      * lists. */
@@ -13464,7 +13476,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
 
 void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut )
 {
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4376, "pxTimeOut") : (void)0);
+    assert(pxTimeOut);
     vTaskEnterCritical();
     {
         pxTimeOut->xOverflowCount = xNumOfOverflows;
@@ -13487,8 +13499,8 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut,
 {
     BaseType_t xReturn;
 
-    (__builtin_expect(!(pxTimeOut), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4399, "pxTimeOut") : (void)0);
-    (__builtin_expect(!(pxTicksToWait), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4400, "pxTicksToWait") : (void)0);
+    assert(pxTimeOut);
+    assert(pxTicksToWait);
 
     vTaskEnterCritical();
     {
@@ -13610,7 +13622,7 @@ void vTaskMissedYield( void )
  *
  * @todo additional conditional compiles to remove this function.
  */
-// # 4582 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4580 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * -----------------------------------------------------------
  * The Idle task.
@@ -13640,7 +13652,7 @@ static void prvIdleTask( void * pvParameters )
         /* See if any tasks have deleted themselves - if so then the idle task
          * is responsible for freeing the deleted task's TCB and stack. */
         prvCheckTasksWaitingTermination();
-// # 4623 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4621 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 /* When using preemption tasks of equal priority will be
                  * timesliced.  If a task that is sharing the idle priority is ready
@@ -13661,16 +13673,16 @@ static void prvIdleTask( void * pvParameters )
                                             ;
                 }
             }
-// # 4659 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4657 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         /* This conditional compilation should use inequality to 0, not equality
          * to 1.  This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when
          * user defined low power mode  implementations require
          * configUSE_TICKLESS_IDLE to be set to a value other than 1. */
-// # 4724 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4722 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 }
 /*-----------------------------------------------------------*/
-// # 4774 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4772 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13684,7 +13696,7 @@ static void prvIdleTask( void * pvParameters )
         if( xIndex < 5 )
         {
             pxTCB = ( ( ( xTaskToSet ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSet ) );
-            (__builtin_expect(!(pxTCB != 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 4787, "pxTCB != 0") : (void)0);
+            assert(pxTCB != 0);
             pxTCB->pvThreadLocalStoragePointers[ xIndex ] = pvValue;
         }
     }
@@ -13715,7 +13727,7 @@ static void prvIdleTask( void * pvParameters )
 
 
 /*-----------------------------------------------------------*/
-// # 4834 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4832 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvInitialiseTaskLists( void )
@@ -13817,7 +13829,7 @@ static void prvCheckTasksWaitingTermination( void )
             {
                 pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority;
             }
-// # 4946 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4944 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 pxTaskStatus->ulRunTimeCounter = 0;
             }
@@ -13948,7 +13960,7 @@ static void prvCheckTasksWaitingTermination( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5115 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5113 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -14005,7 +14017,7 @@ static void prvCheckTasksWaitingTermination( void )
                 free( (void*) pxTCB->pxStack);
                 free( (void*) pxTCB);
             }
-// # 5198 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5196 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 
 
@@ -14210,8 +14222,8 @@ static void prvResetNextTaskUnblockTime( void )
              * If the mutex is held by a task then it cannot be given from an
              * interrupt, and if a mutex is given by the holding task then it must
              * be the running state task. */
-            (__builtin_expect(!(pxTCB == xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5402, "pxTCB == xTaskGetCurrentTaskHandle()") : (void)0);
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5403, "pxTCB->uxMutexesHeld") : (void)0);
+            assert(pxTCB == xTaskGetCurrentTaskHandle());
+            assert(pxTCB->uxMutexesHeld);
             ( pxTCB->uxMutexesHeld )--;
 
             /* Has the holder of the mutex inherited the priority of another
@@ -14297,7 +14309,7 @@ static void prvResetNextTaskUnblockTime( void )
         {
             /* If pxMutexHolder is not NULL then the holder must hold at least
              * one mutex. */
-            (__builtin_expect(!(pxTCB->uxMutexesHeld), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5489, "pxTCB->uxMutexesHeld") : (void)0);
+            assert(pxTCB->uxMutexesHeld);
 
             /* Determine the priority to which the priority of the task that
              * holds the mutex should be set.  This will be the greater of the
@@ -14324,7 +14336,7 @@ static void prvResetNextTaskUnblockTime( void )
                     /* If a task has timed out because it already holds the
                      * mutex it was trying to obtain then it cannot of inherited
                      * its own priority. */
-                    (__builtin_expect(!(pxTCB != xTaskGetCurrentTaskHandle()), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5516, "pxTCB != xTaskGetCurrentTaskHandle()") : (void)0);
+                    assert(pxTCB != xTaskGetCurrentTaskHandle());
 
                     /* Disinherit the priority, remembering the previous
                      * priority to facilitate determining the subject task's
@@ -14455,7 +14467,7 @@ void vTaskYieldWithinAPI( void )
         {
             /* If pxCurrentTCB->uxCriticalNesting is zero then this function
              * does not match a previous call to vTaskEnterCritical(). */
-            (__builtin_expect(!(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5647, "xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U") : (void)0);
+            assert(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U);
 
             if( xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U )
             {
@@ -14505,11 +14517,11 @@ void vTaskYieldWithinAPI( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5723 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5721 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 5829 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5827 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
-// # 5956 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5954 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 TickType_t uxTaskResetEventItemValue( void )
@@ -14551,7 +14563,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         uint32_t ulReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 5997, "uxIndexToWait < 1") : (void)0);
+        assert(uxIndexToWait < 1);
 
         vTaskEnterCritical();
         {
@@ -14625,7 +14637,7 @@ TickType_t uxTaskResetEventItemValue( void )
     {
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToWait < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6071, "uxIndexToWait < 1") : (void)0);
+        assert(uxIndexToWait < 1);
 
         vTaskEnterCritical();
         {
@@ -14713,8 +14725,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( char ) 1 ) );
         uint8_t ucOriginalNotifyState;
 
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6159, "uxIndexToNotify < 1") : (void)0);
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6160, "xTaskToNotify") : (void)0);
+        assert(uxIndexToNotify < 1);
+        assert(xTaskToNotify);
         pxTCB = xTaskToNotify;
 
         vTaskEnterCritical();
@@ -14767,7 +14779,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6213, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    assert(xTickCount == ( TickType_t ) 0);
 
                     break;
             }
@@ -14782,8 +14794,8 @@ TickType_t uxTaskResetEventItemValue( void )
                 ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ;
 
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6228, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
-// # 6247 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+                assert(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0);
+// # 6245 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         prvYieldForTask( pxTCB, ( ( char ) 0 ) );
                     }
@@ -14816,8 +14828,8 @@ TickType_t uxTaskResetEventItemValue( void )
         BaseType_t xReturn = ( ( ( char ) 1 ) );
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6279, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6280, "uxIndexToNotify < 1") : (void)0);
+        assert(xTaskToNotify);
+        assert(uxIndexToNotify < 1);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14888,7 +14900,7 @@ TickType_t uxTaskResetEventItemValue( void )
                     /* Should not get here if all enums are handled.
                      * Artificially force an assert by testing a value the
                      * compiler can't assume is const. */
-                    (__builtin_expect(!(xTickCount == ( TickType_t ) 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6351, "xTickCount == ( TickType_t ) 0") : (void)0);
+                    assert(xTickCount == ( TickType_t ) 0);
                     break;
             }
 
@@ -14899,7 +14911,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6362, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                assert(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) )
                 {
@@ -14944,8 +14956,8 @@ TickType_t uxTaskResetEventItemValue( void )
         uint8_t ucOriginalNotifyState;
         UBaseType_t uxSavedInterruptStatus;
 
-        (__builtin_expect(!(xTaskToNotify), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6407, "xTaskToNotify") : (void)0);
-        (__builtin_expect(!(uxIndexToNotify < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6408, "uxIndexToNotify < 1") : (void)0);
+        assert(xTaskToNotify);
+        assert(uxIndexToNotify < 1);
 
         /* RTOS ports that support interrupt nesting have the concept of a
          * maximum  system call (or maximum API call) interrupt priority.
@@ -14983,7 +14995,7 @@ TickType_t uxTaskResetEventItemValue( void )
             if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) )
             {
                 /* The task should not have been on an event list. */
-                (__builtin_expect(!(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6446, "( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0") : (void)0);
+                assert(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0);
 
                 if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) )
                 {
@@ -15024,7 +15036,7 @@ TickType_t uxTaskResetEventItemValue( void )
         TCB_t * pxTCB;
         BaseType_t xReturn;
 
-        (__builtin_expect(!(uxIndexToClear < 1), 0) ? __assert_rtn ((const char *)-1L, "tasks.c", 6487, "uxIndexToClear < 1") : (void)0);
+        assert(uxIndexToClear < 1);
 
         /* If null is passed in here then it is the calling task that is having
          * its notification state cleared. */
@@ -15077,7 +15089,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
 
 /*-----------------------------------------------------------*/
-// # 6556 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6554 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
@@ -15153,7 +15165,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                 }
             }
         }
-// # 6668 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6666 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 
 /* Code below here allows additional code to be inserted into this source file,
diff --git a/verification/verifast/proof/verifast_bitops_extended.h b/verification/verifast/proof/verifast_bitops_extended.h
new file mode 100644
index 00000000000..56537c04aef
--- /dev/null
+++ b/verification/verifast/proof/verifast_bitops_extended.h
@@ -0,0 +1,10 @@
+#ifndef VERIFAST_BITOPS_EXTENDED_H
+#define VERIFAST_BITOPS_EXTENDED_H
+
+/*@
+lemma void bitand_idempotent_right(int l, int r);
+requires true;
+ensures (l & r) == ((l & r) & r);
+@*/
+
+#endif /* VERIFAST_BITOPS_EXTENDED_H */
\ No newline at end of file
diff --git a/verification/verifast/proof_setup/verifast_proof_defs.h b/verification/verifast/proof_setup/verifast_proof_defs.h
index a3a28a9ae6f..b1e288e2c29 100644
--- a/verification/verifast/proof_setup/verifast_proof_defs.h
+++ b/verification/verifast/proof_setup/verifast_proof_defs.h
@@ -20,4 +20,8 @@
     #define pdTRUE              ( ( char ) 1 )
     #define pd_U_FALSE          ( ( unsigned char ) pdFALSE )
     #define pd_U_TRUE           ( ( unsigned char ) pdTRUE )
+
+    #undef assert
+    #undef configASSERT
+    #define configASSERT(x)     assert(x)
 #endif /* VERIFAST_DEFS_H */

From af090b252dbc33bd8ccd60c9d53c30be1014c71d Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Tue, 1 Nov 2022 15:24:42 -0400
Subject: [PATCH 075/289] Added new stack predicate that reflects the forced
 alignment of the stack pointer.

---
 tasks.c                                       |  20 +-
 .../verifast/preprocessed_files/tasks--pp.c   | 172 +++++++++++++-----
 .../verifast/proof/stack_predicates.h         |  23 +++
 .../verifast/proof/verifast_bitops_extended.h |   1 +
 .../proof/verifast_prelude_extended.h         |  53 ++++++
 5 files changed, 221 insertions(+), 48 deletions(-)

diff --git a/tasks.c b/tasks.c
index d06c9305f22..1a86c80b4d6 100644
--- a/tasks.c
+++ b/tasks.c
@@ -1315,7 +1315,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                             UBaseType_t uxPriority,
                             TaskHandle_t * const pxCreatedTask )
     /*@ requires usStackDepth * sizeof( StackType_t ) < UINTPTR_MAX &*&
-                 usStackDepth > 0 &*&
+                 usStackDepth > 2 &*&
                  // We assume that macro `configMAX_TASK_NAME_LEN` evaluates to 16.
                  chars(pcName, 16, _);
      @*/
@@ -1445,7 +1445,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 /*@ requires uninit_TCB_p(pxNewTCB, ?stackSize) &*&
              stackSize == ulStackDepth * sizeof(StackType_t) &*&
              stackSize <= UINTPTR_MAX &*&
-             ulStackDepth > 0 &*&
+             ulStackDepth > 2 &*&
              // We assume that macro `configMAX_TASK_NAME_LEN` evaluates to 16.
              chars(pcName, 16, _);
  @*/
@@ -1504,6 +1504,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         {
             pxTopOfStack = &( pxNewTCB->pxStack[ ulStackDepth - ( uint32_t ) 1 ] );
             //@ StackType_t* gOldTop = pxTopOfStack;
+            //@ char* gcStack = (char*) pxNewTCB->pxStack;
             
             // Axiomatize that pointers on RP2040 are 32bit
             //@ ptr_range(pxTopOfStack);
@@ -1521,19 +1522,28 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             //@ bitand_def((int) pxTopOfStack, gzTop, ~gMask, Z_not(gzMask));
 
             pxTopOfStack = ( StackType_t * ) ( ( ( portPOINTER_SIZE_TYPE ) pxTopOfStack ) & ( ~( ( portPOINTER_SIZE_TYPE ) portBYTE_ALIGNMENT_MASK ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception.  Avoiding casts between pointers and integers is not practical.  Size differences accounted for using portPOINTER_SIZE_TYPE type.  Checked by assert(). */
-            
+            //@ uint32_t gUnalignedBytes = (char*) gOldTop - (char*) pxTopOfStack;
+
             // The following alignment assertions hold but take very long to verify.
             ///@ assert( pxTopOfStack <= gOldTop );
             ///@ assert( gOldTop - 7 <= pxTopOfStack );
 
             /* Check the alignment of the calculated top of stack is correct. */
             
-            
             // Same as above but for aligned top pointer:
             //@ Z gzAlignedTop = Z_of_uint32((int) pxTopOfStack);
             //@ bitand_def((int) pxTopOfStack, gzAlignedTop, gMask, gzMask);
 
-            configASSERT( ( ( ( portPOINTER_SIZE_TYPE ) pxTopOfStack & ( portPOINTER_SIZE_TYPE ) portBYTE_ALIGNMENT_MASK ) == 0UL ) );            
+            configASSERT( ( ( ( portPOINTER_SIZE_TYPE ) pxTopOfStack & ( portPOINTER_SIZE_TYPE ) portBYTE_ALIGNMENT_MASK ) == 0UL ) );  
+            
+            /*@
+            if( pxTopOfStack < gOldTop )
+            {
+                chars_split_at(gcStack, (char*) pxTopOfStack + sizeof(StackType_t));
+            }
+            @*/
+            //@ assert( chars(gcStack, ?gFreeBytes, _) );
+            //@ close stack_p_2(pxNewTCB->pxStack, ulStackDepth, pxTopOfStack, gFreeBytes, 0, gUnalignedBytes);        
             //@ assert(false);
 
 
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index 85ed67ae61e..d6fff5d8ce1 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -9954,6 +9954,29 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer,
 
 
 
+/*@
+// Represents a stack that grows down (cf. RP2040 stack)
+predicate stack_p_2(StackType_t * pxStack, 
+                    uint32_t ulStackDepth, 
+                    StackType_t * pxTopOfStack, 
+                    uint32_t ulFreeBytes,
+                    uint32_t ulUsedCells,
+                    uint32_t ulUnalignedBytes) =
+    // Free stack cells. The size of this memory block is not necessarily a 
+    // multiple of sizeof(StackType_t), due to bitvector arithmetic.
+    // At least, we cannot prove it.
+    chars((char*) pxStack, ulFreeBytes, _) &*&
+    //integer_(pxTopOfStack + sizeof(StackType_t), sizeof(StackType_t), false, _) &*&;
+
+    // If there is any free memory left in this stack,
+    // pxTopOfStack points to the last sizeof(StackType_t) number of bytes.
+    (char*) pxStack + ulFreeBytes == (char*) pxTopOfStack + sizeof(StackType_t) &*&
+    // Used stack cells
+    integers_(pxTopOfStack + sizeof(StackType_t), sizeof(StackType_t), false, ulUsedCells, _) &*&
+    // Unaligned rest
+    chars((char*) pxTopOfStack + sizeof(StackType_t) * (ulUsedCells + 1), ulUnalignedBytes, _);
+@*/
+
 /*@
 // Represents a stack that grows down (cf. RP2040 stack)
 predicate stack_p(StackType_t * pxStack, uint32_t ulStackDepth, StackType_t * pxTopOfStack, uint32_t freeCells) =
@@ -10152,12 +10175,65 @@ lemma_auto void integers___to_integers_(void *p);
     requires [?f]integers__(p, ?size, ?signed_, ?count, _);
     ensures [f]integers_(p, size, signed_, count, _);
 @*/
+
+
+/*@
+lemma void chars_split_at(char* start_ptr, char* split_ptr)
+requires chars(start_ptr, ?count, ?vs) &*& 
+         start_ptr <= split_ptr &*& split_ptr < start_ptr + count;
+ensures  chars(start_ptr, ?c1, ?vs1) &*&
+         chars(split_ptr, ?c2, ?vs2) &*&
+         start_ptr + c1 == split_ptr &*&
+         c1 + c2 == count;
+{
+    if( start_ptr == split_ptr ) 
+    {
+        close chars(start_ptr, 0, nil);
+    } else
+    {
+        open chars(start_ptr, _, _);
+        chars_split_at(start_ptr+1, split_ptr);
+        assert( chars(start_ptr+1, ?c1, _) );
+        close chars(start_ptr, c1+1, _);
+    }
+}
+@*/
+
+
+/*@
+lemma void division_remainder_def(int l, int r);
+requires l >= 0 &*& r > 0 &*& r < l;
+ensures l == (l % r) + (l / r) * r &*&
+0 <= (l % r) &*&
+(l % r) < r;
+@*/
+
+/*@
+lemma void chars_to_max_integers__suffix(char* startPtr, int intSize, bool signed_)
+requires chars(startPtr, ?count, ?vs) &*& intSize > 0 &*& count > intSize;
+ensures  chars(startPtr, ?cc, _) &*&
+         integers_(?intStartPtr, intSize, signed_, ?ci, _) &*&
+         count == cc + ci * intSize &*&
+         intStartPtr == startPtr + cc &*&
+         cc < intSize &*&
+         ci == count / intSize;
+{
+    int rem = count % intSize;
+    int ci = count / intSize;
+    
+    division_remainder_def(count, intSize);
+    chars_split(startPtr, rem);
+    chars_to_integers_(startPtr + rem, intSize, signed_, ci);
+
+}
+@*/
 // # 62 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/verifast_bitops_extended.h" 1
 
 
 
 /*@
+// TODO: Can we remove this?
 lemma void bitand_idempotent_right(int l, int r);
 requires true;
 ensures (l & r) == ((l & r) & r);
@@ -11010,7 +11086,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                             UBaseType_t uxPriority,
                             TaskHandle_t * const pxCreatedTask )
     /*@ requires usStackDepth * sizeof( StackType_t ) < UINTPTR_MAX &*&
-                 usStackDepth > 0 &*&
+                 usStackDepth > 2 &*&
                  // We assume that macro `configMAX_TASK_NAME_LEN` evaluates to 16.
                  chars(pcName, 16, _);
      @*/
@@ -11092,7 +11168,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 /*@ requires uninit_TCB_p(pxNewTCB, ?stackSize) &*&
              stackSize == ulStackDepth * sizeof(StackType_t) &*&
              stackSize <= UINTPTR_MAX &*&
-             ulStackDepth > 0 &*&
+             ulStackDepth > 2 &*&
              // We assume that macro `configMAX_TASK_NAME_LEN` evaluates to 16.
              chars(pcName, 16, _);
  @*/
@@ -11135,6 +11211,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         {
             pxTopOfStack = &( pxNewTCB->pxStack[ ulStackDepth - ( uint32_t ) 1 ] );
             //@ StackType_t* gOldTop = pxTopOfStack;
+            //@ char* gcStack = (char*) pxNewTCB->pxStack;
 
             // Axiomatize that pointers on RP2040 are 32bit
             //@ ptr_range(pxTopOfStack);
@@ -11152,6 +11229,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             //@ bitand_def((int) pxTopOfStack, gzTop, ~gMask, Z_not(gzMask));
 
             pxTopOfStack = ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception.  Avoiding casts between pointers and integers is not practical.  Size differences accounted for using portPOINTER_SIZE_TYPE type.  Checked by assert(). */
+            //@ uint32_t gUnalignedBytes = (char*) gOldTop - (char*) pxTopOfStack;
 
             // The following alignment assertions hold but take very long to verify.
             ///@ assert( pxTopOfStack <= gOldTop );
@@ -11159,16 +11237,24 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 
             /* Check the alignment of the calculated top of stack is correct. */
 
-
             // Same as above but for aligned top pointer:
             //@ Z gzAlignedTop = Z_of_uint32((int) pxTopOfStack);
             //@ bitand_def((int) pxTopOfStack, gzAlignedTop, gMask, gzMask);
 
             assert(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL ));
+
+            /*@
+            if( pxTopOfStack < gOldTop )
+            {
+                chars_split_at(gcStack, (char*) pxTopOfStack + sizeof(StackType_t));
+            }
+            @*/
+            //@ assert( chars(gcStack, ?gFreeBytes, _) );
+            //@ close stack_p_2(pxNewTCB->pxStack, ulStackDepth, pxTopOfStack, gFreeBytes, 0, gUnalignedBytes);        
             //@ assert(false);
-// # 1547 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1557 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
-// # 1561 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1571 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     //@ close uninit_TCB_p(pxNewTCB, stackSize); 
 
     /* Store the task name in the TCB. */
@@ -11258,7 +11344,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         {
             pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U;
         }
-// # 1669 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1679 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* Avoid compiler warning about unreferenced parameter. */
             ( void ) xRegions;
@@ -11285,7 +11371,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             //@ uchars__to_chars_(pxNewTCB->ucNotifyState);
             memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) );
         }
-// # 1707 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1717 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
 
                 /* Reason for rewrite: Assignment not type safe. */
@@ -11294,17 +11380,17 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 
 
         }
-// # 1730 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1740 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Initialize the TCB stack to look as if the task was already running,
      * but had been interrupted by the scheduler.  The return address is set
      * to the start of the task function. Once the stack has been initialised
      * the top of stack variable is updated. */
-// # 1758 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1768 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* If the port has capability to detect stack overflow,
              * pass the stack end address to the stack initialization
              * function as well. */
-// # 1775 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1785 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                 {
                     pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters );
                 }
@@ -12013,13 +12099,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
 /*-----------------------------------------------------------*/
-// # 2517 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2527 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2540 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2550 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2558 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2568 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2586 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2596 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -12386,7 +12472,7 @@ static BaseType_t prvCreateIdleTasks( void )
         {
                                     ;
         }
-// # 2999 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3009 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 if( xCoreID == 0 )
                 {
@@ -12398,7 +12484,7 @@ static BaseType_t prvCreateIdleTasks( void )
                                            ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */
                                            &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */
                 }
-// # 3022 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3032 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             }
 
     }
@@ -12435,7 +12521,7 @@ void vTaskStartScheduler( void )
          * so interrupts will automatically get re-enabled when the first task
          * starts to run. */
         assert_fct(false);
-// # 3072 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3082 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL;
         xSchedulerRunning = ( ( char ) 1 );
         xTickCount = ( TickType_t ) 0;
@@ -12532,7 +12618,7 @@ void vTaskSuspendAll( void )
     }
 }
 /*----------------------------------------------------------*/
-// # 3230 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3240 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskResumeAll( void )
@@ -12902,7 +12988,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                          * each task in the Suspended state. */
                         uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended );
                     }
-// # 3613 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3623 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         if( pulTotalRunTime != 0 )
                         {
@@ -12941,7 +13027,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
  * This is to ensure vTaskStepTick() is available when user defined low power mode
  * implementations require configUSE_TICKLESS_IDLE to be set to a value other than
  * 1. */
-// # 3664 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3674 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
@@ -13251,13 +13337,13 @@ BaseType_t xTaskIncrementTick( void )
     return xSwitchRequired;
 }
 /*-----------------------------------------------------------*/
-// # 4002 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4012 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4026 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4036 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4051 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4061 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4084 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4094 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 void vTaskSwitchContext( BaseType_t xCoreID )
@@ -13287,7 +13373,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
         {
             xYieldPendings[ xCoreID ] = ( ( char ) 0 );
                                     ;
-// # 4142 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4152 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             /* Check for stack overflow, if configured. */
             { const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } };
 
@@ -13304,7 +13390,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
                                    ;
 
             /* After the new task is switched in, update the global errno. */
-// # 4176 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4186 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
     }
     vPortRecursiveLock(0, spin_lock_instance(14), ( ( char ) 0 ));
@@ -13417,7 +13503,7 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
     {
         ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) );
         ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ;
-// # 4302 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4312 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
     else
     {
@@ -13457,7 +13543,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
     pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
     assert(pxUnblockedTCB);
     ( void ) uxListRemove( pxEventListItem );
-// # 4356 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4366 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Remove the task from the delayed list and add it to the ready list.  The
      * scheduler is suspended so interrupts will not be accessing the ready
      * lists. */
@@ -13622,7 +13708,7 @@ void vTaskMissedYield( void )
  *
  * @todo additional conditional compiles to remove this function.
  */
-// # 4580 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4590 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * -----------------------------------------------------------
  * The Idle task.
@@ -13652,7 +13738,7 @@ static void prvIdleTask( void * pvParameters )
         /* See if any tasks have deleted themselves - if so then the idle task
          * is responsible for freeing the deleted task's TCB and stack. */
         prvCheckTasksWaitingTermination();
-// # 4621 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4631 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 /* When using preemption tasks of equal priority will be
                  * timesliced.  If a task that is sharing the idle priority is ready
@@ -13673,16 +13759,16 @@ static void prvIdleTask( void * pvParameters )
                                             ;
                 }
             }
-// # 4657 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4667 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         /* This conditional compilation should use inequality to 0, not equality
          * to 1.  This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when
          * user defined low power mode  implementations require
          * configUSE_TICKLESS_IDLE to be set to a value other than 1. */
-// # 4722 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4732 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 }
 /*-----------------------------------------------------------*/
-// # 4772 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4782 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13727,7 +13813,7 @@ static void prvIdleTask( void * pvParameters )
 
 
 /*-----------------------------------------------------------*/
-// # 4832 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4842 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvInitialiseTaskLists( void )
@@ -13829,7 +13915,7 @@ static void prvCheckTasksWaitingTermination( void )
             {
                 pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority;
             }
-// # 4944 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4954 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 pxTaskStatus->ulRunTimeCounter = 0;
             }
@@ -13960,7 +14046,7 @@ static void prvCheckTasksWaitingTermination( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5113 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5123 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -14017,7 +14103,7 @@ static void prvCheckTasksWaitingTermination( void )
                 free( (void*) pxTCB->pxStack);
                 free( (void*) pxTCB);
             }
-// # 5196 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5206 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 
 
@@ -14517,11 +14603,11 @@ void vTaskYieldWithinAPI( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5721 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5731 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 5827 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5837 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
-// # 5954 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5964 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 TickType_t uxTaskResetEventItemValue( void )
@@ -14795,7 +14881,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
                 /* The task should not have been on an event list. */
                 assert(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0);
-// # 6245 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6255 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         prvYieldForTask( pxTCB, ( ( char ) 0 ) );
                     }
@@ -15089,7 +15175,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
 
 /*-----------------------------------------------------------*/
-// # 6554 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6564 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
@@ -15165,7 +15251,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                 }
             }
         }
-// # 6666 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6676 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 
 /* Code below here allows additional code to be inserted into this source file,
diff --git a/verification/verifast/proof/stack_predicates.h b/verification/verifast/proof/stack_predicates.h
index 4375451bae6..ca3e26ceab9 100644
--- a/verification/verifast/proof/stack_predicates.h
+++ b/verification/verifast/proof/stack_predicates.h
@@ -2,6 +2,29 @@
 #define STACK_PREDICATES
 
 
+/*@
+// Represents a stack that grows down (cf. RP2040 stack)
+predicate stack_p_2(StackType_t * pxStack, 
+                    uint32_t ulStackDepth, 
+                    StackType_t * pxTopOfStack, 
+                    uint32_t ulFreeBytes,
+                    uint32_t ulUsedCells,
+                    uint32_t ulUnalignedBytes) =
+    // Free stack cells. The size of this memory block is not necessarily a 
+    // multiple of sizeof(StackType_t), due to bitvector arithmetic.
+    // At least, we cannot prove it.
+    chars((char*) pxStack, ulFreeBytes, _) &*&
+    //integer_(pxTopOfStack + sizeof(StackType_t), sizeof(StackType_t), false, _) &*&;
+
+    // If there is any free memory left in this stack,
+    // pxTopOfStack points to the last sizeof(StackType_t) number of bytes.
+    (char*) pxStack + ulFreeBytes == (char*) pxTopOfStack + sizeof(StackType_t) &*&
+    // Used stack cells
+    integers_(pxTopOfStack + sizeof(StackType_t), sizeof(StackType_t), false, ulUsedCells, _) &*&
+    // Unaligned rest
+    chars((char*) pxTopOfStack + sizeof(StackType_t) * (ulUsedCells + 1), ulUnalignedBytes, _);
+@*/
+
 /*@
 // Represents a stack that grows down (cf. RP2040 stack)
 predicate stack_p(StackType_t * pxStack, uint32_t ulStackDepth, StackType_t * pxTopOfStack, uint32_t freeCells) =
diff --git a/verification/verifast/proof/verifast_bitops_extended.h b/verification/verifast/proof/verifast_bitops_extended.h
index 56537c04aef..437ae410283 100644
--- a/verification/verifast/proof/verifast_bitops_extended.h
+++ b/verification/verifast/proof/verifast_bitops_extended.h
@@ -2,6 +2,7 @@
 #define VERIFAST_BITOPS_EXTENDED_H
 
 /*@
+// TODO: Can we remove this?
 lemma void bitand_idempotent_right(int l, int r);
 requires true;
 ensures (l & r) == ((l & r) & r);
diff --git a/verification/verifast/proof/verifast_prelude_extended.h b/verification/verifast/proof/verifast_prelude_extended.h
index 1ac9e819669..b297a118cc1 100644
--- a/verification/verifast/proof/verifast_prelude_extended.h
+++ b/verification/verifast/proof/verifast_prelude_extended.h
@@ -50,4 +50,57 @@ lemma_auto void integers___to_integers_(void *p);
     ensures [f]integers_(p, size, signed_, count, _);
 @*/
 
+
+/*@
+lemma void chars_split_at(char* start_ptr, char* split_ptr)
+requires chars(start_ptr, ?count, ?vs) &*& 
+         start_ptr <= split_ptr &*& split_ptr < start_ptr + count;
+ensures  chars(start_ptr, ?c1, ?vs1) &*&
+         chars(split_ptr, ?c2, ?vs2) &*&
+         start_ptr + c1 == split_ptr &*&
+         c1 + c2 == count;
+{
+    if( start_ptr == split_ptr ) 
+    {
+        close chars(start_ptr, 0, nil);
+    } else
+    {
+        open chars(start_ptr, _, _);
+        chars_split_at(start_ptr+1, split_ptr);
+        assert( chars(start_ptr+1, ?c1, _) );
+        close chars(start_ptr, c1+1, _);
+    }
+}
+@*/
+
+
+/*@
+lemma void division_remainder_def(int l, int r);
+requires l >= 0 &*& r > 0 &*& r < l;
+ensures l == (l % r) + (l / r) * r &*&
+0 <= (l % r) &*&
+(l % r) < r;
+@*/
+
+/*@
+lemma void chars_to_max_integers__suffix(char* startPtr, int intSize, bool signed_)
+requires chars(startPtr, ?count, ?vs) &*& intSize > 0 &*& count > intSize;
+ensures  chars(startPtr, ?cc, _) &*&
+         integers_(?intStartPtr, intSize, signed_, ?ci, _) &*&
+         count == cc + ci * intSize &*&
+         intStartPtr == startPtr + cc &*&
+         cc < intSize &*&
+         ci == count / intSize;
+{
+    int rem = count % intSize;
+    int ci = count / intSize;
+    
+    division_remainder_def(count, intSize);
+    chars_split(startPtr, rem);
+    chars_to_integers_(startPtr + rem, intSize, signed_, ci);
+
+}
+@*/
+
+
 #endif /* VERIFAST_PRELUDE_EXTENDED_H */
\ No newline at end of file

From 800a7204bc820dbe7d2d4ef1804429144304d714 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Tue, 1 Nov 2022 16:06:53 -0400
Subject: [PATCH 076/289] Adapted first half of `prvInitialiseNewTask` to new
 stack predicate.

---
 tasks.c                                       |  19 +--
 .../verifast/preprocessed_files/tasks--pp.c   | 140 +++++++++++-------
 .../verifast/proof/stack_predicates.h         |   1 +
 verification/verifast/proof/task_predicates.h |  42 +++++-
 4 files changed, 127 insertions(+), 75 deletions(-)

diff --git a/tasks.c b/tasks.c
index 1a86c80b4d6..5266b0bfa35 100644
--- a/tasks.c
+++ b/tasks.c
@@ -1535,7 +1535,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             //@ bitand_def((int) pxTopOfStack, gzAlignedTop, gMask, gzMask);
 
             configASSERT( ( ( ( portPOINTER_SIZE_TYPE ) pxTopOfStack & ( portPOINTER_SIZE_TYPE ) portBYTE_ALIGNMENT_MASK ) == 0UL ) );  
-            
+
             /*@
             if( pxTopOfStack < gOldTop )
             {
@@ -1544,7 +1544,6 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             @*/
             //@ assert( chars(gcStack, ?gFreeBytes, _) );
             //@ close stack_p_2(pxNewTCB->pxStack, ulStackDepth, pxTopOfStack, gFreeBytes, 0, gUnalignedBytes);        
-            //@ assert(false);
 
 
             #if ( configRECORD_STACK_HIGH_ADDRESS == 1 )
@@ -1568,17 +1567,14 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         }
     #endif /* portSTACK_GROWTH */
 
-    //@ close uninit_TCB_p(pxNewTCB, stackSize); 
-
     /* Store the task name in the TCB. */
     if( pcName != NULL )
     {
         for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) configMAX_TASK_NAME_LEN; x++ )
-        /*@ invariant uninit_TCB_p(pxNewTCB, stackSize) &*&
+        /*@ invariant chars_(pxNewTCB->pcTaskName, 16, _) &*&
                       chars(pcName, 16, _);
          @*/
         {
-            //@ open uninit_TCB_p(_, _);
             pxNewTCB->pcTaskName[ x ] = pcName[ x ];
 
             /* Don't copy all configMAX_TASK_NAME_LEN if the string is shorter than
@@ -1586,25 +1582,17 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
              * string is not accessible (extremely unlikely). */
             if( pcName[ x ] == ( char ) 0x00 )
             {
-                /* TODO: Why does VeriFast not report a loop invariant
-                 *       violation when we don't close the predicate?
-                 *       This seems like a bug.
-                 */
-                //@ close uninit_TCB_p(_, _);
                 break;
             }
             else
             {
                 mtCOVERAGE_TEST_MARKER();
             }
-            //@ close uninit_TCB_p(_, _);
         }
 
-        //@ open uninit_TCB_p(_, _);
         /* Ensure the name string is terminated in the case that the string length
          * was greater or equal to configMAX_TASK_NAME_LEN. */
         pxNewTCB->pcTaskName[ configMAX_TASK_NAME_LEN - 1 ] = '\0';
-        //@ close uninit_TCB_p(_, _);
     }
     else
     {
@@ -1626,7 +1614,6 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         mtCOVERAGE_TEST_MARKER();
     }
 
-    //@ open uninit_TCB_p(_, _);
     pxNewTCB->uxPriority = uxPriority;
     #if ( configUSE_MUTEXES == 1 )
         {
@@ -1634,12 +1621,10 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             pxNewTCB->uxMutexesHeld = 0;
         }
     #endif /* configUSE_MUTEXES */
-    //@ close uninit_TCB_p(_, _);
 
     vListInitialiseItem( &( pxNewTCB->xStateListItem ) );
     vListInitialiseItem( &( pxNewTCB->xEventListItem ) );
 
-    //@ open uninit_TCB_p(_, _);
 
     /* Set the pxNewTCB as a link back from the ListItem_t.  This is so we can get
      * back to  the containing TCB from a generic item in a list. */
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index d6fff5d8ce1..c61aa3fd7c7 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -9962,6 +9962,7 @@ predicate stack_p_2(StackType_t * pxStack,
                     uint32_t ulFreeBytes,
                     uint32_t ulUsedCells,
                     uint32_t ulUnalignedBytes) =
+    malloc_block_chars((char*) pxStack, ulStackDepth * sizeof(StackType_t)) &*&
     // Free stack cells. The size of this memory block is not necessarily a 
     // multiple of sizeof(StackType_t), due to bitvector arithmetic.
     // At least, we cannot prove it.
@@ -10063,7 +10064,6 @@ predicate xLIST_ITEM(
 
 
 /*@
-
 // This predicate represents the memory corresponding to an
 // uninitialised instance of type `TCB_t` aka `tskTaskControlBlock`.
 predicate uninit_TCB_p(TCB_t * tcb, int stackSize) =
@@ -10104,6 +10104,47 @@ predicate uninit_TCB_p(TCB_t * tcb, int stackSize) =
 
     tcb->ucDelayAborted |-> _;
 @*/
+
+
+/*@
+// This predicate represents the memory corresponding to an
+// initialised instance of type `TCB_t` aka `tskTaskControlBlock`.
+predicate TCB_p(TCB_t * tcb, uint32_t ulFreeBytesOnStack) =
+    malloc_block_tskTaskControlBlock(tcb) &*&
+    tcb->pxStack |-> ?stackPtr &*&
+    tcb->pxTopOfStack |-> ?topPtr &*&
+    stack_p_2(stackPtr, ?ulStackDepth, topPtr, 
+              ulFreeBytesOnStack, ?ulUsedCells, ?ulUnalignedBytes) &*&
+
+    xLIST_ITEM(&tcb->xStateListItem, _, _, _, _) &*&
+    struct_xLIST_ITEM_padding(&tcb->xStateListItem) &*&
+    xLIST_ITEM(&tcb->xEventListItem, _, _, _, _) &*&
+    struct_xLIST_ITEM_padding(&tcb->xEventListItem) &*&
+    
+    tcb->uxPriority |-> _ &*&
+
+    tcb->xTaskRunState |-> _ &*&
+    tcb->xIsIdle |-> _ &*&
+    
+    // Assumes macro `configMAX_TASK_NAME_LEN` evaluates to 16.
+    chars_(tcb->pcTaskName, 16, _) &*&
+
+    tcb->uxCriticalNesting |-> _ &*&
+    tcb->uxTCBNumber |-> _ &*&
+    tcb->uxTaskNumber |-> _ &*&
+    tcb->uxBasePriority |-> _ &*&
+    tcb->uxMutexesHeld |-> _ &*&
+
+    // void * pvThreadLocalStoragePointers[ 5 ];
+    pointers_(tcb->pvThreadLocalStoragePointers, 5, _) &*&
+
+    // We assume that the macro `configTASK_NOTIFICATION_ARRAY_ENTRIES`
+    // evaluates to 1.
+    integers__(tcb->ulNotifiedValue, 4, false, 1, _) &*&
+    uchars_(tcb->ucNotifyState, 1, _) &*&
+
+    tcb->ucDelayAborted |-> _;
+@*/
 // # 60 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_RP2040_axioms.h" 1
 
@@ -11251,21 +11292,17 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             @*/
             //@ assert( chars(gcStack, ?gFreeBytes, _) );
             //@ close stack_p_2(pxNewTCB->pxStack, ulStackDepth, pxTopOfStack, gFreeBytes, 0, gUnalignedBytes);        
-            //@ assert(false);
-// # 1557 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1556 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
-// # 1571 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
-    //@ close uninit_TCB_p(pxNewTCB, stackSize); 
-
+// # 1570 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Store the task name in the TCB. */
     if( pcName != 0 )
     {
         for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) 16; x++ )
-        /*@ invariant uninit_TCB_p(pxNewTCB, stackSize) &*&
+        /*@ invariant chars_(pxNewTCB->pcTaskName, 16, _) &*&
                       chars(pcName, 16, _);
          @*/
         {
-            //@ open uninit_TCB_p(_, _);
             pxNewTCB->pcTaskName[ x ] = pcName[ x ];
 
             /* Don't copy all configMAX_TASK_NAME_LEN if the string is shorter than
@@ -11273,25 +11310,17 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
              * string is not accessible (extremely unlikely). */
             if( pcName[ x ] == ( char ) 0x00 )
             {
-                /* TODO: Why does VeriFast not report a loop invariant
-                 *       violation when we don't close the predicate?
-                 *       This seems like a bug.
-                 */
-                //@ close uninit_TCB_p(_, _);
                 break;
             }
             else
             {
                                         ;
             }
-            //@ close uninit_TCB_p(_, _);
         }
 
-        //@ open uninit_TCB_p(_, _);
         /* Ensure the name string is terminated in the case that the string length
          * was greater or equal to configMAX_TASK_NAME_LEN. */
         pxNewTCB->pcTaskName[ 16 - 1 ] = '\0';
-        //@ close uninit_TCB_p(_, _);
     }
     else
     {
@@ -11313,7 +11342,6 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
                                 ;
     }
 
-    //@ open uninit_TCB_p(_, _);
     pxNewTCB->uxPriority = uxPriority;
 
         {
@@ -11321,12 +11349,10 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             pxNewTCB->uxMutexesHeld = 0;
         }
 
-    //@ close uninit_TCB_p(_, _);
 
     vListInitialiseItem( &( pxNewTCB->xStateListItem ) );
     vListInitialiseItem( &( pxNewTCB->xEventListItem ) );
 
-    //@ open uninit_TCB_p(_, _);
 
     /* Set the pxNewTCB as a link back from the ListItem_t.  This is so we can get
      * back to  the containing TCB from a generic item in a list. */
@@ -11344,7 +11370,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         {
             pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U;
         }
-// # 1679 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1664 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* Avoid compiler warning about unreferenced parameter. */
             ( void ) xRegions;
@@ -11371,7 +11397,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             //@ uchars__to_chars_(pxNewTCB->ucNotifyState);
             memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) );
         }
-// # 1717 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1702 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
 
                 /* Reason for rewrite: Assignment not type safe. */
@@ -11380,17 +11406,17 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 
 
         }
-// # 1740 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1725 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Initialize the TCB stack to look as if the task was already running,
      * but had been interrupted by the scheduler.  The return address is set
      * to the start of the task function. Once the stack has been initialised
      * the top of stack variable is updated. */
-// # 1768 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1753 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* If the port has capability to detect stack overflow,
              * pass the stack end address to the stack initialization
              * function as well. */
-// # 1785 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1770 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                 {
                     pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters );
                 }
@@ -12099,13 +12125,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
 /*-----------------------------------------------------------*/
-// # 2527 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2512 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2550 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2535 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2568 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2553 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2596 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2581 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -12472,7 +12498,7 @@ static BaseType_t prvCreateIdleTasks( void )
         {
                                     ;
         }
-// # 3009 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2994 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 if( xCoreID == 0 )
                 {
@@ -12484,7 +12510,7 @@ static BaseType_t prvCreateIdleTasks( void )
                                            ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */
                                            &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */
                 }
-// # 3032 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3017 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             }
 
     }
@@ -12521,7 +12547,7 @@ void vTaskStartScheduler( void )
          * so interrupts will automatically get re-enabled when the first task
          * starts to run. */
         assert_fct(false);
-// # 3082 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3067 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL;
         xSchedulerRunning = ( ( char ) 1 );
         xTickCount = ( TickType_t ) 0;
@@ -12618,7 +12644,7 @@ void vTaskSuspendAll( void )
     }
 }
 /*----------------------------------------------------------*/
-// # 3240 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3225 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskResumeAll( void )
@@ -12988,7 +13014,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                          * each task in the Suspended state. */
                         uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended );
                     }
-// # 3623 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3608 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         if( pulTotalRunTime != 0 )
                         {
@@ -13027,7 +13053,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
  * This is to ensure vTaskStepTick() is available when user defined low power mode
  * implementations require configUSE_TICKLESS_IDLE to be set to a value other than
  * 1. */
-// # 3674 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3659 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
@@ -13337,13 +13363,13 @@ BaseType_t xTaskIncrementTick( void )
     return xSwitchRequired;
 }
 /*-----------------------------------------------------------*/
-// # 4012 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3997 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4036 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4021 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4061 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4046 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4094 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4079 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 void vTaskSwitchContext( BaseType_t xCoreID )
@@ -13373,7 +13399,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
         {
             xYieldPendings[ xCoreID ] = ( ( char ) 0 );
                                     ;
-// # 4152 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4137 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             /* Check for stack overflow, if configured. */
             { const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } };
 
@@ -13390,7 +13416,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
                                    ;
 
             /* After the new task is switched in, update the global errno. */
-// # 4186 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4171 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
     }
     vPortRecursiveLock(0, spin_lock_instance(14), ( ( char ) 0 ));
@@ -13503,7 +13529,7 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
     {
         ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) );
         ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ;
-// # 4312 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4297 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
     else
     {
@@ -13543,7 +13569,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
     pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
     assert(pxUnblockedTCB);
     ( void ) uxListRemove( pxEventListItem );
-// # 4366 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4351 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Remove the task from the delayed list and add it to the ready list.  The
      * scheduler is suspended so interrupts will not be accessing the ready
      * lists. */
@@ -13708,7 +13734,7 @@ void vTaskMissedYield( void )
  *
  * @todo additional conditional compiles to remove this function.
  */
-// # 4590 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4575 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * -----------------------------------------------------------
  * The Idle task.
@@ -13738,7 +13764,7 @@ static void prvIdleTask( void * pvParameters )
         /* See if any tasks have deleted themselves - if so then the idle task
          * is responsible for freeing the deleted task's TCB and stack. */
         prvCheckTasksWaitingTermination();
-// # 4631 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4616 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 /* When using preemption tasks of equal priority will be
                  * timesliced.  If a task that is sharing the idle priority is ready
@@ -13759,16 +13785,16 @@ static void prvIdleTask( void * pvParameters )
                                             ;
                 }
             }
-// # 4667 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4652 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         /* This conditional compilation should use inequality to 0, not equality
          * to 1.  This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when
          * user defined low power mode  implementations require
          * configUSE_TICKLESS_IDLE to be set to a value other than 1. */
-// # 4732 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4717 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 }
 /*-----------------------------------------------------------*/
-// # 4782 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4767 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13813,7 +13839,7 @@ static void prvIdleTask( void * pvParameters )
 
 
 /*-----------------------------------------------------------*/
-// # 4842 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4827 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvInitialiseTaskLists( void )
@@ -13915,7 +13941,7 @@ static void prvCheckTasksWaitingTermination( void )
             {
                 pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority;
             }
-// # 4954 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4939 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 pxTaskStatus->ulRunTimeCounter = 0;
             }
@@ -14046,7 +14072,7 @@ static void prvCheckTasksWaitingTermination( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5123 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5108 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -14103,7 +14129,7 @@ static void prvCheckTasksWaitingTermination( void )
                 free( (void*) pxTCB->pxStack);
                 free( (void*) pxTCB);
             }
-// # 5206 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5191 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 
 
@@ -14603,11 +14629,11 @@ void vTaskYieldWithinAPI( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5731 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5716 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 5837 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5822 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
-// # 5964 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5949 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 TickType_t uxTaskResetEventItemValue( void )
@@ -14881,7 +14907,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
                 /* The task should not have been on an event list. */
                 assert(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0);
-// # 6255 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6240 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         prvYieldForTask( pxTCB, ( ( char ) 0 ) );
                     }
@@ -15175,7 +15201,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
 
 /*-----------------------------------------------------------*/
-// # 6564 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6549 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
@@ -15251,7 +15277,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                 }
             }
         }
-// # 6676 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6661 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 
 /* Code below here allows additional code to be inserted into this source file,
diff --git a/verification/verifast/proof/stack_predicates.h b/verification/verifast/proof/stack_predicates.h
index ca3e26ceab9..41ca9710054 100644
--- a/verification/verifast/proof/stack_predicates.h
+++ b/verification/verifast/proof/stack_predicates.h
@@ -10,6 +10,7 @@ predicate stack_p_2(StackType_t * pxStack,
                     uint32_t ulFreeBytes,
                     uint32_t ulUsedCells,
                     uint32_t ulUnalignedBytes) =
+    malloc_block_chars((char*) pxStack, ulStackDepth * sizeof(StackType_t)) &*&
     // Free stack cells. The size of this memory block is not necessarily a 
     // multiple of sizeof(StackType_t), due to bitvector arithmetic.
     // At least, we cannot prove it.
diff --git a/verification/verifast/proof/task_predicates.h b/verification/verifast/proof/task_predicates.h
index 0f3a288df7c..270f7220726 100644
--- a/verification/verifast/proof/task_predicates.h
+++ b/verification/verifast/proof/task_predicates.h
@@ -6,7 +6,6 @@
 
 
 /*@
-
 // This predicate represents the memory corresponding to an
 // uninitialised instance of type `TCB_t` aka `tskTaskControlBlock`.
 predicate uninit_TCB_p(TCB_t * tcb, int stackSize) =
@@ -48,4 +47,45 @@ predicate uninit_TCB_p(TCB_t * tcb, int stackSize) =
     tcb->ucDelayAborted |-> _;
 @*/
 
+
+/*@
+// This predicate represents the memory corresponding to an
+// initialised instance of type `TCB_t` aka `tskTaskControlBlock`.
+predicate TCB_p(TCB_t * tcb, uint32_t ulFreeBytesOnStack) =
+    malloc_block_tskTaskControlBlock(tcb) &*&
+    tcb->pxStack |-> ?stackPtr &*&
+    tcb->pxTopOfStack |-> ?topPtr &*&
+    stack_p_2(stackPtr, ?ulStackDepth, topPtr, 
+              ulFreeBytesOnStack, ?ulUsedCells, ?ulUnalignedBytes) &*&
+
+    xLIST_ITEM(&tcb->xStateListItem, _, _, _, _) &*&
+    struct_xLIST_ITEM_padding(&tcb->xStateListItem) &*&
+    xLIST_ITEM(&tcb->xEventListItem, _, _, _, _) &*&
+    struct_xLIST_ITEM_padding(&tcb->xEventListItem) &*&
+    
+    tcb->uxPriority |-> _ &*&
+
+    tcb->xTaskRunState |-> _ &*&
+    tcb->xIsIdle |-> _ &*&
+    
+    // Assumes macro `configMAX_TASK_NAME_LEN` evaluates to 16.
+    chars_(tcb->pcTaskName, 16, _) &*&
+
+    tcb->uxCriticalNesting |-> _ &*&
+    tcb->uxTCBNumber |-> _ &*&
+    tcb->uxTaskNumber |-> _ &*&
+    tcb->uxBasePriority |-> _ &*&
+    tcb->uxMutexesHeld |-> _ &*&
+
+    // void * pvThreadLocalStoragePointers[ 5 ];
+    pointers_(tcb->pvThreadLocalStoragePointers, 5, _) &*&
+
+    // We assume that the macro `configTASK_NOTIFICATION_ARRAY_ENTRIES`
+    // evaluates to 1.
+    integers__(tcb->ulNotifiedValue, 4, false, 1, _) &*&
+    uchars_(tcb->ucNotifyState, 1, _) &*&
+
+    tcb->ucDelayAborted |-> _;
+@*/
+
 #endif /* TASKS_GH */
\ No newline at end of file

From f793c9603135cc3e55574384663ca131e2579d19 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Wed, 2 Nov 2022 12:09:15 -0400
Subject: [PATCH 077/289] Adapted part of `pxPortInitialiseStack` proof to new
 stack predicate.

---
 tasks.c                                       |   2 +-
 .../verifast/preprocessed_files/tasks--pp.c   | 316 +++++++++++-------
 .../proof/snippets/rp2040_port_c_snippets.c   | 125 +++++--
 .../verifast/proof/stack_predicates.h         |   8 +-
 4 files changed, 297 insertions(+), 154 deletions(-)

diff --git a/tasks.c b/tasks.c
index 5266b0bfa35..ff0e1c06202 100644
--- a/tasks.c
+++ b/tasks.c
@@ -6680,4 +6680,4 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
         }
     #endif
 
-#endif /* if ( configINCLUDE_FREERTOS_TASK_C_ADDITIONS_H == 1 ) */
+#endif /* if ( configINCLUDE_FREERTOS_TASK_C_ADDITIONS_H == 1 ) */
\ No newline at end of file
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index c61aa3fd7c7..d8b060f4eeb 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -60,40 +60,40 @@ typedef intptr_t ptrdiff_t;
 typedef intptr_t ssize_t;
 // # 5 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/malloc.h" 2
 
-/*@
-
-// In Standard C, freeing a null pointer is allowed and is a no-op.
-lemma_auto void malloc_block_null();
-    requires emp;
-    ensures malloc_block(0, 0);
-
-lemma void malloc_block_limits(void *array);
-    requires [?f]malloc_block(array, ?size);
-    ensures [f]malloc_block(array, size) &*& (void *)0 <= array &*& 0 <= size &*& array + size <= (void *)UINTPTR_MAX;
-
+/*@
+
+// In Standard C, freeing a null pointer is allowed and is a no-op.
+lemma_auto void malloc_block_null();
+    requires emp;
+    ensures malloc_block(0, 0);
+
+lemma void malloc_block_limits(void *array);
+    requires [?f]malloc_block(array, ?size);
+    ensures [f]malloc_block(array, size) &*& (void *)0 <= array &*& 0 <= size &*& array + size <= (void *)UINTPTR_MAX;
+
 @*/
 
 void *malloc(size_t size);
     //@ requires true;
-    /*@
-    ensures
-        result == 0 ?
-            emp
-        :
-            chars_(result, size, _) &*& malloc_block(result, size) &*&
-            (char *)0 < result && result + size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
+    /*@
+    ensures
+        result == 0 ?
+            emp
+        :
+            chars_(result, size, _) &*& malloc_block(result, size) &*&
+            (char *)0 < result && result + size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
     @*/
     //@ terminates;
 
 void *calloc(size_t nmemb, size_t size);
     //@ requires true;
-    /*@
-    ensures
-        result == 0 ?
-            emp
-        :
-            chars(result, nmemb * size, ?cs) &*& malloc_block(result, nmemb * size) &*& all_eq(cs, 0) == true &*&
-            (char *)0 < result && result + nmemb * size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
+    /*@
+    ensures
+        result == 0 ?
+            emp
+        :
+            chars(result, nmemb * size, ?cs) &*& malloc_block(result, nmemb * size) &*& all_eq(cs, 0) == true &*&
+            (char *)0 < result && result + nmemb * size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
     @*/
     //@ terminates;
 
@@ -104,16 +104,16 @@ void free(void *array);
 
 void *realloc(void *array, size_t newSize);
     //@ requires malloc_block(array, ?size) &*& chars(array, size, ?cs);
-    /*@
-    ensures
-        result == 0 ?
-            malloc_block(array, size) &*& chars(array, size, cs)
-        :
-            malloc_block(result, newSize) &*&
-            newSize <= size ?
-                chars(result, _, take(newSize, cs))
-            :
-                chars(result, _, cs) &*& chars(result + size, newSize - size, _);
+    /*@
+    ensures
+        result == 0 ?
+            malloc_block(array, size) &*& chars(array, size, cs)
+        :
+            malloc_block(result, newSize) &*&
+            newSize <= size ?
+                chars(result, _, take(newSize, cs))
+            :
+                chars(result, _, cs) &*& chars(result + size, newSize - size, _);
     @*/
     //@ terminates;
 // # 6 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdlib.h" 2
@@ -158,21 +158,21 @@ void memcpy(void *array, void *array0, size_t count);
     //@ ensures chars(array, count, cs0) &*& [f]chars(array0, count, cs0);
 
 void memmove(void *dest, void *src, size_t count);
-    /*@
-    requires
-        chars(src, count, ?cs) &*&
-        dest <= src ?
-            chars(dest, src - dest, _)
-        :
-            chars(src + count, dest - src, _);
+    /*@
+    requires
+        chars(src, count, ?cs) &*&
+        dest <= src ?
+            chars(dest, src - dest, _)
+        :
+            chars(src + count, dest - src, _);
     @*/
-    /*@
-    ensures
-        chars(dest, count, cs) &*&
-        dest <= src ?
-            chars(dest + count, src - dest, _)
-        :
-            chars(src, dest - src, _);
+    /*@
+    ensures
+        chars(dest, count, cs) &*&
+        dest <= src ?
+            chars(dest + count, src - dest, _)
+        :
+            chars(src, dest - src, _);
     @*/
 
 size_t strlen(char *string);
@@ -193,15 +193,15 @@ char *memchr(char *array, char c, size_t count);
 
 char* strchr(char *str, char c);
     //@ requires [?f]string(str, ?cs);
-    /*@ ensures
-            [f]string(str, cs) &*&
-            c == 0 ? 
-                result == str + length(cs)
-            : 
-                result == 0 ?
-                    mem(c, cs) == false
-                :
-                    mem(c, cs) == true &*& result == str + index_of(c, cs);
+    /*@ ensures
+            [f]string(str, cs) &*&
+            c == 0 ? 
+                result == str + length(cs)
+            : 
+                result == 0 ?
+                    mem(c, cs) == false
+                :
+                    mem(c, cs) == true &*& result == str + index_of(c, cs);
     @*/
 
 void* memset(void *array, char value, size_t size);
@@ -548,33 +548,33 @@ typedef void (* TaskFunction_t)( void * );
  * must be set in the compiler's include path. */
 
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 1
-/*
- * FreeRTOS SMP Kernel V202110.00
- * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
- * Copyright (c) 2021 Raspberry Pi (Trading) Ltd.
- *
- * SPDX-License-Identifier: MIT AND BSD-3-Clause
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy of
- * this software and associated documentation files (the "Software"), to deal in
- * the Software without restriction, including without limitation the rights to
- * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
- * the Software, and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
- * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
- * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
- * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
- * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- *
- * https://www.FreeRTOS.org
- * https://github.com/FreeRTOS
- *
+/*
+ * FreeRTOS SMP Kernel V202110.00
+ * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
+ * Copyright (c) 2021 Raspberry Pi (Trading) Ltd.
+ *
+ * SPDX-License-Identifier: MIT AND BSD-3-Clause
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of
+ * this software and associated documentation files (the "Software"), to deal in
+ * the Software without restriction, including without limitation the rights to
+ * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+ * the Software, and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+ * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+ * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * https://www.FreeRTOS.org
+ * https://github.com/FreeRTOS
+ *
  */
 // # 37 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico.h" 1
@@ -4283,14 +4283,14 @@ int spin_lock_claim_unused(bool required);
 bool spin_lock_is_claimed(uint lock_num);
 // # 39 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 2
 
-/*-----------------------------------------------------------
- * Port specific definitions.
- *
- * The settings in this file configure FreeRTOS correctly for the
- * given hardware and compiler.
- *
- * These settings should not be altered.
- *-----------------------------------------------------------
+/*-----------------------------------------------------------
+ * Port specific definitions.
+ *
+ * The settings in this file configure FreeRTOS correctly for the
+ * given hardware and compiler.
+ *
+ * These settings should not be altered.
+ *-----------------------------------------------------------
  */
 
 /* Type definitions. */
@@ -4306,7 +4306,7 @@ bool spin_lock_is_claimed(uint lock_num);
         typedef uint32_t TickType_t;
 
 
-/* 32-bit tick type on a 32-bit architecture, so reads of the tick count do
+/* 32-bit tick type on a 32-bit architecture, so reads of the tick count do
  * not need to be guarded with a critical section. */
 
 
@@ -4317,13 +4317,13 @@ bool spin_lock_is_claimed(uint lock_num);
 
 
 
-        /* Reason for rewrite: VeriFast does not support the attriibute `used`. 
+        /* Reason for rewrite: VeriFast does not support the attriibute `used`. 
          */
 
 
 
 
-    /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config,
+    /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config,
      * as our FreeRTOSConfig.h header cannot be included by ASM code - which is what this affects in the SDK */
 
 
@@ -4388,11 +4388,11 @@ bool spin_lock_is_claimed(uint lock_num);
 
 
 
-    /* Note this is a single method with uxAcquire parameter since we have
-     * static vars, the method is always called with a compile time constant for
+    /* Note this is a single method with uxAcquire parameter since we have
+     * static vars, the method is always called with a compile time constant for
      * uxAcquire, and the compiler should dothe right thing! */
 
-        /* Reason for rewrite: VeriFast does not support local static variables.
+        /* Reason for rewrite: VeriFast does not support local static variables.
          */
 // # 226 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
 /*-----------------------------------------------------------*/
@@ -9973,9 +9973,12 @@ predicate stack_p_2(StackType_t * pxStack,
     // pxTopOfStack points to the last sizeof(StackType_t) number of bytes.
     (char*) pxStack + ulFreeBytes == (char*) pxTopOfStack + sizeof(StackType_t) &*&
     // Used stack cells
-    integers_(pxTopOfStack + sizeof(StackType_t), sizeof(StackType_t), false, ulUsedCells, _) &*&
+    integers_(pxTopOfStack + 1, sizeof(StackType_t), false, ulUsedCells, _) &*&
     // Unaligned rest
-    chars((char*) pxTopOfStack + sizeof(StackType_t) * (ulUsedCells + 1), ulUnalignedBytes, _);
+    //unalignedRestOfStack_p((char*) pxStack + freeBytes, ulUsedCells, ulUnalignedBytes);
+    true;
+
+
 @*/
 
 /*@
@@ -10402,7 +10405,6 @@ StackType_t* test_stack_pred(uint32_t depth)
 }
 // -------------------------------------------------
 
-
 /*
  * See header file for description.
  */
@@ -10410,43 +10412,111 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
                                      TaskFunction_t pxCode,
                                      void * pvParameters )
 /*@ requires pxTopOfStack > 0 &*&
-             stack_p(?pxStack, ?ulStackDepth, pxTopOfStack, ulStackDepth) &*&
-             ulStackDepth > 16;
+             stack_p_2(?pxStack, ?ulStackDepth, pxTopOfStack, ?ulFreeBytes, 
+                       ?ulUsedCells, ?ulUnalignedBytes) &*&
+             ulFreeBytes > 17 * sizeof(StackType_t) &*&
+             pxStack > 0;
   @*/
-//@ ensures stack_p(pxStack, ulStackDepth, pxTopOfStack-16, ulStackDepth-16);
+/*@ ensures stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes, 
+                       			    ulUsedCells, ulUnalignedBytes);
+@*/
 {
-    //@ StackType_t* oldTop = pxTopOfStack;
-    //@ open stack_p(pxStack, ulStackDepth, pxTopOfStack, ulStackDepth);
-    ///@ close stack_p(pxStack, ulStackDepth, pxTopOfStack-1, ulStackDepth-1);
-    ///@ getTopOfStack(pxStack, pxTopOfStack-1);
-    //@ integers__split(pxStack, ulStackDepth-2);
-
+    //@ StackType_t* gOldTop = pxTopOfStack;
+    //@ char* gcStack = (char*) pxStack;
+    //@ open stack_p_2(_, _, _, _, _, _);
+    
+    //@ assert( (char*) pxTopOfStack == (char*) pxStack + ulFreeBytes - sizeof(StackType_t) );
+    //@ assert( (char*) pxStack + ulFreeBytes == (char*) pxTopOfStack + sizeof(StackType_t) );
+    
+    // skip stack cell #0
+    //@ chars_split(gcStack, ulFreeBytes - sizeof(StackType_t));
+    //@ chars_to_integers_(gOldTop, sizeof(StackType_t), false, 1);
+    //@ integers__join(gOldTop);
     /* Simulate the stack frame as it would be created by a context switch
      * interrupt. */
     pxTopOfStack--; /* Offset added to account for the way the MCU uses the stack on entry/exit of interrupts. */
+    
+    // Ensure maintining stack invariant
+    //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 1, ulUsedCells + 1, ulUnalignedBytes);
+    //@ open stack_p_2(pxStack, _, _, _, _, _);
+    
+    //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 2) );
+    //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 1) == (char*) pxTopOfStack + sizeof(StackType_t) );
+    
+    // make stack cell #1 available
+    //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 2));
+    //@ chars_to_integers_(gOldTop-1, sizeof(StackType_t), false, 1);
+    //@ integers__join(gOldTop-1);
     *pxTopOfStack = ( 0x01000000 ); /* xPSR */
+    //@ close integers_(gOldTop-1, sizeof(StackType_t), false, ulUsedCells+2, _);
     pxTopOfStack--;
-    //@ close integers_(oldTop-1, sizeof(StackType_t), false, 2, _);
-    //@ integers__join(pxStack);
+    
+    // Ensure maintining stack invariant
+    //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 2, ulUsedCells + 2, ulUnalignedBytes);
+    //@ open stack_p_2(pxStack, _, _, _, _, _);
+    
+    //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 3) );
+    //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 2) == (char*) pxTopOfStack + sizeof(StackType_t) );
+    
+    // prevent overflow
     //@ ptr_range(pxCode);
-    //@ integers__split(pxStack, ulStackDepth-3);
+    // make stack cell #2 available
+    //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 3));
+    //@ chars_to_integers_(gOldTop-2, sizeof(StackType_t), false, 1);
+    //@ integers__join(gOldTop-2);
     *pxTopOfStack = ( StackType_t ) pxCode; /* PC */
-    //@ close integers_(oldTop-2, sizeof(StackType_t), false, 3, _);
+    //@ close integers_(gOldTop-2, sizeof(StackType_t), false, ulUsedCells+3, _);
     pxTopOfStack--;
+    
+    // Ensure maintining stack invariant
+    //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 3, ulUsedCells + 3, ulUnalignedBytes);
+    //@ open stack_p_2(pxStack, _, _, _, _, _);
+    
+    //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 4) );
+    //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 3) == (char*) pxTopOfStack + sizeof(StackType_t) );
+    
+    // prevent underflow
     //@ ptr_range(prvTaskExitError);
-    //@ integers__join(pxStack);
-    //@ integers__split(pxStack, ulStackDepth-4);
+    // make stack cell #3 available
+    //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 4));
+    //@ chars_to_integers_(gOldTop-3, sizeof(StackType_t), false, 1);
+    //@ integers__join(gOldTop-3);
     *pxTopOfStack = ( StackType_t ) prvTaskExitError; /* LR */
-    //@ close integers_(oldTop-3, sizeof(StackType_t), false, 4, _);
-    //@ integers__join(pxStack);
+    //@ close integers_(gOldTop-3, sizeof(StackType_t), false, ulUsedCells+4, _);
+    
     pxTopOfStack -= 5; /* R12, R3, R2 and R1. */
+    
+    // Ensure maintining stack invariant
+    //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 8, ulUsedCells + 8, ulUnalignedBytes);
+    //@ open stack_p_2(pxStack, _, _, _, _, _);
+    
+    //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 9) );
+    //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 8) == (char*) pxTopOfStack + sizeof(StackType_t) );
+    
+    // prevent overflow
     //@ ptr_range(pvParameters);
-    //@ integers__split(pxStack, ulStackDepth-9);
+    // make stack cell #8 available
+    //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 9));
+    //@ chars_to_integers_(gOldTop-8, sizeof(StackType_t), false, 5);
+    //@ integers__join(gOldTop-8);
     *pxTopOfStack = ( StackType_t ) pvParameters; /* R0 */
-    //@ close integers_(oldTop-8, sizeof(StackType_t), false, 9, _);
-    //@ integers__join(pxStack);
+    //@ close integers_(gOldTop-8, sizeof(StackType_t), false, ulUsedCells+9, _);
+    
+    
+    // skip stack cells #9 - #15, leave #16 unused
+    //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 17));
+    //@ chars_to_integers_(gOldTop-16, sizeof(StackType_t), false, 8);
+    //@ integers__join(gOldTop-16);
     pxTopOfStack -= 8; /* R11..R4. */
-    //@ close stack_p(pxStack, ulStackDepth, pxTopOfStack, ulStackDepth-16);
+    
+    //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 17) );
+    //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 16) == (char*) pxTopOfStack + sizeof(StackType_t) );
+    
+    
+    
+    
+    //@close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - (sizeof(StackType_t) * 16),  ulUsedCells, ulUnalignedBytes);
+    
     return pxTopOfStack;
 }
 // # 66 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
diff --git a/verification/verifast/proof/snippets/rp2040_port_c_snippets.c b/verification/verifast/proof/snippets/rp2040_port_c_snippets.c
index fad6c90bc22..6c2789141f9 100644
--- a/verification/verifast/proof/snippets/rp2040_port_c_snippets.c
+++ b/verification/verifast/proof/snippets/rp2040_port_c_snippets.c
@@ -105,7 +105,6 @@ StackType_t* test_stack_pred(uint32_t depth)
 }
 // -------------------------------------------------
 
-
 /*
  * See header file for description.
  */
@@ -113,42 +112,110 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
                                      TaskFunction_t pxCode,
                                      void * pvParameters )
 /*@ requires pxTopOfStack > 0 &*&
-             stack_p(?pxStack, ?ulStackDepth, pxTopOfStack, ulStackDepth) &*&
-             ulStackDepth > 16;
+             stack_p_2(?pxStack, ?ulStackDepth, pxTopOfStack, ?ulFreeBytes, 
+                       ?ulUsedCells, ?ulUnalignedBytes) &*&
+             ulFreeBytes > 17 * sizeof(StackType_t) &*&
+             pxStack > 0;
   @*/
-//@ ensures stack_p(pxStack, ulStackDepth, pxTopOfStack-16, ulStackDepth-16);
+/*@ ensures stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes, 
+                       			    ulUsedCells, ulUnalignedBytes);
+@*/
 {
-    //@ StackType_t* oldTop = pxTopOfStack;
-    //@ open stack_p(pxStack, ulStackDepth, pxTopOfStack, ulStackDepth);
-    ///@ close stack_p(pxStack, ulStackDepth, pxTopOfStack-1, ulStackDepth-1);
-    ///@ getTopOfStack(pxStack, pxTopOfStack-1);
-    //@ integers__split(pxStack, ulStackDepth-2);
-
+    //@ StackType_t* gOldTop = pxTopOfStack;
+    //@ char* gcStack = (char*) pxStack;
+    //@ open stack_p_2(_, _, _, _, _, _);
+    
+    //@ assert( (char*) pxTopOfStack == (char*) pxStack + ulFreeBytes - sizeof(StackType_t) );
+    //@ assert( (char*) pxStack + ulFreeBytes == (char*) pxTopOfStack + sizeof(StackType_t) );
+    
+    // skip stack cell #0
+    //@ chars_split(gcStack, ulFreeBytes - sizeof(StackType_t));
+    //@ chars_to_integers_(gOldTop, sizeof(StackType_t), false, 1);
+    //@ integers__join(gOldTop);
     /* Simulate the stack frame as it would be created by a context switch
      * interrupt. */
-    pxTopOfStack--;                                          /* Offset added to account for the way the MCU uses the stack on entry/exit of interrupts. */
-    *pxTopOfStack = portINITIAL_XPSR;                        /* xPSR */
+    pxTopOfStack--; /* Offset added to account for the way the MCU uses the stack on entry/exit of interrupts. */
+    
+    // Ensure maintining stack invariant
+    //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 1, ulUsedCells + 1, ulUnalignedBytes);
+    //@ open stack_p_2(pxStack, _, _, _, _, _);
+    
+    //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 2) );
+    //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 1) == (char*) pxTopOfStack + sizeof(StackType_t) );
+    
+    // make stack cell #1 available
+    //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 2));
+    //@ chars_to_integers_(gOldTop-1, sizeof(StackType_t), false, 1);
+    //@ integers__join(gOldTop-1);
+    *pxTopOfStack = ( 0x01000000 ); /* xPSR */
+    //@ close integers_(gOldTop-1, sizeof(StackType_t), false, ulUsedCells+2, _);
     pxTopOfStack--;
-    //@ close integers_(oldTop-1, sizeof(StackType_t), false, 2, _);
-    //@ integers__join(pxStack);
+    
+    // Ensure maintining stack invariant
+    //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 2, ulUsedCells + 2, ulUnalignedBytes);
+    //@ open stack_p_2(pxStack, _, _, _, _, _);
+    
+    //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 3) );
+    //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 2) == (char*) pxTopOfStack + sizeof(StackType_t) );
+    
+    // prevent overflow
     //@ ptr_range(pxCode);
-    //@ integers__split(pxStack, ulStackDepth-3);
-    *pxTopOfStack = ( StackType_t ) pxCode;                  /* PC */
-    //@ close integers_(oldTop-2, sizeof(StackType_t), false, 3, _);
+    // make stack cell #2 available
+    //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 3));
+    //@ chars_to_integers_(gOldTop-2, sizeof(StackType_t), false, 1);
+    //@ integers__join(gOldTop-2);
+    *pxTopOfStack = ( StackType_t ) pxCode; /* PC */
+    //@ close integers_(gOldTop-2, sizeof(StackType_t), false, ulUsedCells+3, _);
     pxTopOfStack--;
+    
+    // Ensure maintining stack invariant
+    //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 3, ulUsedCells + 3, ulUnalignedBytes);
+    //@ open stack_p_2(pxStack, _, _, _, _, _);
+    
+    //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 4) );
+    //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 3) == (char*) pxTopOfStack + sizeof(StackType_t) );
+    
+    // prevent underflow
     //@ ptr_range(prvTaskExitError);
-    //@ integers__join(pxStack);
-    //@ integers__split(pxStack, ulStackDepth-4);
-    *pxTopOfStack = ( StackType_t ) portTASK_RETURN_ADDRESS; /* LR */
-    //@ close integers_(oldTop-3, sizeof(StackType_t), false, 4, _);
-    //@ integers__join(pxStack);
-    pxTopOfStack -= 5;                                       /* R12, R3, R2 and R1. */
+    // make stack cell #3 available
+    //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 4));
+    //@ chars_to_integers_(gOldTop-3, sizeof(StackType_t), false, 1);
+    //@ integers__join(gOldTop-3);
+    *pxTopOfStack = ( StackType_t ) prvTaskExitError; /* LR */
+    //@ close integers_(gOldTop-3, sizeof(StackType_t), false, ulUsedCells+4, _);
+    
+    pxTopOfStack -= 5; /* R12, R3, R2 and R1. */
+    
+    // Ensure maintining stack invariant
+    //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 8, ulUsedCells + 8, ulUnalignedBytes);
+    //@ open stack_p_2(pxStack, _, _, _, _, _);
+    
+    //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 9) );
+    //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 8) == (char*) pxTopOfStack + sizeof(StackType_t) );
+    
+    // prevent overflow
     //@ ptr_range(pvParameters);
-    //@ integers__split(pxStack, ulStackDepth-9);
-    *pxTopOfStack = ( StackType_t ) pvParameters;            /* R0 */
-    //@ close integers_(oldTop-8, sizeof(StackType_t), false, 9, _);
-    //@ integers__join(pxStack);
-    pxTopOfStack -= 8;                                       /* R11..R4. */
-    //@ close stack_p(pxStack, ulStackDepth, pxTopOfStack, ulStackDepth-16);
+    // make stack cell #8 available
+    //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 9));
+    //@ chars_to_integers_(gOldTop-8, sizeof(StackType_t), false, 5);
+    //@ integers__join(gOldTop-8);
+    *pxTopOfStack = ( StackType_t ) pvParameters; /* R0 */
+    //@ close integers_(gOldTop-8, sizeof(StackType_t), false, ulUsedCells+9, _);
+    
+    
+    // skip stack cells #9 - #15, leave #16 unused
+    //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 17));
+    //@ chars_to_integers_(gOldTop-16, sizeof(StackType_t), false, 8);
+    //@ integers__join(gOldTop-16);
+    pxTopOfStack -= 8; /* R11..R4. */
+    
+    //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 17) );
+    //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 16) == (char*) pxTopOfStack + sizeof(StackType_t) );
+    
+    
+    
+    
+    //@close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - (sizeof(StackType_t) * 16),  ulUsedCells, ulUnalignedBytes);
+    
     return pxTopOfStack;
 }
\ No newline at end of file
diff --git a/verification/verifast/proof/stack_predicates.h b/verification/verifast/proof/stack_predicates.h
index 41ca9710054..b426664771e 100644
--- a/verification/verifast/proof/stack_predicates.h
+++ b/verification/verifast/proof/stack_predicates.h
@@ -21,8 +21,14 @@ predicate stack_p_2(StackType_t * pxStack,
     // pxTopOfStack points to the last sizeof(StackType_t) number of bytes.
     (char*) pxStack + ulFreeBytes == (char*) pxTopOfStack + sizeof(StackType_t) &*&
     // Used stack cells
-    integers_(pxTopOfStack + sizeof(StackType_t), sizeof(StackType_t), false, ulUsedCells, _) &*&
+    integers_(pxTopOfStack + 1, sizeof(StackType_t), false, ulUsedCells, _) &*&
     // Unaligned rest
+    //unalignedRestOfStack_p(pxTopOfStack, ulUsedCells, ulUnalignedBytes);
+    true; // skip unaligned part for now
+
+predicate unalignedRestOfStack_p(StackType_t * pxTopOfStack,
+                                 uint32_t ulUsedCells,
+                                 uint32_t ulUnalignedBytes) =
     chars((char*) pxTopOfStack + sizeof(StackType_t) * (ulUsedCells + 1), ulUnalignedBytes, _);
 @*/
 

From 249d220ed71b2bed20bf02ac9167fb1118f9bc98 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Wed, 2 Nov 2022 14:02:42 -0400
Subject: [PATCH 078/289] Verified `pxPortInitialiseStack` for new version of
 stack predicate.

---
 .../verifast/preprocessed_files/tasks--pp.c   | 275 +++++++++---------
 .../proof/snippets/rp2040_port_c_snippets.c   |  62 ++--
 2 files changed, 178 insertions(+), 159 deletions(-)

diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index d8b060f4eeb..d7bd2b19431 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -60,40 +60,40 @@ typedef intptr_t ptrdiff_t;
 typedef intptr_t ssize_t;
 // # 5 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/malloc.h" 2
 
-/*@
-
-// In Standard C, freeing a null pointer is allowed and is a no-op.
-lemma_auto void malloc_block_null();
-    requires emp;
-    ensures malloc_block(0, 0);
-
-lemma void malloc_block_limits(void *array);
-    requires [?f]malloc_block(array, ?size);
-    ensures [f]malloc_block(array, size) &*& (void *)0 <= array &*& 0 <= size &*& array + size <= (void *)UINTPTR_MAX;
-
+/*@
+
+// In Standard C, freeing a null pointer is allowed and is a no-op.
+lemma_auto void malloc_block_null();
+    requires emp;
+    ensures malloc_block(0, 0);
+
+lemma void malloc_block_limits(void *array);
+    requires [?f]malloc_block(array, ?size);
+    ensures [f]malloc_block(array, size) &*& (void *)0 <= array &*& 0 <= size &*& array + size <= (void *)UINTPTR_MAX;
+
 @*/
 
 void *malloc(size_t size);
     //@ requires true;
-    /*@
-    ensures
-        result == 0 ?
-            emp
-        :
-            chars_(result, size, _) &*& malloc_block(result, size) &*&
-            (char *)0 < result && result + size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
+    /*@
+    ensures
+        result == 0 ?
+            emp
+        :
+            chars_(result, size, _) &*& malloc_block(result, size) &*&
+            (char *)0 < result && result + size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
     @*/
     //@ terminates;
 
 void *calloc(size_t nmemb, size_t size);
     //@ requires true;
-    /*@
-    ensures
-        result == 0 ?
-            emp
-        :
-            chars(result, nmemb * size, ?cs) &*& malloc_block(result, nmemb * size) &*& all_eq(cs, 0) == true &*&
-            (char *)0 < result && result + nmemb * size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
+    /*@
+    ensures
+        result == 0 ?
+            emp
+        :
+            chars(result, nmemb * size, ?cs) &*& malloc_block(result, nmemb * size) &*& all_eq(cs, 0) == true &*&
+            (char *)0 < result && result + nmemb * size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
     @*/
     //@ terminates;
 
@@ -104,16 +104,16 @@ void free(void *array);
 
 void *realloc(void *array, size_t newSize);
     //@ requires malloc_block(array, ?size) &*& chars(array, size, ?cs);
-    /*@
-    ensures
-        result == 0 ?
-            malloc_block(array, size) &*& chars(array, size, cs)
-        :
-            malloc_block(result, newSize) &*&
-            newSize <= size ?
-                chars(result, _, take(newSize, cs))
-            :
-                chars(result, _, cs) &*& chars(result + size, newSize - size, _);
+    /*@
+    ensures
+        result == 0 ?
+            malloc_block(array, size) &*& chars(array, size, cs)
+        :
+            malloc_block(result, newSize) &*&
+            newSize <= size ?
+                chars(result, _, take(newSize, cs))
+            :
+                chars(result, _, cs) &*& chars(result + size, newSize - size, _);
     @*/
     //@ terminates;
 // # 6 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdlib.h" 2
@@ -158,21 +158,21 @@ void memcpy(void *array, void *array0, size_t count);
     //@ ensures chars(array, count, cs0) &*& [f]chars(array0, count, cs0);
 
 void memmove(void *dest, void *src, size_t count);
-    /*@
-    requires
-        chars(src, count, ?cs) &*&
-        dest <= src ?
-            chars(dest, src - dest, _)
-        :
-            chars(src + count, dest - src, _);
+    /*@
+    requires
+        chars(src, count, ?cs) &*&
+        dest <= src ?
+            chars(dest, src - dest, _)
+        :
+            chars(src + count, dest - src, _);
     @*/
-    /*@
-    ensures
-        chars(dest, count, cs) &*&
-        dest <= src ?
-            chars(dest + count, src - dest, _)
-        :
-            chars(src, dest - src, _);
+    /*@
+    ensures
+        chars(dest, count, cs) &*&
+        dest <= src ?
+            chars(dest + count, src - dest, _)
+        :
+            chars(src, dest - src, _);
     @*/
 
 size_t strlen(char *string);
@@ -193,15 +193,15 @@ char *memchr(char *array, char c, size_t count);
 
 char* strchr(char *str, char c);
     //@ requires [?f]string(str, ?cs);
-    /*@ ensures
-            [f]string(str, cs) &*&
-            c == 0 ? 
-                result == str + length(cs)
-            : 
-                result == 0 ?
-                    mem(c, cs) == false
-                :
-                    mem(c, cs) == true &*& result == str + index_of(c, cs);
+    /*@ ensures
+            [f]string(str, cs) &*&
+            c == 0 ? 
+                result == str + length(cs)
+            : 
+                result == 0 ?
+                    mem(c, cs) == false
+                :
+                    mem(c, cs) == true &*& result == str + index_of(c, cs);
     @*/
 
 void* memset(void *array, char value, size_t size);
@@ -548,33 +548,33 @@ typedef void (* TaskFunction_t)( void * );
  * must be set in the compiler's include path. */
 
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 1
-/*
- * FreeRTOS SMP Kernel V202110.00
- * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
- * Copyright (c) 2021 Raspberry Pi (Trading) Ltd.
- *
- * SPDX-License-Identifier: MIT AND BSD-3-Clause
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy of
- * this software and associated documentation files (the "Software"), to deal in
- * the Software without restriction, including without limitation the rights to
- * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
- * the Software, and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
- * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
- * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
- * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
- * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- *
- * https://www.FreeRTOS.org
- * https://github.com/FreeRTOS
- *
+/*
+ * FreeRTOS SMP Kernel V202110.00
+ * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
+ * Copyright (c) 2021 Raspberry Pi (Trading) Ltd.
+ *
+ * SPDX-License-Identifier: MIT AND BSD-3-Clause
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of
+ * this software and associated documentation files (the "Software"), to deal in
+ * the Software without restriction, including without limitation the rights to
+ * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+ * the Software, and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+ * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+ * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * https://www.FreeRTOS.org
+ * https://github.com/FreeRTOS
+ *
  */
 // # 37 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico.h" 1
@@ -4283,14 +4283,14 @@ int spin_lock_claim_unused(bool required);
 bool spin_lock_is_claimed(uint lock_num);
 // # 39 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 2
 
-/*-----------------------------------------------------------
- * Port specific definitions.
- *
- * The settings in this file configure FreeRTOS correctly for the
- * given hardware and compiler.
- *
- * These settings should not be altered.
- *-----------------------------------------------------------
+/*-----------------------------------------------------------
+ * Port specific definitions.
+ *
+ * The settings in this file configure FreeRTOS correctly for the
+ * given hardware and compiler.
+ *
+ * These settings should not be altered.
+ *-----------------------------------------------------------
  */
 
 /* Type definitions. */
@@ -4306,7 +4306,7 @@ bool spin_lock_is_claimed(uint lock_num);
         typedef uint32_t TickType_t;
 
 
-/* 32-bit tick type on a 32-bit architecture, so reads of the tick count do
+/* 32-bit tick type on a 32-bit architecture, so reads of the tick count do
  * not need to be guarded with a critical section. */
 
 
@@ -4317,13 +4317,13 @@ bool spin_lock_is_claimed(uint lock_num);
 
 
 
-        /* Reason for rewrite: VeriFast does not support the attriibute `used`. 
+        /* Reason for rewrite: VeriFast does not support the attriibute `used`. 
          */
 
 
 
 
-    /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config,
+    /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config,
      * as our FreeRTOSConfig.h header cannot be included by ASM code - which is what this affects in the SDK */
 
 
@@ -4388,11 +4388,11 @@ bool spin_lock_is_claimed(uint lock_num);
 
 
 
-    /* Note this is a single method with uxAcquire parameter since we have
-     * static vars, the method is always called with a compile time constant for
+    /* Note this is a single method with uxAcquire parameter since we have
+     * static vars, the method is always called with a compile time constant for
      * uxAcquire, and the compiler should dothe right thing! */
 
-        /* Reason for rewrite: VeriFast does not support local static variables.
+        /* Reason for rewrite: VeriFast does not support local static variables.
          */
 // # 226 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
 /*-----------------------------------------------------------*/
@@ -9975,10 +9975,13 @@ predicate stack_p_2(StackType_t * pxStack,
     // Used stack cells
     integers_(pxTopOfStack + 1, sizeof(StackType_t), false, ulUsedCells, _) &*&
     // Unaligned rest
-    //unalignedRestOfStack_p((char*) pxStack + freeBytes, ulUsedCells, ulUnalignedBytes);
-    true;
-
+    //unalignedRestOfStack_p(pxTopOfStack, ulUsedCells, ulUnalignedBytes);
+    true; // skip unaligned part for now
 
+predicate unalignedRestOfStack_p(StackType_t * pxTopOfStack,
+                                 uint32_t ulUsedCells,
+                                 uint32_t ulUnalignedBytes) =
+    chars((char*) pxTopOfStack + sizeof(StackType_t) * (ulUsedCells + 1), ulUnalignedBytes, _);
 @*/
 
 /*@
@@ -10417,17 +10420,16 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
              ulFreeBytes > 17 * sizeof(StackType_t) &*&
              pxStack > 0;
   @*/
-/*@ ensures stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes, 
-                       			    ulUsedCells, ulUnalignedBytes);
+/*@ ensures stack_p_2(pxStack, ulStackDepth, pxTopOfStack - 16, ulFreeBytes - sizeof(StackType_t) * 16, ulUsedCells + 16, ulUnalignedBytes);
 @*/
 {
     //@ StackType_t* gOldTop = pxTopOfStack;
     //@ char* gcStack = (char*) pxStack;
     //@ open stack_p_2(_, _, _, _, _, _);
-    
+
     //@ assert( (char*) pxTopOfStack == (char*) pxStack + ulFreeBytes - sizeof(StackType_t) );
     //@ assert( (char*) pxStack + ulFreeBytes == (char*) pxTopOfStack + sizeof(StackType_t) );
-    
+
     // skip stack cell #0
     //@ chars_split(gcStack, ulFreeBytes - sizeof(StackType_t));
     //@ chars_to_integers_(gOldTop, sizeof(StackType_t), false, 1);
@@ -10435,14 +10437,14 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
     /* Simulate the stack frame as it would be created by a context switch
      * interrupt. */
     pxTopOfStack--; /* Offset added to account for the way the MCU uses the stack on entry/exit of interrupts. */
-    
+
     // Ensure maintining stack invariant
     //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 1, ulUsedCells + 1, ulUnalignedBytes);
     //@ open stack_p_2(pxStack, _, _, _, _, _);
-    
+
     //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 2) );
     //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 1) == (char*) pxTopOfStack + sizeof(StackType_t) );
-    
+
     // make stack cell #1 available
     //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 2));
     //@ chars_to_integers_(gOldTop-1, sizeof(StackType_t), false, 1);
@@ -10450,14 +10452,14 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
     *pxTopOfStack = ( 0x01000000 ); /* xPSR */
     //@ close integers_(gOldTop-1, sizeof(StackType_t), false, ulUsedCells+2, _);
     pxTopOfStack--;
-    
+
     // Ensure maintining stack invariant
     //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 2, ulUsedCells + 2, ulUnalignedBytes);
     //@ open stack_p_2(pxStack, _, _, _, _, _);
-    
+
     //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 3) );
     //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 2) == (char*) pxTopOfStack + sizeof(StackType_t) );
-    
+
     // prevent overflow
     //@ ptr_range(pxCode);
     // make stack cell #2 available
@@ -10467,14 +10469,14 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
     *pxTopOfStack = ( StackType_t ) pxCode; /* PC */
     //@ close integers_(gOldTop-2, sizeof(StackType_t), false, ulUsedCells+3, _);
     pxTopOfStack--;
-    
+
     // Ensure maintining stack invariant
     //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 3, ulUsedCells + 3, ulUnalignedBytes);
     //@ open stack_p_2(pxStack, _, _, _, _, _);
-    
+
     //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 4) );
     //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 3) == (char*) pxTopOfStack + sizeof(StackType_t) );
-    
+
     // prevent underflow
     //@ ptr_range(prvTaskExitError);
     // make stack cell #3 available
@@ -10483,40 +10485,49 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
     //@ integers__join(gOldTop-3);
     *pxTopOfStack = ( StackType_t ) prvTaskExitError; /* LR */
     //@ close integers_(gOldTop-3, sizeof(StackType_t), false, ulUsedCells+4, _);
-    
+
     pxTopOfStack -= 5; /* R12, R3, R2 and R1. */
-    
+
+    // jump to stack cell #7
+    //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 8));
+    //@ chars_to_integers_(gOldTop-7, sizeof(StackType_t), false, 4);
+    //@ integers__join(gOldTop-7);
+
     // Ensure maintining stack invariant
     //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 8, ulUsedCells + 8, ulUnalignedBytes);
     //@ open stack_p_2(pxStack, _, _, _, _, _);
-    
+
     //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 9) );
     //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 8) == (char*) pxTopOfStack + sizeof(StackType_t) );
-    
+
     // prevent overflow
     //@ ptr_range(pvParameters);
+
     // make stack cell #8 available
     //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 9));
-    //@ chars_to_integers_(gOldTop-8, sizeof(StackType_t), false, 5);
+    //@ chars_to_integers_(gOldTop-8, sizeof(StackType_t), false, 1);
     //@ integers__join(gOldTop-8);
     *pxTopOfStack = ( StackType_t ) pvParameters; /* R0 */
     //@ close integers_(gOldTop-8, sizeof(StackType_t), false, ulUsedCells+9, _);
-    
-    
+
+    // Ensure maintining stack invariant
+    //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack-1, ulFreeBytes - sizeof(StackType_t) * 9, ulUsedCells + 9, ulUnalignedBytes);
+    //@ open stack_p_2(pxStack, _, _, _, _, _);
+
+
     // skip stack cells #9 - #15, leave #16 unused
-    //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 17));
-    //@ chars_to_integers_(gOldTop-16, sizeof(StackType_t), false, 8);
-    //@ integers__join(gOldTop-16);
+    //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 16));
+    //@ chars_to_integers_(gOldTop-15, sizeof(StackType_t), false, 7);
+    //@ integers__join(gOldTop-15);
     pxTopOfStack -= 8; /* R11..R4. */
-    
+
+    // Ensure maintining stack invariant
+    //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 16, ulUsedCells + 16, ulUnalignedBytes);
+    //@ assert( stack_p_2(pxStack, ulStackDepth, gOldTop-16, ulFreeBytes - sizeof(StackType_t) * 16, ulUsedCells + 16, ulUnalignedBytes) );
+
     //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 17) );
     //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 16) == (char*) pxTopOfStack + sizeof(StackType_t) );
-    
-    
-    
-    
-    //@close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - (sizeof(StackType_t) * 16),  ulUsedCells, ulUnalignedBytes);
-    
+
     return pxTopOfStack;
 }
 // # 66 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2
diff --git a/verification/verifast/proof/snippets/rp2040_port_c_snippets.c b/verification/verifast/proof/snippets/rp2040_port_c_snippets.c
index 6c2789141f9..030e9e3186b 100644
--- a/verification/verifast/proof/snippets/rp2040_port_c_snippets.c
+++ b/verification/verifast/proof/snippets/rp2040_port_c_snippets.c
@@ -117,17 +117,16 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
              ulFreeBytes > 17 * sizeof(StackType_t) &*&
              pxStack > 0;
   @*/
-/*@ ensures stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes, 
-                       			    ulUsedCells, ulUnalignedBytes);
+/*@ ensures stack_p_2(pxStack, ulStackDepth, pxTopOfStack - 16, ulFreeBytes - sizeof(StackType_t) * 16, ulUsedCells + 16, ulUnalignedBytes);
 @*/
 {
     //@ StackType_t* gOldTop = pxTopOfStack;
     //@ char* gcStack = (char*) pxStack;
     //@ open stack_p_2(_, _, _, _, _, _);
-    
+
     //@ assert( (char*) pxTopOfStack == (char*) pxStack + ulFreeBytes - sizeof(StackType_t) );
     //@ assert( (char*) pxStack + ulFreeBytes == (char*) pxTopOfStack + sizeof(StackType_t) );
-    
+
     // skip stack cell #0
     //@ chars_split(gcStack, ulFreeBytes - sizeof(StackType_t));
     //@ chars_to_integers_(gOldTop, sizeof(StackType_t), false, 1);
@@ -135,14 +134,14 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
     /* Simulate the stack frame as it would be created by a context switch
      * interrupt. */
     pxTopOfStack--; /* Offset added to account for the way the MCU uses the stack on entry/exit of interrupts. */
-    
+
     // Ensure maintining stack invariant
     //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 1, ulUsedCells + 1, ulUnalignedBytes);
     //@ open stack_p_2(pxStack, _, _, _, _, _);
-    
+
     //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 2) );
     //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 1) == (char*) pxTopOfStack + sizeof(StackType_t) );
-    
+
     // make stack cell #1 available
     //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 2));
     //@ chars_to_integers_(gOldTop-1, sizeof(StackType_t), false, 1);
@@ -150,14 +149,14 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
     *pxTopOfStack = ( 0x01000000 ); /* xPSR */
     //@ close integers_(gOldTop-1, sizeof(StackType_t), false, ulUsedCells+2, _);
     pxTopOfStack--;
-    
+
     // Ensure maintining stack invariant
     //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 2, ulUsedCells + 2, ulUnalignedBytes);
     //@ open stack_p_2(pxStack, _, _, _, _, _);
-    
+
     //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 3) );
     //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 2) == (char*) pxTopOfStack + sizeof(StackType_t) );
-    
+
     // prevent overflow
     //@ ptr_range(pxCode);
     // make stack cell #2 available
@@ -167,14 +166,14 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
     *pxTopOfStack = ( StackType_t ) pxCode; /* PC */
     //@ close integers_(gOldTop-2, sizeof(StackType_t), false, ulUsedCells+3, _);
     pxTopOfStack--;
-    
+
     // Ensure maintining stack invariant
     //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 3, ulUsedCells + 3, ulUnalignedBytes);
     //@ open stack_p_2(pxStack, _, _, _, _, _);
-    
+
     //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 4) );
     //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 3) == (char*) pxTopOfStack + sizeof(StackType_t) );
-    
+
     // prevent underflow
     //@ ptr_range(prvTaskExitError);
     // make stack cell #3 available
@@ -183,39 +182,48 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
     //@ integers__join(gOldTop-3);
     *pxTopOfStack = ( StackType_t ) prvTaskExitError; /* LR */
     //@ close integers_(gOldTop-3, sizeof(StackType_t), false, ulUsedCells+4, _);
-    
+
     pxTopOfStack -= 5; /* R12, R3, R2 and R1. */
     
+    // jump to stack cell #7
+    //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 8));
+    //@ chars_to_integers_(gOldTop-7, sizeof(StackType_t), false, 4);
+    //@ integers__join(gOldTop-7);
+    
     // Ensure maintining stack invariant
     //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 8, ulUsedCells + 8, ulUnalignedBytes);
     //@ open stack_p_2(pxStack, _, _, _, _, _);
-    
+
     //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 9) );
     //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 8) == (char*) pxTopOfStack + sizeof(StackType_t) );
-    
+
     // prevent overflow
     //@ ptr_range(pvParameters);
+    
     // make stack cell #8 available
     //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 9));
-    //@ chars_to_integers_(gOldTop-8, sizeof(StackType_t), false, 5);
+    //@ chars_to_integers_(gOldTop-8, sizeof(StackType_t), false, 1);
     //@ integers__join(gOldTop-8);
     *pxTopOfStack = ( StackType_t ) pvParameters; /* R0 */
     //@ close integers_(gOldTop-8, sizeof(StackType_t), false, ulUsedCells+9, _);
     
-    
+    // Ensure maintining stack invariant
+    //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack-1, ulFreeBytes - sizeof(StackType_t) * 9, ulUsedCells + 9, ulUnalignedBytes);
+    //@ open stack_p_2(pxStack, _, _, _, _, _);
+
+
     // skip stack cells #9 - #15, leave #16 unused
-    //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 17));
-    //@ chars_to_integers_(gOldTop-16, sizeof(StackType_t), false, 8);
-    //@ integers__join(gOldTop-16);
+    //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 16));
+    //@ chars_to_integers_(gOldTop-15, sizeof(StackType_t), false, 7);
+    //@ integers__join(gOldTop-15);
     pxTopOfStack -= 8; /* R11..R4. */
     
+    // Ensure maintining stack invariant
+    //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 16, ulUsedCells + 16, ulUnalignedBytes);
+    //@ assert( stack_p_2(pxStack, ulStackDepth, gOldTop-16, ulFreeBytes - sizeof(StackType_t) * 16, ulUsedCells + 16, ulUnalignedBytes) );
+
     //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 17) );
     //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 16) == (char*) pxTopOfStack + sizeof(StackType_t) );
-    
-    
-    
-    
-    //@close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - (sizeof(StackType_t) * 16),  ulUsedCells, ulUnalignedBytes);
-    
+
     return pxTopOfStack;
 }
\ No newline at end of file

From 0e84d8906fb5626cedda4fb09d2d8d25bcbac29d Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Wed, 2 Nov 2022 14:16:29 -0400
Subject: [PATCH 079/289] Updated stack depth requirements in preconditions to
 match precondition of `pxPortInitialiseStack`

---
 tasks.c                                              | 4 ++--
 verification/verifast/preprocessed_files/tasks--pp.c | 5 +++--
 verification/verifast/proof/task_predicates.h        | 1 +
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/tasks.c b/tasks.c
index ff0e1c06202..30d1d5c593c 100644
--- a/tasks.c
+++ b/tasks.c
@@ -1315,7 +1315,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                             UBaseType_t uxPriority,
                             TaskHandle_t * const pxCreatedTask )
     /*@ requires usStackDepth * sizeof( StackType_t ) < UINTPTR_MAX &*&
-                 usStackDepth > 2 &*&
+                 usStackDepth > 18 &*&
                  // We assume that macro `configMAX_TASK_NAME_LEN` evaluates to 16.
                  chars(pcName, 16, _);
      @*/
@@ -1445,7 +1445,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 /*@ requires uninit_TCB_p(pxNewTCB, ?stackSize) &*&
              stackSize == ulStackDepth * sizeof(StackType_t) &*&
              stackSize <= UINTPTR_MAX &*&
-             ulStackDepth > 2 &*&
+             ulStackDepth > 18 &*&
              // We assume that macro `configMAX_TASK_NAME_LEN` evaluates to 16.
              chars(pcName, 16, _);
  @*/
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index d7bd2b19431..3f2ef9fe137 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -10084,6 +10084,7 @@ predicate uninit_TCB_p(TCB_t * tcb, int stackSize) =
     tcb->uxPriority |-> _ &*&
 
     tcb->pxStack |-> ?stackPtr &*&
+    stackPtr != 0 &*&
     (char*) stackPtr + stackSize <=  (char*) UINTPTR_MAX &*&
     chars_((char*) stackPtr, stackSize, _) &*&
     malloc_block_chars((char*) stackPtr, stackSize) &*&
@@ -11208,7 +11209,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
                             UBaseType_t uxPriority,
                             TaskHandle_t * const pxCreatedTask )
     /*@ requires usStackDepth * sizeof( StackType_t ) < UINTPTR_MAX &*&
-                 usStackDepth > 2 &*&
+                 usStackDepth > 18 &*&
                  // We assume that macro `configMAX_TASK_NAME_LEN` evaluates to 16.
                  chars(pcName, 16, _);
      @*/
@@ -11290,7 +11291,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 /*@ requires uninit_TCB_p(pxNewTCB, ?stackSize) &*&
              stackSize == ulStackDepth * sizeof(StackType_t) &*&
              stackSize <= UINTPTR_MAX &*&
-             ulStackDepth > 2 &*&
+             ulStackDepth > 18 &*&
              // We assume that macro `configMAX_TASK_NAME_LEN` evaluates to 16.
              chars(pcName, 16, _);
  @*/
diff --git a/verification/verifast/proof/task_predicates.h b/verification/verifast/proof/task_predicates.h
index 270f7220726..85b1d3f1b91 100644
--- a/verification/verifast/proof/task_predicates.h
+++ b/verification/verifast/proof/task_predicates.h
@@ -20,6 +20,7 @@ predicate uninit_TCB_p(TCB_t * tcb, int stackSize) =
     tcb->uxPriority |-> _ &*&
 
     tcb->pxStack |-> ?stackPtr &*&
+    stackPtr != 0 &*&
     (char*) stackPtr + stackSize <=  (char*) UINTPTR_MAX &*&
     chars_((char*) stackPtr, stackSize, _) &*&
     malloc_block_chars((char*) stackPtr, stackSize) &*&

From 97c2583eb3c9dc2b6aec0af312354bab555934f1 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Wed, 2 Nov 2022 16:09:16 -0400
Subject: [PATCH 080/289] Verified `prvInitialiseNewTask`.

---
 tasks.c                                       |  18 ++-
 .../verifast/preprocessed_files/tasks--pp.c   | 130 ++++++++++--------
 .../proof/snippets/rp2040_port_c_snippets.c   |   6 +-
 .../verifast/proof/stack_predicates.h         |  10 +-
 verification/verifast/proof/task_predicates.h |   6 +-
 5 files changed, 93 insertions(+), 77 deletions(-)

diff --git a/tasks.c b/tasks.c
index 30d1d5c593c..859a3414e1f 100644
--- a/tasks.c
+++ b/tasks.c
@@ -1317,7 +1317,8 @@ static void prvYieldForTask( TCB_t * pxTCB,
     /*@ requires usStackDepth * sizeof( StackType_t ) < UINTPTR_MAX &*&
                  usStackDepth > 18 &*&
                  // We assume that macro `configMAX_TASK_NAME_LEN` evaluates to 16.
-                 chars(pcName, 16, _);
+                 chars(pcName, 16, _) &*&
+                 *pxCreatedTask |-> _;
      @*/
     //@ ensures true;
     #if ( ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) )
@@ -1447,9 +1448,12 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
              stackSize <= UINTPTR_MAX &*&
              ulStackDepth > 18 &*&
              // We assume that macro `configMAX_TASK_NAME_LEN` evaluates to 16.
-             chars(pcName, 16, _);
+             chars(pcName, 16, _) &*&
+             *pxCreatedTask |-> _;
  @*/
-/*@ ensures true; 
+/*@ ensures TCB_p(pxNewTCB, ?freeBytes) &*&
+            chars(pcName, 16, _) &*&
+            *pxCreatedTask |-> _; 
  @*/
 {
     StackType_t * pxTopOfStack;
@@ -1543,6 +1547,8 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             }
             @*/
             //@ assert( chars(gcStack, ?gFreeBytes, _) );
+            //@ char* gUnalignedPtr = (char*) pxNewTCB->pxStack +  gFreeBytes;
+            //@ close unalignedRestOfStack_p(gUnalignedPtr, gUnalignedBytes);
             //@ close stack_p_2(pxNewTCB->pxStack, ulStackDepth, pxTopOfStack, gFreeBytes, 0, gUnalignedBytes);        
 
 
@@ -1596,11 +1602,9 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
     }
     else
     {
-        //@ open uninit_TCB_p(_, _);
         /* The task has not been given a name, so just ensure there is a NULL
          * terminator when it is read out. */
         pxNewTCB->pcTaskName[ 0 ] = 0x00;
-        //@ close uninit_TCB_p(_, _);
     }
 
     /* This is used as an array index so must ensure it's not too large.  First
@@ -1686,6 +1690,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             memset( ( void * ) &( pxNewTCB->ulNotifiedValue[ 0 ] ), 0x00, sizeof( pxNewTCB->ulNotifiedValue ) );
             //@ uchars__to_chars_(pxNewTCB->ucNotifyState);
             memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) );
+            //@ chars_to_uchars(pxNewTCB->ucNotifyState);
         }
     #endif
 
@@ -1805,7 +1810,8 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         mtCOVERAGE_TEST_MARKER();
     }
 
-    //@ close uninit_TCB_p(_, _);
+    //@ assert( stack_p_2(_, _, _, ?gFreeBytes, _, _) );
+    //@ close TCB_p(pxNewTCB, gFreeBytes);
 }
 /*-----------------------------------------------------------*/
 
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index 3f2ef9fe137..85bd768ec73 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -9975,13 +9975,11 @@ predicate stack_p_2(StackType_t * pxStack,
     // Used stack cells
     integers_(pxTopOfStack + 1, sizeof(StackType_t), false, ulUsedCells, _) &*&
     // Unaligned rest
-    //unalignedRestOfStack_p(pxTopOfStack, ulUsedCells, ulUnalignedBytes);
-    true; // skip unaligned part for now
+    unalignedRestOfStack_p((char*) pxStack + ulFreeBytes + sizeof(StackType_t) * ulUsedCells, 
+                           ulUnalignedBytes);
 
-predicate unalignedRestOfStack_p(StackType_t * pxTopOfStack,
-                                 uint32_t ulUsedCells,
-                                 uint32_t ulUnalignedBytes) =
-    chars((char*) pxTopOfStack + sizeof(StackType_t) * (ulUsedCells + 1), ulUnalignedBytes, _);
+predicate unalignedRestOfStack_p(char* p, uint32_t ulUnalignedBytes) =
+    chars(p, ulUnalignedBytes, _);
 @*/
 
 /*@
@@ -10143,12 +10141,12 @@ predicate TCB_p(TCB_t * tcb, uint32_t ulFreeBytesOnStack) =
     tcb->uxMutexesHeld |-> _ &*&
 
     // void * pvThreadLocalStoragePointers[ 5 ];
-    pointers_(tcb->pvThreadLocalStoragePointers, 5, _) &*&
+    pointers(tcb->pvThreadLocalStoragePointers, 5, _) &*&
 
     // We assume that the macro `configTASK_NOTIFICATION_ARRAY_ENTRIES`
     // evaluates to 1.
-    integers__(tcb->ulNotifiedValue, 4, false, 1, _) &*&
-    uchars_(tcb->ucNotifyState, 1, _) &*&
+    integers_(tcb->ulNotifiedValue, 4, false, 1, _) &*&
+    uchars(tcb->ucNotifyState, 1, _) &*&
 
     tcb->ucDelayAborted |-> _;
 @*/
@@ -10421,7 +10419,11 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
              ulFreeBytes > 17 * sizeof(StackType_t) &*&
              pxStack > 0;
   @*/
-/*@ ensures stack_p_2(pxStack, ulStackDepth, pxTopOfStack - 16, ulFreeBytes - sizeof(StackType_t) * 16, ulUsedCells + 16, ulUnalignedBytes);
+/*@ ensures stack_p_2(pxStack, ulStackDepth, result, 
+                      ulFreeBytes - sizeof(StackType_t) * 16, 
+                      ulUsedCells + 16, 
+                      ulUnalignedBytes) &*&
+            result == pxTopOfStack - 16;
 @*/
 {
     //@ StackType_t* gOldTop = pxTopOfStack;
@@ -11211,10 +11213,11 @@ static void prvYieldForTask( TCB_t * pxTCB,
     /*@ requires usStackDepth * sizeof( StackType_t ) < UINTPTR_MAX &*&
                  usStackDepth > 18 &*&
                  // We assume that macro `configMAX_TASK_NAME_LEN` evaluates to 16.
-                 chars(pcName, 16, _);
+                 chars(pcName, 16, _) &*&
+                 *pxCreatedTask |-> _;
      @*/
     //@ ensures true;
-// # 1336 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1337 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     {
         TCB_t * pxNewTCB;
         BaseType_t xReturn;
@@ -11222,7 +11225,7 @@ static void prvYieldForTask( TCB_t * pxTCB,
         /* If the stack grows down then allocate the stack then the TCB so the stack
          * does not grow into the TCB.  Likewise if the stack grows up then allocate
          * the TCB then the stack. */
-// # 1366 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1367 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 StackType_t * pxStack;
 
@@ -11260,9 +11263,9 @@ static void prvYieldForTask( TCB_t * pxTCB,
 
         if( pxNewTCB != 0 )
         {
-// # 1411 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1412 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvInitialiseNewTask( pxTaskCode, pcName, ( uint32_t ) usStackDepth, pvParameters, uxPriority, pxCreatedTask, pxNewTCB, 0 );
-// # 1420 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1421 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             prvAddNewTaskToReadyList( pxNewTCB );
             xReturn = ( ( ( char ) 1 ) );
         }
@@ -11293,14 +11296,17 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
              stackSize <= UINTPTR_MAX &*&
              ulStackDepth > 18 &*&
              // We assume that macro `configMAX_TASK_NAME_LEN` evaluates to 16.
-             chars(pcName, 16, _);
+             chars(pcName, 16, _) &*&
+             *pxCreatedTask |-> _;
  @*/
-/*@ ensures true; 
+/*@ ensures TCB_p(pxNewTCB, ?freeBytes) &*&
+            chars(pcName, 16, _) &*&
+            *pxCreatedTask |-> _; 
  @*/
 {
     StackType_t * pxTopOfStack;
     UBaseType_t x;
-// # 1474 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1478 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     //@ open uninit_TCB_p(_,_);
 
     /* Avoid dependency on memset() if it is not required. */
@@ -11373,10 +11379,12 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             }
             @*/
             //@ assert( chars(gcStack, ?gFreeBytes, _) );
+            //@ char* gUnalignedPtr = (char*) pxNewTCB->pxStack +  gFreeBytes;
+            //@ close unalignedRestOfStack_p(gUnalignedPtr, gUnalignedBytes);
             //@ close stack_p_2(pxNewTCB->pxStack, ulStackDepth, pxTopOfStack, gFreeBytes, 0, gUnalignedBytes);        
-// # 1556 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1562 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
-// # 1570 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1576 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Store the task name in the TCB. */
     if( pcName != 0 )
     {
@@ -11406,11 +11414,9 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
     }
     else
     {
-        //@ open uninit_TCB_p(_, _);
         /* The task has not been given a name, so just ensure there is a NULL
          * terminator when it is read out. */
         pxNewTCB->pcTaskName[ 0 ] = 0x00;
-        //@ close uninit_TCB_p(_, _);
     }
 
     /* This is used as an array index so must ensure it's not too large.  First
@@ -11452,7 +11458,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         {
             pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U;
         }
-// # 1664 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1668 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* Avoid compiler warning about unreferenced parameter. */
             ( void ) xRegions;
@@ -11478,8 +11484,9 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             memset( ( void * ) &( pxNewTCB->ulNotifiedValue[ 0 ] ), 0x00, sizeof( pxNewTCB->ulNotifiedValue ) );
             //@ uchars__to_chars_(pxNewTCB->ucNotifyState);
             memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) );
+            //@ chars_to_uchars(pxNewTCB->ucNotifyState);
         }
-// # 1702 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1707 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
 
                 /* Reason for rewrite: Assignment not type safe. */
@@ -11488,17 +11495,17 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 
 
         }
-// # 1725 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1730 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Initialize the TCB stack to look as if the task was already running,
      * but had been interrupted by the scheduler.  The return address is set
      * to the start of the task function. Once the stack has been initialised
      * the top of stack variable is updated. */
-// # 1753 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1758 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* If the port has capability to detect stack overflow,
              * pass the stack end address to the stack initialization
              * function as well. */
-// # 1770 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1775 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                 {
                     pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters );
                 }
@@ -11537,7 +11544,8 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
                                 ;
     }
 
-    //@ close uninit_TCB_p(_, _);
+    //@ assert( stack_p_2(_, _, _, ?gFreeBytes, _, _) );
+    //@ close TCB_p(pxNewTCB, gFreeBytes);
 }
 /*-----------------------------------------------------------*/
 
@@ -12207,13 +12215,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
 /*-----------------------------------------------------------*/
-// # 2512 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2518 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2535 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2541 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2553 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2559 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2581 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2587 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -12580,7 +12588,7 @@ static BaseType_t prvCreateIdleTasks( void )
         {
                                     ;
         }
-// # 2994 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3000 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 if( xCoreID == 0 )
                 {
@@ -12592,7 +12600,7 @@ static BaseType_t prvCreateIdleTasks( void )
                                            ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */
                                            &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */
                 }
-// # 3017 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3023 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             }
 
     }
@@ -12629,7 +12637,7 @@ void vTaskStartScheduler( void )
          * so interrupts will automatically get re-enabled when the first task
          * starts to run. */
         assert_fct(false);
-// # 3067 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3073 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL;
         xSchedulerRunning = ( ( char ) 1 );
         xTickCount = ( TickType_t ) 0;
@@ -12726,7 +12734,7 @@ void vTaskSuspendAll( void )
     }
 }
 /*----------------------------------------------------------*/
-// # 3225 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3231 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskResumeAll( void )
@@ -13096,7 +13104,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                          * each task in the Suspended state. */
                         uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended );
                     }
-// # 3608 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3614 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         if( pulTotalRunTime != 0 )
                         {
@@ -13135,7 +13143,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
  * This is to ensure vTaskStepTick() is available when user defined low power mode
  * implementations require configUSE_TICKLESS_IDLE to be set to a value other than
  * 1. */
-// # 3659 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3665 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
@@ -13445,13 +13453,13 @@ BaseType_t xTaskIncrementTick( void )
     return xSwitchRequired;
 }
 /*-----------------------------------------------------------*/
-// # 3997 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4003 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4021 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4027 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4046 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4052 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4079 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4085 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 void vTaskSwitchContext( BaseType_t xCoreID )
@@ -13481,7 +13489,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
         {
             xYieldPendings[ xCoreID ] = ( ( char ) 0 );
                                     ;
-// # 4137 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4143 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             /* Check for stack overflow, if configured. */
             { const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } };
 
@@ -13498,7 +13506,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
                                    ;
 
             /* After the new task is switched in, update the global errno. */
-// # 4171 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4177 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
     }
     vPortRecursiveLock(0, spin_lock_instance(14), ( ( char ) 0 ));
@@ -13611,7 +13619,7 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
     {
         ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) );
         ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ;
-// # 4297 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4303 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
     else
     {
@@ -13651,7 +13659,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
     pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
     assert(pxUnblockedTCB);
     ( void ) uxListRemove( pxEventListItem );
-// # 4351 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4357 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Remove the task from the delayed list and add it to the ready list.  The
      * scheduler is suspended so interrupts will not be accessing the ready
      * lists. */
@@ -13816,7 +13824,7 @@ void vTaskMissedYield( void )
  *
  * @todo additional conditional compiles to remove this function.
  */
-// # 4575 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4581 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * -----------------------------------------------------------
  * The Idle task.
@@ -13846,7 +13854,7 @@ static void prvIdleTask( void * pvParameters )
         /* See if any tasks have deleted themselves - if so then the idle task
          * is responsible for freeing the deleted task's TCB and stack. */
         prvCheckTasksWaitingTermination();
-// # 4616 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4622 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 /* When using preemption tasks of equal priority will be
                  * timesliced.  If a task that is sharing the idle priority is ready
@@ -13867,16 +13875,16 @@ static void prvIdleTask( void * pvParameters )
                                             ;
                 }
             }
-// # 4652 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4658 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         /* This conditional compilation should use inequality to 0, not equality
          * to 1.  This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when
          * user defined low power mode  implementations require
          * configUSE_TICKLESS_IDLE to be set to a value other than 1. */
-// # 4717 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4723 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 }
 /*-----------------------------------------------------------*/
-// # 4767 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4773 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13921,7 +13929,7 @@ static void prvIdleTask( void * pvParameters )
 
 
 /*-----------------------------------------------------------*/
-// # 4827 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4833 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvInitialiseTaskLists( void )
@@ -14023,7 +14031,7 @@ static void prvCheckTasksWaitingTermination( void )
             {
                 pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority;
             }
-// # 4939 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4945 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 pxTaskStatus->ulRunTimeCounter = 0;
             }
@@ -14154,7 +14162,7 @@ static void prvCheckTasksWaitingTermination( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5108 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5114 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -14211,7 +14219,7 @@ static void prvCheckTasksWaitingTermination( void )
                 free( (void*) pxTCB->pxStack);
                 free( (void*) pxTCB);
             }
-// # 5191 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5197 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 
 
@@ -14711,11 +14719,11 @@ void vTaskYieldWithinAPI( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5716 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5722 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 5822 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5828 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
-// # 5949 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5955 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 TickType_t uxTaskResetEventItemValue( void )
@@ -14989,7 +14997,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
                 /* The task should not have been on an event list. */
                 assert(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0);
-// # 6240 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6246 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         prvYieldForTask( pxTCB, ( ( char ) 0 ) );
                     }
@@ -15283,7 +15291,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
 
 /*-----------------------------------------------------------*/
-// # 6549 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6555 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
@@ -15359,7 +15367,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                 }
             }
         }
-// # 6661 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6667 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 
 /* Code below here allows additional code to be inserted into this source file,
diff --git a/verification/verifast/proof/snippets/rp2040_port_c_snippets.c b/verification/verifast/proof/snippets/rp2040_port_c_snippets.c
index 030e9e3186b..2ee456a6d2b 100644
--- a/verification/verifast/proof/snippets/rp2040_port_c_snippets.c
+++ b/verification/verifast/proof/snippets/rp2040_port_c_snippets.c
@@ -117,7 +117,11 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack,
              ulFreeBytes > 17 * sizeof(StackType_t) &*&
              pxStack > 0;
   @*/
-/*@ ensures stack_p_2(pxStack, ulStackDepth, pxTopOfStack - 16, ulFreeBytes - sizeof(StackType_t) * 16, ulUsedCells + 16, ulUnalignedBytes);
+/*@ ensures stack_p_2(pxStack, ulStackDepth, result, 
+                      ulFreeBytes - sizeof(StackType_t) * 16, 
+                      ulUsedCells + 16, 
+                      ulUnalignedBytes) &*&
+            result == pxTopOfStack - 16;
 @*/
 {
     //@ StackType_t* gOldTop = pxTopOfStack;
diff --git a/verification/verifast/proof/stack_predicates.h b/verification/verifast/proof/stack_predicates.h
index b426664771e..6c213472123 100644
--- a/verification/verifast/proof/stack_predicates.h
+++ b/verification/verifast/proof/stack_predicates.h
@@ -23,13 +23,11 @@ predicate stack_p_2(StackType_t * pxStack,
     // Used stack cells
     integers_(pxTopOfStack + 1, sizeof(StackType_t), false, ulUsedCells, _) &*&
     // Unaligned rest
-    //unalignedRestOfStack_p(pxTopOfStack, ulUsedCells, ulUnalignedBytes);
-    true; // skip unaligned part for now
+    unalignedRestOfStack_p((char*) pxStack + ulFreeBytes + sizeof(StackType_t) * ulUsedCells, 
+                           ulUnalignedBytes);
 
-predicate unalignedRestOfStack_p(StackType_t * pxTopOfStack,
-                                 uint32_t ulUsedCells,
-                                 uint32_t ulUnalignedBytes) =
-    chars((char*) pxTopOfStack + sizeof(StackType_t) * (ulUsedCells + 1), ulUnalignedBytes, _);
+predicate unalignedRestOfStack_p(char* p, uint32_t ulUnalignedBytes) =
+    chars(p, ulUnalignedBytes, _);
 @*/
 
 /*@
diff --git a/verification/verifast/proof/task_predicates.h b/verification/verifast/proof/task_predicates.h
index 85b1d3f1b91..fe2d082bf18 100644
--- a/verification/verifast/proof/task_predicates.h
+++ b/verification/verifast/proof/task_predicates.h
@@ -79,12 +79,12 @@ predicate TCB_p(TCB_t * tcb, uint32_t ulFreeBytesOnStack) =
     tcb->uxMutexesHeld |-> _ &*&
 
     // void * pvThreadLocalStoragePointers[ 5 ];
-    pointers_(tcb->pvThreadLocalStoragePointers, 5, _) &*&
+    pointers(tcb->pvThreadLocalStoragePointers, 5, _) &*&
 
     // We assume that the macro `configTASK_NOTIFICATION_ARRAY_ENTRIES`
     // evaluates to 1.
-    integers__(tcb->ulNotifiedValue, 4, false, 1, _) &*&
-    uchars_(tcb->ucNotifyState, 1, _) &*&
+    integers_(tcb->ulNotifiedValue, 4, false, 1, _) &*&
+    uchars(tcb->ucNotifyState, 1, _) &*&
 
     tcb->ucDelayAborted |-> _;
 @*/

From e064c380d7bfb144cf0bd07207b256992a887add Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Thu, 3 Nov 2022 12:04:57 -0400
Subject: [PATCH 081/289] Added name tags to assembly dummy macros.

---
 tasks.c                                       |  2 +
 .../verifast/preprocessed_files/tasks--pp.c   | 53 ++++++++++---------
 .../verifast/proof_setup/verifast_asm.h       | 11 ++--
 3 files changed, 36 insertions(+), 30 deletions(-)

diff --git a/tasks.c b/tasks.c
index 859a3414e1f..fb5912ecf4a 100644
--- a/tasks.c
+++ b/tasks.c
@@ -5599,6 +5599,8 @@ void vTaskYieldWithinAPI( void )
 #if ( portCRITICAL_NESTING_IN_TCB == 1 )
 
     void vTaskEnterCritical( void )
+    //@ requires false;
+    //@ ensures false;
     {
         portDISABLE_INTERRUPTS();
 
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks--pp.c
index 85bd768ec73..9ea6a2c8f1c 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks--pp.c
@@ -10296,12 +10296,13 @@ ensures (l & r) == ((l & r) & r);
 
 /* VeriFast treats `assert` as keyword and does not support calling it
  * in many contexts where function calls are permitted. */
-bool assert_fct(bool b)
+bool assert_fct(bool b, const char*)
 {
     assert(b);
     return b;
 }
 
+// Port macros were originally defined in `portmacro.h`.
 
 
 
@@ -10981,7 +10982,7 @@ static void prvYieldCore( BaseType_t xCoreID )
     /* This must be called from a critical section and
      * xCoreID must be valid. */
 
-    if( assert_fct(false) && ( xCoreID == 0 ) )
+    if( assert_fct(false, "portCHECK_IF_IN_ISR") && ( xCoreID == 0 ) )
     {
         xYieldPendings[ xCoreID ] = ( ( char ) 1 );
     }
@@ -12035,14 +12036,14 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
          * https://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html */
                                                   ;
 
-        uxSavedInterruptState = assert_fct(false);
+        uxSavedInterruptState = assert_fct(false, "portSET_INTERRUPT_MASK_FROM_ISR");
         {
             /* If null is passed in here then it is the priority of the calling
              * task that is being queried. */
             pxTCB = ( ( ( xTask ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTask ) );
             uxReturn = pxTCB->uxPriority;
         }
-        do { vTaskExitCritical(); assert_fct(false); } while (0);
+        do { vTaskExitCritical(); assert_fct(false, "portRESTORE_INTERRUPTS"); } while (0);
 
         return uxReturn;
     }
@@ -12487,7 +12488,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
          * https://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html */
                                                   ;
 
-        uxSavedInterruptStatus = assert_fct(false);
+        uxSavedInterruptStatus = assert_fct(false, "portSET_INTERRUPT_MASK_FROM_ISR");
         {
             if( prvTaskIsTaskSuspended( pxTCB ) != ( ( char ) 0 ) )
             {
@@ -12524,7 +12525,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
                                         ;
             }
         }
-        do { vTaskExitCritical(); assert_fct(false); } while (0);
+        do { vTaskExitCritical(); assert_fct(false, "portRESTORE_INTERRUPTS"); } while (0);
 
         return xYieldRequired;
     }
@@ -12636,7 +12637,7 @@ void vTaskStartScheduler( void )
          * the created tasks contain a status word with interrupts switched on
          * so interrupts will automatically get re-enabled when the first task
          * starts to run. */
-        assert_fct(false);
+        assert_fct(false, "portDISABLE_INTERRUPTS");
 // # 3073 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL;
         xSchedulerRunning = ( ( char ) 1 );
@@ -12687,7 +12688,7 @@ void vTaskEndScheduler( void )
     /* Stop the scheduler interrupts and call the portable scheduler end
      * routine so the original ISRs can be restored if necessary.  The port
      * layer must ensure interrupts enable  bit is left in the correct state. */
-    assert_fct(false);
+    assert_fct(false, "portDISABLE_INTERRUPTS");
     xSchedulerRunning = ( ( char ) 0 );
     vPortEndScheduler();
 }
@@ -12707,7 +12708,7 @@ void vTaskSuspendAll( void )
          * interrupted and switches context before incrementing uxSchedulerSuspended.
          * It is safe to re-enable interrupts after releasing the ISR lock and incrementing
          * uxSchedulerSuspended since that will prevent context switches. */
-        ulState = assert_fct(false);
+        ulState = assert_fct(false, "portDISABLE_INTERRUPTS");
 
         /* portSOFRWARE_BARRIER() is only implemented for emulated/simulated ports that
          * do not otherwise exhibit real time behaviour. */
@@ -12726,7 +12727,7 @@ void vTaskSuspendAll( void )
             prvCheckForRunStateChange();
         }
 
-        assert_fct(false);
+        assert_fct(false, "portRESTORE_INTERRUPTS");
     }
     else
     {
@@ -14253,9 +14254,9 @@ static void prvResetNextTaskUnblockTime( void )
         TaskHandle_t xReturn;
         uint32_t ulState;
 
-        ulState = assert_fct(false);
+        ulState = assert_fct(false, "portDISABLE_INTERRUPTS");
         xReturn = pxCurrentTCBs[ 0 ];
-        assert_fct(false);
+        assert_fct(false, "portRESTORE_INTERRUPTS");
 
         return xReturn;
     }
@@ -14625,14 +14626,16 @@ void vTaskYieldWithinAPI( void )
 
 
     void vTaskEnterCritical( void )
+    //@ requires false;
+    //@ ensures false;
     {
-        assert_fct(false);
+        assert_fct(false, "portDISABLE_INTERRUPTS");
 
         if( xSchedulerRunning != ( ( char ) 0 ) )
         {
             if( xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0U )
             {
-                if( assert_fct(false) == ( ( char ) 0 ) )
+                if( assert_fct(false, "portCHECK_IF_IN_ISR") == ( ( char ) 0 ) )
                 {
                     vPortRecursiveLock(1, spin_lock_instance(15), ( ( char ) 1 ));
                 }
@@ -14679,7 +14682,7 @@ void vTaskYieldWithinAPI( void )
                 {
                     vPortRecursiveLock(0, spin_lock_instance(14), ( ( char ) 0 ));
 
-                    if( assert_fct(false) == ( ( char ) 0 ) )
+                    if( assert_fct(false, "portCHECK_IF_IN_ISR") == ( ( char ) 0 ) )
                     {
                         vPortRecursiveLock(1, spin_lock_instance(15), ( ( char ) 0 ));
                         vPortEnableInterrupts();
@@ -14719,11 +14722,11 @@ void vTaskYieldWithinAPI( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5722 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5724 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 5828 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5830 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
-// # 5955 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5957 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 TickType_t uxTaskResetEventItemValue( void )
@@ -14997,7 +15000,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
                 /* The task should not have been on an event list. */
                 assert(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0);
-// # 6246 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6248 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         prvYieldForTask( pxTCB, ( ( char ) 0 ) );
                     }
@@ -15053,7 +15056,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
         pxTCB = xTaskToNotify;
 
-        uxSavedInterruptStatus = assert_fct(false);
+        uxSavedInterruptStatus = assert_fct(false, "portSET_INTERRUPT_MASK_FROM_ISR");
         {
             if( pulPreviousNotificationValue != 0 )
             {
@@ -15140,7 +15143,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
             }
         }
-        do { vTaskExitCritical(); assert_fct(false); } while (0);
+        do { vTaskExitCritical(); assert_fct(false, "portRESTORE_INTERRUPTS"); } while (0);
 
         return xReturn;
     }
@@ -15181,7 +15184,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
         pxTCB = xTaskToNotify;
 
-        uxSavedInterruptStatus = assert_fct(false);
+        uxSavedInterruptStatus = assert_fct(false, "portSET_INTERRUPT_MASK_FROM_ISR");
         {
             ucOriginalNotifyState = pxTCB->ucNotifyState[ uxIndexToNotify ];
             pxTCB->ucNotifyState[ uxIndexToNotify ] = ( ( uint8_t ) 2 );
@@ -15224,7 +15227,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
             }
         }
-        do { vTaskExitCritical(); assert_fct(false); } while (0);
+        do { vTaskExitCritical(); assert_fct(false, "portRESTORE_INTERRUPTS"); } while (0);
     }
 
 
@@ -15291,7 +15294,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
 
 /*-----------------------------------------------------------*/
-// # 6555 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6557 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
@@ -15367,7 +15370,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                 }
             }
         }
-// # 6667 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6669 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 
 /* Code below here allows additional code to be inserted into this source file,
diff --git a/verification/verifast/proof_setup/verifast_asm.h b/verification/verifast/proof_setup/verifast_asm.h
index d47e2dd45ff..7f15e32dae4 100644
--- a/verification/verifast/proof_setup/verifast_asm.h
+++ b/verification/verifast/proof_setup/verifast_asm.h
@@ -8,27 +8,28 @@
 
 /* VeriFast treats `assert` as keyword and does not support calling it
  * in many contexts where function calls are permitted. */
-bool assert_fct(bool b) 
+bool assert_fct(bool b, const char*) 
 {
     assert(b);
     return b;
 }
 
+// Port macros were originally defined in `portmacro.h`.
 
 #undef portCHECK_IF_IN_ISR
-#define portCHECK_IF_IN_ISR()  assert_fct(false)
+#define portCHECK_IF_IN_ISR()  assert_fct(false, "portCHECK_IF_IN_ISR")
 
 /* Additional reason for rewrite:
  * VeriFast does not support embedding block statements that consist of
  * multiple elemts in expression contexts, e.g., `({e1; e2})`.
  */
 #undef portSET_INTERRUPT_MASK_FROM_ISR
-#define portSET_INTERRUPT_MASK_FROM_ISR()   assert_fct(false)
+#define portSET_INTERRUPT_MASK_FROM_ISR()   assert_fct(false, "portSET_INTERRUPT_MASK_FROM_ISR")
 
 #undef portRESTORE_INTERRUPTS
-#define portRESTORE_INTERRUPTS(ulState) assert_fct(false)
+#define portRESTORE_INTERRUPTS(ulState) assert_fct(false, "portRESTORE_INTERRUPTS")
 
 #undef portDISABLE_INTERRUPTS
-#define portDISABLE_INTERRUPTS() assert_fct(false)
+#define portDISABLE_INTERRUPTS() assert_fct(false, "portDISABLE_INTERRUPTS")
 
 #endif /* VERIFAST_ASM_H */
\ No newline at end of file

From 01c19a2099cd1a3e74fddea57dc5a1a05851e744 Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Thu, 3 Nov 2022 13:16:10 -0400
Subject: [PATCH 082/289] Renamed preprocessed file such that name is legal C
 identifier.

This is necessary for VeriFast to refer to the file as module.
---
 .../preprocess_tasks_c.sh                     |   2 +-
 .../{tasks--pp.c => tasks__pp.c}              | 198 +++++++++---------
 .../verifast/start-vfide--preprocessed.sh     |   2 +-
 3 files changed, 101 insertions(+), 101 deletions(-)
 rename verification/verifast/preprocessed_files/{tasks--pp.c => tasks__pp.c} (99%)

diff --git a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
index bb704d43d83..445e6ec43be 100755
--- a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
+++ b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
@@ -29,7 +29,7 @@ LOG_PP_ERR="$LOG_PP_OUT_DIR/error--$TIMESTAMP.c"
 LOG_VF_RW_TASK_C="$LOG_PP_OUT_DIR/tasks--vf_rw--$TIMESTAMP.c"
 
 PP_OUT_DIR="$VF_PROOF_BASE_DIR/preprocessed_files"
-PP_TASK_C="$PP_OUT_DIR/tasks--pp.c"
+PP_TASK_C="$PP_OUT_DIR/tasks__pp.c"
 
 
 
diff --git a/verification/verifast/preprocessed_files/tasks--pp.c b/verification/verifast/preprocessed_files/tasks__pp.c
similarity index 99%
rename from verification/verifast/preprocessed_files/tasks--pp.c
rename to verification/verifast/preprocessed_files/tasks__pp.c
index 9ea6a2c8f1c..d9c8143b2f9 100644
--- a/verification/verifast/preprocessed_files/tasks--pp.c
+++ b/verification/verifast/preprocessed_files/tasks__pp.c
@@ -60,40 +60,40 @@ typedef intptr_t ptrdiff_t;
 typedef intptr_t ssize_t;
 // # 5 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/malloc.h" 2
 
-/*@
-
-// In Standard C, freeing a null pointer is allowed and is a no-op.
-lemma_auto void malloc_block_null();
-    requires emp;
-    ensures malloc_block(0, 0);
-
-lemma void malloc_block_limits(void *array);
-    requires [?f]malloc_block(array, ?size);
-    ensures [f]malloc_block(array, size) &*& (void *)0 <= array &*& 0 <= size &*& array + size <= (void *)UINTPTR_MAX;
-
+/*@
+
+// In Standard C, freeing a null pointer is allowed and is a no-op.
+lemma_auto void malloc_block_null();
+    requires emp;
+    ensures malloc_block(0, 0);
+
+lemma void malloc_block_limits(void *array);
+    requires [?f]malloc_block(array, ?size);
+    ensures [f]malloc_block(array, size) &*& (void *)0 <= array &*& 0 <= size &*& array + size <= (void *)UINTPTR_MAX;
+
 @*/
 
 void *malloc(size_t size);
     //@ requires true;
-    /*@
-    ensures
-        result == 0 ?
-            emp
-        :
-            chars_(result, size, _) &*& malloc_block(result, size) &*&
-            (char *)0 < result && result + size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
+    /*@
+    ensures
+        result == 0 ?
+            emp
+        :
+            chars_(result, size, _) &*& malloc_block(result, size) &*&
+            (char *)0 < result && result + size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
     @*/
     //@ terminates;
 
 void *calloc(size_t nmemb, size_t size);
     //@ requires true;
-    /*@
-    ensures
-        result == 0 ?
-            emp
-        :
-            chars(result, nmemb * size, ?cs) &*& malloc_block(result, nmemb * size) &*& all_eq(cs, 0) == true &*&
-            (char *)0 < result && result + nmemb * size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
+    /*@
+    ensures
+        result == 0 ?
+            emp
+        :
+            chars(result, nmemb * size, ?cs) &*& malloc_block(result, nmemb * size) &*& all_eq(cs, 0) == true &*&
+            (char *)0 < result && result + nmemb * size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
     @*/
     //@ terminates;
 
@@ -104,16 +104,16 @@ void free(void *array);
 
 void *realloc(void *array, size_t newSize);
     //@ requires malloc_block(array, ?size) &*& chars(array, size, ?cs);
-    /*@
-    ensures
-        result == 0 ?
-            malloc_block(array, size) &*& chars(array, size, cs)
-        :
-            malloc_block(result, newSize) &*&
-            newSize <= size ?
-                chars(result, _, take(newSize, cs))
-            :
-                chars(result, _, cs) &*& chars(result + size, newSize - size, _);
+    /*@
+    ensures
+        result == 0 ?
+            malloc_block(array, size) &*& chars(array, size, cs)
+        :
+            malloc_block(result, newSize) &*&
+            newSize <= size ?
+                chars(result, _, take(newSize, cs))
+            :
+                chars(result, _, cs) &*& chars(result + size, newSize - size, _);
     @*/
     //@ terminates;
 // # 6 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdlib.h" 2
@@ -158,21 +158,21 @@ void memcpy(void *array, void *array0, size_t count);
     //@ ensures chars(array, count, cs0) &*& [f]chars(array0, count, cs0);
 
 void memmove(void *dest, void *src, size_t count);
-    /*@
-    requires
-        chars(src, count, ?cs) &*&
-        dest <= src ?
-            chars(dest, src - dest, _)
-        :
-            chars(src + count, dest - src, _);
+    /*@
+    requires
+        chars(src, count, ?cs) &*&
+        dest <= src ?
+            chars(dest, src - dest, _)
+        :
+            chars(src + count, dest - src, _);
     @*/
-    /*@
-    ensures
-        chars(dest, count, cs) &*&
-        dest <= src ?
-            chars(dest + count, src - dest, _)
-        :
-            chars(src, dest - src, _);
+    /*@
+    ensures
+        chars(dest, count, cs) &*&
+        dest <= src ?
+            chars(dest + count, src - dest, _)
+        :
+            chars(src, dest - src, _);
     @*/
 
 size_t strlen(char *string);
@@ -193,15 +193,15 @@ char *memchr(char *array, char c, size_t count);
 
 char* strchr(char *str, char c);
     //@ requires [?f]string(str, ?cs);
-    /*@ ensures
-            [f]string(str, cs) &*&
-            c == 0 ? 
-                result == str + length(cs)
-            : 
-                result == 0 ?
-                    mem(c, cs) == false
-                :
-                    mem(c, cs) == true &*& result == str + index_of(c, cs);
+    /*@ ensures
+            [f]string(str, cs) &*&
+            c == 0 ? 
+                result == str + length(cs)
+            : 
+                result == 0 ?
+                    mem(c, cs) == false
+                :
+                    mem(c, cs) == true &*& result == str + index_of(c, cs);
     @*/
 
 void* memset(void *array, char value, size_t size);
@@ -548,33 +548,33 @@ typedef void (* TaskFunction_t)( void * );
  * must be set in the compiler's include path. */
 
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 1
-/*
- * FreeRTOS SMP Kernel V202110.00
- * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
- * Copyright (c) 2021 Raspberry Pi (Trading) Ltd.
- *
- * SPDX-License-Identifier: MIT AND BSD-3-Clause
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy of
- * this software and associated documentation files (the "Software"), to deal in
- * the Software without restriction, including without limitation the rights to
- * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
- * the Software, and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
- * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
- * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
- * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
- * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- *
- * https://www.FreeRTOS.org
- * https://github.com/FreeRTOS
- *
+/*
+ * FreeRTOS SMP Kernel V202110.00
+ * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
+ * Copyright (c) 2021 Raspberry Pi (Trading) Ltd.
+ *
+ * SPDX-License-Identifier: MIT AND BSD-3-Clause
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of
+ * this software and associated documentation files (the "Software"), to deal in
+ * the Software without restriction, including without limitation the rights to
+ * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+ * the Software, and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+ * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+ * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * https://www.FreeRTOS.org
+ * https://github.com/FreeRTOS
+ *
  */
 // # 37 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico.h" 1
@@ -4283,14 +4283,14 @@ int spin_lock_claim_unused(bool required);
 bool spin_lock_is_claimed(uint lock_num);
 // # 39 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 2
 
-/*-----------------------------------------------------------
- * Port specific definitions.
- *
- * The settings in this file configure FreeRTOS correctly for the
- * given hardware and compiler.
- *
- * These settings should not be altered.
- *-----------------------------------------------------------
+/*-----------------------------------------------------------
+ * Port specific definitions.
+ *
+ * The settings in this file configure FreeRTOS correctly for the
+ * given hardware and compiler.
+ *
+ * These settings should not be altered.
+ *-----------------------------------------------------------
  */
 
 /* Type definitions. */
@@ -4306,7 +4306,7 @@ bool spin_lock_is_claimed(uint lock_num);
         typedef uint32_t TickType_t;
 
 
-/* 32-bit tick type on a 32-bit architecture, so reads of the tick count do
+/* 32-bit tick type on a 32-bit architecture, so reads of the tick count do
  * not need to be guarded with a critical section. */
 
 
@@ -4317,13 +4317,13 @@ bool spin_lock_is_claimed(uint lock_num);
 
 
 
-        /* Reason for rewrite: VeriFast does not support the attriibute `used`. 
+        /* Reason for rewrite: VeriFast does not support the attriibute `used`. 
          */
 
 
 
 
-    /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config,
+    /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config,
      * as our FreeRTOSConfig.h header cannot be included by ASM code - which is what this affects in the SDK */
 
 
@@ -4388,11 +4388,11 @@ bool spin_lock_is_claimed(uint lock_num);
 
 
 
-    /* Note this is a single method with uxAcquire parameter since we have
-     * static vars, the method is always called with a compile time constant for
+    /* Note this is a single method with uxAcquire parameter since we have
+     * static vars, the method is always called with a compile time constant for
      * uxAcquire, and the compiler should dothe right thing! */
 
-        /* Reason for rewrite: VeriFast does not support local static variables.
+        /* Reason for rewrite: VeriFast does not support local static variables.
          */
 // # 226 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
 /*-----------------------------------------------------------*/
diff --git a/verification/verifast/start-vfide--preprocessed.sh b/verification/verifast/start-vfide--preprocessed.sh
index 59c16dfdb05..de71a2bf1b4 100755
--- a/verification/verifast/start-vfide--preprocessed.sh
+++ b/verification/verifast/start-vfide--preprocessed.sh
@@ -11,7 +11,7 @@ echo Path to vfide binary : "\'$VFIDE\'"
 START_WD=`pwd`
 PP_SCRIPT_DIR="$START_WD/custom_build_scripts_RP2040"
 PP_SCRIPT="./preprocess_tasks_c.sh"
-PP_TASK_C="$START_WD/preprocessed_files/tasks--pp.c"
+PP_TASK_C="$START_WD/preprocessed_files/tasks__pp.c"
 
 FONT_SIZE=16
 

From 2404a2f2533af129bb17a8f6f439fea9af6e976f Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Thu, 3 Nov 2022 15:40:12 -0400
Subject: [PATCH 083/289] Added flag to skip very expensive part of the proof
 for `prvInitialiseNewTask`.

When the symbol `VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT` is defined in the preprocessor script, we skip the verification of the stack alignment. This part of the proof involves bit vector arithmetic and hence takes long to verify.
---
 tasks.c                                       | 107 ++++--
 .../preprocess_tasks_c.sh                     |   4 +
 .../verifast/preprocessed_files/tasks__pp.c   | 344 +++++++++---------
 .../verifast/start-vfide--preprocessed.sh     |   5 +
 4 files changed, 263 insertions(+), 197 deletions(-)

diff --git a/tasks.c b/tasks.c
index fb5912ecf4a..79f3781377e 100644
--- a/tasks.c
+++ b/tasks.c
@@ -1509,43 +1509,90 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             pxTopOfStack = &( pxNewTCB->pxStack[ ulStackDepth - ( uint32_t ) 1 ] );
             //@ StackType_t* gOldTop = pxTopOfStack;
             //@ char* gcStack = (char*) pxNewTCB->pxStack;
-            
-            // Axiomatize that pointers on RP2040 are 32bit
-            //@ ptr_range(pxTopOfStack);
-
-            /* Convert top and mask to VeriFast bitvectors and establish
-             * relation to C variables.
-             * Note that on RP2040:
-             * - `portPOINTER_SIZE_TYPE` == `uint32_t`
-             * - `portBYTE_ALIGNMENT_MASK` == `0x0007`
+
+            /* Set the following flag to skip and expensive part of this proof:
+             * `VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT`
+             *
+             * For VeriFast bit vector proofs are very computation intensive.
+             * Hence, reasoning about the stack alignment below takes relatively 
+             * long.
              */
-            //@ uint32_t gMask = 0x0007;
-            //@ Z gzTop = Z_of_uint32((int) pxTopOfStack);
-            //@ Z gzMask = Z_of_uint32((int) gMask);
-            //@ bitnot_def(gMask, gzMask);
-            //@ bitand_def((int) pxTopOfStack, gzTop, ~gMask, Z_not(gzMask));
+            #ifndef VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT
+                // Axiomatize that pointers on RP2040 are 32bit
+                //@ ptr_range(pxTopOfStack);
+
+                /* Convert top and mask to VeriFast bitvectors and establish
+                * relation to C variables.
+                * Note that on RP2040:
+                * - `portPOINTER_SIZE_TYPE` == `uint32_t`
+                * - `portBYTE_ALIGNMENT_MASK` == `0x0007`
+                */
+                //@ uint32_t gMask = 0x0007;
+                //@ Z gzTop = Z_of_uint32((int) pxTopOfStack);
+                //@ Z gzMask = Z_of_uint32((int) gMask);
+                //@ bitnot_def(gMask, gzMask);
+                //@ bitand_def((int) pxTopOfStack, gzTop, ~gMask, Z_not(gzMask));
+            #else
+                /* Axiomatise that no over- or underflow occurs. 
+                * We further assume that `portPOINTER_SIZE_TYPE` evaluates to 
+                * `uint32_t`.
+                */
+                //@ ptr_range(pxTopOfStack);
+                /*@ assume( ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) 
+                                & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ) 
+                            > 0 );
+                @*/
+                /*@ assume( ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) 
+                                & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ) 
+                            <= (StackType_t*) UINTPTR_MAX );
+                @*/
+            #endif /* VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT */
 
             pxTopOfStack = ( StackType_t * ) ( ( ( portPOINTER_SIZE_TYPE ) pxTopOfStack ) & ( ~( ( portPOINTER_SIZE_TYPE ) portBYTE_ALIGNMENT_MASK ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception.  Avoiding casts between pointers and integers is not practical.  Size differences accounted for using portPOINTER_SIZE_TYPE type.  Checked by assert(). */
-            //@ uint32_t gUnalignedBytes = (char*) gOldTop - (char*) pxTopOfStack;
-
-            // The following alignment assertions hold but take very long to verify.
-            ///@ assert( pxTopOfStack <= gOldTop );
-            ///@ assert( gOldTop - 7 <= pxTopOfStack );
-
-            /* Check the alignment of the calculated top of stack is correct. */
             
-            // Same as above but for aligned top pointer:
-            //@ Z gzAlignedTop = Z_of_uint32((int) pxTopOfStack);
-            //@ bitand_def((int) pxTopOfStack, gzAlignedTop, gMask, gzMask);
+            #ifndef VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT
+                //@ uint32_t gUnalignedBytes = (char*) gOldTop - (char*) pxTopOfStack;
+
+                // The following alignment assertions hold but take very long to verify.
+                ///@ assert( pxTopOfStack <= gOldTop );
+                ///@ assert( gOldTop - 7 <= pxTopOfStack );
+                
+                // Same as above but for aligned top pointer:
+                //@ Z gzAlignedTop = Z_of_uint32((int) pxTopOfStack);
+                //@ bitand_def((int) pxTopOfStack, gzAlignedTop, gMask, gzMask);
+            #else
+                /* Axiomatize that alignmet check succeeds. 
+                 * We further assume that `portPOINTER_SIZE_TYPE` evaluates to 
+                 * `uint32_t`*/
+                //@ ptr_range(pxTopOfStack);
+                /*@ assume( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL );
+                 @*/
+            #endif /* VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT */
 
+            /* Check the alignment of the calculated top of stack is correct. */
             configASSERT( ( ( ( portPOINTER_SIZE_TYPE ) pxTopOfStack & ( portPOINTER_SIZE_TYPE ) portBYTE_ALIGNMENT_MASK ) == 0UL ) );  
 
-            /*@
-            if( pxTopOfStack < gOldTop )
-            {
-                chars_split_at(gcStack, (char*) pxTopOfStack + sizeof(StackType_t));
-            }
-            @*/
+            #ifndef VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT
+                /* Remark: Moving this proof step in front of the above
+                 *         assertion increases proof checking time by a lot.
+                 */
+                /*@
+                if( pxTopOfStack < gOldTop )
+                {
+                    chars_split_at(gcStack, (char*) pxTopOfStack + sizeof(StackType_t));
+                }
+                @*/
+            #else
+                /* Axiomatize that bit vector operations did not change stack
+                 * pointer.
+                 */
+                /* TODO: Can we simplify the axiomatizations here and above
+                 *       by assuming that the top pointer was already aligned?
+                 */
+                //@ assume( pxTopOfStack == gOldTop );
+                //@ int gUnalignedBytes = 0;
+            #endif /* VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT */
+
             //@ assert( chars(gcStack, ?gFreeBytes, _) );
             //@ char* gUnalignedPtr = (char*) pxNewTCB->pxStack +  gFreeBytes;
             //@ close unalignedRestOfStack_p(gUnalignedPtr, gUnalignedBytes);
diff --git a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
index 445e6ec43be..4de715265b9 100755
--- a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
+++ b/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh
@@ -32,6 +32,9 @@ PP_OUT_DIR="$VF_PROOF_BASE_DIR/preprocessed_files"
 PP_TASK_C="$PP_OUT_DIR/tasks__pp.c"
 
 
+# Flags to SKIP expensive proofs:
+# - VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT
+
 
 pwd
 mkdir $LOG_PP_OUT_DIR
@@ -44,6 +47,7 @@ mkdir $LOG_PP_OUT_DIR
 echo start preprocessor
 clang -E -C  -DFREE_RTOS_KERNEL_SMP=1 -DLIB_FREERTOS_KERNEL=1 -DLIB_PICO_BIT_OPS=1 -DLIB_PICO_BIT_OPS_PICO=1 -DLIB_PICO_DIVIDER=1 -DLIB_PICO_DIVIDER_HARDWARE=1 -DLIB_PICO_DOUBLE=1 -DLIB_PICO_DOUBLE_PICO=1 -DLIB_PICO_FLOAT=1 -DLIB_PICO_FLOAT_PICO=1 -DLIB_PICO_INT64_OPS=1 -DLIB_PICO_INT64_OPS_PICO=1 -DLIB_PICO_MALLOC=1 -DLIB_PICO_MEM_OPS=1 -DLIB_PICO_MEM_OPS_PICO=1 -DLIB_PICO_MULTICORE=1 -DLIB_PICO_PLATFORM=1 -DLIB_PICO_PRINTF=1 -DLIB_PICO_PRINTF_PICO=1 -DLIB_PICO_RUNTIME=1 -DLIB_PICO_STANDARD_LINK=1 -DLIB_PICO_STDIO=1 -DLIB_PICO_STDIO_UART=1 -DLIB_PICO_STDLIB=1 -DLIB_PICO_SYNC=1 -DLIB_PICO_SYNC_CORE=1 -DLIB_PICO_SYNC_CRITICAL_SECTION=1 -DLIB_PICO_SYNC_MUTEX=1 -DLIB_PICO_SYNC_SEM=1 -DLIB_PICO_TIME=1 -DLIB_PICO_UTIL=1 -DPICO_BOARD=\"pico\" -DPICO_BUILD=1 -DPICO_CMAKE_BUILD_TYPE=\"Release\" -DPICO_COPY_TO_RAM=0 -DPICO_CXX_ENABLE_EXCEPTIONS=0 -DPICO_NO_FLASH=0 -DPICO_NO_HARDWARE=0 -DPICO_ON_DEVICE=1 -DPICO_STACK_SIZE=0x1000 -DPICO_TARGET_NAME=\"on_core_one\" -DPICO_USE_BLOCKED_RAM=0 -DmainRUN_FREE_RTOS_ON_CORE=1 \
 -DVERIFAST \
+-DVERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT \
 -I"$VF_DIR/bin" \
 -I"$PROOF_SETUP_DIR" \
 -I"$PROOF_FILES_DIR" \
diff --git a/verification/verifast/preprocessed_files/tasks__pp.c b/verification/verifast/preprocessed_files/tasks__pp.c
index d9c8143b2f9..67d80d9e7a5 100644
--- a/verification/verifast/preprocessed_files/tasks__pp.c
+++ b/verification/verifast/preprocessed_files/tasks__pp.c
@@ -60,40 +60,40 @@ typedef intptr_t ptrdiff_t;
 typedef intptr_t ssize_t;
 // # 5 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/malloc.h" 2
 
-/*@
-
-// In Standard C, freeing a null pointer is allowed and is a no-op.
-lemma_auto void malloc_block_null();
-    requires emp;
-    ensures malloc_block(0, 0);
-
-lemma void malloc_block_limits(void *array);
-    requires [?f]malloc_block(array, ?size);
-    ensures [f]malloc_block(array, size) &*& (void *)0 <= array &*& 0 <= size &*& array + size <= (void *)UINTPTR_MAX;
-
+/*@
+
+// In Standard C, freeing a null pointer is allowed and is a no-op.
+lemma_auto void malloc_block_null();
+    requires emp;
+    ensures malloc_block(0, 0);
+
+lemma void malloc_block_limits(void *array);
+    requires [?f]malloc_block(array, ?size);
+    ensures [f]malloc_block(array, size) &*& (void *)0 <= array &*& 0 <= size &*& array + size <= (void *)UINTPTR_MAX;
+
 @*/
 
 void *malloc(size_t size);
     //@ requires true;
-    /*@
-    ensures
-        result == 0 ?
-            emp
-        :
-            chars_(result, size, _) &*& malloc_block(result, size) &*&
-            (char *)0 < result && result + size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
+    /*@
+    ensures
+        result == 0 ?
+            emp
+        :
+            chars_(result, size, _) &*& malloc_block(result, size) &*&
+            (char *)0 < result && result + size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
     @*/
     //@ terminates;
 
 void *calloc(size_t nmemb, size_t size);
     //@ requires true;
-    /*@
-    ensures
-        result == 0 ?
-            emp
-        :
-            chars(result, nmemb * size, ?cs) &*& malloc_block(result, nmemb * size) &*& all_eq(cs, 0) == true &*&
-            (char *)0 < result && result + nmemb * size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
+    /*@
+    ensures
+        result == 0 ?
+            emp
+        :
+            chars(result, nmemb * size, ?cs) &*& malloc_block(result, nmemb * size) &*& all_eq(cs, 0) == true &*&
+            (char *)0 < result && result + nmemb * size <= (char *)UINTPTR_MAX; // one-past-end does not overflow
     @*/
     //@ terminates;
 
@@ -104,16 +104,16 @@ void free(void *array);
 
 void *realloc(void *array, size_t newSize);
     //@ requires malloc_block(array, ?size) &*& chars(array, size, ?cs);
-    /*@
-    ensures
-        result == 0 ?
-            malloc_block(array, size) &*& chars(array, size, cs)
-        :
-            malloc_block(result, newSize) &*&
-            newSize <= size ?
-                chars(result, _, take(newSize, cs))
-            :
-                chars(result, _, cs) &*& chars(result + size, newSize - size, _);
+    /*@
+    ensures
+        result == 0 ?
+            malloc_block(array, size) &*& chars(array, size, cs)
+        :
+            malloc_block(result, newSize) &*&
+            newSize <= size ?
+                chars(result, _, take(newSize, cs))
+            :
+                chars(result, _, cs) &*& chars(result + size, newSize - size, _);
     @*/
     //@ terminates;
 // # 6 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdlib.h" 2
@@ -158,21 +158,21 @@ void memcpy(void *array, void *array0, size_t count);
     //@ ensures chars(array, count, cs0) &*& [f]chars(array0, count, cs0);
 
 void memmove(void *dest, void *src, size_t count);
-    /*@
-    requires
-        chars(src, count, ?cs) &*&
-        dest <= src ?
-            chars(dest, src - dest, _)
-        :
-            chars(src + count, dest - src, _);
+    /*@
+    requires
+        chars(src, count, ?cs) &*&
+        dest <= src ?
+            chars(dest, src - dest, _)
+        :
+            chars(src + count, dest - src, _);
     @*/
-    /*@
-    ensures
-        chars(dest, count, cs) &*&
-        dest <= src ?
-            chars(dest + count, src - dest, _)
-        :
-            chars(src, dest - src, _);
+    /*@
+    ensures
+        chars(dest, count, cs) &*&
+        dest <= src ?
+            chars(dest + count, src - dest, _)
+        :
+            chars(src, dest - src, _);
     @*/
 
 size_t strlen(char *string);
@@ -193,15 +193,15 @@ char *memchr(char *array, char c, size_t count);
 
 char* strchr(char *str, char c);
     //@ requires [?f]string(str, ?cs);
-    /*@ ensures
-            [f]string(str, cs) &*&
-            c == 0 ? 
-                result == str + length(cs)
-            : 
-                result == 0 ?
-                    mem(c, cs) == false
-                :
-                    mem(c, cs) == true &*& result == str + index_of(c, cs);
+    /*@ ensures
+            [f]string(str, cs) &*&
+            c == 0 ? 
+                result == str + length(cs)
+            : 
+                result == 0 ?
+                    mem(c, cs) == false
+                :
+                    mem(c, cs) == true &*& result == str + index_of(c, cs);
     @*/
 
 void* memset(void *array, char value, size_t size);
@@ -548,33 +548,33 @@ typedef void (* TaskFunction_t)( void * );
  * must be set in the compiler's include path. */
 
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 1
-/*
- * FreeRTOS SMP Kernel V202110.00
- * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
- * Copyright (c) 2021 Raspberry Pi (Trading) Ltd.
- *
- * SPDX-License-Identifier: MIT AND BSD-3-Clause
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy of
- * this software and associated documentation files (the "Software"), to deal in
- * the Software without restriction, including without limitation the rights to
- * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
- * the Software, and to permit persons to whom the Software is furnished to do so,
- * subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
- * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
- * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
- * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
- * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- *
- * https://www.FreeRTOS.org
- * https://github.com/FreeRTOS
- *
+/*
+ * FreeRTOS SMP Kernel V202110.00
+ * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
+ * Copyright (c) 2021 Raspberry Pi (Trading) Ltd.
+ *
+ * SPDX-License-Identifier: MIT AND BSD-3-Clause
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of
+ * this software and associated documentation files (the "Software"), to deal in
+ * the Software without restriction, including without limitation the rights to
+ * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+ * the Software, and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+ * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+ * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * https://www.FreeRTOS.org
+ * https://github.com/FreeRTOS
+ *
  */
 // # 37 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico.h" 1
@@ -4283,14 +4283,14 @@ int spin_lock_claim_unused(bool required);
 bool spin_lock_is_claimed(uint lock_num);
 // # 39 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 2
 
-/*-----------------------------------------------------------
- * Port specific definitions.
- *
- * The settings in this file configure FreeRTOS correctly for the
- * given hardware and compiler.
- *
- * These settings should not be altered.
- *-----------------------------------------------------------
+/*-----------------------------------------------------------
+ * Port specific definitions.
+ *
+ * The settings in this file configure FreeRTOS correctly for the
+ * given hardware and compiler.
+ *
+ * These settings should not be altered.
+ *-----------------------------------------------------------
  */
 
 /* Type definitions. */
@@ -4306,7 +4306,7 @@ bool spin_lock_is_claimed(uint lock_num);
         typedef uint32_t TickType_t;
 
 
-/* 32-bit tick type on a 32-bit architecture, so reads of the tick count do
+/* 32-bit tick type on a 32-bit architecture, so reads of the tick count do
  * not need to be guarded with a critical section. */
 
 
@@ -4317,13 +4317,13 @@ bool spin_lock_is_claimed(uint lock_num);
 
 
 
-        /* Reason for rewrite: VeriFast does not support the attriibute `used`. 
+        /* Reason for rewrite: VeriFast does not support the attriibute `used`. 
          */
 
 
 
 
-    /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config,
+    /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config,
      * as our FreeRTOSConfig.h header cannot be included by ASM code - which is what this affects in the SDK */
 
 
@@ -4388,11 +4388,11 @@ bool spin_lock_is_claimed(uint lock_num);
 
 
 
-    /* Note this is a single method with uxAcquire parameter since we have
-     * static vars, the method is always called with a compile time constant for
+    /* Note this is a single method with uxAcquire parameter since we have
+     * static vars, the method is always called with a compile time constant for
      * uxAcquire, and the compiler should dothe right thing! */
 
-        /* Reason for rewrite: VeriFast does not support local static variables.
+        /* Reason for rewrite: VeriFast does not support local static variables.
          */
 // # 226 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h"
 /*-----------------------------------------------------------*/
@@ -11343,49 +11343,59 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             //@ StackType_t* gOldTop = pxTopOfStack;
             //@ char* gcStack = (char*) pxNewTCB->pxStack;
 
-            // Axiomatize that pointers on RP2040 are 32bit
-            //@ ptr_range(pxTopOfStack);
-
-            /* Convert top and mask to VeriFast bitvectors and establish
-             * relation to C variables.
-             * Note that on RP2040:
-             * - `portPOINTER_SIZE_TYPE` == `uint32_t`
-             * - `portBYTE_ALIGNMENT_MASK` == `0x0007`
+            /* Set the following flag to skip and expensive part of this proof:
+             * `VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT`
+             *
+             * For VeriFast bit vector proofs are very computation intensive.
+             * Hence, reasoning about the stack alignment below takes relatively 
+             * long.
              */
-            //@ uint32_t gMask = 0x0007;
-            //@ Z gzTop = Z_of_uint32((int) pxTopOfStack);
-            //@ Z gzMask = Z_of_uint32((int) gMask);
-            //@ bitnot_def(gMask, gzMask);
-            //@ bitand_def((int) pxTopOfStack, gzTop, ~gMask, Z_not(gzMask));
+// # 1536 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+                /* Axiomatise that no over- or underflow occurs. 
+                * We further assume that `portPOINTER_SIZE_TYPE` evaluates to 
+                * `uint32_t`.
+                */
+                //@ ptr_range(pxTopOfStack);
+                /*@ assume( ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) 
+                                & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ) 
+                            > 0 );
+                @*/
+                /*@ assume( ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) 
+                                & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ) 
+                            <= (StackType_t*) UINTPTR_MAX );
+                @*/
+
 
             pxTopOfStack = ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception.  Avoiding casts between pointers and integers is not practical.  Size differences accounted for using portPOINTER_SIZE_TYPE type.  Checked by assert(). */
-            //@ uint32_t gUnalignedBytes = (char*) gOldTop - (char*) pxTopOfStack;
+// # 1564 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+                /* Axiomatize that alignmet check succeeds. 
+                 * We further assume that `portPOINTER_SIZE_TYPE` evaluates to 
+                 * `uint32_t`*/
+                //@ ptr_range(pxTopOfStack);
+                /*@ assume( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL );
+                 @*/
 
-            // The following alignment assertions hold but take very long to verify.
-            ///@ assert( pxTopOfStack <= gOldTop );
-            ///@ assert( gOldTop - 7 <= pxTopOfStack );
 
             /* Check the alignment of the calculated top of stack is correct. */
-
-            // Same as above but for aligned top pointer:
-            //@ Z gzAlignedTop = Z_of_uint32((int) pxTopOfStack);
-            //@ bitand_def((int) pxTopOfStack, gzAlignedTop, gMask, gzMask);
-
             assert(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL ));
+// # 1586 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+                /* Axiomatize that bit vector operations did not change stack
+                 * pointer.
+                 */
+                /* TODO: Can we simplify the axiomatizations here and above
+                 *       by assuming that the top pointer was already aligned?
+                 */
+                //@ assume( pxTopOfStack == gOldTop );
+                //@ int gUnalignedBytes = 0;
+
 
-            /*@
-            if( pxTopOfStack < gOldTop )
-            {
-                chars_split_at(gcStack, (char*) pxTopOfStack + sizeof(StackType_t));
-            }
-            @*/
             //@ assert( chars(gcStack, ?gFreeBytes, _) );
             //@ char* gUnalignedPtr = (char*) pxNewTCB->pxStack +  gFreeBytes;
             //@ close unalignedRestOfStack_p(gUnalignedPtr, gUnalignedBytes);
             //@ close stack_p_2(pxNewTCB->pxStack, ulStackDepth, pxTopOfStack, gFreeBytes, 0, gUnalignedBytes);        
-// # 1562 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1609 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
-// # 1576 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1623 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Store the task name in the TCB. */
     if( pcName != 0 )
     {
@@ -11459,7 +11469,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         {
             pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U;
         }
-// # 1668 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1715 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* Avoid compiler warning about unreferenced parameter. */
             ( void ) xRegions;
@@ -11487,7 +11497,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
             memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) );
             //@ chars_to_uchars(pxNewTCB->ucNotifyState);
         }
-// # 1707 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1754 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
 
                 /* Reason for rewrite: Assignment not type safe. */
@@ -11496,17 +11506,17 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
 
 
         }
-// # 1730 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1777 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Initialize the TCB stack to look as if the task was already running,
      * but had been interrupted by the scheduler.  The return address is set
      * to the start of the task function. Once the stack has been initialised
      * the top of stack variable is updated. */
-// # 1758 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1805 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         {
             /* If the port has capability to detect stack overflow,
              * pass the stack end address to the stack initialization
              * function as well. */
-// # 1775 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 1822 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                 {
                     pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters );
                 }
@@ -12216,13 +12226,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB )
 
 
 /*-----------------------------------------------------------*/
-// # 2518 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2565 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2541 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2588 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2559 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2606 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 2587 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 2634 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -12589,7 +12599,7 @@ static BaseType_t prvCreateIdleTasks( void )
         {
                                     ;
         }
-// # 3000 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3047 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 if( xCoreID == 0 )
                 {
@@ -12601,7 +12611,7 @@ static BaseType_t prvCreateIdleTasks( void )
                                            ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */
                                            &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */
                 }
-// # 3023 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3070 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             }
 
     }
@@ -12638,7 +12648,7 @@ void vTaskStartScheduler( void )
          * so interrupts will automatically get re-enabled when the first task
          * starts to run. */
         assert_fct(false, "portDISABLE_INTERRUPTS");
-// # 3073 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3120 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL;
         xSchedulerRunning = ( ( char ) 1 );
         xTickCount = ( TickType_t ) 0;
@@ -12735,7 +12745,7 @@ void vTaskSuspendAll( void )
     }
 }
 /*----------------------------------------------------------*/
-// # 3231 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3278 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskResumeAll( void )
@@ -13105,7 +13115,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
                          * each task in the Suspended state. */
                         uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended );
                     }
-// # 3614 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3661 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         if( pulTotalRunTime != 0 )
                         {
@@ -13144,7 +13154,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char
  * This is to ensure vTaskStepTick() is available when user defined low power mode
  * implementations require configUSE_TICKLESS_IDLE to be set to a value other than
  * 1. */
-// # 3665 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 3712 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
 
 BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp )
@@ -13454,13 +13464,13 @@ BaseType_t xTaskIncrementTick( void )
     return xSwitchRequired;
 }
 /*-----------------------------------------------------------*/
-// # 4003 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4050 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4027 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4074 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4052 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4099 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 4085 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4132 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 void vTaskSwitchContext( BaseType_t xCoreID )
@@ -13490,7 +13500,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
         {
             xYieldPendings[ xCoreID ] = ( ( char ) 0 );
                                     ;
-// # 4143 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4190 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             /* Check for stack overflow, if configured. */
             { const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } };
 
@@ -13507,7 +13517,7 @@ void vTaskSwitchContext( BaseType_t xCoreID )
                                    ;
 
             /* After the new task is switched in, update the global errno. */
-// # 4177 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4224 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         }
     }
     vPortRecursiveLock(0, spin_lock_instance(14), ( ( char ) 0 ));
@@ -13620,7 +13630,7 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList )
     {
         ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) );
         ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ;
-// # 4303 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4350 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
     else
     {
@@ -13660,7 +13670,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem,
     pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too.  Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */
     assert(pxUnblockedTCB);
     ( void ) uxListRemove( pxEventListItem );
-// # 4357 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4404 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     /* Remove the task from the delayed list and add it to the ready list.  The
      * scheduler is suspended so interrupts will not be accessing the ready
      * lists. */
@@ -13825,7 +13835,7 @@ void vTaskMissedYield( void )
  *
  * @todo additional conditional compiles to remove this function.
  */
-// # 4581 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4628 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*
  * -----------------------------------------------------------
  * The Idle task.
@@ -13855,7 +13865,7 @@ static void prvIdleTask( void * pvParameters )
         /* See if any tasks have deleted themselves - if so then the idle task
          * is responsible for freeing the deleted task's TCB and stack. */
         prvCheckTasksWaitingTermination();
-// # 4622 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4669 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 /* When using preemption tasks of equal priority will be
                  * timesliced.  If a task that is sharing the idle priority is ready
@@ -13876,16 +13886,16 @@ static void prvIdleTask( void * pvParameters )
                                             ;
                 }
             }
-// # 4658 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4705 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
         /* This conditional compilation should use inequality to 0, not equality
          * to 1.  This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when
          * user defined low power mode  implementations require
          * configUSE_TICKLESS_IDLE to be set to a value other than 1. */
-// # 4723 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4770 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 }
 /*-----------------------------------------------------------*/
-// # 4773 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4820 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -13930,7 +13940,7 @@ static void prvIdleTask( void * pvParameters )
 
 
 /*-----------------------------------------------------------*/
-// # 4833 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4880 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvInitialiseTaskLists( void )
@@ -14032,7 +14042,7 @@ static void prvCheckTasksWaitingTermination( void )
             {
                 pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority;
             }
-// # 4945 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 4992 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
             {
                 pxTaskStatus->ulRunTimeCounter = 0;
             }
@@ -14163,7 +14173,7 @@ static void prvCheckTasksWaitingTermination( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5114 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5161 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 
@@ -14220,7 +14230,7 @@ static void prvCheckTasksWaitingTermination( void )
                 free( (void*) pxTCB->pxStack);
                 free( (void*) pxTCB);
             }
-// # 5197 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5244 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
     }
 
 
@@ -14722,11 +14732,11 @@ void vTaskYieldWithinAPI( void )
 
 
 /*-----------------------------------------------------------*/
-// # 5724 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5771 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
-// # 5830 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 5877 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*----------------------------------------------------------*/
-// # 5957 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6004 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 TickType_t uxTaskResetEventItemValue( void )
@@ -15000,7 +15010,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
                 /* The task should not have been on an event list. */
                 assert(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0);
-// # 6248 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6295 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
                     {
                         prvYieldForTask( pxTCB, ( ( char ) 0 ) );
                     }
@@ -15294,7 +15304,7 @@ TickType_t uxTaskResetEventItemValue( void )
 
 
 /*-----------------------------------------------------------*/
-// # 6557 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6604 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 /*-----------------------------------------------------------*/
 
 static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
@@ -15370,7 +15380,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait,
                 }
             }
         }
-// # 6669 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
+// # 6716 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c"
 }
 
 /* Code below here allows additional code to be inserted into this source file,
diff --git a/verification/verifast/start-vfide--preprocessed.sh b/verification/verifast/start-vfide--preprocessed.sh
index de71a2bf1b4..09e7c2d5633 100755
--- a/verification/verifast/start-vfide--preprocessed.sh
+++ b/verification/verifast/start-vfide--preprocessed.sh
@@ -15,6 +15,11 @@ PP_TASK_C="$START_WD/preprocessed_files/tasks__pp.c"
 
 FONT_SIZE=16
 
+# Flags to SKIP expensive proofs:
+# - VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT
+# Currently, these flags are set manually in the preprocessing script.
+
+
 cd "$PP_SCRIPT_DIR"
 pwd
 ls

From 94e0f215746ecb07731880ca5ad631e6d526974e Mon Sep 17 00:00:00 2001
From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com>
Date: Fri, 4 Nov 2022 11:15:15 -0400
Subject: [PATCH 084/289] Added rewrite to remove const qualifiers from
 pointers.

---
 tasks.c                                       |   7 +
 .../custom_build_scripts_RP2040/vf_rewrite.sh |   4 +
 .../verifast/preprocessed_files/tasks__pp.c   | 483 +++++++++++++-----
 .../verifast/proof/verifast_lock_predicates.h |  34 ++
 4 files changed, 397 insertions(+), 131 deletions(-)
 create mode 100644 verification/verifast/proof/verifast_lock_predicates.h

diff --git a/tasks.c b/tasks.c
index 79f3781377e..628c54dd5f5 100644
--- a/tasks.c
+++ b/tasks.c
@@ -62,7 +62,11 @@
     #include "verifast_bitops_extended.h"
     #include "verifast_asm.h"
 
+    //#include "verifast_lock_predicates.h"
+
     #include "snippets/rp2040_port_c_snippets.c"
+
+    #include "list.c"
 #endif
 
 /* Lint e9021, e961 and e750 are suppressed as a MISRA exception justified
@@ -1673,7 +1677,10 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode,
         }
     #endif /* configUSE_MUTEXES */
 
+    // TODO: Add contract
+    // TODO: Why does VeriFast not complain?
     vListInitialiseItem( &( pxNewTCB->xStateListItem ) );
+    //@ assert(false);
     vListInitialiseItem( &( pxNewTCB->xEventListItem ) );
 
 
diff --git a/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh b/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh
index 2e163ab3e43..e719b922666 100755
--- a/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh
+++ b/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh
@@ -24,6 +24,7 @@ rewrite()
 echo "Commenting out line/file pragmas"
 rewrite "^#" "// &"
 
+echo "Fixing order of 'long', 'unsigned'"
 rewrite "long unsigned int" "unsigned long int"
 
 echo "Delete fixed-sized array typedefs"
@@ -35,6 +36,9 @@ rewrite "__attribute__(([_a-z]*))" ""
 # TODO: Why does matching `\s` or `:space:` not work on MacOs?
 rewrite "__attribute__( ( [_a-z]* ) )" ""
 
+echo "Removing const qualifiers from pointers"
+rewrite "* const" "*"
+
 #echo "VF RW: 'long unsigned int' -> 'unsinged long int'"
 #echo "backup : $VF_RW_WD/$SOURCE_FILE.backup-$BACKUP_IDX"
 #echo backup index $BACKUP_IDX
diff --git a/verification/verifast/preprocessed_files/tasks__pp.c b/verification/verifast/preprocessed_files/tasks__pp.c
index 67d80d9e7a5..b7030690592 100644
--- a/verification/verifast/preprocessed_files/tasks__pp.c
+++ b/verification/verifast/preprocessed_files/tasks__pp.c
@@ -4493,7 +4493,7 @@ typedef struct xHeapStats
  * terminated by a HeapRegions_t structure that has a size of 0.  The region
  * with the lowest start address must appear first in the array.
  */
-void vPortDefineHeapRegions( const HeapRegion_t * const pxHeapRegions ) ;
+void vPortDefineHeapRegions( const HeapRegion_t * pxHeapRegions ) ;
 
 /*
  * Returns a HeapStats_t structure filled with information about the current
@@ -5403,7 +5403,7 @@ typedef struct xLIST
  * \page vListInitialise vListInitialise
  * \ingroup LinkedList
  */
-void vListInitialise( List_t * const pxList ) ;
+void vListInitialise( List_t * pxList ) ;
 
 /*
  * Must be called before a list item is used.  This sets the list container to
@@ -5414,7 +5414,7 @@ void vListInitialise( List_t * const pxList ) ;
  * \page vListInitialiseItem vListInitialiseItem
  * \ingroup LinkedList
  */
-void vListInitialiseItem( ListItem_t * const pxItem ) ;
+void vListInitialiseItem( ListItem_t * pxItem ) ;
 //@ requires true;
 //@ ensures true;
 
@@ -5429,8 +5429,8 @@ void vListInitialiseItem( ListItem_t * const pxItem ) ;
  * \page vListInsert vListInsert
  * \ingroup LinkedList
  */
-void vListInsert( List_t * const pxList,
-                  ListItem_t * const pxNewListItem ) ;
+void vListInsert( List_t * pxList,
+                  ListItem_t * pxNewListItem ) ;
 
 /*
  * Insert a list item into a list.  The item will be inserted in a position
@@ -5451,8 +5451,8 @@ void vListInsert( List_t * const pxList,
  * \page vListInsertEnd vListInsertEnd
  * \ingroup LinkedList
  */
-void vListInsertEnd( List_t * const pxList,
-                     ListItem_t * const pxNewListItem ) ;
+void vListInsertEnd( List_t * pxList,
+                     ListItem_t * pxNewListItem ) ;
 
 /*
  * Remove an item from a list.  The list item has a pointer to the list that
@@ -5467,7 +5467,7 @@ void vListInsertEnd( List_t * const pxList,
  * \page uxListRemove uxListRemove
  * \ingroup LinkedList
  */
-UBaseType_t uxListRemove( ListItem_t * const pxItemToRemove ) ;
+UBaseType_t uxListRemove( ListItem_t * pxItemToRemove ) ;
 
 /* *INDENT-OFF* */
 
@@ -5815,11 +5815,11 @@ typedef enum
  */
 
     BaseType_t xTaskCreate( TaskFunction_t pxTaskCode,
-                            const char * const pcName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */
+                            const char * pcName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */
                             const uint32_t usStackDepth,
-                            void * const pvParameters,
+                            void * pvParameters,
                             UBaseType_t uxPriority,
-                            TaskHandle_t * const pxCreatedTask ) ;
+                            TaskHandle_t * pxCreatedTask ) ;
 // # 424 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/task.h"
 /**
  * task. h
@@ -6093,7 +6093,7 @@ typedef enum
 /**
  * task. h
  * 
- * void vTaskAllocateMPURegions( TaskHandle_t xTask, const MemoryRegion_t * const pxRegions );
+ * void vTaskAllocateMPURegions( TaskHandle_t xTask, const MemoryRegion_t * pxRegions );
  * 
* * Memory regions are assigned to a restricted task when the task is created by @@ -6138,7 +6138,7 @@ typedef enum * \ingroup Tasks */ void vTaskAllocateMPURegions( TaskHandle_t xTask, - const MemoryRegion_t * const pxRegions ) ; + const MemoryRegion_t * pxRegions ) ; /** * task. h @@ -6222,7 +6222,7 @@ void vTaskDelete( TaskHandle_t xTaskToDelete ) ; * void vTaskFunction( void * pvParameters ) * { * // Block for 500ms. - * const TickType_t xDelay = 500 / portTICK_PERIOD_MS; + * TickType_t xDelay = 500 / portTICK_PERIOD_MS; * * for( ;; ) * { @@ -6284,7 +6284,7 @@ void vTaskDelay( const TickType_t xTicksToDelay ) ; * void vTaskFunction( void * pvParameters ) * { * TickType_t xLastWakeTime; - * const TickType_t xFrequency = 10; + * TickType_t xFrequency = 10; * BaseType_t xWasDelayed; * * // Initialise the xLastWakeTime variable with the current time. @@ -6302,7 +6302,7 @@ void vTaskDelay( const TickType_t xTicksToDelay ) ; * \defgroup xTaskDelayUntil xTaskDelayUntil * \ingroup TaskCtrl */ -BaseType_t xTaskDelayUntil( TickType_t * const pxPreviousWakeTime, +BaseType_t xTaskDelayUntil( TickType_t * pxPreviousWakeTime, const TickType_t xTimeIncrement ) ; /* @@ -7064,7 +7064,7 @@ uint32_t uxTaskGetStackHighWaterMark2( TaskHandle_t xTask ) ; * so the following two prototypes will cause a compilation error. This can be * fixed by simply guarding against the inclusion of these two prototypes unless * they are explicitly required by the configUSE_APPLICATION_TASK_TAG configuration - * constant. */ + *ant. */ // # 1838 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/task.h" /* Each task contains an array of pointers that is dimensioned by the * configNUM_THREAD_LOCAL_STORAGE_POINTERS setting in FreeRTOSConfig.h. The @@ -7228,9 +7228,9 @@ TaskHandle_t *xTaskGetIdleTaskHandle( void ) ; * } *
*/ -UBaseType_t uxTaskGetSystemState( TaskStatus_t * const pxTaskStatusArray, +UBaseType_t uxTaskGetSystemState( TaskStatus_t * pxTaskStatusArray, const UBaseType_t uxArraySize, - uint32_t * const pulTotalRunTime ) ; + uint32_t * pulTotalRunTime ) ; /** * task. h @@ -8170,7 +8170,7 @@ uint32_t ulTaskGenericNotifyValueClear( TaskHandle_t xTask, /** * task.h *
- * void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut );
+ * void vTaskSetTimeOutState( TimeOut_t * pxTimeOut );
  * 
* * Capture the current time for future use with xTaskCheckForTimeOut(). @@ -8181,12 +8181,12 @@ uint32_t ulTaskGenericNotifyValueClear( TaskHandle_t xTask, * \defgroup vTaskSetTimeOutState vTaskSetTimeOutState * \ingroup TaskCtrl */ -void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut ) ; +void vTaskSetTimeOutState( TimeOut_t * pxTimeOut ) ; /** * task.h *
- * BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut, TickType_t * const pxTicksToWait );
+ * BaseType_t xTaskCheckForTimeOut( TimeOut_t * pxTimeOut, TickType_t * pxTicksToWait );
  * 
* * Determines if pxTicksToWait ticks has passed since a time was captured @@ -8266,8 +8266,8 @@ void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut ) ; * \defgroup xTaskCheckForTimeOut xTaskCheckForTimeOut * \ingroup TaskCtrl */ -BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut, - TickType_t * const pxTicksToWait ) ; +BaseType_t xTaskCheckForTimeOut( TimeOut_t * pxTimeOut, + TickType_t * pxTicksToWait ) ; /** * task.h @@ -8350,7 +8350,7 @@ BaseType_t xTaskIncrementTick( void ) ; * portTICK_PERIOD_MS can be used to convert kernel ticks into a real time * period. */ -void vTaskPlaceOnEventList( List_t * const pxEventList, +void vTaskPlaceOnEventList( List_t * pxEventList, const TickType_t xTicksToWait ) ; void vTaskPlaceOnUnorderedEventList( List_t * pxEventList, const TickType_t xItemValue, @@ -8367,7 +8367,7 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList, * indefinitely, whereas vTaskPlaceOnEventList() does. * */ -void vTaskPlaceOnEventListRestricted( List_t * const pxEventList, +void vTaskPlaceOnEventListRestricted( List_t * pxEventList, TickType_t xTicksToWait, const BaseType_t xWaitIndefinitely ) ; @@ -8395,7 +8395,7 @@ void vTaskPlaceOnEventListRestricted( List_t * const pxEventList, * @return pdTRUE if the task being removed has a higher priority than the task * making the call, otherwise pdFALSE. */ -BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList ) ; +BaseType_t xTaskRemoveFromEventList( const List_t * pxEventList ) ; void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem, const TickType_t xItemValue ) ; @@ -8508,7 +8508,7 @@ TaskHandle_t pvTaskIncrementMutexHeldCount( void ) ; * For internal use only. Same as vTaskSetTimeOutState(), but without a critical * section. */ -void vTaskInternalSetTimeOutState( TimeOut_t * const pxTimeOut ) ; +void vTaskInternalSetTimeOutState( TimeOut_t * pxTimeOut ) ; /* * For internal use only. Same as portYIELD_WITHIN_API() in single core FreeRTOS. @@ -8614,7 +8614,7 @@ typedef void (* PendedFunction_t)( void *, uint32_t ); /** - * TimerHandle_t xTimerCreate( const char * const pcTimerName, + * TimerHandle_t xTimerCreate( const char * pcTimerName, * TickType_t xTimerPeriodInTicks, * UBaseType_t uxAutoReload, * void * pvTimerID, @@ -8685,7 +8685,7 @@ typedef void (* PendedFunction_t)( void *, * void vTimerCallback( TimerHandle_t pxTimer ) * { * int32_t lArrayIndex; - * const int32_t xMaxExpiryCountBeforeStopping = 10; + * int32_t xMaxExpiryCountBeforeStopping = 10; * * // Optionally do something if the pxTimer parameter is NULL. * configASSERT( pxTimer ); @@ -8751,15 +8751,15 @@ typedef void (* PendedFunction_t)( void *, * @endverbatim */ - TimerHandle_t xTimerCreate( const char * const pcTimerName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + TimerHandle_t xTimerCreate( const char * pcTimerName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ const TickType_t xTimerPeriodInTicks, const UBaseType_t uxAutoReload, - void * const pvTimerID, + void * pvTimerID, TimerCallbackFunction_t pxCallbackFunction ) ; /** - * TimerHandle_t xTimerCreateStatic(const char * const pcTimerName, + * TimerHandle_t xTimerCreateStatic(const char * pcTimerName, * TickType_t xTimerPeriodInTicks, * UBaseType_t uxAutoReload, * void * pvTimerID, @@ -9755,7 +9755,7 @@ BaseType_t xTimerPendFunctionCall( PendedFunction_t xFunctionToPend, TickType_t xTicksToWait ) ; /** - * const char * const pcTimerGetName( TimerHandle_t xTimer ); + * char * pcTimerGetName( TimerHandle_t xTimer ); * * Returns the name that was assigned to a timer when the timer was created. * @@ -9838,13 +9838,13 @@ BaseType_t xTimerCreateTimerTask( void ) ; BaseType_t xTimerGenericCommandFromTask( TimerHandle_t xTimer, const BaseType_t xCommandID, const TickType_t xOptionalValue, - BaseType_t * const pxHigherPriorityTaskWoken, + BaseType_t * pxHigherPriorityTaskWoken, const TickType_t xTicksToWait ) ; BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer, const BaseType_t xCommandID, const TickType_t xOptionalValue, - BaseType_t * const pxHigherPriorityTaskWoken, + BaseType_t * pxHigherPriorityTaskWoken, const TickType_t xTicksToWait ) ; @@ -10313,6 +10313,8 @@ bool assert_fct(bool b, const char*) */ // # 64 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 + //#include "verifast_lock_predicates.h" + // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/snippets/rp2040_port_c_snippets.c" 1 /* * This file contains code snippets from: @@ -10534,7 +10536,223 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack, return pxTopOfStack; } -// # 66 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 +// # 68 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 + +// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/list.c" 1 +/* + * FreeRTOS SMP Kernel V202110.00 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * https://www.FreeRTOS.org + * https://github.com/FreeRTOS + * + */ + + + + +/* Defining MPU_WRAPPERS_INCLUDED_FROM_API_FILE prevents task.h from redefining + * all the API functions to use the MPU wrappers. That should only be done when + * task.h is included from an application file. */ + + + + + +/* Lint e9021, e961 and e750 are suppressed as a MISRA exception justified + * because the MPU ports require MPU_WRAPPERS_INCLUDED_FROM_API_FILE to be + * defined for the header files above, but not in this file, in order to + * generate the correct privileged Vs unprivileged linkage and placement. */ + + +/*----------------------------------------------------------- +* PUBLIC LIST API documented in list.h +*----------------------------------------------------------*/ + +void vListInitialise( List_t * pxList ) +{ + /* The list structure contains a list item which is used to mark the + * end of the list. To initialise the list the list end is inserted + * as the only list entry. */ + pxList->pxIndex = ( ListItem_t * ) &( pxList->xListEnd ); /*lint !e826 !e740 !e9087 The mini list structure is used as the list end to save RAM. This is checked and valid. */ + + /* The list end value is the highest possible value in the list to + * ensure it remains at the end of the list. */ + pxList->xListEnd.xItemValue = ( TickType_t ) 0xffffffffUL; + + /* The list end next and previous pointers point to itself so we know + * when the list is empty. */ + pxList->xListEnd.pxNext = ( ListItem_t * ) &( pxList->xListEnd ); /*lint !e826 !e740 !e9087 The mini list structure is used as the list end to save RAM. This is checked and valid. */ + pxList->xListEnd.pxPrevious = ( ListItem_t * ) &( pxList->xListEnd ); /*lint !e826 !e740 !e9087 The mini list structure is used as the list end to save RAM. This is checked and valid. */ + + pxList->uxNumberOfItems = ( UBaseType_t ) 0U; + + /* Write known values into the list if + * configUSE_LIST_DATA_INTEGRITY_CHECK_BYTES is set to 1. */ + ; + ; +} +/*-----------------------------------------------------------*/ + +void vListInitialiseItem( ListItem_t * pxItem ) +{ + /* Make sure the list item is not recorded as being on a list. */ + pxItem->pxContainer = 0; + + /* Write known values into the list item if + * configUSE_LIST_DATA_INTEGRITY_CHECK_BYTES is set to 1. */ + ; + ; +} +/*-----------------------------------------------------------*/ + +void vListInsertEnd( List_t * pxList, + ListItem_t * pxNewListItem ) +{ + ListItem_t * pxIndex = pxList->pxIndex; + + /* Only effective when configASSERT() is also defined, these tests may catch + * the list data structures being overwritten in memory. They will not catch + * data errors caused by incorrect configuration or use of FreeRTOS. */ + ; + ; + + /* Insert a new list item into pxList, but rather than sort the list, + * makes the new list item the last item to be removed by a call to + * listGET_OWNER_OF_NEXT_ENTRY(). */ + pxNewListItem->pxNext = pxIndex; + pxNewListItem->pxPrevious = pxIndex->pxPrevious; + + /* Only used during decision coverage testing. */ + ; + + pxIndex->pxPrevious->pxNext = pxNewListItem; + pxIndex->pxPrevious = pxNewListItem; + + /* Remember which list the item is in. */ + pxNewListItem->pxContainer = pxList; + + ( pxList->uxNumberOfItems )++; +} +/*-----------------------------------------------------------*/ + +void vListInsert( List_t * pxList, + ListItem_t * pxNewListItem ) +{ + ListItem_t * pxIterator; + const TickType_t xValueOfInsertion = pxNewListItem->xItemValue; + + /* Only effective when configASSERT() is also defined, these tests may catch + * the list data structures being overwritten in memory. They will not catch + * data errors caused by incorrect configuration or use of FreeRTOS. */ + ; + ; + + /* Insert the new list item into the list, sorted in xItemValue order. + * + * If the list already contains a list item with the same item value then the + * new list item should be placed after it. This ensures that TCBs which are + * stored in ready lists (all of which have the same xItemValue value) get a + * share of the CPU. However, if the xItemValue is the same as the back marker + * the iteration loop below will not end. Therefore the value is checked + * first, and the algorithm slightly modified if necessary. */ + if( xValueOfInsertion == ( TickType_t ) 0xffffffffUL ) + { + pxIterator = pxList->xListEnd.pxPrevious; + } + else + { + /* *** NOTE *********************************************************** + * If you find your application is crashing here then likely causes are + * listed below. In addition see https://www.FreeRTOS.org/FAQHelp.html for + * more tips, and ensure configASSERT() is defined! + * https://www.FreeRTOS.org/a00110.html#configASSERT + * + * 1) Stack overflow - + * see https://www.FreeRTOS.org/Stacks-and-stack-overflow-checking.html + * 2) Incorrect interrupt priority assignment, especially on Cortex-M + * parts where numerically high priority values denote low actual + * interrupt priorities, which can seem counter intuitive. See + * https://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html and the definition + * of configMAX_SYSCALL_INTERRUPT_PRIORITY on + * https://www.FreeRTOS.org/a00110.html + * 3) Calling an API function from within a critical section or when + * the scheduler is suspended, or calling an API function that does + * not end in "FromISR" from an interrupt. + * 4) Using a queue or semaphore before it has been initialised or + * before the scheduler has been started (are interrupts firing + * before vTaskStartScheduler() has been called?). + * 5) If the FreeRTOS port supports interrupt nesting then ensure that + * the priority of the tick interrupt is at or below + * configMAX_SYSCALL_INTERRUPT_PRIORITY. + **********************************************************************/ + + for( pxIterator = ( ListItem_t * ) &( pxList->xListEnd ); pxIterator->pxNext->xItemValue <= xValueOfInsertion; pxIterator = pxIterator->pxNext ) /*lint !e826 !e740 !e9087 The mini list structure is used as the list end to save RAM. This is checked and valid. *//*lint !e440 The iterator moves to a different value, not xValueOfInsertion. */ + { + /* There is nothing to do here, just iterating to the wanted + * insertion position. */ + } + } + + pxNewListItem->pxNext = pxIterator->pxNext; + pxNewListItem->pxNext->pxPrevious = pxNewListItem; + pxNewListItem->pxPrevious = pxIterator; + pxIterator->pxNext = pxNewListItem; + + /* Remember which list the item is in. This allows fast removal of the + * item later. */ + pxNewListItem->pxContainer = pxList; + + ( pxList->uxNumberOfItems )++; +} +/*-----------------------------------------------------------*/ + +UBaseType_t uxListRemove( ListItem_t * pxItemToRemove ) +{ +/* The list item knows which list it is in. Obtain the list from the list + * item. */ + List_t * pxList = pxItemToRemove->pxContainer; + + pxItemToRemove->pxNext->pxPrevious = pxItemToRemove->pxPrevious; + pxItemToRemove->pxPrevious->pxNext = pxItemToRemove->pxNext; + + /* Only used during decision coverage testing. */ + ; + + /* Make sure the index is left pointing to a valid item. */ + if( pxList->pxIndex == pxItemToRemove ) + { + pxList->pxIndex = pxItemToRemove->pxPrevious; + } + else + { + ; + } + + pxItemToRemove->pxContainer = 0; + ( pxList->uxNumberOfItems )--; + + return pxList->uxNumberOfItems; +} +/*-----------------------------------------------------------*/ +// # 70 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 /* Lint e9021, e961 and e750 are suppressed as a MISRA exception justified @@ -10545,7 +10763,7 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack, /* Set configUSE_STATS_FORMATTING_FUNCTIONS to 2 to include the stats formatting * functions but without including stdio.h here. */ -// # 94 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 98 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Values that can be assigned to the ucNotifyState member of the TCB. */ @@ -10602,18 +10820,18 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack, /* uxTopReadyPriority holds the priority of the highest priority ready * state task. */ -// # 158 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 162 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ /* Define away taskRESET_READY_PRIORITY() and portRESET_READY_PRIORITY() as * they are only required when a port optimised method of task selection is * being used. */ -// # 192 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 196 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ /* pxDelayedTaskList and pxOverflowDelayedTaskList are switched when the tick * count overflows. */ -// # 210 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 214 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ /* @@ -10668,7 +10886,7 @@ typedef BaseType_t TaskRunning_t; typedef struct tskTaskControlBlock /* The old naming convention is used to prevent breaking kernel aware debuggers. */ { volatile StackType_t * pxTopOfStack; /*< Points to the location of the last item placed on the tasks stack. THIS MUST BE THE FIRST MEMBER OF THE TCB STRUCT. */ -// # 273 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 277 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" ListItem_t xStateListItem; /*< The list that the state list item of a task is reference from denotes the state of that task (Ready, Blocked, Suspended ). */ ListItem_t xEventListItem; /*< Used to reference a task from an event list. */ UBaseType_t uxPriority; /*< The priority of the task. 0 is the lowest priority. */ @@ -10676,7 +10894,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve volatile TaskRunning_t xTaskRunState; /*< Used to identify the core the task is running on, if any. */ BaseType_t xIsIdle; /*< Used to identify the idle tasks. */ char pcTaskName[ 16 ]; /*< Descriptive name given to the task when created. Facilitates debugging only. */ /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ -// # 290 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 294 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" UBaseType_t uxCriticalNesting; /*< Holds the critical section nesting depth for ports that do not maintain their own count in the port layer. */ @@ -10696,7 +10914,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve void * pvThreadLocalStoragePointers[ 5 ]; -// # 330 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 334 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" volatile uint32_t ulNotifiedValue[ 1 ]; volatile uint8_t ucNotifyState[ 1 ]; @@ -10787,7 +11005,7 @@ const volatile UBaseType_t uxTopUsedPriority = 32 - 1U; * must not be done by an ISR. Reads must be protected by either lock and may be done by * either an ISR or a task. */ static volatile UBaseType_t uxSchedulerSuspended = ( UBaseType_t ) ( ( char ) 0 ); -// # 430 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 434 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*lint -restore */ /*-----------------------------------------------------------*/ @@ -10940,19 +11158,19 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait, * will exit the Blocked state. */ static void prvResetNextTaskUnblockTime( void ) ; -// # 594 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 598 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* * Called after a Task_t structure has been allocated either statically or * dynamically to fill in the structure's members. */ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, - const char * const pcName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + const char * pcName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ const uint32_t ulStackDepth, - void * const pvParameters, + void * pvParameters, UBaseType_t uxPriority, - TaskHandle_t * const pxCreatedTask, + TaskHandle_t * pxCreatedTask, TCB_t * pxNewTCB, - const MemoryRegion_t * const xRegions ) ; + const MemoryRegion_t * xRegions ) ; /* * Called after a new task has been created and initialised to place the task @@ -10972,9 +11190,9 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) ; /*-----------------------------------------------------------*/ -// # 644 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 648 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 727 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 731 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ static void prvYieldCore( BaseType_t xCoreID ) @@ -11017,7 +11235,7 @@ static void prvYieldForTask( TCB_t * pxTCB, /* THIS FUNCTION MUST BE CALLED FROM A CRITICAL SECTION */ assert(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U); -// # 781 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 785 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" xLowestPriority = ( BaseType_t ) pxTCB->uxPriority; if( xPreemptEqualPriority == ( ( char ) 0 ) ) @@ -11056,7 +11274,7 @@ static void prvYieldForTask( TCB_t * pxTCB, { ; } -// # 835 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 839 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } else { @@ -11069,7 +11287,7 @@ static void prvYieldForTask( TCB_t * pxTCB, prvYieldCore( xLowestPriorityCore ); xYieldCount++; } -// # 855 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 859 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } /*-----------------------------------------------------------*/ @@ -11080,10 +11298,10 @@ static void prvYieldForTask( TCB_t * pxTCB, UBaseType_t uxCurrentPriority = uxTopReadyPriority; BaseType_t xTaskScheduled = ( ( char ) 0 ); BaseType_t xDecrementTopPriority = ( ( char ) 1 ); -// # 873 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 877 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" while( xTaskScheduled == ( ( char ) 0 ) ) { -// # 887 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 891 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" if( ( ( ( &( pxReadyTasksLists[ uxCurrentPriority ] ) )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) == ( ( char ) 0 ) ) { @@ -11121,7 +11339,7 @@ static void prvYieldForTask( TCB_t * pxTCB, pxTCB = pxTaskItem->pvOwner; /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */ -// # 940 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 944 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" if( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -1 ) ) { @@ -11191,26 +11409,26 @@ static void prvYieldForTask( TCB_t * pxTCB, } assert(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )); -// # 1084 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1088 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" return ( ( char ) 1 ); } -// # 1100 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1104 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 1178 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1182 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 1241 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1245 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 1307 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1311 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ BaseType_t xTaskCreate( TaskFunction_t pxTaskCode, - const char * const pcName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + const char * pcName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ const uint32_t usStackDepth, - void * const pvParameters, + void * pvParameters, UBaseType_t uxPriority, - TaskHandle_t * const pxCreatedTask ) + TaskHandle_t * pxCreatedTask ) /*@ requires usStackDepth * sizeof( StackType_t ) < UINTPTR_MAX &*& usStackDepth > 18 &*& // We assume that macro `configMAX_TASK_NAME_LEN` evaluates to 16. @@ -11218,7 +11436,7 @@ static void prvYieldForTask( TCB_t * pxTCB, *pxCreatedTask |-> _; @*/ //@ ensures true; -// # 1337 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1341 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { TCB_t * pxNewTCB; BaseType_t xReturn; @@ -11226,7 +11444,7 @@ static void prvYieldForTask( TCB_t * pxTCB, /* If the stack grows down then allocate the stack then the TCB so the stack * does not grow into the TCB. Likewise if the stack grows up then allocate * the TCB then the stack. */ -// # 1367 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1371 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { StackType_t * pxStack; @@ -11264,9 +11482,9 @@ static void prvYieldForTask( TCB_t * pxTCB, if( pxNewTCB != 0 ) { -// # 1412 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1416 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" prvInitialiseNewTask( pxTaskCode, pcName, ( uint32_t ) usStackDepth, pvParameters, uxPriority, pxCreatedTask, pxNewTCB, 0 ); -// # 1421 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1425 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" prvAddNewTaskToReadyList( pxNewTCB ); xReturn = ( ( ( char ) 1 ) ); } @@ -11285,13 +11503,13 @@ static void prvYieldForTask( TCB_t * pxTCB, /*-----------------------------------------------------------*/ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, - const char * const pcName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + const char * pcName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ const uint32_t ulStackDepth, - void * const pvParameters, + void * pvParameters, UBaseType_t uxPriority, - TaskHandle_t * const pxCreatedTask, + TaskHandle_t * pxCreatedTask, TCB_t * pxNewTCB, - const MemoryRegion_t * const xRegions ) + const MemoryRegion_t * xRegions ) /*@ requires uninit_TCB_p(pxNewTCB, ?stackSize) &*& stackSize == ulStackDepth * sizeof(StackType_t) &*& stackSize <= UINTPTR_MAX &*& @@ -11307,7 +11525,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, { StackType_t * pxTopOfStack; UBaseType_t x; -// # 1478 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1482 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" //@ open uninit_TCB_p(_,_); /* Avoid dependency on memset() if it is not required. */ @@ -11350,7 +11568,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, * Hence, reasoning about the stack alignment below takes relatively * long. */ -// # 1536 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1540 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Axiomatise that no over- or underflow occurs. * We further assume that `portPOINTER_SIZE_TYPE` evaluates to * `uint32_t`. @@ -11367,7 +11585,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, pxTopOfStack = ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception. Avoiding casts between pointers and integers is not practical. Size differences accounted for using portPOINTER_SIZE_TYPE type. Checked by assert(). */ -// # 1564 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1568 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Axiomatize that alignmet check succeeds. * We further assume that `portPOINTER_SIZE_TYPE` evaluates to * `uint32_t`*/ @@ -11378,7 +11596,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, /* Check the alignment of the calculated top of stack is correct. */ assert(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )); -// # 1586 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1590 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Axiomatize that bit vector operations did not change stack * pointer. */ @@ -11393,9 +11611,9 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, //@ char* gUnalignedPtr = (char*) pxNewTCB->pxStack + gFreeBytes; //@ close unalignedRestOfStack_p(gUnalignedPtr, gUnalignedBytes); //@ close stack_p_2(pxNewTCB->pxStack, ulStackDepth, pxTopOfStack, gFreeBytes, 0, gUnalignedBytes); -// # 1609 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1613 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } -// # 1623 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1627 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Store the task name in the TCB. */ if( pcName != 0 ) { @@ -11449,7 +11667,10 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, } + // TODO: Add contract + // TODO: Why does VeriFast not complain? vListInitialiseItem( &( pxNewTCB->xStateListItem ) ); + //@ assert(false); vListInitialiseItem( &( pxNewTCB->xEventListItem ) ); @@ -11469,7 +11690,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, { pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U; } -// # 1715 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1722 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { /* Avoid compiler warning about unreferenced parameter. */ ( void ) xRegions; @@ -11497,7 +11718,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) ); //@ chars_to_uchars(pxNewTCB->ucNotifyState); } -// # 1754 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1761 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { /* Reason for rewrite: Assignment not type safe. */ @@ -11506,17 +11727,17 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, } -// # 1777 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1784 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Initialize the TCB stack to look as if the task was already running, * but had been interrupted by the scheduler. The return address is set * to the start of the task function. Once the stack has been initialised * the top of stack variable is updated. */ -// # 1805 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1812 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { /* If the port has capability to detect stack overflow, * pass the stack end address to the stack initialization * function as well. */ -// # 1822 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1829 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters ); } @@ -11745,7 +11966,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) - BaseType_t xTaskDelayUntil( TickType_t * const pxPreviousWakeTime, + BaseType_t xTaskDelayUntil( TickType_t * pxPreviousWakeTime, const TickType_t xTimeIncrement ) { TickType_t xTimeToWake; @@ -11894,7 +12115,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) - const TCB_t * const pxTCB = xTask; + const TCB_t * pxTCB = xTask; assert(pxTCB); @@ -12226,13 +12447,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) /*-----------------------------------------------------------*/ -// # 2565 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 2572 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 2588 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 2595 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 2606 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 2613 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 2634 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 2641 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ @@ -12365,7 +12586,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) static BaseType_t prvTaskIsTaskSuspended( const TaskHandle_t xTask ) { BaseType_t xReturn = ( ( char ) 0 ); - const TCB_t * const pxTCB = xTask; + const TCB_t * pxTCB = xTask; /* Accesses xPendingReadyList so must be called from a critical section. */ @@ -12599,7 +12820,7 @@ static BaseType_t prvCreateIdleTasks( void ) { ; } -// # 3047 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 3054 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { if( xCoreID == 0 ) { @@ -12611,7 +12832,7 @@ static BaseType_t prvCreateIdleTasks( void ) ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */ &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */ } -// # 3070 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 3077 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } } @@ -12648,7 +12869,7 @@ void vTaskStartScheduler( void ) * so interrupts will automatically get re-enabled when the first task * starts to run. */ assert_fct(false, "portDISABLE_INTERRUPTS"); -// # 3120 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 3127 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL; xSchedulerRunning = ( ( char ) 1 ); xTickCount = ( TickType_t ) 0; @@ -12745,7 +12966,7 @@ void vTaskSuspendAll( void ) } } /*----------------------------------------------------------*/ -// # 3278 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 3285 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*----------------------------------------------------------*/ BaseType_t xTaskResumeAll( void ) @@ -13077,9 +13298,9 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char - UBaseType_t uxTaskGetSystemState( TaskStatus_t * const pxTaskStatusArray, + UBaseType_t uxTaskGetSystemState( TaskStatus_t * pxTaskStatusArray, const UBaseType_t uxArraySize, - uint32_t * const pulTotalRunTime ) + uint32_t * pulTotalRunTime ) { UBaseType_t uxTask = 0, uxQueue = 32; @@ -13115,7 +13336,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char * each task in the Suspended state. */ uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended ); } -// # 3661 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 3668 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { if( pulTotalRunTime != 0 ) { @@ -13154,7 +13375,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char * This is to ensure vTaskStepTick() is available when user defined low power mode * implementations require configUSE_TICKLESS_IDLE to be set to a value other than * 1. */ -// # 3712 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 3719 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*----------------------------------------------------------*/ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp ) @@ -13464,13 +13685,13 @@ BaseType_t xTaskIncrementTick( void ) return xSwitchRequired; } /*-----------------------------------------------------------*/ -// # 4050 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4057 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 4074 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4081 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 4099 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4106 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 4132 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4139 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ void vTaskSwitchContext( BaseType_t xCoreID ) @@ -13500,9 +13721,9 @@ void vTaskSwitchContext( BaseType_t xCoreID ) { xYieldPendings[ xCoreID ] = ( ( char ) 0 ); ; -// # 4190 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4197 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Check for stack overflow, if configured. */ - { const uint32_t * const pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } }; + { const uint32_t * pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } }; /* Before the currently running task is switched out, save its errno. */ @@ -13517,7 +13738,7 @@ void vTaskSwitchContext( BaseType_t xCoreID ) ; /* After the new task is switched in, update the global errno. */ -// # 4224 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4231 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } } vPortRecursiveLock(0, spin_lock_instance(14), ( ( char ) 0 )); @@ -13525,7 +13746,7 @@ void vTaskSwitchContext( BaseType_t xCoreID ) } /*-----------------------------------------------------------*/ -void vTaskPlaceOnEventList( List_t * const pxEventList, +void vTaskPlaceOnEventList( List_t * pxEventList, const TickType_t xTicksToWait ) { assert(pxEventList); @@ -13571,7 +13792,7 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList, - void vTaskPlaceOnEventListRestricted( List_t * const pxEventList, + void vTaskPlaceOnEventListRestricted( List_t * pxEventList, TickType_t xTicksToWait, const BaseType_t xWaitIndefinitely ) { @@ -13604,7 +13825,7 @@ void vTaskPlaceOnUnorderedEventList( List_t * pxEventList, /*-----------------------------------------------------------*/ -BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList ) +BaseType_t xTaskRemoveFromEventList( const List_t * pxEventList ) { TCB_t * pxUnblockedTCB; BaseType_t xReturn; @@ -13630,7 +13851,7 @@ BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList ) { ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) ); ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ; -// # 4350 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4357 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } else { @@ -13670,7 +13891,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem, pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ assert(pxUnblockedTCB); ( void ) uxListRemove( pxEventListItem ); -// # 4404 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4411 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Remove the task from the delayed list and add it to the ready list. The * scheduler is suspended so interrupts will not be accessing the ready * lists. */ @@ -13687,7 +13908,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem, } /*-----------------------------------------------------------*/ -void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut ) +void vTaskSetTimeOutState( TimeOut_t * pxTimeOut ) { assert(pxTimeOut); vTaskEnterCritical(); @@ -13699,7 +13920,7 @@ void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut ) } /*-----------------------------------------------------------*/ -void vTaskInternalSetTimeOutState( TimeOut_t * const pxTimeOut ) +void vTaskInternalSetTimeOutState( TimeOut_t * pxTimeOut ) { /* For internal use only as it does not use a critical section. */ pxTimeOut->xOverflowCount = xNumOfOverflows; @@ -13707,8 +13928,8 @@ void vTaskInternalSetTimeOutState( TimeOut_t * const pxTimeOut ) } /*-----------------------------------------------------------*/ -BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut, - TickType_t * const pxTicksToWait ) +BaseType_t xTaskCheckForTimeOut( TimeOut_t * pxTimeOut, + TickType_t * pxTicksToWait ) { BaseType_t xReturn; @@ -13835,7 +14056,7 @@ void vTaskMissedYield( void ) * * @todo additional conditional compiles to remove this function. */ -// # 4628 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4635 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* * ----------------------------------------------------------- * The Idle task. @@ -13865,7 +14086,7 @@ static void prvIdleTask( void * pvParameters ) /* See if any tasks have deleted themselves - if so then the idle task * is responsible for freeing the deleted task's TCB and stack. */ prvCheckTasksWaitingTermination(); -// # 4669 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4676 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { /* When using preemption tasks of equal priority will be * timesliced. If a task that is sharing the idle priority is ready @@ -13886,16 +14107,16 @@ static void prvIdleTask( void * pvParameters ) ; } } -// # 4705 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4712 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* This conditional compilation should use inequality to 0, not equality * to 1. This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when * user defined low power mode implementations require * configUSE_TICKLESS_IDLE to be set to a value other than 1. */ -// # 4770 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4777 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } } /*-----------------------------------------------------------*/ -// # 4820 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4827 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ @@ -13940,7 +14161,7 @@ static void prvIdleTask( void * pvParameters ) /*-----------------------------------------------------------*/ -// # 4880 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4887 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ static void prvInitialiseTaskLists( void ) @@ -14042,7 +14263,7 @@ static void prvCheckTasksWaitingTermination( void ) { pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority; } -// # 4992 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4999 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { pxTaskStatus->ulRunTimeCounter = 0; } @@ -14173,7 +14394,7 @@ static void prvCheckTasksWaitingTermination( void ) /*-----------------------------------------------------------*/ -// # 5161 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5168 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ @@ -14230,7 +14451,7 @@ static void prvCheckTasksWaitingTermination( void ) free( (void*) pxTCB->pxStack); free( (void*) pxTCB); } -// # 5244 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5251 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } @@ -14732,11 +14953,11 @@ void vTaskYieldWithinAPI( void ) /*-----------------------------------------------------------*/ -// # 5771 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5778 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 5877 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5884 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*----------------------------------------------------------*/ -// # 6004 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 6011 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ TickType_t uxTaskResetEventItemValue( void ) @@ -15010,7 +15231,7 @@ TickType_t uxTaskResetEventItemValue( void ) /* The task should not have been on an event list. */ assert(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0); -// # 6295 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 6302 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { prvYieldForTask( pxTCB, ( ( char ) 0 ) ); } @@ -15304,7 +15525,7 @@ TickType_t uxTaskResetEventItemValue( void ) /*-----------------------------------------------------------*/ -// # 6604 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 6611 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait, @@ -15380,7 +15601,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait, } } } -// # 6716 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 6723 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } /* Code below here allows additional code to be inserted into this source file, diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/verification/verifast/proof/verifast_lock_predicates.h new file mode 100644 index 00000000000..9a341558737 --- /dev/null +++ b/verification/verifast/proof/verifast_lock_predicates.h @@ -0,0 +1,34 @@ +#ifndef VERIFAST_LOCK_PREDICATES_H +#define VERIFAST_LOCK_PREDICATES_H + + +/* We assume that macros evaluate as follows: + * - `configMAX_PRIORITIES` -> 32 +*/ +/*@ +predicate tasks_global_vars() = + // Lists for ready and blocked tasks. + //chars((char*) pxReadyTasksLists, 32 * sizeof(List_t), _) &*& + //chars((char*) xDelayedTaskList1) &*& + + // Other file private variables. -------------------------------- + integer_((void*) uxCurrentNumberOfTasks, sizeof(UBaseType_t), false, _) + &*& + + + true; +@*/ + + + +void vf_validate_lock_predicaet() +//@ requires module(tasks__pp, true); +//@ ensures true; +{ + //@ open_module(); + uxCurrentNumberOfTasks = 0; + + //@ close tasks_global_vars(); +} + +#endif /* VERIFAST_LOCK_PREDICATES_H */ \ No newline at end of file From 5c9750eac4741696aef6b6938e002fcb771fd206 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 4 Nov 2022 11:24:25 -0400 Subject: [PATCH 085/289] Verified `vListInitialiseItem`. --- include/list.h | 4 +- list.c | 2 + tasks.c | 3 - .../verifast/preprocessed_files/tasks__pp.c | 85 +++++++++---------- 4 files changed, 46 insertions(+), 48 deletions(-) diff --git a/include/list.h b/include/list.h index 177c3daf76f..b56f449b007 100644 --- a/include/list.h +++ b/include/list.h @@ -400,8 +400,8 @@ void vListInitialise( List_t * const pxList ) PRIVILEGED_FUNCTION; * \ingroup LinkedList */ void vListInitialiseItem( ListItem_t * const pxItem ) PRIVILEGED_FUNCTION; -//@ requires true; -//@ ensures true; +//@ requires pxItem->pxContainer |-> _; +//@ ensures pxItem->pxContainer |-> 0; /* * Insert a list item into a list. The item will be inserted into the list in diff --git a/list.c b/list.c index c679709f738..c97b8cc8a3e 100644 --- a/list.c +++ b/list.c @@ -71,6 +71,8 @@ void vListInitialise( List_t * const pxList ) /*-----------------------------------------------------------*/ void vListInitialiseItem( ListItem_t * const pxItem ) +//@ requires pxItem->pxContainer |-> _; +//@ ensures pxItem->pxContainer |-> 0; { /* Make sure the list item is not recorded as being on a list. */ pxItem->pxContainer = NULL; diff --git a/tasks.c b/tasks.c index 628c54dd5f5..8aeeabf8dca 100644 --- a/tasks.c +++ b/tasks.c @@ -1677,10 +1677,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, } #endif /* configUSE_MUTEXES */ - // TODO: Add contract - // TODO: Why does VeriFast not complain? vListInitialiseItem( &( pxNewTCB->xStateListItem ) ); - //@ assert(false); vListInitialiseItem( &( pxNewTCB->xEventListItem ) ); diff --git a/verification/verifast/preprocessed_files/tasks__pp.c b/verification/verifast/preprocessed_files/tasks__pp.c index b7030690592..0438c779e4d 100644 --- a/verification/verifast/preprocessed_files/tasks__pp.c +++ b/verification/verifast/preprocessed_files/tasks__pp.c @@ -5415,8 +5415,8 @@ void vListInitialise( List_t * pxList ) ; * \ingroup LinkedList */ void vListInitialiseItem( ListItem_t * pxItem ) ; -//@ requires true; -//@ ensures true; +//@ requires pxItem->pxContainer |-> _; +//@ ensures pxItem->pxContainer |-> 0; /* * Insert a list item into a list. The item will be inserted into the list in @@ -10612,6 +10612,8 @@ void vListInitialise( List_t * pxList ) /*-----------------------------------------------------------*/ void vListInitialiseItem( ListItem_t * pxItem ) +//@ requires pxItem->pxContainer |-> _; +//@ ensures pxItem->pxContainer |-> 0; { /* Make sure the list item is not recorded as being on a list. */ pxItem->pxContainer = 0; @@ -11667,10 +11669,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, } - // TODO: Add contract - // TODO: Why does VeriFast not complain? vListInitialiseItem( &( pxNewTCB->xStateListItem ) ); - //@ assert(false); vListInitialiseItem( &( pxNewTCB->xEventListItem ) ); @@ -11690,7 +11689,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, { pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U; } -// # 1722 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1719 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { /* Avoid compiler warning about unreferenced parameter. */ ( void ) xRegions; @@ -11718,7 +11717,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) ); //@ chars_to_uchars(pxNewTCB->ucNotifyState); } -// # 1761 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1758 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { /* Reason for rewrite: Assignment not type safe. */ @@ -11727,17 +11726,17 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, } -// # 1784 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1781 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Initialize the TCB stack to look as if the task was already running, * but had been interrupted by the scheduler. The return address is set * to the start of the task function. Once the stack has been initialised * the top of stack variable is updated. */ -// # 1812 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1809 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { /* If the port has capability to detect stack overflow, * pass the stack end address to the stack initialization * function as well. */ -// # 1829 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1826 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters ); } @@ -12447,13 +12446,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) /*-----------------------------------------------------------*/ -// # 2572 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 2569 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 2595 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 2592 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 2613 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 2610 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 2641 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 2638 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ @@ -12820,7 +12819,7 @@ static BaseType_t prvCreateIdleTasks( void ) { ; } -// # 3054 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 3051 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { if( xCoreID == 0 ) { @@ -12832,7 +12831,7 @@ static BaseType_t prvCreateIdleTasks( void ) ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */ &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */ } -// # 3077 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 3074 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } } @@ -12869,7 +12868,7 @@ void vTaskStartScheduler( void ) * so interrupts will automatically get re-enabled when the first task * starts to run. */ assert_fct(false, "portDISABLE_INTERRUPTS"); -// # 3127 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 3124 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL; xSchedulerRunning = ( ( char ) 1 ); xTickCount = ( TickType_t ) 0; @@ -12966,7 +12965,7 @@ void vTaskSuspendAll( void ) } } /*----------------------------------------------------------*/ -// # 3285 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 3282 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*----------------------------------------------------------*/ BaseType_t xTaskResumeAll( void ) @@ -13336,7 +13335,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char * each task in the Suspended state. */ uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended ); } -// # 3668 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 3665 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { if( pulTotalRunTime != 0 ) { @@ -13375,7 +13374,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char * This is to ensure vTaskStepTick() is available when user defined low power mode * implementations require configUSE_TICKLESS_IDLE to be set to a value other than * 1. */ -// # 3719 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 3716 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*----------------------------------------------------------*/ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp ) @@ -13685,13 +13684,13 @@ BaseType_t xTaskIncrementTick( void ) return xSwitchRequired; } /*-----------------------------------------------------------*/ -// # 4057 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4054 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 4081 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4078 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 4106 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4103 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 4139 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4136 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ void vTaskSwitchContext( BaseType_t xCoreID ) @@ -13721,7 +13720,7 @@ void vTaskSwitchContext( BaseType_t xCoreID ) { xYieldPendings[ xCoreID ] = ( ( char ) 0 ); ; -// # 4197 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4194 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Check for stack overflow, if configured. */ { const uint32_t * pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } }; @@ -13738,7 +13737,7 @@ void vTaskSwitchContext( BaseType_t xCoreID ) ; /* After the new task is switched in, update the global errno. */ -// # 4231 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4228 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } } vPortRecursiveLock(0, spin_lock_instance(14), ( ( char ) 0 )); @@ -13851,7 +13850,7 @@ BaseType_t xTaskRemoveFromEventList( const List_t * pxEventList ) { ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) ); ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ; -// # 4357 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4354 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } else { @@ -13891,7 +13890,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem, pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ assert(pxUnblockedTCB); ( void ) uxListRemove( pxEventListItem ); -// # 4411 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4408 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Remove the task from the delayed list and add it to the ready list. The * scheduler is suspended so interrupts will not be accessing the ready * lists. */ @@ -14056,7 +14055,7 @@ void vTaskMissedYield( void ) * * @todo additional conditional compiles to remove this function. */ -// # 4635 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4632 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* * ----------------------------------------------------------- * The Idle task. @@ -14086,7 +14085,7 @@ static void prvIdleTask( void * pvParameters ) /* See if any tasks have deleted themselves - if so then the idle task * is responsible for freeing the deleted task's TCB and stack. */ prvCheckTasksWaitingTermination(); -// # 4676 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4673 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { /* When using preemption tasks of equal priority will be * timesliced. If a task that is sharing the idle priority is ready @@ -14107,16 +14106,16 @@ static void prvIdleTask( void * pvParameters ) ; } } -// # 4712 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4709 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* This conditional compilation should use inequality to 0, not equality * to 1. This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when * user defined low power mode implementations require * configUSE_TICKLESS_IDLE to be set to a value other than 1. */ -// # 4777 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4774 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } } /*-----------------------------------------------------------*/ -// # 4827 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4824 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ @@ -14161,7 +14160,7 @@ static void prvIdleTask( void * pvParameters ) /*-----------------------------------------------------------*/ -// # 4887 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4884 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ static void prvInitialiseTaskLists( void ) @@ -14263,7 +14262,7 @@ static void prvCheckTasksWaitingTermination( void ) { pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority; } -// # 4999 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4996 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { pxTaskStatus->ulRunTimeCounter = 0; } @@ -14394,7 +14393,7 @@ static void prvCheckTasksWaitingTermination( void ) /*-----------------------------------------------------------*/ -// # 5168 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5165 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ @@ -14451,7 +14450,7 @@ static void prvCheckTasksWaitingTermination( void ) free( (void*) pxTCB->pxStack); free( (void*) pxTCB); } -// # 5251 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5248 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } @@ -14953,11 +14952,11 @@ void vTaskYieldWithinAPI( void ) /*-----------------------------------------------------------*/ -// # 5778 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5775 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 5884 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5881 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*----------------------------------------------------------*/ -// # 6011 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 6008 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ TickType_t uxTaskResetEventItemValue( void ) @@ -15231,7 +15230,7 @@ TickType_t uxTaskResetEventItemValue( void ) /* The task should not have been on an event list. */ assert(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0); -// # 6302 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 6299 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { prvYieldForTask( pxTCB, ( ( char ) 0 ) ); } @@ -15525,7 +15524,7 @@ TickType_t uxTaskResetEventItemValue( void ) /*-----------------------------------------------------------*/ -// # 6611 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 6608 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait, @@ -15601,7 +15600,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait, } } } -// # 6723 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 6720 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } /* Code below here allows additional code to be inserted into this source file, From ac798f9fb538e299cc9f1ede4a98430eb2d5e64e Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 4 Nov 2022 14:20:58 -0400 Subject: [PATCH 086/289] Added contract for `portDISABLE_INTERRUPTS` and dummy contracts for lock acquiring macros. --- .../verifast/proof/verifast_port_contracts.h | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 verification/verifast/proof/verifast_port_contracts.h diff --git a/verification/verifast/proof/verifast_port_contracts.h b/verification/verifast/proof/verifast_port_contracts.h new file mode 100644 index 00000000000..57eb907e5f3 --- /dev/null +++ b/verification/verifast/proof/verifast_port_contracts.h @@ -0,0 +1,27 @@ +#ifndef VERIFAST_PORT_CONTRACTS_H +#define VERIFAST_PORT_CONTRACTS_H + + +/*@ +predicate interruptsOn_p(bool status); +@*/ + +#undef portDISABLE_INTERRUPTS +#define portDISABLE_INTERRUPTS VF__portDISABLE_INTERRUPTS +void VF__portDISABLE_INTERRUPTS(); +//@ requires interruptsOn_p(_); +//@ ensures interruptsOn_p(false); + +#undef portGET_TASK_LOCK +#define portGET_TASK_LOCK VF__portGET_TASK_LOCK +void VF__portGET_TaskLock(); +//@ requires false; +//@ ensures true; + +#undef portGET_ISR_LOCK +#define portGET_ISR_LOCK VF__portGET_ISR_LOCK +void VF__portGET_ISR_LOCK(); +//@ requires false; +//@ ensures true; + +#endif /* VERIFAST_PORT_CONTRACTS_H */ \ No newline at end of file From 25dda73ef90639859ad73a433752b6a102f5f5fe Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 4 Nov 2022 14:22:11 -0400 Subject: [PATCH 087/289] Started to define predicates encapsulating access permissions to global variables. --- .../verifast/proof/verifast_lock_predicates.h | 39 ++++++++++++------- 1 file changed, 25 insertions(+), 14 deletions(-) diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/verification/verifast/proof/verifast_lock_predicates.h index 9a341558737..6d1d3b6957b 100644 --- a/verification/verifast/proof/verifast_lock_predicates.h +++ b/verification/verifast/proof/verifast_lock_predicates.h @@ -2,26 +2,36 @@ #define VERIFAST_LOCK_PREDICATES_H -/* We assume that macros evaluate as follows: - * - `configMAX_PRIORITIES` -> 32 -*/ /*@ -predicate tasks_global_vars() = - // Lists for ready and blocked tasks. - //chars((char*) pxReadyTasksLists, 32 * sizeof(List_t), _) &*& - //chars((char*) xDelayedTaskList1) &*& - - // Other file private variables. -------------------------------- - integer_((void*) uxCurrentNumberOfTasks, sizeof(UBaseType_t), false, _) +// We assume tha `configNUM_CORES` evaluates to 1. +// TODO: Parametrise in terms of `configNUM_CORES`. +// PROBLEM: Shouldn't `configNUM_CORES` be greater than 1? +predicate otherGlobalVars() = + integer_(&uxCurrentNumberOfTasks, sizeof(UBaseType_t), false, _) &*& + integer_(&xTickCount, sizeof(TickType_t), false, _) + &*& + integer_(&uxTopReadyPriority, sizeof(UBaseType_t), false, _) + &*& + integer_(&xSchedulerRunning, sizeof(BaseType_t), true, _) + &*& + integer_(&xPendedTicks, sizeof(TickType_t), false, _) + &*& + integers_(&xYieldPendings, sizeof(BaseType_t), true, 1, _) + &*& + integer_(&uxTaskNumber, sizeof(UBaseType_t), false, _) + &*& + integer_(&xNextTaskUnblockTime, sizeof(TickType_t), false, _) + &*& + pointers(&xIdleTaskHandle, 1, _); - - true; +predicate unprotectedGlobalVars() = + [_] integer_(&xSchedulerRunning, sizeof(BaseType_t), true, _); @*/ - -void vf_validate_lock_predicaet() +/* +void vf_validate_lock_predicate() //@ requires module(tasks__pp, true); //@ ensures true; { @@ -30,5 +40,6 @@ void vf_validate_lock_predicaet() //@ close tasks_global_vars(); } +*/ #endif /* VERIFAST_LOCK_PREDICATES_H */ \ No newline at end of file From 1e4e65065076773fbda4a151606d251ec382aca0 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 4 Nov 2022 14:22:54 -0400 Subject: [PATCH 088/289] Removed duplicate macro definition. --- verification/verifast/proof_setup/verifast_asm.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/verification/verifast/proof_setup/verifast_asm.h b/verification/verifast/proof_setup/verifast_asm.h index 7f15e32dae4..faf7690678f 100644 --- a/verification/verifast/proof_setup/verifast_asm.h +++ b/verification/verifast/proof_setup/verifast_asm.h @@ -29,7 +29,7 @@ bool assert_fct(bool b, const char*) #undef portRESTORE_INTERRUPTS #define portRESTORE_INTERRUPTS(ulState) assert_fct(false, "portRESTORE_INTERRUPTS") -#undef portDISABLE_INTERRUPTS -#define portDISABLE_INTERRUPTS() assert_fct(false, "portDISABLE_INTERRUPTS") +//#undef portDISABLE_INTERRUPTS +//#define portDISABLE_INTERRUPTS() assert_fct(false, "portDISABLE_INTERRUPTS") #endif /* VERIFAST_ASM_H */ \ No newline at end of file From 66d71c5b476bd0a4d9c319b2b16709aefbf5f738 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 4 Nov 2022 14:23:39 -0400 Subject: [PATCH 089/289] Started to verify `taskENTER_CRITICAL`. --- tasks.c | 14 +- .../verifast/preprocessed_files/tasks__pp.c | 208 ++++++++++++------ 2 files changed, 154 insertions(+), 68 deletions(-) diff --git a/tasks.c b/tasks.c index 8aeeabf8dca..efd978a7b7f 100644 --- a/tasks.c +++ b/tasks.c @@ -61,8 +61,8 @@ #include "verifast_prelude_extended.h" #include "verifast_bitops_extended.h" #include "verifast_asm.h" - - //#include "verifast_lock_predicates.h" + #include "verifast_port_contracts.h" + #include "verifast_lock_predicates.h" #include "snippets/rp2040_port_c_snippets.c" @@ -1322,7 +1322,9 @@ static void prvYieldForTask( TCB_t * pxTCB, usStackDepth > 18 &*& // We assume that macro `configMAX_TASK_NAME_LEN` evaluates to 16. chars(pcName, 16, _) &*& - *pxCreatedTask |-> _; + *pxCreatedTask |-> _ &*& + interruptsOn_p(_) &*& + unprotectedGlobalVars(); @*/ //@ ensures true; #if ( ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) ) @@ -1867,7 +1869,8 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, /*-----------------------------------------------------------*/ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) -/*@ requires true; +/*@ requires interruptsOn_p(_) &*& + unprotectedGlobalVars(); @*/ /*@ ensures true; @*/ @@ -5650,10 +5653,11 @@ void vTaskYieldWithinAPI( void ) #if ( portCRITICAL_NESTING_IN_TCB == 1 ) void vTaskEnterCritical( void ) - //@ requires false; + //@ requires interruptsOn_p(_) &*& unprotectedGlobalVars(); //@ ensures false; { portDISABLE_INTERRUPTS(); + //@ open unprotectedGlobalVars(); if( xSchedulerRunning != pdFALSE ) { diff --git a/verification/verifast/preprocessed_files/tasks__pp.c b/verification/verifast/preprocessed_files/tasks__pp.c index 0438c779e4d..9b308052645 100644 --- a/verification/verifast/preprocessed_files/tasks__pp.c +++ b/verification/verifast/preprocessed_files/tasks__pp.c @@ -10311,9 +10311,87 @@ bool assert_fct(bool b, const char*) * VeriFast does not support embedding block statements that consist of * multiple elemts in expression contexts, e.g., `({e1; e2})`. */ + + + + + + +//#undef portDISABLE_INTERRUPTS +//#define portDISABLE_INTERRUPTS() assert_fct(false, "portDISABLE_INTERRUPTS") // # 64 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 +// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/verifast_port_contracts.h" 1 + + + + +/*@ +predicate interruptsOn_p(bool status); +@*/ + + + +void VF__portDISABLE_INTERRUPTS(); +//@ requires interruptsOn_p(_); +//@ ensures interruptsOn_p(false); + + - //#include "verifast_lock_predicates.h" +void VF__portGET_TaskLock(); +//@ requires false; +//@ ensures true; + + + +void VF__portGET_ISR_LOCK(); +//@ requires false; +//@ ensures true; +// # 65 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 +// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/verifast_lock_predicates.h" 1 + + + + +/*@ +// We assume tha `configNUM_CORES` evaluates to 1. +// TODO: Parametrise in terms of `configNUM_CORES`. +// PROBLEM: Shouldn't `configNUM_CORES` be greater than 1? +predicate otherGlobalVars() = + integer_(&uxCurrentNumberOfTasks, sizeof(UBaseType_t), false, _) + &*& + integer_(&xTickCount, sizeof(TickType_t), false, _) + &*& + integer_(&uxTopReadyPriority, sizeof(UBaseType_t), false, _) + &*& + integer_(&xSchedulerRunning, sizeof(BaseType_t), true, _) + &*& + integer_(&xPendedTicks, sizeof(TickType_t), false, _) + &*& + integers_(&xYieldPendings, sizeof(BaseType_t), true, 1, _) + &*& + integer_(&uxTaskNumber, sizeof(UBaseType_t), false, _) + &*& + integer_(&xNextTaskUnblockTime, sizeof(TickType_t), false, _) + &*& + pointers(&xIdleTaskHandle, 1, _); + +predicate unprotectedGlobalVars() = + [_] integer_(&xSchedulerRunning, sizeof(BaseType_t), true, _); +@*/ + + +/* +void vf_validate_lock_predicate() +//@ requires module(tasks__pp, true); +//@ ensures true; +{ + //@ open_module(); + uxCurrentNumberOfTasks = 0; + + //@ close tasks_global_vars(); +} +*/ +// # 66 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/snippets/rp2040_port_c_snippets.c" 1 /* @@ -11435,10 +11513,12 @@ static void prvYieldForTask( TCB_t * pxTCB, usStackDepth > 18 &*& // We assume that macro `configMAX_TASK_NAME_LEN` evaluates to 16. chars(pcName, 16, _) &*& - *pxCreatedTask |-> _; + *pxCreatedTask |-> _ &*& + interruptsOn_p(_) &*& + unprotectedGlobalVars(); @*/ //@ ensures true; -// # 1341 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1343 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { TCB_t * pxNewTCB; BaseType_t xReturn; @@ -11446,7 +11526,7 @@ static void prvYieldForTask( TCB_t * pxTCB, /* If the stack grows down then allocate the stack then the TCB so the stack * does not grow into the TCB. Likewise if the stack grows up then allocate * the TCB then the stack. */ -// # 1371 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1373 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { StackType_t * pxStack; @@ -11484,9 +11564,9 @@ static void prvYieldForTask( TCB_t * pxTCB, if( pxNewTCB != 0 ) { -// # 1416 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1418 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" prvInitialiseNewTask( pxTaskCode, pcName, ( uint32_t ) usStackDepth, pvParameters, uxPriority, pxCreatedTask, pxNewTCB, 0 ); -// # 1425 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1427 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" prvAddNewTaskToReadyList( pxNewTCB ); xReturn = ( ( ( char ) 1 ) ); } @@ -11527,7 +11607,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, { StackType_t * pxTopOfStack; UBaseType_t x; -// # 1482 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1484 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" //@ open uninit_TCB_p(_,_); /* Avoid dependency on memset() if it is not required. */ @@ -11570,7 +11650,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, * Hence, reasoning about the stack alignment below takes relatively * long. */ -// # 1540 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1542 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Axiomatise that no over- or underflow occurs. * We further assume that `portPOINTER_SIZE_TYPE` evaluates to * `uint32_t`. @@ -11587,7 +11667,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, pxTopOfStack = ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception. Avoiding casts between pointers and integers is not practical. Size differences accounted for using portPOINTER_SIZE_TYPE type. Checked by assert(). */ -// # 1568 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1570 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Axiomatize that alignmet check succeeds. * We further assume that `portPOINTER_SIZE_TYPE` evaluates to * `uint32_t`*/ @@ -11598,7 +11678,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, /* Check the alignment of the calculated top of stack is correct. */ assert(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )); -// # 1590 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1592 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Axiomatize that bit vector operations did not change stack * pointer. */ @@ -11613,9 +11693,9 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, //@ char* gUnalignedPtr = (char*) pxNewTCB->pxStack + gFreeBytes; //@ close unalignedRestOfStack_p(gUnalignedPtr, gUnalignedBytes); //@ close stack_p_2(pxNewTCB->pxStack, ulStackDepth, pxTopOfStack, gFreeBytes, 0, gUnalignedBytes); -// # 1613 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1615 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } -// # 1627 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1629 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Store the task name in the TCB. */ if( pcName != 0 ) { @@ -11689,7 +11769,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, { pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U; } -// # 1719 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1721 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { /* Avoid compiler warning about unreferenced parameter. */ ( void ) xRegions; @@ -11717,7 +11797,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) ); //@ chars_to_uchars(pxNewTCB->ucNotifyState); } -// # 1758 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1760 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { /* Reason for rewrite: Assignment not type safe. */ @@ -11726,17 +11806,17 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, } -// # 1781 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1783 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Initialize the TCB stack to look as if the task was already running, * but had been interrupted by the scheduler. The return address is set * to the start of the task function. Once the stack has been initialised * the top of stack variable is updated. */ -// # 1809 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1811 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { /* If the port has capability to detect stack overflow, * pass the stack end address to the stack initialization * function as well. */ -// # 1826 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1828 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters ); } @@ -11781,7 +11861,8 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, /*-----------------------------------------------------------*/ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) -/*@ requires true; +/*@ requires interruptsOn_p(_) &*& + unprotectedGlobalVars(); @*/ /*@ ensures true; @*/ @@ -12446,13 +12527,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) /*-----------------------------------------------------------*/ -// # 2569 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 2572 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 2592 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 2595 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 2610 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 2613 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 2638 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 2641 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ @@ -12819,7 +12900,7 @@ static BaseType_t prvCreateIdleTasks( void ) { ; } -// # 3051 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 3054 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { if( xCoreID == 0 ) { @@ -12831,7 +12912,7 @@ static BaseType_t prvCreateIdleTasks( void ) ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */ &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */ } -// # 3074 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 3077 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } } @@ -12867,8 +12948,8 @@ void vTaskStartScheduler( void ) * the created tasks contain a status word with interrupts switched on * so interrupts will automatically get re-enabled when the first task * starts to run. */ - assert_fct(false, "portDISABLE_INTERRUPTS"); -// # 3124 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" + VF__portDISABLE_INTERRUPTS(); +// # 3127 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL; xSchedulerRunning = ( ( char ) 1 ); xTickCount = ( TickType_t ) 0; @@ -12918,7 +12999,7 @@ void vTaskEndScheduler( void ) /* Stop the scheduler interrupts and call the portable scheduler end * routine so the original ISRs can be restored if necessary. The port * layer must ensure interrupts enable bit is left in the correct state. */ - assert_fct(false, "portDISABLE_INTERRUPTS"); + VF__portDISABLE_INTERRUPTS(); xSchedulerRunning = ( ( char ) 0 ); vPortEndScheduler(); } @@ -12938,14 +13019,14 @@ void vTaskSuspendAll( void ) * interrupted and switches context before incrementing uxSchedulerSuspended. * It is safe to re-enable interrupts after releasing the ISR lock and incrementing * uxSchedulerSuspended since that will prevent context switches. */ - ulState = assert_fct(false, "portDISABLE_INTERRUPTS"); + ulState = VF__portDISABLE_INTERRUPTS(); /* portSOFRWARE_BARRIER() is only implemented for emulated/simulated ports that * do not otherwise exhibit real time behaviour. */ ; - vPortRecursiveLock(1, spin_lock_instance(15), ( ( char ) 1 )); - vPortRecursiveLock(0, spin_lock_instance(14), ( ( char ) 1 )); + VF__portGET_TASK_LOCK(); + VF__portGET_ISR_LOCK(); /* The scheduler is suspended if uxSchedulerSuspended is non-zero. An increment * is used to allow calls to vTaskSuspendAll() to nest. */ @@ -12965,7 +13046,7 @@ void vTaskSuspendAll( void ) } } /*----------------------------------------------------------*/ -// # 3282 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 3285 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*----------------------------------------------------------*/ BaseType_t xTaskResumeAll( void ) @@ -13335,7 +13416,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char * each task in the Suspended state. */ uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended ); } -// # 3665 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 3668 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { if( pulTotalRunTime != 0 ) { @@ -13374,7 +13455,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char * This is to ensure vTaskStepTick() is available when user defined low power mode * implementations require configUSE_TICKLESS_IDLE to be set to a value other than * 1. */ -// # 3716 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 3719 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*----------------------------------------------------------*/ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp ) @@ -13684,13 +13765,13 @@ BaseType_t xTaskIncrementTick( void ) return xSwitchRequired; } /*-----------------------------------------------------------*/ -// # 4054 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4057 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 4078 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4081 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 4103 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4106 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 4136 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4139 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ void vTaskSwitchContext( BaseType_t xCoreID ) @@ -13703,8 +13784,8 @@ void vTaskSwitchContext( BaseType_t xCoreID ) * and move on if another core suspended the scheduler. We should only * do that if the current core has suspended the scheduler. */ - vPortRecursiveLock(1, spin_lock_instance(15), ( ( char ) 1 )); /* Must always acquire the task lock first */ - vPortRecursiveLock(0, spin_lock_instance(14), ( ( char ) 1 )); + VF__portGET_TASK_LOCK(); /* Must always acquire the task lock first */ + VF__portGET_ISR_LOCK(); { /* vTaskSwitchContext() must never be called from within a critical section. * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */ @@ -13720,7 +13801,7 @@ void vTaskSwitchContext( BaseType_t xCoreID ) { xYieldPendings[ xCoreID ] = ( ( char ) 0 ); ; -// # 4194 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4197 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Check for stack overflow, if configured. */ { const uint32_t * pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } }; @@ -13737,7 +13818,7 @@ void vTaskSwitchContext( BaseType_t xCoreID ) ; /* After the new task is switched in, update the global errno. */ -// # 4228 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4231 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } } vPortRecursiveLock(0, spin_lock_instance(14), ( ( char ) 0 )); @@ -13850,7 +13931,7 @@ BaseType_t xTaskRemoveFromEventList( const List_t * pxEventList ) { ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) ); ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ; -// # 4354 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4357 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } else { @@ -13890,7 +13971,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem, pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ assert(pxUnblockedTCB); ( void ) uxListRemove( pxEventListItem ); -// # 4408 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4411 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Remove the task from the delayed list and add it to the ready list. The * scheduler is suspended so interrupts will not be accessing the ready * lists. */ @@ -14055,7 +14136,7 @@ void vTaskMissedYield( void ) * * @todo additional conditional compiles to remove this function. */ -// # 4632 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4635 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* * ----------------------------------------------------------- * The Idle task. @@ -14085,7 +14166,7 @@ static void prvIdleTask( void * pvParameters ) /* See if any tasks have deleted themselves - if so then the idle task * is responsible for freeing the deleted task's TCB and stack. */ prvCheckTasksWaitingTermination(); -// # 4673 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4676 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { /* When using preemption tasks of equal priority will be * timesliced. If a task that is sharing the idle priority is ready @@ -14106,16 +14187,16 @@ static void prvIdleTask( void * pvParameters ) ; } } -// # 4709 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4712 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* This conditional compilation should use inequality to 0, not equality * to 1. This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when * user defined low power mode implementations require * configUSE_TICKLESS_IDLE to be set to a value other than 1. */ -// # 4774 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4777 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } } /*-----------------------------------------------------------*/ -// # 4824 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4827 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ @@ -14160,7 +14241,7 @@ static void prvIdleTask( void * pvParameters ) /*-----------------------------------------------------------*/ -// # 4884 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4887 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ static void prvInitialiseTaskLists( void ) @@ -14262,7 +14343,7 @@ static void prvCheckTasksWaitingTermination( void ) { pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority; } -// # 4996 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4999 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { pxTaskStatus->ulRunTimeCounter = 0; } @@ -14393,7 +14474,7 @@ static void prvCheckTasksWaitingTermination( void ) /*-----------------------------------------------------------*/ -// # 5165 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5168 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ @@ -14450,7 +14531,7 @@ static void prvCheckTasksWaitingTermination( void ) free( (void*) pxTCB->pxStack); free( (void*) pxTCB); } -// # 5248 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5251 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } @@ -14484,7 +14565,7 @@ static void prvResetNextTaskUnblockTime( void ) TaskHandle_t xReturn; uint32_t ulState; - ulState = assert_fct(false, "portDISABLE_INTERRUPTS"); + ulState = VF__portDISABLE_INTERRUPTS(); xReturn = pxCurrentTCBs[ 0 ]; assert_fct(false, "portRESTORE_INTERRUPTS"); @@ -14856,10 +14937,11 @@ void vTaskYieldWithinAPI( void ) void vTaskEnterCritical( void ) - //@ requires false; + //@ requires interruptsOn_p(_) &*& unprotectedGlobalVars(); //@ ensures false; { - assert_fct(false, "portDISABLE_INTERRUPTS"); + VF__portDISABLE_INTERRUPTS(); + //@ open unprotectedGlobalVars(); if( xSchedulerRunning != ( ( char ) 0 ) ) { @@ -14867,10 +14949,10 @@ void vTaskYieldWithinAPI( void ) { if( assert_fct(false, "portCHECK_IF_IN_ISR") == ( ( char ) 0 ) ) { - vPortRecursiveLock(1, spin_lock_instance(15), ( ( char ) 1 )); + VF__portGET_TASK_LOCK(); } - vPortRecursiveLock(0, spin_lock_instance(14), ( ( char ) 1 )); + VF__portGET_ISR_LOCK(); } ( xTaskGetCurrentTaskHandle()->uxCriticalNesting )++; @@ -14952,11 +15034,11 @@ void vTaskYieldWithinAPI( void ) /*-----------------------------------------------------------*/ -// # 5775 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5779 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 5881 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5885 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*----------------------------------------------------------*/ -// # 6008 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 6012 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ TickType_t uxTaskResetEventItemValue( void ) @@ -15230,7 +15312,7 @@ TickType_t uxTaskResetEventItemValue( void ) /* The task should not have been on an event list. */ assert(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0); -// # 6299 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 6303 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { prvYieldForTask( pxTCB, ( ( char ) 0 ) ); } @@ -15524,7 +15606,7 @@ TickType_t uxTaskResetEventItemValue( void ) /*-----------------------------------------------------------*/ -// # 6608 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 6612 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait, @@ -15600,7 +15682,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait, } } } -// # 6720 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 6724 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } /* Code below here allows additional code to be inserted into this source file, From 8897e3fe6ef655ee43a866c73da7532e5937b340 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 4 Nov 2022 15:49:24 -0400 Subject: [PATCH 090/289] Added specification for enabling and disabling interrupts. --- tasks.c | 8 +-- .../verifast/preprocessed_files/tasks__pp.c | 52 ++++++++++++------- .../verifast/proof/verifast_port_contracts.h | 20 +++++-- 3 files changed, 54 insertions(+), 26 deletions(-) diff --git a/tasks.c b/tasks.c index efd978a7b7f..3b72aadce61 100644 --- a/tasks.c +++ b/tasks.c @@ -1323,7 +1323,7 @@ static void prvYieldForTask( TCB_t * pxTCB, // We assume that macro `configMAX_TASK_NAME_LEN` evaluates to 16. chars(pcName, 16, _) &*& *pxCreatedTask |-> _ &*& - interruptsOn_p(_) &*& + interruptState_p(_) &*& unprotectedGlobalVars(); @*/ //@ ensures true; @@ -1869,7 +1869,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, /*-----------------------------------------------------------*/ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) -/*@ requires interruptsOn_p(_) &*& +/*@ requires interruptState_p(_) &*& unprotectedGlobalVars(); @*/ /*@ ensures true; @@ -5277,6 +5277,8 @@ static void prvResetNextTaskUnblockTime( void ) #if ( ( INCLUDE_xTaskGetCurrentTaskHandle == 1 ) || ( configUSE_MUTEXES == 1 ) ) TaskHandle_t xTaskGetCurrentTaskHandle( void ) + //@ requires interruptState_p(?irpState); + //@ ensures interruptState_p(irpState) &*& false; { TaskHandle_t xReturn; uint32_t ulState; @@ -5653,7 +5655,7 @@ void vTaskYieldWithinAPI( void ) #if ( portCRITICAL_NESTING_IN_TCB == 1 ) void vTaskEnterCritical( void ) - //@ requires interruptsOn_p(_) &*& unprotectedGlobalVars(); + //@ requires interruptState_p(_) &*& unprotectedGlobalVars(); //@ ensures false; { portDISABLE_INTERRUPTS(); diff --git a/verification/verifast/preprocessed_files/tasks__pp.c b/verification/verifast/preprocessed_files/tasks__pp.c index 9b308052645..685bdd64a64 100644 --- a/verification/verifast/preprocessed_files/tasks__pp.c +++ b/verification/verifast/preprocessed_files/tasks__pp.c @@ -10326,14 +10326,26 @@ bool assert_fct(bool b, const char*) /*@ -predicate interruptsOn_p(bool status); +predicate interruptState_p(uint32_t); + +fixpoint bool interruptsEnabled_f(uint32_t); +@*/ + + + +uint32_t VF__portDISABLE_INTERRUPTS(); +//@ requires interruptState_p(?state); +/*@ ensures result == state &*& + interruptState_p(?newState) &*& + !interruptsEnabled_f(newState); @*/ -void VF__portDISABLE_INTERRUPTS(); -//@ requires interruptsOn_p(_); -//@ ensures interruptsOn_p(false); +void VF__portRESTORE_INTERRUPTS(uint32_t state); +//@ requires interruptState_p(_); +/*@ ensures interruptState_p(state); +@*/ @@ -11514,7 +11526,7 @@ static void prvYieldForTask( TCB_t * pxTCB, // We assume that macro `configMAX_TASK_NAME_LEN` evaluates to 16. chars(pcName, 16, _) &*& *pxCreatedTask |-> _ &*& - interruptsOn_p(_) &*& + interruptState_p(_) &*& unprotectedGlobalVars(); @*/ //@ ensures true; @@ -11861,7 +11873,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, /*-----------------------------------------------------------*/ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) -/*@ requires interruptsOn_p(_) &*& +/*@ requires interruptState_p(_) &*& unprotectedGlobalVars(); @*/ /*@ ensures true; @@ -12354,7 +12366,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) pxTCB = ( ( ( xTask ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTask ) ); uxReturn = pxTCB->uxPriority; } - do { vTaskExitCritical(); assert_fct(false, "portRESTORE_INTERRUPTS"); } while (0); + do { vTaskExitCritical(); VF__portRESTORE_INTERRUPTS(uxSavedInterruptState); } while (0); return uxReturn; } @@ -12836,7 +12848,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) ; } } - do { vTaskExitCritical(); assert_fct(false, "portRESTORE_INTERRUPTS"); } while (0); + do { vTaskExitCritical(); VF__portRESTORE_INTERRUPTS(uxSavedInterruptStatus); } while (0); return xYieldRequired; } @@ -13038,7 +13050,7 @@ void vTaskSuspendAll( void ) prvCheckForRunStateChange(); } - assert_fct(false, "portRESTORE_INTERRUPTS"); + VF__portRESTORE_INTERRUPTS(ulState); } else { @@ -14561,13 +14573,15 @@ static void prvResetNextTaskUnblockTime( void ) TaskHandle_t xTaskGetCurrentTaskHandle( void ) + //@ requires interruptState_p(?irpState); + //@ ensures interruptState_p(irpState) &*& false; { TaskHandle_t xReturn; uint32_t ulState; ulState = VF__portDISABLE_INTERRUPTS(); xReturn = pxCurrentTCBs[ 0 ]; - assert_fct(false, "portRESTORE_INTERRUPTS"); + VF__portRESTORE_INTERRUPTS(ulState); return xReturn; } @@ -14937,7 +14951,7 @@ void vTaskYieldWithinAPI( void ) void vTaskEnterCritical( void ) - //@ requires interruptsOn_p(_) &*& unprotectedGlobalVars(); + //@ requires interruptState_p(_) &*& unprotectedGlobalVars(); //@ ensures false; { VF__portDISABLE_INTERRUPTS(); @@ -15034,11 +15048,11 @@ void vTaskYieldWithinAPI( void ) /*-----------------------------------------------------------*/ -// # 5779 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5781 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 5885 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5887 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*----------------------------------------------------------*/ -// # 6012 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 6014 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ TickType_t uxTaskResetEventItemValue( void ) @@ -15312,7 +15326,7 @@ TickType_t uxTaskResetEventItemValue( void ) /* The task should not have been on an event list. */ assert(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0); -// # 6303 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 6305 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { prvYieldForTask( pxTCB, ( ( char ) 0 ) ); } @@ -15455,7 +15469,7 @@ TickType_t uxTaskResetEventItemValue( void ) } } - do { vTaskExitCritical(); assert_fct(false, "portRESTORE_INTERRUPTS"); } while (0); + do { vTaskExitCritical(); VF__portRESTORE_INTERRUPTS(uxSavedInterruptStatus); } while (0); return xReturn; } @@ -15539,7 +15553,7 @@ TickType_t uxTaskResetEventItemValue( void ) } } - do { vTaskExitCritical(); assert_fct(false, "portRESTORE_INTERRUPTS"); } while (0); + do { vTaskExitCritical(); VF__portRESTORE_INTERRUPTS(uxSavedInterruptStatus); } while (0); } @@ -15606,7 +15620,7 @@ TickType_t uxTaskResetEventItemValue( void ) /*-----------------------------------------------------------*/ -// # 6612 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 6614 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait, @@ -15682,7 +15696,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait, } } } -// # 6724 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 6726 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } /* Code below here allows additional code to be inserted into this source file, diff --git a/verification/verifast/proof/verifast_port_contracts.h b/verification/verifast/proof/verifast_port_contracts.h index 57eb907e5f3..bb8226f77da 100644 --- a/verification/verifast/proof/verifast_port_contracts.h +++ b/verification/verifast/proof/verifast_port_contracts.h @@ -3,14 +3,26 @@ /*@ -predicate interruptsOn_p(bool status); +predicate interruptState_p(uint32_t); + +fixpoint bool interruptsEnabled_f(uint32_t); @*/ #undef portDISABLE_INTERRUPTS #define portDISABLE_INTERRUPTS VF__portDISABLE_INTERRUPTS -void VF__portDISABLE_INTERRUPTS(); -//@ requires interruptsOn_p(_); -//@ ensures interruptsOn_p(false); +uint32_t VF__portDISABLE_INTERRUPTS(); +//@ requires interruptState_p(?state); +/*@ ensures result == state &*& + interruptState_p(?newState) &*& + !interruptsEnabled_f(newState); +@*/ + +#undef portRESTORE_INTERRUPTS +#define portRESTORE_INTERRUPTS(ulState) VF__portRESTORE_INTERRUPTS(ulState) +void VF__portRESTORE_INTERRUPTS(uint32_t state); +//@ requires interruptState_p(_); +/*@ ensures interruptState_p(state); +@*/ #undef portGET_TASK_LOCK #define portGET_TASK_LOCK VF__portGET_TASK_LOCK From 06d2611aa9f92511f3a1fae9aa209cdcf365b6ec Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 4 Nov 2022 16:16:08 -0400 Subject: [PATCH 091/289] Made config macros from `FreeRTOSConfig.h` available to VeriFast proof. --- tasks.c | 7 + .../custom_build_scripts_RP2040/vf_rewrite.sh | 3 + .../verifast/preprocessed_files/tasks__pp.c | 419 +++++++++--------- .../verifast/proof/verifast_port_contracts.h | 13 + .../verifast/start-vfide--preprocessed.sh | 1 + 5 files changed, 244 insertions(+), 199 deletions(-) diff --git a/tasks.c b/tasks.c index 3b72aadce61..0f77349ac20 100644 --- a/tasks.c +++ b/tasks.c @@ -30,6 +30,13 @@ */ //@ #include + + /* The following includes will be visible to VeriFast in the preprocessed + * code. VeriFast requires includes to occur befor definitions. Hence, + * all includes visible to VeriFast must occur before the preprocessed + * ones. + */ + //VF_include #include "FreeRTOSConfig.h" #endif /* VERIFAST */ diff --git a/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh b/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh index e719b922666..7afe1af046a 100755 --- a/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh +++ b/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh @@ -39,6 +39,9 @@ rewrite "__attribute__( ( [_a-z]* ) )" "" echo "Removing const qualifiers from pointers" rewrite "* const" "*" +echo "Uncomment special includes to allow VeriFast proofs to refer to config macros" +rewrite "//VF_include #include" "#include" + #echo "VF RW: 'long unsigned int' -> 'unsinged long int'" #echo "backup : $VF_RW_WD/$SOURCE_FILE.backup-$BACKUP_IDX" #echo backup index $BACKUP_IDX diff --git a/verification/verifast/preprocessed_files/tasks__pp.c b/verification/verifast/preprocessed_files/tasks__pp.c index 685bdd64a64..5ff041e64cc 100644 --- a/verification/verifast/preprocessed_files/tasks__pp.c +++ b/verification/verifast/preprocessed_files/tasks__pp.c @@ -38,6 +38,13 @@ //@ #include + /* The following includes will be visible to VeriFast in the preprocessed + * code. VeriFast requires includes to occur befor definitions. Hence, + * all includes visible to VeriFast must occur before the preprocessed + * ones. + */ + #include "FreeRTOSConfig.h" + /* Standard includes. */ @@ -60,40 +67,40 @@ typedef intptr_t ptrdiff_t; typedef intptr_t ssize_t; // # 5 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/malloc.h" 2 -/*@ - -// In Standard C, freeing a null pointer is allowed and is a no-op. -lemma_auto void malloc_block_null(); - requires emp; - ensures malloc_block(0, 0); - -lemma void malloc_block_limits(void *array); - requires [?f]malloc_block(array, ?size); - ensures [f]malloc_block(array, size) &*& (void *)0 <= array &*& 0 <= size &*& array + size <= (void *)UINTPTR_MAX; - +/*@ + +// In Standard C, freeing a null pointer is allowed and is a no-op. +lemma_auto void malloc_block_null(); + requires emp; + ensures malloc_block(0, 0); + +lemma void malloc_block_limits(void *array); + requires [?f]malloc_block(array, ?size); + ensures [f]malloc_block(array, size) &*& (void *)0 <= array &*& 0 <= size &*& array + size <= (void *)UINTPTR_MAX; + @*/ void *malloc(size_t size); //@ requires true; - /*@ - ensures - result == 0 ? - emp - : - chars_(result, size, _) &*& malloc_block(result, size) &*& - (char *)0 < result && result + size <= (char *)UINTPTR_MAX; // one-past-end does not overflow + /*@ + ensures + result == 0 ? + emp + : + chars_(result, size, _) &*& malloc_block(result, size) &*& + (char *)0 < result && result + size <= (char *)UINTPTR_MAX; // one-past-end does not overflow @*/ //@ terminates; void *calloc(size_t nmemb, size_t size); //@ requires true; - /*@ - ensures - result == 0 ? - emp - : - chars(result, nmemb * size, ?cs) &*& malloc_block(result, nmemb * size) &*& all_eq(cs, 0) == true &*& - (char *)0 < result && result + nmemb * size <= (char *)UINTPTR_MAX; // one-past-end does not overflow + /*@ + ensures + result == 0 ? + emp + : + chars(result, nmemb * size, ?cs) &*& malloc_block(result, nmemb * size) &*& all_eq(cs, 0) == true &*& + (char *)0 < result && result + nmemb * size <= (char *)UINTPTR_MAX; // one-past-end does not overflow @*/ //@ terminates; @@ -104,16 +111,16 @@ void free(void *array); void *realloc(void *array, size_t newSize); //@ requires malloc_block(array, ?size) &*& chars(array, size, ?cs); - /*@ - ensures - result == 0 ? - malloc_block(array, size) &*& chars(array, size, cs) - : - malloc_block(result, newSize) &*& - newSize <= size ? - chars(result, _, take(newSize, cs)) - : - chars(result, _, cs) &*& chars(result + size, newSize - size, _); + /*@ + ensures + result == 0 ? + malloc_block(array, size) &*& chars(array, size, cs) + : + malloc_block(result, newSize) &*& + newSize <= size ? + chars(result, _, take(newSize, cs)) + : + chars(result, _, cs) &*& chars(result + size, newSize - size, _); @*/ //@ terminates; // # 6 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdlib.h" 2 @@ -142,7 +149,7 @@ long long llabs(long long x); //@ requires LLONG_MIN < x; //@ ensures result == abs(x); //@ terminates; -// # 38 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 +// # 45 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 // # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/string.h" 1 @@ -158,21 +165,21 @@ void memcpy(void *array, void *array0, size_t count); //@ ensures chars(array, count, cs0) &*& [f]chars(array0, count, cs0); void memmove(void *dest, void *src, size_t count); - /*@ - requires - chars(src, count, ?cs) &*& - dest <= src ? - chars(dest, src - dest, _) - : - chars(src + count, dest - src, _); + /*@ + requires + chars(src, count, ?cs) &*& + dest <= src ? + chars(dest, src - dest, _) + : + chars(src + count, dest - src, _); @*/ - /*@ - ensures - chars(dest, count, cs) &*& - dest <= src ? - chars(dest + count, src - dest, _) - : - chars(src, dest - src, _); + /*@ + ensures + chars(dest, count, cs) &*& + dest <= src ? + chars(dest + count, src - dest, _) + : + chars(src, dest - src, _); @*/ size_t strlen(char *string); @@ -193,15 +200,15 @@ char *memchr(char *array, char c, size_t count); char* strchr(char *str, char c); //@ requires [?f]string(str, ?cs); - /*@ ensures - [f]string(str, cs) &*& - c == 0 ? - result == str + length(cs) - : - result == 0 ? - mem(c, cs) == false - : - mem(c, cs) == true &*& result == str + index_of(c, cs); + /*@ ensures + [f]string(str, cs) &*& + c == 0 ? + result == str + length(cs) + : + result == 0 ? + mem(c, cs) == false + : + mem(c, cs) == true &*& result == str + index_of(c, cs); @*/ void* memset(void *array, char value, size_t size); @@ -211,7 +218,7 @@ void* memset(void *array, char value, size_t size); char *strdup(char *string); //@ requires [?f]string(string, ?cs); //@ ensures [f]string(string, cs) &*& result == 0 ? true : string(result, cs) &*& malloc_block_chars(result, length(cs) + 1); -// # 39 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 +// # 46 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 /* Defining MPU_WRAPPERS_INCLUDED_FROM_API_FILE prevents task.h from redefining * all the API functions to use the MPU wrappers. That should only be done when @@ -548,33 +555,33 @@ typedef void (* TaskFunction_t)( void * ); * must be set in the compiler's include path. */ // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 1 -/* - * FreeRTOS SMP Kernel V202110.00 - * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. - * Copyright (c) 2021 Raspberry Pi (Trading) Ltd. - * - * SPDX-License-Identifier: MIT AND BSD-3-Clause - * - * Permission is hereby granted, free of charge, to any person obtaining a copy of - * this software and associated documentation files (the "Software"), to deal in - * the Software without restriction, including without limitation the rights to - * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of - * the Software, and to permit persons to whom the Software is furnished to do so, - * subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS - * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR - * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER - * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - * - * https://www.FreeRTOS.org - * https://github.com/FreeRTOS - * +/* + * FreeRTOS SMP Kernel V202110.00 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright (c) 2021 Raspberry Pi (Trading) Ltd. + * + * SPDX-License-Identifier: MIT AND BSD-3-Clause + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * https://www.FreeRTOS.org + * https://github.com/FreeRTOS + * */ // # 37 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico.h" 1 @@ -4283,14 +4290,14 @@ int spin_lock_claim_unused(bool required); bool spin_lock_is_claimed(uint lock_num); // # 39 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 2 -/*----------------------------------------------------------- - * Port specific definitions. - * - * The settings in this file configure FreeRTOS correctly for the - * given hardware and compiler. - * - * These settings should not be altered. - *----------------------------------------------------------- +/*----------------------------------------------------------- + * Port specific definitions. + * + * The settings in this file configure FreeRTOS correctly for the + * given hardware and compiler. + * + * These settings should not be altered. + *----------------------------------------------------------- */ /* Type definitions. */ @@ -4306,7 +4313,7 @@ bool spin_lock_is_claimed(uint lock_num); typedef uint32_t TickType_t; -/* 32-bit tick type on a 32-bit architecture, so reads of the tick count do +/* 32-bit tick type on a 32-bit architecture, so reads of the tick count do * not need to be guarded with a critical section. */ @@ -4317,13 +4324,13 @@ bool spin_lock_is_claimed(uint lock_num); - /* Reason for rewrite: VeriFast does not support the attriibute `used`. + /* Reason for rewrite: VeriFast does not support the attriibute `used`. */ - /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config, + /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config, * as our FreeRTOSConfig.h header cannot be included by ASM code - which is what this affects in the SDK */ @@ -4388,11 +4395,11 @@ bool spin_lock_is_claimed(uint lock_num); - /* Note this is a single method with uxAcquire parameter since we have - * static vars, the method is always called with a compile time constant for + /* Note this is a single method with uxAcquire parameter since we have + * static vars, the method is always called with a compile time constant for * uxAcquire, and the compiler should dothe right thing! */ - /* Reason for rewrite: VeriFast does not support local static variables. + /* Reason for rewrite: VeriFast does not support local static variables. */ // # 226 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" /*-----------------------------------------------------------*/ @@ -5002,7 +5009,7 @@ typedef StaticStreamBuffer_t StaticMessageBuffer_t; /* *INDENT-ON* */ -// # 47 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 +// # 54 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/task.h" 1 /* * FreeRTOS SMP Kernel V202110.00 @@ -8521,7 +8528,7 @@ void vTaskYieldWithinAPI( void ); /* *INDENT-ON* */ -// # 48 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 +// # 55 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/timers.h" 1 /* * FreeRTOS SMP Kernel V202110.00 @@ -9862,7 +9869,7 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer, /* *INDENT-ON* */ -// # 49 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 +// # 56 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/stack_macros.h" 1 /* * FreeRTOS SMP Kernel V202110.00 @@ -9923,7 +9930,7 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer, /*-----------------------------------------------------------*/ /* Remove stack overflow macro if not being used. */ -// # 50 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 +// # 57 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 /* Verifast proof setup * @@ -9948,7 +9955,7 @@ BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer, * unsigned types. While that's safe in practice, it is not * type safe. Hence we define */ -// # 58 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 +// # 65 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/stack_predicates.h" 1 @@ -10031,7 +10038,7 @@ ensures // free cells minus top cell open integers_(pxStack + (freeCells-1), _, _, _, _); } @*/ -// # 59 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 +// # 66 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/task_predicates.h" 1 @@ -10150,7 +10157,7 @@ predicate TCB_p(TCB_t * tcb, uint32_t ulFreeBytesOnStack) = tcb->ucDelayAborted |-> _; @*/ -// # 60 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 +// # 67 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_RP2040_axioms.h" 1 @@ -10168,7 +10175,7 @@ lemma void ptr_range(t* ptr); requires true; ensures 0 <= (int) ptr &*& (int) ptr <= 4294967295; @*/ -// # 61 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 +// # 68 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/verifast_prelude_extended.h" 1 @@ -10273,7 +10280,7 @@ ensures chars(startPtr, ?cc, _) &*& } @*/ -// # 62 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 +// # 69 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/verifast_bitops_extended.h" 1 @@ -10284,7 +10291,7 @@ lemma void bitand_idempotent_right(int l, int r); requires true; ensures (l & r) == ((l & r) & r); @*/ -// # 63 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 +// # 70 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_asm.h" 1 @@ -10319,12 +10326,25 @@ bool assert_fct(bool b, const char*) //#undef portDISABLE_INTERRUPTS //#define portDISABLE_INTERRUPTS() assert_fct(false, "portDISABLE_INTERRUPTS") -// # 64 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 +// # 71 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/verifast_port_contracts.h" 1 +// We want our proofs to hold for an arbitrary number of cores. +/* TODO: Can we use the original function `get_core_num` instead without + * adding the contract inside the pico sdk file (platform.h)? + */ + + + +/* FreeRTOS core id is always zero based.*/ +static uint VF__get_core_num(void); +//@ requires true; +//@ ensures result < configNUM_CORES; + + /*@ predicate interruptState_p(uint32_t); @@ -10358,7 +10378,7 @@ void VF__portGET_TaskLock(); void VF__portGET_ISR_LOCK(); //@ requires false; //@ ensures true; -// # 65 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 +// # 72 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/verifast_lock_predicates.h" 1 @@ -10403,7 +10423,7 @@ void vf_validate_lock_predicate() //@ close tasks_global_vars(); } */ -// # 66 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 +// # 73 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/snippets/rp2040_port_c_snippets.c" 1 /* @@ -10626,7 +10646,7 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack, return pxTopOfStack; } -// # 68 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 +// # 75 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/list.c" 1 /* @@ -10844,7 +10864,7 @@ UBaseType_t uxListRemove( ListItem_t * pxItemToRemove ) return pxList->uxNumberOfItems; } /*-----------------------------------------------------------*/ -// # 70 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 +// # 77 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 /* Lint e9021, e961 and e750 are suppressed as a MISRA exception justified @@ -10855,7 +10875,7 @@ UBaseType_t uxListRemove( ListItem_t * pxItemToRemove ) /* Set configUSE_STATS_FORMATTING_FUNCTIONS to 2 to include the stats formatting * functions but without including stdio.h here. */ -// # 98 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 105 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Values that can be assigned to the ucNotifyState member of the TCB. */ @@ -10912,18 +10932,18 @@ UBaseType_t uxListRemove( ListItem_t * pxItemToRemove ) /* uxTopReadyPriority holds the priority of the highest priority ready * state task. */ -// # 162 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 169 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ /* Define away taskRESET_READY_PRIORITY() and portRESET_READY_PRIORITY() as * they are only required when a port optimised method of task selection is * being used. */ -// # 196 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 203 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ /* pxDelayedTaskList and pxOverflowDelayedTaskList are switched when the tick * count overflows. */ -// # 214 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 221 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ /* @@ -10978,7 +10998,7 @@ typedef BaseType_t TaskRunning_t; typedef struct tskTaskControlBlock /* The old naming convention is used to prevent breaking kernel aware debuggers. */ { volatile StackType_t * pxTopOfStack; /*< Points to the location of the last item placed on the tasks stack. THIS MUST BE THE FIRST MEMBER OF THE TCB STRUCT. */ -// # 277 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 284 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" ListItem_t xStateListItem; /*< The list that the state list item of a task is reference from denotes the state of that task (Ready, Blocked, Suspended ). */ ListItem_t xEventListItem; /*< Used to reference a task from an event list. */ UBaseType_t uxPriority; /*< The priority of the task. 0 is the lowest priority. */ @@ -10986,7 +11006,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve volatile TaskRunning_t xTaskRunState; /*< Used to identify the core the task is running on, if any. */ BaseType_t xIsIdle; /*< Used to identify the idle tasks. */ char pcTaskName[ 16 ]; /*< Descriptive name given to the task when created. Facilitates debugging only. */ /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ -// # 294 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 301 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" UBaseType_t uxCriticalNesting; /*< Holds the critical section nesting depth for ports that do not maintain their own count in the port layer. */ @@ -11006,7 +11026,7 @@ typedef struct tskTaskControlBlock /* The old naming convention is used to preve void * pvThreadLocalStoragePointers[ 5 ]; -// # 334 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 341 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" volatile uint32_t ulNotifiedValue[ 1 ]; volatile uint8_t ucNotifyState[ 1 ]; @@ -11097,7 +11117,7 @@ const volatile UBaseType_t uxTopUsedPriority = 32 - 1U; * must not be done by an ISR. Reads must be protected by either lock and may be done by * either an ISR or a task. */ static volatile UBaseType_t uxSchedulerSuspended = ( UBaseType_t ) ( ( char ) 0 ); -// # 434 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 441 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*lint -restore */ /*-----------------------------------------------------------*/ @@ -11250,7 +11270,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait, * will exit the Blocked state. */ static void prvResetNextTaskUnblockTime( void ) ; -// # 598 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 605 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* * Called after a Task_t structure has been allocated either statically or * dynamically to fill in the structure's members. @@ -11282,9 +11302,9 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) ; /*-----------------------------------------------------------*/ -// # 648 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 655 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 731 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 738 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ static void prvYieldCore( BaseType_t xCoreID ) @@ -11292,13 +11312,13 @@ static void prvYieldCore( BaseType_t xCoreID ) /* This must be called from a critical section and * xCoreID must be valid. */ - if( assert_fct(false, "portCHECK_IF_IN_ISR") && ( xCoreID == 0 ) ) + if( assert_fct(false, "portCHECK_IF_IN_ISR") && ( xCoreID == VF__get_core_num() ) ) { xYieldPendings[ xCoreID ] = ( ( char ) 1 ); } else if( pxCurrentTCBs[ xCoreID ]->xTaskRunState != ( TaskRunning_t ) ( -2 ) ) { - if( xCoreID == 0 ) + if( xCoreID == VF__get_core_num() ) { xYieldPendings[ xCoreID ] = ( ( char ) 1 ); } @@ -11327,7 +11347,7 @@ static void prvYieldForTask( TCB_t * pxTCB, /* THIS FUNCTION MUST BE CALLED FROM A CRITICAL SECTION */ assert(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U); -// # 785 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 792 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" xLowestPriority = ( BaseType_t ) pxTCB->uxPriority; if( xPreemptEqualPriority == ( ( char ) 0 ) ) @@ -11366,7 +11386,7 @@ static void prvYieldForTask( TCB_t * pxTCB, { ; } -// # 839 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 846 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } else { @@ -11379,7 +11399,7 @@ static void prvYieldForTask( TCB_t * pxTCB, prvYieldCore( xLowestPriorityCore ); xYieldCount++; } -// # 859 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 866 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } /*-----------------------------------------------------------*/ @@ -11390,10 +11410,10 @@ static void prvYieldForTask( TCB_t * pxTCB, UBaseType_t uxCurrentPriority = uxTopReadyPriority; BaseType_t xTaskScheduled = ( ( char ) 0 ); BaseType_t xDecrementTopPriority = ( ( char ) 1 ); -// # 877 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 884 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" while( xTaskScheduled == ( ( char ) 0 ) ) { -// # 891 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 898 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" if( ( ( ( &( pxReadyTasksLists[ uxCurrentPriority ] ) )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) == ( ( char ) 0 ) ) { @@ -11431,7 +11451,7 @@ static void prvYieldForTask( TCB_t * pxTCB, pxTCB = pxTaskItem->pvOwner; /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */ -// # 944 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 951 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" if( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -1 ) ) { @@ -11501,16 +11521,16 @@ static void prvYieldForTask( TCB_t * pxTCB, } assert(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )); -// # 1088 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1095 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" return ( ( char ) 1 ); } -// # 1104 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1111 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 1182 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1189 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 1245 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1252 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 1311 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1318 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ @@ -11530,7 +11550,7 @@ static void prvYieldForTask( TCB_t * pxTCB, unprotectedGlobalVars(); @*/ //@ ensures true; -// # 1343 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1350 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { TCB_t * pxNewTCB; BaseType_t xReturn; @@ -11538,7 +11558,7 @@ static void prvYieldForTask( TCB_t * pxTCB, /* If the stack grows down then allocate the stack then the TCB so the stack * does not grow into the TCB. Likewise if the stack grows up then allocate * the TCB then the stack. */ -// # 1373 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1380 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { StackType_t * pxStack; @@ -11576,9 +11596,9 @@ static void prvYieldForTask( TCB_t * pxTCB, if( pxNewTCB != 0 ) { -// # 1418 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1425 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" prvInitialiseNewTask( pxTaskCode, pcName, ( uint32_t ) usStackDepth, pvParameters, uxPriority, pxCreatedTask, pxNewTCB, 0 ); -// # 1427 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1434 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" prvAddNewTaskToReadyList( pxNewTCB ); xReturn = ( ( ( char ) 1 ) ); } @@ -11619,7 +11639,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, { StackType_t * pxTopOfStack; UBaseType_t x; -// # 1484 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1491 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" //@ open uninit_TCB_p(_,_); /* Avoid dependency on memset() if it is not required. */ @@ -11662,7 +11682,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, * Hence, reasoning about the stack alignment below takes relatively * long. */ -// # 1542 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1549 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Axiomatise that no over- or underflow occurs. * We further assume that `portPOINTER_SIZE_TYPE` evaluates to * `uint32_t`. @@ -11679,7 +11699,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, pxTopOfStack = ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception. Avoiding casts between pointers and integers is not practical. Size differences accounted for using portPOINTER_SIZE_TYPE type. Checked by assert(). */ -// # 1570 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1577 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Axiomatize that alignmet check succeeds. * We further assume that `portPOINTER_SIZE_TYPE` evaluates to * `uint32_t`*/ @@ -11690,7 +11710,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, /* Check the alignment of the calculated top of stack is correct. */ assert(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )); -// # 1592 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1599 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Axiomatize that bit vector operations did not change stack * pointer. */ @@ -11705,9 +11725,9 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, //@ char* gUnalignedPtr = (char*) pxNewTCB->pxStack + gFreeBytes; //@ close unalignedRestOfStack_p(gUnalignedPtr, gUnalignedBytes); //@ close stack_p_2(pxNewTCB->pxStack, ulStackDepth, pxTopOfStack, gFreeBytes, 0, gUnalignedBytes); -// # 1615 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1622 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } -// # 1629 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1636 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Store the task name in the TCB. */ if( pcName != 0 ) { @@ -11781,7 +11801,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, { pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U; } -// # 1721 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1728 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { /* Avoid compiler warning about unreferenced parameter. */ ( void ) xRegions; @@ -11809,7 +11829,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) ); //@ chars_to_uchars(pxNewTCB->ucNotifyState); } -// # 1760 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1767 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { /* Reason for rewrite: Assignment not type safe. */ @@ -11818,17 +11838,17 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, } -// # 1783 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1790 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Initialize the TCB stack to look as if the task was already running, * but had been interrupted by the scheduler. The return address is set * to the start of the task function. Once the stack has been initialised * the top of stack variable is updated. */ -// # 1811 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1818 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { /* If the port has capability to detect stack overflow, * pass the stack end address to the stack initialization * function as well. */ -// # 1828 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1835 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters ); } @@ -12037,7 +12057,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) { BaseType_t xCoreID; - xCoreID = 0; + xCoreID = VF__get_core_num(); if( xTaskRunningOnCore == xCoreID ) { @@ -12539,13 +12559,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) /*-----------------------------------------------------------*/ -// # 2572 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 2579 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 2595 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 2602 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 2613 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 2620 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 2641 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 2648 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ @@ -12619,7 +12639,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) { if( xSchedulerRunning != ( ( char ) 0 ) ) { - if( xTaskRunningOnCore == 0 ) + if( xTaskRunningOnCore == VF__get_core_num() ) { /* The current task has just been suspended. */ assert(uxSchedulerSuspended == 0); @@ -12837,7 +12857,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) prvYieldForTask( pxTCB, ( ( char ) 1 ) ); - if( xYieldPendings[ 0 ] != ( ( char ) 0 ) ) + if( xYieldPendings[ VF__get_core_num() ] != ( ( char ) 0 ) ) { xYieldRequired = ( ( char ) 1 ); } @@ -12912,7 +12932,7 @@ static BaseType_t prvCreateIdleTasks( void ) { ; } -// # 3054 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 3061 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { if( xCoreID == 0 ) { @@ -12924,7 +12944,7 @@ static BaseType_t prvCreateIdleTasks( void ) ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */ &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */ } -// # 3077 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 3084 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } } @@ -12961,7 +12981,7 @@ void vTaskStartScheduler( void ) * so interrupts will automatically get re-enabled when the first task * starts to run. */ VF__portDISABLE_INTERRUPTS(); -// # 3127 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 3134 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL; xSchedulerRunning = ( ( char ) 1 ); xTickCount = ( TickType_t ) 0; @@ -13058,7 +13078,7 @@ void vTaskSuspendAll( void ) } } /*----------------------------------------------------------*/ -// # 3285 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 3292 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*----------------------------------------------------------*/ BaseType_t xTaskResumeAll( void ) @@ -13077,7 +13097,7 @@ BaseType_t xTaskResumeAll( void ) { BaseType_t xCoreID; - xCoreID = 0; + xCoreID = VF__get_core_num(); /* If uxSchedulerSuspended is zero then this function does not match a * previous call to vTaskSuspendAll(). */ @@ -13428,7 +13448,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char * each task in the Suspended state. */ uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended ); } -// # 3668 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 3675 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { if( pulTotalRunTime != 0 ) { @@ -13467,7 +13487,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char * This is to ensure vTaskStepTick() is available when user defined low power mode * implementations require configUSE_TICKLESS_IDLE to be set to a value other than * 1. */ -// # 3719 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 3726 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*----------------------------------------------------------*/ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp ) @@ -13731,7 +13751,7 @@ BaseType_t xTaskIncrementTick( void ) { BaseType_t xCoreID; - xCoreID = 0; + xCoreID = VF__get_core_num(); for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) 1; x++ ) { @@ -13777,13 +13797,13 @@ BaseType_t xTaskIncrementTick( void ) return xSwitchRequired; } /*-----------------------------------------------------------*/ -// # 4057 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4064 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 4081 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4088 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 4106 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4113 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 4139 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4146 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ void vTaskSwitchContext( BaseType_t xCoreID ) @@ -13813,7 +13833,7 @@ void vTaskSwitchContext( BaseType_t xCoreID ) { xYieldPendings[ xCoreID ] = ( ( char ) 0 ); ; -// # 4197 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4204 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Check for stack overflow, if configured. */ { const uint32_t * pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } }; @@ -13830,7 +13850,7 @@ void vTaskSwitchContext( BaseType_t xCoreID ) ; /* After the new task is switched in, update the global errno. */ -// # 4231 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4238 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } } vPortRecursiveLock(0, spin_lock_instance(14), ( ( char ) 0 )); @@ -13943,7 +13963,7 @@ BaseType_t xTaskRemoveFromEventList( const List_t * pxEventList ) { ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) ); ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ; -// # 4357 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4364 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } else { @@ -13956,7 +13976,7 @@ BaseType_t xTaskRemoveFromEventList( const List_t * pxEventList ) prvYieldForTask( pxUnblockedTCB, ( ( char ) 0 ) ); - if( xYieldPendings[ 0 ] != ( ( char ) 0 ) ) + if( xYieldPendings[ VF__get_core_num() ] != ( ( char ) 0 ) ) { xReturn = ( ( char ) 1 ); } @@ -13983,7 +14003,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem, pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ assert(pxUnblockedTCB); ( void ) uxListRemove( pxEventListItem ); -// # 4411 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4418 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Remove the task from the delayed list and add it to the ready list. The * scheduler is suspended so interrupts will not be accessing the ready * lists. */ @@ -14088,7 +14108,7 @@ BaseType_t xTaskCheckForTimeOut( TimeOut_t * pxTimeOut, void vTaskMissedYield( void ) { /* Must be called from within a critical section */ - xYieldPendings[ 0 ] = ( ( char ) 1 ); + xYieldPendings[ VF__get_core_num() ] = ( ( char ) 1 ); } /*-----------------------------------------------------------*/ @@ -14148,7 +14168,7 @@ void vTaskMissedYield( void ) * * @todo additional conditional compiles to remove this function. */ -// # 4635 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4642 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* * ----------------------------------------------------------- * The Idle task. @@ -14178,7 +14198,7 @@ static void prvIdleTask( void * pvParameters ) /* See if any tasks have deleted themselves - if so then the idle task * is responsible for freeing the deleted task's TCB and stack. */ prvCheckTasksWaitingTermination(); -// # 4676 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4683 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { /* When using preemption tasks of equal priority will be * timesliced. If a task that is sharing the idle priority is ready @@ -14199,16 +14219,16 @@ static void prvIdleTask( void * pvParameters ) ; } } -// # 4712 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4719 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* This conditional compilation should use inequality to 0, not equality * to 1. This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when * user defined low power mode implementations require * configUSE_TICKLESS_IDLE to be set to a value other than 1. */ -// # 4777 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4784 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } } /*-----------------------------------------------------------*/ -// # 4827 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4834 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ @@ -14253,7 +14273,7 @@ static void prvIdleTask( void * pvParameters ) /*-----------------------------------------------------------*/ -// # 4887 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4894 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ static void prvInitialiseTaskLists( void ) @@ -14355,7 +14375,7 @@ static void prvCheckTasksWaitingTermination( void ) { pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority; } -// # 4999 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5006 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { pxTaskStatus->ulRunTimeCounter = 0; } @@ -14486,7 +14506,7 @@ static void prvCheckTasksWaitingTermination( void ) /*-----------------------------------------------------------*/ -// # 5168 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5175 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ @@ -14543,7 +14563,7 @@ static void prvCheckTasksWaitingTermination( void ) free( (void*) pxTCB->pxStack); free( (void*) pxTCB); } -// # 5251 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5258 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } @@ -14580,7 +14600,8 @@ static void prvResetNextTaskUnblockTime( void ) uint32_t ulState; ulState = VF__portDISABLE_INTERRUPTS(); - xReturn = pxCurrentTCBs[ 0 ]; + //@ assert( configNUM_CORES == 13 ); + xReturn = pxCurrentTCBs[ VF__get_core_num() ]; VF__portRESTORE_INTERRUPTS(ulState); return xReturn; @@ -14943,7 +14964,7 @@ void vTaskYieldWithinAPI( void ) } else { - xYieldPendings[ 0 ] = ( ( char ) 1 ); + xYieldPendings[ VF__get_core_num() ] = ( ( char ) 1 ); } } /*-----------------------------------------------------------*/ @@ -15048,11 +15069,11 @@ void vTaskYieldWithinAPI( void ) /*-----------------------------------------------------------*/ -// # 5781 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5788 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 5887 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5894 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*----------------------------------------------------------*/ -// # 6014 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 6021 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ TickType_t uxTaskResetEventItemValue( void ) @@ -15326,7 +15347,7 @@ TickType_t uxTaskResetEventItemValue( void ) /* The task should not have been on an event list. */ assert(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0); -// # 6305 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 6312 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { prvYieldForTask( pxTCB, ( ( char ) 0 ) ); } @@ -15459,7 +15480,7 @@ TickType_t uxTaskResetEventItemValue( void ) prvYieldForTask( pxTCB, ( ( char ) 0 ) ); - if( xYieldPendings[ 0 ] == ( ( char ) 1 ) ) + if( xYieldPendings[ VF__get_core_num() ] == ( ( char ) 1 ) ) { if( pxHigherPriorityTaskWoken != 0 ) { @@ -15543,7 +15564,7 @@ TickType_t uxTaskResetEventItemValue( void ) prvYieldForTask( pxTCB, ( ( char ) 0 ) ); - if( xYieldPendings[ 0 ] == ( ( char ) 1 ) ) + if( xYieldPendings[ VF__get_core_num() ] == ( ( char ) 1 ) ) { if( pxHigherPriorityTaskWoken != 0 ) { @@ -15620,7 +15641,7 @@ TickType_t uxTaskResetEventItemValue( void ) /*-----------------------------------------------------------*/ -// # 6614 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 6621 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait, @@ -15696,7 +15717,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait, } } } -// # 6726 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 6733 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } /* Code below here allows additional code to be inserted into this source file, diff --git a/verification/verifast/proof/verifast_port_contracts.h b/verification/verifast/proof/verifast_port_contracts.h index bb8226f77da..82171e9ecfc 100644 --- a/verification/verifast/proof/verifast_port_contracts.h +++ b/verification/verifast/proof/verifast_port_contracts.h @@ -2,6 +2,19 @@ #define VERIFAST_PORT_CONTRACTS_H +// We want our proofs to hold for an arbitrary number of cores. +/* TODO: Can we use the original function `get_core_num` instead without + * adding the contract inside the pico sdk file (platform.h)? + */ +#undef portGET_CORE_ID +#define portGET_CORE_ID() VF__get_core_num() + +/* FreeRTOS core id is always zero based.*/ +static uint VF__get_core_num(void); +//@ requires true; +//@ ensures result < configNUM_CORES; + + /*@ predicate interruptState_p(uint32_t); diff --git a/verification/verifast/start-vfide--preprocessed.sh b/verification/verifast/start-vfide--preprocessed.sh index 09e7c2d5633..2704752150d 100755 --- a/verification/verifast/start-vfide--preprocessed.sh +++ b/verification/verifast/start-vfide--preprocessed.sh @@ -31,6 +31,7 @@ echo "\n\nPreprocessing script finished\n\n" # Remarks: # - Need z3v4.5 to handle bitvector arithmetic "$VF_DIR/bin/vfide" "$PP_TASK_C" \ + -I proof_setup \ -codeFont "$FONT_SIZE" -traceFont "$FONT_SIZE" \ -prover z3v4.5 # -target 32bit -prover z3v4.5 \ From 91eb6eefaa0036113ed609ed648bfec59d207880 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Mon, 7 Nov 2022 14:21:42 -0500 Subject: [PATCH 092/289] Included reference to core ID in interrupt predicates and added distinction between global and core local variables. --- tasks.c | 10 +- .../verifast/preprocessed_files/tasks__pp.c | 267 ++++++++++-------- .../verifast/proof/verifast_lock_predicates.h | 34 ++- .../verifast/proof/verifast_port_contracts.h | 27 +- 4 files changed, 202 insertions(+), 136 deletions(-) diff --git a/tasks.c b/tasks.c index 0f77349ac20..ed3664d5718 100644 --- a/tasks.c +++ b/tasks.c @@ -1330,7 +1330,7 @@ static void prvYieldForTask( TCB_t * pxTCB, // We assume that macro `configMAX_TASK_NAME_LEN` evaluates to 16. chars(pcName, 16, _) &*& *pxCreatedTask |-> _ &*& - interruptState_p(_) &*& + interruptState_p(?coreID, _) &*& unprotectedGlobalVars(); @*/ //@ ensures true; @@ -1876,7 +1876,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, /*-----------------------------------------------------------*/ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) -/*@ requires interruptState_p(_) &*& +/*@ requires interruptState_p(?coreID, _) &*& unprotectedGlobalVars(); @*/ /*@ ensures true; @@ -5284,8 +5284,8 @@ static void prvResetNextTaskUnblockTime( void ) #if ( ( INCLUDE_xTaskGetCurrentTaskHandle == 1 ) || ( configUSE_MUTEXES == 1 ) ) TaskHandle_t xTaskGetCurrentTaskHandle( void ) - //@ requires interruptState_p(?irpState); - //@ ensures interruptState_p(irpState) &*& false; + //@ requires interruptState_p(?coreID, ?irpState); + //@ ensures interruptState_p(coreID, irpState) &*& false; { TaskHandle_t xReturn; uint32_t ulState; @@ -5662,7 +5662,7 @@ void vTaskYieldWithinAPI( void ) #if ( portCRITICAL_NESTING_IN_TCB == 1 ) void vTaskEnterCritical( void ) - //@ requires interruptState_p(_) &*& unprotectedGlobalVars(); + //@ requires interruptState_p(?coreID, _) &*& unprotectedGlobalVars(); //@ ensures false; { portDISABLE_INTERRUPTS(); diff --git a/verification/verifast/preprocessed_files/tasks__pp.c b/verification/verifast/preprocessed_files/tasks__pp.c index 5ff041e64cc..dfded40179f 100644 --- a/verification/verifast/preprocessed_files/tasks__pp.c +++ b/verification/verifast/preprocessed_files/tasks__pp.c @@ -67,40 +67,40 @@ typedef intptr_t ptrdiff_t; typedef intptr_t ssize_t; // # 5 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/malloc.h" 2 -/*@ - -// In Standard C, freeing a null pointer is allowed and is a no-op. -lemma_auto void malloc_block_null(); - requires emp; - ensures malloc_block(0, 0); - -lemma void malloc_block_limits(void *array); - requires [?f]malloc_block(array, ?size); - ensures [f]malloc_block(array, size) &*& (void *)0 <= array &*& 0 <= size &*& array + size <= (void *)UINTPTR_MAX; - +/*@ + +// In Standard C, freeing a null pointer is allowed and is a no-op. +lemma_auto void malloc_block_null(); + requires emp; + ensures malloc_block(0, 0); + +lemma void malloc_block_limits(void *array); + requires [?f]malloc_block(array, ?size); + ensures [f]malloc_block(array, size) &*& (void *)0 <= array &*& 0 <= size &*& array + size <= (void *)UINTPTR_MAX; + @*/ void *malloc(size_t size); //@ requires true; - /*@ - ensures - result == 0 ? - emp - : - chars_(result, size, _) &*& malloc_block(result, size) &*& - (char *)0 < result && result + size <= (char *)UINTPTR_MAX; // one-past-end does not overflow + /*@ + ensures + result == 0 ? + emp + : + chars_(result, size, _) &*& malloc_block(result, size) &*& + (char *)0 < result && result + size <= (char *)UINTPTR_MAX; // one-past-end does not overflow @*/ //@ terminates; void *calloc(size_t nmemb, size_t size); //@ requires true; - /*@ - ensures - result == 0 ? - emp - : - chars(result, nmemb * size, ?cs) &*& malloc_block(result, nmemb * size) &*& all_eq(cs, 0) == true &*& - (char *)0 < result && result + nmemb * size <= (char *)UINTPTR_MAX; // one-past-end does not overflow + /*@ + ensures + result == 0 ? + emp + : + chars(result, nmemb * size, ?cs) &*& malloc_block(result, nmemb * size) &*& all_eq(cs, 0) == true &*& + (char *)0 < result && result + nmemb * size <= (char *)UINTPTR_MAX; // one-past-end does not overflow @*/ //@ terminates; @@ -111,16 +111,16 @@ void free(void *array); void *realloc(void *array, size_t newSize); //@ requires malloc_block(array, ?size) &*& chars(array, size, ?cs); - /*@ - ensures - result == 0 ? - malloc_block(array, size) &*& chars(array, size, cs) - : - malloc_block(result, newSize) &*& - newSize <= size ? - chars(result, _, take(newSize, cs)) - : - chars(result, _, cs) &*& chars(result + size, newSize - size, _); + /*@ + ensures + result == 0 ? + malloc_block(array, size) &*& chars(array, size, cs) + : + malloc_block(result, newSize) &*& + newSize <= size ? + chars(result, _, take(newSize, cs)) + : + chars(result, _, cs) &*& chars(result + size, newSize - size, _); @*/ //@ terminates; // # 6 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdlib.h" 2 @@ -165,21 +165,21 @@ void memcpy(void *array, void *array0, size_t count); //@ ensures chars(array, count, cs0) &*& [f]chars(array0, count, cs0); void memmove(void *dest, void *src, size_t count); - /*@ - requires - chars(src, count, ?cs) &*& - dest <= src ? - chars(dest, src - dest, _) - : - chars(src + count, dest - src, _); + /*@ + requires + chars(src, count, ?cs) &*& + dest <= src ? + chars(dest, src - dest, _) + : + chars(src + count, dest - src, _); @*/ - /*@ - ensures - chars(dest, count, cs) &*& - dest <= src ? - chars(dest + count, src - dest, _) - : - chars(src, dest - src, _); + /*@ + ensures + chars(dest, count, cs) &*& + dest <= src ? + chars(dest + count, src - dest, _) + : + chars(src, dest - src, _); @*/ size_t strlen(char *string); @@ -200,15 +200,15 @@ char *memchr(char *array, char c, size_t count); char* strchr(char *str, char c); //@ requires [?f]string(str, ?cs); - /*@ ensures - [f]string(str, cs) &*& - c == 0 ? - result == str + length(cs) - : - result == 0 ? - mem(c, cs) == false - : - mem(c, cs) == true &*& result == str + index_of(c, cs); + /*@ ensures + [f]string(str, cs) &*& + c == 0 ? + result == str + length(cs) + : + result == 0 ? + mem(c, cs) == false + : + mem(c, cs) == true &*& result == str + index_of(c, cs); @*/ void* memset(void *array, char value, size_t size); @@ -555,33 +555,33 @@ typedef void (* TaskFunction_t)( void * ); * must be set in the compiler's include path. */ // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 1 -/* - * FreeRTOS SMP Kernel V202110.00 - * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. - * Copyright (c) 2021 Raspberry Pi (Trading) Ltd. - * - * SPDX-License-Identifier: MIT AND BSD-3-Clause - * - * Permission is hereby granted, free of charge, to any person obtaining a copy of - * this software and associated documentation files (the "Software"), to deal in - * the Software without restriction, including without limitation the rights to - * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of - * the Software, and to permit persons to whom the Software is furnished to do so, - * subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS - * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR - * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER - * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - * - * https://www.FreeRTOS.org - * https://github.com/FreeRTOS - * +/* + * FreeRTOS SMP Kernel V202110.00 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright (c) 2021 Raspberry Pi (Trading) Ltd. + * + * SPDX-License-Identifier: MIT AND BSD-3-Clause + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * https://www.FreeRTOS.org + * https://github.com/FreeRTOS + * */ // # 37 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico.h" 1 @@ -4290,14 +4290,14 @@ int spin_lock_claim_unused(bool required); bool spin_lock_is_claimed(uint lock_num); // # 39 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 2 -/*----------------------------------------------------------- - * Port specific definitions. - * - * The settings in this file configure FreeRTOS correctly for the - * given hardware and compiler. - * - * These settings should not be altered. - *----------------------------------------------------------- +/*----------------------------------------------------------- + * Port specific definitions. + * + * The settings in this file configure FreeRTOS correctly for the + * given hardware and compiler. + * + * These settings should not be altered. + *----------------------------------------------------------- */ /* Type definitions. */ @@ -4313,7 +4313,7 @@ bool spin_lock_is_claimed(uint lock_num); typedef uint32_t TickType_t; -/* 32-bit tick type on a 32-bit architecture, so reads of the tick count do +/* 32-bit tick type on a 32-bit architecture, so reads of the tick count do * not need to be guarded with a critical section. */ @@ -4324,13 +4324,13 @@ bool spin_lock_is_claimed(uint lock_num); - /* Reason for rewrite: VeriFast does not support the attriibute `used`. + /* Reason for rewrite: VeriFast does not support the attriibute `used`. */ - /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config, + /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config, * as our FreeRTOSConfig.h header cannot be included by ASM code - which is what this affects in the SDK */ @@ -4395,11 +4395,11 @@ bool spin_lock_is_claimed(uint lock_num); - /* Note this is a single method with uxAcquire parameter since we have - * static vars, the method is always called with a compile time constant for + /* Note this is a single method with uxAcquire parameter since we have + * static vars, the method is always called with a compile time constant for * uxAcquire, and the compiler should dothe right thing! */ - /* Reason for rewrite: VeriFast does not support local static variables. + /* Reason for rewrite: VeriFast does not support local static variables. */ // # 226 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" /*-----------------------------------------------------------*/ @@ -10342,29 +10342,36 @@ bool assert_fct(bool b, const char*) /* FreeRTOS core id is always zero based.*/ static uint VF__get_core_num(void); //@ requires true; -//@ ensures result < configNUM_CORES; - +/*@ ensures 0 <= result &*& result < configNUM_CORES &*& + result == coreID_f(); +@*/ -/*@ -predicate interruptState_p(uint32_t); +/*@ +// Allow reference to core id in proofs. +fixpoint uint coreID_f(); -fixpoint bool interruptsEnabled_f(uint32_t); +lemma void coreID_f_range(); +requires true; +ensures 0 <= coreID_f() &*& coreID_f() < configNUM_CORES; @*/ + + + uint32_t VF__portDISABLE_INTERRUPTS(); -//@ requires interruptState_p(?state); +//@ requires interruptState_p(?coreID, ?state); /*@ ensures result == state &*& - interruptState_p(?newState) &*& - !interruptsEnabled_f(newState); + interruptState_p(coreID, ?newState) &*& + interruptsDisabled_f(newState) == true; @*/ void VF__portRESTORE_INTERRUPTS(uint32_t state); -//@ requires interruptState_p(_); -/*@ ensures interruptState_p(state); +//@ requires interruptState_p(?coreID, _); +/*@ ensures interruptState_p(coreID, state); @*/ @@ -10399,19 +10406,42 @@ predicate otherGlobalVars() = &*& integer_(&xPendedTicks, sizeof(TickType_t), false, _) &*& - integers_(&xYieldPendings, sizeof(BaseType_t), true, 1, _) + integers_(&xYieldPendings, sizeof(BaseType_t), true, configNUM_CORES, _) &*& integer_(&uxTaskNumber, sizeof(UBaseType_t), false, _) &*& integer_(&xNextTaskUnblockTime, sizeof(TickType_t), false, _) &*& - pointers(&xIdleTaskHandle, 1, _); + pointers(&xIdleTaskHandle, configNUM_CORES, _); predicate unprotectedGlobalVars() = [_] integer_(&xSchedulerRunning, sizeof(BaseType_t), true, _); + + +@*/ + + + +/* ---------------------------------------------------------------------- + * Core local variables and access restrictions + */ + +/*@ +predicate interruptState_p(uint32_t coreID, uint32_t state); + +fixpoint bool interruptsDisabled_f(uint32_t); + +predicate coreLocalGlobalVars() = + pointer(&pxCurrentTCBs[coreID_f], _); + +predicate coreLocalLocked(uint32_t coreID); + +//lemma acquireCoreLocalPermissions(); +//requires interruptState_p @*/ + /* void vf_validate_lock_predicate() //@ requires module(tasks__pp, true); @@ -10420,7 +10450,9 @@ void vf_validate_lock_predicate() //@ open_module(); uxCurrentNumberOfTasks = 0; - //@ close tasks_global_vars(); + //@ coreID_f_range(); + //@ close coreLocalGlobalVars(); + ///@ close otherGlobalVars(); } */ // # 73 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 @@ -11546,7 +11578,7 @@ static void prvYieldForTask( TCB_t * pxTCB, // We assume that macro `configMAX_TASK_NAME_LEN` evaluates to 16. chars(pcName, 16, _) &*& *pxCreatedTask |-> _ &*& - interruptState_p(_) &*& + interruptState_p(?coreID, _) &*& unprotectedGlobalVars(); @*/ //@ ensures true; @@ -11893,7 +11925,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, /*-----------------------------------------------------------*/ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) -/*@ requires interruptState_p(_) &*& +/*@ requires interruptState_p(?coreID, _) &*& unprotectedGlobalVars(); @*/ /*@ ensures true; @@ -14593,14 +14625,13 @@ static void prvResetNextTaskUnblockTime( void ) TaskHandle_t xTaskGetCurrentTaskHandle( void ) - //@ requires interruptState_p(?irpState); - //@ ensures interruptState_p(irpState) &*& false; + //@ requires interruptState_p(?coreID, ?irpState); + //@ ensures interruptState_p(coreID, irpState) &*& false; { TaskHandle_t xReturn; uint32_t ulState; ulState = VF__portDISABLE_INTERRUPTS(); - //@ assert( configNUM_CORES == 13 ); xReturn = pxCurrentTCBs[ VF__get_core_num() ]; VF__portRESTORE_INTERRUPTS(ulState); @@ -14972,7 +15003,7 @@ void vTaskYieldWithinAPI( void ) void vTaskEnterCritical( void ) - //@ requires interruptState_p(_) &*& unprotectedGlobalVars(); + //@ requires interruptState_p(?coreID, _) &*& unprotectedGlobalVars(); //@ ensures false; { VF__portDISABLE_INTERRUPTS(); diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/verification/verifast/proof/verifast_lock_predicates.h index 6d1d3b6957b..ed39a57430b 100644 --- a/verification/verifast/proof/verifast_lock_predicates.h +++ b/verification/verifast/proof/verifast_lock_predicates.h @@ -17,19 +17,42 @@ predicate otherGlobalVars() = &*& integer_(&xPendedTicks, sizeof(TickType_t), false, _) &*& - integers_(&xYieldPendings, sizeof(BaseType_t), true, 1, _) + integers_(&xYieldPendings, sizeof(BaseType_t), true, configNUM_CORES, _) &*& integer_(&uxTaskNumber, sizeof(UBaseType_t), false, _) &*& integer_(&xNextTaskUnblockTime, sizeof(TickType_t), false, _) &*& - pointers(&xIdleTaskHandle, 1, _); + pointers(&xIdleTaskHandle, configNUM_CORES, _); predicate unprotectedGlobalVars() = [_] integer_(&xSchedulerRunning, sizeof(BaseType_t), true, _); + + @*/ + +/* ---------------------------------------------------------------------- + * Core local variables and access restrictions + */ + +/*@ +predicate interruptState_p(uint32_t coreID, uint32_t state); + +fixpoint bool interruptsDisabled_f(uint32_t); + +predicate coreLocalGlobalVars() = + pointer(&pxCurrentTCBs[coreID_f], _); + +predicate coreLocalLocked(uint32_t coreID); + +//lemma acquireCoreLocalPermissions(); +//requires interruptState_p +@*/ + + + /* void vf_validate_lock_predicate() //@ requires module(tasks__pp, true); @@ -38,8 +61,13 @@ void vf_validate_lock_predicate() //@ open_module(); uxCurrentNumberOfTasks = 0; - //@ close tasks_global_vars(); + //@ coreID_f_range(); + //@ close coreLocalGlobalVars(); + ///@ close otherGlobalVars(); } */ + + + #endif /* VERIFAST_LOCK_PREDICATES_H */ \ No newline at end of file diff --git a/verification/verifast/proof/verifast_port_contracts.h b/verification/verifast/proof/verifast_port_contracts.h index 82171e9ecfc..5ad986808ad 100644 --- a/verification/verifast/proof/verifast_port_contracts.h +++ b/verification/verifast/proof/verifast_port_contracts.h @@ -12,29 +12,36 @@ /* FreeRTOS core id is always zero based.*/ static uint VF__get_core_num(void); //@ requires true; -//@ ensures result < configNUM_CORES; - +/*@ ensures 0 <= result &*& result < configNUM_CORES &*& + result == coreID_f(); +@*/ -/*@ -predicate interruptState_p(uint32_t); +/*@ +// Allow reference to core id in proofs. +fixpoint uint coreID_f(); -fixpoint bool interruptsEnabled_f(uint32_t); +lemma void coreID_f_range(); +requires true; +ensures 0 <= coreID_f() &*& coreID_f() < configNUM_CORES; @*/ + + + #undef portDISABLE_INTERRUPTS #define portDISABLE_INTERRUPTS VF__portDISABLE_INTERRUPTS uint32_t VF__portDISABLE_INTERRUPTS(); -//@ requires interruptState_p(?state); +//@ requires interruptState_p(?coreID, ?state); /*@ ensures result == state &*& - interruptState_p(?newState) &*& - !interruptsEnabled_f(newState); + interruptState_p(coreID, ?newState) &*& + interruptsDisabled_f(newState) == true; @*/ #undef portRESTORE_INTERRUPTS #define portRESTORE_INTERRUPTS(ulState) VF__portRESTORE_INTERRUPTS(ulState) void VF__portRESTORE_INTERRUPTS(uint32_t state); -//@ requires interruptState_p(_); -/*@ ensures interruptState_p(state); +//@ requires interruptState_p(?coreID, _); +/*@ ensures interruptState_p(coreID, state); @*/ #undef portGET_TASK_LOCK From c4f5c09a8130dcee7d624491e914a1db84db488e Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Mon, 7 Nov 2022 14:34:54 -0500 Subject: [PATCH 093/289] Altered config to ensure that we don't accidentally rely on a concrete small number of cores. --- verification/verifast/proof_setup/FreeRTOSConfig.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/verification/verifast/proof_setup/FreeRTOSConfig.h b/verification/verifast/proof_setup/FreeRTOSConfig.h index 8d80c36986f..1d4e280209c 100644 --- a/verification/verifast/proof_setup/FreeRTOSConfig.h +++ b/verification/verifast/proof_setup/FreeRTOSConfig.h @@ -104,7 +104,7 @@ */ /* SMP port only */ -#define configNUM_CORES 1 +#define configNUM_CORES 100 #define configTICK_CORE 1 #define configRUN_MULTIPLE_PRIORITIES 1 From 9fa8c764479d3ee8bdbd436e58af682f2309efa8 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Mon, 7 Nov 2022 14:40:08 -0500 Subject: [PATCH 094/289] Paused partial proof for `xTaskCreate`. --- tasks.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/tasks.c b/tasks.c index ed3664d5718..ba0c7b3bd14 100644 --- a/tasks.c +++ b/tasks.c @@ -1431,6 +1431,12 @@ static void prvYieldForTask( TCB_t * pxTCB, } #endif + /* TODO: Continue proof + * For now we stop verification here and concentrate on new + * verification target. + */ + //@ assume(false); + prvAddNewTaskToReadyList( pxNewTCB ); xReturn = pdPASS; } @@ -1876,10 +1882,10 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, /*-----------------------------------------------------------*/ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) -/*@ requires interruptState_p(?coreID, _) &*& +/*//@ requires interruptState_p(?coreID, _) &*& unprotectedGlobalVars(); @*/ -/*@ ensures true; +/*//@ ensures true; @*/ { /* Ensure interrupts don't access the task lists while the lists are being @@ -5284,8 +5290,8 @@ static void prvResetNextTaskUnblockTime( void ) #if ( ( INCLUDE_xTaskGetCurrentTaskHandle == 1 ) || ( configUSE_MUTEXES == 1 ) ) TaskHandle_t xTaskGetCurrentTaskHandle( void ) - //@ requires interruptState_p(?coreID, ?irpState); - //@ ensures interruptState_p(coreID, irpState) &*& false; + ///@ requires interruptState_p(?coreID, ?irpState); + ///@ ensures interruptState_p(coreID, irpState) &*& false; { TaskHandle_t xReturn; uint32_t ulState; @@ -5662,8 +5668,8 @@ void vTaskYieldWithinAPI( void ) #if ( portCRITICAL_NESTING_IN_TCB == 1 ) void vTaskEnterCritical( void ) - //@ requires interruptState_p(?coreID, _) &*& unprotectedGlobalVars(); - //@ ensures false; + ///@ requires interruptState_p(?coreID, _) &*& unprotectedGlobalVars(); + ///@ ensures false; { portDISABLE_INTERRUPTS(); //@ open unprotectedGlobalVars(); From 3d4ad64692dd610326cc7a23703d5c8d3cf79e31 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Mon, 7 Nov 2022 14:42:11 -0500 Subject: [PATCH 095/289] Switched to new verification target `vTaskSwitchContext`. --- tasks.c | 2 + .../verifast/preprocessed_files/tasks__pp.c | 227 +++++++++++------- 2 files changed, 148 insertions(+), 81 deletions(-) diff --git a/tasks.c b/tasks.c index ba0c7b3bd14..efbe88dee8b 100644 --- a/tasks.c +++ b/tasks.c @@ -4152,6 +4152,8 @@ BaseType_t xTaskIncrementTick( void ) /*-----------------------------------------------------------*/ void vTaskSwitchContext( BaseType_t xCoreID ) +//@ requires 0 <= xCoreID &*& xCoreID < configNUM_CORES; +//@ ensures true; { /* Acquire both locks: * - The ISR lock protects the ready list from simultaneous access by diff --git a/verification/verifast/preprocessed_files/tasks__pp.c b/verification/verifast/preprocessed_files/tasks__pp.c index dfded40179f..b4dca90248b 100644 --- a/verification/verifast/preprocessed_files/tasks__pp.c +++ b/verification/verifast/preprocessed_files/tasks__pp.c @@ -1448,7 +1448,20 @@ typedef struct { * sleep_ms/sleep_us/sleep_until will work correctly when called from FreeRTOS * tasks, and will actually block at the FreeRTOS level */ -// # 74 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/rp2040_config.h" + + + + + + + + /* configTICK_CORE indicates which core should handle the SysTick + * interrupts */ + + + + + /* This SMP port requires two spin locks, which are claimed from the SDK. * the spin lock numbers to be used are defined statically and defaulted here * to the values nominally set aside for RTOS by the SDK */ @@ -11084,7 +11097,7 @@ typedef tskTCB TCB_t; /*lint -save -e956 A manual analysis and inspection has been used to determine * which static variables must be declared volatile. */ - TCB_t * volatile pxCurrentTCBs[ 1 ] = { 0 }; + TCB_t * volatile pxCurrentTCBs[ 100 ] = { 0 }; /* Lists for ready and blocked tasks. -------------------- @@ -11123,11 +11136,11 @@ typedef tskTCB TCB_t; static volatile UBaseType_t uxTopReadyPriority = ( ( UBaseType_t ) 0U ); static volatile BaseType_t xSchedulerRunning = ( ( char ) 0 ); static volatile TickType_t xPendedTicks = ( TickType_t ) 0U; - static volatile BaseType_t xYieldPendings[ 1 ] = { ( ( char ) 0 ) }; + static volatile BaseType_t xYieldPendings[ 100 ] = { ( ( char ) 0 ) }; static volatile BaseType_t xNumOfOverflows = ( BaseType_t ) 0; static UBaseType_t uxTaskNumber = ( UBaseType_t ) 0U; static volatile TickType_t xNextTaskUnblockTime = ( TickType_t ) 0U; /* Initialised to portMAX_DELAY before the scheduler starts. */ - static TaskHandle_t xIdleTaskHandle[ 1 ] = { 0 }; /*< Holds the handle of the idle task. The idle task is created automatically when the scheduler is started. */ + static TaskHandle_t xIdleTaskHandle[ 100 ] = { 0 }; /*< Holds the handle of the idle task. The idle task is created automatically when the scheduler is started. */ @@ -11214,7 +11227,7 @@ static void prvInitialiseTaskLists( void ) ; */ static void prvIdleTask( void * pvParameters ) ; - + static void prvMinimalIdleTask( void * pvParameters ) ; /* @@ -11355,11 +11368,11 @@ static void prvYieldCore( BaseType_t xCoreID ) xYieldPendings[ xCoreID ] = ( ( char ) 1 ); } - - - - - + else + { + vYieldCore(xCoreID); + pxCurrentTCBs[ xCoreID ]->xTaskRunState = ( TaskRunning_t ) ( -2 ); + } } } @@ -11389,13 +11402,13 @@ static void prvYieldForTask( TCB_t * pxTCB, --xLowestPriority; } - for( x = ( BaseType_t ) 0; x < ( BaseType_t ) 1; x++ ) + for( x = ( BaseType_t ) 0; x < ( BaseType_t ) 100; x++ ) { /* System idle tasks are being assigned a priority of tskIDLE_PRIORITY - 1 here */ xTaskPriority = ( BaseType_t ) pxCurrentTCBs[ x ]->uxPriority - pxCurrentTCBs[ x ]->xIsIdle; xTaskRunState = pxCurrentTCBs[ x ]->xTaskRunState; - if( ( ( ( 0 <= xTaskRunState ) && ( xTaskRunState < 1 ) ) != ( ( char ) 0 ) ) && ( xYieldPendings[ x ] == ( ( char ) 0 ) ) ) + if( ( ( ( 0 <= xTaskRunState ) && ( xTaskRunState < 100 ) ) != ( ( char ) 0 ) ) && ( xYieldPendings[ x ] == ( ( char ) 0 ) ) ) { if( xTaskPriority <= xLowestPriority ) { @@ -11426,7 +11439,7 @@ static void prvYieldForTask( TCB_t * pxTCB, } } - if( ( xYieldCount == 0 ) && ( ( BaseType_t ) ( ( 0 <= xLowestPriorityCore ) && ( xLowestPriorityCore < 1 ) ) ) ) + if( ( xYieldCount == 0 ) && ( ( BaseType_t ) ( ( 0 <= xLowestPriorityCore ) && ( xLowestPriorityCore < 100 ) ) ) ) { prvYieldCore( xLowestPriorityCore ); xYieldCount++; @@ -11552,7 +11565,7 @@ static void prvYieldForTask( TCB_t * pxTCB, uxCurrentPriority--; } - assert(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 1 ) )); + assert(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 100 ) )); // # 1095 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" return ( ( char ) 1 ); } @@ -11631,6 +11644,12 @@ static void prvYieldForTask( TCB_t * pxTCB, // # 1425 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" prvInitialiseNewTask( pxTaskCode, pcName, ( uint32_t ) usStackDepth, pvParameters, uxPriority, pxCreatedTask, pxNewTCB, 0 ); // # 1434 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" + /* TODO: Continue proof + * For now we stop verification here and concentrate on new + * verification target. + */ + //@ assume(false); + prvAddNewTaskToReadyList( pxNewTCB ); xReturn = ( ( ( char ) 1 ) ); } @@ -11671,7 +11690,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, { StackType_t * pxTopOfStack; UBaseType_t x; -// # 1491 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1497 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" //@ open uninit_TCB_p(_,_); /* Avoid dependency on memset() if it is not required. */ @@ -11714,7 +11733,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, * Hence, reasoning about the stack alignment below takes relatively * long. */ -// # 1549 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1555 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Axiomatise that no over- or underflow occurs. * We further assume that `portPOINTER_SIZE_TYPE` evaluates to * `uint32_t`. @@ -11731,7 +11750,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, pxTopOfStack = ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception. Avoiding casts between pointers and integers is not practical. Size differences accounted for using portPOINTER_SIZE_TYPE type. Checked by assert(). */ -// # 1577 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1583 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Axiomatize that alignmet check succeeds. * We further assume that `portPOINTER_SIZE_TYPE` evaluates to * `uint32_t`*/ @@ -11742,7 +11761,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, /* Check the alignment of the calculated top of stack is correct. */ assert(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )); -// # 1599 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1605 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Axiomatize that bit vector operations did not change stack * pointer. */ @@ -11757,9 +11776,9 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, //@ char* gUnalignedPtr = (char*) pxNewTCB->pxStack + gFreeBytes; //@ close unalignedRestOfStack_p(gUnalignedPtr, gUnalignedBytes); //@ close stack_p_2(pxNewTCB->pxStack, ulStackDepth, pxTopOfStack, gFreeBytes, 0, gUnalignedBytes); -// # 1622 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1628 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } -// # 1636 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1642 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Store the task name in the TCB. */ if( pcName != 0 ) { @@ -11833,7 +11852,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, { pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U; } -// # 1728 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1734 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { /* Avoid compiler warning about unreferenced parameter. */ ( void ) xRegions; @@ -11861,7 +11880,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) ); //@ chars_to_uchars(pxNewTCB->ucNotifyState); } -// # 1767 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1773 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { /* Reason for rewrite: Assignment not type safe. */ @@ -11870,17 +11889,17 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, } -// # 1790 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1796 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Initialize the TCB stack to look as if the task was already running, * but had been interrupted by the scheduler. The return address is set * to the start of the task function. Once the stack has been initialised * the top of stack variable is updated. */ -// # 1818 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1824 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { /* If the port has capability to detect stack overflow, * pass the stack end address to the stack initialization * function as well. */ -// # 1835 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 1841 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters ); } @@ -11898,10 +11917,10 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, } - - - - + else if( pxTaskCode == prvMinimalIdleTask ) + { + pxNewTCB->xIsIdle = ( ( char ) 1 ); + } else { @@ -11925,10 +11944,10 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, /*-----------------------------------------------------------*/ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) -/*@ requires interruptState_p(?coreID, _) &*& +/*//@ requires interruptState_p(?coreID, _) &*& unprotectedGlobalVars(); @*/ -/*@ ensures true; +/*//@ ensures true; @*/ { /* Ensure interrupts don't access the task lists while the lists are being @@ -11956,7 +11975,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) BaseType_t xCoreID; /* Check if a core is free. */ - for( xCoreID = ( UBaseType_t ) 0; xCoreID < ( UBaseType_t ) 1; xCoreID++ ) + for( xCoreID = ( UBaseType_t ) 0; xCoreID < ( UBaseType_t ) 100; xCoreID++ ) { if( pxCurrentTCBs[ xCoreID ] == 0 ) { @@ -12085,7 +12104,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) } /* Force a reschedule if the task that has just been deleted was running. */ - if( ( xSchedulerRunning != ( ( char ) 0 ) ) && ( ( ( 0 <= xTaskRunningOnCore ) && ( xTaskRunningOnCore < 1 ) ) ) ) + if( ( xSchedulerRunning != ( ( char ) 0 ) ) && ( ( ( 0 <= xTaskRunningOnCore ) && ( xTaskRunningOnCore < 100 ) ) ) ) { BaseType_t xCoreID; @@ -12333,7 +12352,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) { /* If the task is not in any other state, it must be in the * Ready (including pending ready) state. */ - if( ( ( 0 <= pxTCB->xTaskRunState ) && ( pxTCB->xTaskRunState < 1 ) ) ) + if( ( ( 0 <= pxTCB->xTaskRunState ) && ( pxTCB->xTaskRunState < 100 ) ) ) { /* Is it actively running on a core? */ eReturn = eRunning; @@ -12477,7 +12496,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) * perform a yield for this task later. */ xYieldForTask = ( ( char ) 1 ); } - else if( ( ( 0 <= pxTCB->xTaskRunState ) && ( pxTCB->xTaskRunState < 1 ) ) ) + else if( ( ( 0 <= pxTCB->xTaskRunState ) && ( pxTCB->xTaskRunState < 100 ) ) ) { /* Setting the priority of a running task down means * there may now be another task of higher priority that @@ -12591,13 +12610,13 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) /*-----------------------------------------------------------*/ -// # 2579 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 2585 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 2602 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 2608 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 2620 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 2626 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 2648 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 2654 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ @@ -12667,7 +12686,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) ; } - if( ( ( 0 <= xTaskRunningOnCore ) && ( xTaskRunningOnCore < 1 ) ) ) + if( ( ( 0 <= xTaskRunningOnCore ) && ( xTaskRunningOnCore < 100 ) ) ) { if( xSchedulerRunning != ( ( char ) 0 ) ) { @@ -12915,7 +12934,7 @@ static BaseType_t prvCreateIdleTasks( void ) char cIdleName[ 16 ]; /* Add each idle task at the lowest priority. */ - for( xCoreID = ( BaseType_t ) 0; xCoreID < ( BaseType_t ) 1; xCoreID++ ) + for( xCoreID = ( BaseType_t ) 0; xCoreID < ( BaseType_t ) 100; xCoreID++ ) { BaseType_t x; @@ -12964,7 +12983,7 @@ static BaseType_t prvCreateIdleTasks( void ) { ; } -// # 3061 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 3067 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { if( xCoreID == 0 ) { @@ -12976,7 +12995,18 @@ static BaseType_t prvCreateIdleTasks( void ) ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */ &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */ } -// # 3084 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" + + + else + { + xReturn = xTaskCreate( prvMinimalIdleTask, + cIdleName, + ( uint32_t ) 256, + ( void * ) 0, + ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */ + &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */ + } + } } @@ -13013,7 +13043,7 @@ void vTaskStartScheduler( void ) * so interrupts will automatically get re-enabled when the first task * starts to run. */ VF__portDISABLE_INTERRUPTS(); -// # 3134 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 3140 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL; xSchedulerRunning = ( ( char ) 1 ); xTickCount = ( TickType_t ) 0; @@ -13110,7 +13140,7 @@ void vTaskSuspendAll( void ) } } /*----------------------------------------------------------*/ -// # 3292 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 3298 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*----------------------------------------------------------*/ BaseType_t xTaskResumeAll( void ) @@ -13480,7 +13510,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char * each task in the Suspended state. */ uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended ); } -// # 3675 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 3681 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { if( pulTotalRunTime != 0 ) { @@ -13519,7 +13549,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char * This is to ensure vTaskStepTick() is available when user defined low power mode * implementations require configUSE_TICKLESS_IDLE to be set to a value other than * 1. */ -// # 3726 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 3732 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*----------------------------------------------------------*/ BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp ) @@ -13620,7 +13650,7 @@ BaseType_t xTaskIncrementTick( void ) UBaseType_t x; - BaseType_t xCoreYieldList[ 1 ] = { ( ( char ) 0 ) }; + BaseType_t xCoreYieldList[ 100 ] = { ( ( char ) 0 ) }; vTaskEnterCritical(); @@ -13734,7 +13764,7 @@ BaseType_t xTaskIncrementTick( void ) /* TODO: There are certainly better ways of doing this that would reduce * the number of interrupts and also potentially help prevent tasks from * moving between cores as often. This, however, works for now. */ - for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) 1; x++ ) + for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) 100; x++ ) { if( ( ( &( pxReadyTasksLists[ pxCurrentTCBs[ x ]->uxPriority ] ) )->uxNumberOfItems ) > ( UBaseType_t ) 1 ) { @@ -13765,7 +13795,7 @@ BaseType_t xTaskIncrementTick( void ) { - for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) 1; x++ ) + for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) 100; x++ ) { if( xYieldPendings[ x ] != ( ( char ) 0 ) ) { @@ -13785,7 +13815,7 @@ BaseType_t xTaskIncrementTick( void ) xCoreID = VF__get_core_num(); - for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) 1; x++ ) + for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) 100; x++ ) { @@ -13829,16 +13859,18 @@ BaseType_t xTaskIncrementTick( void ) return xSwitchRequired; } /*-----------------------------------------------------------*/ -// # 4064 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4070 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 4088 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4094 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 4113 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4119 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 4146 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4152 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ void vTaskSwitchContext( BaseType_t xCoreID ) +//@ requires 0 <= xCoreID &*& xCoreID < configNUM_CORES; +//@ ensures true; { /* Acquire both locks: * - The ISR lock protects the ready list from simultaneous access by @@ -13865,7 +13897,7 @@ void vTaskSwitchContext( BaseType_t xCoreID ) { xYieldPendings[ xCoreID ] = ( ( char ) 0 ); ; -// # 4204 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4212 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Check for stack overflow, if configured. */ { const uint32_t * pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } }; @@ -13882,7 +13914,7 @@ void vTaskSwitchContext( BaseType_t xCoreID ) ; /* After the new task is switched in, update the global errno. */ -// # 4238 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4246 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } } vPortRecursiveLock(0, spin_lock_instance(14), ( ( char ) 0 )); @@ -13995,7 +14027,7 @@ BaseType_t xTaskRemoveFromEventList( const List_t * pxEventList ) { ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) ); ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ; -// # 4364 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4372 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } else { @@ -14035,7 +14067,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem, pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ assert(pxUnblockedTCB); ( void ) uxListRemove( pxEventListItem ); -// # 4418 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4426 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Remove the task from the delayed list and add it to the ready list. The * scheduler is suspended so interrupts will not be accessing the ready * lists. */ @@ -14200,7 +14232,40 @@ void vTaskMissedYield( void ) * * @todo additional conditional compiles to remove this function. */ -// # 4642 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" + + + static void prvMinimalIdleTask( void * pvParameters ) + { + vPortYield(); + + for( ; ; ) + { +// # 4609 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" + { + /* When using preemption tasks of equal priority will be + * timesliced. If a task that is sharing the idle priority is ready + * to run then the idle task should yield before the end of the + * timeslice. + * + * A critical region is not required here as we are just reading from + * the list, and an occasional incorrect value will not matter. If + * the ready list at the idle priority contains one more task than the + * number of idle tasks, which is equal to the configured numbers of cores + * then a task other than the idle task is ready to execute. */ + if( ( ( &( pxReadyTasksLists[ ( ( UBaseType_t ) 0U ) ] ) )->uxNumberOfItems ) > ( UBaseType_t ) 100 ) + { + vPortYield(); + } + else + { + ; + } + } +// # 4646 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" + } + } + + /* * ----------------------------------------------------------- * The Idle task. @@ -14230,7 +14295,7 @@ static void prvIdleTask( void * pvParameters ) /* See if any tasks have deleted themselves - if so then the idle task * is responsible for freeing the deleted task's TCB and stack. */ prvCheckTasksWaitingTermination(); -// # 4683 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4691 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { /* When using preemption tasks of equal priority will be * timesliced. If a task that is sharing the idle priority is ready @@ -14242,7 +14307,7 @@ static void prvIdleTask( void * pvParameters ) * the ready list at the idle priority contains one more task than the * number of idle tasks, which is equal to the configured numbers of cores * then a task other than the idle task is ready to execute. */ - if( ( ( &( pxReadyTasksLists[ ( ( UBaseType_t ) 0U ) ] ) )->uxNumberOfItems ) > ( UBaseType_t ) 1 ) + if( ( ( &( pxReadyTasksLists[ ( ( UBaseType_t ) 0U ) ] ) )->uxNumberOfItems ) > ( UBaseType_t ) 100 ) { vPortYield(); } @@ -14251,16 +14316,16 @@ static void prvIdleTask( void * pvParameters ) ; } } -// # 4719 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4727 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* This conditional compilation should use inequality to 0, not equality * to 1. This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when * user defined low power mode implementations require * configUSE_TICKLESS_IDLE to be set to a value other than 1. */ -// # 4784 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4792 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } } /*-----------------------------------------------------------*/ -// # 4834 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4842 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ @@ -14305,7 +14370,7 @@ static void prvIdleTask( void * pvParameters ) /*-----------------------------------------------------------*/ -// # 4894 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4902 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ static void prvInitialiseTaskLists( void ) @@ -14407,7 +14472,7 @@ static void prvCheckTasksWaitingTermination( void ) { pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority; } -// # 5006 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5014 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { pxTaskStatus->ulRunTimeCounter = 0; } @@ -14418,7 +14483,7 @@ static void prvCheckTasksWaitingTermination( void ) * state is just set to whatever is passed in. */ if( eState != eInvalid ) { - if( ( ( 0 <= pxTCB->xTaskRunState ) && ( pxTCB->xTaskRunState < 1 ) ) ) + if( ( ( 0 <= pxTCB->xTaskRunState ) && ( pxTCB->xTaskRunState < 100 ) ) ) { pxTaskStatus->eCurrentState = eRunning; } @@ -14538,7 +14603,7 @@ static void prvCheckTasksWaitingTermination( void ) /*-----------------------------------------------------------*/ -// # 5175 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5183 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ @@ -14595,7 +14660,7 @@ static void prvCheckTasksWaitingTermination( void ) free( (void*) pxTCB->pxStack); free( (void*) pxTCB); } -// # 5258 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5266 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } @@ -14625,8 +14690,8 @@ static void prvResetNextTaskUnblockTime( void ) TaskHandle_t xTaskGetCurrentTaskHandle( void ) - //@ requires interruptState_p(?coreID, ?irpState); - //@ ensures interruptState_p(coreID, irpState) &*& false; + ///@ requires interruptState_p(?coreID, ?irpState); + ///@ ensures interruptState_p(coreID, irpState) &*& false; { TaskHandle_t xReturn; uint32_t ulState; @@ -14642,7 +14707,7 @@ static void prvResetNextTaskUnblockTime( void ) { TaskHandle_t xReturn = 0; - if( ( ( BaseType_t ) ( ( 0 <= xCoreID ) && ( xCoreID < 1 ) ) ) != ( ( char ) 0 ) ) + if( ( ( BaseType_t ) ( ( 0 <= xCoreID ) && ( xCoreID < 100 ) ) ) != ( ( char ) 0 ) ) { xReturn = pxCurrentTCBs[ xCoreID ]; } @@ -15003,8 +15068,8 @@ void vTaskYieldWithinAPI( void ) void vTaskEnterCritical( void ) - //@ requires interruptState_p(?coreID, _) &*& unprotectedGlobalVars(); - //@ ensures false; + ///@ requires interruptState_p(?coreID, _) &*& unprotectedGlobalVars(); + ///@ ensures false; { VF__portDISABLE_INTERRUPTS(); //@ open unprotectedGlobalVars(); @@ -15100,11 +15165,11 @@ void vTaskYieldWithinAPI( void ) /*-----------------------------------------------------------*/ -// # 5788 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5796 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 5894 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5902 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*----------------------------------------------------------*/ -// # 6021 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 6029 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ TickType_t uxTaskResetEventItemValue( void ) @@ -15378,7 +15443,7 @@ TickType_t uxTaskResetEventItemValue( void ) /* The task should not have been on an event list. */ assert(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0); -// # 6312 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 6320 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { prvYieldForTask( pxTCB, ( ( char ) 0 ) ); } @@ -15672,7 +15737,7 @@ TickType_t uxTaskResetEventItemValue( void ) /*-----------------------------------------------------------*/ -// # 6621 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 6629 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait, @@ -15748,7 +15813,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait, } } } -// # 6733 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 6741 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } /* Code below here allows additional code to be inserted into this source file, From 7e75d7aa8f3c8b143b2f39dee6c6b41d3ccf9ae9 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 10 Nov 2022 12:50:48 -0500 Subject: [PATCH 096/289] Refined lock predicates and contracts for lock macros to match expected locking discipline. --- tasks.c | 7 +- .../verifast/preprocessed_files/tasks__pp.c | 356 +++++++++++------- .../verifast/proof/nathan/list_predicates.h | 9 +- .../verifast/proof/verifast_lock_predicates.h | 82 +++- .../verifast/proof/verifast_port_contracts.h | 10 +- 5 files changed, 326 insertions(+), 138 deletions(-) diff --git a/tasks.c b/tasks.c index efbe88dee8b..cafebf3857b 100644 --- a/tasks.c +++ b/tasks.c @@ -4152,7 +4152,11 @@ BaseType_t xTaskIncrementTick( void ) /*-----------------------------------------------------------*/ void vTaskSwitchContext( BaseType_t xCoreID ) -//@ requires 0 <= xCoreID &*& xCoreID < configNUM_CORES; +/*@ requires 0 <= xCoreID &*& xCoreID < configNUM_CORES &*& + locked(nil) &*& + [?f_ISR]isrLock() &*& + [?f_task]taskLock(); +@*/ //@ ensures true; { /* Acquire both locks: @@ -4165,6 +4169,7 @@ void vTaskSwitchContext( BaseType_t xCoreID ) portGET_TASK_LOCK(); /* Must always acquire the task lock first */ portGET_ISR_LOCK(); + //@ get_taskISRLockInv(); { /* vTaskSwitchContext() must never be called from within a critical section. * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */ diff --git a/verification/verifast/preprocessed_files/tasks__pp.c b/verification/verifast/preprocessed_files/tasks__pp.c index b4dca90248b..85838c49f18 100644 --- a/verification/verifast/preprocessed_files/tasks__pp.c +++ b/verification/verifast/preprocessed_files/tasks__pp.c @@ -67,40 +67,40 @@ typedef intptr_t ptrdiff_t; typedef intptr_t ssize_t; // # 5 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/malloc.h" 2 -/*@ - -// In Standard C, freeing a null pointer is allowed and is a no-op. -lemma_auto void malloc_block_null(); - requires emp; - ensures malloc_block(0, 0); - -lemma void malloc_block_limits(void *array); - requires [?f]malloc_block(array, ?size); - ensures [f]malloc_block(array, size) &*& (void *)0 <= array &*& 0 <= size &*& array + size <= (void *)UINTPTR_MAX; - +/*@ + +// In Standard C, freeing a null pointer is allowed and is a no-op. +lemma_auto void malloc_block_null(); + requires emp; + ensures malloc_block(0, 0); + +lemma void malloc_block_limits(void *array); + requires [?f]malloc_block(array, ?size); + ensures [f]malloc_block(array, size) &*& (void *)0 <= array &*& 0 <= size &*& array + size <= (void *)UINTPTR_MAX; + @*/ void *malloc(size_t size); //@ requires true; - /*@ - ensures - result == 0 ? - emp - : - chars_(result, size, _) &*& malloc_block(result, size) &*& - (char *)0 < result && result + size <= (char *)UINTPTR_MAX; // one-past-end does not overflow + /*@ + ensures + result == 0 ? + emp + : + chars_(result, size, _) &*& malloc_block(result, size) &*& + (char *)0 < result && result + size <= (char *)UINTPTR_MAX; // one-past-end does not overflow @*/ //@ terminates; void *calloc(size_t nmemb, size_t size); //@ requires true; - /*@ - ensures - result == 0 ? - emp - : - chars(result, nmemb * size, ?cs) &*& malloc_block(result, nmemb * size) &*& all_eq(cs, 0) == true &*& - (char *)0 < result && result + nmemb * size <= (char *)UINTPTR_MAX; // one-past-end does not overflow + /*@ + ensures + result == 0 ? + emp + : + chars(result, nmemb * size, ?cs) &*& malloc_block(result, nmemb * size) &*& all_eq(cs, 0) == true &*& + (char *)0 < result && result + nmemb * size <= (char *)UINTPTR_MAX; // one-past-end does not overflow @*/ //@ terminates; @@ -111,16 +111,16 @@ void free(void *array); void *realloc(void *array, size_t newSize); //@ requires malloc_block(array, ?size) &*& chars(array, size, ?cs); - /*@ - ensures - result == 0 ? - malloc_block(array, size) &*& chars(array, size, cs) - : - malloc_block(result, newSize) &*& - newSize <= size ? - chars(result, _, take(newSize, cs)) - : - chars(result, _, cs) &*& chars(result + size, newSize - size, _); + /*@ + ensures + result == 0 ? + malloc_block(array, size) &*& chars(array, size, cs) + : + malloc_block(result, newSize) &*& + newSize <= size ? + chars(result, _, take(newSize, cs)) + : + chars(result, _, cs) &*& chars(result + size, newSize - size, _); @*/ //@ terminates; // # 6 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdlib.h" 2 @@ -165,21 +165,21 @@ void memcpy(void *array, void *array0, size_t count); //@ ensures chars(array, count, cs0) &*& [f]chars(array0, count, cs0); void memmove(void *dest, void *src, size_t count); - /*@ - requires - chars(src, count, ?cs) &*& - dest <= src ? - chars(dest, src - dest, _) - : - chars(src + count, dest - src, _); + /*@ + requires + chars(src, count, ?cs) &*& + dest <= src ? + chars(dest, src - dest, _) + : + chars(src + count, dest - src, _); @*/ - /*@ - ensures - chars(dest, count, cs) &*& - dest <= src ? - chars(dest + count, src - dest, _) - : - chars(src, dest - src, _); + /*@ + ensures + chars(dest, count, cs) &*& + dest <= src ? + chars(dest + count, src - dest, _) + : + chars(src, dest - src, _); @*/ size_t strlen(char *string); @@ -200,15 +200,15 @@ char *memchr(char *array, char c, size_t count); char* strchr(char *str, char c); //@ requires [?f]string(str, ?cs); - /*@ ensures - [f]string(str, cs) &*& - c == 0 ? - result == str + length(cs) - : - result == 0 ? - mem(c, cs) == false - : - mem(c, cs) == true &*& result == str + index_of(c, cs); + /*@ ensures + [f]string(str, cs) &*& + c == 0 ? + result == str + length(cs) + : + result == 0 ? + mem(c, cs) == false + : + mem(c, cs) == true &*& result == str + index_of(c, cs); @*/ void* memset(void *array, char value, size_t size); @@ -555,33 +555,33 @@ typedef void (* TaskFunction_t)( void * ); * must be set in the compiler's include path. */ // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 1 -/* - * FreeRTOS SMP Kernel V202110.00 - * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. - * Copyright (c) 2021 Raspberry Pi (Trading) Ltd. - * - * SPDX-License-Identifier: MIT AND BSD-3-Clause - * - * Permission is hereby granted, free of charge, to any person obtaining a copy of - * this software and associated documentation files (the "Software"), to deal in - * the Software without restriction, including without limitation the rights to - * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of - * the Software, and to permit persons to whom the Software is furnished to do so, - * subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS - * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR - * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER - * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - * - * https://www.FreeRTOS.org - * https://github.com/FreeRTOS - * +/* + * FreeRTOS SMP Kernel V202110.00 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * Copyright (c) 2021 Raspberry Pi (Trading) Ltd. + * + * SPDX-License-Identifier: MIT AND BSD-3-Clause + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * https://www.FreeRTOS.org + * https://github.com/FreeRTOS + * */ // # 37 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico.h" 1 @@ -4303,14 +4303,14 @@ int spin_lock_claim_unused(bool required); bool spin_lock_is_claimed(uint lock_num); // # 39 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 2 -/*----------------------------------------------------------- - * Port specific definitions. - * - * The settings in this file configure FreeRTOS correctly for the - * given hardware and compiler. - * - * These settings should not be altered. - *----------------------------------------------------------- +/*----------------------------------------------------------- + * Port specific definitions. + * + * The settings in this file configure FreeRTOS correctly for the + * given hardware and compiler. + * + * These settings should not be altered. + *----------------------------------------------------------- */ /* Type definitions. */ @@ -4326,7 +4326,7 @@ bool spin_lock_is_claimed(uint lock_num); typedef uint32_t TickType_t; -/* 32-bit tick type on a 32-bit architecture, so reads of the tick count do +/* 32-bit tick type on a 32-bit architecture, so reads of the tick count do * not need to be guarded with a critical section. */ @@ -4337,13 +4337,13 @@ bool spin_lock_is_claimed(uint lock_num); - /* Reason for rewrite: VeriFast does not support the attriibute `used`. + /* Reason for rewrite: VeriFast does not support the attriibute `used`. */ - /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config, + /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config, * as our FreeRTOSConfig.h header cannot be included by ASM code - which is what this affects in the SDK */ @@ -4408,11 +4408,11 @@ bool spin_lock_is_claimed(uint lock_num); - /* Note this is a single method with uxAcquire parameter since we have - * static vars, the method is always called with a compile time constant for + /* Note this is a single method with uxAcquire parameter since we have + * static vars, the method is always called with a compile time constant for * uxAcquire, and the compiler should dothe right thing! */ - /* Reason for rewrite: VeriFast does not support local static variables. + /* Reason for rewrite: VeriFast does not support local static variables. */ // # 226 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" /*-----------------------------------------------------------*/ @@ -10077,12 +10077,19 @@ predicate xLIST_ITEM( TickType_t xItemValue, struct xLIST_ITEM *pxNext, struct xLIST_ITEM *pxPrevious, - struct xLIST *pxContainer;) = + struct xLIST *pxContainer;) + = n->xItemValue |-> xItemValue &*& n->pxNext |-> pxNext &*& n->pxPrevious |-> pxPrevious &*& n->pvOwner |-> _ &*& n->pxContainer |-> pxContainer; + +// by Tobias Reinhard +predicate xList_gen(struct xLIST *l) = + l->uxNumberOfItems |-> _ &*& + l->pxIndex |-> _; + @*/ // # 6 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/task_predicates.h" 2 @@ -10389,20 +10396,27 @@ void VF__portRESTORE_INTERRUPTS(uint32_t state); -void VF__portGET_TaskLock(); -//@ requires false; -//@ ensures true; +void VF__portGET_TASK_LOCK(); +//@ requires [?f]taskLock() &*& locked(nil); +//@ ensures taskLockInv() &*& locked( cons( pair(f, taskLockID_f), nil) ); void VF__portGET_ISR_LOCK(); -//@ requires false; -//@ ensures true; +//@ requires [?f]isrLock() &*& locked(?heldLocks); +//@ ensures isrLockInv() &*& locked( cons( pair(f, isrLockID_f), heldLocks) ); // # 72 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 // # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/verifast_lock_predicates.h" 1 +/* We follow a minimalistic approach during the definition of the + * lock predicates. So far, the only encapsulate the resources and + * invariants required to verify `vTaskSwitchContext`. + * We are going to extend and refine them when we proceed to verify + * other parts of FRTOS. + */ + /*@ // We assume tha `configNUM_CORES` evaluates to 1. @@ -10454,6 +10468,77 @@ predicate coreLocalLocked(uint32_t coreID); @*/ +/* ---------------------------------------------------------------------- + * Predicates relevant for all locks + */ + +/*@ +predicate locked(list< pair > lockHistory); +@*/ + + + +/* ---------------------------------------------------------------------- + * Task lock and associated global variables from `tasks.c` + */ + +/*@ +fixpoint int taskLockID_f(); + +// Represents an acquired task lock. +predicate taskLock(); + +// Represents an acquired task lock. +// `f` is the fraction held for the unacquired lock. +//predicate taskLocked(real f); + +// Represents the invariant associated with the the task lock, i.e., +// access permissions to the resources protected by the lock. +predicate taskLockInv(); +@*/ + +/* ---------------------------------------------------------------------- + * ISR lock and associated global variables from `tasks.c` + */ + +/*@ +fixpoint int isrLockID_f(); + +// Represents an unacquired ISR lock. +predicate isrLock(); + +// Represents an acquired ISR lock. +// `f` is the fraction held for the unacquired lock. +predicate isrLocked(real f); + +// Represents the invariant associated with the the ISR lock, i.e., +// access permissions to the resources protected by the lock. +predicate isrLockInv() = + foreach(?vfReadyLists, xList_gen); +@*/ + + +/* ---------------------------------------------------------------------- + * Resources protected by both locks. + * Note that the task lock may never be acquired after the ISR lock. + */ + +/*@ +fixpoint int taskISRLockID_f(); + +predicate taskISRLockInv() = + integer_((int*) &uxSchedulerSuspended, sizeof(UBaseType_t), false, _); + + +lemma void get_taskISRLockInv(); +requires locked(?heldLocks) &*& + heldLocks == cons(?i, cons(?t, nil)) &*& + i == pair(?f_isr, isrLockID_f()) &*& + t == pair(?f_task, taskLockID_f()); +ensures locked( cons( pair(_, taskISRLockID_f()), heldLocks) ); +@*/ + + /* void vf_validate_lock_predicate() @@ -10463,8 +10548,8 @@ void vf_validate_lock_predicate() //@ open_module(); uxCurrentNumberOfTasks = 0; - //@ coreID_f_range(); - //@ close coreLocalGlobalVars(); + ///@ coreID_f_range(); + ///@ close coreLocalGlobalVars(); ///@ close otherGlobalVars(); } */ @@ -13869,7 +13954,11 @@ BaseType_t xTaskIncrementTick( void ) /*-----------------------------------------------------------*/ void vTaskSwitchContext( BaseType_t xCoreID ) -//@ requires 0 <= xCoreID &*& xCoreID < configNUM_CORES; +/*@ requires 0 <= xCoreID &*& xCoreID < configNUM_CORES &*& + locked(nil) &*& + [?f_ISR]isrLock() &*& + [?f_task]taskLock(); +@*/ //@ ensures true; { /* Acquire both locks: @@ -13882,10 +13971,19 @@ void vTaskSwitchContext( BaseType_t xCoreID ) VF__portGET_TASK_LOCK(); /* Must always acquire the task lock first */ VF__portGET_ISR_LOCK(); + //@ get_taskISRLockInv(); { /* vTaskSwitchContext() must never be called from within a critical section. * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */ - assert(xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0); + + /* Reason for rewrite: VeriFast cannot handle non-pure assertions. */ + { + UBaseType_t nesting = xTaskGetCurrentTaskHandle()->uxCriticalNesting; + assert(nesting == 0); + } + + + if( uxSchedulerSuspended != ( UBaseType_t ) ( ( char ) 0 ) ) { @@ -13897,7 +13995,7 @@ void vTaskSwitchContext( BaseType_t xCoreID ) { xYieldPendings[ xCoreID ] = ( ( char ) 0 ); ; -// # 4212 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4225 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Check for stack overflow, if configured. */ { const uint32_t * pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } }; @@ -13914,7 +14012,7 @@ void vTaskSwitchContext( BaseType_t xCoreID ) ; /* After the new task is switched in, update the global errno. */ -// # 4246 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4259 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } } vPortRecursiveLock(0, spin_lock_instance(14), ( ( char ) 0 )); @@ -14027,7 +14125,7 @@ BaseType_t xTaskRemoveFromEventList( const List_t * pxEventList ) { ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) ); ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ; -// # 4372 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4385 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } else { @@ -14067,7 +14165,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem, pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ assert(pxUnblockedTCB); ( void ) uxListRemove( pxEventListItem ); -// # 4426 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4439 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Remove the task from the delayed list and add it to the ready list. The * scheduler is suspended so interrupts will not be accessing the ready * lists. */ @@ -14240,7 +14338,7 @@ void vTaskMissedYield( void ) for( ; ; ) { -// # 4609 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4622 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { /* When using preemption tasks of equal priority will be * timesliced. If a task that is sharing the idle priority is ready @@ -14261,7 +14359,7 @@ void vTaskMissedYield( void ) ; } } -// # 4646 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4659 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } } @@ -14295,7 +14393,7 @@ static void prvIdleTask( void * pvParameters ) /* See if any tasks have deleted themselves - if so then the idle task * is responsible for freeing the deleted task's TCB and stack. */ prvCheckTasksWaitingTermination(); -// # 4691 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4704 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { /* When using preemption tasks of equal priority will be * timesliced. If a task that is sharing the idle priority is ready @@ -14316,16 +14414,16 @@ static void prvIdleTask( void * pvParameters ) ; } } -// # 4727 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4740 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* This conditional compilation should use inequality to 0, not equality * to 1. This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when * user defined low power mode implementations require * configUSE_TICKLESS_IDLE to be set to a value other than 1. */ -// # 4792 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4805 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } } /*-----------------------------------------------------------*/ -// # 4842 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4855 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ @@ -14370,7 +14468,7 @@ static void prvIdleTask( void * pvParameters ) /*-----------------------------------------------------------*/ -// # 4902 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4915 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ static void prvInitialiseTaskLists( void ) @@ -14472,7 +14570,7 @@ static void prvCheckTasksWaitingTermination( void ) { pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority; } -// # 5014 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5027 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { pxTaskStatus->ulRunTimeCounter = 0; } @@ -14603,7 +14701,7 @@ static void prvCheckTasksWaitingTermination( void ) /*-----------------------------------------------------------*/ -// # 5183 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5196 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ @@ -14660,7 +14758,7 @@ static void prvCheckTasksWaitingTermination( void ) free( (void*) pxTCB->pxStack); free( (void*) pxTCB); } -// # 5266 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5279 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } @@ -15165,11 +15263,11 @@ void vTaskYieldWithinAPI( void ) /*-----------------------------------------------------------*/ -// # 5796 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5809 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 5902 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5915 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*----------------------------------------------------------*/ -// # 6029 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 6042 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ TickType_t uxTaskResetEventItemValue( void ) @@ -15443,7 +15541,7 @@ TickType_t uxTaskResetEventItemValue( void ) /* The task should not have been on an event list. */ assert(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0); -// # 6320 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 6333 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { prvYieldForTask( pxTCB, ( ( char ) 0 ) ); } @@ -15737,7 +15835,7 @@ TickType_t uxTaskResetEventItemValue( void ) /*-----------------------------------------------------------*/ -// # 6629 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 6642 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait, @@ -15813,7 +15911,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait, } } } -// # 6741 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 6754 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } /* Code below here allows additional code to be inserted into this source file, diff --git a/verification/verifast/proof/nathan/list_predicates.h b/verification/verifast/proof/nathan/list_predicates.h index 7731a0a669f..439b092b5d4 100644 --- a/verification/verifast/proof/nathan/list_predicates.h +++ b/verification/verifast/proof/nathan/list_predicates.h @@ -17,12 +17,19 @@ predicate xLIST_ITEM( TickType_t xItemValue, struct xLIST_ITEM *pxNext, struct xLIST_ITEM *pxPrevious, - struct xLIST *pxContainer;) = + struct xLIST *pxContainer;) + = n->xItemValue |-> xItemValue &*& n->pxNext |-> pxNext &*& n->pxPrevious |-> pxPrevious &*& n->pvOwner |-> _ &*& n->pxContainer |-> pxContainer; + +// by Tobias Reinhard +predicate xList_gen(struct xLIST *l) = + l->uxNumberOfItems |-> _ &*& + l->pxIndex |-> _; + @*/ #endif /* LIST_PREDICATES_H */ \ No newline at end of file diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/verification/verifast/proof/verifast_lock_predicates.h index ed39a57430b..32d8f73904a 100644 --- a/verification/verifast/proof/verifast_lock_predicates.h +++ b/verification/verifast/proof/verifast_lock_predicates.h @@ -1,6 +1,13 @@ #ifndef VERIFAST_LOCK_PREDICATES_H #define VERIFAST_LOCK_PREDICATES_H +/* We follow a minimalistic approach during the definition of the + * lock predicates. So far, the only encapsulate the resources and + * invariants required to verify `vTaskSwitchContext`. + * We are going to extend and refine them when we proceed to verify + * other parts of FRTOS. + */ + /*@ // We assume tha `configNUM_CORES` evaluates to 1. @@ -52,6 +59,77 @@ predicate coreLocalLocked(uint32_t coreID); @*/ +/* ---------------------------------------------------------------------- + * Predicates relevant for all locks + */ + +/*@ +predicate locked(list< pair > lockHistory); +@*/ + + + +/* ---------------------------------------------------------------------- + * Task lock and associated global variables from `tasks.c` + */ + +/*@ +fixpoint int taskLockID_f(); + +// Represents an acquired task lock. +predicate taskLock(); + +// Represents an acquired task lock. +// `f` is the fraction held for the unacquired lock. +//predicate taskLocked(real f); + +// Represents the invariant associated with the the task lock, i.e., +// access permissions to the resources protected by the lock. +predicate taskLockInv(); +@*/ + +/* ---------------------------------------------------------------------- + * ISR lock and associated global variables from `tasks.c` + */ + +/*@ +fixpoint int isrLockID_f(); + +// Represents an unacquired ISR lock. +predicate isrLock(); + +// Represents an acquired ISR lock. +// `f` is the fraction held for the unacquired lock. +predicate isrLocked(real f); + +// Represents the invariant associated with the the ISR lock, i.e., +// access permissions to the resources protected by the lock. +predicate isrLockInv() = + foreach(?vfReadyLists, xList_gen); +@*/ + + +/* ---------------------------------------------------------------------- + * Resources protected by both locks. + * Note that the task lock may never be acquired after the ISR lock. + */ + +/*@ +fixpoint int taskISRLockID_f(); + +predicate taskISRLockInv() = + integer_((int*) &uxSchedulerSuspended, sizeof(UBaseType_t), false, _); + + +lemma void get_taskISRLockInv(); +requires locked(?heldLocks) &*& + heldLocks == cons(?i, cons(?t, nil)) &*& + i == pair(?f_isr, isrLockID_f()) &*& + t == pair(?f_task, taskLockID_f()); +ensures locked( cons( pair(_, taskISRLockID_f()), heldLocks) ); +@*/ + + /* void vf_validate_lock_predicate() @@ -61,8 +139,8 @@ void vf_validate_lock_predicate() //@ open_module(); uxCurrentNumberOfTasks = 0; - //@ coreID_f_range(); - //@ close coreLocalGlobalVars(); + ///@ coreID_f_range(); + ///@ close coreLocalGlobalVars(); ///@ close otherGlobalVars(); } */ diff --git a/verification/verifast/proof/verifast_port_contracts.h b/verification/verifast/proof/verifast_port_contracts.h index 5ad986808ad..2bdb127cf8c 100644 --- a/verification/verifast/proof/verifast_port_contracts.h +++ b/verification/verifast/proof/verifast_port_contracts.h @@ -46,14 +46,14 @@ void VF__portRESTORE_INTERRUPTS(uint32_t state); #undef portGET_TASK_LOCK #define portGET_TASK_LOCK VF__portGET_TASK_LOCK -void VF__portGET_TaskLock(); -//@ requires false; -//@ ensures true; +void VF__portGET_TASK_LOCK(); +//@ requires [?f]taskLock() &*& locked(nil); +//@ ensures taskLockInv() &*& locked( cons( pair(f, taskLockID_f), nil) ); #undef portGET_ISR_LOCK #define portGET_ISR_LOCK VF__portGET_ISR_LOCK void VF__portGET_ISR_LOCK(); -//@ requires false; -//@ ensures true; +//@ requires [?f]isrLock() &*& locked(?heldLocks); +//@ ensures isrLockInv() &*& locked( cons( pair(f, isrLockID_f), heldLocks) ); #endif /* VERIFAST_PORT_CONTRACTS_H */ \ No newline at end of file From 63d8c5afa8b47fc1acb9b43ff67a4b26d44ac44f Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 10 Nov 2022 12:51:20 -0500 Subject: [PATCH 097/289] Rewrote side-effectful assertion such that VeriFast can process it. --- tasks.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/tasks.c b/tasks.c index cafebf3857b..4cb1c9f3f8b 100644 --- a/tasks.c +++ b/tasks.c @@ -4173,7 +4173,15 @@ void vTaskSwitchContext( BaseType_t xCoreID ) { /* vTaskSwitchContext() must never be called from within a critical section. * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */ - configASSERT( pxCurrentTCB->uxCriticalNesting == 0 ); + #ifdef VERIFAST + /* Reason for rewrite: VeriFast cannot handle non-pure assertions. */ + { + UBaseType_t nesting = pxCurrentTCB->uxCriticalNesting; + configASSERT( nesting == 0 ); + } + #else + configASSERT( pxCurrentTCB->uxCriticalNesting == 0 ); + #endif /* VERIFAST */ if( uxSchedulerSuspended != ( UBaseType_t ) pdFALSE ) { From 29e14be2037bd91af058a65c9c20ac13d50f151e Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 10 Nov 2022 14:36:04 -0500 Subject: [PATCH 098/289] Verified minimal contract for `xTaskGetCurrentTaskHandle`. --- tasks.c | 20 ++++- .../verifast/preprocessed_files/tasks__pp.c | 79 ++++++++++++------- .../verifast/proof/verifast_lock_predicates.h | 2 +- .../verifast/proof/verifast_port_contracts.h | 13 ++- 4 files changed, 75 insertions(+), 39 deletions(-) diff --git a/tasks.c b/tasks.c index 4cb1c9f3f8b..076d43c421a 100644 --- a/tasks.c +++ b/tasks.c @@ -4155,7 +4155,9 @@ void vTaskSwitchContext( BaseType_t xCoreID ) /*@ requires 0 <= xCoreID &*& xCoreID < configNUM_CORES &*& locked(nil) &*& [?f_ISR]isrLock() &*& - [?f_task]taskLock(); + [?f_task]taskLock() &*& + interruptState_p(xCoreID, ?state) &*& + xCoreID == coreID_f(); @*/ //@ ensures true; { @@ -4176,7 +4178,15 @@ void vTaskSwitchContext( BaseType_t xCoreID ) #ifdef VERIFAST /* Reason for rewrite: VeriFast cannot handle non-pure assertions. */ { - UBaseType_t nesting = pxCurrentTCB->uxCriticalNesting; + // PROBLEM: + // Line + // UBaseType_t nesting = pxCurrentTCB->uxCriticalNesting; + // leads to VF error + // "This potentially side-effecting expression is not supported in this position, because of C's unspecified evaluation order" + // + // TODO: Inspect reason. + TaskHandle_t handle = pxCurrentTCB; + UBaseType_t nesting = handle->uxCriticalNesting; configASSERT( nesting == 0 ); } #else @@ -5305,14 +5315,16 @@ static void prvResetNextTaskUnblockTime( void ) #if ( ( INCLUDE_xTaskGetCurrentTaskHandle == 1 ) || ( configUSE_MUTEXES == 1 ) ) TaskHandle_t xTaskGetCurrentTaskHandle( void ) - ///@ requires interruptState_p(?coreID, ?irpState); - ///@ ensures interruptState_p(coreID, irpState) &*& false; + //@ requires interruptState_p(?coreID, ?irpState); + //@ ensures interruptState_p(coreID, irpState); { TaskHandle_t xReturn; uint32_t ulState; ulState = portDISABLE_INTERRUPTS(); + //@ open coreLocalGlobalVars_p(); xReturn = pxCurrentTCBs[ portGET_CORE_ID() ]; + //@ close coreLocalGlobalVars_p(); portRESTORE_INTERRUPTS( ulState ); return xReturn; diff --git a/verification/verifast/preprocessed_files/tasks__pp.c b/verification/verifast/preprocessed_files/tasks__pp.c index 85838c49f18..43264af0107 100644 --- a/verification/verifast/preprocessed_files/tasks__pp.c +++ b/verification/verifast/preprocessed_files/tasks__pp.c @@ -10384,14 +10384,19 @@ uint32_t VF__portDISABLE_INTERRUPTS(); //@ requires interruptState_p(?coreID, ?state); /*@ ensures result == state &*& interruptState_p(coreID, ?newState) &*& - interruptsDisabled_f(newState) == true; + interruptsDisabled_f(newState) == true &*& + coreLocalGlobalVars_p(); @*/ -void VF__portRESTORE_INTERRUPTS(uint32_t state); -//@ requires interruptState_p(?coreID, _); -/*@ ensures interruptState_p(coreID, state); +void VF__portRESTORE_INTERRUPTS(uint32_t ulState); +/*@ requires interruptState_p(?coreID, ?tmpState) &*& + interruptsDisabled_f(tmpState) == true + ? coreLocalGlobalVars_p() + : true; + @*/ +/*@ ensures interruptState_p(coreID, ulState); @*/ @@ -10458,7 +10463,7 @@ predicate interruptState_p(uint32_t coreID, uint32_t state); fixpoint bool interruptsDisabled_f(uint32_t); -predicate coreLocalGlobalVars() = +predicate coreLocalGlobalVars_p() = pointer(&pxCurrentTCBs[coreID_f], _); predicate coreLocalLocked(uint32_t coreID); @@ -10527,7 +10532,9 @@ predicate isrLockInv() = fixpoint int taskISRLockID_f(); predicate taskISRLockInv() = - integer_((int*) &uxSchedulerSuspended, sizeof(UBaseType_t), false, _); + integer_((int*) &uxSchedulerSuspended, sizeof(UBaseType_t), false, _) &*& + //TCB_p(pxCurrentTCBs[coreID_f()], ?ulFreeBytesOnStack); + true; lemma void get_taskISRLockInv(); @@ -13957,7 +13964,9 @@ void vTaskSwitchContext( BaseType_t xCoreID ) /*@ requires 0 <= xCoreID &*& xCoreID < configNUM_CORES &*& locked(nil) &*& [?f_ISR]isrLock() &*& - [?f_task]taskLock(); + [?f_task]taskLock() &*& + interruptState_p(xCoreID, ?state) &*& + xCoreID == coreID_f(); @*/ //@ ensures true; { @@ -13978,7 +13987,15 @@ void vTaskSwitchContext( BaseType_t xCoreID ) /* Reason for rewrite: VeriFast cannot handle non-pure assertions. */ { - UBaseType_t nesting = xTaskGetCurrentTaskHandle()->uxCriticalNesting; + // PROBLEM: + // Line + // UBaseType_t nesting = pxCurrentTCB->uxCriticalNesting; + // leads to VF error + // "This potentially side-effecting expression is not supported in this position, because of C's unspecified evaluation order" + // + // TODO: Inspect reason. + TaskHandle_t handle = xTaskGetCurrentTaskHandle(); + UBaseType_t nesting = handle->uxCriticalNesting; assert(nesting == 0); } @@ -13995,7 +14012,7 @@ void vTaskSwitchContext( BaseType_t xCoreID ) { xYieldPendings[ xCoreID ] = ( ( char ) 0 ); ; -// # 4225 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4235 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Check for stack overflow, if configured. */ { const uint32_t * pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } }; @@ -14012,7 +14029,7 @@ void vTaskSwitchContext( BaseType_t xCoreID ) ; /* After the new task is switched in, update the global errno. */ -// # 4259 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4269 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } } vPortRecursiveLock(0, spin_lock_instance(14), ( ( char ) 0 )); @@ -14125,7 +14142,7 @@ BaseType_t xTaskRemoveFromEventList( const List_t * pxEventList ) { ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) ); ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ; -// # 4385 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4395 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } else { @@ -14165,7 +14182,7 @@ void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem, pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ assert(pxUnblockedTCB); ( void ) uxListRemove( pxEventListItem ); -// # 4439 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4449 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* Remove the task from the delayed list and add it to the ready list. The * scheduler is suspended so interrupts will not be accessing the ready * lists. */ @@ -14338,7 +14355,7 @@ void vTaskMissedYield( void ) for( ; ; ) { -// # 4622 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4632 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { /* When using preemption tasks of equal priority will be * timesliced. If a task that is sharing the idle priority is ready @@ -14359,7 +14376,7 @@ void vTaskMissedYield( void ) ; } } -// # 4659 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4669 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } } @@ -14393,7 +14410,7 @@ static void prvIdleTask( void * pvParameters ) /* See if any tasks have deleted themselves - if so then the idle task * is responsible for freeing the deleted task's TCB and stack. */ prvCheckTasksWaitingTermination(); -// # 4704 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4714 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { /* When using preemption tasks of equal priority will be * timesliced. If a task that is sharing the idle priority is ready @@ -14414,16 +14431,16 @@ static void prvIdleTask( void * pvParameters ) ; } } -// # 4740 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4750 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /* This conditional compilation should use inequality to 0, not equality * to 1. This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when * user defined low power mode implementations require * configUSE_TICKLESS_IDLE to be set to a value other than 1. */ -// # 4805 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4815 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } } /*-----------------------------------------------------------*/ -// # 4855 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4865 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ @@ -14468,7 +14485,7 @@ static void prvIdleTask( void * pvParameters ) /*-----------------------------------------------------------*/ -// # 4915 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 4925 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ static void prvInitialiseTaskLists( void ) @@ -14570,7 +14587,7 @@ static void prvCheckTasksWaitingTermination( void ) { pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority; } -// # 5027 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5037 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { pxTaskStatus->ulRunTimeCounter = 0; } @@ -14701,7 +14718,7 @@ static void prvCheckTasksWaitingTermination( void ) /*-----------------------------------------------------------*/ -// # 5196 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5206 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ @@ -14758,7 +14775,7 @@ static void prvCheckTasksWaitingTermination( void ) free( (void*) pxTCB->pxStack); free( (void*) pxTCB); } -// # 5279 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5289 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } @@ -14788,14 +14805,16 @@ static void prvResetNextTaskUnblockTime( void ) TaskHandle_t xTaskGetCurrentTaskHandle( void ) - ///@ requires interruptState_p(?coreID, ?irpState); - ///@ ensures interruptState_p(coreID, irpState) &*& false; + //@ requires interruptState_p(?coreID, ?irpState); + //@ ensures interruptState_p(coreID, irpState); { TaskHandle_t xReturn; uint32_t ulState; ulState = VF__portDISABLE_INTERRUPTS(); + //@ open coreLocalGlobalVars_p(); xReturn = pxCurrentTCBs[ VF__get_core_num() ]; + //@ close coreLocalGlobalVars_p(); VF__portRESTORE_INTERRUPTS(ulState); return xReturn; @@ -15263,11 +15282,11 @@ void vTaskYieldWithinAPI( void ) /*-----------------------------------------------------------*/ -// # 5809 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5819 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ -// # 5915 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 5925 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*----------------------------------------------------------*/ -// # 6042 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 6052 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ TickType_t uxTaskResetEventItemValue( void ) @@ -15541,7 +15560,7 @@ TickType_t uxTaskResetEventItemValue( void ) /* The task should not have been on an event list. */ assert(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0); -// # 6333 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 6343 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" { prvYieldForTask( pxTCB, ( ( char ) 0 ) ); } @@ -15835,7 +15854,7 @@ TickType_t uxTaskResetEventItemValue( void ) /*-----------------------------------------------------------*/ -// # 6642 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 6652 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" /*-----------------------------------------------------------*/ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait, @@ -15911,7 +15930,7 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait, } } } -// # 6754 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" +// # 6764 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" } /* Code below here allows additional code to be inserted into this source file, diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/verification/verifast/proof/verifast_lock_predicates.h index 32d8f73904a..454a644c740 100644 --- a/verification/verifast/proof/verifast_lock_predicates.h +++ b/verification/verifast/proof/verifast_lock_predicates.h @@ -49,7 +49,7 @@ predicate interruptState_p(uint32_t coreID, uint32_t state); fixpoint bool interruptsDisabled_f(uint32_t); -predicate coreLocalGlobalVars() = +predicate coreLocalGlobalVars_p() = pointer(&pxCurrentTCBs[coreID_f], _); predicate coreLocalLocked(uint32_t coreID); diff --git a/verification/verifast/proof/verifast_port_contracts.h b/verification/verifast/proof/verifast_port_contracts.h index 2bdb127cf8c..86bef0a9750 100644 --- a/verification/verifast/proof/verifast_port_contracts.h +++ b/verification/verifast/proof/verifast_port_contracts.h @@ -34,14 +34,19 @@ uint32_t VF__portDISABLE_INTERRUPTS(); //@ requires interruptState_p(?coreID, ?state); /*@ ensures result == state &*& interruptState_p(coreID, ?newState) &*& - interruptsDisabled_f(newState) == true; + interruptsDisabled_f(newState) == true &*& + coreLocalGlobalVars_p(); @*/ #undef portRESTORE_INTERRUPTS #define portRESTORE_INTERRUPTS(ulState) VF__portRESTORE_INTERRUPTS(ulState) -void VF__portRESTORE_INTERRUPTS(uint32_t state); -//@ requires interruptState_p(?coreID, _); -/*@ ensures interruptState_p(coreID, state); +void VF__portRESTORE_INTERRUPTS(uint32_t ulState); +/*@ requires interruptState_p(?coreID, ?tmpState) &*& + interruptsDisabled_f(tmpState) == true + ? coreLocalGlobalVars_p() + : true; + @*/ +/*@ ensures interruptState_p(coreID, ulState); @*/ #undef portGET_TASK_LOCK From d746a27233a460714bcc04fe8e80a765279046be Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 11 Nov 2022 15:07:01 -0500 Subject: [PATCH 099/289] Added missing task-ISR lock invariant to post condition of acquision lemma. --- verification/verifast/proof/verifast_lock_predicates.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/verification/verifast/proof/verifast_lock_predicates.h index 454a644c740..57d1fd1e986 100644 --- a/verification/verifast/proof/verifast_lock_predicates.h +++ b/verification/verifast/proof/verifast_lock_predicates.h @@ -126,7 +126,8 @@ requires locked(?heldLocks) &*& heldLocks == cons(?i, cons(?t, nil)) &*& i == pair(?f_isr, isrLockID_f()) &*& t == pair(?f_task, taskLockID_f()); -ensures locked( cons( pair(_, taskISRLockID_f()), heldLocks) ); +ensures locked( cons( pair(_, taskISRLockID_f()), heldLocks) ) &*& + taskISRLockInv(); @*/ From e33d940357d2173419877cda2ef12563421e767e Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 11 Nov 2022 15:09:27 -0500 Subject: [PATCH 100/289] Stopped tracking preprocecssing output. --- .../verifast/preprocessed_files/tasks__pp.c | 15938 ---------------- 1 file changed, 15938 deletions(-) delete mode 100644 verification/verifast/preprocessed_files/tasks__pp.c diff --git a/verification/verifast/preprocessed_files/tasks__pp.c b/verification/verifast/preprocessed_files/tasks__pp.c deleted file mode 100644 index 43264af0107..00000000000 --- a/verification/verifast/preprocessed_files/tasks__pp.c +++ /dev/null @@ -1,15938 +0,0 @@ -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" -// # 1 "" 1 -// # 1 "" 3 -// # 400 "" 3 -// # 1 "" 1 -// # 1 "" 2 -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 -/* - * FreeRTOS SMP Kernel V202110.00 - * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. - * - * Permission is hereby granted, free of charge, to any person obtaining a copy of - * this software and associated documentation files (the "Software"), to deal in - * the Software without restriction, including without limitation the rights to - * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of - * the Software, and to permit persons to whom the Software is furnished to do so, - * subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS - * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR - * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER - * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - * - * https://www.FreeRTOS.org - * https://github.com/FreeRTOS - * - */ - - - /* Ghost header include must occur before any non-ghost includes or other - * non-ghost code. Otherwise VeriFast will report an unspecific parse error. - */ - - //@ #include - - /* The following includes will be visible to VeriFast in the preprocessed - * code. VeriFast requires includes to occur befor definitions. Hence, - * all includes visible to VeriFast must occur before the preprocessed - * ones. - */ - #include "FreeRTOSConfig.h" - - - -/* Standard includes. */ -// # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdlib.h" 1 - - - -// # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdbool.h" 1 -// # 5 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdlib.h" 2 -// # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/malloc.h" 1 - - - -// # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stddef.h" 1 - - - -typedef uintptr_t size_t; -typedef intptr_t ptrdiff_t; -typedef intptr_t ssize_t; -// # 5 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/malloc.h" 2 - -/*@ - -// In Standard C, freeing a null pointer is allowed and is a no-op. -lemma_auto void malloc_block_null(); - requires emp; - ensures malloc_block(0, 0); - -lemma void malloc_block_limits(void *array); - requires [?f]malloc_block(array, ?size); - ensures [f]malloc_block(array, size) &*& (void *)0 <= array &*& 0 <= size &*& array + size <= (void *)UINTPTR_MAX; - -@*/ - -void *malloc(size_t size); - //@ requires true; - /*@ - ensures - result == 0 ? - emp - : - chars_(result, size, _) &*& malloc_block(result, size) &*& - (char *)0 < result && result + size <= (char *)UINTPTR_MAX; // one-past-end does not overflow - @*/ - //@ terminates; - -void *calloc(size_t nmemb, size_t size); - //@ requires true; - /*@ - ensures - result == 0 ? - emp - : - chars(result, nmemb * size, ?cs) &*& malloc_block(result, nmemb * size) &*& all_eq(cs, 0) == true &*& - (char *)0 < result && result + nmemb * size <= (char *)UINTPTR_MAX; // one-past-end does not overflow - @*/ - //@ terminates; - -void free(void *array); - //@ requires malloc_block(array, ?size) &*& chars_(array, size, ?cs); - //@ ensures emp; - //@ terminates; - -void *realloc(void *array, size_t newSize); - //@ requires malloc_block(array, ?size) &*& chars(array, size, ?cs); - /*@ - ensures - result == 0 ? - malloc_block(array, size) &*& chars(array, size, cs) - : - malloc_block(result, newSize) &*& - newSize <= size ? - chars(result, _, take(newSize, cs)) - : - chars(result, _, cs) &*& chars(result + size, newSize - size, _); - @*/ - //@ terminates; -// # 6 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdlib.h" 2 - -void abort(); - //@ requires true; - //@ ensures false; - //@ terminates; - -void exit(int status); - //@ requires true; - //@ ensures false; - //@ terminates; - -int abs(int x); - //@ requires INT_MIN < x; - //@ ensures result == abs(x); - //@ terminates; - -long labs(long x); - //@ requires LONG_MIN < x; - //@ ensures result == abs(x); - //@ terminates; - -long long llabs(long long x); - //@ requires LLONG_MIN < x; - //@ ensures result == abs(x); - //@ terminates; -// # 45 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 -// # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/string.h" 1 - - - - - -char *strcpy(char *d, char *s); - //@ requires [?f]string(s, ?cs) &*& chars(d, length(cs) + 1, _); - //@ ensures [f]string(s, cs) &*& chars(d, length(cs) + 1, append(cs, {0})) &*& result == d; - -void memcpy(void *array, void *array0, size_t count); - //@ requires chars_(array, count, _) &*& [?f]chars(array0, count, ?cs0); - //@ ensures chars(array, count, cs0) &*& [f]chars(array0, count, cs0); - -void memmove(void *dest, void *src, size_t count); - /*@ - requires - chars(src, count, ?cs) &*& - dest <= src ? - chars(dest, src - dest, _) - : - chars(src + count, dest - src, _); - @*/ - /*@ - ensures - chars(dest, count, cs) &*& - dest <= src ? - chars(dest + count, src - dest, _) - : - chars(src, dest - src, _); - @*/ - -size_t strlen(char *string); - //@ requires [?f]string(string, ?cs); - //@ ensures [f]string(string, cs) &*& result == length(cs); - -int memcmp(char *array, char *array0, size_t count); - //@ requires [?f]chars(array, ?n, ?cs) &*& [?f0]chars(array0, ?n0, ?cs0) &*& count <= n &*& count <= n0; - //@ ensures [f]chars(array, n, cs) &*& [f0]chars(array0, n0, cs0) &*& (result == 0) == (take(count, cs) == take(count, cs0)); - -int strcmp(char *s1, char *s2); - //@ requires [?f1]string(s1, ?cs1) &*& [?f2]string(s2, ?cs2); - //@ ensures [f1]string(s1, cs1) &*& [f2]string(s2, cs2) &*& (result == 0) == (cs1 == cs2); - -char *memchr(char *array, char c, size_t count); - //@ requires [?f]chars(array, count, ?cs); - //@ ensures [f]chars(array, count, cs) &*& result == 0 ? mem(c, cs) == false : mem(c, cs) == true &*& result == array + index_of(c, cs); - -char* strchr(char *str, char c); - //@ requires [?f]string(str, ?cs); - /*@ ensures - [f]string(str, cs) &*& - c == 0 ? - result == str + length(cs) - : - result == 0 ? - mem(c, cs) == false - : - mem(c, cs) == true &*& result == str + index_of(c, cs); - @*/ - -void* memset(void *array, char value, size_t size); - //@ requires chars_(array, size, _); - //@ ensures chars(array, size, ?cs1) &*& all_eq(cs1, value) == true &*& result == array; - -char *strdup(char *string); - //@ requires [?f]string(string, ?cs); - //@ ensures [f]string(string, cs) &*& result == 0 ? true : string(result, cs) &*& malloc_block_chars(result, length(cs) + 1); -// # 46 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 - -/* Defining MPU_WRAPPERS_INCLUDED_FROM_API_FILE prevents task.h from redefining - * all the API functions to use the MPU wrappers. That should only be done when - * task.h is included from an application file. */ - - -/* FreeRTOS includes. */ -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h" 1 -/* - * FreeRTOS SMP Kernel V202110.00 - * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. - * - * Permission is hereby granted, free of charge, to any person obtaining a copy of - * this software and associated documentation files (the "Software"), to deal in - * the Software without restriction, including without limitation the rights to - * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of - * the Software, and to permit persons to whom the Software is furnished to do so, - * subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS - * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR - * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER - * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - * - * https://www.FreeRTOS.org - * https://github.com/FreeRTOS - * - */ - - - - -/* - * Include the generic headers required for the FreeRTOS port being used. - */ - - -/* - * If stdint.h cannot be located then: - * + If using GCC ensure the -nostdint options is *not* being used. - * + Ensure the project's include path includes the directory in which your - * compiler stores stdint.h. - * + Set any compiler options necessary for it to support C99, as technically - * stdint.h is only mandatory with C99 (FreeRTOS does not require C99 in any - * other way). - * + The FreeRTOS download includes a simple stdint.h definition that can be - * used in cases where none is provided by the compiler. The files only - * contains the typedefs required to build FreeRTOS. Read the instructions - * in FreeRTOS/source/stdint.readme for more information. - */ -// # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdint.h" 1 -// # 18 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdint.h" -typedef __int8 int8_t; -typedef __int16 int16_t; -typedef __int32 int32_t; -typedef __int64 int64_t; -typedef __int128 int128_t; - -typedef unsigned __int8 uint8_t; -typedef unsigned __int16 uint16_t; -typedef unsigned __int32 uint32_t; -typedef unsigned __int64 uint64_t; -typedef unsigned __int128 uint128_t; -// # 49 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h" 2 - -/* *INDENT-OFF* */ - - - -/* *INDENT-ON* */ - -/* Application specific configuration options. */ -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/FreeRTOSConfig.h" 1 -/* This is a stub used for the VeriFast proof. */ - -/* - * FreeRTOS V202107.00 - * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. - * - * Permission is hereby granted, free of charge, to any person obtaining a copy of - * this software and associated documentation files (the "Software"), to deal in - * the Software without restriction, including without limitation the rights to - * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of - * the Software, and to permit persons to whom the Software is furnished to do so, - * subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS - * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR - * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER - * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - * - * http://www.FreeRTOS.org - * http://aws.amazon.com/freertos - * - * 1 tab == 4 spaces! - */ - - - - -/*----------------------------------------------------------- - * Application specific definitions. - * - * These definitions should be adjusted for your particular hardware and - * application requirements. - * - * THESE PARAMETERS ARE DESCRIBED WITHIN THE 'CONFIGURATION' SECTION OF THE - * FreeRTOS API DOCUMENTATION AVAILABLE ON THE FreeRTOS.org WEB SITE. - * - * See http://www.freertos.org/a00110.html - *----------------------------------------------------------*/ - -/* Scheduler Related */ -// # 57 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/FreeRTOSConfig.h" -/* Synchronization Related */ -// # 69 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/FreeRTOSConfig.h" -/* System */ - - - -/* Memory allocation related definitions. */ - - - - - -/* Hook function related definitions. */ - - - - -/* Run time and task stats gathering related definitions. */ - - - - -/* Co-routine related definitions. */ - - - -/* Software timer related definitions. */ - - - - - -/* Interrupt nesting behaviour configuration. */ -/* -// #define configKERNEL_INTERRUPT_PRIORITY [dependent of processor] -// #define configMAX_SYSCALL_INTERRUPT_PRIORITY [dependent on processor and application] -// #define configMAX_API_CALL_INTERRUPT_PRIORITY [dependent on processor and application] -*/ - -/* SMP port only */ - - - - -/* RP2040 specific */ - - - - - - - -/* Define to trap errors during development. */ - - -/* Set the following definitions to 1 to include the API function, or zero -to exclude the API function. */ -// # 141 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/FreeRTOSConfig.h" -/* A header file that defines trace macro can be included here. */ -// # 58 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h" 2 - -/* Basic FreeRTOS definitions. */ -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/projdefs.h" 1 -/* - * FreeRTOS SMP Kernel V202110.00 - * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. - * - * Permission is hereby granted, free of charge, to any person obtaining a copy of - * this software and associated documentation files (the "Software"), to deal in - * the Software without restriction, including without limitation the rights to - * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of - * the Software, and to permit persons to whom the Software is furnished to do so, - * subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS - * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR - * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER - * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - * - * https://www.FreeRTOS.org - * https://github.com/FreeRTOS - * - */ - - - - -/* - * Defines the prototype to which task functions must conform. Defined in this - * file to ensure the type is known before portable.h is included. - */ -typedef void (* TaskFunction_t)( void * ); - -/* Converts a time in milliseconds to a time in ticks. This macro can be - * overridden by a macro of the same name defined in FreeRTOSConfig.h in case the - * definition here is not suitable for your application. */ -// # 51 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/projdefs.h" -/* FreeRTOS error definitions. */ - - - - -/* Macros used for basic data corruption checks. */ -// # 67 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/projdefs.h" -/* The following errno values are used by FreeRTOS+ components, not FreeRTOS - * itself. */ -// # 110 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/projdefs.h" -/* The following endian values are used by FreeRTOS+ components, not FreeRTOS - * itself. */ - - - -/* Re-defining endian values for generic naming. */ -// # 61 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h" 2 - -/* Definitions specific to the port being used. */ -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/portable.h" 1 -/* - * FreeRTOS SMP Kernel V202110.00 - * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. - * - * Permission is hereby granted, free of charge, to any person obtaining a copy of - * this software and associated documentation files (the "Software"), to deal in - * the Software without restriction, including without limitation the rights to - * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of - * the Software, and to permit persons to whom the Software is furnished to do so, - * subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS - * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR - * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER - * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - * - * https://www.FreeRTOS.org - * https://github.com/FreeRTOS - * - */ - -/*----------------------------------------------------------- -* Portable layer API. Each function must be defined for each port. -*----------------------------------------------------------*/ - - - - -/* Each FreeRTOS port has a unique portmacro.h header file. Originally a - * pre-processor definition was used to ensure the pre-processor found the correct - * portmacro.h file for the port being used. That scheme was deprecated in favour - * of setting the compiler's include path such that it found the correct - * portmacro.h file - removing the need for the constant and allowing the - * portmacro.h file to be located anywhere in relation to the port being used. - * Purely for reasons of backward compatibility the old method is still valid, but - * to make it clear that new projects should not use it, support for the port - * specific constants has been moved into the deprecated_definitions.h header - * file. */ -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/deprecated_definitions.h" 1 -/* - * FreeRTOS SMP Kernel V202110.00 - * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. - * - * Permission is hereby granted, free of charge, to any person obtaining a copy of - * this software and associated documentation files (the "Software"), to deal in - * the Software without restriction, including without limitation the rights to - * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of - * the Software, and to permit persons to whom the Software is furnished to do so, - * subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS - * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR - * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER - * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - * - * https://www.FreeRTOS.org - * https://github.com/FreeRTOS - * - */ - - - - - -/* Each FreeRTOS port has a unique portmacro.h header file. Originally a - * pre-processor definition was used to ensure the pre-processor found the correct - * portmacro.h file for the port being used. That scheme was deprecated in favour - * of setting the compiler's include path such that it found the correct - * portmacro.h file - removing the need for the constant and allowing the - * portmacro.h file to be located anywhere in relation to the port being used. The - * definitions below remain in the code for backward compatibility only. New - * projects should not use them. */ -// # 45 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/portable.h" 2 - -/* If portENTER_CRITICAL is not defined then including deprecated_definitions.h - * did not result in a portmacro.h header file being included - and it should be - * included here. In this case the path to the correct portmacro.h header file - * must be set in the compiler's include path. */ - -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 1 -/* - * FreeRTOS SMP Kernel V202110.00 - * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. - * Copyright (c) 2021 Raspberry Pi (Trading) Ltd. - * - * SPDX-License-Identifier: MIT AND BSD-3-Clause - * - * Permission is hereby granted, free of charge, to any person obtaining a copy of - * this software and associated documentation files (the "Software"), to deal in - * the Software without restriction, including without limitation the rights to - * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of - * the Software, and to permit persons to whom the Software is furnished to do so, - * subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS - * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR - * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER - * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - * - * https://www.FreeRTOS.org - * https://github.com/FreeRTOS - * - */ -// # 37 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico.h" 1 -/* - * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - - - - -/** \file pico.h - * \defgroup pico_base pico_base - * - * Core types and macros for the Raspberry Pi Pico SDK. This header is intended to be included by all source code - * as it includes configuration headers and overrides in the correct order - * - * This header may be included by assembly code -*/ - - - - -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico/types.h" 1 -/* - * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - - - - - - -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico/assert.h" 1 -/* - * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - - - - -// # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdbool.h" 1 -// # 11 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico/assert.h" 2 - - - - - - - -// # 1 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/assert.h" 1 3 4 -/*- - * Copyright (c) 1992, 1993 - * The Regents of the University of California. All rights reserved. - * (c) UNIX System Laboratories, Inc. - * All or some portions of this file are derived from material licensed - * to the University of California by American Telephone and Telegraph - * Co. or Unix System Laboratories, Inc. and are reproduced herein with - * the permission of UNIX System Laboratories, Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)assert.h 8.2 (Berkeley) 1/21/94 - * $FreeBSD: src/include/assert.h,v 1.4 2002/03/23 17:24:53 imp Exp $ - */ - -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 1 3 4 -/* This is a stub used for the VeriFast proof. */ - -/* - * Copyright (c) 2000-2018 Apple Inc. All rights reserved. - * - * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. The rights granted to you under the License - * may not be used to create, or enable the creation or redistribution of, - * unlawful or unlicensed copies of an Apple operating system, or to - * circumvent, violate, or enable the circumvention or violation of, any - * terms of an Apple operating system software license agreement. - * - * Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ - */ -/* Copyright 1995 NeXT Computer, Inc. All rights reserved. */ -/* - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Berkeley Software Design, Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)cdefs.h 8.8 (Berkeley) 1/9/95 - */ - - - - -/* Verifast proof setup */ - - /* - * The proof setup header is already included at the top of the proof target, - * e.g., `tasks.c`. But it seems like the contained defines are not propagated - * to this file. - */ -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_proof_defs.h" 1 3 4 -/* - * This file contains defines to configure the VeriFast proof setup. - * - */ - - - - // Delete keywords VeriFast canot parse (in some contexts) - - - - /* `projdefs.h` defines `pdFALSE` and `pdTRUE` as 0 and 1 of type - * `BaseType_t`. Both are assigned to variables smaller or - * unsigned types. While that's safe in practice, it is not - * type safe. Hence we define - */ -// # 80 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 2 3 4 -// # 90 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4 -/* This SDK is designed to work with clang and specific versions of - * gcc >= 4.0 with Apple's patch sets */ - - - - -/* - * Compatibility with compilers and environments that don't support compiler - * feature checking function-like macros. - */ -// # 116 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4 -/* - * The __CONCAT macro is used to concatenate parts of symbol names, e.g. - * with "#define OLD(foo) __CONCAT(old,foo)", OLD(foo) produces oldfoo. - * The __CONCAT macro is a bit tricky -- make sure you don't put spaces - * in between its arguments. __CONCAT can also concatenate double-quoted - * strings produced by the __STRING macro, but this only works with ANSI C. - */ -// # 167 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4 -/* - * __pure2 can be used for functions that are only a function of their scalar - * arguments (meaning they can't dereference pointers). - * - * __stateful_pure can be used for functions that have no side effects, - * but depend on the state of the memory. - */ - - - - -/* __unused denotes variables and functions that may not be used, preventing - * the compiler from warning about it if not used. - */ - - -/* __used forces variables and functions to be included even if it appears - * to the compiler that they are not used (and would thust be discarded). - */ - - -/* __cold marks code used for debugging or that is rarely taken - * and tells the compiler to optimize for size and outline code. - */ - - - - - - -/* __exported denotes symbols that should be exported even when symbols - * are hidden by default. - * __exported_push/_exported_pop are pragmas used to delimit a range of - * symbols that should be exported even when symbols are hidden by default. - */ - - - - -/* __deprecated causes the compiler to produce a warning when encountering - * code using the deprecated functionality. - * __deprecated_msg() does the same, and compilers that support it will print - * a message along with the deprecation warning. - * This may require turning on such warning with the -Wdeprecated flag. - * __deprecated_enum_msg() should be used on enums, and compilers that support - * it will print the deprecation warning. - * __kpi_deprecated() specifically indicates deprecation of kernel programming - * interfaces in Kernel.framework used by KEXTs. - */ -// # 233 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4 -/* __unavailable causes the compiler to error out when encountering - * code using the tagged function - */ -// # 250 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4 -/* Delete pseudo-keywords wherever they are not available or needed. */ - - - - - -/* - * We use `__restrict' as a way to define the `restrict' type qualifier - * without disturbing older software that is unaware of C99 keywords. - */ - - - - - - -/* Compatibility with compilers and environments that don't support the - * nullability feature. - */ -// # 291 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4 -/* - * __disable_tail_calls causes the compiler to not perform tail call - * optimization inside the marked function. - */ - - - - - - -/* - * __not_tail_called causes the compiler to prevent tail call optimization - * on statically bound calls to the function. It has no effect on indirect - * calls. Virtual functions, objective-c methods, and functions marked as - * "always_inline" cannot be marked as __not_tail_called. - */ - - - - - - -/* - * __result_use_check warns callers of a function that not using the function - * return value is a bug, i.e. dismissing malloc() return value results in a - * memory leak. - */ - - - - - - -/* - * __swift_unavailable causes the compiler to mark a symbol as specifically - * unavailable in Swift, regardless of any other availability in C. - */ - - - - - - -/* - * __abortlike is the attribute to put on functions like abort() that are - * typically used to mark assertions. These optimize the codegen - * for outlining while still maintaining debugability. - */ - - - - -/* Declaring inline functions within headers is error-prone due to differences - * across various versions of the C language and extensions. __header_inline - * can be used to declare inline functions within system headers. In cases - * where you want to force inlining instead of letting the compiler make - * the decision, you can use __header_always_inline. - * - * Be aware that using inline for functions which compilers may also provide - * builtins can behave differently under various compilers. If you intend to - * provide an inline version of such a function, you may want to use a macro - * instead. - * - * The check for !__GNUC__ || __clang__ is because gcc doesn't correctly - * support c99 inline in some cases: - * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55965 - */ -// # 384 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4 -/* - * Compiler-dependent macros that bracket portions of code where the - * "-Wunreachable-code" warning should be ignored. Please use sparingly. - */ -// # 405 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4 -/* - * Compiler-dependent macros to declare that functions take printf-like - * or scanf-like arguments. They are null except for versions of gcc - * that are known to support the features properly. Functions declared - * with these attributes will cause compilation warnings if there is a - * mismatch between the format string and subsequent function parameter - * types. - */ -// # 440 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4 -/* Source compatibility only, ID string not emitted in object file */ -// # 457 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4 -/* - * __alloc_size can be used to label function arguments that represent the - * size of memory that the function allocates and returns. The one-argument - * form labels a single argument that gives the allocation size (where the - * arguments are numbered from 1): - * - * void *malloc(size_t __size) __alloc_size(1); - * - * The two-argument form handles the case where the size is calculated as the - * product of two arguments: - * - * void *calloc(size_t __count, size_t __size) __alloc_size(1,2); - */ -// # 478 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4 -/* - * COMPILATION ENVIRONMENTS -- see compat(5) for additional detail - * - * DEFAULT By default newly complied code will get POSIX APIs plus - * Apple API extensions in scope. - * - * Most users will use this compilation environment to avoid - * behavioral differences between 32 and 64 bit code. - * - * LEGACY Defining _NONSTD_SOURCE will get pre-POSIX APIs plus Apple - * API extensions in scope. - * - * This is generally equivalent to the Tiger release compilation - * environment, except that it cannot be applied to 64 bit code; - * its use is discouraged. - * - * We expect this environment to be deprecated in the future. - * - * STRICT Defining _POSIX_C_SOURCE or _XOPEN_SOURCE restricts the - * available APIs to exactly the set of APIs defined by the - * corresponding standard, based on the value defined. - * - * A correct, portable definition for _POSIX_C_SOURCE is 200112L. - * A correct, portable definition for _XOPEN_SOURCE is 600L. - * - * Apple API extensions are not visible in this environment, - * which can cause Apple specific code to fail to compile, - * or behave incorrectly if prototypes are not in scope or - * warnings about missing prototypes are not enabled or ignored. - * - * In any compilation environment, for correct symbol resolution to occur, - * function prototypes must be in scope. It is recommended that all Apple - * tools users add either the "-Wall" or "-Wimplicit-function-declaration" - * compiler flags to their projects to be warned when a function is being - * used without a prototype in scope. - */ - -/* These settings are particular to each product. */ -// # 526 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4 -/* - * The __DARWIN_ALIAS macros are used to do symbol renaming; they allow - * legacy code to use the old symbol, thus maintaining binary compatibility - * while new code can use a standards compliant version of the same function. - * - * __DARWIN_ALIAS is used by itself if the function signature has not - * changed, it is used along with a #ifdef check for __DARWIN_UNIX03 - * if the signature has changed. Because the __LP64__ environment - * only supports UNIX03 semantics it causes __DARWIN_UNIX03 to be - * defined, but causes __DARWIN_ALIAS to do no symbol mangling. - * - * As a special case, when XCode is used to target a specific version of the - * OS, the manifest constant __ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ - * will be defined by the compiler, with the digits representing major version - * time 100 + minor version times 10 (e.g. 10.5 := 1050). If we are targeting - * pre-10.5, and it is the default compilation environment, revert the - * compilation environment to pre-__DARWIN_UNIX03. - */ -// # 560 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4 -/* - * symbol suffixes used for symbol versioning - */ -// # 605 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4 -/* - * symbol versioning macros - */ -// # 623 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4 -/* - * symbol release macros - */ - - - -/* - * POSIX.1 requires that the macros we test be defined before any standard - * header file is included. This permits us to convert values for feature - * testing, as necessary, using only _POSIX_C_SOURCE. - * - * Here's a quick run-down of the versions: - * defined(_POSIX_SOURCE) 1003.1-1988 - * _POSIX_C_SOURCE == 1L 1003.1-1990 - * _POSIX_C_SOURCE == 2L 1003.2-1992 C Language Binding Option - * _POSIX_C_SOURCE == 199309L 1003.1b-1993 - * _POSIX_C_SOURCE == 199506L 1003.1c-1995, 1003.1i-1995, - * and the omnibus ISO/IEC 9945-1: 1996 - * _POSIX_C_SOURCE == 200112L 1003.1-2001 - * _POSIX_C_SOURCE == 200809L 1003.1-2008 - * - * In addition, the X/Open Portability Guide, which is now the Single UNIX - * Specification, defines a feature-test macro which indicates the version of - * that specification, and which subsumes _POSIX_C_SOURCE. - */ - -/* Deal with IEEE Std. 1003.1-1990, in which _POSIX_C_SOURCE == 1L. */ - - - - - -/* Deal with IEEE Std. 1003.2-1992, in which _POSIX_C_SOURCE == 2L. */ - - - - - -/* Deal with various X/Open Portability Guides and Single UNIX Spec. */ -// # 675 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4 -/* - * Deal with all versions of POSIX. The ordering relative to the tests above is - * important. - */ - - - - -/* POSIX C deprecation macros */ - - -/* - * Set a single macro which will always be defined and can be used to determine - * the appropriate namespace. For POSIX, these values will correspond to - * _POSIX_C_SOURCE value. Currently there are two additional levels corresponding - * to ANSI (_ANSI_SOURCE) and Darwin extensions (_DARWIN_C_SOURCE) - */ -// # 703 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4 -/* If the developer has neither requested a strict language mode nor a version - * of POSIX, turn on functionality provided by __STDC_WANT_LIB_EXT1__ as part - * of __DARWIN_C_FULL. - */ - - - - -/* - * long long is not supported in c89 (__STRICT_ANSI__), but g++ -ansi and - * c99 still want long longs. While not perfect, we allow long longs for - * g++. - */ - - - - - - -/***************************************** -* Public darwin-specific feature macros -*****************************************/ - -/* - * _DARWIN_FEATURE_64_BIT_INODE indicates that the ino_t type is 64-bit, and - * structures modified for 64-bit inodes (like struct stat) will be used. - */ - - - - -/* - * _DARWIN_FEATURE_64_ONLY_BIT_INODE indicates that the ino_t type may only - * be 64-bit; there is no support for 32-bit ino_t when this macro is defined - * (and non-zero). There is no struct stat64 either, as the regular - * struct stat will already be the 64-bit version. - */ - - - - -/* - * _DARWIN_FEATURE_ONLY_VERS_1050 indicates that only those APIs updated - * in 10.5 exists; no pre-10.5 variants are available. - */ - - - - -/* - * _DARWIN_FEATURE_ONLY_UNIX_CONFORMANCE indicates only UNIX conforming API - * are available (the legacy BSD APIs are not available) - */ - - - - -/* - * _DARWIN_FEATURE_UNIX_CONFORMANCE indicates whether UNIX conformance is on, - * and specifies the conformance level (3 is SUSv3) - */ - - - - - -/* - * This macro casts away the qualifier from the variable - * - * Note: use at your own risk, removing qualifiers can result in - * catastrophic run-time failures. - */ - - - - -/* - * __XNU_PRIVATE_EXTERN is a linkage decoration indicating that a symbol can be - * used from other compilation units, but not other libraries or executables. - */ - - - - - - - -/* - * We intentionally define to nothing pointer attributes which do not have an - * impact on the ABI. __indexable and __bidi_indexable are not defined because - * of the ABI incompatibility that makes the diagnostic preferable. - */ - - - - - - - -/* - * Similarly, we intentionally define to nothing the - * __ptrcheck_abi_assume_single and __ptrcheck_abi_assume_unsafe_indexable - * macros because they do not lead to an ABI incompatibility. However, we do not - * define the indexable and unsafe_indexable ones because the diagnostic is - * better than the silent ABI break. - */ - - - -/* __unsafe_forge intrinsics are defined as regular C casts. */ - - - -/* decay operates normally; attribute is meaningless without pointer checks. */ -// # 831 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4 -/* - * Architecture validation for current SDK - */ -// # 843 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4 -/* - * Check if __probable and __improbable have already been defined elsewhere. - * These macros inform the compiler (and humans) about which branches are likely - * to be taken. - */ -// # 875 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/sys/cdefs.h" 3 4 -/* - * Similar to OS_ENUM/OS_CLOSED_ENUM/OS_OPTIONS/OS_CLOSED_OPTIONS - * - * This provides more advanced type checking on compilers supporting - * the proper extensions, even in C. - */ -// # 43 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/assert.h" 2 3 4 - - - - -/* - * Unlike other ANSI header files, may usefully be included - * multiple times, with and without NDEBUG defined. - */ -// # 82 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/assert.h" 3 4 -void __assert_rtn(const char *, const char *, int, const char *) ; -// # 92 "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/assert.h" 3 4 -/* 8462256: modified __assert_rtn() replaces deprecated __eprintf() */ -// # 19 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico/assert.h" 2 - - -// PICO_CONFIG: PARAM_ASSERTIONS_ENABLE_ALL, Global assert enable, type=bool, default=0, group=pico_base -// PICO_CONFIG: PARAM_ASSERTIONS_DISABLE_ALL, Global assert disable, type=bool, default=0, group=pico_base -// # 35 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico/assert.h" - /* Reason for rewrite: - * Verifast cannot parse statements non-empty block statements wrapped in parentheses, - * i.e., it can parse `{stmt;}` but not `( {stmt;} )`. - */ -// # 13 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico/types.h" 2 - - -// # 1 "/Users/reitobia/programs/verifast-21.04-83-gfae956f7/bin/stdbool.h" 1 -// # 16 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico/types.h" 2 - - -typedef unsigned int uint; - -/*! \typedef absolute_time_t - \brief An opaque 64 bit timestamp in microseconds - - The type is used instead of a raw uint64_t to prevent accidentally passing relative times or times in the wrong - time units where an absolute time is required. It is equivalent to uint64_t in release builds. - - \see to_us_since_boot() - \see update_us_since_boot() - \ingroup timestamp -*/ - - - -typedef struct { - uint64_t _private_us_since_boot; -} absolute_time_t; - - -/*! fn to_us_since_boot - * \brief convert an absolute_time_t into a number of microseconds since boot. - * \param t the absolute time to convert - * \return a number of microseconds since boot, equivalent to t - * \ingroup timestamp - */ -static uint64_t to_us_since_boot(absolute_time_t t) { - - - - return t._private_us_since_boot; - -} - -/*! fn update_us_since_boot - * \brief update an absolute_time_t value to represent a given number of microseconds since boot - * \param t the absolute time value to update - * \param us_since_boot the number of microseconds since boot to represent. Note this should be representable - * as a signed 64 bit integer - * \ingroup timestamp - */ -static void update_us_since_boot(absolute_time_t *t, uint64_t us_since_boot) { - - - - (__builtin_expect(!(us_since_boot <= 9223372036854775807), 0) ? __assert_rtn ((const char *)-1L, "types.h", 63, "us_since_boot <= INT64_MAX") : (void)0); - t->_private_us_since_boot = us_since_boot; - -} - - - - - - - -/** \struct datetime_t - * \ingroup util_datetime - * \brief Structure containing date and time information - * - * When setting an RTC alarm, set a field to -1 tells - * the RTC to not match on this field - */ -typedef struct { - int16_t year; ///< 0..4095 - int8_t month; ///< 1..12, 1 is January - int8_t day; ///< 1..28,29,30,31 depending on month - int8_t dotw; ///< 0..6, 0 is Sunday - int8_t hour; ///< 0..23 - int8_t min; ///< 0..59 - int8_t sec; ///< 0..59 -} datetime_t; -// # 23 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico.h" 2 -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base/pico/version.h" 1 -/* - * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - -// --------------------------------------- -// THIS FILE IS AUTOGENERATED; DO NOT EDIT -// --------------------------------------- -// # 24 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico.h" 2 - -// PICO_CONFIG: PICO_CONFIG_HEADER, unquoted path to header include in place of the default pico/config.h which may be desirable for build systems which can't easily generate the config_autogen header, group=pico_base - - - -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico/config.h" 1 -/* - * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - - - - -// ----------------------------------------------------- -// NOTE: THIS HEADER IS ALSO INCLUDED BY ASSEMBLY CODE SO -// SHOULD ONLY CONSIST OF PREPROCESSOR DIRECTIVES -// OR USE #ifndef __ASSEMBLER__ guards -// ------------- - -// PICO_CONFIG_HEADER_FILES and then PICO_SDK__CONFIG_INCLUDE_FILES -// entries are dumped in order at build time into this generated header - -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base/pico/config_autogen.h" 1 -// AUTOGENERATED FROM PICO_CONFIG_HEADER_FILES and then PICO__CONFIG_HEADER_FILES -// DO NOT EDIT! - - -// based on PICO_CONFIG_HEADER_FILES: - -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/freertos_sdk_config.h" 1 -/* - * FreeRTOS Kernel V10.4.3 - * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. - * Copyright (c) 2021 Raspberry Pi (Trading) Ltd. - * - * SPDX-License-Identifier: BSD-3-Clause - * - * Permission is hereby granted, free of charge, to any person obtaining a copy of - * this software and associated documentation files (the "Software"), to deal in - * the Software without restriction, including without limitation the rights to - * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of - * the Software, and to permit persons to whom the Software is furnished to do so, - * subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS - * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR - * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER - * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - * - * https://www.FreeRTOS.org - * https://github.com/FreeRTOS - */ - - - - - - -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/rp2040_config.h" 1 -/* - * FreeRTOS Kernel V10.4.3 - * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. - * Copyright (c) 2021 Raspberry Pi (Trading) Ltd. - * - * SPDX-License-Identifier: MIT AND BSD-3-Clause - * - * Permission is hereby granted, free of charge, to any person obtaining a copy of - * this software and associated documentation files (the "Software"), to deal in - * the Software without restriction, including without limitation the rights to - * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of - * the Software, and to permit persons to whom the Software is furnished to do so, - * subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS - * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR - * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER - * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - * - * https://www.FreeRTOS.org - * https://github.com/FreeRTOS - */ -// # 36 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/rp2040_config.h" -/* configUSE_DYNAMIC_EXCEPTION_HANDLERS == 1 means set the exception handlers dynamically on cores - * that need them in case the user has set up distinct vector table offsets per core - */ -// # 47 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/rp2040_config.h" -/* configSUPPORT_PICO_SYNC_INTEROP == 1 means that SDK pico_sync - * sem/mutex/queue etc. will work correctly when called from FreeRTOS tasks - */ - - - - - - -/* configSUPPORT_PICO_SYNC_INTEROP == 1 means that SDK pico_time - * sleep_ms/sleep_us/sleep_until will work correctly when called from FreeRTOS - * tasks, and will actually block at the FreeRTOS level - */ - - - - - - - - /* configTICK_CORE indicates which core should handle the SysTick - * interrupts */ - - - - - -/* This SMP port requires two spin locks, which are claimed from the SDK. - * the spin lock numbers to be used are defined statically and defaulted here - * to the values nominally set aside for RTOS by the SDK */ -// # 35 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Source/portable/ThirdParty/GCC/RP2040/include/freertos_sdk_config.h" 2 - - - // increase the amount of time it may reasonably take to wake us up - - - - - - extern uint32_t ulPortLockGetCurrentOwnerId(void); - - - - struct lock_core; - - extern void vPortLockInternalSpinUnlockWithWait( struct lock_core *pxLock, uint32_t ulSave); - - - - - extern void vPortLockInternalSpinUnlockWithNotify( struct lock_core *pxLock, uint32_t save); - - - - - extern bool xPortLockInternalSpinUnlockWithBestEffortWaitOrTimeout( struct lock_core *pxLock, uint32_t ulSave, absolute_time_t uxUntil); - - - - - - - extern void xPortSyncInternalYieldUntilBefore(absolute_time_t t); -// # 8 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base/pico/config_autogen.h" 2 -// # 1 "/Users/reitobia/programs/pico-sdk/src/boards/include/boards/pico.h" 1 -/* - * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - -// ----------------------------------------------------- -// NOTE: THIS HEADER IS ALSO INCLUDED BY ASSEMBLER SO -// SHOULD ONLY CONSIST OF PREPROCESSOR DIRECTIVES -// ----------------------------------------------------- - -// This header may be included by other board headers as "boards/pico.h" - - - - -// For board detection - - -// --- UART --- -// # 31 "/Users/reitobia/programs/pico-sdk/src/boards/include/boards/pico.h" -// --- LED --- - - - -// no PICO_DEFAULT_WS2812_PIN - -// --- I2C --- -// # 48 "/Users/reitobia/programs/pico-sdk/src/boards/include/boards/pico.h" -// --- SPI --- -// # 65 "/Users/reitobia/programs/pico-sdk/src/boards/include/boards/pico.h" -// --- FLASH --- -// # 77 "/Users/reitobia/programs/pico-sdk/src/boards/include/boards/pico.h" -// Drive high to force power supply into PWM mode (lower ripple on 3V3 at light loads) -// # 9 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base/pico/config_autogen.h" 2 - -// based on PICO_RP2040_CONFIG_HEADER_FILES: - -// # 1 "/Users/reitobia/programs/pico-sdk/src/rp2_common/cmsis/include/cmsis/rename_exceptions.h" 1 -/* - * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -// # 12 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base/pico/config_autogen.h" 2 -// # 20 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico/config.h" 2 - -// PICO_CONFIG: PICO_CONFIG_RTOS_ADAPTER_HEADER, unquoted path to header include in the default pico/config.h for RTOS integration defines that must be included in all sources, group=pico_base -// # 30 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico.h" 2 - -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h" 1 -/* - * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - - - - -/** \file platform.h - * \defgroup pico_platform pico_platform - * - * Macros and definitions (and functions when included by non assembly code) for the RP2 family device / architecture - * to provide a common abstraction over low level compiler / platform specifics. - * - * This header may be included by assembly code - */ - -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2040/hardware_regs/include/hardware/platform_defs.h" 1 -/* - * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - - - - -// This header is included from C and assembler - intended mostly for #defines; guard other stuff with #ifdef __ASSEMBLER__ -// # 40 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2040/hardware_regs/include/hardware/platform_defs.h" -// PICO_CONFIG: XOSC_MHZ, The crystal oscillator frequency in Mhz, type=int, default=12, advanced=true, group=hardware_base -// # 20 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h" 2 -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2040/hardware_regs/include/hardware/regs/addressmap.h" 1 -/** - * Copyright (c) 2021 Raspberry Pi (Trading) Ltd. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - - - - - -// Register address offsets for atomic RMW aliases -// # 21 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h" 2 -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2040/hardware_regs/include/hardware/regs/sio.h" 1 -/** - * Copyright (c) 2022 Raspberry Pi (Trading) Ltd. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -// ============================================================================= -// Register block : SIO -// Version : 1 -// Bus type : apb -// Description : Single-cycle IO block -// Provides core-local and inter-core hardware for the two -// processors, with single-cycle access. -// ============================================================================= - - -// ============================================================================= -// Register : SIO_CPUID -// Description : Processor core identifier -// Value is 0 when read from processor core 0, and 1 when read -// from processor core 1. - - - - - - -// ============================================================================= -// Register : SIO_GPIO_IN -// Description : Input value for GPIO pins -// Input value for GPIO0...29 - - - - - - -// ============================================================================= -// Register : SIO_GPIO_HI_IN -// Description : Input value for QSPI pins -// Input value on QSPI IO in order 0..5: SCLK, SSn, SD0, SD1, SD2, -// SD3 - - - - - - -// ============================================================================= -// Register : SIO_GPIO_OUT -// Description : GPIO output value -// Set output level (1/0 -> high/low) for GPIO0...29. -// Reading back gives the last value written, NOT the input value -// from the pins. -// If core 0 and core 1 both write to GPIO_OUT simultaneously (or -// to a SET/CLR/XOR alias), -// the result is as though the write from core 0 took place first, -// and the write from core 1 was then applied to that intermediate -// result. - - - - - - -// ============================================================================= -// Register : SIO_GPIO_OUT_SET -// Description : GPIO output value set -// Perform an atomic bit-set on GPIO_OUT, i.e. `GPIO_OUT |= wdata` - - - - - - -// ============================================================================= -// Register : SIO_GPIO_OUT_CLR -// Description : GPIO output value clear -// Perform an atomic bit-clear on GPIO_OUT, i.e. `GPIO_OUT &= -// ~wdata` - - - - - - -// ============================================================================= -// Register : SIO_GPIO_OUT_XOR -// Description : GPIO output value XOR -// Perform an atomic bitwise XOR on GPIO_OUT, i.e. `GPIO_OUT ^= -// wdata` - - - - - - -// ============================================================================= -// Register : SIO_GPIO_OE -// Description : GPIO output enable -// Set output enable (1/0 -> output/input) for GPIO0...29. -// Reading back gives the last value written. -// If core 0 and core 1 both write to GPIO_OE simultaneously (or -// to a SET/CLR/XOR alias), -// the result is as though the write from core 0 took place first, -// and the write from core 1 was then applied to that intermediate -// result. - - - - - - -// ============================================================================= -// Register : SIO_GPIO_OE_SET -// Description : GPIO output enable set -// Perform an atomic bit-set on GPIO_OE, i.e. `GPIO_OE |= wdata` - - - - - - -// ============================================================================= -// Register : SIO_GPIO_OE_CLR -// Description : GPIO output enable clear -// Perform an atomic bit-clear on GPIO_OE, i.e. `GPIO_OE &= -// ~wdata` - - - - - - -// ============================================================================= -// Register : SIO_GPIO_OE_XOR -// Description : GPIO output enable XOR -// Perform an atomic bitwise XOR on GPIO_OE, i.e. `GPIO_OE ^= -// wdata` - - - - - - -// ============================================================================= -// Register : SIO_GPIO_HI_OUT -// Description : QSPI output value -// Set output level (1/0 -> high/low) for QSPI IO0...5. -// Reading back gives the last value written, NOT the input value -// from the pins. -// If core 0 and core 1 both write to GPIO_HI_OUT simultaneously -// (or to a SET/CLR/XOR alias), -// the result is as though the write from core 0 took place first, -// and the write from core 1 was then applied to that intermediate -// result. - - - - - - -// ============================================================================= -// Register : SIO_GPIO_HI_OUT_SET -// Description : QSPI output value set -// Perform an atomic bit-set on GPIO_HI_OUT, i.e. `GPIO_HI_OUT |= -// wdata` - - - - - - -// ============================================================================= -// Register : SIO_GPIO_HI_OUT_CLR -// Description : QSPI output value clear -// Perform an atomic bit-clear on GPIO_HI_OUT, i.e. `GPIO_HI_OUT -// &= ~wdata` - - - - - - -// ============================================================================= -// Register : SIO_GPIO_HI_OUT_XOR -// Description : QSPI output value XOR -// Perform an atomic bitwise XOR on GPIO_HI_OUT, i.e. `GPIO_HI_OUT -// ^= wdata` - - - - - - -// ============================================================================= -// Register : SIO_GPIO_HI_OE -// Description : QSPI output enable -// Set output enable (1/0 -> output/input) for QSPI IO0...5. -// Reading back gives the last value written. -// If core 0 and core 1 both write to GPIO_HI_OE simultaneously -// (or to a SET/CLR/XOR alias), -// the result is as though the write from core 0 took place first, -// and the write from core 1 was then applied to that intermediate -// result. - - - - - - -// ============================================================================= -// Register : SIO_GPIO_HI_OE_SET -// Description : QSPI output enable set -// Perform an atomic bit-set on GPIO_HI_OE, i.e. `GPIO_HI_OE |= -// wdata` - - - - - - -// ============================================================================= -// Register : SIO_GPIO_HI_OE_CLR -// Description : QSPI output enable clear -// Perform an atomic bit-clear on GPIO_HI_OE, i.e. `GPIO_HI_OE &= -// ~wdata` - - - - - - -// ============================================================================= -// Register : SIO_GPIO_HI_OE_XOR -// Description : QSPI output enable XOR -// Perform an atomic bitwise XOR on GPIO_HI_OE, i.e. `GPIO_HI_OE -// ^= wdata` - - - - - - -// ============================================================================= -// Register : SIO_FIFO_ST -// Description : Status register for inter-core FIFOs (mailboxes). -// There is one FIFO in the core 0 -> core 1 direction, and one -// core 1 -> core 0. Both are 32 bits wide and 8 words deep. -// Core 0 can see the read side of the 1->0 FIFO (RX), and the -// write side of 0->1 FIFO (TX). -// Core 1 can see the read side of the 0->1 FIFO (RX), and the -// write side of 1->0 FIFO (TX). -// The SIO IRQ for each core is the logical OR of the VLD, WOF and -// ROE fields of its FIFO_ST register. - - - -// ----------------------------------------------------------------------------- -// Field : SIO_FIFO_ST_ROE -// Description : Sticky flag indicating the RX FIFO was read when empty. This -// read was ignored by the FIFO. - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_FIFO_ST_WOF -// Description : Sticky flag indicating the TX FIFO was written when full. This -// write was ignored by the FIFO. - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_FIFO_ST_RDY -// Description : Value is 1 if this core's TX FIFO is not full (i.e. if FIFO_WR -// is ready for more data) - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_FIFO_ST_VLD -// Description : Value is 1 if this core's RX FIFO is not empty (i.e. if FIFO_RD -// is valid) - - - - - -// ============================================================================= -// Register : SIO_FIFO_WR -// Description : Write access to this core's TX FIFO - - - - - - -// ============================================================================= -// Register : SIO_FIFO_RD -// Description : Read access to this core's RX FIFO - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK_ST -// Description : Spinlock state -// A bitmap containing the state of all 32 spinlocks (1=locked). -// Mainly intended for debugging. - - - - - - -// ============================================================================= -// Register : SIO_DIV_UDIVIDEND -// Description : Divider unsigned dividend -// Write to the DIVIDEND operand of the divider, i.e. the p in `p -// / q`. -// Any operand write starts a new calculation. The results appear -// in QUOTIENT, REMAINDER. -// UDIVIDEND/SDIVIDEND are aliases of the same internal register. -// The U alias starts an -// unsigned calculation, and the S alias starts a signed -// calculation. - - - - - - -// ============================================================================= -// Register : SIO_DIV_UDIVISOR -// Description : Divider unsigned divisor -// Write to the DIVISOR operand of the divider, i.e. the q in `p / -// q`. -// Any operand write starts a new calculation. The results appear -// in QUOTIENT, REMAINDER. -// UDIVISOR/SDIVISOR are aliases of the same internal register. -// The U alias starts an -// unsigned calculation, and the S alias starts a signed -// calculation. - - - - - - -// ============================================================================= -// Register : SIO_DIV_SDIVIDEND -// Description : Divider signed dividend -// The same as UDIVIDEND, but starts a signed calculation, rather -// than unsigned. - - - - - - -// ============================================================================= -// Register : SIO_DIV_SDIVISOR -// Description : Divider signed divisor -// The same as UDIVISOR, but starts a signed calculation, rather -// than unsigned. - - - - - - -// ============================================================================= -// Register : SIO_DIV_QUOTIENT -// Description : Divider result quotient -// The result of `DIVIDEND / DIVISOR` (division). Contents -// undefined while CSR_READY is low. -// For signed calculations, QUOTIENT is negative when the signs of -// DIVIDEND and DIVISOR differ. -// This register can be written to directly, for context -// save/restore purposes. This halts any -// in-progress calculation and sets the CSR_READY and CSR_DIRTY -// flags. -// Reading from QUOTIENT clears the CSR_DIRTY flag, so should read -// results in the order -// REMAINDER, QUOTIENT if CSR_DIRTY is used. - - - - - - -// ============================================================================= -// Register : SIO_DIV_REMAINDER -// Description : Divider result remainder -// The result of `DIVIDEND % DIVISOR` (modulo). Contents undefined -// while CSR_READY is low. -// For signed calculations, REMAINDER is negative only when -// DIVIDEND is negative. -// This register can be written to directly, for context -// save/restore purposes. This halts any -// in-progress calculation and sets the CSR_READY and CSR_DIRTY -// flags. - - - - - - -// ============================================================================= -// Register : SIO_DIV_CSR -// Description : Control and status register for divider. - - - -// ----------------------------------------------------------------------------- -// Field : SIO_DIV_CSR_DIRTY -// Description : Changes to 1 when any register is written, and back to 0 when -// QUOTIENT is read. -// Software can use this flag to make save/restore more efficient -// (skip if not DIRTY). -// If the flag is used in this way, it's recommended to either -// read QUOTIENT only, -// or REMAINDER and then QUOTIENT, to prevent data loss on context -// switch. - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_DIV_CSR_READY -// Description : Reads as 0 when a calculation is in progress, 1 otherwise. -// Writing an operand (xDIVIDEND, xDIVISOR) will immediately start -// a new calculation, no -// matter if one is already in progress. -// Writing to a result register will immediately terminate any -// in-progress calculation -// and set the READY and DIRTY flags. - - - - - -// ============================================================================= -// Register : SIO_INTERP0_ACCUM0 -// Description : Read/write access to accumulator 0 - - - - - - -// ============================================================================= -// Register : SIO_INTERP0_ACCUM1 -// Description : Read/write access to accumulator 1 - - - - - - -// ============================================================================= -// Register : SIO_INTERP0_BASE0 -// Description : Read/write access to BASE0 register. - - - - - - -// ============================================================================= -// Register : SIO_INTERP0_BASE1 -// Description : Read/write access to BASE1 register. - - - - - - -// ============================================================================= -// Register : SIO_INTERP0_BASE2 -// Description : Read/write access to BASE2 register. - - - - - - -// ============================================================================= -// Register : SIO_INTERP0_POP_LANE0 -// Description : Read LANE0 result, and simultaneously write lane results to -// both accumulators (POP). - - - - - - -// ============================================================================= -// Register : SIO_INTERP0_POP_LANE1 -// Description : Read LANE1 result, and simultaneously write lane results to -// both accumulators (POP). - - - - - - -// ============================================================================= -// Register : SIO_INTERP0_POP_FULL -// Description : Read FULL result, and simultaneously write lane results to both -// accumulators (POP). - - - - - - -// ============================================================================= -// Register : SIO_INTERP0_PEEK_LANE0 -// Description : Read LANE0 result, without altering any internal state (PEEK). - - - - - - -// ============================================================================= -// Register : SIO_INTERP0_PEEK_LANE1 -// Description : Read LANE1 result, without altering any internal state (PEEK). - - - - - - -// ============================================================================= -// Register : SIO_INTERP0_PEEK_FULL -// Description : Read FULL result, without altering any internal state (PEEK). - - - - - - -// ============================================================================= -// Register : SIO_INTERP0_CTRL_LANE0 -// Description : Control register for lane 0 - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP0_CTRL_LANE0_OVERF -// Description : Set if either OVERF0 or OVERF1 is set. - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP0_CTRL_LANE0_OVERF1 -// Description : Indicates if any masked-off MSBs in ACCUM1 are set. - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP0_CTRL_LANE0_OVERF0 -// Description : Indicates if any masked-off MSBs in ACCUM0 are set. - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP0_CTRL_LANE0_BLEND -// Description : Only present on INTERP0 on each core. If BLEND mode is enabled: -// - LANE1 result is a linear interpolation between BASE0 and -// BASE1, controlled -// by the 8 LSBs of lane 1 shift and mask value (a fractional -// number between -// 0 and 255/256ths) -// - LANE0 result does not have BASE0 added (yields only the 8 -// LSBs of lane 1 shift+mask value) -// - FULL result does not have lane 1 shift+mask value added -// (BASE2 + lane 0 shift+mask) -// LANE1 SIGNED flag controls whether the interpolation is signed -// or unsigned. - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP0_CTRL_LANE0_FORCE_MSB -// Description : ORed into bits 29:28 of the lane result presented to the -// processor on the bus. -// No effect on the internal 32-bit datapath. Handy for using a -// lane to generate sequence -// of pointers into flash or SRAM. - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP0_CTRL_LANE0_ADD_RAW -// Description : If 1, mask + shift is bypassed for LANE0 result. This does not -// affect FULL result. - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP0_CTRL_LANE0_CROSS_RESULT -// Description : If 1, feed the opposite lane's result into this lane's -// accumulator on POP. - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP0_CTRL_LANE0_CROSS_INPUT -// Description : If 1, feed the opposite lane's accumulator into this lane's -// shift + mask hardware. -// Takes effect even if ADD_RAW is set (the CROSS_INPUT mux is -// before the shift+mask bypass) - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP0_CTRL_LANE0_SIGNED -// Description : If SIGNED is set, the shifted and masked accumulator value is -// sign-extended to 32 bits -// before adding to BASE0, and LANE0 PEEK/POP appear extended to -// 32 bits when read by processor. - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP0_CTRL_LANE0_MASK_MSB -// Description : The most-significant bit allowed to pass by the mask -// (inclusive) -// Setting MSB < LSB may cause chip to turn inside-out - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP0_CTRL_LANE0_MASK_LSB -// Description : The least-significant bit allowed to pass by the mask -// (inclusive) - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP0_CTRL_LANE0_SHIFT -// Description : Logical right-shift applied to accumulator before masking - - - - - -// ============================================================================= -// Register : SIO_INTERP0_CTRL_LANE1 -// Description : Control register for lane 1 - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP0_CTRL_LANE1_FORCE_MSB -// Description : ORed into bits 29:28 of the lane result presented to the -// processor on the bus. -// No effect on the internal 32-bit datapath. Handy for using a -// lane to generate sequence -// of pointers into flash or SRAM. - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP0_CTRL_LANE1_ADD_RAW -// Description : If 1, mask + shift is bypassed for LANE1 result. This does not -// affect FULL result. - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP0_CTRL_LANE1_CROSS_RESULT -// Description : If 1, feed the opposite lane's result into this lane's -// accumulator on POP. - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP0_CTRL_LANE1_CROSS_INPUT -// Description : If 1, feed the opposite lane's accumulator into this lane's -// shift + mask hardware. -// Takes effect even if ADD_RAW is set (the CROSS_INPUT mux is -// before the shift+mask bypass) - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP0_CTRL_LANE1_SIGNED -// Description : If SIGNED is set, the shifted and masked accumulator value is -// sign-extended to 32 bits -// before adding to BASE1, and LANE1 PEEK/POP appear extended to -// 32 bits when read by processor. - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP0_CTRL_LANE1_MASK_MSB -// Description : The most-significant bit allowed to pass by the mask -// (inclusive) -// Setting MSB < LSB may cause chip to turn inside-out - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP0_CTRL_LANE1_MASK_LSB -// Description : The least-significant bit allowed to pass by the mask -// (inclusive) - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP0_CTRL_LANE1_SHIFT -// Description : Logical right-shift applied to accumulator before masking - - - - - -// ============================================================================= -// Register : SIO_INTERP0_ACCUM0_ADD -// Description : Values written here are atomically added to ACCUM0 -// Reading yields lane 0's raw shift and mask value (BASE0 not -// added). - - - - - - -// ============================================================================= -// Register : SIO_INTERP0_ACCUM1_ADD -// Description : Values written here are atomically added to ACCUM1 -// Reading yields lane 1's raw shift and mask value (BASE1 not -// added). - - - - - - -// ============================================================================= -// Register : SIO_INTERP0_BASE_1AND0 -// Description : On write, the lower 16 bits go to BASE0, upper bits to BASE1 -// simultaneously. -// Each half is sign-extended to 32 bits if that lane's SIGNED -// flag is set. - - - - - - -// ============================================================================= -// Register : SIO_INTERP1_ACCUM0 -// Description : Read/write access to accumulator 0 - - - - - - -// ============================================================================= -// Register : SIO_INTERP1_ACCUM1 -// Description : Read/write access to accumulator 1 - - - - - - -// ============================================================================= -// Register : SIO_INTERP1_BASE0 -// Description : Read/write access to BASE0 register. - - - - - - -// ============================================================================= -// Register : SIO_INTERP1_BASE1 -// Description : Read/write access to BASE1 register. - - - - - - -// ============================================================================= -// Register : SIO_INTERP1_BASE2 -// Description : Read/write access to BASE2 register. - - - - - - -// ============================================================================= -// Register : SIO_INTERP1_POP_LANE0 -// Description : Read LANE0 result, and simultaneously write lane results to -// both accumulators (POP). - - - - - - -// ============================================================================= -// Register : SIO_INTERP1_POP_LANE1 -// Description : Read LANE1 result, and simultaneously write lane results to -// both accumulators (POP). - - - - - - -// ============================================================================= -// Register : SIO_INTERP1_POP_FULL -// Description : Read FULL result, and simultaneously write lane results to both -// accumulators (POP). - - - - - - -// ============================================================================= -// Register : SIO_INTERP1_PEEK_LANE0 -// Description : Read LANE0 result, without altering any internal state (PEEK). - - - - - - -// ============================================================================= -// Register : SIO_INTERP1_PEEK_LANE1 -// Description : Read LANE1 result, without altering any internal state (PEEK). - - - - - - -// ============================================================================= -// Register : SIO_INTERP1_PEEK_FULL -// Description : Read FULL result, without altering any internal state (PEEK). - - - - - - -// ============================================================================= -// Register : SIO_INTERP1_CTRL_LANE0 -// Description : Control register for lane 0 - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP1_CTRL_LANE0_OVERF -// Description : Set if either OVERF0 or OVERF1 is set. - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP1_CTRL_LANE0_OVERF1 -// Description : Indicates if any masked-off MSBs in ACCUM1 are set. - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP1_CTRL_LANE0_OVERF0 -// Description : Indicates if any masked-off MSBs in ACCUM0 are set. - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP1_CTRL_LANE0_CLAMP -// Description : Only present on INTERP1 on each core. If CLAMP mode is enabled: -// - LANE0 result is shifted and masked ACCUM0, clamped by a lower -// bound of -// BASE0 and an upper bound of BASE1. -// - Signedness of these comparisons is determined by -// LANE0_CTRL_SIGNED - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP1_CTRL_LANE0_FORCE_MSB -// Description : ORed into bits 29:28 of the lane result presented to the -// processor on the bus. -// No effect on the internal 32-bit datapath. Handy for using a -// lane to generate sequence -// of pointers into flash or SRAM. - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP1_CTRL_LANE0_ADD_RAW -// Description : If 1, mask + shift is bypassed for LANE0 result. This does not -// affect FULL result. - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP1_CTRL_LANE0_CROSS_RESULT -// Description : If 1, feed the opposite lane's result into this lane's -// accumulator on POP. - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP1_CTRL_LANE0_CROSS_INPUT -// Description : If 1, feed the opposite lane's accumulator into this lane's -// shift + mask hardware. -// Takes effect even if ADD_RAW is set (the CROSS_INPUT mux is -// before the shift+mask bypass) - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP1_CTRL_LANE0_SIGNED -// Description : If SIGNED is set, the shifted and masked accumulator value is -// sign-extended to 32 bits -// before adding to BASE0, and LANE0 PEEK/POP appear extended to -// 32 bits when read by processor. - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP1_CTRL_LANE0_MASK_MSB -// Description : The most-significant bit allowed to pass by the mask -// (inclusive) -// Setting MSB < LSB may cause chip to turn inside-out - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP1_CTRL_LANE0_MASK_LSB -// Description : The least-significant bit allowed to pass by the mask -// (inclusive) - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP1_CTRL_LANE0_SHIFT -// Description : Logical right-shift applied to accumulator before masking - - - - - -// ============================================================================= -// Register : SIO_INTERP1_CTRL_LANE1 -// Description : Control register for lane 1 - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP1_CTRL_LANE1_FORCE_MSB -// Description : ORed into bits 29:28 of the lane result presented to the -// processor on the bus. -// No effect on the internal 32-bit datapath. Handy for using a -// lane to generate sequence -// of pointers into flash or SRAM. - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP1_CTRL_LANE1_ADD_RAW -// Description : If 1, mask + shift is bypassed for LANE1 result. This does not -// affect FULL result. - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP1_CTRL_LANE1_CROSS_RESULT -// Description : If 1, feed the opposite lane's result into this lane's -// accumulator on POP. - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP1_CTRL_LANE1_CROSS_INPUT -// Description : If 1, feed the opposite lane's accumulator into this lane's -// shift + mask hardware. -// Takes effect even if ADD_RAW is set (the CROSS_INPUT mux is -// before the shift+mask bypass) - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP1_CTRL_LANE1_SIGNED -// Description : If SIGNED is set, the shifted and masked accumulator value is -// sign-extended to 32 bits -// before adding to BASE1, and LANE1 PEEK/POP appear extended to -// 32 bits when read by processor. - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP1_CTRL_LANE1_MASK_MSB -// Description : The most-significant bit allowed to pass by the mask -// (inclusive) -// Setting MSB < LSB may cause chip to turn inside-out - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP1_CTRL_LANE1_MASK_LSB -// Description : The least-significant bit allowed to pass by the mask -// (inclusive) - - - - - -// ----------------------------------------------------------------------------- -// Field : SIO_INTERP1_CTRL_LANE1_SHIFT -// Description : Logical right-shift applied to accumulator before masking - - - - - -// ============================================================================= -// Register : SIO_INTERP1_ACCUM0_ADD -// Description : Values written here are atomically added to ACCUM0 -// Reading yields lane 0's raw shift and mask value (BASE0 not -// added). - - - - - - -// ============================================================================= -// Register : SIO_INTERP1_ACCUM1_ADD -// Description : Values written here are atomically added to ACCUM1 -// Reading yields lane 1's raw shift and mask value (BASE1 not -// added). - - - - - - -// ============================================================================= -// Register : SIO_INTERP1_BASE_1AND0 -// Description : On write, the lower 16 bits go to BASE0, upper bits to BASE1 -// simultaneously. -// Each half is sign-extended to 32 bits if that lane's SIGNED -// flag is set. - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK0 -// Description : Reading from a spinlock address will: -// - Return 0 if lock is already locked -// - Otherwise return nonzero, and simultaneously claim the lock -// -// Writing (any value) releases the lock. -// If core 0 and core 1 attempt to claim the same lock -// simultaneously, core 0 wins. -// The value returned on success is 0x1 << lock number. - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK1 -// Description : Reading from a spinlock address will: -// - Return 0 if lock is already locked -// - Otherwise return nonzero, and simultaneously claim the lock -// -// Writing (any value) releases the lock. -// If core 0 and core 1 attempt to claim the same lock -// simultaneously, core 0 wins. -// The value returned on success is 0x1 << lock number. - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK2 -// Description : Reading from a spinlock address will: -// - Return 0 if lock is already locked -// - Otherwise return nonzero, and simultaneously claim the lock -// -// Writing (any value) releases the lock. -// If core 0 and core 1 attempt to claim the same lock -// simultaneously, core 0 wins. -// The value returned on success is 0x1 << lock number. - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK3 -// Description : Reading from a spinlock address will: -// - Return 0 if lock is already locked -// - Otherwise return nonzero, and simultaneously claim the lock -// -// Writing (any value) releases the lock. -// If core 0 and core 1 attempt to claim the same lock -// simultaneously, core 0 wins. -// The value returned on success is 0x1 << lock number. - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK4 -// Description : Reading from a spinlock address will: -// - Return 0 if lock is already locked -// - Otherwise return nonzero, and simultaneously claim the lock -// -// Writing (any value) releases the lock. -// If core 0 and core 1 attempt to claim the same lock -// simultaneously, core 0 wins. -// The value returned on success is 0x1 << lock number. - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK5 -// Description : Reading from a spinlock address will: -// - Return 0 if lock is already locked -// - Otherwise return nonzero, and simultaneously claim the lock -// -// Writing (any value) releases the lock. -// If core 0 and core 1 attempt to claim the same lock -// simultaneously, core 0 wins. -// The value returned on success is 0x1 << lock number. - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK6 -// Description : Reading from a spinlock address will: -// - Return 0 if lock is already locked -// - Otherwise return nonzero, and simultaneously claim the lock -// -// Writing (any value) releases the lock. -// If core 0 and core 1 attempt to claim the same lock -// simultaneously, core 0 wins. -// The value returned on success is 0x1 << lock number. - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK7 -// Description : Reading from a spinlock address will: -// - Return 0 if lock is already locked -// - Otherwise return nonzero, and simultaneously claim the lock -// -// Writing (any value) releases the lock. -// If core 0 and core 1 attempt to claim the same lock -// simultaneously, core 0 wins. -// The value returned on success is 0x1 << lock number. - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK8 -// Description : Reading from a spinlock address will: -// - Return 0 if lock is already locked -// - Otherwise return nonzero, and simultaneously claim the lock -// -// Writing (any value) releases the lock. -// If core 0 and core 1 attempt to claim the same lock -// simultaneously, core 0 wins. -// The value returned on success is 0x1 << lock number. - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK9 -// Description : Reading from a spinlock address will: -// - Return 0 if lock is already locked -// - Otherwise return nonzero, and simultaneously claim the lock -// -// Writing (any value) releases the lock. -// If core 0 and core 1 attempt to claim the same lock -// simultaneously, core 0 wins. -// The value returned on success is 0x1 << lock number. - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK10 -// Description : Reading from a spinlock address will: -// - Return 0 if lock is already locked -// - Otherwise return nonzero, and simultaneously claim the lock -// -// Writing (any value) releases the lock. -// If core 0 and core 1 attempt to claim the same lock -// simultaneously, core 0 wins. -// The value returned on success is 0x1 << lock number. - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK11 -// Description : Reading from a spinlock address will: -// - Return 0 if lock is already locked -// - Otherwise return nonzero, and simultaneously claim the lock -// -// Writing (any value) releases the lock. -// If core 0 and core 1 attempt to claim the same lock -// simultaneously, core 0 wins. -// The value returned on success is 0x1 << lock number. - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK12 -// Description : Reading from a spinlock address will: -// - Return 0 if lock is already locked -// - Otherwise return nonzero, and simultaneously claim the lock -// -// Writing (any value) releases the lock. -// If core 0 and core 1 attempt to claim the same lock -// simultaneously, core 0 wins. -// The value returned on success is 0x1 << lock number. - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK13 -// Description : Reading from a spinlock address will: -// - Return 0 if lock is already locked -// - Otherwise return nonzero, and simultaneously claim the lock -// -// Writing (any value) releases the lock. -// If core 0 and core 1 attempt to claim the same lock -// simultaneously, core 0 wins. -// The value returned on success is 0x1 << lock number. - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK14 -// Description : Reading from a spinlock address will: -// - Return 0 if lock is already locked -// - Otherwise return nonzero, and simultaneously claim the lock -// -// Writing (any value) releases the lock. -// If core 0 and core 1 attempt to claim the same lock -// simultaneously, core 0 wins. -// The value returned on success is 0x1 << lock number. - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK15 -// Description : Reading from a spinlock address will: -// - Return 0 if lock is already locked -// - Otherwise return nonzero, and simultaneously claim the lock -// -// Writing (any value) releases the lock. -// If core 0 and core 1 attempt to claim the same lock -// simultaneously, core 0 wins. -// The value returned on success is 0x1 << lock number. - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK16 -// Description : Reading from a spinlock address will: -// - Return 0 if lock is already locked -// - Otherwise return nonzero, and simultaneously claim the lock -// -// Writing (any value) releases the lock. -// If core 0 and core 1 attempt to claim the same lock -// simultaneously, core 0 wins. -// The value returned on success is 0x1 << lock number. - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK17 -// Description : Reading from a spinlock address will: -// - Return 0 if lock is already locked -// - Otherwise return nonzero, and simultaneously claim the lock -// -// Writing (any value) releases the lock. -// If core 0 and core 1 attempt to claim the same lock -// simultaneously, core 0 wins. -// The value returned on success is 0x1 << lock number. - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK18 -// Description : Reading from a spinlock address will: -// - Return 0 if lock is already locked -// - Otherwise return nonzero, and simultaneously claim the lock -// -// Writing (any value) releases the lock. -// If core 0 and core 1 attempt to claim the same lock -// simultaneously, core 0 wins. -// The value returned on success is 0x1 << lock number. - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK19 -// Description : Reading from a spinlock address will: -// - Return 0 if lock is already locked -// - Otherwise return nonzero, and simultaneously claim the lock -// -// Writing (any value) releases the lock. -// If core 0 and core 1 attempt to claim the same lock -// simultaneously, core 0 wins. -// The value returned on success is 0x1 << lock number. - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK20 -// Description : Reading from a spinlock address will: -// - Return 0 if lock is already locked -// - Otherwise return nonzero, and simultaneously claim the lock -// -// Writing (any value) releases the lock. -// If core 0 and core 1 attempt to claim the same lock -// simultaneously, core 0 wins. -// The value returned on success is 0x1 << lock number. - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK21 -// Description : Reading from a spinlock address will: -// - Return 0 if lock is already locked -// - Otherwise return nonzero, and simultaneously claim the lock -// -// Writing (any value) releases the lock. -// If core 0 and core 1 attempt to claim the same lock -// simultaneously, core 0 wins. -// The value returned on success is 0x1 << lock number. - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK22 -// Description : Reading from a spinlock address will: -// - Return 0 if lock is already locked -// - Otherwise return nonzero, and simultaneously claim the lock -// -// Writing (any value) releases the lock. -// If core 0 and core 1 attempt to claim the same lock -// simultaneously, core 0 wins. -// The value returned on success is 0x1 << lock number. - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK23 -// Description : Reading from a spinlock address will: -// - Return 0 if lock is already locked -// - Otherwise return nonzero, and simultaneously claim the lock -// -// Writing (any value) releases the lock. -// If core 0 and core 1 attempt to claim the same lock -// simultaneously, core 0 wins. -// The value returned on success is 0x1 << lock number. - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK24 -// Description : Reading from a spinlock address will: -// - Return 0 if lock is already locked -// - Otherwise return nonzero, and simultaneously claim the lock -// -// Writing (any value) releases the lock. -// If core 0 and core 1 attempt to claim the same lock -// simultaneously, core 0 wins. -// The value returned on success is 0x1 << lock number. - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK25 -// Description : Reading from a spinlock address will: -// - Return 0 if lock is already locked -// - Otherwise return nonzero, and simultaneously claim the lock -// -// Writing (any value) releases the lock. -// If core 0 and core 1 attempt to claim the same lock -// simultaneously, core 0 wins. -// The value returned on success is 0x1 << lock number. - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK26 -// Description : Reading from a spinlock address will: -// - Return 0 if lock is already locked -// - Otherwise return nonzero, and simultaneously claim the lock -// -// Writing (any value) releases the lock. -// If core 0 and core 1 attempt to claim the same lock -// simultaneously, core 0 wins. -// The value returned on success is 0x1 << lock number. - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK27 -// Description : Reading from a spinlock address will: -// - Return 0 if lock is already locked -// - Otherwise return nonzero, and simultaneously claim the lock -// -// Writing (any value) releases the lock. -// If core 0 and core 1 attempt to claim the same lock -// simultaneously, core 0 wins. -// The value returned on success is 0x1 << lock number. - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK28 -// Description : Reading from a spinlock address will: -// - Return 0 if lock is already locked -// - Otherwise return nonzero, and simultaneously claim the lock -// -// Writing (any value) releases the lock. -// If core 0 and core 1 attempt to claim the same lock -// simultaneously, core 0 wins. -// The value returned on success is 0x1 << lock number. - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK29 -// Description : Reading from a spinlock address will: -// - Return 0 if lock is already locked -// - Otherwise return nonzero, and simultaneously claim the lock -// -// Writing (any value) releases the lock. -// If core 0 and core 1 attempt to claim the same lock -// simultaneously, core 0 wins. -// The value returned on success is 0x1 << lock number. - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK30 -// Description : Reading from a spinlock address will: -// - Return 0 if lock is already locked -// - Otherwise return nonzero, and simultaneously claim the lock -// -// Writing (any value) releases the lock. -// If core 0 and core 1 attempt to claim the same lock -// simultaneously, core 0 wins. -// The value returned on success is 0x1 << lock number. - - - - - - -// ============================================================================= -// Register : SIO_SPINLOCK31 -// Description : Reading from a spinlock address will: -// - Return 0 if lock is already locked -// - Otherwise return nonzero, and simultaneously claim the lock -// -// Writing (any value) releases the lock. -// If core 0 and core 1 attempt to claim the same lock -// simultaneously, core 0 wins. -// The value returned on success is 0x1 << lock number. - - - - - - -// ============================================================================= -// # 22 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h" 2 - -// Marker for builds targeting the RP2040 - - -// PICO_CONFIG: PICO_STACK_SIZE, Stack Size, min=0x100, default=0x800, advanced=true, group=pico_platform - - - - -// PICO_CONFIG: PICO_HEAP_SIZE, Heap size to reserve, min=0x100, default=0x800, advanced=true, group=pico_platform - - - - -// PICO_CONFIG: PICO_NO_RAM_VECTOR_TABLE, Enable/disable the RAM vector table, type=bool, default=0, advanced=true, group=pico_platform - - - - -// PICO_CONFIG: PICO_RP2040_B0_SUPPORTED, Whether to include any specific software support for RP2040 B0 revision, type=bool, default=1, advanced=true, group=pico_platform - - - - -// PICO_CONFIG: PICO_FLOAT_SUPPORT_ROM_V1, Include float support code for RP2040 B0 when that chip revision is supported , type=bool, default=1, advanced=true, group=pico_platform - - - - -// PICO_CONFIG: PICO_DOUBLE_SUPPORT_ROM_V1, Include double support code for RP2040 B0 when that chip revision is supported , type=bool, default=1, advanced=true, group=pico_platform - - - - - -// PICO_CONFIG: PICO_RP2040_B1_SUPPORTED, Whether to include any specific software support for RP2040 B1 revision, type=bool, default=1, advanced=true, group=pico_platform - - - - -// PICO_CONFIG: PICO_RP2040_B2_SUPPORTED, Whether to include any specific software support for RP2040 B2 revision, type=bool, default=1, advanced=true, group=pico_platform - - - - -// --- remainder of file is not included by assembly code --- -// # 78 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h" -/*! \brief Marker for an interrupt handler - * \ingroup pico_platform - * For example an IRQ handler function called my_interrupt_handler: - * - * void __isr my_interrupt_handler(void) { - */ - - -/*! \brief Section attribute macro for placement in RAM after the `.data` section - * \ingroup pico_platform - * - * For example a 400 element `uint32_t` array placed after the .data section - * - * uint32_t __after_data("my_group_name") a_big_array[400]; - * - * The section attribute is `.after_data.` - * - * \param group a string suffix to use in the section name to distinguish groups that can be linker - * garbage-collected independently - */ - - -/*! \brief Section attribute macro for placement not in flash (i.e in RAM) - * \ingroup pico_platform - * - * For example a 3 element `uint32_t` array placed in RAM (even though it is `static const`) - * - * static const uint32_t __not_in_flash("my_group_name") an_array[3]; - * - * The section attribute is `.time_critical.` - * - * \param group a string suffix to use in the section name to distinguish groups that can be linker - * garbage-collected independently - */ - - -/*! \brief Section attribute macro for placement in the SRAM bank 4 (known as "scratch X") - * \ingroup pico_platform - * - * Scratch X is commonly used for critical data and functions accessed only by one core (when only - * one core is accessing the RAM bank, there is no opportunity for stalls) - * - * For example a `uint32_t` variable placed in "scratch X" - * - * uint32_t __scratch_x("my_group_name") foo = 23; - * - * The section attribute is `.scratch_x.` - * - * \param group a string suffix to use in the section name to distinguish groups that can be linker - * garbage-collected independently - */ - - -/*! \brief Section attribute macro for placement in the SRAM bank 5 (known as "scratch Y") - * \ingroup pico_platform - * - * Scratch Y is commonly used for critical data and functions accessed only by one core (when only - * one core is accessing the RAM bank, there is no opportunity for stalls) - * - * For example a `uint32_t` variable placed in "scratch Y" - * - * uint32_t __scratch_y("my_group_name") foo = 23; - * - * The section attribute is `.scratch_y.` - * - * \param group a string suffix to use in the section name to distinguish groups that can be linker - * garbage-collected independently - */ - - -/*! \brief Section attribute macro for data that is to be left uninitialized - * \ingroup pico_platform - * - * Data marked this way will retain its value across a reset (normally uninitialized data - in the .bss - * section) is initialized to zero during runtime initialization - * - * For example a `uint32_t` foo that will retain its value if the program is restarted by reset. - * - * uint32_t __uninitialized_ram("my_group_name") foo; - * - * The section attribute is `.uninitialized_ram.` - * - * \param group a string suffix to use in the section name to distinguish groups that can be linker - * garbage-collected independently - */ - - -/*! \brief Section attribute macro for placement in flash even in a COPY_TO_RAM binary - * \ingroup pico_platform - * - * For example a `uint32_t` variable explicitly placed in flash (it will hard fault if you attempt to write it!) - * - * uint32_t __in_flash("my_group_name") foo = 23; - * - * The section attribute is `.flashdata.` - * - * \param group a string suffix to use in the section name to distinguish groups that can be linker - * garbage-collected independently - */ - - -/*! \brief Indicates a function should not be stored in flash - * \ingroup pico_platform - * - * Decorates a function name, such that the function will execute from RAM (assuming it is not inlined - * into a flash function by the compiler) - * - * For example a function called my_func taking an int parameter: - * - * void __not_in_flash_func(my_func)(int some_arg) { - * - * The function is placed in the `.time_critical.` linker section - * - * \see __no_inline_not_in_flash_func - */ - - -/*! \brief Indicates a function is time/latency critical and should not run from flash - * \ingroup pico_platform - * - * Decorates a function name, such that the function will execute from RAM (assuming it is not inlined - * into a flash function by the compiler) to avoid possible flash latency. Currently this macro is identical - * in implementation to `__not_in_flash_func`, however the semantics are distinct and a `__time_critical_func` - * may in the future be treated more specially to reduce the overhead when calling such function from a flash - * function. - * - * For example a function called my_func taking an int parameter: - * - * void __time_critical(my_func)(int some_arg) { - * - * The function is placed in the `.time_critical.` linker section - * - * \see __not_in_flash_func - */ - - -/*! \brief Indicate a function should not be stored in flash and should not be inlined - * \ingroup pico_platform - * - * Decorates a function name, such that the function will execute from RAM, explicitly marking it as - * noinline to prevent it being inlined into a flash function by the compiler - * - * For example a function called my_func taking an int parameter: - * - * void __no_inline_not_in_flash_func(my_func)(int some_arg) { - * - * The function is placed in the `.time_critical.` linker section - */ - - - - - - /* Reason for rewrite: - * Verifast cannot parse ths define for and unknown reason. - * - * VF-TODO: What causes the parse error? - */ -// # 253 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h" -/*! \brief Macro to determine the number of elements in an array - * \ingroup pico_platform - */ - - - - -/*! \brief Macro to return the maximum of two comparable values - * \ingroup pico_platform - */ - - - - -/*! \brief Macro to return the minimum of two comparable values - * \ingroup pico_platform - */ - - - - -/*! \brief Execute a breakpoint instruction - * \ingroup pico_platform - */ -static void __breakpoint(void) { - __asm__("bkpt #0"); -} - -/*! \brief Ensure that the compiler does not move memory access across this method call - * \ingroup pico_platform - * - * For example in the following code: - * - * *some_memory_location = var_a; - * __compiler_memory_barrier(); - * uint32_t var_b = *some_other_memory_location - * - * The compiler will not move the load from `some_other_memory_location` above the memory barrier (which it otherwise - * might - even above the memory store!) - */ - - /* Reason for rewrite: VeriFast cannot parse: - * - `__force_inline` - * - the function body - */ - static void __compiler_memory_barrier(void); - - - - - - - -/*! \brief Macro for converting memory addresses to 32 bit addresses suitable for DMA - * \ingroup pico_platform - * - * This is just a cast to `uintptr_t` on the RP2040, however you may want to use this when developing code - * that also runs in "host" mode. If the host mode is 64 bit and you are embedding data pointers - * in other data (e.g. DMA chaining), then there is a need in "host" mode to convert a 64 bit native - * pointer to a 32 bit value for storage, which can be done using this macro. - */ - - - - -/*! \brief Panics with the message "Unsupported" - * \ingroup pico_platform - * \see panic - */ - - /* Reason for rewrite: VeriFast cannot parse ``. */ - void panic_unsupported(void); - - - - -/*! \brief Displays a panic message and halts execution - * \ingroup pico_platform - * - * An attempt is made to output the message to all registered STDOUT drivers - * after which this method executes a BKPT instruction. - * - * @param fmt format string (printf-like) - * @param ... printf-like arguments - */ - - /* Reason for rewrite: VeriFast cannot parse ``. */ - void panic(const char *fmt, ...); - - - - -// PICO_CONFIG: PICO_NO_FPGA_CHECK, Remove the FPGA platform check for small code size reduction, type=bool, default=0, advanced=true, group=pico_runtime - - - - - - - -bool running_on_fpga(void); - - -/*! \brief Returns the RP2040 chip revision number - * \ingroup pico_platform - * @return the RP2040 chip revision number (1 for B0/B1, 2 for B2) - */ -uint8_t rp2040_chip_version(void); - -/*! \brief Returns the RP2040 rom version number - * \ingroup pico_platform - * @return the RP2040 rom version number (1 for RP2040-B0, 2 for RP2040-B1, 3 for RP2040-B2) - */ -static uint8_t rp2040_rom_version(void) { - - /* Reason for rewrite: VeriFast cannot parse GCC pragmas */ - return *(uint8_t*)0x13; - - - - - - -} - -/*! \brief No-op function for the body of tight loops - * \ingroup pico_platform - * - * No-op function intended to be called by any tight hardware polling loop. Using this ubiquitously - * makes it much easier to find tight loops, but also in the future \#ifdef-ed support for lockup - * debugging might be added - */ - - /* Reason for rewrite: VeriFast cannot parse `__force_inline`. */ - static void tight_loop_contents(void) {} - - - - - -/*! \brief Multiply two integers using an assembly `MUL` instruction - * \ingroup pico_platform - * - * This multiplies a by b using multiply instruction using the ARM mul instruction regardless of values (the compiler - * might otherwise choose to perform shifts/adds), i.e. this is a 1 cycle operation. - * - * \param a the first operand - * \param b the second operand - * \return a * b - */ - - /* Reason for rewrite: VeriFast cannot parse: - * - `__force_inline` - * - function body - */ - static int32_t __mul_instruction(int32_t a, int32_t b); - - - - - - - -/*! \brief multiply two integer values using the fastest method possible - * \ingroup pico_platform - * - * Efficiently multiplies value a by possibly constant value b. - * - * If b is known to be constant and not zero or a power of 2, then a mul instruction is used rather than gcc's default - * which is often a slow combination of shifts and adds. If b is a power of 2 then a single shift is of course preferable - * and will be used - * - * \param a the first operand - * \param b the second operand - * \return a * b - */ - - - - -/*! \brief Utility macro to assert two types are equivalent. - * \ingroup pico_platform - * - * This macro can be useful in other macros along with `typeof` to assert that two parameters are of equivalent type - * (or that a single parameter is of an expected type) - */ - - -/*! \brief Get the current exception level on this core - * \ingroup pico_platform - * - * \return the exception number if the CPU is handling an exception, or 0 otherwise - */ -uint __get_current_exception(void); -// # 455 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h" -/*! \brief Helper method to busy-wait for at least the given number of cycles - * \ingroup pico_platform - * - * This method is useful for introducing very short delays. - * - * This method busy-waits in a tight loop for the given number of system clock cycles. The total wait time is only accurate to within 2 cycles, - * and this method uses a loop counter rather than a hardware timer, so the method will always take longer than expected if an - * interrupt is handled on the calling core during the busy-wait; you can of course disable interrupts to prevent this. - * - * You can use \ref clock_get_hz(clk_sys) to determine the number of clock cycles per second if you want to convert an actual - * time duration to a number of cycles. - * - * \param minimum_cycles the minimum number of system clock cycles to delay for - */ - - /* Reason for rewrite: VeriFast cannot parse function body. */ - static void busy_wait_at_least_cycles(uint32_t minimum_cycles); -// # 483 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2_common/pico_platform/include/pico/platform.h" -/*! \brief Get the current core number - * \ingroup pico_platform - * - * \return The core number the call was made from - */ - - /* Reason for rewrite: VeriFast cannot parse `__force_inline`. */ - static uint get_core_num(void) - - - -{ - return (*(uint32_t *) (0xd0000000u + 0x00000000u)); -} -// # 32 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico.h" 2 -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico/error.h" 1 -/* - * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - - - - - - -/*! - * \brief Common return codes from pico_sdk methods that return a status - * \ingroup pico_base - */ - - /* Reason for rewrite: - * VeriFast's parser does not expect a colon after - * an enum's last element. - */ - enum pico_error_codes { - PICO_OK = 0, - PICO_ERROR_NONE = 0, - PICO_ERROR_TIMEOUT = -1, - PICO_ERROR_GENERIC = -2, - PICO_ERROR_NO_DATA = -3, - PICO_ERROR_NOT_PERMITTED = -4, - PICO_ERROR_INVALID_ARG = -5, - PICO_ERROR_IO = -6 - }; -// # 33 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/common/pico_base/include/pico.h" 2 -// # 38 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 2 -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2_common/hardware_sync/include/hardware/sync.h" 1 -/* - * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - - - - - -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2_common/hardware_base/include/hardware/address_mapped.h" 1 -/* - * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - - - - - - - -/** \file address_mapped.h - * \defgroup hardware_base hardware_base - * - * Low-level types and (atomic) accessors for memory-mapped hardware registers - * - * `hardware_base` defines the low level types and access functions for memory mapped hardware registers. It is included - * by default by all other hardware libraries. - * - * The following register access typedefs codify the access type (read/write) and the bus size (8/16/32) of the hardware register. - * The register type names are formed by concatenating one from each of the 3 parts A, B, C - - * A | B | C | Meaning - * ------|---|---|-------- - * io_ | | | A Memory mapped IO register - *  |ro_| | read-only access - *  |rw_| | read-write access - *  |wo_| | write-only access (can't actually be enforced via C API) - *  | | 8| 8-bit wide access - *  | | 16| 16-bit wide access - *  | | 32| 32-bit wide access - * - * When dealing with these types, you will always use a pointer, i.e. `io_rw_32 *some_reg` is a pointer to a read/write - * 32 bit register that you can write with `*some_reg = value`, or read with `value = *some_reg`. - * - * RP2040 hardware is also aliased to provide atomic setting, clear or flipping of a subset of the bits within - * a hardware register so that concurrent access by two cores is always consistent with one atomic operation - * being performed first, followed by the second. - * - * See hw_set_bits(), hw_clear_bits() and hw_xor_bits() provide for atomic access via a pointer to a 32 bit register - * - * Additionally given a pointer to a structure representing a piece of hardware (e.g. `dma_hw_t *dma_hw` for the DMA controller), you can - * get an alias to the entire structure such that writing any member (register) within the structure is equivalent - * to an atomic operation via hw_set_alias(), hw_clear_alias() or hw_xor_alias()... - * - * For example `hw_set_alias(dma_hw)->inte1 = 0x80;` will set bit 7 of the INTE1 register of the DMA controller, - * leaving the other bits unchanged. - */ -// # 58 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2_common/hardware_base/include/hardware/address_mapped.h" -// PICO_CONFIG: PARAM_ASSERTIONS_ENABLED_ADDRESS_ALIAS, Enable/disable assertions in memory address aliasing macros, type=bool, default=0, group=hardware_base - - - - -typedef volatile uint32_t io_rw_32; -typedef const volatile uint32_t io_ro_32; -typedef volatile uint32_t io_wo_32; -typedef volatile uint16_t io_rw_16; -typedef const volatile uint16_t io_ro_16; -typedef volatile uint16_t io_wo_16; -typedef volatile uint8_t io_rw_8; -typedef const volatile uint8_t io_ro_8; -typedef volatile uint8_t io_wo_8; - -typedef volatile uint8_t *const ioptr; -typedef ioptr const const_ioptr; - -// A non-functional (empty) helper macro to help IDEs follow links from the autogenerated -// hardware struct headers in hardware/structs/xxx.h to the raw register definitions -// in hardware/regs/xxx.h. A preprocessor define such as TIMER_TIMEHW_OFFSET (a timer register offset) -// is not generally clickable (in an IDE) if placed in a C comment, so _REG_(TIMER_TIMEHW_OFFSET) is -// included outside of a comment instead - - -// Helper method used by hw_alias macros to optionally check input validity - -// can't use the following impl as it breaks existing static declarations using hw_alias, so would be a backwards incompatibility -//static __force_inline uint32_t hw_alias_check_addr(volatile void *addr) { -// uint32_t rc = (uintptr_t)addr; -// invalid_params_if(ADDRESS_ALIAS, rc < 0x40000000); // catch likely non HW pointer types -// return rc; -//} - -// Helper method used by xip_alias macros to optionally check input validity -static uint32_t xip_alias_check_addr(const void *addr) { - uint32_t rc = (uintptr_t)addr; - {if (((0 || 0) && !0)) (__builtin_expect(!(rc >= 0x10000000u && rc < 0x11000000u), 0) ? __assert_rtn ((const char *)-1L, "address_mapped.h", 95, "rc >= 0x10000000u && rc < 0x11000000u") : (void)0);}; - return rc; -} - -// Untyped conversion alias pointer generation macros - - - - - - - -// Typed conversion alias pointer generation macros - - - - - - - -/*! \brief Atomically set the specified bits to 1 in a HW register - * \ingroup hardware_base - * - * \param addr Address of writable register - * \param mask Bit-mask specifying bits to set - */ - static void hw_set_bits(io_rw_32 *addr, uint32_t mask) { - *(io_rw_32 *) ((void *)((0x2u << 12u) | ((uintptr_t)((volatile void *) addr)))) = mask; -} - -/*! \brief Atomically clear the specified bits to 0 in a HW register - * \ingroup hardware_base - * - * \param addr Address of writable register - * \param mask Bit-mask specifying bits to clear - */ - static void hw_clear_bits(io_rw_32 *addr, uint32_t mask) { - *(io_rw_32 *) ((void *)((0x3u << 12u) | ((uintptr_t)((volatile void *) addr)))) = mask; -} - -/*! \brief Atomically flip the specified bits in a HW register - * \ingroup hardware_base - * - * \param addr Address of writable register - * \param mask Bit-mask specifying bits to invert - */ - static void hw_xor_bits(io_rw_32 *addr, uint32_t mask) { - *(io_rw_32 *) ((void *)((0x1u << 12u) | ((uintptr_t)((volatile void *) addr)))) = mask; -} - -/*! \brief Set new values for a sub-set of the bits in a HW register - * \ingroup hardware_base - * - * Sets destination bits to values specified in \p values, if and only if corresponding bit in \p write_mask is set - * - * Note: this method allows safe concurrent modification of *different* bits of - * a register, but multiple concurrent access to the same bits is still unsafe. - * - * \param addr Address of writable register - * \param values Bits values - * \param write_mask Mask of bits to change - */ - static void hw_write_masked(io_rw_32 *addr, uint32_t values, uint32_t write_mask) { - hw_xor_bits(addr, (*addr ^ values) & write_mask); -} -// # 12 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2_common/hardware_sync/include/hardware/sync.h" 2 - - - - - - -/** \file hardware/sync.h - * \defgroup hardware_sync hardware_sync - * - * Low level hardware spin locks, barrier and processor event APIs - * - * Spin Locks - * ---------- - * - * The RP2040 provides 32 hardware spin locks, which can be used to manage mutually-exclusive access to shared software - * and hardware resources. - * - * Generally each spin lock itself is a shared resource, - * i.e. the same hardware spin lock can be used by multiple higher level primitives (as long as the spin locks are neither held for long periods, nor - * held concurrently with other spin locks by the same core - which could lead to deadlock). A hardware spin lock that is exclusively owned can be used - * individually without more flexibility and without regard to other software. Note that no hardware spin lock may - * be acquired re-entrantly (i.e. hardware spin locks are not on their own safe for use by both thread code and IRQs) however the default spinlock related - * methods here (e.g. \ref spin_lock_blocking) always disable interrupts while the lock is held as use by IRQ handlers and user code is common/desirable, - * and spin locks are only expected to be held for brief periods. - * - * The SDK uses the following default spin lock assignments, classifying which spin locks are reserved for exclusive/special purposes - * vs those suitable for more general shared use: - * - * Number (ID) | Description - * :---------: | ----------- - * 0-13 | Currently reserved for exclusive use by the SDK and other libraries. If you use these spin locks, you risk breaking SDK or other library functionality. Each reserved spin lock used individually has its own PICO_SPINLOCK_ID so you can search for those. - * 14,15 | (\ref PICO_SPINLOCK_ID_OS1 and \ref PICO_SPINLOCK_ID_OS2). Currently reserved for exclusive use by an operating system (or other system level software) co-existing with the SDK. - * 16-23 | (\ref PICO_SPINLOCK_ID_STRIPED_FIRST - \ref PICO_SPINLOCK_ID_STRIPED_LAST). Spin locks from this range are assigned in a round-robin fashion via \ref next_striped_spin_lock_num(). These spin locks are shared, but assigning numbers from a range reduces the probability that two higher level locking primitives using _striped_ spin locks will actually be using the same spin lock. - * 24-31 | (\ref PICO_SPINLOCK_ID_CLAIM_FREE_FIRST - \ref PICO_SPINLOCK_ID_CLAIM_FREE_LAST). These are reserved for exclusive use and are allocated on a first come first served basis at runtime via \ref spin_lock_claim_unused() - */ - -// PICO_CONFIG: PARAM_ASSERTIONS_ENABLED_SYNC, Enable/disable assertions in the HW sync module, type=bool, default=0, group=hardware_sync - - - - -/** \brief A spin lock identifier - * \ingroup hardware_sync - */ -typedef volatile uint32_t spin_lock_t; - -// PICO_CONFIG: PICO_SPINLOCK_ID_IRQ, Spinlock ID for IRQ protection, min=0, max=31, default=9, group=hardware_sync - - - - -// PICO_CONFIG: PICO_SPINLOCK_ID_TIMER, Spinlock ID for Timer protection, min=0, max=31, default=10, group=hardware_sync - - - - -// PICO_CONFIG: PICO_SPINLOCK_ID_HARDWARE_CLAIM, Spinlock ID for Hardware claim protection, min=0, max=31, default=11, group=hardware_sync - - - - -// PICO_CONFIG: PICO_SPINLOCK_ID_OS1, First Spinlock ID reserved for use by low level OS style software, min=0, max=31, default=14, group=hardware_sync - - - - -// PICO_CONFIG: PICO_SPINLOCK_ID_OS2, Second Spinlock ID reserved for use by low level OS style software, min=0, max=31, default=15, group=hardware_sync - - - - -// PICO_CONFIG: PICO_SPINLOCK_ID_STRIPED_FIRST, Lowest Spinlock ID in the 'striped' range, min=0, max=31, default=16, group=hardware_sync - - - - -// PICO_CONFIG: PICO_SPINLOCK_ID_STRIPED_LAST, Highest Spinlock ID in the 'striped' range, min=0, max=31, default=23, group=hardware_sync - - - - -// PICO_CONFIG: PICO_SPINLOCK_ID_CLAIM_FREE_FIRST, Lowest Spinlock ID in the 'claim free' range, min=0, max=31, default=24, group=hardware_sync - - - - - - - - -// PICO_CONFIG: PICO_SPINLOCK_ID_CLAIM_FREE_LAST, Highest Spinlock ID in the 'claim free' range, min=0, max=31, default=31, group=hardware_sync - - - - -/*! \brief Insert a SEV instruction in to the code path. - * \ingroup hardware_sync - - * The SEV (send event) instruction sends an event to both cores. - */ - - /* Reason for rewrite: VeriFast cannot handle inline assembler. */ - static void __sev(void) ; - - - - - - -/*! \brief Insert a WFE instruction in to the code path. - * \ingroup hardware_sync - * - * The WFE (wait for event) instruction waits until one of a number of - * events occurs, including events signalled by the SEV instruction on either core. - */ - - /* Reason for rewrite: VeriFast cannot handle inline assembler. */ - static void __wfe(void) ; - - - - - - -/*! \brief Insert a WFI instruction in to the code path. - * \ingroup hardware_sync -* - * The WFI (wait for interrupt) instruction waits for a interrupt to wake up the core. - */ - - /* Reason for rewrite: VeriFast cannot handle inline assembler. */ - static void __wfi(void) ; - - - - - - -/*! \brief Insert a DMB instruction in to the code path. - * \ingroup hardware_sync - * - * The DMB (data memory barrier) acts as a memory barrier, all memory accesses prior to this - * instruction will be observed before any explicit access after the instruction. - */ - - /* Reason for rewrite: VeriFast cannot handle inline assembler. */ - static void __dmb(void) ; - - - - - - -/*! \brief Insert a DSB instruction in to the code path. - * \ingroup hardware_sync - * - * The DSB (data synchronization barrier) acts as a special kind of data - * memory barrier (DMB). The DSB operation completes when all explicit memory - * accesses before this instruction complete. - */ - - /* Reason for rewrite: VeriFast cannot handle inline assembler. */ - static void __dsb(void) ; - - - - - - -/*! \brief Insert a ISB instruction in to the code path. - * \ingroup hardware_sync - * - * ISB acts as an instruction synchronization barrier. It flushes the pipeline of the processor, - * so that all instructions following the ISB are fetched from cache or memory again, after - * the ISB instruction has been completed. - */ - - /* Reason for rewrite: VeriFast cannot handle inline assembler. */ - static void __isb(void) ; - - - - - - -/*! \brief Acquire a memory fence - * \ingroup hardware_sync - */ - static void __mem_fence_acquire(void) { - // the original code below makes it hard for us to be included from C++ via a header - // which itself is in an extern "C", so just use __dmb instead, which is what - // is required on Cortex M0+ - __dmb(); -//#ifndef __cplusplus -// atomic_thread_fence(memory_order_acquire); -//#else -// std::atomic_thread_fence(std::memory_order_acquire); -//#endif -} - -/*! \brief Release a memory fence - * \ingroup hardware_sync - * - */ - static void __mem_fence_release(void) { - // the original code below makes it hard for us to be included from C++ via a header - // which itself is in an extern "C", so just use __dmb instead, which is what - // is required on Cortex M0+ - __dmb(); -//#ifndef __cplusplus -// atomic_thread_fence(memory_order_release); -//#else -// std::atomic_thread_fence(std::memory_order_release); -//#endif -} - -/*! \brief Save and disable interrupts - * \ingroup hardware_sync - * - * \return The prior interrupt enable status for restoration later via restore_interrupts() - */ - - /* Reason for rewrite: VeriFast cannot handle inline assembler. */ - static uint32_t save_and_disable_interrupts(void); -// # 246 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/sdks/pico-sdk/src/rp2_common/hardware_sync/include/hardware/sync.h" -/*! \brief Restore interrupts to a specified state - * \ingroup hardware_sync - * - * \param status Previous interrupt status from save_and_disable_interrupts() - */ - - /* Reason for rewrite: VeriFast cannot handle inline assembler. */ - static void restore_interrupts(uint32_t status) ; - - - - - - -/*! \brief Get HW Spinlock instance from number - * \ingroup hardware_sync - * - * \param lock_num Spinlock ID - * \return The spinlock instance - */ - static spin_lock_t *spin_lock_instance(uint lock_num) { - {if (((0 || 0) && !0)) (__builtin_expect(!(!(lock_num >= 32u)), 0) ? __assert_rtn ((const char *)-1L, "sync.h", 267, "!(lock_num >= 32u)") : (void)0);}; - return (spin_lock_t *) (0xd0000000u + 0x00000100u + lock_num * 4); -} - -/*! \brief Get HW Spinlock number from instance - * \ingroup hardware_sync - * - * \param lock The Spinlock instance - * \return The Spinlock ID - */ - static uint spin_lock_get_num(spin_lock_t *lock) { - {if (((0 || 0) && !0)) (__builtin_expect(!(!((uint) lock < 0xd0000000u + 0x00000100u || (uint) lock >= 32u * sizeof(spin_lock_t) + 0xd0000000u + 0x00000100u || ((uint) lock - 0xd0000000u + 0x00000100u) % sizeof(spin_lock_t) != 0)), 0) ? __assert_rtn ((const char *)-1L, "sync.h", 280, "!((uint) lock < 0xd0000000u + 0x00000100u || (uint) lock >= 32u * sizeof(spin_lock_t) + 0xd0000000u + 0x00000100u || ((uint) lock - 0xd0000000u + 0x00000100u) % sizeof(spin_lock_t) != 0)") : (void)0);}; - - - return (uint) (lock - (spin_lock_t *) (0xd0000000u + 0x00000100u)); -} - -/*! \brief Acquire a spin lock without disabling interrupts (hence unsafe) - * \ingroup hardware_sync - * - * \param lock Spinlock instance - */ - static void spin_lock_unsafe_blocking(spin_lock_t *lock) { - // Note we don't do a wfe or anything, because by convention these spin_locks are VERY SHORT LIVED and NEVER BLOCK and run - // with INTERRUPTS disabled (to ensure that)... therefore nothing on our core could be blocking us, so we just need to wait on another core - // anyway which should be finished soon - while (__builtin_expect(!*lock, 0)); - __mem_fence_acquire(); -} - -/*! \brief Release a spin lock without re-enabling interrupts - * \ingroup hardware_sync - * - * \param lock Spinlock instance - */ - static void spin_unlock_unsafe(spin_lock_t *lock) { - __mem_fence_release(); - *lock = 0; -} - -/*! \brief Acquire a spin lock safely - * \ingroup hardware_sync - * - * This function will disable interrupts prior to acquiring the spinlock - * - * \param lock Spinlock instance - * \return interrupt status to be used when unlocking, to restore to original state - */ - static uint32_t spin_lock_blocking(spin_lock_t *lock) { - uint32_t save = save_and_disable_interrupts(); - spin_lock_unsafe_blocking(lock); - return save; -} - -/*! \brief Check to see if a spinlock is currently acquired elsewhere. - * \ingroup hardware_sync - * - * \param lock Spinlock instance - */ - - /* Reason for rewrite: - * VeriFast's parser does not accept `inline` as first token in a function - * declaration. - */ - static bool is_spin_locked(spin_lock_t *lock) - - - -{ - _Static_assert(sizeof(spin_lock_t) == (4), "hw size mismatch"); - uint lock_num = spin_lock_get_num(lock); - return 0 != (*(io_ro_32 *) (0xd0000000u + 0x0000005cu) & (1u << lock_num)); -} - -/*! \brief Release a spin lock safely - * \ingroup hardware_sync - * - * This function will re-enable interrupts according to the parameters. - * - * \param lock Spinlock instance - * \param saved_irq Return value from the \ref spin_lock_blocking() function. - * \return interrupt status to be used when unlocking, to restore to original state - * - * \sa spin_lock_blocking() - */ - static void spin_unlock(spin_lock_t *lock, uint32_t saved_irq) { - spin_unlock_unsafe(lock); - restore_interrupts(saved_irq); -} - -/*! \brief Initialise a spin lock - * \ingroup hardware_sync - * - * The spin lock is initially unlocked - * - * \param lock_num The spin lock number - * \return The spin lock instance - */ -spin_lock_t *spin_lock_init(uint lock_num); - -/*! \brief Release all spin locks - * \ingroup hardware_sync - */ -void spin_locks_reset(void); - -/*! \brief Return a spin lock number from the _striped_ range - * \ingroup hardware_sync - * - * Returns a spin lock number in the range PICO_SPINLOCK_ID_STRIPED_FIRST to PICO_SPINLOCK_ID_STRIPED_LAST - * in a round robin fashion. This does not grant the caller exclusive access to the spin lock, so the caller - * must: - * - * -# Abide (with other callers) by the contract of only holding this spin lock briefly (and with IRQs disabled - the default via \ref spin_lock_blocking()), - * and not whilst holding other spin locks. - * -# Be OK with any contention caused by the - brief due to the above requirement - contention with other possible users of the spin lock. - * - * \return lock_num a spin lock number the caller may use (non exclusively) - * \see PICO_SPINLOCK_ID_STRIPED_FIRST - * \see PICO_SPINLOCK_ID_STRIPED_LAST - */ -uint next_striped_spin_lock_num(void); - -/*! \brief Mark a spin lock as used - * \ingroup hardware_sync - * - * Method for cooperative claiming of hardware. Will cause a panic if the spin lock - * is already claimed. Use of this method by libraries detects accidental - * configurations that would fail in unpredictable ways. - * - * \param lock_num the spin lock number - */ -void spin_lock_claim(uint lock_num); - -/*! \brief Mark multiple spin locks as used - * \ingroup hardware_sync - * - * Method for cooperative claiming of hardware. Will cause a panic if any of the spin locks - * are already claimed. Use of this method by libraries detects accidental - * configurations that would fail in unpredictable ways. - * - * \param lock_num_mask Bitfield of all required spin locks to claim (bit 0 == spin lock 0, bit 1 == spin lock 1 etc) - */ -void spin_lock_claim_mask(uint32_t lock_num_mask); - -/*! \brief Mark a spin lock as no longer used - * \ingroup hardware_sync - * - * Method for cooperative claiming of hardware. - * - * \param lock_num the spin lock number to release - */ -void spin_lock_unclaim(uint lock_num); - -/*! \brief Claim a free spin lock - * \ingroup hardware_sync - * - * \param required if true the function will panic if none are available - * \return the spin lock number or -1 if required was false, and none were free - */ -int spin_lock_claim_unused(bool required); - -/*! \brief Determine if a spin lock is claimed - * \ingroup hardware_sync - * - * \param lock_num the spin lock number - * \return true if claimed, false otherwise - * \see spin_lock_claim - * \see spin_lock_claim_mask - */ -bool spin_lock_is_claimed(uint lock_num); -// # 39 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" 2 - -/*----------------------------------------------------------- - * Port specific definitions. - * - * The settings in this file configure FreeRTOS correctly for the - * given hardware and compiler. - * - * These settings should not be altered. - *----------------------------------------------------------- - */ - -/* Type definitions. */ -// # 59 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" - typedef uint32_t StackType_t; - typedef int32_t BaseType_t; - typedef uint32_t UBaseType_t; - - - - - - typedef uint32_t TickType_t; - - -/* 32-bit tick type on a 32-bit architecture, so reads of the tick count do - * not need to be guarded with a critical section. */ - - -/*-----------------------------------------------------------*/ - -/* Architecture specifics. */ - - - - - /* Reason for rewrite: VeriFast does not support the attriibute `used`. - */ - - - - - /* We have to use PICO_DIVIDER_DISABLE_INTERRUPTS as the source of truth rathern than our config, - * as our FreeRTOSConfig.h header cannot be included by ASM code - which is what this affects in the SDK */ - - - - - -/*-----------------------------------------------------------*/ - - -/* Scheduler utilities. */ - extern void vPortYield( void ); - - - - - - -/*-----------------------------------------------------------*/ - -/* Exception handlers */ - - - - - - - -/*-----------------------------------------------------------*/ - -/* Multi-core */ - - - - - - - /* Requires for SMP */ - - - /*-----------------------------------------------------------*/ - - - /* Check validity of number of cores specified in config */ -// # 139 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" - /* FreeRTOS core id is always zero based, so always 0 if we're running on only one core */ -// # 151 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" - void vYieldCore(int xCoreID); - - - -/*-----------------------------------------------------------*/ - -/* Critical section management. */ -// # 168 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" - extern void vPortEnableInterrupts(); - - - void vTaskEnterCritical(void); - void vTaskExitCritical(void); - - - - - - /* Note this is a single method with uxAcquire parameter since we have - * static vars, the method is always called with a compile time constant for - * uxAcquire, and the compiler should dothe right thing! */ - - /* Reason for rewrite: VeriFast does not support local static variables. - */ -// # 226 "/Users/reitobia/repos2/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/include/portmacro.h" -/*-----------------------------------------------------------*/ - -/* Tickless idle/low power functionality. */ - - extern void vPortSuppressTicksAndSleep( TickType_t xExpectedIdleTime ); - - -/*-----------------------------------------------------------*/ - -/* Task function macros as described on the FreeRTOS.org WEB site. */ -// # 52 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/portable.h" 2 -// # 94 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/portable.h" -/* *INDENT-OFF* */ - - - -/* *INDENT-ON* */ - -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/mpu_wrappers.h" 1 -/* - * FreeRTOS SMP Kernel V202110.00 - * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. - * - * Permission is hereby granted, free of charge, to any person obtaining a copy of - * this software and associated documentation files (the "Software"), to deal in - * the Software without restriction, including without limitation the rights to - * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of - * the Software, and to permit persons to whom the Software is furnished to do so, - * subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS - * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR - * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER - * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - * - * https://www.FreeRTOS.org - * https://github.com/FreeRTOS - * - */ - - - - -/* This file redefines API functions to be called through a wrapper macro, but - * only for ports that are using the MPU. */ -// # 101 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/portable.h" 2 - -/* - * Setup the stack of a new task so it is ready to be placed under the - * scheduler control. The registers have to be placed on the stack in - * the order that the port expects to find them. - * - */ -// # 128 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/portable.h" - StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack, - TaskFunction_t pxCode, - void * pvParameters ) ; - ///@ requires true; - ///@ ensures true; - - - -/* Used by heap_5.c to define the start address and size of each memory region - * that together comprise the total FreeRTOS heap space. */ -typedef struct HeapRegion -{ - uint8_t * pucStartAddress; - size_t xSizeInBytes; -} HeapRegion_t; - -/* Used to pass information about the heap out of vPortGetHeapStats(). */ -typedef struct xHeapStats -{ - size_t xAvailableHeapSpaceInBytes; /* The total heap size currently available - this is the sum of all the free blocks, not the largest block that can be allocated. */ - size_t xSizeOfLargestFreeBlockInBytes; /* The maximum size, in bytes, of all the free blocks within the heap at the time vPortGetHeapStats() is called. */ - size_t xSizeOfSmallestFreeBlockInBytes; /* The minimum size, in bytes, of all the free blocks within the heap at the time vPortGetHeapStats() is called. */ - size_t xNumberOfFreeBlocks; /* The number of free memory blocks within the heap at the time vPortGetHeapStats() is called. */ - size_t xMinimumEverFreeBytesRemaining; /* The minimum amount of total free memory (sum of all free blocks) there has been in the heap since the system booted. */ - size_t xNumberOfSuccessfulAllocations; /* The number of calls to pvPortMalloc() that have returned a valid memory block. */ - size_t xNumberOfSuccessfulFrees; /* The number of calls to vPortFree() that has successfully freed a block of memory. */ -} HeapStats_t; - -/* - * Used to define multiple heap regions for use by heap_5.c. This function - * must be called before any calls to pvPortMalloc() - not creating a task, - * queue, semaphore, mutex, software timer, event group, etc. will result in - * pvPortMalloc being called. - * - * pxHeapRegions passes in an array of HeapRegion_t structures - each of which - * defines a region of memory that can be used as the heap. The array is - * terminated by a HeapRegions_t structure that has a size of 0. The region - * with the lowest start address must appear first in the array. - */ -void vPortDefineHeapRegions( const HeapRegion_t * pxHeapRegions ) ; - -/* - * Returns a HeapStats_t structure filled with information about the current - * heap state. - */ -void vPortGetHeapStats( HeapStats_t * pxHeapStats ); - - - /* Reason for rewrite: - * VeriFast treats the `malloc` and `free` functions specially, - * in a particular built-in way that cannot be axiomatized within - * VeriFast's specification language. - * - * When `malloc( sizeof(struct S) )` is called for a user defined - * struct `S`, VeriFast instantiates the corresponding - * `malloc_block_S(...)` predicate as well as points-to chunks - * for its fields. - * Reversely, calling `free` cleans up all the predicates instantiated - * by `malloc`. - */ -// # 199 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/portable.h" -void vPortInitialiseBlocks( void ) ; -size_t xPortGetFreeHeapSize( void ) ; -size_t xPortGetMinimumEverFreeHeapSize( void ) ; -// # 211 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/portable.h" -/* - * Setup the hardware ready for the scheduler to take control. This generally - * sets up a tick interrupt and sets timers for the correct tick frequency. - */ -BaseType_t xPortStartScheduler( void ) ; - -/* - * Undo any hardware/ISR setup that was performed by xPortStartScheduler() so - * the hardware is left in its original condition after the scheduler stops - * executing. - */ -void vPortEndScheduler( void ) ; - -/* - * The structures and methods of manipulating the MPU are contained within the - * port layer. - * - * Fills the xMPUSettings structure with the memory region information - * contained in xRegions. - */ -// # 239 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/portable.h" -/* *INDENT-OFF* */ - - - -/* *INDENT-ON* */ -// # 64 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h" 2 - -/* Must be defaulted before configUSE_NEWLIB_REENTRANT is used below. */ - - - - -/* Required if struct _reent is used. */ -// # 83 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h" -/* - * Check all the required application specific macros have been defined. - * These macros are application specific and (as downloaded) are defined - * within FreeRTOSConfig.h. - */ -// # 148 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h" - /* If INCLUDE_vTaskDelayUntil is set but INCLUDE_xTaskDelayUntil is not then - * the project's FreeRTOSConfig.h probably pre-dates the introduction of - * xTaskDelayUntil and setting INCLUDE_xTaskDelayUntil to whatever - * INCLUDE_vTaskDelayUntil is set to will ensure backward compatibility. - */ -// # 282 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h" -/* configPRECONDITION should be defined as configASSERT. - * The CBMC proofs need a way to track assumptions and assertions. - * A configPRECONDITION statement should express an implicit invariant or - * assumption made. A configASSERT statement should express an invariant that must - * hold explicit before calling the code. */ -// # 311 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h" -/* The timers module relies on xTaskGetSchedulerState(). */ -// # 366 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h" -/* Remove any unused trace macros. */ - - -/* Used to perform any necessary initialisation - for example, open a file - * into which trace is to be written. */ - - - - - -/* Use to close a trace, for example close a file into which trace has been - * written. */ - - - - - -/* Called after a task has been selected to run. pxCurrentTCB holds a pointer - * to the task control block of the selected task. */ - - - - - -/* Called before stepping the tick count after waking from tickless idle - * sleep. */ - - - - - /* Called immediately before entering tickless idle. */ - - - - - /* Called when returning to the Idle task after a tickless idle. */ - - - - - -/* Called before a task has been selected to run. pxCurrentTCB holds a pointer - * to the task control block of the task being switched out. */ - - - - - -/* Called when a task attempts to take a mutex that is already held by a - * lower priority task. pxTCBOfMutexHolder is a pointer to the TCB of the task - * that holds the mutex. uxInheritedPriority is the priority the mutex holder - * will inherit (the priority of the task that is attempting to obtain the - * muted. */ - - - - - -/* Called when a task releases a mutex, the holding of which had resulted in - * the task inheriting the priority of a higher priority task. - * pxTCBOfMutexHolder is a pointer to the TCB of the task that is releasing the - * mutex. uxOriginalPriority is the task's configured (base) priority. */ - - - - - -/* Task is about to block because it cannot read from a - * queue/mutex/semaphore. pxQueue is a pointer to the queue/mutex/semaphore - * upon which the read was attempted. pxCurrentTCB points to the TCB of the - * task that attempted the read. */ - - - - - -/* Task is about to block because it cannot read from a - * queue/mutex/semaphore. pxQueue is a pointer to the queue/mutex/semaphore - * upon which the read was attempted. pxCurrentTCB points to the TCB of the - * task that attempted the read. */ - - - - - -/* Task is about to block because it cannot write to a - * queue/mutex/semaphore. pxQueue is a pointer to the queue/mutex/semaphore - * upon which the write was attempted. pxCurrentTCB points to the TCB of the - * task that attempted the write. */ -// # 470 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h" -/* The following event macros are embedded in the kernel API calls. */ -// # 925 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h" - /* Defaults to 0 for backward compatibility. */ -// # 944 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h" -/* Sanity check the configuration. */ -// # 986 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h" -/* The tick type can be read atomically, so critical sections used when the - * tick count is returned can be defined away. */ - - - - - - -/* Definitions to allow backward compatibility with FreeRTOS versions prior to - * V8 if desired. */ - - - - - - -/* configPRINTF() was not defined, so define it away to nothing. To use - * configPRINTF() then define it as follows (where MyPrintFunction() is - * provided by the application writer): - * - * void MyPrintFunction(const char *pcFormat, ... ); - #define configPRINTF( X ) MyPrintFunction X - * - * Then call like a standard printf() function, but placing brackets around - * all parameters so they are passed as a single parameter. For example: - * configPRINTF( ("Value = %d", MyVariable) ); */ - - - - - -/* The application writer has not provided their own MAX macro, so define - * the following generic implementation. */ - - - - - -/* The application writer has not provided their own MIN macro, so define - * the following generic implementation. */ -// # 1067 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h" -/* Set configUSE_TASK_FPU_SUPPORT to 0 to omit floating point support even - * if floating point hardware is otherwise supported by the FreeRTOS port in use. - * This constant is not supported by all FreeRTOS ports that include floating - * point support. */ - - - - -/* Set configENABLE_MPU to 1 to enable MPU support and 0 to disable it. This is - * currently used in ARMv8M ports. */ - - - - -/* Set configENABLE_FPU to 1 to enable FPU support and 0 to disable it. This is - * currently used in ARMv8M ports. */ - - - - -/* Set configENABLE_TRUSTZONE to 1 enable TrustZone support and 0 to disable it. - * This is currently used in ARMv8M ports. */ - - - - -/* Set configRUN_FREERTOS_SECURE_ONLY to 1 to run the FreeRTOS ARMv8M port on - * the Secure Side only. */ - - - - -/* Sometimes the FreeRTOSConfig.h settings only allow a task to be created using - * dynamically allocated RAM, in which case when any task is deleted it is known - * that both the task's stack and TCB need to be freed. Sometimes the - * FreeRTOSConfig.h settings only allow a task to be created using statically - * allocated RAM, in which case when any task is deleted it is known that neither - * the task's stack or TCB should be freed. Sometimes the FreeRTOSConfig.h - * settings allow a task to be created using either statically or dynamically - * allocated RAM, in which case a member of the TCB is used to record whether the - * stack and/or TCB were allocated statically or dynamically, so when a task is - * deleted the RAM that was allocated dynamically is freed again and no attempt is - * made to free the RAM that was allocated statically. - * tskSTATIC_AND_DYNAMIC_ALLOCATION_POSSIBLE is only true if it is possible for a - * task to be created using either statically or dynamically allocated RAM. Note - * that if portUSING_MPU_WRAPPERS is 1 then a protected task can be created with - * a statically allocated stack and a dynamically allocated TCB. - * - * The following table lists various combinations of portUSING_MPU_WRAPPERS, - * configSUPPORT_DYNAMIC_ALLOCATION and configSUPPORT_STATIC_ALLOCATION and - * when it is possible to have both static and dynamic allocation: - * +-----+---------+--------+-----------------------------+-----------------------------------+------------------+-----------+ - * | MPU | Dynamic | Static | Available Functions | Possible Allocations | Both Dynamic and | Need Free | - * | | | | | | Static Possible | | - * +-----+---------+--------+-----------------------------+-----------------------------------+------------------+-----------+ - * | 0 | 0 | 1 | xTaskCreateStatic | TCB - Static, Stack - Static | No | No | - * +-----|---------|--------|-----------------------------|-----------------------------------|------------------|-----------| - * | 0 | 1 | 0 | xTaskCreate | TCB - Dynamic, Stack - Dynamic | No | Yes | - * +-----|---------|--------|-----------------------------|-----------------------------------|------------------|-----------| - * | 0 | 1 | 1 | xTaskCreate, | 1. TCB - Dynamic, Stack - Dynamic | Yes | Yes | - * | | | | xTaskCreateStatic | 2. TCB - Static, Stack - Static | | | - * +-----|---------|--------|-----------------------------|-----------------------------------|------------------|-----------| - * | 1 | 0 | 1 | xTaskCreateStatic, | TCB - Static, Stack - Static | No | No | - * | | | | xTaskCreateRestrictedStatic | | | | - * +-----|---------|--------|-----------------------------|-----------------------------------|------------------|-----------| - * | 1 | 1 | 0 | xTaskCreate, | 1. TCB - Dynamic, Stack - Dynamic | Yes | Yes | - * | | | | xTaskCreateRestricted | 2. TCB - Dynamic, Stack - Static | | | - * +-----|---------|--------|-----------------------------|-----------------------------------|------------------|-----------| - * | 1 | 1 | 1 | xTaskCreate, | 1. TCB - Dynamic, Stack - Dynamic | Yes | Yes | - * | | | | xTaskCreateStatic, | 2. TCB - Dynamic, Stack - Static | | | - * | | | | xTaskCreateRestricted, | 3. TCB - Static, Stack - Static | | | - * | | | | xTaskCreateRestrictedStatic | | | | - * +-----+---------+--------+-----------------------------+-----------------------------------+------------------+-----------+ - */ - - - - -/* - * In line with software engineering best practice, FreeRTOS implements a strict - * data hiding policy, so the real structures used by FreeRTOS to maintain the - * state of tasks, queues, semaphores, etc. are not accessible to the application - * code. However, if the application writer wants to statically allocate such - * an object then the size of the object needs to be known. Dummy structures - * that are guaranteed to have the same size and alignment requirements of the - * real objects are used for this purpose. The dummy list and list item - * structures below are used for inclusion in such a dummy structure. - */ -struct xSTATIC_LIST_ITEM -{ - - - - TickType_t xDummy2; - void * pvDummy3[ 4 ]; - - - -}; -typedef struct xSTATIC_LIST_ITEM StaticListItem_t; - -/* See the comments above the struct xSTATIC_LIST_ITEM definition. */ -struct xSTATIC_MINI_LIST_ITEM -{ - - - - TickType_t xDummy2; - void * pvDummy3[ 2 ]; -}; -typedef struct xSTATIC_MINI_LIST_ITEM StaticMiniListItem_t; - -/* See the comments above the struct xSTATIC_LIST_ITEM definition. */ -typedef struct xSTATIC_LIST -{ - - - - UBaseType_t uxDummy2; - void * pvDummy3; - StaticMiniListItem_t xDummy4; - - - -} StaticList_t; - -/* - * In line with software engineering best practice, especially when supplying a - * library that is likely to change in future versions, FreeRTOS implements a - * strict data hiding policy. This means the Task structure used internally by - * FreeRTOS is not accessible to application code. However, if the application - * writer wants to statically allocate the memory required to create a task then - * the size of the task object needs to be known. The StaticTask_t structure - * below is provided for this purpose. Its sizes and alignment requirements are - * guaranteed to match those of the genuine structure, no matter which - * architecture is being used, and no matter how the values in FreeRTOSConfig.h - * are set. Its contents are somewhat obfuscated in the hope users will - * recognise that it would be unwise to make direct use of the structure members. - */ -typedef struct xSTATIC_TCB -{ - void * pxDummy1; - - - - - - - StaticListItem_t xDummy3[ 2 ]; - UBaseType_t uxDummy5; - void * pxDummy6; - BaseType_t xDummy23[ 2 ]; - uint8_t ucDummy7[ 16 ]; - - - - - - - - UBaseType_t uxDummy9; - - - UBaseType_t uxDummy10[ 2 ]; - - - UBaseType_t uxDummy12[ 2 ]; - - - - - - void * pvDummy15[ 5 ]; -// # 1248 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h" - uint32_t ulDummy18[ 1 ]; - uint8_t ucDummy19[ 1 ]; - - - - - - - uint8_t ucDummy21; - - - - -} StaticTask_t; - -/* - * In line with software engineering best practice, especially when supplying a - * library that is likely to change in future versions, FreeRTOS implements a - * strict data hiding policy. This means the Queue structure used internally by - * FreeRTOS is not accessible to application code. However, if the application - * writer wants to statically allocate the memory required to create a queue - * then the size of the queue object needs to be known. The StaticQueue_t - * structure below is provided for this purpose. Its sizes and alignment - * requirements are guaranteed to match those of the genuine structure, no - * matter which architecture is being used, and no matter how the values in - * FreeRTOSConfig.h are set. Its contents are somewhat obfuscated in the hope - * users will recognise that it would be unwise to make direct use of the - * structure members. - */ -// # 1311 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/FreeRTOS.h" -/* - * In line with software engineering best practice, especially when supplying a - * library that is likely to change in future versions, FreeRTOS implements a - * strict data hiding policy. This means the event group structure used - * internally by FreeRTOS is not accessible to application code. However, if - * the application writer wants to statically allocate the memory required to - * create an event group then the size of the event group object needs to be - * know. The StaticEventGroup_t structure below is provided for this purpose. - * Its sizes and alignment requirements are guaranteed to match those of the - * genuine structure, no matter which architecture is being used, and no matter - * how the values in FreeRTOSConfig.h are set. Its contents are somewhat - * obfuscated in the hope users will recognise that it would be unwise to make - * direct use of the structure members. - */ -typedef struct xSTATIC_EVENT_GROUP -{ - TickType_t xDummy1; - StaticList_t xDummy2; - - - UBaseType_t uxDummy3; - - - - - -} StaticEventGroup_t; - -/* - * In line with software engineering best practice, especially when supplying a - * library that is likely to change in future versions, FreeRTOS implements a - * strict data hiding policy. This means the software timer structure used - * internally by FreeRTOS is not accessible to application code. However, if - * the application writer wants to statically allocate the memory required to - * create a software timer then the size of the queue object needs to be known. - * The StaticTimer_t structure below is provided for this purpose. Its sizes - * and alignment requirements are guaranteed to match those of the genuine - * structure, no matter which architecture is being used, and no matter how the - * values in FreeRTOSConfig.h are set. Its contents are somewhat obfuscated in - * the hope users will recognise that it would be unwise to make direct use of - * the structure members. - */ -typedef struct xSTATIC_TIMER -{ - void * pvDummy1; - StaticListItem_t xDummy2; - TickType_t xDummy3; - void * pvDummy5; - TaskFunction_t pvDummy6; - - UBaseType_t uxDummy7; - - uint8_t ucDummy8; -} StaticTimer_t; - -/* - * In line with software engineering best practice, especially when supplying a - * library that is likely to change in future versions, FreeRTOS implements a - * strict data hiding policy. This means the stream buffer structure used - * internally by FreeRTOS is not accessible to application code. However, if - * the application writer wants to statically allocate the memory required to - * create a stream buffer then the size of the stream buffer object needs to be - * known. The StaticStreamBuffer_t structure below is provided for this - * purpose. Its size and alignment requirements are guaranteed to match those - * of the genuine structure, no matter which architecture is being used, and - * no matter how the values in FreeRTOSConfig.h are set. Its contents are - * somewhat obfuscated in the hope users will recognise that it would be unwise - * to make direct use of the structure members. - */ -typedef struct xSTATIC_STREAM_BUFFER -{ - size_t uxDummy1[ 4 ]; - void * pvDummy2[ 3 ]; - uint8_t ucDummy3; - - UBaseType_t uxDummy4; - -} StaticStreamBuffer_t; - -/* Message buffers are built on stream buffers. */ -typedef StaticStreamBuffer_t StaticMessageBuffer_t; - -/* *INDENT-OFF* */ - - - -/* *INDENT-ON* */ -// # 54 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/task.h" 1 -/* - * FreeRTOS SMP Kernel V202110.00 - * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. - * - * Permission is hereby granted, free of charge, to any person obtaining a copy of - * this software and associated documentation files (the "Software"), to deal in - * the Software without restriction, including without limitation the rights to - * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of - * the Software, and to permit persons to whom the Software is furnished to do so, - * subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS - * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR - * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER - * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - * - * https://www.FreeRTOS.org - * https://github.com/FreeRTOS - * - */ - - - - - - - /* Reason for rewrite: - * VeriFast bug: - * Both `#ifdef INC_FREERTOS_H` and its negation `#ifdef INC_FREERTOS_H` - * evaluate to true. See minimal example `define_name`. - */ - - /* Remember that this header is included by `tasks.c` after it includes - * `FreeRTOS.h`. - */ - // TODO: Remove this work-around once VF has been fixed. - - - -/* Remark: - * Note that the following VF section renders the previous one obsolete. - * However, we keep the above as a reminder until the corresponding bug - * has been fixed. - */ - - /* Reason for rewrite: - * Even though in the current verification setup, `FreeRTOS.h` is always - * included before this file is processed, VeriFast does not consider this - * context when processing this file. VeriFast forbids macro expansions to - * depend on a potentially variable context, e.g, `configSTACK_DEPTH_TYPE` - * which expands to 'uint16_t' if and only if `FreeRTOS.h` has been - * included. - */ - - - - - - - -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/list.h" 1 -/* - * FreeRTOS SMP Kernel V202110.00 - * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. - * - * Permission is hereby granted, free of charge, to any person obtaining a copy of - * this software and associated documentation files (the "Software"), to deal in - * the Software without restriction, including without limitation the rights to - * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of - * the Software, and to permit persons to whom the Software is furnished to do so, - * subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS - * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR - * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER - * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - * - * https://www.FreeRTOS.org - * https://github.com/FreeRTOS - * - */ - -/* - * This is the list implementation used by the scheduler. While it is tailored - * heavily for the schedulers needs, it is also available for use by - * application code. - * - * list_ts can only store pointers to list_item_ts. Each ListItem_t contains a - * numeric value (xItemValue). Most of the time the lists are sorted in - * descending item value order. - * - * Lists are created already containing one list item. The value of this - * item is the maximum possible that can be stored, it is therefore always at - * the end of the list and acts as a marker. The list member pxHead always - * points to this marker - even though it is at the tail of the list. This - * is because the tail contains a wrap back pointer to the true head of - * the list. - * - * In addition to it's value, each list item contains a pointer to the next - * item in the list (pxNext), a pointer to the list it is in (pxContainer) - * and a pointer to back to the object that contains it. These later two - * pointers are included for efficiency of list manipulation. There is - * effectively a two way link between the object containing the list item and - * the list item itself. - * - * - * \page ListIntroduction List Implementation - * \ingroup FreeRTOSIntro - */ - - - - - - - - /* Reason for rewrite: - * VeriFast bug: - * Both `#ifdef INC_FREERTOS_H` and its negation `#ifdef INC_FREERTOS_H` - * evaluate to true. See minimal example `define_name`. - */ - - /* Remember that this header is included indirectly `tasks.c` after it - * includes `FreeRTOS.h`. - */ - // TODO: Remove this work-around once VF has been fixed. - - - - - - - - /* Reason for rewrite: - * VeriFast's normal and context-free preprocessor consume different - * numbers of tokens when expanding `PRIVILEGED_FUNCTION` in this file. - */ - - // TODO: Figure out why the preprocessors consume different amounts of - // of tokens. This most likely has to do with the path/context - // from which this header is included. - - -/* - * The list structure members are modified from within interrupts, and therefore - * by rights should be declared volatile. However, they are only modified in a - * functionally atomic way (within critical sections of with the scheduler - * suspended) and are either passed by reference into a function or indexed via - * a volatile variable. Therefore, in all use cases tested so far, the volatile - * qualifier can be omitted in order to provide a moderate performance - * improvement without adversely affecting functional behaviour. The assembly - * instructions generated by the IAR, ARM and GCC compilers when the respective - * compiler's options were set for maximum optimisation has been inspected and - * deemed to be as intended. That said, as compiler technology advances, and - * especially if aggressive cross module optimisation is used (a use case that - * has not been exercised to any great extend) then it is feasible that the - * volatile qualifier will be needed for correct optimisation. It is expected - * that a compiler removing essential code because, without the volatile - * qualifier on the list structure members and with aggressive cross module - * optimisation, the compiler deemed the code unnecessary will result in - * complete and obvious failure of the scheduler. If this is ever experienced - * then the volatile qualifier can be inserted in the relevant places within the - * list structures by simply defining configLIST_VOLATILE to volatile in - * FreeRTOSConfig.h (as per the example at the bottom of this comment block). - * If configLIST_VOLATILE is not defined then the preprocessor directives below - * will simply #define configLIST_VOLATILE away completely. - * - * To use volatile list structure members then add the following line to - * FreeRTOSConfig.h (without the quotes): - * "#define configLIST_VOLATILE volatile" - */ - - - - -/* *INDENT-OFF* */ - - - -/* *INDENT-ON* */ - -/* Macros that can be used to place known values within the list structures, - * then check that the known values do not get corrupted during the execution of - * the application. These may catch the list data structures being overwritten in - * memory. They will not catch data errors caused by incorrect configuration or - * use of FreeRTOS.*/ - - /* Define the macros to do nothing. */ -// # 163 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/list.h" -/* - * Definition of the only type of object that a list can contain. - */ -struct xLIST; -struct xLIST_ITEM -{ - /*< Set to a known value if configUSE_LIST_DATA_INTEGRITY_CHECK_BYTES is set to 1. */ - TickType_t xItemValue; /*< The value being listed. In most cases this is used to sort the list in descending order. */ - struct xLIST_ITEM * pxNext; /*< Pointer to the next ListItem_t in the list. */ - struct xLIST_ITEM * pxPrevious; /*< Pointer to the previous ListItem_t in the list. */ - void * pvOwner; /*< Pointer to the object (normally a TCB) that contains the list item. There is therefore a two way link between the object containing the list item and the list item itself. */ - struct xLIST * pxContainer; /*< Pointer to the list in which this list item is placed (if any). */ - /*< Set to a known value if configUSE_LIST_DATA_INTEGRITY_CHECK_BYTES is set to 1. */ -}; -typedef struct xLIST_ITEM ListItem_t; /* For some reason lint wants this as two separate definitions. */ - -struct xMINI_LIST_ITEM -{ - /*< Set to a known value if configUSE_LIST_DATA_INTEGRITY_CHECK_BYTES is set to 1. */ - TickType_t xItemValue; - struct xLIST_ITEM * pxNext; - struct xLIST_ITEM * pxPrevious; -}; -typedef struct xMINI_LIST_ITEM MiniListItem_t; - -/* - * Definition of the type of queue used by the scheduler. - */ -typedef struct xLIST -{ - /*< Set to a known value if configUSE_LIST_DATA_INTEGRITY_CHECK_BYTES is set to 1. */ - volatile UBaseType_t uxNumberOfItems; - ListItem_t * pxIndex; /*< Used to walk through the list. Points to the last item returned by a call to listGET_OWNER_OF_NEXT_ENTRY (). */ - MiniListItem_t xListEnd; /*< List item that contains the maximum possible item value meaning it is always at the end of the list and is therefore used as a marker. */ - /*< Set to a known value if configUSE_LIST_DATA_INTEGRITY_CHECK_BYTES is set to 1. */ -} List_t; - -/* - * Access macro to set the owner of a list item. The owner of a list item - * is the object (usually a TCB) that contains the list item. - * - * \page listSET_LIST_ITEM_OWNER listSET_LIST_ITEM_OWNER - * \ingroup LinkedList - */ - - -/* - * Access macro to get the owner of a list item. The owner of a list item - * is the object (usually a TCB) that contains the list item. - * - * \page listGET_LIST_ITEM_OWNER listSET_LIST_ITEM_OWNER - * \ingroup LinkedList - */ - - -/* - * Access macro to set the value of the list item. In most cases the value is - * used to sort the list in descending order. - * - * \page listSET_LIST_ITEM_VALUE listSET_LIST_ITEM_VALUE - * \ingroup LinkedList - */ - - -/* - * Access macro to retrieve the value of the list item. The value can - * represent anything - for example the priority of a task, or the time at - * which a task should be unblocked. - * - * \page listGET_LIST_ITEM_VALUE listGET_LIST_ITEM_VALUE - * \ingroup LinkedList - */ - - -/* - * Access macro to retrieve the value of the list item at the head of a given - * list. - * - * \page listGET_LIST_ITEM_VALUE listGET_LIST_ITEM_VALUE - * \ingroup LinkedList - */ - - -/* - * Return the list item at the head of the list. - * - * \page listGET_HEAD_ENTRY listGET_HEAD_ENTRY - * \ingroup LinkedList - */ - - -/* - * Return the next list item. - * - * \page listGET_NEXT listGET_NEXT - * \ingroup LinkedList - */ - - -/* - * Return the list item that marks the end of the list - * - * \page listGET_END_MARKER listGET_END_MARKER - * \ingroup LinkedList - */ - - -/* - * Access macro to determine if a list contains any items. The macro will - * only have the value true if the list is empty. - * - * \page listLIST_IS_EMPTY listLIST_IS_EMPTY - * \ingroup LinkedList - */ - - -/* - * Access macro to return the number of items in the list. - */ - - -/* - * Access function to obtain the owner of the next entry in a list. - * - * The list member pxIndex is used to walk through a list. Calling - * listGET_OWNER_OF_NEXT_ENTRY increments pxIndex to the next item in the list - * and returns that entry's pxOwner parameter. Using multiple calls to this - * function it is therefore possible to move through every item contained in - * a list. - * - * The pxOwner parameter of a list item is a pointer to the object that owns - * the list item. In the scheduler this is normally a task control block. - * The pxOwner parameter effectively creates a two way link between the list - * item and its owner. - * - * @param pxTCB pxTCB is set to the address of the owner of the next list item. - * @param pxList The list from which the next item owner is to be returned. - * - * \page listGET_OWNER_OF_NEXT_ENTRY listGET_OWNER_OF_NEXT_ENTRY - * \ingroup LinkedList - */ - - /* Reason for rewrite: - * VeriFast does not support const pointers. - */ -// # 337 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/list.h" -/* - * Access function to obtain the owner of the first entry in a list. Lists - * are normally sorted in ascending item value order. - * - * This function returns the pxOwner member of the first item in the list. - * The pxOwner parameter of a list item is a pointer to the object that owns - * the list item. In the scheduler this is normally a task control block. - * The pxOwner parameter effectively creates a two way link between the list - * item and its owner. - * - * @param pxList The list from which the owner of the head item is to be - * returned. - * - * \page listGET_OWNER_OF_HEAD_ENTRY listGET_OWNER_OF_HEAD_ENTRY - * \ingroup LinkedList - */ - - -/* - * Check to see if a list item is within a list. The list item maintains a - * "container" pointer that points to the list it is in. All this macro does - * is check to see if the container and the list match. - * - * @param pxList The list we want to know if the list item is within. - * @param pxListItem The list item we want to know if is in the list. - * @return pdTRUE if the list item is in the list, otherwise pdFALSE. - */ - - -/* - * Return the list a list item is contained within (referenced from). - * - * @param pxListItem The list item being queried. - * @return A pointer to the List_t object that references the pxListItem - */ - - -/* - * This provides a crude means of knowing if a list has been initialised, as - * pxList->xListEnd.xItemValue is set to portMAX_DELAY by the vListInitialise() - * function. - */ - - -/* - * Must be called before a list is used! This initialises all the members - * of the list structure and inserts the xListEnd item into the list as a - * marker to the back of the list. - * - * @param pxList Pointer to the list being initialised. - * - * \page vListInitialise vListInitialise - * \ingroup LinkedList - */ -void vListInitialise( List_t * pxList ) ; - -/* - * Must be called before a list item is used. This sets the list container to - * null so the item does not think that it is already contained in a list. - * - * @param pxItem Pointer to the list item being initialised. - * - * \page vListInitialiseItem vListInitialiseItem - * \ingroup LinkedList - */ -void vListInitialiseItem( ListItem_t * pxItem ) ; -//@ requires pxItem->pxContainer |-> _; -//@ ensures pxItem->pxContainer |-> 0; - -/* - * Insert a list item into a list. The item will be inserted into the list in - * a position determined by its item value (descending item value order). - * - * @param pxList The list into which the item is to be inserted. - * - * @param pxNewListItem The item that is to be placed in the list. - * - * \page vListInsert vListInsert - * \ingroup LinkedList - */ -void vListInsert( List_t * pxList, - ListItem_t * pxNewListItem ) ; - -/* - * Insert a list item into a list. The item will be inserted in a position - * such that it will be the last item within the list returned by multiple - * calls to listGET_OWNER_OF_NEXT_ENTRY. - * - * The list member pxIndex is used to walk through a list. Calling - * listGET_OWNER_OF_NEXT_ENTRY increments pxIndex to the next item in the list. - * Placing an item in a list using vListInsertEnd effectively places the item - * in the list position pointed to by pxIndex. This means that every other - * item within the list will be returned by listGET_OWNER_OF_NEXT_ENTRY before - * the pxIndex parameter again points to the item being inserted. - * - * @param pxList The list into which the item is to be inserted. - * - * @param pxNewListItem The list item to be inserted into the list. - * - * \page vListInsertEnd vListInsertEnd - * \ingroup LinkedList - */ -void vListInsertEnd( List_t * pxList, - ListItem_t * pxNewListItem ) ; - -/* - * Remove an item from a list. The list item has a pointer to the list that - * it is in, so only the list item need be passed into the function. - * - * @param uxListRemove The item to be removed. The item will remove itself from - * the list pointed to by it's pxContainer parameter. - * - * @return The number of items that remain in the list after the list item has - * been removed. - * - * \page uxListRemove uxListRemove - * \ingroup LinkedList - */ -UBaseType_t uxListRemove( ListItem_t * pxItemToRemove ) ; - -/* *INDENT-OFF* */ - - - -/* *INDENT-ON* */ -// # 67 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/task.h" 2 - -/* *INDENT-OFF* */ - - - -/* *INDENT-ON* */ - -/*----------------------------------------------------------- -* MACROS AND DEFINITIONS -*----------------------------------------------------------*/ - - - - - - -/* MPU region parameters passed in ulParameters - * of MemoryRegion_t struct. */ - - - - - - -/* The direct to task notification feature used to have only a single notification - * per task. Now there is an array of notifications per task that is dimensioned by - * configTASK_NOTIFICATION_ARRAY_ENTRIES. For backward compatibility, any use of the - * original direct to task notification defaults to using the first index in the - * array. */ - - -/** - * task. h - * - * Type by which tasks are referenced. For example, a call to xTaskCreate - * returns (via a pointer parameter) an TaskHandle_t variable that can then - * be used as a parameter to vTaskDelete to delete the task. - * - * \defgroup TaskHandle_t TaskHandle_t - * \ingroup Tasks - */ -struct tskTaskControlBlock; /* The old naming convention is used to prevent breaking kernel aware debuggers. */ -typedef struct tskTaskControlBlock * TaskHandle_t; - -/* - * Defines the prototype to which the application task hook function must - * conform. - */ -typedef BaseType_t (* TaskHookFunction_t)( void * ); - -/* Task states returned by eTaskGetState. */ -typedef enum -{ - eRunning = 0, /* A task is querying the state of itself, so must be running. */ - eReady, /* The task being queried is in a ready or pending ready list. */ - eBlocked, /* The task being queried is in the Blocked state. */ - eSuspended, /* The task being queried is in the Suspended state, or is in the Blocked state with an infinite time out. */ - eDeleted, /* The task being queried has been deleted, but its TCB has not yet been freed. */ - eInvalid /* Used as an 'invalid state' value. */ -} eTaskState; - -/* Actions that can be performed when vTaskNotify() is called. */ -typedef enum -{ - eNoAction = 0, /* Notify the task without updating its notify value. */ - eSetBits, /* Set bits in the task's notification value. */ - eIncrement, /* Increment the task's notification value. */ - eSetValueWithOverwrite, /* Set the task's notification value to a specific value even if the previous value has not yet been read by the task. */ - eSetValueWithoutOverwrite /* Set the task's notification value if the previous value has been read by the task. */ -} eNotifyAction; - -/* - * Used internally only. - */ -typedef struct xTIME_OUT -{ - BaseType_t xOverflowCount; - TickType_t xTimeOnEntering; -} TimeOut_t; - -/* - * Defines the memory ranges allocated to the task when an MPU is used. - */ -typedef struct xMEMORY_REGION -{ - void * pvBaseAddress; - uint32_t ulLengthInBytes; - uint32_t ulParameters; -} MemoryRegion_t; - -/* - * Parameters required to create an MPU protected task. - */ -typedef struct xTASK_PARAMETERS -{ - TaskFunction_t pvTaskCode; - const char * pcName; /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ - uint32_t usStackDepth; - void * pvParameters; - UBaseType_t uxPriority; - StackType_t * puxStackBuffer; - MemoryRegion_t xRegions[ 1 ]; - - - -} TaskParameters_t; - -/* Used with the uxTaskGetSystemState() function to return the state of each task - * in the system. */ -typedef struct xTASK_STATUS -{ - TaskHandle_t xHandle; /* The handle of the task to which the rest of the information in the structure relates. */ - const char * pcTaskName; /* A pointer to the task's name. This value will be invalid if the task was deleted since the structure was populated! */ /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ - UBaseType_t xTaskNumber; /* A number unique to the task. */ - eTaskState eCurrentState; /* The state in which the task existed when the structure was populated. */ - UBaseType_t uxCurrentPriority; /* The priority at which the task was running (may be inherited) when the structure was populated. */ - UBaseType_t uxBasePriority; /* The priority to which the task will return if the task's current priority has been inherited to avoid unbounded priority inversion when obtaining a mutex. Only valid if configUSE_MUTEXES is defined as 1 in FreeRTOSConfig.h. */ - uint32_t ulRunTimeCounter; /* The total run time allocated to the task so far, as defined by the run time stats clock. See https://www.FreeRTOS.org/rtos-run-time-stats.html. Only valid when configGENERATE_RUN_TIME_STATS is defined as 1 in FreeRTOSConfig.h. */ - StackType_t * pxStackBase; /* Points to the lowest address of the task's stack area. */ - uint32_t usStackHighWaterMark; /* The minimum amount of stack space that has remained for the task since the task was created. The closer this value is to zero the closer the task has come to overflowing its stack. */ -} TaskStatus_t; - -/* Possible return values for eTaskConfirmSleepModeStatus(). */ -typedef enum -{ - eAbortSleep = 0, /* A task has been made ready or a context switch pended since portSUPPRESS_TICKS_AND_SLEEP() was called - abort entering a sleep mode. */ - eStandardSleep, /* Enter a sleep mode that will not last any longer than the expected idle time. */ - eNoTasksWaitingTimeout /* No tasks are waiting for a timeout so it is safe to enter a sleep mode that can only be exited by an external interrupt. */ -} eSleepModeStatus; - -/** - * Defines the priority used by the idle task. This must not be modified. - * - * \ingroup TaskUtils - */ - - -/** - * Defines affinity to all available cores. - * - */ - - - - -/** - * task. h - * - * Macro for forcing a context switch. - * - * \defgroup taskYIELD taskYIELD - * \ingroup SchedulerControl - */ - - -/** - * task. h - * - * Macro to mark the start of a critical code region. Preemptive context - * switches cannot occur when in a critical region. - * - * NOTE: This may alter the stack (depending on the portable implementation) - * so must be used with care! - * - * \defgroup taskENTER_CRITICAL taskENTER_CRITICAL - * \ingroup SchedulerControl - */ - - - -/** - * task. h - * - * Macro to mark the end of a critical code region. Preemptive context - * switches cannot occur when in a critical region. - * - * NOTE: This may alter the stack (depending on the portable implementation) - * so must be used with care! - * - * \defgroup taskEXIT_CRITICAL taskEXIT_CRITICAL - * \ingroup SchedulerControl - */ - - - -/** - * task. h - * - * Macro to disable all maskable interrupts. - * This also returns what the interrupt state was - * upon being called. This state may subsequently - * be passed to taskRESTORE_INTERRUPTS(). - * - * \defgroup taskDISABLE_INTERRUPTS taskDISABLE_INTERRUPTS - * \ingroup SchedulerControl - */ - - -/** - * task. h - * - * Macro to enable microcontroller interrupts. - * - * \defgroup taskENABLE_INTERRUPTS taskENABLE_INTERRUPTS - * \ingroup SchedulerControl - */ - - -/** - * task. h - * - * Macro to restore microcontroller interrupts to - * a previous state. - * - * \defgroup taskRESTORE_INTERRUPTS taskRESTORE_INTERRUPTS - * \ingroup SchedulerControl - */ - - -/** - * task. h - * - * Macro that determines if it is being called from within an ISR - * or a task. Returns non-zero if it is in an ISR. - * - * \defgroup taskCHECK_IF_IN_ISR taskCHECK_IF_IN_ISR - * \ingroup SchedulerControl - */ - - -/* Definitions returned by xTaskGetSchedulerState(). taskSCHEDULER_SUSPENDED is - * 0 to generate more optimal code when configASSERT() is defined as the constant - * is used in assert() statements. */ - - - - -/* Check if core value is valid */ - - -/*----------------------------------------------------------- -* TASK CREATION API -*----------------------------------------------------------*/ - -/** - * task. h - *
- * BaseType_t xTaskCreate(
- *                            TaskFunction_t pxTaskCode,
- *                            const char *pcName,
- *                            configSTACK_DEPTH_TYPE usStackDepth,
- *                            void *pvParameters,
- *                            UBaseType_t uxPriority,
- *                            TaskHandle_t *pxCreatedTask
- *                        );
- * 
- * - * Create a new task and add it to the list of tasks that are ready to run. - * - * Internally, within the FreeRTOS implementation, tasks use two blocks of - * memory. The first block is used to hold the task's data structures. The - * second block is used by the task as its stack. If a task is created using - * xTaskCreate() then both blocks of memory are automatically dynamically - * allocated inside the xTaskCreate() function. (see - * https://www.FreeRTOS.org/a00111.html). If a task is created using - * xTaskCreateStatic() then the application writer must provide the required - * memory. xTaskCreateStatic() therefore allows a task to be created without - * using any dynamic memory allocation. - * - * See xTaskCreateStatic() for a version that does not use any dynamic memory - * allocation. - * - * xTaskCreate() can only be used to create a task that has unrestricted - * access to the entire microcontroller memory map. Systems that include MPU - * support can alternatively create an MPU constrained task using - * xTaskCreateRestricted(). - * - * @param pxTaskCode Pointer to the task entry function. Tasks - * must be implemented to never return (i.e. continuous loop). - * - * @param pcName A descriptive name for the task. This is mainly used to - * facilitate debugging. Max length defined by configMAX_TASK_NAME_LEN - default - * is 16. - * - * @param usStackDepth The size of the task stack specified as the number of - * variables the stack can hold - not the number of bytes. For example, if - * the stack is 16 bits wide and usStackDepth is defined as 100, 200 bytes - * will be allocated for stack storage. - * - * @param pvParameters Pointer that will be used as the parameter for the task - * being created. - * - * @param uxPriority The priority at which the task should run. Systems that - * include MPU support can optionally create tasks in a privileged (system) - * mode by setting bit portPRIVILEGE_BIT of the priority parameter. For - * example, to create a privileged task at priority 2 the uxPriority parameter - * should be set to ( 2 | portPRIVILEGE_BIT ). - * - * @param pxCreatedTask Used to pass back a handle by which the created task - * can be referenced. - * - * @return pdPASS if the task was successfully created and added to a ready - * list, otherwise an error code defined in the file projdefs.h - * - * Example usage: - *
- * // Task to be created.
- * void vTaskCode( void * pvParameters )
- * {
- *   for( ;; )
- *   {
- *       // Task code goes here.
- *   }
- * }
- *
- * // Function that creates a task.
- * void vOtherFunction( void )
- * {
- * static uint8_t ucParameterToPass;
- * TaskHandle_t xHandle = NULL;
- *
- *   // Create the task, storing the handle.  Note that the passed parameter ucParameterToPass
- *   // must exist for the lifetime of the task, so in this case is declared static.  If it was just an
- *   // an automatic stack variable it might no longer exist, or at least have been corrupted, by the time
- *   // the new task attempts to access it.
- *   xTaskCreate( vTaskCode, "NAME", STACK_SIZE, &ucParameterToPass, tskIDLE_PRIORITY, &xHandle );
- *   configASSERT( xHandle );
- *
- *   // Use the handle to delete the task.
- *   if( xHandle != NULL )
- *   {
- *      vTaskDelete( xHandle );
- *   }
- * }
- * 
- * \defgroup xTaskCreate xTaskCreate - * \ingroup Tasks - */ - - BaseType_t xTaskCreate( TaskFunction_t pxTaskCode, - const char * pcName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ - const uint32_t usStackDepth, - void * pvParameters, - UBaseType_t uxPriority, - TaskHandle_t * pxCreatedTask ) ; -// # 424 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/task.h" -/** - * task. h - *
-* TaskHandle_t xTaskCreateStatic( TaskFunction_t pxTaskCode,
- *                               const char *pcName,
- *                               uint32_t ulStackDepth,
- *                               void *pvParameters,
- *                               UBaseType_t uxPriority,
- *                               StackType_t *puxStackBuffer,
- *                               StaticTask_t *pxTaskBuffer );
- * 
- * - * Create a new task and add it to the list of tasks that are ready to run. - * - * Internally, within the FreeRTOS implementation, tasks use two blocks of - * memory. The first block is used to hold the task's data structures. The - * second block is used by the task as its stack. If a task is created using - * xTaskCreate() then both blocks of memory are automatically dynamically - * allocated inside the xTaskCreate() function. (see - * https://www.FreeRTOS.org/a00111.html). If a task is created using - * xTaskCreateStatic() then the application writer must provide the required - * memory. xTaskCreateStatic() therefore allows a task to be created without - * using any dynamic memory allocation. - * - * @param pxTaskCode Pointer to the task entry function. Tasks - * must be implemented to never return (i.e. continuous loop). - * - * @param pcName A descriptive name for the task. This is mainly used to - * facilitate debugging. The maximum length of the string is defined by - * configMAX_TASK_NAME_LEN in FreeRTOSConfig.h. - * - * @param ulStackDepth The size of the task stack specified as the number of - * variables the stack can hold - not the number of bytes. For example, if - * the stack is 32-bits wide and ulStackDepth is defined as 100 then 400 bytes - * will be allocated for stack storage. - * - * @param pvParameters Pointer that will be used as the parameter for the task - * being created. - * - * @param uxPriority The priority at which the task will run. - * - * @param puxStackBuffer Must point to a StackType_t array that has at least - * ulStackDepth indexes - the array will then be used as the task's stack, - * removing the need for the stack to be allocated dynamically. - * - * @param pxTaskBuffer Must point to a variable of type StaticTask_t, which will - * then be used to hold the task's data structures, removing the need for the - * memory to be allocated dynamically. - * - * @return If neither puxStackBuffer nor pxTaskBuffer are NULL, then the task - * will be created and a handle to the created task is returned. If either - * puxStackBuffer or pxTaskBuffer are NULL then the task will not be created and - * NULL is returned. - * - * Example usage: - *
- *
- *  // Dimensions of the buffer that the task being created will use as its stack.
- *  // NOTE:  This is the number of words the stack will hold, not the number of
- *  // bytes.  For example, if each stack item is 32-bits, and this is set to 100,
- *  // then 400 bytes (100 * 32-bits) will be allocated.
- #define STACK_SIZE 200
- *
- *  // Structure that will hold the TCB of the task being created.
- *  StaticTask_t xTaskBuffer;
- *
- *  // Buffer that the task being created will use as its stack.  Note this is
- *  // an array of StackType_t variables.  The size of StackType_t is dependent on
- *  // the RTOS port.
- *  StackType_t xStack[ STACK_SIZE ];
- *
- *  // Function that implements the task being created.
- *  void vTaskCode( void * pvParameters )
- *  {
- *      // The parameter value is expected to be 1 as 1 is passed in the
- *      // pvParameters value in the call to xTaskCreateStatic().
- *      configASSERT( ( uint32_t ) pvParameters == 1UL );
- *
- *      for( ;; )
- *      {
- *          // Task code goes here.
- *      }
- *  }
- *
- *  // Function that creates a task.
- *  void vOtherFunction( void )
- *  {
- *      TaskHandle_t xHandle = NULL;
- *
- *      // Create the task without using any dynamic memory allocation.
- *      xHandle = xTaskCreateStatic(
- *                    vTaskCode,       // Function that implements the task.
- *                    "NAME",          // Text name for the task.
- *                    STACK_SIZE,      // Stack size in words, not bytes.
- *                    ( void * ) 1,    // Parameter passed into the task.
- *                    tskIDLE_PRIORITY,// Priority at which the task is created.
- *                    xStack,          // Array to use as the task's stack.
- *                    &xTaskBuffer );  // Variable to hold the task's data structure.
- *
- *      // puxStackBuffer and pxTaskBuffer were not NULL, so the task will have
- *      // been created, and xHandle will be the task's handle.  Use the handle
- *      // to suspend the task.
- *      vTaskSuspend( xHandle );
- *  }
- * 
- * \defgroup xTaskCreateStatic xTaskCreateStatic - * \ingroup Tasks - */ -// # 553 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/task.h" -/** - * task. h - *
- * BaseType_t xTaskCreateRestricted( TaskParameters_t *pxTaskDefinition, TaskHandle_t *pxCreatedTask );
- * 
- * - * Only available when configSUPPORT_DYNAMIC_ALLOCATION is set to 1. - * - * xTaskCreateRestricted() should only be used in systems that include an MPU - * implementation. - * - * Create a new task and add it to the list of tasks that are ready to run. - * The function parameters define the memory regions and associated access - * permissions allocated to the task. - * - * See xTaskCreateRestrictedStatic() for a version that does not use any - * dynamic memory allocation. - * - * @param pxTaskDefinition Pointer to a structure that contains a member - * for each of the normal xTaskCreate() parameters (see the xTaskCreate() API - * documentation) plus an optional stack buffer and the memory region - * definitions. - * - * @param pxCreatedTask Used to pass back a handle by which the created task - * can be referenced. - * - * @return pdPASS if the task was successfully created and added to a ready - * list, otherwise an error code defined in the file projdefs.h - * - * Example usage: - *
- * // Create an TaskParameters_t structure that defines the task to be created.
- * static const TaskParameters_t xCheckTaskParameters =
- * {
- *  vATask,     // pvTaskCode - the function that implements the task.
- *  "ATask",    // pcName - just a text name for the task to assist debugging.
- *  100,        // usStackDepth - the stack size DEFINED IN WORDS.
- *  NULL,       // pvParameters - passed into the task function as the function parameters.
- *  ( 1UL | portPRIVILEGE_BIT ),// uxPriority - task priority, set the portPRIVILEGE_BIT if the task should run in a privileged state.
- *  cStackBuffer,// puxStackBuffer - the buffer to be used as the task stack.
- *
- *  // xRegions - Allocate up to three separate memory regions for access by
- *  // the task, with appropriate access permissions.  Different processors have
- *  // different memory alignment requirements - refer to the FreeRTOS documentation
- *  // for full information.
- *  {
- *      // Base address                 Length  Parameters
- *      { cReadWriteArray,              32,     portMPU_REGION_READ_WRITE },
- *      { cReadOnlyArray,               32,     portMPU_REGION_READ_ONLY },
- *      { cPrivilegedOnlyAccessArray,   128,    portMPU_REGION_PRIVILEGED_READ_WRITE }
- *  }
- * };
- *
- * int main( void )
- * {
- * TaskHandle_t xHandle;
- *
- *  // Create a task from the const structure defined above.  The task handle
- *  // is requested (the second parameter is not NULL) but in this case just for
- *  // demonstration purposes as its not actually used.
- *  xTaskCreateRestricted( &xRegTest1Parameters, &xHandle );
- *
- *  // Start the scheduler.
- *  vTaskStartScheduler();
- *
- *  // Will only get here if there was insufficient memory to create the idle
- *  // and/or timer task.
- *  for( ;; );
- * }
- * 
- * \defgroup xTaskCreateRestricted xTaskCreateRestricted - * \ingroup Tasks - */ -// # 637 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/task.h" -/** - * task. h - *
- * BaseType_t xTaskCreateRestrictedStatic( TaskParameters_t *pxTaskDefinition, TaskHandle_t *pxCreatedTask );
- * 
- * - * Only available when configSUPPORT_STATIC_ALLOCATION is set to 1. - * - * xTaskCreateRestrictedStatic() should only be used in systems that include an - * MPU implementation. - * - * Internally, within the FreeRTOS implementation, tasks use two blocks of - * memory. The first block is used to hold the task's data structures. The - * second block is used by the task as its stack. If a task is created using - * xTaskCreateRestricted() then the stack is provided by the application writer, - * and the memory used to hold the task's data structure is automatically - * dynamically allocated inside the xTaskCreateRestricted() function. If a task - * is created using xTaskCreateRestrictedStatic() then the application writer - * must provide the memory used to hold the task's data structures too. - * xTaskCreateRestrictedStatic() therefore allows a memory protected task to be - * created without using any dynamic memory allocation. - * - * @param pxTaskDefinition Pointer to a structure that contains a member - * for each of the normal xTaskCreate() parameters (see the xTaskCreate() API - * documentation) plus an optional stack buffer and the memory region - * definitions. If configSUPPORT_STATIC_ALLOCATION is set to 1 the structure - * contains an additional member, which is used to point to a variable of type - * StaticTask_t - which is then used to hold the task's data structure. - * - * @param pxCreatedTask Used to pass back a handle by which the created task - * can be referenced. - * - * @return pdPASS if the task was successfully created and added to a ready - * list, otherwise an error code defined in the file projdefs.h - * - * Example usage: - *
- * // Create an TaskParameters_t structure that defines the task to be created.
- * // The StaticTask_t variable is only included in the structure when
- * // configSUPPORT_STATIC_ALLOCATION is set to 1.  The PRIVILEGED_DATA macro can
- * // be used to force the variable into the RTOS kernel's privileged data area.
- * static PRIVILEGED_DATA StaticTask_t xTaskBuffer;
- * static const TaskParameters_t xCheckTaskParameters =
- * {
- *  vATask,     // pvTaskCode - the function that implements the task.
- *  "ATask",    // pcName - just a text name for the task to assist debugging.
- *  100,        // usStackDepth - the stack size DEFINED IN WORDS.
- *  NULL,       // pvParameters - passed into the task function as the function parameters.
- *  ( 1UL | portPRIVILEGE_BIT ),// uxPriority - task priority, set the portPRIVILEGE_BIT if the task should run in a privileged state.
- *  cStackBuffer,// puxStackBuffer - the buffer to be used as the task stack.
- *
- *  // xRegions - Allocate up to three separate memory regions for access by
- *  // the task, with appropriate access permissions.  Different processors have
- *  // different memory alignment requirements - refer to the FreeRTOS documentation
- *  // for full information.
- *  {
- *      // Base address                 Length  Parameters
- *      { cReadWriteArray,              32,     portMPU_REGION_READ_WRITE },
- *      { cReadOnlyArray,               32,     portMPU_REGION_READ_ONLY },
- *      { cPrivilegedOnlyAccessArray,   128,    portMPU_REGION_PRIVILEGED_READ_WRITE }
- *  }
- *
- *  &xTaskBuffer; // Holds the task's data structure.
- * };
- *
- * int main( void )
- * {
- * TaskHandle_t xHandle;
- *
- *  // Create a task from the const structure defined above.  The task handle
- *  // is requested (the second parameter is not NULL) but in this case just for
- *  // demonstration purposes as its not actually used.
- *  xTaskCreateRestricted( &xRegTest1Parameters, &xHandle );
- *
- *  // Start the scheduler.
- *  vTaskStartScheduler();
- *
- *  // Will only get here if there was insufficient memory to create the idle
- *  // and/or timer task.
- *  for( ;; );
- * }
- * 
- * \defgroup xTaskCreateRestrictedStatic xTaskCreateRestrictedStatic - * \ingroup Tasks - */ -// # 733 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/task.h" -/** - * task. h - *
- * void vTaskAllocateMPURegions( TaskHandle_t xTask, const MemoryRegion_t * pxRegions );
- * 
- * - * Memory regions are assigned to a restricted task when the task is created by - * a call to xTaskCreateRestricted(). These regions can be redefined using - * vTaskAllocateMPURegions(). - * - * @param xTask The handle of the task being updated. - * - * @param xRegions A pointer to a MemoryRegion_t structure that contains the - * new memory region definitions. - * - * Example usage: - *
- * // Define an array of MemoryRegion_t structures that configures an MPU region
- * // allowing read/write access for 1024 bytes starting at the beginning of the
- * // ucOneKByte array.  The other two of the maximum 3 definable regions are
- * // unused so set to zero.
- * static const MemoryRegion_t xAltRegions[ portNUM_CONFIGURABLE_REGIONS ] =
- * {
- *  // Base address     Length      Parameters
- *  { ucOneKByte,       1024,       portMPU_REGION_READ_WRITE },
- *  { 0,                0,          0 },
- *  { 0,                0,          0 }
- * };
- *
- * void vATask( void *pvParameters )
- * {
- *  // This task was created such that it has access to certain regions of
- *  // memory as defined by the MPU configuration.  At some point it is
- *  // desired that these MPU regions are replaced with that defined in the
- *  // xAltRegions const struct above.  Use a call to vTaskAllocateMPURegions()
- *  // for this purpose.  NULL is used as the task handle to indicate that this
- *  // function should modify the MPU regions of the calling task.
- *  vTaskAllocateMPURegions( NULL, xAltRegions );
- *
- *  // Now the task can continue its function, but from this point on can only
- *  // access its stack and the ucOneKByte array (unless any other statically
- *  // defined or shared regions have been declared elsewhere).
- * }
- * 
- * \defgroup xTaskCreateRestricted xTaskCreateRestricted - * \ingroup Tasks - */ -void vTaskAllocateMPURegions( TaskHandle_t xTask, - const MemoryRegion_t * pxRegions ) ; - -/** - * task. h - *
- * void vTaskDelete( TaskHandle_t xTaskToDelete );
- * 
- * - * INCLUDE_vTaskDelete must be defined as 1 for this function to be available. - * See the configuration section for more information. - * - * Remove a task from the RTOS real time kernel's management. The task being - * deleted will be removed from all ready, blocked, suspended and event lists. - * - * NOTE: The idle task is responsible for freeing the kernel allocated - * memory from tasks that have been deleted. It is therefore important that - * the idle task is not starved of microcontroller processing time if your - * application makes any calls to vTaskDelete (). Memory allocated by the - * task code is not automatically freed, and should be freed before the task - * is deleted. - * - * See the demo application file death.c for sample code that utilises - * vTaskDelete (). - * - * @param xTaskToDelete The handle of the task to be deleted. Passing NULL will - * cause the calling task to be deleted. - * - * Example usage: - *
- * void vOtherFunction( void )
- * {
- * TaskHandle_t xHandle;
- *
- *   // Create the task, storing the handle.
- *   xTaskCreate( vTaskCode, "NAME", STACK_SIZE, NULL, tskIDLE_PRIORITY, &xHandle );
- *
- *   // Use the handle to delete the task.
- *   vTaskDelete( xHandle );
- * }
- * 
- * \defgroup vTaskDelete vTaskDelete - * \ingroup Tasks - */ -void vTaskDelete( TaskHandle_t xTaskToDelete ) ; - -/*----------------------------------------------------------- -* TASK CONTROL API -*----------------------------------------------------------*/ - -/** - * task. h - *
- * void vTaskDelay( const TickType_t xTicksToDelay );
- * 
- * - * Delay a task for a given number of ticks. The actual time that the - * task remains blocked depends on the tick rate. The constant - * portTICK_PERIOD_MS can be used to calculate real time from the tick - * rate - with the resolution of one tick period. - * - * INCLUDE_vTaskDelay must be defined as 1 for this function to be available. - * See the configuration section for more information. - * - * - * vTaskDelay() specifies a time at which the task wishes to unblock relative to - * the time at which vTaskDelay() is called. For example, specifying a block - * period of 100 ticks will cause the task to unblock 100 ticks after - * vTaskDelay() is called. vTaskDelay() does not therefore provide a good method - * of controlling the frequency of a periodic task as the path taken through the - * code, as well as other task and interrupt activity, will effect the frequency - * at which vTaskDelay() gets called and therefore the time at which the task - * next executes. See xTaskDelayUntil() for an alternative API function designed - * to facilitate fixed frequency execution. It does this by specifying an - * absolute time (rather than a relative time) at which the calling task should - * unblock. - * - * @param xTicksToDelay The amount of time, in tick periods, that - * the calling task should block. - * - * Example usage: - * - * void vTaskFunction( void * pvParameters ) - * { - * // Block for 500ms. - * TickType_t xDelay = 500 / portTICK_PERIOD_MS; - * - * for( ;; ) - * { - * // Simply toggle the LED every 500ms, blocking between each toggle. - * vToggleLED(); - * vTaskDelay( xDelay ); - * } - * } - * - * \defgroup vTaskDelay vTaskDelay - * \ingroup TaskCtrl - */ -void vTaskDelay( const TickType_t xTicksToDelay ) ; - -/** - * task. h - *
- * BaseType_t xTaskDelayUntil( TickType_t *pxPreviousWakeTime, const TickType_t xTimeIncrement );
- * 
- * - * INCLUDE_xTaskDelayUntil must be defined as 1 for this function to be available. - * See the configuration section for more information. - * - * Delay a task until a specified time. This function can be used by periodic - * tasks to ensure a constant execution frequency. - * - * This function differs from vTaskDelay () in one important aspect: vTaskDelay () will - * cause a task to block for the specified number of ticks from the time vTaskDelay () is - * called. It is therefore difficult to use vTaskDelay () by itself to generate a fixed - * execution frequency as the time between a task starting to execute and that task - * calling vTaskDelay () may not be fixed [the task may take a different path though the - * code between calls, or may get interrupted or preempted a different number of times - * each time it executes]. - * - * Whereas vTaskDelay () specifies a wake time relative to the time at which the function - * is called, xTaskDelayUntil () specifies the absolute (exact) time at which it wishes to - * unblock. - * - * The macro pdMS_TO_TICKS() can be used to calculate the number of ticks from a - * time specified in milliseconds with a resolution of one tick period. - * - * @param pxPreviousWakeTime Pointer to a variable that holds the time at which the - * task was last unblocked. The variable must be initialised with the current time - * prior to its first use (see the example below). Following this the variable is - * automatically updated within xTaskDelayUntil (). - * - * @param xTimeIncrement The cycle time period. The task will be unblocked at - * time *pxPreviousWakeTime + xTimeIncrement. Calling xTaskDelayUntil with the - * same xTimeIncrement parameter value will cause the task to execute with - * a fixed interface period. - * - * @return Value which can be used to check whether the task was actually delayed. - * Will be pdTRUE if the task way delayed and pdFALSE otherwise. A task will not - * be delayed if the next expected wake time is in the past. - * - * Example usage: - *
- * // Perform an action every 10 ticks.
- * void vTaskFunction( void * pvParameters )
- * {
- * TickType_t xLastWakeTime;
- * TickType_t xFrequency = 10;
- * BaseType_t xWasDelayed;
- *
- *     // Initialise the xLastWakeTime variable with the current time.
- *     xLastWakeTime = xTaskGetTickCount ();
- *     for( ;; )
- *     {
- *         // Wait for the next cycle.
- *         xWasDelayed = xTaskDelayUntil( &xLastWakeTime, xFrequency );
- *
- *         // Perform action here. xWasDelayed value can be used to determine
- *         // whether a deadline was missed if the code here took too long.
- *     }
- * }
- * 
- * \defgroup xTaskDelayUntil xTaskDelayUntil - * \ingroup TaskCtrl - */ -BaseType_t xTaskDelayUntil( TickType_t * pxPreviousWakeTime, - const TickType_t xTimeIncrement ) ; - -/* - * vTaskDelayUntil() is the older version of xTaskDelayUntil() and does not - * return a value. - */ - - - - - - -/** - * task. h - *
- * BaseType_t xTaskAbortDelay( TaskHandle_t xTask );
- * 
- * - * INCLUDE_xTaskAbortDelay must be defined as 1 in FreeRTOSConfig.h for this - * function to be available. - * - * A task will enter the Blocked state when it is waiting for an event. The - * event it is waiting for can be a temporal event (waiting for a time), such - * as when vTaskDelay() is called, or an event on an object, such as when - * xQueueReceive() or ulTaskNotifyTake() is called. If the handle of a task - * that is in the Blocked state is used in a call to xTaskAbortDelay() then the - * task will leave the Blocked state, and return from whichever function call - * placed the task into the Blocked state. - * - * There is no 'FromISR' version of this function as an interrupt would need to - * know which object a task was blocked on in order to know which actions to - * take. For example, if the task was blocked on a queue the interrupt handler - * would then need to know if the queue was locked. - * - * @param xTask The handle of the task to remove from the Blocked state. - * - * @return If the task referenced by xTask was not in the Blocked state then - * pdFAIL is returned. Otherwise pdPASS is returned. - * - * \defgroup xTaskAbortDelay xTaskAbortDelay - * \ingroup TaskCtrl - */ -BaseType_t xTaskAbortDelay( TaskHandle_t xTask ) ; - -/** - * task. h - *
- * UBaseType_t uxTaskPriorityGet( const TaskHandle_t xTask );
- * 
- * - * INCLUDE_uxTaskPriorityGet must be defined as 1 for this function to be available. - * See the configuration section for more information. - * - * Obtain the priority of any task. - * - * @param xTask Handle of the task to be queried. Passing a NULL - * handle results in the priority of the calling task being returned. - * - * @return The priority of xTask. - * - * Example usage: - *
- * void vAFunction( void )
- * {
- * TaskHandle_t xHandle;
- *
- *   // Create a task, storing the handle.
- *   xTaskCreate( vTaskCode, "NAME", STACK_SIZE, NULL, tskIDLE_PRIORITY, &xHandle );
- *
- *   // ...
- *
- *   // Use the handle to obtain the priority of the created task.
- *   // It was created with tskIDLE_PRIORITY, but may have changed
- *   // it itself.
- *   if( uxTaskPriorityGet( xHandle ) != tskIDLE_PRIORITY )
- *   {
- *       // The task has changed it's priority.
- *   }
- *
- *   // ...
- *
- *   // Is our priority higher than the created task?
- *   if( uxTaskPriorityGet( xHandle ) < uxTaskPriorityGet( NULL ) )
- *   {
- *       // Our priority (obtained using NULL handle) is higher.
- *   }
- * }
- * 
- * \defgroup uxTaskPriorityGet uxTaskPriorityGet - * \ingroup TaskCtrl - */ -UBaseType_t uxTaskPriorityGet( const TaskHandle_t xTask ) ; - -/** - * task. h - *
- * UBaseType_t uxTaskPriorityGetFromISR( const TaskHandle_t xTask );
- * 
- * - * A version of uxTaskPriorityGet() that can be used from an ISR. - */ -UBaseType_t uxTaskPriorityGetFromISR( const TaskHandle_t xTask ) ; - -/** - * task. h - *
- * eTaskState eTaskGetState( TaskHandle_t xTask );
- * 
- * - * INCLUDE_eTaskGetState must be defined as 1 for this function to be available. - * See the configuration section for more information. - * - * Obtain the state of any task. States are encoded by the eTaskState - * enumerated type. - * - * @param xTask Handle of the task to be queried. - * - * @return The state of xTask at the time the function was called. Note the - * state of the task might change between the function being called, and the - * functions return value being tested by the calling task. - */ -eTaskState eTaskGetState( TaskHandle_t xTask ) ; - -/** - * task. h - *
- * void vTaskGetInfo( TaskHandle_t xTask, TaskStatus_t *pxTaskStatus, BaseType_t xGetFreeStackSpace, eTaskState eState );
- * 
- * - * configUSE_TRACE_FACILITY must be defined as 1 for this function to be - * available. See the configuration section for more information. - * - * Populates a TaskStatus_t structure with information about a task. - * - * @param xTask Handle of the task being queried. If xTask is NULL then - * information will be returned about the calling task. - * - * @param pxTaskStatus A pointer to the TaskStatus_t structure that will be - * filled with information about the task referenced by the handle passed using - * the xTask parameter. - * - * @xGetFreeStackSpace The TaskStatus_t structure contains a member to report - * the stack high water mark of the task being queried. Calculating the stack - * high water mark takes a relatively long time, and can make the system - * temporarily unresponsive - so the xGetFreeStackSpace parameter is provided to - * allow the high water mark checking to be skipped. The high watermark value - * will only be written to the TaskStatus_t structure if xGetFreeStackSpace is - * not set to pdFALSE; - * - * @param eState The TaskStatus_t structure contains a member to report the - * state of the task being queried. Obtaining the task state is not as fast as - * a simple assignment - so the eState parameter is provided to allow the state - * information to be omitted from the TaskStatus_t structure. To obtain state - * information then set eState to eInvalid - otherwise the value passed in - * eState will be reported as the task state in the TaskStatus_t structure. - * - * Example usage: - *
- * void vAFunction( void )
- * {
- * TaskHandle_t xHandle;
- * TaskStatus_t xTaskDetails;
- *
- *  // Obtain the handle of a task from its name.
- *  xHandle = xTaskGetHandle( "Task_Name" );
- *
- *  // Check the handle is not NULL.
- *  configASSERT( xHandle );
- *
- *  // Use the handle to obtain further information about the task.
- *  vTaskGetInfo( xHandle,
- *                &xTaskDetails,
- *                pdTRUE, // Include the high water mark in xTaskDetails.
- *                eInvalid ); // Include the task state in xTaskDetails.
- * }
- * 
- * \defgroup vTaskGetInfo vTaskGetInfo - * \ingroup TaskCtrl - */ -void vTaskGetInfo( TaskHandle_t xTask, - TaskStatus_t * pxTaskStatus, - BaseType_t xGetFreeStackSpace, - eTaskState eState ) ; - -/** - * task. h - *
- * void vTaskPrioritySet( TaskHandle_t xTask, UBaseType_t uxNewPriority );
- * 
- * - * INCLUDE_vTaskPrioritySet must be defined as 1 for this function to be available. - * See the configuration section for more information. - * - * Set the priority of any task. - * - * A context switch will occur before the function returns if the priority - * being set is higher than the currently executing task. - * - * @param xTask Handle to the task for which the priority is being set. - * Passing a NULL handle results in the priority of the calling task being set. - * - * @param uxNewPriority The priority to which the task will be set. - * - * Example usage: - *
- * void vAFunction( void )
- * {
- * TaskHandle_t xHandle;
- *
- *   // Create a task, storing the handle.
- *   xTaskCreate( vTaskCode, "NAME", STACK_SIZE, NULL, tskIDLE_PRIORITY, &xHandle );
- *
- *   // ...
- *
- *   // Use the handle to raise the priority of the created task.
- *   vTaskPrioritySet( xHandle, tskIDLE_PRIORITY + 1 );
- *
- *   // ...
- *
- *   // Use a NULL handle to raise our priority to the same value.
- *   vTaskPrioritySet( NULL, tskIDLE_PRIORITY + 1 );
- * }
- * 
- * \defgroup vTaskPrioritySet vTaskPrioritySet - * \ingroup TaskCtrl - */ -void vTaskPrioritySet( TaskHandle_t xTask, - UBaseType_t uxNewPriority ) ; - -/** - * task. h - *
- * void vTaskSuspend( TaskHandle_t xTaskToSuspend );
- * 
- * - * INCLUDE_vTaskSuspend must be defined as 1 for this function to be available. - * See the configuration section for more information. - * - * Suspend any task. When suspended a task will never get any microcontroller - * processing time, no matter what its priority. - * - * Calls to vTaskSuspend are not accumulative - - * i.e. calling vTaskSuspend () twice on the same task still only requires one - * call to vTaskResume () to ready the suspended task. - * - * @param xTaskToSuspend Handle to the task being suspended. Passing a NULL - * handle will cause the calling task to be suspended. - * - * Example usage: - *
- * void vAFunction( void )
- * {
- * TaskHandle_t xHandle;
- *
- *   // Create a task, storing the handle.
- *   xTaskCreate( vTaskCode, "NAME", STACK_SIZE, NULL, tskIDLE_PRIORITY, &xHandle );
- *
- *   // ...
- *
- *   // Use the handle to suspend the created task.
- *   vTaskSuspend( xHandle );
- *
- *   // ...
- *
- *   // The created task will not run during this period, unless
- *   // another task calls vTaskResume( xHandle ).
- *
- *   //...
- *
- *
- *   // Suspend ourselves.
- *   vTaskSuspend( NULL );
- *
- *   // We cannot get here unless another task calls vTaskResume
- *   // with our handle as the parameter.
- * }
- * 
- * \defgroup vTaskSuspend vTaskSuspend - * \ingroup TaskCtrl - */ -void vTaskSuspend( TaskHandle_t xTaskToSuspend ) ; - -/** - * task. h - *
- * void vTaskResume( TaskHandle_t xTaskToResume );
- * 
- * - * INCLUDE_vTaskSuspend must be defined as 1 for this function to be available. - * See the configuration section for more information. - * - * Resumes a suspended task. - * - * A task that has been suspended by one or more calls to vTaskSuspend () - * will be made available for running again by a single call to - * vTaskResume (). - * - * @param xTaskToResume Handle to the task being readied. - * - * Example usage: - *
- * void vAFunction( void )
- * {
- * TaskHandle_t xHandle;
- *
- *   // Create a task, storing the handle.
- *   xTaskCreate( vTaskCode, "NAME", STACK_SIZE, NULL, tskIDLE_PRIORITY, &xHandle );
- *
- *   // ...
- *
- *   // Use the handle to suspend the created task.
- *   vTaskSuspend( xHandle );
- *
- *   // ...
- *
- *   // The created task will not run during this period, unless
- *   // another task calls vTaskResume( xHandle ).
- *
- *   //...
- *
- *
- *   // Resume the suspended task ourselves.
- *   vTaskResume( xHandle );
- *
- *   // The created task will once again get microcontroller processing
- *   // time in accordance with its priority within the system.
- * }
- * 
- * \defgroup vTaskResume vTaskResume - * \ingroup TaskCtrl - */ -void vTaskResume( TaskHandle_t xTaskToResume ) ; - -/** - * task. h - *
- * void xTaskResumeFromISR( TaskHandle_t xTaskToResume );
- * 
- * - * INCLUDE_xTaskResumeFromISR must be defined as 1 for this function to be - * available. See the configuration section for more information. - * - * An implementation of vTaskResume() that can be called from within an ISR. - * - * A task that has been suspended by one or more calls to vTaskSuspend () - * will be made available for running again by a single call to - * xTaskResumeFromISR (). - * - * xTaskResumeFromISR() should not be used to synchronise a task with an - * interrupt if there is a chance that the interrupt could arrive prior to the - * task being suspended - as this can lead to interrupts being missed. Use of a - * semaphore as a synchronisation mechanism would avoid this eventuality. - * - * @param xTaskToResume Handle to the task being readied. - * - * @return pdTRUE if resuming the task should result in a context switch, - * otherwise pdFALSE. This is used by the ISR to determine if a context switch - * may be required following the ISR. - * - * \defgroup vTaskResumeFromISR vTaskResumeFromISR - * \ingroup TaskCtrl - */ -BaseType_t xTaskResumeFromISR( TaskHandle_t xTaskToResume ) ; -// # 1397 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/task.h" -/** - * @brief Disables preemption for a task. - * - * @param xTask The handle of the task to disable preemption. Passing NULL - * disables preemption for the calling task. - * - * Example usage: - * - * void vTaskCode( void *pvParameters ) - * { - * // Silence warnings about unused parameters. - * ( void ) pvParameters; - * - * for( ;; ) - * { - * // ... Perform some function here. - * - * // Disable preemption for this task. - * vTaskPreemptionDisable( NULL ); - * - * // The task will not be preempted when it is executing in this portion ... - * - * // ... until the preemption is enabled again. - * vTaskPreemptionEnable( NULL ); - * - * // The task can be preempted when it is executing in this portion. - * } - * } - */ -void vTaskPreemptionDisable( const TaskHandle_t xTask ); - -/** - * @brief Enables preemption for a task. - * - * @param xTask The handle of the task to enable preemption. Passing NULL - * enables preemption for the calling task. - * - * Example usage: - * - * void vTaskCode( void *pvParameters ) - * { - * // Silence warnings about unused parameters. - * ( void ) pvParameters; - * - * for( ;; ) - * { - * // ... Perform some function here. - * - * // Disable preemption for this task. - * vTaskPreemptionDisable( NULL ); - * - * // The task will not be preempted when it is executing in this portion ... - * - * // ... until the preemption is enabled again. - * vTaskPreemptionEnable( NULL ); - * - * // The task can be preempted when it is executing in this portion. - * } - * } - */ -void vTaskPreemptionEnable( const TaskHandle_t xTask ); - -/*----------------------------------------------------------- -* SCHEDULER CONTROL -*----------------------------------------------------------*/ - -/** - * task. h - *
- * void vTaskStartScheduler( void );
- * 
- * - * Starts the real time kernel tick processing. After calling the kernel - * has control over which tasks are executed and when. - * - * See the demo application file main.c for an example of creating - * tasks and starting the kernel. - * - * Example usage: - *
- * void vAFunction( void )
- * {
- *   // Create at least one task before starting the kernel.
- *   xTaskCreate( vTaskCode, "NAME", STACK_SIZE, NULL, tskIDLE_PRIORITY, NULL );
- *
- *   // Start the real time kernel with preemption.
- *   vTaskStartScheduler ();
- *
- *   // Will not get here unless a task calls vTaskEndScheduler ()
- * }
- * 
- * - * \defgroup vTaskStartScheduler vTaskStartScheduler - * \ingroup SchedulerControl - */ -void vTaskStartScheduler( void ) ; - -/** - * task. h - *
- * void vTaskEndScheduler( void );
- * 
- * - * NOTE: At the time of writing only the x86 real mode port, which runs on a PC - * in place of DOS, implements this function. - * - * Stops the real time kernel tick. All created tasks will be automatically - * deleted and multitasking (either preemptive or cooperative) will - * stop. Execution then resumes from the point where vTaskStartScheduler () - * was called, as if vTaskStartScheduler () had just returned. - * - * See the demo application file main. c in the demo/PC directory for an - * example that uses vTaskEndScheduler (). - * - * vTaskEndScheduler () requires an exit function to be defined within the - * portable layer (see vPortEndScheduler () in port. c for the PC port). This - * performs hardware specific operations such as stopping the kernel tick. - * - * vTaskEndScheduler () will cause all of the resources allocated by the - * kernel to be freed - but will not free resources allocated by application - * tasks. - * - * Example usage: - *
- * void vTaskCode( void * pvParameters )
- * {
- *   for( ;; )
- *   {
- *       // Task code goes here.
- *
- *       // At some point we want to end the real time kernel processing
- *       // so call ...
- *       vTaskEndScheduler ();
- *   }
- * }
- *
- * void vAFunction( void )
- * {
- *   // Create at least one task before starting the kernel.
- *   xTaskCreate( vTaskCode, "NAME", STACK_SIZE, NULL, tskIDLE_PRIORITY, NULL );
- *
- *   // Start the real time kernel with preemption.
- *   vTaskStartScheduler ();
- *
- *   // Will only get here when the vTaskCode () task has called
- *   // vTaskEndScheduler ().  When we get here we are back to single task
- *   // execution.
- * }
- * 
- * - * \defgroup vTaskEndScheduler vTaskEndScheduler - * \ingroup SchedulerControl - */ -void vTaskEndScheduler( void ) ; - -/** - * task. h - *
- * void vTaskSuspendAll( void );
- * 
- * - * Suspends the scheduler without disabling interrupts. Context switches will - * not occur while the scheduler is suspended. - * - * After calling vTaskSuspendAll () the calling task will continue to execute - * without risk of being swapped out until a call to xTaskResumeAll () has been - * made. - * - * API functions that have the potential to cause a context switch (for example, - * xTaskDelayUntil(), xQueueSend(), etc.) must not be called while the scheduler - * is suspended. - * - * Example usage: - *
- * void vTask1( void * pvParameters )
- * {
- *   for( ;; )
- *   {
- *       // Task code goes here.
- *
- *       // ...
- *
- *       // At some point the task wants to perform a long operation during
- *       // which it does not want to get swapped out.  It cannot use
- *       // taskENTER_CRITICAL ()/taskEXIT_CRITICAL () as the length of the
- *       // operation may cause interrupts to be missed - including the
- *       // ticks.
- *
- *       // Prevent the real time kernel swapping out the task.
- *       vTaskSuspendAll ();
- *
- *       // Perform the operation here.  There is no need to use critical
- *       // sections as we have all the microcontroller processing time.
- *       // During this time interrupts will still operate and the kernel
- *       // tick count will be maintained.
- *
- *       // ...
- *
- *       // The operation is complete.  Restart the kernel.
- *       xTaskResumeAll ();
- *   }
- * }
- * 
- * \defgroup vTaskSuspendAll vTaskSuspendAll - * \ingroup SchedulerControl - */ -void vTaskSuspendAll( void ) ; - -/** - * task. h - *
- * BaseType_t xTaskResumeAll( void );
- * 
- * - * Resumes scheduler activity after it was suspended by a call to - * vTaskSuspendAll(). - * - * xTaskResumeAll() only resumes the scheduler. It does not unsuspend tasks - * that were previously suspended by a call to vTaskSuspend(). - * - * @return If resuming the scheduler caused a context switch then pdTRUE is - * returned, otherwise pdFALSE is returned. - * - * Example usage: - *
- * void vTask1( void * pvParameters )
- * {
- *   for( ;; )
- *   {
- *       // Task code goes here.
- *
- *       // ...
- *
- *       // At some point the task wants to perform a long operation during
- *       // which it does not want to get swapped out.  It cannot use
- *       // taskENTER_CRITICAL ()/taskEXIT_CRITICAL () as the length of the
- *       // operation may cause interrupts to be missed - including the
- *       // ticks.
- *
- *       // Prevent the real time kernel swapping out the task.
- *       vTaskSuspendAll ();
- *
- *       // Perform the operation here.  There is no need to use critical
- *       // sections as we have all the microcontroller processing time.
- *       // During this time interrupts will still operate and the real
- *       // time kernel tick count will be maintained.
- *
- *       // ...
- *
- *       // The operation is complete.  Restart the kernel.  We want to force
- *       // a context switch - but there is no point if resuming the scheduler
- *       // caused a context switch already.
- *       if( !xTaskResumeAll () )
- *       {
- *            taskYIELD ();
- *       }
- *   }
- * }
- * 
- * \defgroup xTaskResumeAll xTaskResumeAll - * \ingroup SchedulerControl - */ -BaseType_t xTaskResumeAll( void ) ; - -/*----------------------------------------------------------- -* TASK UTILITIES -*----------------------------------------------------------*/ - -/** - * task. h - *
TickType_t xTaskGetTickCount( void );
- * - * @return The count of ticks since vTaskStartScheduler was called. - * - * \defgroup xTaskGetTickCount xTaskGetTickCount - * \ingroup TaskUtils - */ -TickType_t xTaskGetTickCount( void ) ; - -/** - * task. h - *
TickType_t xTaskGetTickCountFromISR( void );
- * - * @return The count of ticks since vTaskStartScheduler was called. - * - * This is a version of xTaskGetTickCount() that is safe to be called from an - * ISR - provided that TickType_t is the natural word size of the - * microcontroller being used or interrupt nesting is either not supported or - * not being used. - * - * \defgroup xTaskGetTickCountFromISR xTaskGetTickCountFromISR - * \ingroup TaskUtils - */ -TickType_t xTaskGetTickCountFromISR( void ) ; - -/** - * task. h - *
uint16_t uxTaskGetNumberOfTasks( void );
- * - * @return The number of tasks that the real time kernel is currently managing. - * This includes all ready, blocked and suspended tasks. A task that - * has been deleted but not yet freed by the idle task will also be - * included in the count. - * - * \defgroup uxTaskGetNumberOfTasks uxTaskGetNumberOfTasks - * \ingroup TaskUtils - */ -UBaseType_t uxTaskGetNumberOfTasks( void ) ; - -/** - * task. h - *
char *pcTaskGetName( TaskHandle_t xTaskToQuery );
- * - * @return The text (human readable) name of the task referenced by the handle - * xTaskToQuery. A task can query its own name by either passing in its own - * handle, or by setting xTaskToQuery to NULL. - * - * \defgroup pcTaskGetName pcTaskGetName - * \ingroup TaskUtils - */ -char * pcTaskGetName( TaskHandle_t xTaskToQuery ) ; /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ - -/** - * task. h - *
TaskHandle_t xTaskGetHandle( const char *pcNameToQuery );
- * - * NOTE: This function takes a relatively long time to complete and should be - * used sparingly. - * - * @return The handle of the task that has the human readable name pcNameToQuery. - * NULL is returned if no matching name is found. INCLUDE_xTaskGetHandle - * must be set to 1 in FreeRTOSConfig.h for pcTaskGetHandle() to be available. - * - * \defgroup pcTaskGetHandle pcTaskGetHandle - * \ingroup TaskUtils - */ -TaskHandle_t xTaskGetHandle( const char * pcNameToQuery ) ; /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ - -/** - * task.h - *
UBaseType_t uxTaskGetStackHighWaterMark( TaskHandle_t xTask );
- * - * INCLUDE_uxTaskGetStackHighWaterMark must be set to 1 in FreeRTOSConfig.h for - * this function to be available. - * - * Returns the high water mark of the stack associated with xTask. That is, - * the minimum free stack space there has been (in words, so on a 32 bit machine - * a value of 1 means 4 bytes) since the task started. The smaller the returned - * number the closer the task has come to overflowing its stack. - * - * uxTaskGetStackHighWaterMark() and uxTaskGetStackHighWaterMark2() are the - * same except for their return type. Using configSTACK_DEPTH_TYPE allows the - * user to determine the return type. It gets around the problem of the value - * overflowing on 8-bit types without breaking backward compatibility for - * applications that expect an 8-bit return type. - * - * @param xTask Handle of the task associated with the stack to be checked. - * Set xTask to NULL to check the stack of the calling task. - * - * @return The smallest amount of free stack space there has been (in words, so - * actual spaces on the stack rather than bytes) since the task referenced by - * xTask was created. - */ -UBaseType_t uxTaskGetStackHighWaterMark( TaskHandle_t xTask ) ; - -/** - * task.h - *
configSTACK_DEPTH_TYPE uxTaskGetStackHighWaterMark2( TaskHandle_t xTask );
- * - * INCLUDE_uxTaskGetStackHighWaterMark2 must be set to 1 in FreeRTOSConfig.h for - * this function to be available. - * - * Returns the high water mark of the stack associated with xTask. That is, - * the minimum free stack space there has been (in words, so on a 32 bit machine - * a value of 1 means 4 bytes) since the task started. The smaller the returned - * number the closer the task has come to overflowing its stack. - * - * uxTaskGetStackHighWaterMark() and uxTaskGetStackHighWaterMark2() are the - * same except for their return type. Using configSTACK_DEPTH_TYPE allows the - * user to determine the return type. It gets around the problem of the value - * overflowing on 8-bit types without breaking backward compatibility for - * applications that expect an 8-bit return type. - * - * @param xTask Handle of the task associated with the stack to be checked. - * Set xTask to NULL to check the stack of the calling task. - * - * @return The smallest amount of free stack space there has been (in words, so - * actual spaces on the stack rather than bytes) since the task referenced by - * xTask was created. - */ -uint32_t uxTaskGetStackHighWaterMark2( TaskHandle_t xTask ) ; - -/* When using trace macros it is sometimes necessary to include task.h before - * FreeRTOS.h. When this is done TaskHookFunction_t will not yet have been defined, - * so the following two prototypes will cause a compilation error. This can be - * fixed by simply guarding against the inclusion of these two prototypes unless - * they are explicitly required by the configUSE_APPLICATION_TASK_TAG configuration - *ant. */ -// # 1838 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/task.h" -/* Each task contains an array of pointers that is dimensioned by the - * configNUM_THREAD_LOCAL_STORAGE_POINTERS setting in FreeRTOSConfig.h. The - * kernel does not use the pointers itself, so the application writer can use - * the pointers for any purpose they wish. The following two functions are - * used to set and query a pointer respectively. */ - void vTaskSetThreadLocalStoragePointer( TaskHandle_t xTaskToSet, - BaseType_t xIndex, - void * pvValue ) ; - void * pvTaskGetThreadLocalStoragePointer( TaskHandle_t xTaskToQuery, - BaseType_t xIndex ) ; - - - - - - /** - * task.h - *
void vApplicationStackOverflowHook( TaskHandle_t xTask char *pcTaskName); 
- * - * The application stack overflow hook is called when a stack overflow is detected for a task. - * - * Details on stack overflow detection can be found here: https://www.FreeRTOS.org/Stacks-and-stack-overflow-checking.html - * - * @param xTask the task that just exceeded its stack boundaries. - * @param pcTaskName A character string containing the name of the offending task. - */ - void vApplicationStackOverflowHook( TaskHandle_t xTask, - char * pcTaskName ); - - - - - /** - * task.h - *
void vApplicationTickHook( void ); 
- * - * This hook function is called in the system tick handler after any OS work is completed. - */ - void vApplicationTickHook( void ); /*lint !e526 Symbol not defined as it is an application callback. */ -// # 1897 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/task.h" -/** - * task.h - *
- * BaseType_t xTaskCallApplicationTaskHook( TaskHandle_t xTask, void *pvParameter );
- * 
- * - * Calls the hook function associated with xTask. Passing xTask as NULL has - * the effect of calling the Running tasks (the calling task) hook function. - * - * pvParameter is passed to the hook function for the task to interpret as it - * wants. The return value is the value returned by the task hook function - * registered by the user. - */ -BaseType_t xTaskCallApplicationTaskHook( TaskHandle_t xTask, - void * pvParameter ) ; - -/** - * xTaskGetIdleTaskHandle() is only available if - * INCLUDE_xTaskGetIdleTaskHandle is set to 1 in FreeRTOSConfig.h. - * - * Simply returns a pointer to the array of idle task handles. - * It is not valid to call xTaskGetIdleTaskHandle() before the scheduler has been started. - */ -TaskHandle_t *xTaskGetIdleTaskHandle( void ) ; - -/** - * configUSE_TRACE_FACILITY must be defined as 1 in FreeRTOSConfig.h for - * uxTaskGetSystemState() to be available. - * - * uxTaskGetSystemState() populates an TaskStatus_t structure for each task in - * the system. TaskStatus_t structures contain, among other things, members - * for the task handle, task name, task priority, task state, and total amount - * of run time consumed by the task. See the TaskStatus_t structure - * definition in this file for the full member list. - * - * NOTE: This function is intended for debugging use only as its use results in - * the scheduler remaining suspended for an extended period. - * - * @param pxTaskStatusArray A pointer to an array of TaskStatus_t structures. - * The array must contain at least one TaskStatus_t structure for each task - * that is under the control of the RTOS. The number of tasks under the control - * of the RTOS can be determined using the uxTaskGetNumberOfTasks() API function. - * - * @param uxArraySize The size of the array pointed to by the pxTaskStatusArray - * parameter. The size is specified as the number of indexes in the array, or - * the number of TaskStatus_t structures contained in the array, not by the - * number of bytes in the array. - * - * @param pulTotalRunTime If configGENERATE_RUN_TIME_STATS is set to 1 in - * FreeRTOSConfig.h then *pulTotalRunTime is set by uxTaskGetSystemState() to the - * total run time (as defined by the run time stats clock, see - * https://www.FreeRTOS.org/rtos-run-time-stats.html) since the target booted. - * pulTotalRunTime can be set to NULL to omit the total run time information. - * - * @return The number of TaskStatus_t structures that were populated by - * uxTaskGetSystemState(). This should equal the number returned by the - * uxTaskGetNumberOfTasks() API function, but will be zero if the value passed - * in the uxArraySize parameter was too small. - * - * Example usage: - *
- *  // This example demonstrates how a human readable table of run time stats
- *  // information is generated from raw data provided by uxTaskGetSystemState().
- *  // The human readable table is written to pcWriteBuffer
- *  void vTaskGetRunTimeStats( char *pcWriteBuffer )
- *  {
- *  TaskStatus_t *pxTaskStatusArray;
- *  volatile UBaseType_t uxArraySize, x;
- *  uint32_t ulTotalRunTime, ulStatsAsPercentage;
- *
- *      // Make sure the write buffer does not contain a string.
- * pcWriteBuffer = 0x00;
- *
- *      // Take a snapshot of the number of tasks in case it changes while this
- *      // function is executing.
- *      uxArraySize = uxTaskGetNumberOfTasks();
- *
- *      // Allocate a TaskStatus_t structure for each task.  An array could be
- *      // allocated statically at compile time.
- *      pxTaskStatusArray = pvPortMalloc( uxArraySize * sizeof( TaskStatus_t ) );
- *
- *      if( pxTaskStatusArray != NULL )
- *      {
- *          // Generate raw status information about each task.
- *          uxArraySize = uxTaskGetSystemState( pxTaskStatusArray, uxArraySize, &ulTotalRunTime );
- *
- *          // For percentage calculations.
- *          ulTotalRunTime /= 100UL;
- *
- *          // Avoid divide by zero errors.
- *          if( ulTotalRunTime > 0 )
- *          {
- *              // For each populated position in the pxTaskStatusArray array,
- *              // format the raw data as human readable ASCII data
- *              for( x = 0; x < uxArraySize; x++ )
- *              {
- *                  // What percentage of the total run time has the task used?
- *                  // This will always be rounded down to the nearest integer.
- *                  // ulTotalRunTimeDiv100 has already been divided by 100.
- *                  ulStatsAsPercentage = pxTaskStatusArray[ x ].ulRunTimeCounter / ulTotalRunTime;
- *
- *                  if( ulStatsAsPercentage > 0UL )
- *                  {
- *                      sprintf( pcWriteBuffer, "%s\t\t%lu\t\t%lu%%\r\n", pxTaskStatusArray[ x ].pcTaskName, pxTaskStatusArray[ x ].ulRunTimeCounter, ulStatsAsPercentage );
- *                  }
- *                  else
- *                  {
- *                      // If the percentage is zero here then the task has
- *                      // consumed less than 1% of the total run time.
- *                      sprintf( pcWriteBuffer, "%s\t\t%lu\t\t<1%%\r\n", pxTaskStatusArray[ x ].pcTaskName, pxTaskStatusArray[ x ].ulRunTimeCounter );
- *                  }
- *
- *                  pcWriteBuffer += strlen( ( char * ) pcWriteBuffer );
- *              }
- *          }
- *
- *          // The array is no longer needed, free the memory it consumes.
- *          vPortFree( pxTaskStatusArray );
- *      }
- *  }
- *  
- */ -UBaseType_t uxTaskGetSystemState( TaskStatus_t * pxTaskStatusArray, - const UBaseType_t uxArraySize, - uint32_t * pulTotalRunTime ) ; - -/** - * task. h - *
void vTaskList( char *pcWriteBuffer );
- * - * configUSE_TRACE_FACILITY and configUSE_STATS_FORMATTING_FUNCTIONS must - * both be defined as 1 for this function to be available. See the - * configuration section of the FreeRTOS.org website for more information. - * - * NOTE 1: This function will disable interrupts for its duration. It is - * not intended for normal application runtime use but as a debug aid. - * - * Lists all the current tasks, along with their current state and stack - * usage high water mark. - * - * Tasks are reported as blocked ('B'), ready ('R'), deleted ('D') or - * suspended ('S'). - * - * PLEASE NOTE: - * - * This function is provided for convenience only, and is used by many of the - * demo applications. Do not consider it to be part of the scheduler. - * - * vTaskList() calls uxTaskGetSystemState(), then formats part of the - * uxTaskGetSystemState() output into a human readable table that displays task: - * names, states, priority, stack usage and task number. - * Stack usage specified as the number of unused StackType_t words stack can hold - * on top of stack - not the number of bytes. - * - * vTaskList() has a dependency on the sprintf() C library function that might - * bloat the code size, use a lot of stack, and provide different results on - * different platforms. An alternative, tiny, third party, and limited - * functionality implementation of sprintf() is provided in many of the - * FreeRTOS/Demo sub-directories in a file called printf-stdarg.c (note - * printf-stdarg.c does not provide a full snprintf() implementation!). - * - * It is recommended that production systems call uxTaskGetSystemState() - * directly to get access to raw stats data, rather than indirectly through a - * call to vTaskList(). - * - * @param pcWriteBuffer A buffer into which the above mentioned details - * will be written, in ASCII form. This buffer is assumed to be large - * enough to contain the generated report. Approximately 40 bytes per - * task should be sufficient. - * - * \defgroup vTaskList vTaskList - * \ingroup TaskUtils - */ -void vTaskList( char * pcWriteBuffer ) ; /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ - -/** - * task. h - *
void vTaskGetRunTimeStats( char *pcWriteBuffer );
- * - * configGENERATE_RUN_TIME_STATS and configUSE_STATS_FORMATTING_FUNCTIONS - * must both be defined as 1 for this function to be available. The application - * must also then provide definitions for - * portCONFIGURE_TIMER_FOR_RUN_TIME_STATS() and portGET_RUN_TIME_COUNTER_VALUE() - * to configure a peripheral timer/counter and return the timers current count - * value respectively. The counter should be at least 10 times the frequency of - * the tick count. - * - * NOTE 1: This function will disable interrupts for its duration. It is - * not intended for normal application runtime use but as a debug aid. - * - * Setting configGENERATE_RUN_TIME_STATS to 1 will result in a total - * accumulated execution time being stored for each task. The resolution - * of the accumulated time value depends on the frequency of the timer - * configured by the portCONFIGURE_TIMER_FOR_RUN_TIME_STATS() macro. - * Calling vTaskGetRunTimeStats() writes the total execution time of each - * task into a buffer, both as an absolute count value and as a percentage - * of the total system execution time. - * - * NOTE 2: - * - * This function is provided for convenience only, and is used by many of the - * demo applications. Do not consider it to be part of the scheduler. - * - * vTaskGetRunTimeStats() calls uxTaskGetSystemState(), then formats part of the - * uxTaskGetSystemState() output into a human readable table that displays the - * amount of time each task has spent in the Running state in both absolute and - * percentage terms. - * - * vTaskGetRunTimeStats() has a dependency on the sprintf() C library function - * that might bloat the code size, use a lot of stack, and provide different - * results on different platforms. An alternative, tiny, third party, and - * limited functionality implementation of sprintf() is provided in many of the - * FreeRTOS/Demo sub-directories in a file called printf-stdarg.c (note - * printf-stdarg.c does not provide a full snprintf() implementation!). - * - * It is recommended that production systems call uxTaskGetSystemState() directly - * to get access to raw stats data, rather than indirectly through a call to - * vTaskGetRunTimeStats(). - * - * @param pcWriteBuffer A buffer into which the execution times will be - * written, in ASCII form. This buffer is assumed to be large enough to - * contain the generated report. Approximately 40 bytes per task should - * be sufficient. - * - * \defgroup vTaskGetRunTimeStats vTaskGetRunTimeStats - * \ingroup TaskUtils - */ -void vTaskGetRunTimeStats( char * pcWriteBuffer ) ; /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ - -/** - * task. h - *
uint32_t ulTaskGetIdleRunTimeCounter( void );
- * - * configGENERATE_RUN_TIME_STATS and configUSE_STATS_FORMATTING_FUNCTIONS - * must both be defined as 1 for this function to be available. The application - * must also then provide definitions for - * portCONFIGURE_TIMER_FOR_RUN_TIME_STATS() and portGET_RUN_TIME_COUNTER_VALUE() - * to configure a peripheral timer/counter and return the timers current count - * value respectively. The counter should be at least 10 times the frequency of - * the tick count. - * - * Setting configGENERATE_RUN_TIME_STATS to 1 will result in a total - * accumulated execution time being stored for each task. The resolution - * of the accumulated time value depends on the frequency of the timer - * configured by the portCONFIGURE_TIMER_FOR_RUN_TIME_STATS() macro. - * While uxTaskGetSystemState() and vTaskGetRunTimeStats() writes the total - * execution time of each task into a buffer, ulTaskGetIdleRunTimeCounter() - * returns the total execution time of just the idle task. - * - * @return The total run time of the idle task. This is the amount of time the - * idle task has actually been executing. The unit of time is dependent on the - * frequency configured using the portCONFIGURE_TIMER_FOR_RUN_TIME_STATS() and - * portGET_RUN_TIME_COUNTER_VALUE() macros. - * - * \defgroup ulTaskGetIdleRunTimeCounter ulTaskGetIdleRunTimeCounter - * \ingroup TaskUtils - */ -uint32_t ulTaskGetIdleRunTimeCounter( void ) ; - -/** - * task. h - *
BaseType_t xTaskNotifyIndexed( TaskHandle_t xTaskToNotify, UBaseType_t uxIndexToNotify, uint32_t ulValue, eNotifyAction eAction );
- *
BaseType_t xTaskNotify( TaskHandle_t xTaskToNotify, uint32_t ulValue, eNotifyAction eAction );
- * - * See https://www.FreeRTOS.org/RTOS-task-notifications.html for details. - * - * configUSE_TASK_NOTIFICATIONS must be undefined or defined as 1 for these - * functions to be available. - * - * Sends a direct to task notification to a task, with an optional value and - * action. - * - * Each task has a private array of "notification values" (or 'notifications'), - * each of which is a 32-bit unsigned integer (uint32_t). The constant - * configTASK_NOTIFICATION_ARRAY_ENTRIES sets the number of indexes in the - * array, and (for backward compatibility) defaults to 1 if left undefined. - * Prior to FreeRTOS V10.4.0 there was only one notification value per task. - * - * Events can be sent to a task using an intermediary object. Examples of such - * objects are queues, semaphores, mutexes and event groups. Task notifications - * are a method of sending an event directly to a task without the need for such - * an intermediary object. - * - * A notification sent to a task can optionally perform an action, such as - * update, overwrite or increment one of the task's notification values. In - * that way task notifications can be used to send data to a task, or be used as - * light weight and fast binary or counting semaphores. - * - * A task can use xTaskNotifyWaitIndexed() or ulTaskNotifyTakeIndexed() to - * [optionally] block to wait for a notification to be pending. The task does - * not consume any CPU time while it is in the Blocked state. - * - * A notification sent to a task will remain pending until it is cleared by the - * task calling xTaskNotifyWaitIndexed() or ulTaskNotifyTakeIndexed() (or their - * un-indexed equivalents). If the task was already in the Blocked state to - * wait for a notification when the notification arrives then the task will - * automatically be removed from the Blocked state (unblocked) and the - * notification cleared. - * - * **NOTE** Each notification within the array operates independently - a task - * can only block on one notification within the array at a time and will not be - * unblocked by a notification sent to any other array index. - * - * Backward compatibility information: - * Prior to FreeRTOS V10.4.0 each task had a single "notification value", and - * all task notification API functions operated on that value. Replacing the - * single notification value with an array of notification values necessitated a - * new set of API functions that could address specific notifications within the - * array. xTaskNotify() is the original API function, and remains backward - * compatible by always operating on the notification value at index 0 in the - * array. Calling xTaskNotify() is equivalent to calling xTaskNotifyIndexed() - * with the uxIndexToNotify parameter set to 0. - * - * @param xTaskToNotify The handle of the task being notified. The handle to a - * task can be returned from the xTaskCreate() API function used to create the - * task, and the handle of the currently running task can be obtained by calling - * xTaskGetCurrentTaskHandle(). - * - * @param uxIndexToNotify The index within the target task's array of - * notification values to which the notification is to be sent. uxIndexToNotify - * must be less than configTASK_NOTIFICATION_ARRAY_ENTRIES. xTaskNotify() does - * not have this parameter and always sends notifications to index 0. - * - * @param ulValue Data that can be sent with the notification. How the data is - * used depends on the value of the eAction parameter. - * - * @param eAction Specifies how the notification updates the task's notification - * value, if at all. Valid values for eAction are as follows: - * - * eSetBits - - * The target notification value is bitwise ORed with ulValue. - * xTaskNotifyIndexed() always returns pdPASS in this case. - * - * eIncrement - - * The target notification value is incremented. ulValue is not used and - * xTaskNotifyIndexed() always returns pdPASS in this case. - * - * eSetValueWithOverwrite - - * The target notification value is set to the value of ulValue, even if the - * task being notified had not yet processed the previous notification at the - * same array index (the task already had a notification pending at that index). - * xTaskNotifyIndexed() always returns pdPASS in this case. - * - * eSetValueWithoutOverwrite - - * If the task being notified did not already have a notification pending at the - * same array index then the target notification value is set to ulValue and - * xTaskNotifyIndexed() will return pdPASS. If the task being notified already - * had a notification pending at the same array index then no action is - * performed and pdFAIL is returned. - * - * eNoAction - - * The task receives a notification at the specified array index without the - * notification value at that index being updated. ulValue is not used and - * xTaskNotifyIndexed() always returns pdPASS in this case. - * - * pulPreviousNotificationValue - - * Can be used to pass out the subject task's notification value before any - * bits are modified by the notify function. - * - * @return Dependent on the value of eAction. See the description of the - * eAction parameter. - * - * \defgroup xTaskNotifyIndexed xTaskNotifyIndexed - * \ingroup TaskNotifications - */ -BaseType_t xTaskGenericNotify( TaskHandle_t xTaskToNotify, - UBaseType_t uxIndexToNotify, - uint32_t ulValue, - eNotifyAction eAction, - uint32_t * pulPreviousNotificationValue ) ; - - - - - -/** - * task. h - *
BaseType_t xTaskNotifyAndQueryIndexed( TaskHandle_t xTaskToNotify, UBaseType_t uxIndexToNotify, uint32_t ulValue, eNotifyAction eAction, uint32_t *pulPreviousNotifyValue );
- *
BaseType_t xTaskNotifyAndQuery( TaskHandle_t xTaskToNotify, uint32_t ulValue, eNotifyAction eAction, uint32_t *pulPreviousNotifyValue );
- * - * See https://www.FreeRTOS.org/RTOS-task-notifications.html for details. - * - * xTaskNotifyAndQueryIndexed() performs the same operation as - * xTaskNotifyIndexed() with the addition that it also returns the subject - * task's prior notification value (the notification value at the time the - * function is called rather than when the function returns) in the additional - * pulPreviousNotifyValue parameter. - * - * xTaskNotifyAndQuery() performs the same operation as xTaskNotify() with the - * addition that it also returns the subject task's prior notification value - * (the notification value as it was at the time the function is called, rather - * than when the function returns) in the additional pulPreviousNotifyValue - * parameter. - * - * \defgroup xTaskNotifyAndQueryIndexed xTaskNotifyAndQueryIndexed - * \ingroup TaskNotifications - */ - - - - - -/** - * task. h - *
BaseType_t xTaskNotifyIndexedFromISR( TaskHandle_t xTaskToNotify, UBaseType_t uxIndexToNotify, uint32_t ulValue, eNotifyAction eAction, BaseType_t *pxHigherPriorityTaskWoken );
- *
BaseType_t xTaskNotifyFromISR( TaskHandle_t xTaskToNotify, uint32_t ulValue, eNotifyAction eAction, BaseType_t *pxHigherPriorityTaskWoken );
- * - * See https://www.FreeRTOS.org/RTOS-task-notifications.html for details. - * - * configUSE_TASK_NOTIFICATIONS must be undefined or defined as 1 for these - * functions to be available. - * - * A version of xTaskNotifyIndexed() that can be used from an interrupt service - * routine (ISR). - * - * Each task has a private array of "notification values" (or 'notifications'), - * each of which is a 32-bit unsigned integer (uint32_t). The constant - * configTASK_NOTIFICATION_ARRAY_ENTRIES sets the number of indexes in the - * array, and (for backward compatibility) defaults to 1 if left undefined. - * Prior to FreeRTOS V10.4.0 there was only one notification value per task. - * - * Events can be sent to a task using an intermediary object. Examples of such - * objects are queues, semaphores, mutexes and event groups. Task notifications - * are a method of sending an event directly to a task without the need for such - * an intermediary object. - * - * A notification sent to a task can optionally perform an action, such as - * update, overwrite or increment one of the task's notification values. In - * that way task notifications can be used to send data to a task, or be used as - * light weight and fast binary or counting semaphores. - * - * A task can use xTaskNotifyWaitIndexed() to [optionally] block to wait for a - * notification to be pending, or ulTaskNotifyTakeIndexed() to [optionally] block - * to wait for a notification value to have a non-zero value. The task does - * not consume any CPU time while it is in the Blocked state. - * - * A notification sent to a task will remain pending until it is cleared by the - * task calling xTaskNotifyWaitIndexed() or ulTaskNotifyTakeIndexed() (or their - * un-indexed equivalents). If the task was already in the Blocked state to - * wait for a notification when the notification arrives then the task will - * automatically be removed from the Blocked state (unblocked) and the - * notification cleared. - * - * **NOTE** Each notification within the array operates independently - a task - * can only block on one notification within the array at a time and will not be - * unblocked by a notification sent to any other array index. - * - * Backward compatibility information: - * Prior to FreeRTOS V10.4.0 each task had a single "notification value", and - * all task notification API functions operated on that value. Replacing the - * single notification value with an array of notification values necessitated a - * new set of API functions that could address specific notifications within the - * array. xTaskNotifyFromISR() is the original API function, and remains - * backward compatible by always operating on the notification value at index 0 - * within the array. Calling xTaskNotifyFromISR() is equivalent to calling - * xTaskNotifyIndexedFromISR() with the uxIndexToNotify parameter set to 0. - * - * @param uxIndexToNotify The index within the target task's array of - * notification values to which the notification is to be sent. uxIndexToNotify - * must be less than configTASK_NOTIFICATION_ARRAY_ENTRIES. xTaskNotifyFromISR() - * does not have this parameter and always sends notifications to index 0. - * - * @param xTaskToNotify The handle of the task being notified. The handle to a - * task can be returned from the xTaskCreate() API function used to create the - * task, and the handle of the currently running task can be obtained by calling - * xTaskGetCurrentTaskHandle(). - * - * @param ulValue Data that can be sent with the notification. How the data is - * used depends on the value of the eAction parameter. - * - * @param eAction Specifies how the notification updates the task's notification - * value, if at all. Valid values for eAction are as follows: - * - * eSetBits - - * The task's notification value is bitwise ORed with ulValue. xTaskNotify() - * always returns pdPASS in this case. - * - * eIncrement - - * The task's notification value is incremented. ulValue is not used and - * xTaskNotify() always returns pdPASS in this case. - * - * eSetValueWithOverwrite - - * The task's notification value is set to the value of ulValue, even if the - * task being notified had not yet processed the previous notification (the - * task already had a notification pending). xTaskNotify() always returns - * pdPASS in this case. - * - * eSetValueWithoutOverwrite - - * If the task being notified did not already have a notification pending then - * the task's notification value is set to ulValue and xTaskNotify() will - * return pdPASS. If the task being notified already had a notification - * pending then no action is performed and pdFAIL is returned. - * - * eNoAction - - * The task receives a notification without its notification value being - * updated. ulValue is not used and xTaskNotify() always returns pdPASS in - * this case. - * - * @param pxHigherPriorityTaskWoken xTaskNotifyFromISR() will set - * *pxHigherPriorityTaskWoken to pdTRUE if sending the notification caused the - * task to which the notification was sent to leave the Blocked state, and the - * unblocked task has a priority higher than the currently running task. If - * xTaskNotifyFromISR() sets this value to pdTRUE then a context switch should - * be requested before the interrupt is exited. How a context switch is - * requested from an ISR is dependent on the port - see the documentation page - * for the port in use. - * - * @return Dependent on the value of eAction. See the description of the - * eAction parameter. - * - * \defgroup xTaskNotifyIndexedFromISR xTaskNotifyIndexedFromISR - * \ingroup TaskNotifications - */ -BaseType_t xTaskGenericNotifyFromISR( TaskHandle_t xTaskToNotify, - UBaseType_t uxIndexToNotify, - uint32_t ulValue, - eNotifyAction eAction, - uint32_t * pulPreviousNotificationValue, - BaseType_t * pxHigherPriorityTaskWoken ) ; - - - - - -/** - * task. h - *
BaseType_t xTaskNotifyAndQueryIndexedFromISR( TaskHandle_t xTaskToNotify, UBaseType_t uxIndexToNotify, uint32_t ulValue, eNotifyAction eAction, uint32_t *pulPreviousNotificationValue, BaseType_t *pxHigherPriorityTaskWoken );
- *
BaseType_t xTaskNotifyAndQueryFromISR( TaskHandle_t xTaskToNotify, uint32_t ulValue, eNotifyAction eAction, uint32_t *pulPreviousNotificationValue, BaseType_t *pxHigherPriorityTaskWoken );
- * - * See https://www.FreeRTOS.org/RTOS-task-notifications.html for details. - * - * xTaskNotifyAndQueryIndexedFromISR() performs the same operation as - * xTaskNotifyIndexedFromISR() with the addition that it also returns the - * subject task's prior notification value (the notification value at the time - * the function is called rather than at the time the function returns) in the - * additional pulPreviousNotifyValue parameter. - * - * xTaskNotifyAndQueryFromISR() performs the same operation as - * xTaskNotifyFromISR() with the addition that it also returns the subject - * task's prior notification value (the notification value at the time the - * function is called rather than at the time the function returns) in the - * additional pulPreviousNotifyValue parameter. - * - * \defgroup xTaskNotifyAndQueryIndexedFromISR xTaskNotifyAndQueryIndexedFromISR - * \ingroup TaskNotifications - */ - - - - - -/** - * task. h - *
- * BaseType_t xTaskNotifyWaitIndexed( UBaseType_t uxIndexToWaitOn, uint32_t ulBitsToClearOnEntry, uint32_t ulBitsToClearOnExit, uint32_t *pulNotificationValue, TickType_t xTicksToWait );
- *
- * BaseType_t xTaskNotifyWait( uint32_t ulBitsToClearOnEntry, uint32_t ulBitsToClearOnExit, uint32_t *pulNotificationValue, TickType_t xTicksToWait );
- * 
- * - * Waits for a direct to task notification to be pending at a given index within - * an array of direct to task notifications. - * - * See https://www.FreeRTOS.org/RTOS-task-notifications.html for details. - * - * configUSE_TASK_NOTIFICATIONS must be undefined or defined as 1 for this - * function to be available. - * - * Each task has a private array of "notification values" (or 'notifications'), - * each of which is a 32-bit unsigned integer (uint32_t). The constant - * configTASK_NOTIFICATION_ARRAY_ENTRIES sets the number of indexes in the - * array, and (for backward compatibility) defaults to 1 if left undefined. - * Prior to FreeRTOS V10.4.0 there was only one notification value per task. - * - * Events can be sent to a task using an intermediary object. Examples of such - * objects are queues, semaphores, mutexes and event groups. Task notifications - * are a method of sending an event directly to a task without the need for such - * an intermediary object. - * - * A notification sent to a task can optionally perform an action, such as - * update, overwrite or increment one of the task's notification values. In - * that way task notifications can be used to send data to a task, or be used as - * light weight and fast binary or counting semaphores. - * - * A notification sent to a task will remain pending until it is cleared by the - * task calling xTaskNotifyWaitIndexed() or ulTaskNotifyTakeIndexed() (or their - * un-indexed equivalents). If the task was already in the Blocked state to - * wait for a notification when the notification arrives then the task will - * automatically be removed from the Blocked state (unblocked) and the - * notification cleared. - * - * A task can use xTaskNotifyWaitIndexed() to [optionally] block to wait for a - * notification to be pending, or ulTaskNotifyTakeIndexed() to [optionally] block - * to wait for a notification value to have a non-zero value. The task does - * not consume any CPU time while it is in the Blocked state. - * - * **NOTE** Each notification within the array operates independently - a task - * can only block on one notification within the array at a time and will not be - * unblocked by a notification sent to any other array index. - * - * Backward compatibility information: - * Prior to FreeRTOS V10.4.0 each task had a single "notification value", and - * all task notification API functions operated on that value. Replacing the - * single notification value with an array of notification values necessitated a - * new set of API functions that could address specific notifications within the - * array. xTaskNotifyWait() is the original API function, and remains backward - * compatible by always operating on the notification value at index 0 in the - * array. Calling xTaskNotifyWait() is equivalent to calling - * xTaskNotifyWaitIndexed() with the uxIndexToWaitOn parameter set to 0. - * - * @param uxIndexToWaitOn The index within the calling task's array of - * notification values on which the calling task will wait for a notification to - * be received. uxIndexToWaitOn must be less than - * configTASK_NOTIFICATION_ARRAY_ENTRIES. xTaskNotifyWait() does - * not have this parameter and always waits for notifications on index 0. - * - * @param ulBitsToClearOnEntry Bits that are set in ulBitsToClearOnEntry value - * will be cleared in the calling task's notification value before the task - * checks to see if any notifications are pending, and optionally blocks if no - * notifications are pending. Setting ulBitsToClearOnEntry to ULONG_MAX (if - * limits.h is included) or 0xffffffffUL (if limits.h is not included) will have - * the effect of resetting the task's notification value to 0. Setting - * ulBitsToClearOnEntry to 0 will leave the task's notification value unchanged. - * - * @param ulBitsToClearOnExit If a notification is pending or received before - * the calling task exits the xTaskNotifyWait() function then the task's - * notification value (see the xTaskNotify() API function) is passed out using - * the pulNotificationValue parameter. Then any bits that are set in - * ulBitsToClearOnExit will be cleared in the task's notification value (note - * *pulNotificationValue is set before any bits are cleared). Setting - * ulBitsToClearOnExit to ULONG_MAX (if limits.h is included) or 0xffffffffUL - * (if limits.h is not included) will have the effect of resetting the task's - * notification value to 0 before the function exits. Setting - * ulBitsToClearOnExit to 0 will leave the task's notification value unchanged - * when the function exits (in which case the value passed out in - * pulNotificationValue will match the task's notification value). - * - * @param pulNotificationValue Used to pass the task's notification value out - * of the function. Note the value passed out will not be effected by the - * clearing of any bits caused by ulBitsToClearOnExit being non-zero. - * - * @param xTicksToWait The maximum amount of time that the task should wait in - * the Blocked state for a notification to be received, should a notification - * not already be pending when xTaskNotifyWait() was called. The task - * will not consume any processing time while it is in the Blocked state. This - * is specified in kernel ticks, the macro pdMS_TO_TICKS( value_in_ms ) can be - * used to convert a time specified in milliseconds to a time specified in - * ticks. - * - * @return If a notification was received (including notifications that were - * already pending when xTaskNotifyWait was called) then pdPASS is - * returned. Otherwise pdFAIL is returned. - * - * \defgroup xTaskNotifyWaitIndexed xTaskNotifyWaitIndexed - * \ingroup TaskNotifications - */ -BaseType_t xTaskGenericNotifyWait( UBaseType_t uxIndexToWaitOn, - uint32_t ulBitsToClearOnEntry, - uint32_t ulBitsToClearOnExit, - uint32_t * pulNotificationValue, - TickType_t xTicksToWait ) ; - - - - - -/** - * task. h - *
BaseType_t xTaskNotifyGiveIndexed( TaskHandle_t xTaskToNotify, UBaseType_t uxIndexToNotify );
- *
BaseType_t xTaskNotifyGive( TaskHandle_t xTaskToNotify );
- * - * Sends a direct to task notification to a particular index in the target - * task's notification array in a manner similar to giving a counting semaphore. - * - * See https://www.FreeRTOS.org/RTOS-task-notifications.html for more details. - * - * configUSE_TASK_NOTIFICATIONS must be undefined or defined as 1 for these - * macros to be available. - * - * Each task has a private array of "notification values" (or 'notifications'), - * each of which is a 32-bit unsigned integer (uint32_t). The constant - * configTASK_NOTIFICATION_ARRAY_ENTRIES sets the number of indexes in the - * array, and (for backward compatibility) defaults to 1 if left undefined. - * Prior to FreeRTOS V10.4.0 there was only one notification value per task. - * - * Events can be sent to a task using an intermediary object. Examples of such - * objects are queues, semaphores, mutexes and event groups. Task notifications - * are a method of sending an event directly to a task without the need for such - * an intermediary object. - * - * A notification sent to a task can optionally perform an action, such as - * update, overwrite or increment one of the task's notification values. In - * that way task notifications can be used to send data to a task, or be used as - * light weight and fast binary or counting semaphores. - * - * xTaskNotifyGiveIndexed() is a helper macro intended for use when task - * notifications are used as light weight and faster binary or counting - * semaphore equivalents. Actual FreeRTOS semaphores are given using the - * xSemaphoreGive() API function, the equivalent action that instead uses a task - * notification is xTaskNotifyGiveIndexed(). - * - * When task notifications are being used as a binary or counting semaphore - * equivalent then the task being notified should wait for the notification - * using the ulTaskNotificationTakeIndexed() API function rather than the - * xTaskNotifyWaitIndexed() API function. - * - * **NOTE** Each notification within the array operates independently - a task - * can only block on one notification within the array at a time and will not be - * unblocked by a notification sent to any other array index. - * - * Backward compatibility information: - * Prior to FreeRTOS V10.4.0 each task had a single "notification value", and - * all task notification API functions operated on that value. Replacing the - * single notification value with an array of notification values necessitated a - * new set of API functions that could address specific notifications within the - * array. xTaskNotifyGive() is the original API function, and remains backward - * compatible by always operating on the notification value at index 0 in the - * array. Calling xTaskNotifyGive() is equivalent to calling - * xTaskNotifyGiveIndexed() with the uxIndexToNotify parameter set to 0. - * - * @param xTaskToNotify The handle of the task being notified. The handle to a - * task can be returned from the xTaskCreate() API function used to create the - * task, and the handle of the currently running task can be obtained by calling - * xTaskGetCurrentTaskHandle(). - * - * @param uxIndexToNotify The index within the target task's array of - * notification values to which the notification is to be sent. uxIndexToNotify - * must be less than configTASK_NOTIFICATION_ARRAY_ENTRIES. xTaskNotifyGive() - * does not have this parameter and always sends notifications to index 0. - * - * @return xTaskNotifyGive() is a macro that calls xTaskNotify() with the - * eAction parameter set to eIncrement - so pdPASS is always returned. - * - * \defgroup xTaskNotifyGiveIndexed xTaskNotifyGiveIndexed - * \ingroup TaskNotifications - */ - - - - - -/** - * task. h - *
void vTaskNotifyGiveIndexedFromISR( TaskHandle_t xTaskHandle, UBaseType_t uxIndexToNotify, BaseType_t *pxHigherPriorityTaskWoken );
- *
void vTaskNotifyGiveFromISR( TaskHandle_t xTaskHandle, BaseType_t *pxHigherPriorityTaskWoken );
- * - * A version of xTaskNotifyGiveIndexed() that can be called from an interrupt - * service routine (ISR). - * - * See https://www.FreeRTOS.org/RTOS-task-notifications.html for more details. - * - * configUSE_TASK_NOTIFICATIONS must be undefined or defined as 1 for this macro - * to be available. - * - * Each task has a private array of "notification values" (or 'notifications'), - * each of which is a 32-bit unsigned integer (uint32_t). The constant - * configTASK_NOTIFICATION_ARRAY_ENTRIES sets the number of indexes in the - * array, and (for backward compatibility) defaults to 1 if left undefined. - * Prior to FreeRTOS V10.4.0 there was only one notification value per task. - * - * Events can be sent to a task using an intermediary object. Examples of such - * objects are queues, semaphores, mutexes and event groups. Task notifications - * are a method of sending an event directly to a task without the need for such - * an intermediary object. - * - * A notification sent to a task can optionally perform an action, such as - * update, overwrite or increment one of the task's notification values. In - * that way task notifications can be used to send data to a task, or be used as - * light weight and fast binary or counting semaphores. - * - * vTaskNotifyGiveIndexedFromISR() is intended for use when task notifications - * are used as light weight and faster binary or counting semaphore equivalents. - * Actual FreeRTOS semaphores are given from an ISR using the - * xSemaphoreGiveFromISR() API function, the equivalent action that instead uses - * a task notification is vTaskNotifyGiveIndexedFromISR(). - * - * When task notifications are being used as a binary or counting semaphore - * equivalent then the task being notified should wait for the notification - * using the ulTaskNotificationTakeIndexed() API function rather than the - * xTaskNotifyWaitIndexed() API function. - * - * **NOTE** Each notification within the array operates independently - a task - * can only block on one notification within the array at a time and will not be - * unblocked by a notification sent to any other array index. - * - * Backward compatibility information: - * Prior to FreeRTOS V10.4.0 each task had a single "notification value", and - * all task notification API functions operated on that value. Replacing the - * single notification value with an array of notification values necessitated a - * new set of API functions that could address specific notifications within the - * array. xTaskNotifyFromISR() is the original API function, and remains - * backward compatible by always operating on the notification value at index 0 - * within the array. Calling xTaskNotifyGiveFromISR() is equivalent to calling - * xTaskNotifyGiveIndexedFromISR() with the uxIndexToNotify parameter set to 0. - * - * @param xTaskToNotify The handle of the task being notified. The handle to a - * task can be returned from the xTaskCreate() API function used to create the - * task, and the handle of the currently running task can be obtained by calling - * xTaskGetCurrentTaskHandle(). - * - * @param uxIndexToNotify The index within the target task's array of - * notification values to which the notification is to be sent. uxIndexToNotify - * must be less than configTASK_NOTIFICATION_ARRAY_ENTRIES. - * xTaskNotifyGiveFromISR() does not have this parameter and always sends - * notifications to index 0. - * - * @param pxHigherPriorityTaskWoken vTaskNotifyGiveFromISR() will set - * *pxHigherPriorityTaskWoken to pdTRUE if sending the notification caused the - * task to which the notification was sent to leave the Blocked state, and the - * unblocked task has a priority higher than the currently running task. If - * vTaskNotifyGiveFromISR() sets this value to pdTRUE then a context switch - * should be requested before the interrupt is exited. How a context switch is - * requested from an ISR is dependent on the port - see the documentation page - * for the port in use. - * - * \defgroup vTaskNotifyGiveIndexedFromISR vTaskNotifyGiveIndexedFromISR - * \ingroup TaskNotifications - */ -void vTaskGenericNotifyGiveFromISR( TaskHandle_t xTaskToNotify, - UBaseType_t uxIndexToNotify, - BaseType_t * pxHigherPriorityTaskWoken ) ; - - - - - -/** - * task. h - *
- * uint32_t ulTaskNotifyTakeIndexed( UBaseType_t uxIndexToWaitOn, BaseType_t xClearCountOnExit, TickType_t xTicksToWait );
- *
- * uint32_t ulTaskNotifyTake( BaseType_t xClearCountOnExit, TickType_t xTicksToWait );
- * 
- * - * Waits for a direct to task notification on a particular index in the calling - * task's notification array in a manner similar to taking a counting semaphore. - * - * See https://www.FreeRTOS.org/RTOS-task-notifications.html for details. - * - * configUSE_TASK_NOTIFICATIONS must be undefined or defined as 1 for this - * function to be available. - * - * Each task has a private array of "notification values" (or 'notifications'), - * each of which is a 32-bit unsigned integer (uint32_t). The constant - * configTASK_NOTIFICATION_ARRAY_ENTRIES sets the number of indexes in the - * array, and (for backward compatibility) defaults to 1 if left undefined. - * Prior to FreeRTOS V10.4.0 there was only one notification value per task. - * - * Events can be sent to a task using an intermediary object. Examples of such - * objects are queues, semaphores, mutexes and event groups. Task notifications - * are a method of sending an event directly to a task without the need for such - * an intermediary object. - * - * A notification sent to a task can optionally perform an action, such as - * update, overwrite or increment one of the task's notification values. In - * that way task notifications can be used to send data to a task, or be used as - * light weight and fast binary or counting semaphores. - * - * ulTaskNotifyTakeIndexed() is intended for use when a task notification is - * used as a faster and lighter weight binary or counting semaphore alternative. - * Actual FreeRTOS semaphores are taken using the xSemaphoreTake() API function, - * the equivalent action that instead uses a task notification is - * ulTaskNotifyTakeIndexed(). - * - * When a task is using its notification value as a binary or counting semaphore - * other tasks should send notifications to it using the xTaskNotifyGiveIndexed() - * macro, or xTaskNotifyIndex() function with the eAction parameter set to - * eIncrement. - * - * ulTaskNotifyTakeIndexed() can either clear the task's notification value at - * the array index specified by the uxIndexToWaitOn parameter to zero on exit, - * in which case the notification value acts like a binary semaphore, or - * decrement the notification value on exit, in which case the notification - * value acts like a counting semaphore. - * - * A task can use ulTaskNotifyTakeIndexed() to [optionally] block to wait for - * a notification. The task does not consume any CPU time while it is in the - * Blocked state. - * - * Where as xTaskNotifyWaitIndexed() will return when a notification is pending, - * ulTaskNotifyTakeIndexed() will return when the task's notification value is - * not zero. - * - * **NOTE** Each notification within the array operates independently - a task - * can only block on one notification within the array at a time and will not be - * unblocked by a notification sent to any other array index. - * - * Backward compatibility information: - * Prior to FreeRTOS V10.4.0 each task had a single "notification value", and - * all task notification API functions operated on that value. Replacing the - * single notification value with an array of notification values necessitated a - * new set of API functions that could address specific notifications within the - * array. ulTaskNotifyTake() is the original API function, and remains backward - * compatible by always operating on the notification value at index 0 in the - * array. Calling ulTaskNotifyTake() is equivalent to calling - * ulTaskNotifyTakeIndexed() with the uxIndexToWaitOn parameter set to 0. - * - * @param uxIndexToWaitOn The index within the calling task's array of - * notification values on which the calling task will wait for a notification to - * be non-zero. uxIndexToWaitOn must be less than - * configTASK_NOTIFICATION_ARRAY_ENTRIES. xTaskNotifyTake() does - * not have this parameter and always waits for notifications on index 0. - * - * @param xClearCountOnExit if xClearCountOnExit is pdFALSE then the task's - * notification value is decremented when the function exits. In this way the - * notification value acts like a counting semaphore. If xClearCountOnExit is - * not pdFALSE then the task's notification value is cleared to zero when the - * function exits. In this way the notification value acts like a binary - * semaphore. - * - * @param xTicksToWait The maximum amount of time that the task should wait in - * the Blocked state for the task's notification value to be greater than zero, - * should the count not already be greater than zero when - * ulTaskNotifyTake() was called. The task will not consume any processing - * time while it is in the Blocked state. This is specified in kernel ticks, - * the macro pdMS_TO_TICKS( value_in_ms ) can be used to convert a time - * specified in milliseconds to a time specified in ticks. - * - * @return The task's notification count before it is either cleared to zero or - * decremented (see the xClearCountOnExit parameter). - * - * \defgroup ulTaskNotifyTakeIndexed ulTaskNotifyTakeIndexed - * \ingroup TaskNotifications - */ -uint32_t ulTaskGenericNotifyTake( UBaseType_t uxIndexToWaitOn, - BaseType_t xClearCountOnExit, - TickType_t xTicksToWait ) ; - - - - - -/** - * task. h - *
- * BaseType_t xTaskNotifyStateClearIndexed( TaskHandle_t xTask, UBaseType_t uxIndexToCLear );
- *
- * BaseType_t xTaskNotifyStateClear( TaskHandle_t xTask );
- * 
- * - * See https://www.FreeRTOS.org/RTOS-task-notifications.html for details. - * - * configUSE_TASK_NOTIFICATIONS must be undefined or defined as 1 for these - * functions to be available. - * - * Each task has a private array of "notification values" (or 'notifications'), - * each of which is a 32-bit unsigned integer (uint32_t). The constant - * configTASK_NOTIFICATION_ARRAY_ENTRIES sets the number of indexes in the - * array, and (for backward compatibility) defaults to 1 if left undefined. - * Prior to FreeRTOS V10.4.0 there was only one notification value per task. - * - * If a notification is sent to an index within the array of notifications then - * the notification at that index is said to be 'pending' until it is read or - * explicitly cleared by the receiving task. xTaskNotifyStateClearIndexed() - * is the function that clears a pending notification without reading the - * notification value. The notification value at the same array index is not - * altered. Set xTask to NULL to clear the notification state of the calling - * task. - * - * Backward compatibility information: - * Prior to FreeRTOS V10.4.0 each task had a single "notification value", and - * all task notification API functions operated on that value. Replacing the - * single notification value with an array of notification values necessitated a - * new set of API functions that could address specific notifications within the - * array. xTaskNotifyStateClear() is the original API function, and remains - * backward compatible by always operating on the notification value at index 0 - * within the array. Calling xTaskNotifyStateClear() is equivalent to calling - * xTaskNotifyStateClearIndexed() with the uxIndexToNotify parameter set to 0. - * - * @param xTask The handle of the RTOS task that will have a notification state - * cleared. Set xTask to NULL to clear a notification state in the calling - * task. To obtain a task's handle create the task using xTaskCreate() and - * make use of the pxCreatedTask parameter, or create the task using - * xTaskCreateStatic() and store the returned value, or use the task's name in - * a call to xTaskGetHandle(). - * - * @param uxIndexToClear The index within the target task's array of - * notification values to act upon. For example, setting uxIndexToClear to 1 - * will clear the state of the notification at index 1 within the array. - * uxIndexToClear must be less than configTASK_NOTIFICATION_ARRAY_ENTRIES. - * ulTaskNotifyStateClear() does not have this parameter and always acts on the - * notification at index 0. - * - * @return pdTRUE if the task's notification state was set to - * eNotWaitingNotification, otherwise pdFALSE. - * - * \defgroup xTaskNotifyStateClearIndexed xTaskNotifyStateClearIndexed - * \ingroup TaskNotifications - */ -BaseType_t xTaskGenericNotifyStateClear( TaskHandle_t xTask, - UBaseType_t uxIndexToClear ) ; - - - - - -/** - * task. h - *
- * uint32_t ulTaskNotifyValueClearIndexed( TaskHandle_t xTask, UBaseType_t uxIndexToClear, uint32_t ulBitsToClear );
- *
- * uint32_t ulTaskNotifyValueClear( TaskHandle_t xTask, uint32_t ulBitsToClear );
- * 
- * - * See https://www.FreeRTOS.org/RTOS-task-notifications.html for details. - * - * configUSE_TASK_NOTIFICATIONS must be undefined or defined as 1 for these - * functions to be available. - * - * Each task has a private array of "notification values" (or 'notifications'), - * each of which is a 32-bit unsigned integer (uint32_t). The constant - * configTASK_NOTIFICATION_ARRAY_ENTRIES sets the number of indexes in the - * array, and (for backward compatibility) defaults to 1 if left undefined. - * Prior to FreeRTOS V10.4.0 there was only one notification value per task. - * - * ulTaskNotifyValueClearIndexed() clears the bits specified by the - * ulBitsToClear bit mask in the notification value at array index uxIndexToClear - * of the task referenced by xTask. - * - * Backward compatibility information: - * Prior to FreeRTOS V10.4.0 each task had a single "notification value", and - * all task notification API functions operated on that value. Replacing the - * single notification value with an array of notification values necessitated a - * new set of API functions that could address specific notifications within the - * array. ulTaskNotifyValueClear() is the original API function, and remains - * backward compatible by always operating on the notification value at index 0 - * within the array. Calling ulTaskNotifyValueClear() is equivalent to calling - * ulTaskNotifyValueClearIndexed() with the uxIndexToClear parameter set to 0. - * - * @param xTask The handle of the RTOS task that will have bits in one of its - * notification values cleared. Set xTask to NULL to clear bits in a - * notification value of the calling task. To obtain a task's handle create the - * task using xTaskCreate() and make use of the pxCreatedTask parameter, or - * create the task using xTaskCreateStatic() and store the returned value, or - * use the task's name in a call to xTaskGetHandle(). - * - * @param uxIndexToClear The index within the target task's array of - * notification values in which to clear the bits. uxIndexToClear - * must be less than configTASK_NOTIFICATION_ARRAY_ENTRIES. - * ulTaskNotifyValueClear() does not have this parameter and always clears bits - * in the notification value at index 0. - * - * @param ulBitsToClear Bit mask of the bits to clear in the notification value of - * xTask. Set a bit to 1 to clear the corresponding bits in the task's notification - * value. Set ulBitsToClear to 0xffffffff (UINT_MAX on 32-bit architectures) to clear - * the notification value to 0. Set ulBitsToClear to 0 to query the task's - * notification value without clearing any bits. - * - * - * @return The value of the target task's notification value before the bits - * specified by ulBitsToClear were cleared. - * \defgroup ulTaskNotifyValueClear ulTaskNotifyValueClear - * \ingroup TaskNotifications - */ -uint32_t ulTaskGenericNotifyValueClear( TaskHandle_t xTask, - UBaseType_t uxIndexToClear, - uint32_t ulBitsToClear ) ; - - - - - -/** - * task.h - *
- * void vTaskSetTimeOutState( TimeOut_t * pxTimeOut );
- * 
- * - * Capture the current time for future use with xTaskCheckForTimeOut(). - * - * @param pxTimeOut Pointer to a timeout object into which the current time - * is to be captured. The captured time includes the tick count and the number - * of times the tick count has overflowed since the system first booted. - * \defgroup vTaskSetTimeOutState vTaskSetTimeOutState - * \ingroup TaskCtrl - */ -void vTaskSetTimeOutState( TimeOut_t * pxTimeOut ) ; - -/** - * task.h - *
- * BaseType_t xTaskCheckForTimeOut( TimeOut_t * pxTimeOut, TickType_t * pxTicksToWait );
- * 
- * - * Determines if pxTicksToWait ticks has passed since a time was captured - * using a call to vTaskSetTimeOutState(). The captured time includes the tick - * count and the number of times the tick count has overflowed. - * - * @param pxTimeOut The time status as captured previously using - * vTaskSetTimeOutState. If the timeout has not yet occurred, it is updated - * to reflect the current time status. - * @param pxTicksToWait The number of ticks to check for timeout i.e. if - * pxTicksToWait ticks have passed since pxTimeOut was last updated (either by - * vTaskSetTimeOutState() or xTaskCheckForTimeOut()), the timeout has occurred. - * If the timeout has not occurred, pxTicksToWait is updated to reflect the - * number of remaining ticks. - * - * @return If timeout has occurred, pdTRUE is returned. Otherwise pdFALSE is - * returned and pxTicksToWait is updated to reflect the number of remaining - * ticks. - * - * @see https://www.FreeRTOS.org/xTaskCheckForTimeOut.html - * - * Example Usage: - *
- *  // Driver library function used to receive uxWantedBytes from an Rx buffer
- *  // that is filled by a UART interrupt. If there are not enough bytes in the
- *  // Rx buffer then the task enters the Blocked state until it is notified that
- *  // more data has been placed into the buffer. If there is still not enough
- *  // data then the task re-enters the Blocked state, and xTaskCheckForTimeOut()
- *  // is used to re-calculate the Block time to ensure the total amount of time
- *  // spent in the Blocked state does not exceed MAX_TIME_TO_WAIT. This
- *  // continues until either the buffer contains at least uxWantedBytes bytes,
- *  // or the total amount of time spent in the Blocked state reaches
- *  // MAX_TIME_TO_WAIT – at which point the task reads however many bytes are
- *  // available up to a maximum of uxWantedBytes.
- *
- *  size_t xUART_Receive( uint8_t *pucBuffer, size_t uxWantedBytes )
- *  {
- *  size_t uxReceived = 0;
- *  TickType_t xTicksToWait = MAX_TIME_TO_WAIT;
- *  TimeOut_t xTimeOut;
- *
- *      // Initialize xTimeOut.  This records the time at which this function
- *      // was entered.
- *      vTaskSetTimeOutState( &xTimeOut );
- *
- *      // Loop until the buffer contains the wanted number of bytes, or a
- *      // timeout occurs.
- *      while( UART_bytes_in_rx_buffer( pxUARTInstance ) < uxWantedBytes )
- *      {
- *          // The buffer didn't contain enough data so this task is going to
- *          // enter the Blocked state. Adjusting xTicksToWait to account for
- *          // any time that has been spent in the Blocked state within this
- *          // function so far to ensure the total amount of time spent in the
- *          // Blocked state does not exceed MAX_TIME_TO_WAIT.
- *          if( xTaskCheckForTimeOut( &xTimeOut, &xTicksToWait ) != pdFALSE )
- *          {
- *              //Timed out before the wanted number of bytes were available,
- *              // exit the loop.
- *              break;
- *          }
- *
- *          // Wait for a maximum of xTicksToWait ticks to be notified that the
- *          // receive interrupt has placed more data into the buffer.
- *          ulTaskNotifyTake( pdTRUE, xTicksToWait );
- *      }
- *
- *      // Attempt to read uxWantedBytes from the receive buffer into pucBuffer.
- *      // The actual number of bytes read (which might be less than
- *      // uxWantedBytes) is returned.
- *      uxReceived = UART_read_from_receive_buffer( pxUARTInstance,
- *                                                  pucBuffer,
- *                                                  uxWantedBytes );
- *
- *      return uxReceived;
- *  }
- * 
- * \defgroup xTaskCheckForTimeOut xTaskCheckForTimeOut - * \ingroup TaskCtrl - */ -BaseType_t xTaskCheckForTimeOut( TimeOut_t * pxTimeOut, - TickType_t * pxTicksToWait ) ; - -/** - * task.h - *
- * BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp );
- * 
- * - * This function corrects the tick count value after the application code has held - * interrupts disabled for an extended period resulting in tick interrupts having - * been missed. - * - * This function is similar to vTaskStepTick(), however, unlike - * vTaskStepTick(), xTaskCatchUpTicks() may move the tick count forward past a - * time at which a task should be removed from the blocked state. That means - * tasks may have to be removed from the blocked state as the tick count is - * moved. - * - * @param xTicksToCatchUp The number of tick interrupts that have been missed due to - * interrupts being disabled. Its value is not computed automatically, so must be - * computed by the application writer. - * - * @return pdTRUE if moving the tick count forward resulted in a task leaving the - * blocked state and a context switch being performed. Otherwise pdFALSE. - * - * \defgroup xTaskCatchUpTicks xTaskCatchUpTicks - * \ingroup TaskCtrl - */ -BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp ) ; - - -/*----------------------------------------------------------- -* SCHEDULER INTERNALS AVAILABLE FOR PORTING PURPOSES -*----------------------------------------------------------*/ - -/* - * THIS FUNCTION MUST NOT BE USED FROM APPLICATION CODE. IT IS ONLY - * INTENDED FOR USE WHEN IMPLEMENTING A PORT OF THE SCHEDULER AND IS - * AN INTERFACE WHICH IS FOR THE EXCLUSIVE USE OF THE SCHEDULER. - * - * Called from the real time kernel tick (either preemptive or cooperative), - * this increments the tick count and checks if any tasks that are blocked - * for a finite period required removing from a blocked list and placing on - * a ready list. If a non-zero value is returned then a context switch is - * required because either: - * + A task was removed from a blocked list because its timeout had expired, - * or - * + Time slicing is in use and there is a task of equal priority to the - * currently running task. - */ -BaseType_t xTaskIncrementTick( void ) ; - -/* - * THIS FUNCTION MUST NOT BE USED FROM APPLICATION CODE. IT IS AN - * INTERFACE WHICH IS FOR THE EXCLUSIVE USE OF THE SCHEDULER. - * - * THIS FUNCTION MUST BE CALLED WITH INTERRUPTS DISABLED. - * - * Removes the calling task from the ready list and places it both - * on the list of tasks waiting for a particular event, and the - * list of delayed tasks. The task will be removed from both lists - * and replaced on the ready list should either the event occur (and - * there be no higher priority tasks waiting on the same event) or - * the delay period expires. - * - * The 'unordered' version replaces the event list item value with the - * xItemValue value, and inserts the list item at the end of the list. - * - * The 'ordered' version uses the existing event list item value (which is the - * owning task's priority) to insert the list item into the event list in task - * priority order. - * - * @param pxEventList The list containing tasks that are blocked waiting - * for the event to occur. - * - * @param xItemValue The item value to use for the event list item when the - * event list is not ordered by task priority. - * - * @param xTicksToWait The maximum amount of time that the task should wait - * for the event to occur. This is specified in kernel ticks, the constant - * portTICK_PERIOD_MS can be used to convert kernel ticks into a real time - * period. - */ -void vTaskPlaceOnEventList( List_t * pxEventList, - const TickType_t xTicksToWait ) ; -void vTaskPlaceOnUnorderedEventList( List_t * pxEventList, - const TickType_t xItemValue, - const TickType_t xTicksToWait ) ; - -/* - * THIS FUNCTION MUST NOT BE USED FROM APPLICATION CODE. IT IS AN - * INTERFACE WHICH IS FOR THE EXCLUSIVE USE OF THE SCHEDULER. - * - * THIS FUNCTION MUST BE CALLED WITH INTERRUPTS DISABLED. - * - * This function performs nearly the same function as vTaskPlaceOnEventList(). - * The difference being that this function does not permit tasks to block - * indefinitely, whereas vTaskPlaceOnEventList() does. - * - */ -void vTaskPlaceOnEventListRestricted( List_t * pxEventList, - TickType_t xTicksToWait, - const BaseType_t xWaitIndefinitely ) ; - -/* - * THIS FUNCTION MUST NOT BE USED FROM APPLICATION CODE. IT IS AN - * INTERFACE WHICH IS FOR THE EXCLUSIVE USE OF THE SCHEDULER. - * - * THIS FUNCTION MUST BE CALLED WITH INTERRUPTS DISABLED. - * - * Removes a task from both the specified event list and the list of blocked - * tasks, and places it on a ready queue. - * - * xTaskRemoveFromEventList()/vTaskRemoveFromUnorderedEventList() will be called - * if either an event occurs to unblock a task, or the block timeout period - * expires. - * - * xTaskRemoveFromEventList() is used when the event list is in task priority - * order. It removes the list item from the head of the event list as that will - * have the highest priority owning task of all the tasks on the event list. - * vTaskRemoveFromUnorderedEventList() is used when the event list is not - * ordered and the event list items hold something other than the owning tasks - * priority. In this case the event list item value is updated to the value - * passed in the xItemValue parameter. - * - * @return pdTRUE if the task being removed has a higher priority than the task - * making the call, otherwise pdFALSE. - */ -BaseType_t xTaskRemoveFromEventList( const List_t * pxEventList ) ; -void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem, - const TickType_t xItemValue ) ; - -/* - * THIS FUNCTION MUST NOT BE USED FROM APPLICATION CODE. IT IS ONLY - * INTENDED FOR USE WHEN IMPLEMENTING A PORT OF THE SCHEDULER AND IS - * AN INTERFACE WHICH IS FOR THE EXCLUSIVE USE OF THE SCHEDULER. - * - * Sets the pointer to the current TCB to the TCB of the highest priority task - * that is ready to run. - */ - void vTaskSwitchContext( BaseType_t xCoreID ) ; - -/* - * THESE FUNCTIONS MUST NOT BE USED FROM APPLICATION CODE. THEY ARE USED BY - * THE EVENT BITS MODULE. - */ -TickType_t uxTaskResetEventItemValue( void ) ; - -/* - * Return the handle of the calling task. - */ -TaskHandle_t xTaskGetCurrentTaskHandle( void ) ; - -/* - * Return the handle of the task running on specified core. - */ -TaskHandle_t xTaskGetCurrentTaskHandleCPU( UBaseType_t xCoreID ) ; - -/* - * Shortcut used by the queue implementation to prevent unnecessary call to - * taskYIELD(); - */ -void vTaskMissedYield( void ) ; - -/* - * Returns the scheduler state as taskSCHEDULER_RUNNING, - * taskSCHEDULER_NOT_STARTED or taskSCHEDULER_SUSPENDED. - */ -BaseType_t xTaskGetSchedulerState( void ) ; - -/* - * Raises the priority of the mutex holder to that of the calling task should - * the mutex holder have a priority less than the calling task. - */ -BaseType_t xTaskPriorityInherit( TaskHandle_t const pxMutexHolder ) ; - -/* - * Set the priority of a task back to its proper priority in the case that it - * inherited a higher priority while it was holding a semaphore. - */ -BaseType_t xTaskPriorityDisinherit( TaskHandle_t const pxMutexHolder ) ; - -/* - * If a higher priority task attempting to obtain a mutex caused a lower - * priority task to inherit the higher priority task's priority - but the higher - * priority task then timed out without obtaining the mutex, then the lower - * priority task will disinherit the priority again - but only down as far as - * the highest priority task that is still waiting for the mutex (if there were - * more than one task waiting for the mutex). - */ -void vTaskPriorityDisinheritAfterTimeout( TaskHandle_t const pxMutexHolder, - UBaseType_t uxHighestPriorityWaitingTask ) ; - -/* - * Get the uxTCBNumber assigned to the task referenced by the xTask parameter. - */ -UBaseType_t uxTaskGetTaskNumber( TaskHandle_t xTask ) ; - -/* - * Set the uxTaskNumber of the task referenced by the xTask parameter to - * uxHandle. - */ -void vTaskSetTaskNumber( TaskHandle_t xTask, - const UBaseType_t uxHandle ) ; - -/* - * Only available when configUSE_TICKLESS_IDLE is set to 1. - * If tickless mode is being used, or a low power mode is implemented, then - * the tick interrupt will not execute during idle periods. When this is the - * case, the tick count value maintained by the scheduler needs to be kept up - * to date with the actual execution time by being skipped forward by a time - * equal to the idle period. - */ -void vTaskStepTick( const TickType_t xTicksToJump ) ; - -/* - * Only available when configUSE_TICKLESS_IDLE is set to 1. - * Provided for use within portSUPPRESS_TICKS_AND_SLEEP() to allow the port - * specific sleep function to determine if it is ok to proceed with the sleep, - * and if it is ok to proceed, if it is ok to sleep indefinitely. - * - * This function is necessary because portSUPPRESS_TICKS_AND_SLEEP() is only - * called with the scheduler suspended, not from within a critical section. It - * is therefore possible for an interrupt to request a context switch between - * portSUPPRESS_TICKS_AND_SLEEP() and the low power mode actually being - * entered. eTaskConfirmSleepModeStatus() should be called from a short - * critical section between the timer being stopped and the sleep mode being - * entered to ensure it is ok to proceed into the sleep mode. - */ -eSleepModeStatus eTaskConfirmSleepModeStatus( void ) ; - -/* - * For internal use only. Increment the mutex held count when a mutex is - * taken and return the handle of the task that has taken the mutex. - */ -TaskHandle_t pvTaskIncrementMutexHeldCount( void ) ; - -/* - * For internal use only. Same as vTaskSetTimeOutState(), but without a critical - * section. - */ -void vTaskInternalSetTimeOutState( TimeOut_t * pxTimeOut ) ; - -/* - * For internal use only. Same as portYIELD_WITHIN_API() in single core FreeRTOS. - * For SMP this is not defined by the port. - */ -void vTaskYieldWithinAPI( void ); - -/* *INDENT-OFF* */ - - - -/* *INDENT-ON* */ -// # 55 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/timers.h" 1 -/* - * FreeRTOS SMP Kernel V202110.00 - * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. - * - * Permission is hereby granted, free of charge, to any person obtaining a copy of - * this software and associated documentation files (the "Software"), to deal in - * the Software without restriction, including without limitation the rights to - * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of - * the Software, and to permit persons to whom the Software is furnished to do so, - * subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS - * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR - * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER - * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - * - * https://www.FreeRTOS.org - * https://github.com/FreeRTOS - * - */ - - - - - - - - /* Reason for rewrite: - * VeriFast bug: - * Both `#ifdef INC_FREERTOS_H` and its negation `#ifdef INC_FREERTOS_H` - * evaluate to true. See minimal example `define_name`. - */ - - /* Remember that this header is included indirectly `tasks.c` after it - * includes `FreeRTOS.h`. - */ - // TODO: Remove this work-around once VF has been fixed. - - - - - - -/*lint -save -e537 This headers are only multiply included if the application code - * happens to also be including task.h. */ - -/*lint -restore */ - -/* *INDENT-OFF* */ - - - -/* *INDENT-ON* */ - -/*----------------------------------------------------------- -* MACROS AND DEFINITIONS -*----------------------------------------------------------*/ - -/* IDs for commands that can be sent/received on the timer queue. These are to - * be used solely through the macros that make up the public software timer API, - * as defined below. The commands that are sent from interrupts must use the - * highest numbers as tmrFIRST_FROM_ISR_COMMAND is used to determine if the task - * or interrupt version of the queue send function should be used. */ -// # 85 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/timers.h" -/** - * Type by which software timers are referenced. For example, a call to - * xTimerCreate() returns an TimerHandle_t variable that can then be used to - * reference the subject timer in calls to other software timer API functions - * (for example, xTimerStart(), xTimerReset(), etc.). - */ -struct tmrTimerControl; /* The old naming convention is used to prevent breaking kernel aware debuggers. */ -typedef struct tmrTimerControl * TimerHandle_t; - -/* - * Defines the prototype to which timer callback functions must conform. - */ -typedef void (* TimerCallbackFunction_t)( TimerHandle_t xTimer ); - -/* - * Defines the prototype to which functions used with the - * xTimerPendFunctionCallFromISR() function must conform. - */ -typedef void (* PendedFunction_t)( void *, - uint32_t ); - -/** - * TimerHandle_t xTimerCreate( const char * pcTimerName, - * TickType_t xTimerPeriodInTicks, - * UBaseType_t uxAutoReload, - * void * pvTimerID, - * TimerCallbackFunction_t pxCallbackFunction ); - * - * Creates a new software timer instance, and returns a handle by which the - * created software timer can be referenced. - * - * Internally, within the FreeRTOS implementation, software timers use a block - * of memory, in which the timer data structure is stored. If a software timer - * is created using xTimerCreate() then the required memory is automatically - * dynamically allocated inside the xTimerCreate() function. (see - * https://www.FreeRTOS.org/a00111.html). If a software timer is created using - * xTimerCreateStatic() then the application writer must provide the memory that - * will get used by the software timer. xTimerCreateStatic() therefore allows a - * software timer to be created without using any dynamic memory allocation. - * - * Timers are created in the dormant state. The xTimerStart(), xTimerReset(), - * xTimerStartFromISR(), xTimerResetFromISR(), xTimerChangePeriod() and - * xTimerChangePeriodFromISR() API functions can all be used to transition a - * timer into the active state. - * - * @param pcTimerName A text name that is assigned to the timer. This is done - * purely to assist debugging. The kernel itself only ever references a timer - * by its handle, and never by its name. - * - * @param xTimerPeriodInTicks The timer period. The time is defined in tick - * periods so the constant portTICK_PERIOD_MS can be used to convert a time that - * has been specified in milliseconds. For example, if the timer must expire - * after 100 ticks, then xTimerPeriodInTicks should be set to 100. - * Alternatively, if the timer must expire after 500ms, then xPeriod can be set - * to ( 500 / portTICK_PERIOD_MS ) provided configTICK_RATE_HZ is less than or - * equal to 1000. Time timer period must be greater than 0. - * - * @param uxAutoReload If uxAutoReload is set to pdTRUE then the timer will - * expire repeatedly with a frequency set by the xTimerPeriodInTicks parameter. - * If uxAutoReload is set to pdFALSE then the timer will be a one-shot timer and - * enter the dormant state after it expires. - * - * @param pvTimerID An identifier that is assigned to the timer being created. - * Typically this would be used in the timer callback function to identify which - * timer expired when the same callback function is assigned to more than one - * timer. - * - * @param pxCallbackFunction The function to call when the timer expires. - * Callback functions must have the prototype defined by TimerCallbackFunction_t, - * which is "void vCallbackFunction( TimerHandle_t xTimer );". - * - * @return If the timer is successfully created then a handle to the newly - * created timer is returned. If the timer cannot be created because there is - * insufficient FreeRTOS heap remaining to allocate the timer - * structures then NULL is returned. - * - * Example usage: - * @verbatim - * #define NUM_TIMERS 5 - * - * // An array to hold handles to the created timers. - * TimerHandle_t xTimers[ NUM_TIMERS ]; - * - * // An array to hold a count of the number of times each timer expires. - * int32_t lExpireCounters[ NUM_TIMERS ] = { 0 }; - * - * // Define a callback function that will be used by multiple timer instances. - * // The callback function does nothing but count the number of times the - * // associated timer expires, and stop the timer once the timer has expired - * // 10 times. - * void vTimerCallback( TimerHandle_t pxTimer ) - * { - * int32_t lArrayIndex; - * int32_t xMaxExpiryCountBeforeStopping = 10; - * - * // Optionally do something if the pxTimer parameter is NULL. - * configASSERT( pxTimer ); - * - * // Which timer expired? - * lArrayIndex = ( int32_t ) pvTimerGetTimerID( pxTimer ); - * - * // Increment the number of times that pxTimer has expired. - * lExpireCounters[ lArrayIndex ] += 1; - * - * // If the timer has expired 10 times then stop it from running. - * if( lExpireCounters[ lArrayIndex ] == xMaxExpiryCountBeforeStopping ) - * { - * // Do not use a block time if calling a timer API function from a - * // timer callback function, as doing so could cause a deadlock! - * xTimerStop( pxTimer, 0 ); - * } - * } - * - * void main( void ) - * { - * int32_t x; - * - * // Create then start some timers. Starting the timers before the scheduler - * // has been started means the timers will start running immediately that - * // the scheduler starts. - * for( x = 0; x < NUM_TIMERS; x++ ) - * { - * xTimers[ x ] = xTimerCreate( "Timer", // Just a text name, not used by the kernel. - * ( 100 * x ), // The timer period in ticks. - * pdTRUE, // The timers will auto-reload themselves when they expire. - * ( void * ) x, // Assign each timer a unique id equal to its array index. - * vTimerCallback // Each timer calls the same callback when it expires. - * ); - * - * if( xTimers[ x ] == NULL ) - * { - * // The timer was not created. - * } - * else - * { - * // Start the timer. No block time is specified, and even if one was - * // it would be ignored because the scheduler has not yet been - * // started. - * if( xTimerStart( xTimers[ x ], 0 ) != pdPASS ) - * { - * // The timer could not be set into the Active state. - * } - * } - * } - * - * // ... - * // Create tasks here. - * // ... - * - * // Starting the scheduler will start the timers running as they have already - * // been set into the active state. - * vTaskStartScheduler(); - * - * // Should not reach here. - * for( ;; ); - * } - * @endverbatim - */ - - TimerHandle_t xTimerCreate( const char * pcTimerName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ - const TickType_t xTimerPeriodInTicks, - const UBaseType_t uxAutoReload, - void * pvTimerID, - TimerCallbackFunction_t pxCallbackFunction ) ; - - -/** - * TimerHandle_t xTimerCreateStatic(const char * pcTimerName, - * TickType_t xTimerPeriodInTicks, - * UBaseType_t uxAutoReload, - * void * pvTimerID, - * TimerCallbackFunction_t pxCallbackFunction, - * StaticTimer_t *pxTimerBuffer ); - * - * Creates a new software timer instance, and returns a handle by which the - * created software timer can be referenced. - * - * Internally, within the FreeRTOS implementation, software timers use a block - * of memory, in which the timer data structure is stored. If a software timer - * is created using xTimerCreate() then the required memory is automatically - * dynamically allocated inside the xTimerCreate() function. (see - * https://www.FreeRTOS.org/a00111.html). If a software timer is created using - * xTimerCreateStatic() then the application writer must provide the memory that - * will get used by the software timer. xTimerCreateStatic() therefore allows a - * software timer to be created without using any dynamic memory allocation. - * - * Timers are created in the dormant state. The xTimerStart(), xTimerReset(), - * xTimerStartFromISR(), xTimerResetFromISR(), xTimerChangePeriod() and - * xTimerChangePeriodFromISR() API functions can all be used to transition a - * timer into the active state. - * - * @param pcTimerName A text name that is assigned to the timer. This is done - * purely to assist debugging. The kernel itself only ever references a timer - * by its handle, and never by its name. - * - * @param xTimerPeriodInTicks The timer period. The time is defined in tick - * periods so the constant portTICK_PERIOD_MS can be used to convert a time that - * has been specified in milliseconds. For example, if the timer must expire - * after 100 ticks, then xTimerPeriodInTicks should be set to 100. - * Alternatively, if the timer must expire after 500ms, then xPeriod can be set - * to ( 500 / portTICK_PERIOD_MS ) provided configTICK_RATE_HZ is less than or - * equal to 1000. The timer period must be greater than 0. - * - * @param uxAutoReload If uxAutoReload is set to pdTRUE then the timer will - * expire repeatedly with a frequency set by the xTimerPeriodInTicks parameter. - * If uxAutoReload is set to pdFALSE then the timer will be a one-shot timer and - * enter the dormant state after it expires. - * - * @param pvTimerID An identifier that is assigned to the timer being created. - * Typically this would be used in the timer callback function to identify which - * timer expired when the same callback function is assigned to more than one - * timer. - * - * @param pxCallbackFunction The function to call when the timer expires. - * Callback functions must have the prototype defined by TimerCallbackFunction_t, - * which is "void vCallbackFunction( TimerHandle_t xTimer );". - * - * @param pxTimerBuffer Must point to a variable of type StaticTimer_t, which - * will be then be used to hold the software timer's data structures, removing - * the need for the memory to be allocated dynamically. - * - * @return If the timer is created then a handle to the created timer is - * returned. If pxTimerBuffer was NULL then NULL is returned. - * - * Example usage: - * @verbatim - * - * // The buffer used to hold the software timer's data structure. - * static StaticTimer_t xTimerBuffer; - * - * // A variable that will be incremented by the software timer's callback - * // function. - * UBaseType_t uxVariableToIncrement = 0; - * - * // A software timer callback function that increments a variable passed to - * // it when the software timer was created. After the 5th increment the - * // callback function stops the software timer. - * static void prvTimerCallback( TimerHandle_t xExpiredTimer ) - * { - * UBaseType_t *puxVariableToIncrement; - * BaseType_t xReturned; - * - * // Obtain the address of the variable to increment from the timer ID. - * puxVariableToIncrement = ( UBaseType_t * ) pvTimerGetTimerID( xExpiredTimer ); - * - * // Increment the variable to show the timer callback has executed. - * ( *puxVariableToIncrement )++; - * - * // If this callback has executed the required number of times, stop the - * // timer. - * if( *puxVariableToIncrement == 5 ) - * { - * // This is called from a timer callback so must not block. - * xTimerStop( xExpiredTimer, staticDONT_BLOCK ); - * } - * } - * - * - * void main( void ) - * { - * // Create the software time. xTimerCreateStatic() has an extra parameter - * // than the normal xTimerCreate() API function. The parameter is a pointer - * // to the StaticTimer_t structure that will hold the software timer - * // structure. If the parameter is passed as NULL then the structure will be - * // allocated dynamically, just as if xTimerCreate() had been called. - * xTimer = xTimerCreateStatic( "T1", // Text name for the task. Helps debugging only. Not used by FreeRTOS. - * xTimerPeriod, // The period of the timer in ticks. - * pdTRUE, // This is an auto-reload timer. - * ( void * ) &uxVariableToIncrement, // A variable incremented by the software timer's callback function - * prvTimerCallback, // The function to execute when the timer expires. - * &xTimerBuffer ); // The buffer that will hold the software timer structure. - * - * // The scheduler has not started yet so a block time is not used. - * xReturned = xTimerStart( xTimer, 0 ); - * - * // ... - * // Create tasks here. - * // ... - * - * // Starting the scheduler will start the timers running as they have already - * // been set into the active state. - * vTaskStartScheduler(); - * - * // Should not reach here. - * for( ;; ); - * } - * @endverbatim - */ -// # 382 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/timers.h" -/** - * void *pvTimerGetTimerID( TimerHandle_t xTimer ); - * - * Returns the ID assigned to the timer. - * - * IDs are assigned to timers using the pvTimerID parameter of the call to - * xTimerCreated() that was used to create the timer, and by calling the - * vTimerSetTimerID() API function. - * - * If the same callback function is assigned to multiple timers then the timer - * ID can be used as time specific (timer local) storage. - * - * @param xTimer The timer being queried. - * - * @return The ID assigned to the timer being queried. - * - * Example usage: - * - * See the xTimerCreate() API function example usage scenario. - */ -void * pvTimerGetTimerID( const TimerHandle_t xTimer ) ; - -/** - * void vTimerSetTimerID( TimerHandle_t xTimer, void *pvNewID ); - * - * Sets the ID assigned to the timer. - * - * IDs are assigned to timers using the pvTimerID parameter of the call to - * xTimerCreated() that was used to create the timer. - * - * If the same callback function is assigned to multiple timers then the timer - * ID can be used as time specific (timer local) storage. - * - * @param xTimer The timer being updated. - * - * @param pvNewID The ID to assign to the timer. - * - * Example usage: - * - * See the xTimerCreate() API function example usage scenario. - */ -void vTimerSetTimerID( TimerHandle_t xTimer, - void * pvNewID ) ; - -/** - * BaseType_t xTimerIsTimerActive( TimerHandle_t xTimer ); - * - * Queries a timer to see if it is active or dormant. - * - * A timer will be dormant if: - * 1) It has been created but not started, or - * 2) It is an expired one-shot timer that has not been restarted. - * - * Timers are created in the dormant state. The xTimerStart(), xTimerReset(), - * xTimerStartFromISR(), xTimerResetFromISR(), xTimerChangePeriod() and - * xTimerChangePeriodFromISR() API functions can all be used to transition a timer into the - * active state. - * - * @param xTimer The timer being queried. - * - * @return pdFALSE will be returned if the timer is dormant. A value other than - * pdFALSE will be returned if the timer is active. - * - * Example usage: - * @verbatim - * // This function assumes xTimer has already been created. - * void vAFunction( TimerHandle_t xTimer ) - * { - * if( xTimerIsTimerActive( xTimer ) != pdFALSE ) // or more simply and equivalently "if( xTimerIsTimerActive( xTimer ) )" - * { - * // xTimer is active, do something. - * } - * else - * { - * // xTimer is not active, do something else. - * } - * } - * @endverbatim - */ -BaseType_t xTimerIsTimerActive( TimerHandle_t xTimer ) ; - -/** - * TaskHandle_t xTimerGetTimerDaemonTaskHandle( void ); - * - * Simply returns the handle of the timer service/daemon task. It it not valid - * to call xTimerGetTimerDaemonTaskHandle() before the scheduler has been started. - */ -TaskHandle_t xTimerGetTimerDaemonTaskHandle( void ) ; - -/** - * BaseType_t xTimerStart( TimerHandle_t xTimer, TickType_t xTicksToWait ); - * - * Timer functionality is provided by a timer service/daemon task. Many of the - * public FreeRTOS timer API functions send commands to the timer service task - * through a queue called the timer command queue. The timer command queue is - * private to the kernel itself and is not directly accessible to application - * code. The length of the timer command queue is set by the - * configTIMER_QUEUE_LENGTH configuration constant. - * - * xTimerStart() starts a timer that was previously created using the - * xTimerCreate() API function. If the timer had already been started and was - * already in the active state, then xTimerStart() has equivalent functionality - * to the xTimerReset() API function. - * - * Starting a timer ensures the timer is in the active state. If the timer - * is not stopped, deleted, or reset in the mean time, the callback function - * associated with the timer will get called 'n' ticks after xTimerStart() was - * called, where 'n' is the timers defined period. - * - * It is valid to call xTimerStart() before the scheduler has been started, but - * when this is done the timer will not actually start until the scheduler is - * started, and the timers expiry time will be relative to when the scheduler is - * started, not relative to when xTimerStart() was called. - * - * The configUSE_TIMERS configuration constant must be set to 1 for xTimerStart() - * to be available. - * - * @param xTimer The handle of the timer being started/restarted. - * - * @param xTicksToWait Specifies the time, in ticks, that the calling task should - * be held in the Blocked state to wait for the start command to be successfully - * sent to the timer command queue, should the queue already be full when - * xTimerStart() was called. xTicksToWait is ignored if xTimerStart() is called - * before the scheduler is started. - * - * @return pdFAIL will be returned if the start command could not be sent to - * the timer command queue even after xTicksToWait ticks had passed. pdPASS will - * be returned if the command was successfully sent to the timer command queue. - * When the command is actually processed will depend on the priority of the - * timer service/daemon task relative to other tasks in the system, although the - * timers expiry time is relative to when xTimerStart() is actually called. The - * timer service/daemon task priority is set by the configTIMER_TASK_PRIORITY - * configuration constant. - * - * Example usage: - * - * See the xTimerCreate() API function example usage scenario. - * - */ - - - -/** - * BaseType_t xTimerStop( TimerHandle_t xTimer, TickType_t xTicksToWait ); - * - * Timer functionality is provided by a timer service/daemon task. Many of the - * public FreeRTOS timer API functions send commands to the timer service task - * through a queue called the timer command queue. The timer command queue is - * private to the kernel itself and is not directly accessible to application - * code. The length of the timer command queue is set by the - * configTIMER_QUEUE_LENGTH configuration constant. - * - * xTimerStop() stops a timer that was previously started using either of the - * The xTimerStart(), xTimerReset(), xTimerStartFromISR(), xTimerResetFromISR(), - * xTimerChangePeriod() or xTimerChangePeriodFromISR() API functions. - * - * Stopping a timer ensures the timer is not in the active state. - * - * The configUSE_TIMERS configuration constant must be set to 1 for xTimerStop() - * to be available. - * - * @param xTimer The handle of the timer being stopped. - * - * @param xTicksToWait Specifies the time, in ticks, that the calling task should - * be held in the Blocked state to wait for the stop command to be successfully - * sent to the timer command queue, should the queue already be full when - * xTimerStop() was called. xTicksToWait is ignored if xTimerStop() is called - * before the scheduler is started. - * - * @return pdFAIL will be returned if the stop command could not be sent to - * the timer command queue even after xTicksToWait ticks had passed. pdPASS will - * be returned if the command was successfully sent to the timer command queue. - * When the command is actually processed will depend on the priority of the - * timer service/daemon task relative to other tasks in the system. The timer - * service/daemon task priority is set by the configTIMER_TASK_PRIORITY - * configuration constant. - * - * Example usage: - * - * See the xTimerCreate() API function example usage scenario. - * - */ - - - -/** - * BaseType_t xTimerChangePeriod( TimerHandle_t xTimer, - * TickType_t xNewPeriod, - * TickType_t xTicksToWait ); - * - * Timer functionality is provided by a timer service/daemon task. Many of the - * public FreeRTOS timer API functions send commands to the timer service task - * through a queue called the timer command queue. The timer command queue is - * private to the kernel itself and is not directly accessible to application - * code. The length of the timer command queue is set by the - * configTIMER_QUEUE_LENGTH configuration constant. - * - * xTimerChangePeriod() changes the period of a timer that was previously - * created using the xTimerCreate() API function. - * - * xTimerChangePeriod() can be called to change the period of an active or - * dormant state timer. - * - * The configUSE_TIMERS configuration constant must be set to 1 for - * xTimerChangePeriod() to be available. - * - * @param xTimer The handle of the timer that is having its period changed. - * - * @param xNewPeriod The new period for xTimer. Timer periods are specified in - * tick periods, so the constant portTICK_PERIOD_MS can be used to convert a time - * that has been specified in milliseconds. For example, if the timer must - * expire after 100 ticks, then xNewPeriod should be set to 100. Alternatively, - * if the timer must expire after 500ms, then xNewPeriod can be set to - * ( 500 / portTICK_PERIOD_MS ) provided configTICK_RATE_HZ is less than - * or equal to 1000. - * - * @param xTicksToWait Specifies the time, in ticks, that the calling task should - * be held in the Blocked state to wait for the change period command to be - * successfully sent to the timer command queue, should the queue already be - * full when xTimerChangePeriod() was called. xTicksToWait is ignored if - * xTimerChangePeriod() is called before the scheduler is started. - * - * @return pdFAIL will be returned if the change period command could not be - * sent to the timer command queue even after xTicksToWait ticks had passed. - * pdPASS will be returned if the command was successfully sent to the timer - * command queue. When the command is actually processed will depend on the - * priority of the timer service/daemon task relative to other tasks in the - * system. The timer service/daemon task priority is set by the - * configTIMER_TASK_PRIORITY configuration constant. - * - * Example usage: - * @verbatim - * // This function assumes xTimer has already been created. If the timer - * // referenced by xTimer is already active when it is called, then the timer - * // is deleted. If the timer referenced by xTimer is not active when it is - * // called, then the period of the timer is set to 500ms and the timer is - * // started. - * void vAFunction( TimerHandle_t xTimer ) - * { - * if( xTimerIsTimerActive( xTimer ) != pdFALSE ) // or more simply and equivalently "if( xTimerIsTimerActive( xTimer ) )" - * { - * // xTimer is already active - delete it. - * xTimerDelete( xTimer ); - * } - * else - * { - * // xTimer is not active, change its period to 500ms. This will also - * // cause the timer to start. Block for a maximum of 100 ticks if the - * // change period command cannot immediately be sent to the timer - * // command queue. - * if( xTimerChangePeriod( xTimer, 500 / portTICK_PERIOD_MS, 100 ) == pdPASS ) - * { - * // The command was successfully sent. - * } - * else - * { - * // The command could not be sent, even after waiting for 100 ticks - * // to pass. Take appropriate action here. - * } - * } - * } - * @endverbatim - */ - - - -/** - * BaseType_t xTimerDelete( TimerHandle_t xTimer, TickType_t xTicksToWait ); - * - * Timer functionality is provided by a timer service/daemon task. Many of the - * public FreeRTOS timer API functions send commands to the timer service task - * through a queue called the timer command queue. The timer command queue is - * private to the kernel itself and is not directly accessible to application - * code. The length of the timer command queue is set by the - * configTIMER_QUEUE_LENGTH configuration constant. - * - * xTimerDelete() deletes a timer that was previously created using the - * xTimerCreate() API function. - * - * The configUSE_TIMERS configuration constant must be set to 1 for - * xTimerDelete() to be available. - * - * @param xTimer The handle of the timer being deleted. - * - * @param xTicksToWait Specifies the time, in ticks, that the calling task should - * be held in the Blocked state to wait for the delete command to be - * successfully sent to the timer command queue, should the queue already be - * full when xTimerDelete() was called. xTicksToWait is ignored if xTimerDelete() - * is called before the scheduler is started. - * - * @return pdFAIL will be returned if the delete command could not be sent to - * the timer command queue even after xTicksToWait ticks had passed. pdPASS will - * be returned if the command was successfully sent to the timer command queue. - * When the command is actually processed will depend on the priority of the - * timer service/daemon task relative to other tasks in the system. The timer - * service/daemon task priority is set by the configTIMER_TASK_PRIORITY - * configuration constant. - * - * Example usage: - * - * See the xTimerChangePeriod() API function example usage scenario. - */ - - - -/** - * BaseType_t xTimerReset( TimerHandle_t xTimer, TickType_t xTicksToWait ); - * - * Timer functionality is provided by a timer service/daemon task. Many of the - * public FreeRTOS timer API functions send commands to the timer service task - * through a queue called the timer command queue. The timer command queue is - * private to the kernel itself and is not directly accessible to application - * code. The length of the timer command queue is set by the - * configTIMER_QUEUE_LENGTH configuration constant. - * - * xTimerReset() re-starts a timer that was previously created using the - * xTimerCreate() API function. If the timer had already been started and was - * already in the active state, then xTimerReset() will cause the timer to - * re-evaluate its expiry time so that it is relative to when xTimerReset() was - * called. If the timer was in the dormant state then xTimerReset() has - * equivalent functionality to the xTimerStart() API function. - * - * Resetting a timer ensures the timer is in the active state. If the timer - * is not stopped, deleted, or reset in the mean time, the callback function - * associated with the timer will get called 'n' ticks after xTimerReset() was - * called, where 'n' is the timers defined period. - * - * It is valid to call xTimerReset() before the scheduler has been started, but - * when this is done the timer will not actually start until the scheduler is - * started, and the timers expiry time will be relative to when the scheduler is - * started, not relative to when xTimerReset() was called. - * - * The configUSE_TIMERS configuration constant must be set to 1 for xTimerReset() - * to be available. - * - * @param xTimer The handle of the timer being reset/started/restarted. - * - * @param xTicksToWait Specifies the time, in ticks, that the calling task should - * be held in the Blocked state to wait for the reset command to be successfully - * sent to the timer command queue, should the queue already be full when - * xTimerReset() was called. xTicksToWait is ignored if xTimerReset() is called - * before the scheduler is started. - * - * @return pdFAIL will be returned if the reset command could not be sent to - * the timer command queue even after xTicksToWait ticks had passed. pdPASS will - * be returned if the command was successfully sent to the timer command queue. - * When the command is actually processed will depend on the priority of the - * timer service/daemon task relative to other tasks in the system, although the - * timers expiry time is relative to when xTimerStart() is actually called. The - * timer service/daemon task priority is set by the configTIMER_TASK_PRIORITY - * configuration constant. - * - * Example usage: - * @verbatim - * // When a key is pressed, an LCD back-light is switched on. If 5 seconds pass - * // without a key being pressed, then the LCD back-light is switched off. In - * // this case, the timer is a one-shot timer. - * - * TimerHandle_t xBacklightTimer = NULL; - * - * // The callback function assigned to the one-shot timer. In this case the - * // parameter is not used. - * void vBacklightTimerCallback( TimerHandle_t pxTimer ) - * { - * // The timer expired, therefore 5 seconds must have passed since a key - * // was pressed. Switch off the LCD back-light. - * vSetBacklightState( BACKLIGHT_OFF ); - * } - * - * // The key press event handler. - * void vKeyPressEventHandler( char cKey ) - * { - * // Ensure the LCD back-light is on, then reset the timer that is - * // responsible for turning the back-light off after 5 seconds of - * // key inactivity. Wait 10 ticks for the command to be successfully sent - * // if it cannot be sent immediately. - * vSetBacklightState( BACKLIGHT_ON ); - * if( xTimerReset( xBacklightTimer, 100 ) != pdPASS ) - * { - * // The reset command was not executed successfully. Take appropriate - * // action here. - * } - * - * // Perform the rest of the key processing here. - * } - * - * void main( void ) - * { - * int32_t x; - * - * // Create then start the one-shot timer that is responsible for turning - * // the back-light off if no keys are pressed within a 5 second period. - * xBacklightTimer = xTimerCreate( "BacklightTimer", // Just a text name, not used by the kernel. - * ( 5000 / portTICK_PERIOD_MS), // The timer period in ticks. - * pdFALSE, // The timer is a one-shot timer. - * 0, // The id is not used by the callback so can take any value. - * vBacklightTimerCallback // The callback function that switches the LCD back-light off. - * ); - * - * if( xBacklightTimer == NULL ) - * { - * // The timer was not created. - * } - * else - * { - * // Start the timer. No block time is specified, and even if one was - * // it would be ignored because the scheduler has not yet been - * // started. - * if( xTimerStart( xBacklightTimer, 0 ) != pdPASS ) - * { - * // The timer could not be set into the Active state. - * } - * } - * - * // ... - * // Create tasks here. - * // ... - * - * // Starting the scheduler will start the timer running as it has already - * // been set into the active state. - * vTaskStartScheduler(); - * - * // Should not reach here. - * for( ;; ); - * } - * @endverbatim - */ - - - -/** - * BaseType_t xTimerStartFromISR( TimerHandle_t xTimer, - * BaseType_t *pxHigherPriorityTaskWoken ); - * - * A version of xTimerStart() that can be called from an interrupt service - * routine. - * - * @param xTimer The handle of the timer being started/restarted. - * - * @param pxHigherPriorityTaskWoken The timer service/daemon task spends most - * of its time in the Blocked state, waiting for messages to arrive on the timer - * command queue. Calling xTimerStartFromISR() writes a message to the timer - * command queue, so has the potential to transition the timer service/daemon - * task out of the Blocked state. If calling xTimerStartFromISR() causes the - * timer service/daemon task to leave the Blocked state, and the timer service/ - * daemon task has a priority equal to or greater than the currently executing - * task (the task that was interrupted), then *pxHigherPriorityTaskWoken will - * get set to pdTRUE internally within the xTimerStartFromISR() function. If - * xTimerStartFromISR() sets this value to pdTRUE then a context switch should - * be performed before the interrupt exits. - * - * @return pdFAIL will be returned if the start command could not be sent to - * the timer command queue. pdPASS will be returned if the command was - * successfully sent to the timer command queue. When the command is actually - * processed will depend on the priority of the timer service/daemon task - * relative to other tasks in the system, although the timers expiry time is - * relative to when xTimerStartFromISR() is actually called. The timer - * service/daemon task priority is set by the configTIMER_TASK_PRIORITY - * configuration constant. - * - * Example usage: - * @verbatim - * // This scenario assumes xBacklightTimer has already been created. When a - * // key is pressed, an LCD back-light is switched on. If 5 seconds pass - * // without a key being pressed, then the LCD back-light is switched off. In - * // this case, the timer is a one-shot timer, and unlike the example given for - * // the xTimerReset() function, the key press event handler is an interrupt - * // service routine. - * - * // The callback function assigned to the one-shot timer. In this case the - * // parameter is not used. - * void vBacklightTimerCallback( TimerHandle_t pxTimer ) - * { - * // The timer expired, therefore 5 seconds must have passed since a key - * // was pressed. Switch off the LCD back-light. - * vSetBacklightState( BACKLIGHT_OFF ); - * } - * - * // The key press interrupt service routine. - * void vKeyPressEventInterruptHandler( void ) - * { - * BaseType_t xHigherPriorityTaskWoken = pdFALSE; - * - * // Ensure the LCD back-light is on, then restart the timer that is - * // responsible for turning the back-light off after 5 seconds of - * // key inactivity. This is an interrupt service routine so can only - * // call FreeRTOS API functions that end in "FromISR". - * vSetBacklightState( BACKLIGHT_ON ); - * - * // xTimerStartFromISR() or xTimerResetFromISR() could be called here - * // as both cause the timer to re-calculate its expiry time. - * // xHigherPriorityTaskWoken was initialised to pdFALSE when it was - * // declared (in this function). - * if( xTimerStartFromISR( xBacklightTimer, &xHigherPriorityTaskWoken ) != pdPASS ) - * { - * // The start command was not executed successfully. Take appropriate - * // action here. - * } - * - * // Perform the rest of the key processing here. - * - * // If xHigherPriorityTaskWoken equals pdTRUE, then a context switch - * // should be performed. The syntax required to perform a context switch - * // from inside an ISR varies from port to port, and from compiler to - * // compiler. Inspect the demos for the port you are using to find the - * // actual syntax required. - * if( xHigherPriorityTaskWoken != pdFALSE ) - * { - * // Call the interrupt safe yield function here (actual function - * // depends on the FreeRTOS port being used). - * } - * } - * @endverbatim - */ - - - -/** - * BaseType_t xTimerStopFromISR( TimerHandle_t xTimer, - * BaseType_t *pxHigherPriorityTaskWoken ); - * - * A version of xTimerStop() that can be called from an interrupt service - * routine. - * - * @param xTimer The handle of the timer being stopped. - * - * @param pxHigherPriorityTaskWoken The timer service/daemon task spends most - * of its time in the Blocked state, waiting for messages to arrive on the timer - * command queue. Calling xTimerStopFromISR() writes a message to the timer - * command queue, so has the potential to transition the timer service/daemon - * task out of the Blocked state. If calling xTimerStopFromISR() causes the - * timer service/daemon task to leave the Blocked state, and the timer service/ - * daemon task has a priority equal to or greater than the currently executing - * task (the task that was interrupted), then *pxHigherPriorityTaskWoken will - * get set to pdTRUE internally within the xTimerStopFromISR() function. If - * xTimerStopFromISR() sets this value to pdTRUE then a context switch should - * be performed before the interrupt exits. - * - * @return pdFAIL will be returned if the stop command could not be sent to - * the timer command queue. pdPASS will be returned if the command was - * successfully sent to the timer command queue. When the command is actually - * processed will depend on the priority of the timer service/daemon task - * relative to other tasks in the system. The timer service/daemon task - * priority is set by the configTIMER_TASK_PRIORITY configuration constant. - * - * Example usage: - * @verbatim - * // This scenario assumes xTimer has already been created and started. When - * // an interrupt occurs, the timer should be simply stopped. - * - * // The interrupt service routine that stops the timer. - * void vAnExampleInterruptServiceRoutine( void ) - * { - * BaseType_t xHigherPriorityTaskWoken = pdFALSE; - * - * // The interrupt has occurred - simply stop the timer. - * // xHigherPriorityTaskWoken was set to pdFALSE where it was defined - * // (within this function). As this is an interrupt service routine, only - * // FreeRTOS API functions that end in "FromISR" can be used. - * if( xTimerStopFromISR( xTimer, &xHigherPriorityTaskWoken ) != pdPASS ) - * { - * // The stop command was not executed successfully. Take appropriate - * // action here. - * } - * - * // If xHigherPriorityTaskWoken equals pdTRUE, then a context switch - * // should be performed. The syntax required to perform a context switch - * // from inside an ISR varies from port to port, and from compiler to - * // compiler. Inspect the demos for the port you are using to find the - * // actual syntax required. - * if( xHigherPriorityTaskWoken != pdFALSE ) - * { - * // Call the interrupt safe yield function here (actual function - * // depends on the FreeRTOS port being used). - * } - * } - * @endverbatim - */ - - - -/** - * BaseType_t xTimerChangePeriodFromISR( TimerHandle_t xTimer, - * TickType_t xNewPeriod, - * BaseType_t *pxHigherPriorityTaskWoken ); - * - * A version of xTimerChangePeriod() that can be called from an interrupt - * service routine. - * - * @param xTimer The handle of the timer that is having its period changed. - * - * @param xNewPeriod The new period for xTimer. Timer periods are specified in - * tick periods, so the constant portTICK_PERIOD_MS can be used to convert a time - * that has been specified in milliseconds. For example, if the timer must - * expire after 100 ticks, then xNewPeriod should be set to 100. Alternatively, - * if the timer must expire after 500ms, then xNewPeriod can be set to - * ( 500 / portTICK_PERIOD_MS ) provided configTICK_RATE_HZ is less than - * or equal to 1000. - * - * @param pxHigherPriorityTaskWoken The timer service/daemon task spends most - * of its time in the Blocked state, waiting for messages to arrive on the timer - * command queue. Calling xTimerChangePeriodFromISR() writes a message to the - * timer command queue, so has the potential to transition the timer service/ - * daemon task out of the Blocked state. If calling xTimerChangePeriodFromISR() - * causes the timer service/daemon task to leave the Blocked state, and the - * timer service/daemon task has a priority equal to or greater than the - * currently executing task (the task that was interrupted), then - * *pxHigherPriorityTaskWoken will get set to pdTRUE internally within the - * xTimerChangePeriodFromISR() function. If xTimerChangePeriodFromISR() sets - * this value to pdTRUE then a context switch should be performed before the - * interrupt exits. - * - * @return pdFAIL will be returned if the command to change the timers period - * could not be sent to the timer command queue. pdPASS will be returned if the - * command was successfully sent to the timer command queue. When the command - * is actually processed will depend on the priority of the timer service/daemon - * task relative to other tasks in the system. The timer service/daemon task - * priority is set by the configTIMER_TASK_PRIORITY configuration constant. - * - * Example usage: - * @verbatim - * // This scenario assumes xTimer has already been created and started. When - * // an interrupt occurs, the period of xTimer should be changed to 500ms. - * - * // The interrupt service routine that changes the period of xTimer. - * void vAnExampleInterruptServiceRoutine( void ) - * { - * BaseType_t xHigherPriorityTaskWoken = pdFALSE; - * - * // The interrupt has occurred - change the period of xTimer to 500ms. - * // xHigherPriorityTaskWoken was set to pdFALSE where it was defined - * // (within this function). As this is an interrupt service routine, only - * // FreeRTOS API functions that end in "FromISR" can be used. - * if( xTimerChangePeriodFromISR( xTimer, &xHigherPriorityTaskWoken ) != pdPASS ) - * { - * // The command to change the timers period was not executed - * // successfully. Take appropriate action here. - * } - * - * // If xHigherPriorityTaskWoken equals pdTRUE, then a context switch - * // should be performed. The syntax required to perform a context switch - * // from inside an ISR varies from port to port, and from compiler to - * // compiler. Inspect the demos for the port you are using to find the - * // actual syntax required. - * if( xHigherPriorityTaskWoken != pdFALSE ) - * { - * // Call the interrupt safe yield function here (actual function - * // depends on the FreeRTOS port being used). - * } - * } - * @endverbatim - */ - - - -/** - * BaseType_t xTimerResetFromISR( TimerHandle_t xTimer, - * BaseType_t *pxHigherPriorityTaskWoken ); - * - * A version of xTimerReset() that can be called from an interrupt service - * routine. - * - * @param xTimer The handle of the timer that is to be started, reset, or - * restarted. - * - * @param pxHigherPriorityTaskWoken The timer service/daemon task spends most - * of its time in the Blocked state, waiting for messages to arrive on the timer - * command queue. Calling xTimerResetFromISR() writes a message to the timer - * command queue, so has the potential to transition the timer service/daemon - * task out of the Blocked state. If calling xTimerResetFromISR() causes the - * timer service/daemon task to leave the Blocked state, and the timer service/ - * daemon task has a priority equal to or greater than the currently executing - * task (the task that was interrupted), then *pxHigherPriorityTaskWoken will - * get set to pdTRUE internally within the xTimerResetFromISR() function. If - * xTimerResetFromISR() sets this value to pdTRUE then a context switch should - * be performed before the interrupt exits. - * - * @return pdFAIL will be returned if the reset command could not be sent to - * the timer command queue. pdPASS will be returned if the command was - * successfully sent to the timer command queue. When the command is actually - * processed will depend on the priority of the timer service/daemon task - * relative to other tasks in the system, although the timers expiry time is - * relative to when xTimerResetFromISR() is actually called. The timer service/daemon - * task priority is set by the configTIMER_TASK_PRIORITY configuration constant. - * - * Example usage: - * @verbatim - * // This scenario assumes xBacklightTimer has already been created. When a - * // key is pressed, an LCD back-light is switched on. If 5 seconds pass - * // without a key being pressed, then the LCD back-light is switched off. In - * // this case, the timer is a one-shot timer, and unlike the example given for - * // the xTimerReset() function, the key press event handler is an interrupt - * // service routine. - * - * // The callback function assigned to the one-shot timer. In this case the - * // parameter is not used. - * void vBacklightTimerCallback( TimerHandle_t pxTimer ) - * { - * // The timer expired, therefore 5 seconds must have passed since a key - * // was pressed. Switch off the LCD back-light. - * vSetBacklightState( BACKLIGHT_OFF ); - * } - * - * // The key press interrupt service routine. - * void vKeyPressEventInterruptHandler( void ) - * { - * BaseType_t xHigherPriorityTaskWoken = pdFALSE; - * - * // Ensure the LCD back-light is on, then reset the timer that is - * // responsible for turning the back-light off after 5 seconds of - * // key inactivity. This is an interrupt service routine so can only - * // call FreeRTOS API functions that end in "FromISR". - * vSetBacklightState( BACKLIGHT_ON ); - * - * // xTimerStartFromISR() or xTimerResetFromISR() could be called here - * // as both cause the timer to re-calculate its expiry time. - * // xHigherPriorityTaskWoken was initialised to pdFALSE when it was - * // declared (in this function). - * if( xTimerResetFromISR( xBacklightTimer, &xHigherPriorityTaskWoken ) != pdPASS ) - * { - * // The reset command was not executed successfully. Take appropriate - * // action here. - * } - * - * // Perform the rest of the key processing here. - * - * // If xHigherPriorityTaskWoken equals pdTRUE, then a context switch - * // should be performed. The syntax required to perform a context switch - * // from inside an ISR varies from port to port, and from compiler to - * // compiler. Inspect the demos for the port you are using to find the - * // actual syntax required. - * if( xHigherPriorityTaskWoken != pdFALSE ) - * { - * // Call the interrupt safe yield function here (actual function - * // depends on the FreeRTOS port being used). - * } - * } - * @endverbatim - */ - - - - -/** - * BaseType_t xTimerPendFunctionCallFromISR( PendedFunction_t xFunctionToPend, - * void *pvParameter1, - * uint32_t ulParameter2, - * BaseType_t *pxHigherPriorityTaskWoken ); - * - * - * Used from application interrupt service routines to defer the execution of a - * function to the RTOS daemon task (the timer service task, hence this function - * is implemented in timers.c and is prefixed with 'Timer'). - * - * Ideally an interrupt service routine (ISR) is kept as short as possible, but - * sometimes an ISR either has a lot of processing to do, or needs to perform - * processing that is not deterministic. In these cases - * xTimerPendFunctionCallFromISR() can be used to defer processing of a function - * to the RTOS daemon task. - * - * A mechanism is provided that allows the interrupt to return directly to the - * task that will subsequently execute the pended callback function. This - * allows the callback function to execute contiguously in time with the - * interrupt - just as if the callback had executed in the interrupt itself. - * - * @param xFunctionToPend The function to execute from the timer service/ - * daemon task. The function must conform to the PendedFunction_t - * prototype. - * - * @param pvParameter1 The value of the callback function's first parameter. - * The parameter has a void * type to allow it to be used to pass any type. - * For example, unsigned longs can be cast to a void *, or the void * can be - * used to point to a structure. - * - * @param ulParameter2 The value of the callback function's second parameter. - * - * @param pxHigherPriorityTaskWoken As mentioned above, calling this function - * will result in a message being sent to the timer daemon task. If the - * priority of the timer daemon task (which is set using - * configTIMER_TASK_PRIORITY in FreeRTOSConfig.h) is higher than the priority of - * the currently running task (the task the interrupt interrupted) then - * *pxHigherPriorityTaskWoken will be set to pdTRUE within - * xTimerPendFunctionCallFromISR(), indicating that a context switch should be - * requested before the interrupt exits. For that reason - * *pxHigherPriorityTaskWoken must be initialised to pdFALSE. See the - * example code below. - * - * @return pdPASS is returned if the message was successfully sent to the - * timer daemon task, otherwise pdFALSE is returned. - * - * Example usage: - * @verbatim - * - * // The callback function that will execute in the context of the daemon task. - * // Note callback functions must all use this same prototype. - * void vProcessInterface( void *pvParameter1, uint32_t ulParameter2 ) - * { - * BaseType_t xInterfaceToService; - * - * // The interface that requires servicing is passed in the second - * // parameter. The first parameter is not used in this case. - * xInterfaceToService = ( BaseType_t ) ulParameter2; - * - * // ...Perform the processing here... - * } - * - * // An ISR that receives data packets from multiple interfaces - * void vAnISR( void ) - * { - * BaseType_t xInterfaceToService, xHigherPriorityTaskWoken; - * - * // Query the hardware to determine which interface needs processing. - * xInterfaceToService = prvCheckInterfaces(); - * - * // The actual processing is to be deferred to a task. Request the - * // vProcessInterface() callback function is executed, passing in the - * // number of the interface that needs processing. The interface to - * // service is passed in the second parameter. The first parameter is - * // not used in this case. - * xHigherPriorityTaskWoken = pdFALSE; - * xTimerPendFunctionCallFromISR( vProcessInterface, NULL, ( uint32_t ) xInterfaceToService, &xHigherPriorityTaskWoken ); - * - * // If xHigherPriorityTaskWoken is now set to pdTRUE then a context - * // switch should be requested. The macro used is port specific and will - * // be either portYIELD_FROM_ISR() or portEND_SWITCHING_ISR() - refer to - * // the documentation page for the port being used. - * portYIELD_FROM_ISR( xHigherPriorityTaskWoken ); - * - * } - * @endverbatim - */ -BaseType_t xTimerPendFunctionCallFromISR( PendedFunction_t xFunctionToPend, - void * pvParameter1, - uint32_t ulParameter2, - BaseType_t * pxHigherPriorityTaskWoken ) ; - -/** - * BaseType_t xTimerPendFunctionCall( PendedFunction_t xFunctionToPend, - * void *pvParameter1, - * uint32_t ulParameter2, - * TickType_t xTicksToWait ); - * - * - * Used to defer the execution of a function to the RTOS daemon task (the timer - * service task, hence this function is implemented in timers.c and is prefixed - * with 'Timer'). - * - * @param xFunctionToPend The function to execute from the timer service/ - * daemon task. The function must conform to the PendedFunction_t - * prototype. - * - * @param pvParameter1 The value of the callback function's first parameter. - * The parameter has a void * type to allow it to be used to pass any type. - * For example, unsigned longs can be cast to a void *, or the void * can be - * used to point to a structure. - * - * @param ulParameter2 The value of the callback function's second parameter. - * - * @param xTicksToWait Calling this function will result in a message being - * sent to the timer daemon task on a queue. xTicksToWait is the amount of - * time the calling task should remain in the Blocked state (so not using any - * processing time) for space to become available on the timer queue if the - * queue is found to be full. - * - * @return pdPASS is returned if the message was successfully sent to the - * timer daemon task, otherwise pdFALSE is returned. - * - */ -BaseType_t xTimerPendFunctionCall( PendedFunction_t xFunctionToPend, - void * pvParameter1, - uint32_t ulParameter2, - TickType_t xTicksToWait ) ; - -/** - * char * pcTimerGetName( TimerHandle_t xTimer ); - * - * Returns the name that was assigned to a timer when the timer was created. - * - * @param xTimer The handle of the timer being queried. - * - * @return The name assigned to the timer specified by the xTimer parameter. - */ -const char * pcTimerGetName( TimerHandle_t xTimer ) ; /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ - -/** - * void vTimerSetReloadMode( TimerHandle_t xTimer, const UBaseType_t uxAutoReload ); - * - * Updates a timer to be either an auto-reload timer, in which case the timer - * automatically resets itself each time it expires, or a one-shot timer, in - * which case the timer will only expire once unless it is manually restarted. - * - * @param xTimer The handle of the timer being updated. - * - * @param uxAutoReload If uxAutoReload is set to pdTRUE then the timer will - * expire repeatedly with a frequency set by the timer's period (see the - * xTimerPeriodInTicks parameter of the xTimerCreate() API function). If - * uxAutoReload is set to pdFALSE then the timer will be a one-shot timer and - * enter the dormant state after it expires. - */ -void vTimerSetReloadMode( TimerHandle_t xTimer, - const UBaseType_t uxAutoReload ) ; - -/** - * UBaseType_t uxTimerGetReloadMode( TimerHandle_t xTimer ); - * - * Queries a timer to determine if it is an auto-reload timer, in which case the timer - * automatically resets itself each time it expires, or a one-shot timer, in - * which case the timer will only expire once unless it is manually restarted. - * - * @param xTimer The handle of the timer being queried. - * - * @return If the timer is an auto-reload timer then pdTRUE is returned, otherwise - * pdFALSE is returned. - */ -UBaseType_t uxTimerGetReloadMode( TimerHandle_t xTimer ) ; - -/** - * TickType_t xTimerGetPeriod( TimerHandle_t xTimer ); - * - * Returns the period of a timer. - * - * @param xTimer The handle of the timer being queried. - * - * @return The period of the timer in ticks. - */ -TickType_t xTimerGetPeriod( TimerHandle_t xTimer ) ; - -/** - * TickType_t xTimerGetExpiryTime( TimerHandle_t xTimer ); - * - * Returns the time in ticks at which the timer will expire. If this is less - * than the current tick count then the expiry time has overflowed from the - * current time. - * - * @param xTimer The handle of the timer being queried. - * - * @return If the timer is running then the time in ticks at which the timer - * will next expire is returned. If the timer is not running then the return - * value is undefined. - */ -TickType_t xTimerGetExpiryTime( TimerHandle_t xTimer ) ; - -/* - * Functions beyond this part are not part of the public API and are intended - * for use by the kernel only. - */ -BaseType_t xTimerCreateTimerTask( void ) ; - -/* - * Splitting the xTimerGenericCommand into two sub functions and making it a macro - * removes a recursion path when called from ISRs. This is primarily for the XCore - * XCC port which detects the recursion path and throws an error during compilation - * when this is not split. - */ -BaseType_t xTimerGenericCommandFromTask( TimerHandle_t xTimer, - const BaseType_t xCommandID, - const TickType_t xOptionalValue, - BaseType_t * pxHigherPriorityTaskWoken, - const TickType_t xTicksToWait ) ; - -BaseType_t xTimerGenericCommandFromISR( TimerHandle_t xTimer, - const BaseType_t xCommandID, - const TickType_t xOptionalValue, - BaseType_t * pxHigherPriorityTaskWoken, - const TickType_t xTicksToWait ) ; - - - - - - - - void vTimerSetTimerNumber( TimerHandle_t xTimer, - UBaseType_t uxTimerNumber ) ; - UBaseType_t uxTimerGetTimerNumber( TimerHandle_t xTimer ) ; -// # 1378 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/timers.h" -/* *INDENT-OFF* */ - - - -/* *INDENT-ON* */ -// # 56 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/stack_macros.h" 1 -/* - * FreeRTOS SMP Kernel V202110.00 - * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. - * - * Permission is hereby granted, free of charge, to any person obtaining a copy of - * this software and associated documentation files (the "Software"), to deal in - * the Software without restriction, including without limitation the rights to - * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of - * the Software, and to permit persons to whom the Software is furnished to do so, - * subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS - * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR - * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER - * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - * - * https://www.FreeRTOS.org - * https://github.com/FreeRTOS - * - */ - - - - -/* - * Call the stack overflow hook function if the stack of the task being swapped - * out is currently overflowed, or looks like it might have overflowed in the - * past. - * - * Setting configCHECK_FOR_STACK_OVERFLOW to 1 will cause the macro to check - * the current stack state only - comparing the current top of stack value to - * the stack limit. Setting configCHECK_FOR_STACK_OVERFLOW to greater than 1 - * will also cause the last few stack bytes to be checked to ensure the value - * to which the bytes were set when the task was created have not been - * overwritten. Note this second test does not guarantee that an overflowed - * stack will always be recognised. - */ - -/*-----------------------------------------------------------*/ - -/* - * portSTACK_LIMIT_PADDING is a number of extra words to consider to be in - * use on the stack. - */ -// # 67 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/stack_macros.h" -/*-----------------------------------------------------------*/ -// # 83 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/stack_macros.h" -/*-----------------------------------------------------------*/ -// # 102 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/stack_macros.h" -/*-----------------------------------------------------------*/ -// # 126 "/Users/reitobia/repos2/FreeRTOS-Kernel/include/stack_macros.h" -/*-----------------------------------------------------------*/ - -/* Remove stack overflow macro if not being used. */ -// # 57 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 - -/* Verifast proof setup - * - * Note that redefinitions of macros must be included after - * original ones have been included. - */ - -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_proof_defs.h" 1 -/* - * This file contains defines to configure the VeriFast proof setup. - * - */ - - - - // Delete keywords VeriFast canot parse (in some contexts) - - - - /* `projdefs.h` defines `pdFALSE` and `pdTRUE` as 0 and 1 of type - * `BaseType_t`. Both are assigned to variables smaller or - * unsigned types. While that's safe in practice, it is not - * type safe. Hence we define - */ -// # 65 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/stack_predicates.h" 1 - - - - -/*@ -// Represents a stack that grows down (cf. RP2040 stack) -predicate stack_p_2(StackType_t * pxStack, - uint32_t ulStackDepth, - StackType_t * pxTopOfStack, - uint32_t ulFreeBytes, - uint32_t ulUsedCells, - uint32_t ulUnalignedBytes) = - malloc_block_chars((char*) pxStack, ulStackDepth * sizeof(StackType_t)) &*& - // Free stack cells. The size of this memory block is not necessarily a - // multiple of sizeof(StackType_t), due to bitvector arithmetic. - // At least, we cannot prove it. - chars((char*) pxStack, ulFreeBytes, _) &*& - //integer_(pxTopOfStack + sizeof(StackType_t), sizeof(StackType_t), false, _) &*&; - - // If there is any free memory left in this stack, - // pxTopOfStack points to the last sizeof(StackType_t) number of bytes. - (char*) pxStack + ulFreeBytes == (char*) pxTopOfStack + sizeof(StackType_t) &*& - // Used stack cells - integers_(pxTopOfStack + 1, sizeof(StackType_t), false, ulUsedCells, _) &*& - // Unaligned rest - unalignedRestOfStack_p((char*) pxStack + ulFreeBytes + sizeof(StackType_t) * ulUsedCells, - ulUnalignedBytes); - -predicate unalignedRestOfStack_p(char* p, uint32_t ulUnalignedBytes) = - chars(p, ulUnalignedBytes, _); -@*/ - -/*@ -// Represents a stack that grows down (cf. RP2040 stack) -predicate stack_p(StackType_t * pxStack, uint32_t ulStackDepth, StackType_t * pxTopOfStack, uint32_t freeCells) = - integers_(pxStack, sizeof(StackType_t), false, ulStackDepth, _) &*& - ulStackDepth > 0 &*& - freeCells >= 0 &*& - pxTopOfStack == pxStack + freeCells -1 &*& - 0 <= freeCells &*& freeCells <= ulStackDepth; -// usedMem == pxStack - pxTopOfStack -// freeMem == ulStackDepth - usedMem - //freeCells * sizeof(StackType_t) == ulStackDepth * sizeof(StackType_t) - ((char*) pxStack - (char*) pxTopOfStack) &*& -// usedCells * sizeof(StackType_t) == ((char*) pxStack - (char*) pxTopOfStack); -@*/ - -/*/@ -lemma void split_stack(StackType_t * pxStack, int offset) -requires stack_p(pxStack,?ulStackDepth, ?pxTopOfStack, ?freeMem, _) &*& 0 <= offset &*& - offset * sizeof(StackType_t) < ulStackDepth; -ensures integers_(pxStack, sizeof(StackType_t), true, offset * sizeof(StackType_t), _) &*& - integers_(pxStack + offset * sizeof(StackType_t), sizeof(StackType_t), true, ulStackDepth - offset * sizeof(StackType_t), _) ; -{ - open stack_p(_, _, _, _); - integers__split(pxStack, offset * sizeof(StackType_t) ); -} -@*/ - -/*@ -// TODO: Do we need this lemma or is it usually cleaner to split stack manually? -lemma void getTopOfStack(StackType_t* pxStack, StackType_t* pxTopOfStack) -requires stack_p(pxStack,?ulStackDepth, pxTopOfStack, ?freeCells) &*& - freeCells > 0; -ensures // free cells minus top cell - integers_(pxStack, sizeof(StackType_t), false, freeCells-1, _) &*& - // top stack cell - integer_(pxStack + freeCells-1, sizeof(StackType_t), false, _) &*& - // used stack cells - integers_(pxStack + freeCells, sizeof(StackType_t), false, - ulStackDepth - freeCells, _) &*& - // stack contraints necessary to close `stack_p` again - ulStackDepth > 0 &*& - freeCells >= 0 &*& - pxTopOfStack == pxStack + freeCells -1 &*& - 0 <= freeCells &*& freeCells <= ulStackDepth; -{ - open stack_p(_, _, _, _); - integers__split(pxStack, freeCells-1); - open integers_(pxStack + (freeCells-1), _, _, _, _); -} -@*/ -// # 66 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/task_predicates.h" 1 - - - - -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/nathan/list_predicates.h" 1 - - - - -/* - * The code below has been taken from: - * pull request: - * https://github.com/FreeRTOS/FreeRTOS/pull/836 - * file: - * FreeRTOS/Test/VeriFast/include/proof/list.h - * - */ - -/*@ -predicate xLIST_ITEM( - struct xLIST_ITEM *n, - TickType_t xItemValue, - struct xLIST_ITEM *pxNext, - struct xLIST_ITEM *pxPrevious, - struct xLIST *pxContainer;) - = - n->xItemValue |-> xItemValue &*& - n->pxNext |-> pxNext &*& - n->pxPrevious |-> pxPrevious &*& - n->pvOwner |-> _ &*& - n->pxContainer |-> pxContainer; - -// by Tobias Reinhard -predicate xList_gen(struct xLIST *l) = - l->uxNumberOfItems |-> _ &*& - l->pxIndex |-> _; - -@*/ -// # 6 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/task_predicates.h" 2 - - -/*@ -// This predicate represents the memory corresponding to an -// uninitialised instance of type `TCB_t` aka `tskTaskControlBlock`. -predicate uninit_TCB_p(TCB_t * tcb, int stackSize) = - malloc_block_tskTaskControlBlock(tcb) &*& - tcb->pxTopOfStack |-> _ &*& - - xLIST_ITEM(&tcb->xStateListItem, _, _, _, _) &*& - struct_xLIST_ITEM_padding(&tcb->xStateListItem) &*& - xLIST_ITEM(&tcb->xEventListItem, _, _, _, _) &*& - struct_xLIST_ITEM_padding(&tcb->xEventListItem) &*& - - tcb->uxPriority |-> _ &*& - - tcb->pxStack |-> ?stackPtr &*& - stackPtr != 0 &*& - (char*) stackPtr + stackSize <= (char*) UINTPTR_MAX &*& - chars_((char*) stackPtr, stackSize, _) &*& - malloc_block_chars((char*) stackPtr, stackSize) &*& - - tcb->xTaskRunState |-> _ &*& - tcb->xIsIdle |-> _ &*& - - // Assumes macro `configMAX_TASK_NAME_LEN` evaluates to 16. - chars_(tcb->pcTaskName, 16, _) &*& - - tcb->uxCriticalNesting |-> _ &*& - tcb->uxTCBNumber |-> _ &*& - tcb->uxTaskNumber |-> _ &*& - tcb->uxBasePriority |-> _ &*& - tcb->uxMutexesHeld |-> _ &*& - - // void * pvThreadLocalStoragePointers[ 5 ]; - pointers_(tcb->pvThreadLocalStoragePointers, 5, _) &*& - - // We assume that the macro `configTASK_NOTIFICATION_ARRAY_ENTRIES` - // evaluates to 1. - integers__(tcb->ulNotifiedValue, 4, false, 1, _) &*& - uchars_(tcb->ucNotifyState, 1, _) &*& - - tcb->ucDelayAborted |-> _; -@*/ - - -/*@ -// This predicate represents the memory corresponding to an -// initialised instance of type `TCB_t` aka `tskTaskControlBlock`. -predicate TCB_p(TCB_t * tcb, uint32_t ulFreeBytesOnStack) = - malloc_block_tskTaskControlBlock(tcb) &*& - tcb->pxStack |-> ?stackPtr &*& - tcb->pxTopOfStack |-> ?topPtr &*& - stack_p_2(stackPtr, ?ulStackDepth, topPtr, - ulFreeBytesOnStack, ?ulUsedCells, ?ulUnalignedBytes) &*& - - xLIST_ITEM(&tcb->xStateListItem, _, _, _, _) &*& - struct_xLIST_ITEM_padding(&tcb->xStateListItem) &*& - xLIST_ITEM(&tcb->xEventListItem, _, _, _, _) &*& - struct_xLIST_ITEM_padding(&tcb->xEventListItem) &*& - - tcb->uxPriority |-> _ &*& - - tcb->xTaskRunState |-> _ &*& - tcb->xIsIdle |-> _ &*& - - // Assumes macro `configMAX_TASK_NAME_LEN` evaluates to 16. - chars_(tcb->pcTaskName, 16, _) &*& - - tcb->uxCriticalNesting |-> _ &*& - tcb->uxTCBNumber |-> _ &*& - tcb->uxTaskNumber |-> _ &*& - tcb->uxBasePriority |-> _ &*& - tcb->uxMutexesHeld |-> _ &*& - - // void * pvThreadLocalStoragePointers[ 5 ]; - pointers(tcb->pvThreadLocalStoragePointers, 5, _) &*& - - // We assume that the macro `configTASK_NOTIFICATION_ARRAY_ENTRIES` - // evaluates to 1. - integers_(tcb->ulNotifiedValue, 4, false, 1, _) &*& - uchars(tcb->ucNotifyState, 1, _) &*& - - tcb->ucDelayAborted |-> _; -@*/ -// # 67 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_RP2040_axioms.h" 1 - - - - - -/* - * The lemmas in this file axiomatize that the RP2040 architecture uses - * 32bit pointers. - */ - -/*@ -// Axiomatizes that: 0 <= ptr <= 2^32 - 1 -lemma void ptr_range(t* ptr); -requires true; -ensures 0 <= (int) ptr &*& (int) ptr <= 4294967295; -@*/ -// # 68 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/verifast_prelude_extended.h" 1 - - - -/* This file contains axioms that would naturally fit into prelude.h - * but are missing. - */ - -/* Reminder: - -predicate chars_(char *array, int count; list > cs) = - count == 0 ? - cs == nil - : - char_(array, ?c) &*& chars_(array + 1, count - 1, ?cs0) &*& cs == cons(c, cs0); - -predicate chars(char *array, int count; list cs) = - count == 0 ? - cs == nil - : - character(array, ?c) &*& chars(array + 1, count - 1, ?cs0) &*& cs == cons(c, cs0); - - -lemma_auto void chars__to_chars(char *array); - requires [?f]chars_(array, ?count, ?cs) &*& cs == map(some, map(the, cs)); - ensures [f]chars(array, count, map(the, cs)); - - - -predicate integers__(void *p, int size, bool signed_, int count; list > vs) = - count == 0 ? - vs == nil - : - integer__(p, size, signed_, ?v0) &*& integers__(p + size, size, signed_, count - 1, ?vs0) &*& vs == cons(v0, vs0); - -predicate integers_(void *p, int size, bool signed_, int count; list vs) = - count == 0 ? - vs == nil - : - integer_(p, size, signed_, ?v0) &*& integers_(p + size, size, signed_, count - 1, ?vs0) &*& vs == cons(v0, vs0); - - - */ - - - - -/*@ -lemma_auto void integers___to_integers_(void *p); - requires [?f]integers__(p, ?size, ?signed_, ?count, _); - ensures [f]integers_(p, size, signed_, count, _); -@*/ - - -/*@ -lemma void chars_split_at(char* start_ptr, char* split_ptr) -requires chars(start_ptr, ?count, ?vs) &*& - start_ptr <= split_ptr &*& split_ptr < start_ptr + count; -ensures chars(start_ptr, ?c1, ?vs1) &*& - chars(split_ptr, ?c2, ?vs2) &*& - start_ptr + c1 == split_ptr &*& - c1 + c2 == count; -{ - if( start_ptr == split_ptr ) - { - close chars(start_ptr, 0, nil); - } else - { - open chars(start_ptr, _, _); - chars_split_at(start_ptr+1, split_ptr); - assert( chars(start_ptr+1, ?c1, _) ); - close chars(start_ptr, c1+1, _); - } -} -@*/ - - -/*@ -lemma void division_remainder_def(int l, int r); -requires l >= 0 &*& r > 0 &*& r < l; -ensures l == (l % r) + (l / r) * r &*& -0 <= (l % r) &*& -(l % r) < r; -@*/ - -/*@ -lemma void chars_to_max_integers__suffix(char* startPtr, int intSize, bool signed_) -requires chars(startPtr, ?count, ?vs) &*& intSize > 0 &*& count > intSize; -ensures chars(startPtr, ?cc, _) &*& - integers_(?intStartPtr, intSize, signed_, ?ci, _) &*& - count == cc + ci * intSize &*& - intStartPtr == startPtr + cc &*& - cc < intSize &*& - ci == count / intSize; -{ - int rem = count % intSize; - int ci = count / intSize; - - division_remainder_def(count, intSize); - chars_split(startPtr, rem); - chars_to_integers_(startPtr + rem, intSize, signed_, ci); - -} -@*/ -// # 69 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/verifast_bitops_extended.h" 1 - - - -/*@ -// TODO: Can we remove this? -lemma void bitand_idempotent_right(int l, int r); -requires true; -ensures (l & r) == ((l & r) & r); -@*/ -// # 70 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof_setup/verifast_asm.h" 1 - - - -/* VeriFast does not support inline assembler. - * The following definitions replace macros that would normally evaluate to - * inline assember by failing assertions. - */ - -/* VeriFast treats `assert` as keyword and does not support calling it - * in many contexts where function calls are permitted. */ -bool assert_fct(bool b, const char*) -{ - assert(b); - return b; -} - -// Port macros were originally defined in `portmacro.h`. - - - - -/* Additional reason for rewrite: - * VeriFast does not support embedding block statements that consist of - * multiple elemts in expression contexts, e.g., `({e1; e2})`. - */ - - - - - - -//#undef portDISABLE_INTERRUPTS -//#define portDISABLE_INTERRUPTS() assert_fct(false, "portDISABLE_INTERRUPTS") -// # 71 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/verifast_port_contracts.h" 1 - - - - -// We want our proofs to hold for an arbitrary number of cores. -/* TODO: Can we use the original function `get_core_num` instead without - * adding the contract inside the pico sdk file (platform.h)? - */ - - - -/* FreeRTOS core id is always zero based.*/ -static uint VF__get_core_num(void); -//@ requires true; -/*@ ensures 0 <= result &*& result < configNUM_CORES &*& - result == coreID_f(); -@*/ - -/*@ -// Allow reference to core id in proofs. -fixpoint uint coreID_f(); - -lemma void coreID_f_range(); -requires true; -ensures 0 <= coreID_f() &*& coreID_f() < configNUM_CORES; -@*/ - - - - - - -uint32_t VF__portDISABLE_INTERRUPTS(); -//@ requires interruptState_p(?coreID, ?state); -/*@ ensures result == state &*& - interruptState_p(coreID, ?newState) &*& - interruptsDisabled_f(newState) == true &*& - coreLocalGlobalVars_p(); -@*/ - - - -void VF__portRESTORE_INTERRUPTS(uint32_t ulState); -/*@ requires interruptState_p(?coreID, ?tmpState) &*& - interruptsDisabled_f(tmpState) == true - ? coreLocalGlobalVars_p() - : true; - @*/ -/*@ ensures interruptState_p(coreID, ulState); -@*/ - - - -void VF__portGET_TASK_LOCK(); -//@ requires [?f]taskLock() &*& locked(nil); -//@ ensures taskLockInv() &*& locked( cons( pair(f, taskLockID_f), nil) ); - - - -void VF__portGET_ISR_LOCK(); -//@ requires [?f]isrLock() &*& locked(?heldLocks); -//@ ensures isrLockInv() &*& locked( cons( pair(f, isrLockID_f), heldLocks) ); -// # 72 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/verifast_lock_predicates.h" 1 - - - -/* We follow a minimalistic approach during the definition of the - * lock predicates. So far, the only encapsulate the resources and - * invariants required to verify `vTaskSwitchContext`. - * We are going to extend and refine them when we proceed to verify - * other parts of FRTOS. - */ - - -/*@ -// We assume tha `configNUM_CORES` evaluates to 1. -// TODO: Parametrise in terms of `configNUM_CORES`. -// PROBLEM: Shouldn't `configNUM_CORES` be greater than 1? -predicate otherGlobalVars() = - integer_(&uxCurrentNumberOfTasks, sizeof(UBaseType_t), false, _) - &*& - integer_(&xTickCount, sizeof(TickType_t), false, _) - &*& - integer_(&uxTopReadyPriority, sizeof(UBaseType_t), false, _) - &*& - integer_(&xSchedulerRunning, sizeof(BaseType_t), true, _) - &*& - integer_(&xPendedTicks, sizeof(TickType_t), false, _) - &*& - integers_(&xYieldPendings, sizeof(BaseType_t), true, configNUM_CORES, _) - &*& - integer_(&uxTaskNumber, sizeof(UBaseType_t), false, _) - &*& - integer_(&xNextTaskUnblockTime, sizeof(TickType_t), false, _) - &*& - pointers(&xIdleTaskHandle, configNUM_CORES, _); - -predicate unprotectedGlobalVars() = - [_] integer_(&xSchedulerRunning, sizeof(BaseType_t), true, _); - - -@*/ - - - -/* ---------------------------------------------------------------------- - * Core local variables and access restrictions - */ - -/*@ -predicate interruptState_p(uint32_t coreID, uint32_t state); - -fixpoint bool interruptsDisabled_f(uint32_t); - -predicate coreLocalGlobalVars_p() = - pointer(&pxCurrentTCBs[coreID_f], _); - -predicate coreLocalLocked(uint32_t coreID); - -//lemma acquireCoreLocalPermissions(); -//requires interruptState_p -@*/ - - -/* ---------------------------------------------------------------------- - * Predicates relevant for all locks - */ - -/*@ -predicate locked(list< pair > lockHistory); -@*/ - - - -/* ---------------------------------------------------------------------- - * Task lock and associated global variables from `tasks.c` - */ - -/*@ -fixpoint int taskLockID_f(); - -// Represents an acquired task lock. -predicate taskLock(); - -// Represents an acquired task lock. -// `f` is the fraction held for the unacquired lock. -//predicate taskLocked(real f); - -// Represents the invariant associated with the the task lock, i.e., -// access permissions to the resources protected by the lock. -predicate taskLockInv(); -@*/ - -/* ---------------------------------------------------------------------- - * ISR lock and associated global variables from `tasks.c` - */ - -/*@ -fixpoint int isrLockID_f(); - -// Represents an unacquired ISR lock. -predicate isrLock(); - -// Represents an acquired ISR lock. -// `f` is the fraction held for the unacquired lock. -predicate isrLocked(real f); - -// Represents the invariant associated with the the ISR lock, i.e., -// access permissions to the resources protected by the lock. -predicate isrLockInv() = - foreach(?vfReadyLists, xList_gen); -@*/ - - -/* ---------------------------------------------------------------------- - * Resources protected by both locks. - * Note that the task lock may never be acquired after the ISR lock. - */ - -/*@ -fixpoint int taskISRLockID_f(); - -predicate taskISRLockInv() = - integer_((int*) &uxSchedulerSuspended, sizeof(UBaseType_t), false, _) &*& - //TCB_p(pxCurrentTCBs[coreID_f()], ?ulFreeBytesOnStack); - true; - - -lemma void get_taskISRLockInv(); -requires locked(?heldLocks) &*& - heldLocks == cons(?i, cons(?t, nil)) &*& - i == pair(?f_isr, isrLockID_f()) &*& - t == pair(?f_task, taskLockID_f()); -ensures locked( cons( pair(_, taskISRLockID_f()), heldLocks) ); -@*/ - - - -/* -void vf_validate_lock_predicate() -//@ requires module(tasks__pp, true); -//@ ensures true; -{ - //@ open_module(); - uxCurrentNumberOfTasks = 0; - - ///@ coreID_f_range(); - ///@ close coreLocalGlobalVars(); - ///@ close otherGlobalVars(); -} -*/ -// # 73 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 - -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/snippets/rp2040_port_c_snippets.c" 1 -/* - * This file contains code snippets from: - * portable/ThirdParty/GCC/RP2040/port.c - */ - - - -// Note currently we support configNUM_CORES == 1 with SMP, thought it isn't 100% clear why you wouldn't -// just use the non SMP version; keeping around for now in case the code bases are merged. - - -/* Constants required to manipulate the NVIC. */ -// # 27 "/Users/reitobia/repos2/FreeRTOS-Kernel/verification/verifast/proof/snippets/rp2040_port_c_snippets.c" -/* Constants required to set up the initial stack. */ - - -/* The systick is a 24-bit counter. */ - - -/* A fiddle factor to estimate the number of SysTick counts that would have - * occurred while the SysTick counter is stopped during tickless idle - * calculations. */ - - - - -/* Let the user override the pre-loading of the initial LR with the address of - * prvTaskExitError() in case it messes up unwinding of the stack in the - * debugger. */ - - - - - - -/* - * Setup the timer to generate the tick interrupts. The implementation in this - * file is weak to allow application writers to change the timer used to - * generate the tick interrupt. - */ -void vPortSetupTimerInterrupt( void ); - -/* - * Exception handlers. - */ -void xPortPendSVHandler( void ) ; -void xPortSysTickHandler( void ); -void vPortSVCHandler( void ); - -/* - * Start first task is a separate function so it can be tested in isolation. - */ -static void vPortStartFirstTask( void ) ; - -/* - * Used to catch tasks that attempt to return from their implementing function. - */ -static void prvTaskExitError( void ); - - - - -// ------------------------------------------------- -// Validate stack predicate - -/* Simulates creation and initialisation of a stack that grows down as on RP2040. - */ -StackType_t* test_stack_pred(uint32_t depth) -/*@ requires depth * sizeof(StackType_t) <= UINTPTR_MAX &*& - depth <= UINT_MAX &*& - depth > 0; - @*/ -/*@ ensures result == 0 ? true : stack_p(result, depth, ?top, depth) &*& - malloc_block_chars((char*) result, depth * sizeof(StackType_t)); -@*/ -{ - StackType_t * stack; - - - /* Allocate space for the stack used by the task being created. */ - stack = (StackType_t*) malloc( ( ( ( size_t ) depth ) * sizeof( StackType_t ) ) ); - if(stack == 0) return 0; - - memset(stack, 0, (unsigned int ) depth * sizeof(StackType_t)); - - StackType_t* top = stack + depth -1; - - //@ chars_to_integers_(stack, sizeof(StackType_t), false, depth); - //@ close stack_p(stack, depth, top, depth); - // integers_(stack0, 4, false, depth, _) - return stack; -} -// ------------------------------------------------- - -/* - * See header file for description. - */ -StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack, - TaskFunction_t pxCode, - void * pvParameters ) -/*@ requires pxTopOfStack > 0 &*& - stack_p_2(?pxStack, ?ulStackDepth, pxTopOfStack, ?ulFreeBytes, - ?ulUsedCells, ?ulUnalignedBytes) &*& - ulFreeBytes > 17 * sizeof(StackType_t) &*& - pxStack > 0; - @*/ -/*@ ensures stack_p_2(pxStack, ulStackDepth, result, - ulFreeBytes - sizeof(StackType_t) * 16, - ulUsedCells + 16, - ulUnalignedBytes) &*& - result == pxTopOfStack - 16; -@*/ -{ - //@ StackType_t* gOldTop = pxTopOfStack; - //@ char* gcStack = (char*) pxStack; - //@ open stack_p_2(_, _, _, _, _, _); - - //@ assert( (char*) pxTopOfStack == (char*) pxStack + ulFreeBytes - sizeof(StackType_t) ); - //@ assert( (char*) pxStack + ulFreeBytes == (char*) pxTopOfStack + sizeof(StackType_t) ); - - // skip stack cell #0 - //@ chars_split(gcStack, ulFreeBytes - sizeof(StackType_t)); - //@ chars_to_integers_(gOldTop, sizeof(StackType_t), false, 1); - //@ integers__join(gOldTop); - /* Simulate the stack frame as it would be created by a context switch - * interrupt. */ - pxTopOfStack--; /* Offset added to account for the way the MCU uses the stack on entry/exit of interrupts. */ - - // Ensure maintining stack invariant - //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 1, ulUsedCells + 1, ulUnalignedBytes); - //@ open stack_p_2(pxStack, _, _, _, _, _); - - //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 2) ); - //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 1) == (char*) pxTopOfStack + sizeof(StackType_t) ); - - // make stack cell #1 available - //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 2)); - //@ chars_to_integers_(gOldTop-1, sizeof(StackType_t), false, 1); - //@ integers__join(gOldTop-1); - *pxTopOfStack = ( 0x01000000 ); /* xPSR */ - //@ close integers_(gOldTop-1, sizeof(StackType_t), false, ulUsedCells+2, _); - pxTopOfStack--; - - // Ensure maintining stack invariant - //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 2, ulUsedCells + 2, ulUnalignedBytes); - //@ open stack_p_2(pxStack, _, _, _, _, _); - - //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 3) ); - //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 2) == (char*) pxTopOfStack + sizeof(StackType_t) ); - - // prevent overflow - //@ ptr_range(pxCode); - // make stack cell #2 available - //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 3)); - //@ chars_to_integers_(gOldTop-2, sizeof(StackType_t), false, 1); - //@ integers__join(gOldTop-2); - *pxTopOfStack = ( StackType_t ) pxCode; /* PC */ - //@ close integers_(gOldTop-2, sizeof(StackType_t), false, ulUsedCells+3, _); - pxTopOfStack--; - - // Ensure maintining stack invariant - //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 3, ulUsedCells + 3, ulUnalignedBytes); - //@ open stack_p_2(pxStack, _, _, _, _, _); - - //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 4) ); - //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 3) == (char*) pxTopOfStack + sizeof(StackType_t) ); - - // prevent underflow - //@ ptr_range(prvTaskExitError); - // make stack cell #3 available - //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 4)); - //@ chars_to_integers_(gOldTop-3, sizeof(StackType_t), false, 1); - //@ integers__join(gOldTop-3); - *pxTopOfStack = ( StackType_t ) prvTaskExitError; /* LR */ - //@ close integers_(gOldTop-3, sizeof(StackType_t), false, ulUsedCells+4, _); - - pxTopOfStack -= 5; /* R12, R3, R2 and R1. */ - - // jump to stack cell #7 - //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 8)); - //@ chars_to_integers_(gOldTop-7, sizeof(StackType_t), false, 4); - //@ integers__join(gOldTop-7); - - // Ensure maintining stack invariant - //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 8, ulUsedCells + 8, ulUnalignedBytes); - //@ open stack_p_2(pxStack, _, _, _, _, _); - - //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 9) ); - //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 8) == (char*) pxTopOfStack + sizeof(StackType_t) ); - - // prevent overflow - //@ ptr_range(pvParameters); - - // make stack cell #8 available - //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 9)); - //@ chars_to_integers_(gOldTop-8, sizeof(StackType_t), false, 1); - //@ integers__join(gOldTop-8); - *pxTopOfStack = ( StackType_t ) pvParameters; /* R0 */ - //@ close integers_(gOldTop-8, sizeof(StackType_t), false, ulUsedCells+9, _); - - // Ensure maintining stack invariant - //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack-1, ulFreeBytes - sizeof(StackType_t) * 9, ulUsedCells + 9, ulUnalignedBytes); - //@ open stack_p_2(pxStack, _, _, _, _, _); - - - // skip stack cells #9 - #15, leave #16 unused - //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 16)); - //@ chars_to_integers_(gOldTop-15, sizeof(StackType_t), false, 7); - //@ integers__join(gOldTop-15); - pxTopOfStack -= 8; /* R11..R4. */ - - // Ensure maintining stack invariant - //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 16, ulUsedCells + 16, ulUnalignedBytes); - //@ assert( stack_p_2(pxStack, ulStackDepth, gOldTop-16, ulFreeBytes - sizeof(StackType_t) * 16, ulUsedCells + 16, ulUnalignedBytes) ); - - //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 17) ); - //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 16) == (char*) pxTopOfStack + sizeof(StackType_t) ); - - return pxTopOfStack; -} -// # 75 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 - -// # 1 "/Users/reitobia/repos2/FreeRTOS-Kernel/list.c" 1 -/* - * FreeRTOS SMP Kernel V202110.00 - * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. - * - * Permission is hereby granted, free of charge, to any person obtaining a copy of - * this software and associated documentation files (the "Software"), to deal in - * the Software without restriction, including without limitation the rights to - * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of - * the Software, and to permit persons to whom the Software is furnished to do so, - * subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS - * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR - * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER - * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - * - * https://www.FreeRTOS.org - * https://github.com/FreeRTOS - * - */ - - - - -/* Defining MPU_WRAPPERS_INCLUDED_FROM_API_FILE prevents task.h from redefining - * all the API functions to use the MPU wrappers. That should only be done when - * task.h is included from an application file. */ - - - - - -/* Lint e9021, e961 and e750 are suppressed as a MISRA exception justified - * because the MPU ports require MPU_WRAPPERS_INCLUDED_FROM_API_FILE to be - * defined for the header files above, but not in this file, in order to - * generate the correct privileged Vs unprivileged linkage and placement. */ - - -/*----------------------------------------------------------- -* PUBLIC LIST API documented in list.h -*----------------------------------------------------------*/ - -void vListInitialise( List_t * pxList ) -{ - /* The list structure contains a list item which is used to mark the - * end of the list. To initialise the list the list end is inserted - * as the only list entry. */ - pxList->pxIndex = ( ListItem_t * ) &( pxList->xListEnd ); /*lint !e826 !e740 !e9087 The mini list structure is used as the list end to save RAM. This is checked and valid. */ - - /* The list end value is the highest possible value in the list to - * ensure it remains at the end of the list. */ - pxList->xListEnd.xItemValue = ( TickType_t ) 0xffffffffUL; - - /* The list end next and previous pointers point to itself so we know - * when the list is empty. */ - pxList->xListEnd.pxNext = ( ListItem_t * ) &( pxList->xListEnd ); /*lint !e826 !e740 !e9087 The mini list structure is used as the list end to save RAM. This is checked and valid. */ - pxList->xListEnd.pxPrevious = ( ListItem_t * ) &( pxList->xListEnd ); /*lint !e826 !e740 !e9087 The mini list structure is used as the list end to save RAM. This is checked and valid. */ - - pxList->uxNumberOfItems = ( UBaseType_t ) 0U; - - /* Write known values into the list if - * configUSE_LIST_DATA_INTEGRITY_CHECK_BYTES is set to 1. */ - ; - ; -} -/*-----------------------------------------------------------*/ - -void vListInitialiseItem( ListItem_t * pxItem ) -//@ requires pxItem->pxContainer |-> _; -//@ ensures pxItem->pxContainer |-> 0; -{ - /* Make sure the list item is not recorded as being on a list. */ - pxItem->pxContainer = 0; - - /* Write known values into the list item if - * configUSE_LIST_DATA_INTEGRITY_CHECK_BYTES is set to 1. */ - ; - ; -} -/*-----------------------------------------------------------*/ - -void vListInsertEnd( List_t * pxList, - ListItem_t * pxNewListItem ) -{ - ListItem_t * pxIndex = pxList->pxIndex; - - /* Only effective when configASSERT() is also defined, these tests may catch - * the list data structures being overwritten in memory. They will not catch - * data errors caused by incorrect configuration or use of FreeRTOS. */ - ; - ; - - /* Insert a new list item into pxList, but rather than sort the list, - * makes the new list item the last item to be removed by a call to - * listGET_OWNER_OF_NEXT_ENTRY(). */ - pxNewListItem->pxNext = pxIndex; - pxNewListItem->pxPrevious = pxIndex->pxPrevious; - - /* Only used during decision coverage testing. */ - ; - - pxIndex->pxPrevious->pxNext = pxNewListItem; - pxIndex->pxPrevious = pxNewListItem; - - /* Remember which list the item is in. */ - pxNewListItem->pxContainer = pxList; - - ( pxList->uxNumberOfItems )++; -} -/*-----------------------------------------------------------*/ - -void vListInsert( List_t * pxList, - ListItem_t * pxNewListItem ) -{ - ListItem_t * pxIterator; - const TickType_t xValueOfInsertion = pxNewListItem->xItemValue; - - /* Only effective when configASSERT() is also defined, these tests may catch - * the list data structures being overwritten in memory. They will not catch - * data errors caused by incorrect configuration or use of FreeRTOS. */ - ; - ; - - /* Insert the new list item into the list, sorted in xItemValue order. - * - * If the list already contains a list item with the same item value then the - * new list item should be placed after it. This ensures that TCBs which are - * stored in ready lists (all of which have the same xItemValue value) get a - * share of the CPU. However, if the xItemValue is the same as the back marker - * the iteration loop below will not end. Therefore the value is checked - * first, and the algorithm slightly modified if necessary. */ - if( xValueOfInsertion == ( TickType_t ) 0xffffffffUL ) - { - pxIterator = pxList->xListEnd.pxPrevious; - } - else - { - /* *** NOTE *********************************************************** - * If you find your application is crashing here then likely causes are - * listed below. In addition see https://www.FreeRTOS.org/FAQHelp.html for - * more tips, and ensure configASSERT() is defined! - * https://www.FreeRTOS.org/a00110.html#configASSERT - * - * 1) Stack overflow - - * see https://www.FreeRTOS.org/Stacks-and-stack-overflow-checking.html - * 2) Incorrect interrupt priority assignment, especially on Cortex-M - * parts where numerically high priority values denote low actual - * interrupt priorities, which can seem counter intuitive. See - * https://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html and the definition - * of configMAX_SYSCALL_INTERRUPT_PRIORITY on - * https://www.FreeRTOS.org/a00110.html - * 3) Calling an API function from within a critical section or when - * the scheduler is suspended, or calling an API function that does - * not end in "FromISR" from an interrupt. - * 4) Using a queue or semaphore before it has been initialised or - * before the scheduler has been started (are interrupts firing - * before vTaskStartScheduler() has been called?). - * 5) If the FreeRTOS port supports interrupt nesting then ensure that - * the priority of the tick interrupt is at or below - * configMAX_SYSCALL_INTERRUPT_PRIORITY. - **********************************************************************/ - - for( pxIterator = ( ListItem_t * ) &( pxList->xListEnd ); pxIterator->pxNext->xItemValue <= xValueOfInsertion; pxIterator = pxIterator->pxNext ) /*lint !e826 !e740 !e9087 The mini list structure is used as the list end to save RAM. This is checked and valid. *//*lint !e440 The iterator moves to a different value, not xValueOfInsertion. */ - { - /* There is nothing to do here, just iterating to the wanted - * insertion position. */ - } - } - - pxNewListItem->pxNext = pxIterator->pxNext; - pxNewListItem->pxNext->pxPrevious = pxNewListItem; - pxNewListItem->pxPrevious = pxIterator; - pxIterator->pxNext = pxNewListItem; - - /* Remember which list the item is in. This allows fast removal of the - * item later. */ - pxNewListItem->pxContainer = pxList; - - ( pxList->uxNumberOfItems )++; -} -/*-----------------------------------------------------------*/ - -UBaseType_t uxListRemove( ListItem_t * pxItemToRemove ) -{ -/* The list item knows which list it is in. Obtain the list from the list - * item. */ - List_t * pxList = pxItemToRemove->pxContainer; - - pxItemToRemove->pxNext->pxPrevious = pxItemToRemove->pxPrevious; - pxItemToRemove->pxPrevious->pxNext = pxItemToRemove->pxNext; - - /* Only used during decision coverage testing. */ - ; - - /* Make sure the index is left pointing to a valid item. */ - if( pxList->pxIndex == pxItemToRemove ) - { - pxList->pxIndex = pxItemToRemove->pxPrevious; - } - else - { - ; - } - - pxItemToRemove->pxContainer = 0; - ( pxList->uxNumberOfItems )--; - - return pxList->uxNumberOfItems; -} -/*-----------------------------------------------------------*/ -// # 77 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" 2 - - -/* Lint e9021, e961 and e750 are suppressed as a MISRA exception justified - * because the MPU ports require MPU_WRAPPERS_INCLUDED_FROM_API_FILE to be defined - * for the header files above, but not in this file, in order to generate the - * correct privileged Vs unprivileged linkage and placement. */ - - -/* Set configUSE_STATS_FORMATTING_FUNCTIONS to 2 to include the stats formatting - * functions but without including stdio.h here. */ -// # 105 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" -/* Values that can be assigned to the ucNotifyState member of the TCB. */ - - - - -/* - * The value used to fill the stack of a task when the task is created. This - * is used purely for checking the high water mark for tasks. - */ - - -/* Bits used to record how a task's stack and TCB were allocated. */ - - - - -/* If any of the following are set then task stacks are filled with a known - * value so the high water mark can be determined. If none of the following are - * set then don't fill the stack so there is no unnecessary dependency on memset. */ - - - - - - -/* - * Macros used by vListTask to indicate which state a task is in. - */ - - - - - - -/* - * Some kernel aware debuggers require the data the debugger needs access to to - * be global, rather than file scope. - */ - - - - -/* The name allocated to the Idle task. This can be overridden by defining - * configIDLE_TASK_NAME in FreeRTOSConfig.h. */ - - - - - - -/* If configUSE_PORT_OPTIMISED_TASK_SELECTION is 0 then task selection is - * performed in a generic way that is not optimised to any particular - * microcontroller architecture. */ - -/* uxTopReadyPriority holds the priority of the highest priority ready - * state task. */ -// # 169 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - /*-----------------------------------------------------------*/ - -/* Define away taskRESET_READY_PRIORITY() and portRESET_READY_PRIORITY() as - * they are only required when a port optimised method of task selection is - * being used. */ -// # 203 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" -/*-----------------------------------------------------------*/ - -/* pxDelayedTaskList and pxOverflowDelayedTaskList are switched when the tick - * count overflows. */ -// # 221 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" -/*-----------------------------------------------------------*/ - -/* - * Place the task represented by pxTCB into the appropriate ready list for - * the task. It is inserted at the end of the list. - */ - - - - - -/*-----------------------------------------------------------*/ - -/* - * Several functions take a TaskHandle_t parameter that can optionally be NULL, - * where NULL is used to indicate that the handle of the currently executing - * task should be used in place of the parameter. This macro simply checks to - * see if the parameter is NULL and returns a pointer to the appropriate TCB. - */ - - -/* The item value of the event list item is normally used to hold the priority - * of the task to which it belongs (coded to allow it to be held in reverse - * priority order). However, it is occasionally borrowed for other purposes. It - * is important its value is not updated due to a task priority change while it is - * being used for another purpose. The following bit definition is used to inform - * the scheduler that the value should not be changed - in which case it is the - * responsibility of whichever module is using the value to ensure it gets set back - * to its original value when it is released. */ - - - - - - -/* Indicates that the task is not actively running on any core. */ - - -/* Indicates that the task is actively running but scheduled to yield. */ - - -/* Returns pdTRUE if the task is actively running and not scheduled to yield. */ - - -typedef BaseType_t TaskRunning_t; - -/* - * Task control block. A task control block (TCB) is allocated for each task, - * and stores task state information, including a pointer to the task's context - * (the task's run time environment, including register values) - */ -typedef struct tskTaskControlBlock /* The old naming convention is used to prevent breaking kernel aware debuggers. */ -{ - volatile StackType_t * pxTopOfStack; /*< Points to the location of the last item placed on the tasks stack. THIS MUST BE THE FIRST MEMBER OF THE TCB STRUCT. */ -// # 284 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - ListItem_t xStateListItem; /*< The list that the state list item of a task is reference from denotes the state of that task (Ready, Blocked, Suspended ). */ - ListItem_t xEventListItem; /*< Used to reference a task from an event list. */ - UBaseType_t uxPriority; /*< The priority of the task. 0 is the lowest priority. */ - StackType_t * pxStack; /*< Points to the start of the stack. */ - volatile TaskRunning_t xTaskRunState; /*< Used to identify the core the task is running on, if any. */ - BaseType_t xIsIdle; /*< Used to identify the idle tasks. */ - char pcTaskName[ 16 ]; /*< Descriptive name given to the task when created. Facilitates debugging only. */ /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ -// # 301 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - UBaseType_t uxCriticalNesting; /*< Holds the critical section nesting depth for ports that do not maintain their own count in the port layer. */ - - - - UBaseType_t uxTCBNumber; /*< Stores a number that increments each time a TCB is created. It allows debuggers to determine when a task has been deleted and then recreated. */ - UBaseType_t uxTaskNumber; /*< Stores a number specifically for use by third party trace code. */ - - - - UBaseType_t uxBasePriority; /*< The priority last assigned to the task - used by the priority inheritance mechanism. */ - UBaseType_t uxMutexesHeld; - - - - - - - - void * pvThreadLocalStoragePointers[ 5 ]; -// # 341 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - volatile uint32_t ulNotifiedValue[ 1 ]; - volatile uint8_t ucNotifyState[ 1 ]; - - - /* See the comments in FreeRTOS.h with the definition of - * tskSTATIC_AND_DYNAMIC_ALLOCATION_POSSIBLE. */ - - - - - - uint8_t ucDelayAborted; - - - - - -} tskTCB; - -/* The old tskTCB name is maintained above then typedefed to the new TCB_t name - * below to enable the use of older kernel aware debuggers. */ -typedef tskTCB TCB_t; - -/*lint -save -e956 A manual analysis and inspection has been used to determine - * which static variables must be declared volatile. */ - TCB_t * volatile pxCurrentTCBs[ 100 ] = { 0 }; - - -/* Lists for ready and blocked tasks. -------------------- - * xDelayedTaskList1 and xDelayedTaskList2 could be moved to function scope but - * doing so breaks some kernel aware debuggers and debuggers that rely on removing - * the static qualifier. */ - static List_t pxReadyTasksLists[ 32 ]; /*< Prioritised ready tasks. */ - static List_t xDelayedTaskList1; /*< Delayed tasks. */ - static List_t xDelayedTaskList2; /*< Delayed tasks (two lists are used - one for delays that have overflowed the current tick count. */ - static List_t * volatile pxDelayedTaskList; /*< Points to the delayed task list currently being used. */ - static List_t * volatile pxOverflowDelayedTaskList; /*< Points to the delayed task list currently being used to hold tasks that have overflowed the current tick count. */ - static List_t xPendingReadyList; /*< Tasks that have been readied while the scheduler was suspended. They will be moved to the ready list when the scheduler is resumed. */ - - - - static List_t xTasksWaitingTermination; /*< Tasks that have been deleted - but their memory not yet freed. */ - static volatile UBaseType_t uxDeletedTasksWaitingCleanUp = ( UBaseType_t ) 0U; - - - - - - static List_t xSuspendedTaskList; /*< Tasks that are currently suspended. */ - - - -/* Global POSIX errno. Its value is changed upon context switching to match - * the errno of the currently running task. */ - - - - -/* Other file private variables. --------------------------------*/ - static volatile UBaseType_t uxCurrentNumberOfTasks = ( UBaseType_t ) 0U; - static volatile TickType_t xTickCount = ( TickType_t ) 0; - static volatile UBaseType_t uxTopReadyPriority = ( ( UBaseType_t ) 0U ); - static volatile BaseType_t xSchedulerRunning = ( ( char ) 0 ); - static volatile TickType_t xPendedTicks = ( TickType_t ) 0U; - static volatile BaseType_t xYieldPendings[ 100 ] = { ( ( char ) 0 ) }; - static volatile BaseType_t xNumOfOverflows = ( BaseType_t ) 0; - static UBaseType_t uxTaskNumber = ( UBaseType_t ) 0U; - static volatile TickType_t xNextTaskUnblockTime = ( TickType_t ) 0U; /* Initialised to portMAX_DELAY before the scheduler starts. */ - static TaskHandle_t xIdleTaskHandle[ 100 ] = { 0 }; /*< Holds the handle of the idle task. The idle task is created automatically when the scheduler is started. */ - - - -/* Improve support for OpenOCD. The kernel tracks Ready tasks via priority lists. - * For tracking the state of remote threads, OpenOCD uses uxTopUsedPriority - * to determine the number of priority lists to read back from the remote target. */ -const volatile UBaseType_t uxTopUsedPriority = 32 - 1U; - -/* Context switches are held pending while the scheduler is suspended. Also, - * interrupts must not manipulate the xStateListItem of a TCB, or any of the - * lists the xStateListItem can be referenced from, if the scheduler is suspended. - * If an interrupt needs to unblock a task while the scheduler is suspended then it - * moves the task's event list item into the xPendingReadyList, ready for the - * kernel to move the task from the pending ready list into the real ready list - * when the scheduler is unsuspended. The pending ready list itself can only be - * accessed from a critical section. - * - * Updates to uxSchedulerSuspended must be protected by both the task and ISR locks and - * must not be done by an ISR. Reads must be protected by either lock and may be done by - * either an ISR or a task. */ - static volatile UBaseType_t uxSchedulerSuspended = ( UBaseType_t ) ( ( char ) 0 ); -// # 441 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" -/*lint -restore */ - -/*-----------------------------------------------------------*/ - -/* File private functions. --------------------------------*/ - -/* - * Creates the idle tasks during scheduler start - */ -static BaseType_t prvCreateIdleTasks( void ); - -/* - * Returns the yield pending count for the calling core. - */ -static BaseType_t prvGetCurrentYieldPending( void ); - -/* - * Checks to see if another task moved the current task out of the ready - * list while it was waiting to enter a critical section and yields if so. - */ -static void prvCheckForRunStateChange( void ); - -/* - * Yields the given core. - */ -static void prvYieldCore( BaseType_t xCoreID ); - -/* - * Yields a core, or cores if multiple priorities are not allowed to run - * simultaneously, to allow the task pxTCB to run. - */ -static void prvYieldForTask( TCB_t * pxTCB, - const BaseType_t xPreemptEqualPriority ); - -/* - * Selects the highest priority available task - */ -static BaseType_t prvSelectHighestPriorityTask( const BaseType_t xCoreID ); - -/** - * Utility task that simply returns pdTRUE if the task referenced by xTask is - * currently in the Suspended state, or pdFALSE if the task referenced by xTask - * is in any other state. - */ - - - static BaseType_t prvTaskIsTaskSuspended( const TaskHandle_t xTask ) ; - - - -/* - * Utility to ready all the lists used by the scheduler. This is called - * automatically upon the creation of the first task. - */ -static void prvInitialiseTaskLists( void ) ; - -/* - * The idle task, which as all tasks is implemented as a never ending loop. - * The idle task is automatically created and added to the ready lists upon - * creation of the first user task. - * - */ -static void prvIdleTask( void * pvParameters ) ; - - static void prvMinimalIdleTask( void * pvParameters ) ; - - -/* - * Utility to free all memory allocated by the scheduler to hold a TCB, - * including the stack pointed to by the TCB. - * - * This does not free memory allocated by the task itself (i.e. memory - * allocated by calls to pvPortMalloc from within the tasks application code). - */ - - - static void prvDeleteTCB( TCB_t * pxTCB ) ; - - - -/* - * Used only by the idle task. This checks to see if anything has been placed - * in the list of tasks waiting to be deleted. If so the task is cleaned up - * and its TCB deleted. - */ -static void prvCheckTasksWaitingTermination( void ) ; - -/* - * The currently executing task is entering the Blocked state. Add the task to - * either the current or the overflow delayed task list. - */ -static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait, - const BaseType_t xCanBlockIndefinitely ) ; - -/* - * Fills an TaskStatus_t structure with information on each task that is - * referenced from the pxList list (which may be a ready list, a delayed list, - * a suspended list, etc.). - * - * THIS FUNCTION IS INTENDED FOR DEBUGGING ONLY, AND SHOULD NOT BE CALLED FROM - * NORMAL APPLICATION CODE. - */ - - - static UBaseType_t prvListTasksWithinSingleList( TaskStatus_t * pxTaskStatusArray, - List_t * pxList, - eTaskState eState ) ; - - - -/* - * Searches pxList for a task with name pcNameToQuery - returning a handle to - * the task if it is found, or NULL if the task is not found. - */ - - - static TCB_t * prvSearchForNameWithinSingleList( List_t * pxList, - const char pcNameToQuery[] ) ; - - - -/* - * When a task is created, the stack of the task is filled with a known value. - * This function determines the 'high water mark' of the task stack by - * determining how much of the stack remains at the original preset value. - */ - - - static uint32_t prvTaskCheckFreeStackSpace( const uint8_t * pucStackByte ) ; - - - -/* - * Return the amount of time, in ticks, that will pass before the kernel will - * next move a task from the Blocked state to the Running state. - * - * This conditional compilation should use inequality to 0, not equality to 1. - * This is to ensure portSUPPRESS_TICKS_AND_SLEEP() can be called when user - * defined low power mode implementations require configUSE_TICKLESS_IDLE to be - * set to a value other than 1. - */ - - - - - - -/* - * Set xNextTaskUnblockTime to the time at which the next Blocked state task - * will exit the Blocked state. - */ -static void prvResetNextTaskUnblockTime( void ) ; -// # 605 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" -/* - * Called after a Task_t structure has been allocated either statically or - * dynamically to fill in the structure's members. - */ -static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, - const char * pcName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ - const uint32_t ulStackDepth, - void * pvParameters, - UBaseType_t uxPriority, - TaskHandle_t * pxCreatedTask, - TCB_t * pxNewTCB, - const MemoryRegion_t * xRegions ) ; - -/* - * Called after a new task has been created and initialised to place the task - * under the control of the scheduler. - */ -static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) ; - -/* - * freertos_tasks_c_additions_init() should only be called if the user definable - * macro FREERTOS_TASKS_C_ADDITIONS_INIT() is defined, as that is the only macro - * called by the function. - */ - - - - - - -/*-----------------------------------------------------------*/ -// # 655 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" -/*-----------------------------------------------------------*/ -// # 738 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" -/*-----------------------------------------------------------*/ - -static void prvYieldCore( BaseType_t xCoreID ) -{ - /* This must be called from a critical section and - * xCoreID must be valid. */ - - if( assert_fct(false, "portCHECK_IF_IN_ISR") && ( xCoreID == VF__get_core_num() ) ) - { - xYieldPendings[ xCoreID ] = ( ( char ) 1 ); - } - else if( pxCurrentTCBs[ xCoreID ]->xTaskRunState != ( TaskRunning_t ) ( -2 ) ) - { - if( xCoreID == VF__get_core_num() ) - { - xYieldPendings[ xCoreID ] = ( ( char ) 1 ); - } - - else - { - vYieldCore(xCoreID); - pxCurrentTCBs[ xCoreID ]->xTaskRunState = ( TaskRunning_t ) ( -2 ); - } - - } -} - -/*-----------------------------------------------------------*/ - -static void prvYieldForTask( TCB_t * pxTCB, - const BaseType_t xPreemptEqualPriority ) -{ - BaseType_t xLowestPriority; - BaseType_t xTaskPriority; - BaseType_t xLowestPriorityCore = -1; - BaseType_t xYieldCount = 0; - BaseType_t x; - TaskRunning_t xTaskRunState; - - /* THIS FUNCTION MUST BE CALLED FROM A CRITICAL SECTION */ - - assert(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U); -// # 792 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - xLowestPriority = ( BaseType_t ) pxTCB->uxPriority; - - if( xPreemptEqualPriority == ( ( char ) 0 ) ) - { - /* xLowestPriority will be decremented to -1 if the priority of pxTCB - * is 0. This is ok as we will give system idle tasks a priority of -1 below. */ - --xLowestPriority; - } - - for( x = ( BaseType_t ) 0; x < ( BaseType_t ) 100; x++ ) - { - /* System idle tasks are being assigned a priority of tskIDLE_PRIORITY - 1 here */ - xTaskPriority = ( BaseType_t ) pxCurrentTCBs[ x ]->uxPriority - pxCurrentTCBs[ x ]->xIsIdle; - xTaskRunState = pxCurrentTCBs[ x ]->xTaskRunState; - - if( ( ( ( 0 <= xTaskRunState ) && ( xTaskRunState < 100 ) ) != ( ( char ) 0 ) ) && ( xYieldPendings[ x ] == ( ( char ) 0 ) ) ) - { - if( xTaskPriority <= xLowestPriority ) - { - - - - - - { - - - - { - xLowestPriority = xTaskPriority; - xLowestPriorityCore = x; - } - } - } - else - { - ; - } -// # 846 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - } - else - { - ; - } - } - - if( ( xYieldCount == 0 ) && ( ( BaseType_t ) ( ( 0 <= xLowestPriorityCore ) && ( xLowestPriorityCore < 100 ) ) ) ) - { - prvYieldCore( xLowestPriorityCore ); - xYieldCount++; - } -// # 866 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" -} -/*-----------------------------------------------------------*/ - - - - static BaseType_t prvSelectHighestPriorityTask( const BaseType_t xCoreID ) - { - UBaseType_t uxCurrentPriority = uxTopReadyPriority; - BaseType_t xTaskScheduled = ( ( char ) 0 ); - BaseType_t xDecrementTopPriority = ( ( char ) 1 ); -// # 884 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - while( xTaskScheduled == ( ( char ) 0 ) ) - { -// # 898 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - if( ( ( ( &( pxReadyTasksLists[ uxCurrentPriority ] ) )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) == ( ( char ) 0 ) ) - { - - /* Reason for rewrite: - * VeriFast does not support const pointers. - */ - List_t * pxReadyList = &( pxReadyTasksLists[ uxCurrentPriority ] ); - - - - - ListItem_t * pxLastTaskItem = pxReadyList->pxIndex->pxPrevious; - ListItem_t * pxTaskItem = pxLastTaskItem; - - if( ( void * ) pxLastTaskItem == ( void * ) &( pxReadyList->xListEnd ) ) - { - pxLastTaskItem = pxLastTaskItem->pxPrevious; - } - - /* The ready task list for uxCurrentPriority is not empty, so uxTopReadyPriority - * must not be decremented any further */ - xDecrementTopPriority = ( ( char ) 0 ); - - do - { - TCB_t * pxTCB; - - pxTaskItem = pxTaskItem->pxNext; - - if( ( void * ) pxTaskItem == ( void * ) &( pxReadyList->xListEnd ) ) - { - pxTaskItem = pxTaskItem->pxNext; - } - - pxTCB = pxTaskItem->pvOwner; - - /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */ -// # 951 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - if( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -1 ) ) - { - - - - - - { - /* If the task is not being executed by any core swap it in */ - pxCurrentTCBs[ xCoreID ]->xTaskRunState = ( TaskRunning_t ) ( -1 ); - - - - pxTCB->xTaskRunState = ( TaskRunning_t ) xCoreID; - pxCurrentTCBs[ xCoreID ] = pxTCB; - xTaskScheduled = ( ( char ) 1 ); - } - } - else if( pxTCB == pxCurrentTCBs[ xCoreID ] ) - { - assert(( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -2 ) )); - - - - - - { - /* The task is already running on this core, mark it as scheduled */ - pxTCB->xTaskRunState = ( TaskRunning_t ) xCoreID; - xTaskScheduled = ( ( char ) 1 ); - } - } - - if( xTaskScheduled != ( ( char ) 0 ) ) - { - /* Once a task has been selected to run on this core, - * move it to the end of the ready task list. */ - uxListRemove( pxTaskItem ); - vListInsertEnd( pxReadyList, pxTaskItem ); - break; - } - } while( pxTaskItem != pxLastTaskItem ); - } - else - { - if( xDecrementTopPriority != ( ( char ) 0 ) ) - { - uxTopReadyPriority--; - - - - - - } - } - - /* This function can get called by vTaskSuspend() before the scheduler is started. - * In that case, since the idle tasks have not yet been created it is possible that we - * won't find a new task to schedule. Return pdFALSE in this case. */ - if( ( xSchedulerRunning == ( ( char ) 0 ) ) && ( uxCurrentPriority == ( ( UBaseType_t ) 0U ) ) && ( xTaskScheduled == ( ( char ) 0 ) ) ) - { - return ( ( char ) 0 ); - } - - assert(( uxCurrentPriority > ( ( UBaseType_t ) 0U ) ) || ( xTaskScheduled == ( ( char ) 1 ) )); - uxCurrentPriority--; - } - - assert(( ( 0 <= pxCurrentTCBs[ xCoreID ]->xTaskRunState ) && ( pxCurrentTCBs[ xCoreID ]->xTaskRunState < 100 ) )); -// # 1095 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - return ( ( char ) 1 ); - } -// # 1111 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" -/*-----------------------------------------------------------*/ -// # 1189 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" -/*-----------------------------------------------------------*/ -// # 1252 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" -/*-----------------------------------------------------------*/ -// # 1318 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" -/*-----------------------------------------------------------*/ - - - - BaseType_t xTaskCreate( TaskFunction_t pxTaskCode, - const char * pcName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ - const uint32_t usStackDepth, - void * pvParameters, - UBaseType_t uxPriority, - TaskHandle_t * pxCreatedTask ) - /*@ requires usStackDepth * sizeof( StackType_t ) < UINTPTR_MAX &*& - usStackDepth > 18 &*& - // We assume that macro `configMAX_TASK_NAME_LEN` evaluates to 16. - chars(pcName, 16, _) &*& - *pxCreatedTask |-> _ &*& - interruptState_p(?coreID, _) &*& - unprotectedGlobalVars(); - @*/ - //@ ensures true; -// # 1350 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - { - TCB_t * pxNewTCB; - BaseType_t xReturn; - - /* If the stack grows down then allocate the stack then the TCB so the stack - * does not grow into the TCB. Likewise if the stack grows up then allocate - * the TCB then the stack. */ -// # 1380 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - { - StackType_t * pxStack; - - /* Allocate space for the stack used by the task being created. */ - pxStack = malloc( ( ( ( size_t ) usStackDepth ) * sizeof( StackType_t ) ) ); /*lint !e9079 All values returned by pvPortMalloc() have at least the alignment required by the MCU's stack and this allocation is the stack. */ - - if( pxStack != 0 ) - { - /* Allocate space for the TCB. */ - pxNewTCB = ( TCB_t * ) malloc( sizeof( TCB_t ) ); /*lint !e9087 !e9079 All values returned by pvPortMalloc() have at least the alignment required by the MCU's stack, and the first member of TCB_t is always a pointer to the task's stack. */ - - if( pxNewTCB != 0 ) - { - /* Store the stack location in the TCB. */ - pxNewTCB->pxStack = pxStack; - //@ close xLIST_ITEM(&pxNewTCB->xStateListItem, _, _, _, _); - //@ close xLIST_ITEM(&pxNewTCB->xEventListItem, _, _, _, _); - //@ chars__limits((char*) pxNewTCB->pxStack); - //@ assert( pxNewTCB->pxStack + (size_t) usStackDepth <= (StackType_t*) UINTPTR_MAX ); - //@ close uninit_TCB_p(pxNewTCB, ((size_t) usStackDepth) * sizeof(StackType_t)); - } - else - { - /* The stack cannot be used as the TCB was not created. Free - * it again. */ - free( (void*) pxStack); - } - } - else - { - pxNewTCB = 0; - } - } - - - if( pxNewTCB != 0 ) - { -// # 1425 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - prvInitialiseNewTask( pxTaskCode, pcName, ( uint32_t ) usStackDepth, pvParameters, uxPriority, pxCreatedTask, pxNewTCB, 0 ); -// # 1434 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - /* TODO: Continue proof - * For now we stop verification here and concentrate on new - * verification target. - */ - //@ assume(false); - - prvAddNewTaskToReadyList( pxNewTCB ); - xReturn = ( ( ( char ) 1 ) ); - } - else - { - xReturn = ( -1 ); - } - - //@ assume(false); - // TODO: Remove! - // Allows us to focus on verifying called functions. - return xReturn; - } - - -/*-----------------------------------------------------------*/ - -static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, - const char * pcName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ - const uint32_t ulStackDepth, - void * pvParameters, - UBaseType_t uxPriority, - TaskHandle_t * pxCreatedTask, - TCB_t * pxNewTCB, - const MemoryRegion_t * xRegions ) -/*@ requires uninit_TCB_p(pxNewTCB, ?stackSize) &*& - stackSize == ulStackDepth * sizeof(StackType_t) &*& - stackSize <= UINTPTR_MAX &*& - ulStackDepth > 18 &*& - // We assume that macro `configMAX_TASK_NAME_LEN` evaluates to 16. - chars(pcName, 16, _) &*& - *pxCreatedTask |-> _; - @*/ -/*@ ensures TCB_p(pxNewTCB, ?freeBytes) &*& - chars(pcName, 16, _) &*& - *pxCreatedTask |-> _; - @*/ -{ - StackType_t * pxTopOfStack; - UBaseType_t x; -// # 1497 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - //@ open uninit_TCB_p(_,_); - - /* Avoid dependency on memset() if it is not required. */ - - { - /* Fill the stack with a known value to assist debugging. */ - - /* Reason for rewrite: - * - VeriFast does not support casts involving side-effectful - * expressions. - * - VeriFast report type mismatch because - * `( int ) tskSTACK_FILL_BYTE` is passed for a char argument. - * - * Note: The only affect of void casts is to surpress compiler - * warnings. - * - * TODO: Is the type mismatch a real error? - */ - memset( pxNewTCB->pxStack, ( char ) ( 0xa5U ), ( size_t ) ulStackDepth * sizeof( StackType_t ) ); - - - - } - - - /* Calculate the top of stack address. This depends on whether the stack - * grows from high memory to low (as per the 80x86) or vice versa. - * portSTACK_GROWTH is used to make the result positive or negative as required - * by the port. */ - - { - pxTopOfStack = &( pxNewTCB->pxStack[ ulStackDepth - ( uint32_t ) 1 ] ); - //@ StackType_t* gOldTop = pxTopOfStack; - //@ char* gcStack = (char*) pxNewTCB->pxStack; - - /* Set the following flag to skip and expensive part of this proof: - * `VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT` - * - * For VeriFast bit vector proofs are very computation intensive. - * Hence, reasoning about the stack alignment below takes relatively - * long. - */ -// # 1555 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - /* Axiomatise that no over- or underflow occurs. - * We further assume that `portPOINTER_SIZE_TYPE` evaluates to - * `uint32_t`. - */ - //@ ptr_range(pxTopOfStack); - /*@ assume( ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) - & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ) - > 0 ); - @*/ - /*@ assume( ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) - & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ) - <= (StackType_t*) UINTPTR_MAX ); - @*/ - - - pxTopOfStack = ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception. Avoiding casts between pointers and integers is not practical. Size differences accounted for using portPOINTER_SIZE_TYPE type. Checked by assert(). */ -// # 1583 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - /* Axiomatize that alignmet check succeeds. - * We further assume that `portPOINTER_SIZE_TYPE` evaluates to - * `uint32_t`*/ - //@ ptr_range(pxTopOfStack); - /*@ assume( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL ); - @*/ - - - /* Check the alignment of the calculated top of stack is correct. */ - assert(( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL )); -// # 1605 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - /* Axiomatize that bit vector operations did not change stack - * pointer. - */ - /* TODO: Can we simplify the axiomatizations here and above - * by assuming that the top pointer was already aligned? - */ - //@ assume( pxTopOfStack == gOldTop ); - //@ int gUnalignedBytes = 0; - - - //@ assert( chars(gcStack, ?gFreeBytes, _) ); - //@ char* gUnalignedPtr = (char*) pxNewTCB->pxStack + gFreeBytes; - //@ close unalignedRestOfStack_p(gUnalignedPtr, gUnalignedBytes); - //@ close stack_p_2(pxNewTCB->pxStack, ulStackDepth, pxTopOfStack, gFreeBytes, 0, gUnalignedBytes); -// # 1628 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - } -// # 1642 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - /* Store the task name in the TCB. */ - if( pcName != 0 ) - { - for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) 16; x++ ) - /*@ invariant chars_(pxNewTCB->pcTaskName, 16, _) &*& - chars(pcName, 16, _); - @*/ - { - pxNewTCB->pcTaskName[ x ] = pcName[ x ]; - - /* Don't copy all configMAX_TASK_NAME_LEN if the string is shorter than - * configMAX_TASK_NAME_LEN characters just in case the memory after the - * string is not accessible (extremely unlikely). */ - if( pcName[ x ] == ( char ) 0x00 ) - { - break; - } - else - { - ; - } - } - - /* Ensure the name string is terminated in the case that the string length - * was greater or equal to configMAX_TASK_NAME_LEN. */ - pxNewTCB->pcTaskName[ 16 - 1 ] = '\0'; - } - else - { - /* The task has not been given a name, so just ensure there is a NULL - * terminator when it is read out. */ - pxNewTCB->pcTaskName[ 0 ] = 0x00; - } - - /* This is used as an array index so must ensure it's not too large. First - * remove the privilege bit if one is present. */ - if( uxPriority >= ( UBaseType_t ) 32 ) - { - uxPriority = ( UBaseType_t ) 32 - ( UBaseType_t ) 1U; - } - else - { - ; - } - - pxNewTCB->uxPriority = uxPriority; - - { - pxNewTCB->uxBasePriority = uxPriority; - pxNewTCB->uxMutexesHeld = 0; - } - - - vListInitialiseItem( &( pxNewTCB->xStateListItem ) ); - vListInitialiseItem( &( pxNewTCB->xEventListItem ) ); - - - /* Set the pxNewTCB as a link back from the ListItem_t. This is so we can get - * back to the containing TCB from a generic item in a list. */ - ( ( &( pxNewTCB->xStateListItem ) )->pvOwner = ( void * ) ( pxNewTCB ) ); - - /* Event lists are always in priority order. */ - ( ( &( pxNewTCB->xEventListItem ) )->xItemValue = ( ( TickType_t ) 32 - ( TickType_t ) uxPriority ) ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ - ( ( &( pxNewTCB->xEventListItem ) )->pvOwner = ( void * ) ( pxNewTCB ) ); - - // Closing predicates early simplifies the symbolic heap and proof debugging. - //@ close xLIST_ITEM(&pxNewTCB->xStateListItem, _, _, _, _); - //@ close xLIST_ITEM(&pxNewTCB->xEventListItem, _, _, _, _); - - - { - pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U; - } -// # 1734 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - { - /* Avoid compiler warning about unreferenced parameter. */ - ( void ) xRegions; - } - - - - { - //@ pointers__to_chars_(pxNewTCB->pvThreadLocalStoragePointers); - //@ assert(chars_((char*) pxNewTCB->pvThreadLocalStoragePointers, _, _)); - //@ assert(chars_(_, sizeof( pxNewTCB->pvThreadLocalStoragePointers ), _)); - memset( ( void * ) &( pxNewTCB->pvThreadLocalStoragePointers[ 0 ] ), 0x00, sizeof( pxNewTCB->pvThreadLocalStoragePointers ) ); - } - - - - { - ///@ assert( integers__(pxNewTCB->ulNotifiedValue, _, _, 1, _) ); - ///@ integers___to_integers_(pxNewTCB->ulNotifiedValue); - ///@ integers__to_chars(pxNewTCB->ulNotifiedValue); - //@integers___to_integers_(pxNewTCB->ulNotifiedValue); - //@ integers__to_chars(pxNewTCB->ulNotifiedValue); - memset( ( void * ) &( pxNewTCB->ulNotifiedValue[ 0 ] ), 0x00, sizeof( pxNewTCB->ulNotifiedValue ) ); - //@ uchars__to_chars_(pxNewTCB->ucNotifyState); - memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) ); - //@ chars_to_uchars(pxNewTCB->ucNotifyState); - } -// # 1773 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - { - - /* Reason for rewrite: Assignment not type safe. */ - pxNewTCB->ucDelayAborted = ( ( unsigned char ) ( ( char ) 0 ) ); - - - - } -// # 1796 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - /* Initialize the TCB stack to look as if the task was already running, - * but had been interrupted by the scheduler. The return address is set - * to the start of the task function. Once the stack has been initialised - * the top of stack variable is updated. */ -// # 1824 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - { - /* If the port has capability to detect stack overflow, - * pass the stack end address to the stack initialization - * function as well. */ -// # 1841 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - { - pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters ); - } - - } - - - /* Initialize to not running */ - pxNewTCB->xTaskRunState = ( TaskRunning_t ) ( -1 ); - - /* Is this an idle task? */ - if( pxTaskCode == prvIdleTask ) - { - pxNewTCB->xIsIdle = ( ( char ) 1 ); - } - - - else if( pxTaskCode == prvMinimalIdleTask ) - { - pxNewTCB->xIsIdle = ( ( char ) 1 ); - } - - else - { - pxNewTCB->xIsIdle = ( ( char ) 0 ); - } - - if( pxCreatedTask != 0 ) - { - /* Pass the handle out in an anonymous way. The handle can be used to - * change the created task's priority, delete the created task, etc.*/ - *pxCreatedTask = ( TaskHandle_t ) pxNewTCB; - } - else - { - ; - } - - //@ assert( stack_p_2(_, _, _, ?gFreeBytes, _, _) ); - //@ close TCB_p(pxNewTCB, gFreeBytes); -} -/*-----------------------------------------------------------*/ - -static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) -/*//@ requires interruptState_p(?coreID, _) &*& - unprotectedGlobalVars(); - @*/ -/*//@ ensures true; - @*/ -{ - /* Ensure interrupts don't access the task lists while the lists are being - * updated. */ - vTaskEnterCritical(); - { - uxCurrentNumberOfTasks++; - - if( xSchedulerRunning == ( ( char ) 0 ) ) - { - if( uxCurrentNumberOfTasks == ( UBaseType_t ) 1 ) - { - /* This is the first task to be created so do the preliminary - * initialisation required. We will not recover if this call - * fails, but we will report the failure. */ - prvInitialiseTaskLists(); - } - else - { - ; - } - - if( pxNewTCB->xIsIdle != ( ( char ) 0 ) ) - { - BaseType_t xCoreID; - - /* Check if a core is free. */ - for( xCoreID = ( UBaseType_t ) 0; xCoreID < ( UBaseType_t ) 100; xCoreID++ ) - { - if( pxCurrentTCBs[ xCoreID ] == 0 ) - { - pxNewTCB->xTaskRunState = xCoreID; - pxCurrentTCBs[ xCoreID ] = pxNewTCB; - break; - } - } - } - } - else - { - ; - } - - uxTaskNumber++; - - - { - /* Add a counter into the TCB for tracing only. */ - pxNewTCB->uxTCBNumber = uxTaskNumber; - } - - ; - - ; { if( ( ( pxNewTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxNewTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxNewTCB )->uxPriority ] ), &( ( pxNewTCB )->xStateListItem ) ); ; - - ( void ) pxNewTCB; - - if( xSchedulerRunning != ( ( char ) 0 ) ) - { - /* If the created task is of a higher priority than another - * currently running task and preemption is on then it should - * run now. */ - - prvYieldForTask( pxNewTCB, ( ( char ) 0 ) ); - - } - else - { - ; - } - } - vTaskExitCritical(); -} -/*-----------------------------------------------------------*/ - - - - void vTaskDelete( TaskHandle_t xTaskToDelete ) - { - TCB_t * pxTCB; - TaskRunning_t xTaskRunningOnCore; - - vTaskEnterCritical(); - { - /* If null is passed in here then it is the calling task that is - * being deleted. */ - pxTCB = ( ( ( xTaskToDelete ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToDelete ) ); - - xTaskRunningOnCore = pxTCB->xTaskRunState; - - /* Remove task from the ready/delayed list. */ - if( uxListRemove( &( pxTCB->xStateListItem ) ) == ( UBaseType_t ) 0 ) - { - ; - } - else - { - ; - } - - /* Is the task waiting on an event also? */ - if( ( ( &( pxTCB->xEventListItem ) )->pxContainer ) != 0 ) - { - ( void ) uxListRemove( &( pxTCB->xEventListItem ) ); - } - else - { - ; - } - - /* Increment the uxTaskNumber also so kernel aware debuggers can - * detect that the task lists need re-generating. This is done before - * portPRE_TASK_DELETE_HOOK() as in the Windows port that macro will - * not return. */ - uxTaskNumber++; - - /* If the task is running (or yielding), we must add it to the - * termination list so that an idle task can delete it when it is - * no longer running. */ - if( xTaskRunningOnCore != ( TaskRunning_t ) ( -1 ) ) - { - /* A running task is being deleted. This cannot complete within the - * task itself, as a context switch to another task is required. - * Place the task in the termination list. The idle task will - * check the termination list and free up any memory allocated by - * the scheduler for the TCB and stack of the deleted task. */ - vListInsertEnd( &xTasksWaitingTermination, &( pxTCB->xStateListItem ) ); - - /* Increment the ucTasksDeleted variable so the idle task knows - * there is a task that has been deleted and that it should therefore - * check the xTasksWaitingTermination list. */ - ++uxDeletedTasksWaitingCleanUp; - - /* Call the delete hook before portPRE_TASK_DELETE_HOOK() as - * portPRE_TASK_DELETE_HOOK() does not return in the Win32 port. */ - ; - - /* The pre-delete hook is primarily for the Windows simulator, - * in which Windows specific clean up operations are performed, - * after which it is not possible to yield away from this task - - * hence xYieldPending is used to latch that a context switch is - * required. */ - ; - } - else - { - --uxCurrentNumberOfTasks; - ; - prvDeleteTCB( pxTCB ); - - /* Reset the next expected unblock time in case it referred to - * the task that has just been deleted. */ - prvResetNextTaskUnblockTime(); - } - - /* Force a reschedule if the task that has just been deleted was running. */ - if( ( xSchedulerRunning != ( ( char ) 0 ) ) && ( ( ( 0 <= xTaskRunningOnCore ) && ( xTaskRunningOnCore < 100 ) ) ) ) - { - BaseType_t xCoreID; - - xCoreID = VF__get_core_num(); - - if( xTaskRunningOnCore == xCoreID ) - { - assert(uxSchedulerSuspended == 0); - vTaskYieldWithinAPI(); - } - else - { - prvYieldCore( xTaskRunningOnCore ); - } - } - } - vTaskExitCritical(); - } - - -/*-----------------------------------------------------------*/ - - - - BaseType_t xTaskDelayUntil( TickType_t * pxPreviousWakeTime, - const TickType_t xTimeIncrement ) - { - TickType_t xTimeToWake; - BaseType_t xAlreadyYielded, xShouldDelay = ( ( char ) 0 ); - - assert(pxPreviousWakeTime); - assert(( xTimeIncrement > 0U )); - - vTaskSuspendAll(); - { - assert(uxSchedulerSuspended == 1); - - /* Minor optimisation. The tick count cannot change in this - * block. */ - const TickType_t xConstTickCount = xTickCount; - - /* Generate the tick time at which the task wants to wake. */ - xTimeToWake = *pxPreviousWakeTime + xTimeIncrement; - - if( xConstTickCount < *pxPreviousWakeTime ) - { - /* The tick count has overflowed since this function was - * lasted called. In this case the only time we should ever - * actually delay is if the wake time has also overflowed, - * and the wake time is greater than the tick time. When this - * is the case it is as if neither time had overflowed. */ - if( ( xTimeToWake < *pxPreviousWakeTime ) && ( xTimeToWake > xConstTickCount ) ) - { - xShouldDelay = ( ( char ) 1 ); - } - else - { - ; - } - } - else - { - /* The tick time has not overflowed. In this case we will - * delay if either the wake time has overflowed, and/or the - * tick time is less than the wake time. */ - if( ( xTimeToWake < *pxPreviousWakeTime ) || ( xTimeToWake > xConstTickCount ) ) - { - xShouldDelay = ( ( char ) 1 ); - } - else - { - ; - } - } - - /* Update the wake time ready for the next call. */ - *pxPreviousWakeTime = xTimeToWake; - - if( xShouldDelay != ( ( char ) 0 ) ) - { - ; - - /* prvAddCurrentTaskToDelayedList() needs the block time, not - * the time to wake, so subtract the current tick count. */ - prvAddCurrentTaskToDelayedList( xTimeToWake - xConstTickCount, ( ( char ) 0 ) ); - } - else - { - ; - } - } - xAlreadyYielded = xTaskResumeAll(); - - /* Force a reschedule if xTaskResumeAll has not already done so, we may - * have put ourselves to sleep. */ - if( xAlreadyYielded == ( ( char ) 0 ) ) - { - vTaskYieldWithinAPI(); - } - else - { - ; - } - - return xShouldDelay; - } - - -/*-----------------------------------------------------------*/ - - - - void vTaskDelay( const TickType_t xTicksToDelay ) - { - BaseType_t xAlreadyYielded = ( ( char ) 0 ); - - /* A delay time of zero just forces a reschedule. */ - if( xTicksToDelay > ( TickType_t ) 0U ) - { - vTaskSuspendAll(); - { - assert(uxSchedulerSuspended == 1); - ; - - /* A task that is removed from the event list while the - * scheduler is suspended will not get placed in the ready - * list or removed from the blocked list until the scheduler - * is resumed. - * - * This task cannot be in an event list as it is the currently - * executing task. */ - prvAddCurrentTaskToDelayedList( xTicksToDelay, ( ( char ) 0 ) ); - } - xAlreadyYielded = xTaskResumeAll(); - } - else - { - ; - } - - /* Force a reschedule if xTaskResumeAll has not already done so, we may - * have put ourselves to sleep. */ - if( xAlreadyYielded == ( ( char ) 0 ) ) - { - vTaskYieldWithinAPI(); - } - else - { - ; - } - } - - -/*-----------------------------------------------------------*/ - - - - eTaskState eTaskGetState( TaskHandle_t xTask ) - { - eTaskState eReturn; - - /* Reason for rewrite: - * VeriFast does not support the following: - * - const pointers - * - multiple pointer declarations to user-defined types in single - * statement (i.e., `A p1, p2;` is ok, `A *p1, *p2;` fails) - */ - List_t * pxStateList; - List_t * pxDelayedList; - List_t * pxOverflowedDelayedList; - - - - const TCB_t * pxTCB = xTask; - - assert(pxTCB); - - vTaskEnterCritical(); - { - pxStateList = ( ( &( pxTCB->xStateListItem ) )->pxContainer ); - pxDelayedList = pxDelayedTaskList; - pxOverflowedDelayedList = pxOverflowDelayedTaskList; - } - vTaskExitCritical(); - - if( ( pxStateList == pxDelayedList ) || ( pxStateList == pxOverflowedDelayedList ) ) - { - /* The task being queried is referenced from one of the Blocked - * lists. */ - eReturn = eBlocked; - } - - - else if( pxStateList == &xSuspendedTaskList ) - { - /* The task being queried is referenced from the suspended - * list. Is it genuinely suspended or is it blocked - * indefinitely? */ - if( ( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0 ) - { - - { - BaseType_t x; - - /* The task does not appear on the event list item of - * and of the RTOS objects, but could still be in the - * blocked state if it is waiting on its notification - * rather than waiting on an object. If not, is - * suspended. */ - eReturn = eSuspended; - - for( x = 0; x < 1; x++ ) - { - if( pxTCB->ucNotifyState[ x ] == ( ( uint8_t ) 1 ) ) - { - eReturn = eBlocked; - break; - } - } - } - - - - - - } - else - { - eReturn = eBlocked; - } - } - - - - else if( ( pxStateList == &xTasksWaitingTermination ) || ( pxStateList == 0 ) ) - { - /* The task being queried is referenced from the deleted - * tasks list, or it is not referenced from any lists at - * all. */ - eReturn = eDeleted; - } - - - else /*lint !e525 Negative indentation is intended to make use of pre-processor clearer. */ - { - /* If the task is not in any other state, it must be in the - * Ready (including pending ready) state. */ - if( ( ( 0 <= pxTCB->xTaskRunState ) && ( pxTCB->xTaskRunState < 100 ) ) ) - { - /* Is it actively running on a core? */ - eReturn = eRunning; - } - else - { - eReturn = eReady; - } - } - - return eReturn; - } /*lint !e818 xTask cannot be a pointer to const because it is a typedef. */ - - -/*-----------------------------------------------------------*/ - - - - UBaseType_t uxTaskPriorityGet( const TaskHandle_t xTask ) - { - - /* Reason for rewrite: - * VeriFast does not support const pointers. - */ - TCB_t * pxTCB; - - - - UBaseType_t uxReturn; - - vTaskEnterCritical(); - { - /* If null is passed in here then it is the priority of the task - * that called uxTaskPriorityGet() that is being queried. */ - pxTCB = ( ( ( xTask ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTask ) ); - uxReturn = pxTCB->uxPriority; - } - vTaskExitCritical(); - - return uxReturn; - } - - -/*-----------------------------------------------------------*/ - - - - UBaseType_t uxTaskPriorityGetFromISR( const TaskHandle_t xTask ) - { - - /* Reason for rewrite: - * VeriFast does not support const pointers. - */ - TCB_t * pxTCB; - - - - UBaseType_t uxReturn, uxSavedInterruptState; - - /* RTOS ports that support interrupt nesting have the concept of a - * maximum system call (or maximum API call) interrupt priority. - * Interrupts that are above the maximum system call priority are keep - * permanently enabled, even when the RTOS kernel is in a critical section, - * but cannot make any calls to FreeRTOS API functions. If configASSERT() - * is defined in FreeRTOSConfig.h then - * portASSERT_IF_INTERRUPT_PRIORITY_INVALID() will result in an assertion - * failure if a FreeRTOS API function is called from an interrupt that has - * been assigned a priority above the configured maximum system call - * priority. Only FreeRTOS functions that end in FromISR can be called - * from interrupts that have been assigned a priority at or (logically) - * below the maximum system call interrupt priority. FreeRTOS maintains a - * separate interrupt safe API to ensure interrupt entry is as fast and as - * simple as possible. More information (albeit Cortex-M specific) is - * provided on the following link: - * https://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html */ - ; - - uxSavedInterruptState = assert_fct(false, "portSET_INTERRUPT_MASK_FROM_ISR"); - { - /* If null is passed in here then it is the priority of the calling - * task that is being queried. */ - pxTCB = ( ( ( xTask ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTask ) ); - uxReturn = pxTCB->uxPriority; - } - do { vTaskExitCritical(); VF__portRESTORE_INTERRUPTS(uxSavedInterruptState); } while (0); - - return uxReturn; - } - - -/*-----------------------------------------------------------*/ - - - - void vTaskPrioritySet( TaskHandle_t xTask, - UBaseType_t uxNewPriority ) - { - TCB_t * pxTCB; - UBaseType_t uxCurrentBasePriority, uxPriorityUsedOnEntry; - BaseType_t xYieldRequired = ( ( char ) 0 ); - BaseType_t xYieldForTask = ( ( char ) 0 ); - BaseType_t xCoreID; - - assert(( uxNewPriority < 32 )); - - /* Ensure the new priority is valid. */ - if( uxNewPriority >= ( UBaseType_t ) 32 ) - { - uxNewPriority = ( UBaseType_t ) 32 - ( UBaseType_t ) 1U; - } - else - { - ; - } - - vTaskEnterCritical(); - { - /* If null is passed in here then it is the priority of the calling - * task that is being changed. */ - pxTCB = ( ( ( xTask ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTask ) ); - - ; - - - { - uxCurrentBasePriority = pxTCB->uxBasePriority; - } - - - - - - - if( uxCurrentBasePriority != uxNewPriority ) - { - /* The priority change may have readied a task of higher - * priority than a running task. */ - if( uxNewPriority > uxCurrentBasePriority ) - { - /* The priority of a task is being raised so - * perform a yield for this task later. */ - xYieldForTask = ( ( char ) 1 ); - } - else if( ( ( 0 <= pxTCB->xTaskRunState ) && ( pxTCB->xTaskRunState < 100 ) ) ) - { - /* Setting the priority of a running task down means - * there may now be another task of higher priority that - * is ready to execute. */ - - - - { - xCoreID = ( BaseType_t ) pxTCB->xTaskRunState; - xYieldRequired = ( ( char ) 1 ); - } - } - else - { - /* Setting the priority of any other task down does not - * require a yield as the running task must be above the - * new priority of the task being modified. */ - } - - /* Remember the ready list the task might be referenced from - * before its uxPriority member is changed so the - * taskRESET_READY_PRIORITY() macro can function correctly. */ - uxPriorityUsedOnEntry = pxTCB->uxPriority; - - - { - /* Only change the priority being used if the task is not - * currently using an inherited priority. */ - if( pxTCB->uxBasePriority == pxTCB->uxPriority ) - { - pxTCB->uxPriority = uxNewPriority; - } - else - { - ; - } - - /* The base priority gets set whatever. */ - pxTCB->uxBasePriority = uxNewPriority; - } - - - - - - - /* Only reset the event list item value if the value is not - * being used for anything else. */ - if( ( ( ( &( pxTCB->xEventListItem ) )->xItemValue ) & 0x80000000UL ) == 0UL ) - { - ( ( &( pxTCB->xEventListItem ) )->xItemValue = ( ( ( TickType_t ) 32 - ( TickType_t ) uxNewPriority ) ) ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ - } - else - { - ; - } - - /* If the task is in the blocked or suspended list we need do - * nothing more than change its priority variable. However, if - * the task is in a ready list it needs to be removed and placed - * in the list appropriate to its new priority. */ - if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &( pxReadyTasksLists[ uxPriorityUsedOnEntry ] ) ) ) ? ( ( ( char ) 1 ) ) : ( ( ( char ) 0 ) ) ) != ( ( char ) 0 ) ) - { - /* The task is currently in its ready list - remove before - * adding it to its new ready list. As we are in a critical - * section we can do this even if the scheduler is suspended. */ - if( uxListRemove( &( pxTCB->xStateListItem ) ) == ( UBaseType_t ) 0 ) - { - /* It is known that the task is in its ready list so - * there is no need to check again and the port level - * reset macro can be called directly. */ - ; - } - else - { - ; - } - - ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ; - } - else - { - /* It's possible that xYieldForTask was already set to pdTRUE because - * its priority is being raised. However, since it is not in a ready list - * we don't actually need to yield for it. */ - xYieldForTask = ( ( char ) 0 ); - } - - - if( xYieldRequired != ( ( char ) 0 ) ) - { - prvYieldCore( xCoreID ); - } - else if( xYieldForTask != ( ( char ) 0 ) ) - { - prvYieldForTask( pxTCB, ( ( char ) 1 ) ); - } - else - { - ; - } - - - /* Remove compiler warning about unused variables when the port - * optimised task selection is not being used. */ - ( void ) uxPriorityUsedOnEntry; - } - } - vTaskExitCritical(); - } - - -/*-----------------------------------------------------------*/ -// # 2585 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" -/*-----------------------------------------------------------*/ -// # 2608 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" -/*-----------------------------------------------------------*/ -// # 2626 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" -/*-----------------------------------------------------------*/ -// # 2654 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" -/*-----------------------------------------------------------*/ - - - - void vTaskSuspend( TaskHandle_t xTaskToSuspend ) - { - TCB_t * pxTCB; - TaskRunning_t xTaskRunningOnCore; - - vTaskEnterCritical(); - { - /* If null is passed in here then it is the running task that is - * being suspended. */ - pxTCB = ( ( ( xTaskToSuspend ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSuspend ) ); - - ; - - xTaskRunningOnCore = pxTCB->xTaskRunState; - - /* Remove task from the ready/delayed list and place in the - * suspended list. */ - if( uxListRemove( &( pxTCB->xStateListItem ) ) == ( UBaseType_t ) 0 ) - { - ; - } - else - { - ; - } - - /* Is the task waiting on an event also? */ - if( ( ( &( pxTCB->xEventListItem ) )->pxContainer ) != 0 ) - { - ( void ) uxListRemove( &( pxTCB->xEventListItem ) ); - } - else - { - ; - } - - vListInsertEnd( &xSuspendedTaskList, &( pxTCB->xStateListItem ) ); - - - { - BaseType_t x; - - for( x = 0; x < 1; x++ ) - { - if( pxTCB->ucNotifyState[ x ] == ( ( uint8_t ) 1 ) ) - { - /* The task was blocked to wait for a notification, but is - * now suspended, so no notification was received. */ - pxTCB->ucNotifyState[ x ] = ( ( uint8_t ) 0 ); - } - } - } - - - if( xSchedulerRunning != ( ( char ) 0 ) ) - { - /* Reset the next expected unblock time in case it referred to the - * task that is now in the Suspended state. */ - prvResetNextTaskUnblockTime(); - } - else - { - ; - } - - if( ( ( 0 <= xTaskRunningOnCore ) && ( xTaskRunningOnCore < 100 ) ) ) - { - if( xSchedulerRunning != ( ( char ) 0 ) ) - { - if( xTaskRunningOnCore == VF__get_core_num() ) - { - /* The current task has just been suspended. */ - assert(uxSchedulerSuspended == 0); - vTaskYieldWithinAPI(); - } - else - { - prvYieldCore( xTaskRunningOnCore ); - } - - vTaskExitCritical(); - } - else - { - vTaskExitCritical(); - - assert(pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ]); - - /* The scheduler is not running, but the task that was pointed - * to by pxCurrentTCB has just been suspended and pxCurrentTCB - * must be adjusted to point to a different task. */ - if( ( ( &xSuspendedTaskList )->uxNumberOfItems ) == uxCurrentNumberOfTasks ) /*lint !e931 Right has no side effect, just volatile. */ - { - /* No other tasks are ready, so set the core's TCB back to - * NULL so when the next task is created the core's TCB will - * be able to be set to point to it no matter what its relative - * priority is. */ - pxTCB->xTaskRunState = ( TaskRunning_t ) ( -1 ); - pxCurrentTCBs[ xTaskRunningOnCore ] = 0; - } - else - { - /* Attempt to switch in a new task. This could fail since the idle tasks - * haven't been created yet. If it does then set the core's TCB back to - * NULL. */ - if( prvSelectHighestPriorityTask( xTaskRunningOnCore ) == ( ( char ) 0 ) ) - { - pxTCB->xTaskRunState = ( TaskRunning_t ) ( -1 ); - pxCurrentTCBs[ xTaskRunningOnCore ] = 0; - } - } - } - } - else - { - vTaskExitCritical(); - } - } /* taskEXIT_CRITICAL() - already exited in one of three cases above */ - } - - -/*-----------------------------------------------------------*/ - - - - static BaseType_t prvTaskIsTaskSuspended( const TaskHandle_t xTask ) - { - BaseType_t xReturn = ( ( char ) 0 ); - const TCB_t * pxTCB = xTask; - - /* Accesses xPendingReadyList so must be called from a critical section. */ - - /* It does not make sense to check if the calling task is suspended. */ - assert(xTask); - - /* Is the task being resumed actually in the suspended list? */ - if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &xSuspendedTaskList ) ) ? ( ( ( char ) 1 ) ) : ( ( ( char ) 0 ) ) ) != ( ( char ) 0 ) ) - { - /* Has the task already been resumed from within an ISR? */ - if( ( ( ( &( pxTCB->xEventListItem ) )->pxContainer == ( &xPendingReadyList ) ) ? ( ( ( char ) 1 ) ) : ( ( ( char ) 0 ) ) ) == ( ( char ) 0 ) ) - { - /* Is it in the suspended list because it is in the Suspended - * state, or because is is blocked with no timeout? */ - if( ( ( ( &( pxTCB->xEventListItem ) )->pxContainer == ( 0 ) ) ? ( ( ( char ) 1 ) ) : ( ( ( char ) 0 ) ) ) != ( ( char ) 0 ) ) /*lint !e961. The cast is only redundant when NULL is used. */ - { - xReturn = ( ( char ) 1 ); - } - else - { - ; - } - } - else - { - ; - } - } - else - { - ; - } - - return xReturn; - } /*lint !e818 xTask cannot be a pointer to const because it is a typedef. */ - - -/*-----------------------------------------------------------*/ - - - - void vTaskResume( TaskHandle_t xTaskToResume ) - { - - /* Reason for rewrite: - * VeriFast does not support const pointers. - */ - TCB_t * pxTCB = xTaskToResume; - - - - - /* It does not make sense to resume the calling task. */ - assert(xTaskToResume); - - /* The parameter cannot be NULL as it is impossible to resume the - * currently executing task. It is also impossible to resume a task - * that is actively running on another core but it is too dangerous - * to check their run state here. Safer to get into a critical section - * and check if it is actually suspended or not below. */ - if( pxTCB != 0 ) - { - vTaskEnterCritical(); - { - if( prvTaskIsTaskSuspended( pxTCB ) != ( ( char ) 0 ) ) - { - ; - - /* The ready list can be accessed even if the scheduler is - * suspended because this is inside a critical section. */ - ( void ) uxListRemove( &( pxTCB->xStateListItem ) ); - ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ; - - /* A higher priority task may have just been resumed. */ - - { - prvYieldForTask( pxTCB, ( ( char ) 1 ) ); - } - - } - else - { - ; - } - } - vTaskExitCritical(); - } - else - { - ; - } - } - - - -/*-----------------------------------------------------------*/ - - - - BaseType_t xTaskResumeFromISR( TaskHandle_t xTaskToResume ) - { - BaseType_t xYieldRequired = ( ( char ) 0 ); - - /* Reason for rewrite: - * VeriFast does not support const pointers. - */ - TCB_t * pxTCB = xTaskToResume; - - - - UBaseType_t uxSavedInterruptStatus; - - assert(xTaskToResume); - - /* RTOS ports that support interrupt nesting have the concept of a - * maximum system call (or maximum API call) interrupt priority. - * Interrupts that are above the maximum system call priority are keep - * permanently enabled, even when the RTOS kernel is in a critical section, - * but cannot make any calls to FreeRTOS API functions. If configASSERT() - * is defined in FreeRTOSConfig.h then - * portASSERT_IF_INTERRUPT_PRIORITY_INVALID() will result in an assertion - * failure if a FreeRTOS API function is called from an interrupt that has - * been assigned a priority above the configured maximum system call - * priority. Only FreeRTOS functions that end in FromISR can be called - * from interrupts that have been assigned a priority at or (logically) - * below the maximum system call interrupt priority. FreeRTOS maintains a - * separate interrupt safe API to ensure interrupt entry is as fast and as - * simple as possible. More information (albeit Cortex-M specific) is - * provided on the following link: - * https://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html */ - ; - - uxSavedInterruptStatus = assert_fct(false, "portSET_INTERRUPT_MASK_FROM_ISR"); - { - if( prvTaskIsTaskSuspended( pxTCB ) != ( ( char ) 0 ) ) - { - ; - - /* Check the ready lists can be accessed. */ - if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) ) - { - /* Ready lists can be accessed so move the task from the - * suspended list to the ready list directly. */ - - ( void ) uxListRemove( &( pxTCB->xStateListItem ) ); - ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ; - } - else - { - /* The delayed or ready lists cannot be accessed so the task - * is held in the pending ready list until the scheduler is - * unsuspended. */ - vListInsertEnd( &( xPendingReadyList ), &( pxTCB->xEventListItem ) ); - } - - - prvYieldForTask( pxTCB, ( ( char ) 1 ) ); - - if( xYieldPendings[ VF__get_core_num() ] != ( ( char ) 0 ) ) - { - xYieldRequired = ( ( char ) 1 ); - } - - } - else - { - ; - } - } - do { vTaskExitCritical(); VF__portRESTORE_INTERRUPTS(uxSavedInterruptStatus); } while (0); - - return xYieldRequired; - } - - -/*-----------------------------------------------------------*/ - -static BaseType_t prvCreateIdleTasks( void ) -{ - BaseType_t xReturn = ( ( ( char ) 1 ) ); - BaseType_t xCoreID; - char cIdleName[ 16 ]; - - /* Add each idle task at the lowest priority. */ - for( xCoreID = ( BaseType_t ) 0; xCoreID < ( BaseType_t ) 100; xCoreID++ ) - { - BaseType_t x; - - if( xReturn == ( ( ( char ) 0 ) ) ) - { - break; - } - else - { - ; - } - - for( x = ( BaseType_t ) 0; x < ( BaseType_t ) 16; x++ ) - { - cIdleName[ x ] = "IDLE"[ x ]; - - /* Don't copy all configMAX_TASK_NAME_LEN if the string is shorter than - * configMAX_TASK_NAME_LEN characters just in case the memory after the - * string is not accessible (extremely unlikely). */ - if( cIdleName[ x ] == ( char ) 0x00 ) - { - break; - } - else - { - ; - } - } - - /* Append the idle task number to the end of the name if there is space */ - if( x < 16 ) - { - cIdleName[ x++ ] = xCoreID + '0'; - - /* And append a null character if there is space */ - if( x < 16 ) - { - cIdleName[ x ] = '\0'; - } - else - { - ; - } - } - else - { - ; - } -// # 3067 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - { - if( xCoreID == 0 ) - { - /* The Idle task is being created using dynamically allocated RAM. */ - xReturn = xTaskCreate( prvIdleTask, - cIdleName, - ( uint32_t ) 256, - ( void * ) 0, - ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */ - &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */ - } - - - else - { - xReturn = xTaskCreate( prvMinimalIdleTask, - cIdleName, - ( uint32_t ) 256, - ( void * ) 0, - ( ( UBaseType_t ) 0x00 ), /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */ - &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */ - } - - } - - } - - return xReturn; -} - -void vTaskStartScheduler( void ) -{ - BaseType_t xReturn; - - - { - xReturn = xTimerCreateTimerTask(); - } - - - xReturn = prvCreateIdleTasks(); - - if( xReturn == ( ( ( char ) 1 ) ) ) - { - /* freertos_tasks_c_additions_init() should only be called if the user - * definable macro FREERTOS_TASKS_C_ADDITIONS_INIT() is defined, as that is - * the only macro called by the function. */ - - - - - - - /* Interrupts are turned off here, to ensure a tick does not occur - * before or during the call to xPortStartScheduler(). The stacks of - * the created tasks contain a status word with interrupts switched on - * so interrupts will automatically get re-enabled when the first task - * starts to run. */ - VF__portDISABLE_INTERRUPTS(); -// # 3140 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL; - xSchedulerRunning = ( ( char ) 1 ); - xTickCount = ( TickType_t ) 0; - - /* If configGENERATE_RUN_TIME_STATS is defined then the following - * macro must be defined to configure the timer/counter used to generate - * the run time counter time base. NOTE: If configGENERATE_RUN_TIME_STATS - * is set to 0 and the following line fails to build then ensure you do not - * have portCONFIGURE_TIMER_FOR_RUN_TIME_STATS() defined in your - * FreeRTOSConfig.h file. */ - ; - - ; - - /* Setting up the timer tick is hardware specific and thus in the - * portable interface. */ - if( xPortStartScheduler() != ( ( char ) 0 ) ) - { - /* Should not reach here as if the scheduler is running the - * function will not return. */ - } - else - { - /* Should only reach here if a task calls xTaskEndScheduler(). */ - } - } - else - { - /* This line will only be reached if the kernel could not be started, - * because there was not enough FreeRTOS heap to create the idle task - * or the timer task. */ - assert(xReturn != ( -1 )); - } - - /* Prevent compiler warnings if INCLUDE_xTaskGetIdleTaskHandle is set to 0, - * meaning xIdleTaskHandle is not used anywhere else. */ - ( void ) xIdleTaskHandle; - - /* OpenOCD makes use of uxTopUsedPriority for thread debugging. Prevent uxTopUsedPriority - * from getting optimized out as it is no longer used by the kernel. */ - ( void ) uxTopUsedPriority; -} -/*-----------------------------------------------------------*/ - -void vTaskEndScheduler( void ) -{ - /* Stop the scheduler interrupts and call the portable scheduler end - * routine so the original ISRs can be restored if necessary. The port - * layer must ensure interrupts enable bit is left in the correct state. */ - VF__portDISABLE_INTERRUPTS(); - xSchedulerRunning = ( ( char ) 0 ); - vPortEndScheduler(); -} -/*----------------------------------------------------------*/ - -void vTaskSuspendAll( void ) -{ - UBaseType_t ulState; - - /* This must only be called from within a task */ - ; - - if( xSchedulerRunning != ( ( char ) 0 ) ) - { - /* writes to uxSchedulerSuspended must be protected by both the task AND ISR locks. - * We must disable interrupts before we grab the locks in the event that this task is - * interrupted and switches context before incrementing uxSchedulerSuspended. - * It is safe to re-enable interrupts after releasing the ISR lock and incrementing - * uxSchedulerSuspended since that will prevent context switches. */ - ulState = VF__portDISABLE_INTERRUPTS(); - - /* portSOFRWARE_BARRIER() is only implemented for emulated/simulated ports that - * do not otherwise exhibit real time behaviour. */ - ; - - VF__portGET_TASK_LOCK(); - VF__portGET_ISR_LOCK(); - - /* The scheduler is suspended if uxSchedulerSuspended is non-zero. An increment - * is used to allow calls to vTaskSuspendAll() to nest. */ - ++uxSchedulerSuspended; - vPortRecursiveLock(0, spin_lock_instance(14), ( ( char ) 0 )); - - if( ( uxSchedulerSuspended == 1U ) && ( xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0U ) ) - { - prvCheckForRunStateChange(); - } - - VF__portRESTORE_INTERRUPTS(ulState); - } - else - { - ; - } -} -/*----------------------------------------------------------*/ -// # 3298 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" -/*----------------------------------------------------------*/ - -BaseType_t xTaskResumeAll( void ) -{ - TCB_t * pxTCB = 0; - BaseType_t xAlreadyYielded = ( ( char ) 0 ); - - if( xSchedulerRunning != ( ( char ) 0 ) ) - { - /* It is possible that an ISR caused a task to be removed from an event - * list while the scheduler was suspended. If this was the case then the - * removed task will have been added to the xPendingReadyList. Once the - * scheduler has been resumed it is safe to move all the pending ready - * tasks from this list into their appropriate ready list. */ - vTaskEnterCritical(); - { - BaseType_t xCoreID; - - xCoreID = VF__get_core_num(); - - /* If uxSchedulerSuspended is zero then this function does not match a - * previous call to vTaskSuspendAll(). */ - assert(uxSchedulerSuspended); - - --uxSchedulerSuspended; - vPortRecursiveLock(1, spin_lock_instance(15), ( ( char ) 0 )); - - if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) ) - { - if( uxCurrentNumberOfTasks > ( UBaseType_t ) 0U ) - { - /* Move any readied tasks from the pending list into the - * appropriate ready list. */ - while( ( ( ( &xPendingReadyList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) == ( ( char ) 0 ) ) - { - pxTCB = ( ( &( ( ( &xPendingReadyList ) )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ - ( void ) uxListRemove( &( pxTCB->xEventListItem ) ); - ( void ) uxListRemove( &( pxTCB->xStateListItem ) ); - ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ; - - /* All appropriate tasks yield at the moment a task is added to xPendingReadyList. - * If the current core yielded then vTaskSwitchContext() has already been called - * which sets xYieldPendings for the current core to pdTRUE. */ - } - - if( pxTCB != 0 ) - { - /* A task was unblocked while the scheduler was suspended, - * which may have prevented the next unblock time from being - * re-calculated, in which case re-calculate it now. Mainly - * important for low power tickless implementations, where - * this can prevent an unnecessary exit from low power - * state. */ - prvResetNextTaskUnblockTime(); - } - - /* If any ticks occurred while the scheduler was suspended then - * they should be processed now. This ensures the tick count does - * not slip, and that any delayed tasks are resumed at the correct - * time. - * - * It should be safe to call xTaskIncrementTick here from any core - * since we are in a critical section and xTaskIncrementTick itself - * protects itself within a critical section. Suspending the scheduler - * from any core causes xTaskIncrementTick to increment uxPendedCounts.*/ - { - TickType_t xPendedCounts = xPendedTicks; /* Non-volatile copy. */ - - if( xPendedCounts > ( TickType_t ) 0U ) - { - do - { - if( xTaskIncrementTick() != ( ( char ) 0 ) ) - { - /* other cores are interrupted from - * within xTaskIncrementTick(). */ - xYieldPendings[ xCoreID ] = ( ( char ) 1 ); - } - else - { - ; - } - - --xPendedCounts; - } while( xPendedCounts > ( TickType_t ) 0U ); - - xPendedTicks = 0; - } - else - { - ; - } - } - - if( xYieldPendings[ xCoreID ] != ( ( char ) 0 ) ) - { - /* If xYieldPendings is true then taskEXIT_CRITICAL() - * will yield, so make sure we return true to let the - * caller know a yield has already happened. */ - xAlreadyYielded = ( ( char ) 1 ); - } - } - } - else - { - ; - } - } - vTaskExitCritical(); - } - else - { - ; - } - - return xAlreadyYielded; -} -/*-----------------------------------------------------------*/ - -TickType_t xTaskGetTickCount( void ) -{ - TickType_t xTicks; - - /* Critical section required if running on a 16 bit processor. */ - ; - { - xTicks = xTickCount; - } - ; - - return xTicks; -} -/*-----------------------------------------------------------*/ - -TickType_t xTaskGetTickCountFromISR( void ) -{ - TickType_t xReturn; - UBaseType_t uxSavedInterruptStatus; - - /* RTOS ports that support interrupt nesting have the concept of a maximum - * system call (or maximum API call) interrupt priority. Interrupts that are - * above the maximum system call priority are kept permanently enabled, even - * when the RTOS kernel is in a critical section, but cannot make any calls to - * FreeRTOS API functions. If configASSERT() is defined in FreeRTOSConfig.h - * then portASSERT_IF_INTERRUPT_PRIORITY_INVALID() will result in an assertion - * failure if a FreeRTOS API function is called from an interrupt that has been - * assigned a priority above the configured maximum system call priority. - * Only FreeRTOS functions that end in FromISR can be called from interrupts - * that have been assigned a priority at or (logically) below the maximum - * system call interrupt priority. FreeRTOS maintains a separate interrupt - * safe API to ensure interrupt entry is as fast and as simple as possible. - * More information (albeit Cortex-M specific) is provided on the following - * link: https://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html */ - ; - - uxSavedInterruptStatus = 0; - { - xReturn = xTickCount; - } - ( void ) uxSavedInterruptStatus; - - return xReturn; -} -/*-----------------------------------------------------------*/ - -UBaseType_t uxTaskGetNumberOfTasks( void ) -{ - /* A critical section is not required because the variables are of type - * BaseType_t. */ - return uxCurrentNumberOfTasks; -} -/*-----------------------------------------------------------*/ - -char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ -{ - TCB_t * pxTCB; - - /* If null is passed in here then the name of the calling task is being - * queried. */ - pxTCB = ( ( ( xTaskToQuery ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToQuery ) ); - assert(pxTCB); - return &( pxTCB->pcTaskName[ 0 ] ); -} -/*-----------------------------------------------------------*/ - - - - static TCB_t * prvSearchForNameWithinSingleList( List_t * pxList, - const char pcNameToQuery[] ) - { - - /* Reason for rewrite: - * VeriFast does not support multiple pointer declarations to - * user-defined types in single statement - * (i.e., `A p1, p2;` is ok, `A *p1, *p2;` fails) - */ - TCB_t * pxNextTCB; - TCB_t * pxFirstTCB; - TCB_t * pxReturn = 0; - - - - UBaseType_t x; - char cNextChar; - BaseType_t xBreakLoop; - - /* This function is called with the scheduler suspended. */ - - if( ( ( pxList )->uxNumberOfItems ) > ( UBaseType_t ) 0 ) - { - { List_t * pxConstList = ( pxList ); ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; if( ( void * ) ( pxConstList )->pxIndex == ( void * ) &( ( pxConstList )->xListEnd ) ) { ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; } ( pxFirstTCB ) = ( pxConstList )->pxIndex->pvOwner; }; /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ - - do - { - { List_t * pxConstList = ( pxList ); ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; if( ( void * ) ( pxConstList )->pxIndex == ( void * ) &( ( pxConstList )->xListEnd ) ) { ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; } ( pxNextTCB ) = ( pxConstList )->pxIndex->pvOwner; }; /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ - - /* Check each character in the name looking for a match or - * mismatch. */ - xBreakLoop = ( ( char ) 0 ); - - for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) 16; x++ ) - { - cNextChar = pxNextTCB->pcTaskName[ x ]; - - if( cNextChar != pcNameToQuery[ x ] ) - { - /* Characters didn't match. */ - xBreakLoop = ( ( char ) 1 ); - } - else if( cNextChar == ( char ) 0x00 ) - { - /* Both strings terminated, a match must have been - * found. */ - pxReturn = pxNextTCB; - xBreakLoop = ( ( char ) 1 ); - } - else - { - ; - } - - if( xBreakLoop != ( ( char ) 0 ) ) - { - break; - } - } - - if( pxReturn != 0 ) - { - /* The handle has been found. */ - break; - } - } while( pxNextTCB != pxFirstTCB ); - } - else - { - ; - } - - return pxReturn; - } - - -/*-----------------------------------------------------------*/ - - - - TaskHandle_t xTaskGetHandle( const char * pcNameToQuery ) /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ - { - UBaseType_t uxQueue = 32; - TCB_t * pxTCB; - - /* Task names will be truncated to configMAX_TASK_NAME_LEN - 1 bytes. */ - assert(strlen( pcNameToQuery ) < 16); - - vTaskSuspendAll(); - { - /* Search the ready lists. */ - do - { - uxQueue--; - pxTCB = prvSearchForNameWithinSingleList( ( List_t * ) &( pxReadyTasksLists[ uxQueue ] ), pcNameToQuery ); - - if( pxTCB != 0 ) - { - /* Found the handle. */ - break; - } - } while( uxQueue > ( UBaseType_t ) ( ( UBaseType_t ) 0U ) ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ - - /* Search the delayed lists. */ - if( pxTCB == 0 ) - { - pxTCB = prvSearchForNameWithinSingleList( ( List_t * ) pxDelayedTaskList, pcNameToQuery ); - } - - if( pxTCB == 0 ) - { - pxTCB = prvSearchForNameWithinSingleList( ( List_t * ) pxOverflowDelayedTaskList, pcNameToQuery ); - } - - - { - if( pxTCB == 0 ) - { - /* Search the suspended list. */ - pxTCB = prvSearchForNameWithinSingleList( &xSuspendedTaskList, pcNameToQuery ); - } - } - - - - { - if( pxTCB == 0 ) - { - /* Search the deleted list. */ - pxTCB = prvSearchForNameWithinSingleList( &xTasksWaitingTermination, pcNameToQuery ); - } - } - - } - ( void ) xTaskResumeAll(); - - return pxTCB; - } - - -/*-----------------------------------------------------------*/ - - - - UBaseType_t uxTaskGetSystemState( TaskStatus_t * pxTaskStatusArray, - const UBaseType_t uxArraySize, - uint32_t * pulTotalRunTime ) - { - UBaseType_t uxTask = 0, uxQueue = 32; - - vTaskSuspendAll(); - { - /* Is there a space in the array for each task in the system? */ - if( uxArraySize >= uxCurrentNumberOfTasks ) - { - /* Fill in an TaskStatus_t structure with information on each - * task in the Ready state. */ - do - { - uxQueue--; - uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &( pxReadyTasksLists[ uxQueue ] ), eReady ); - } while( uxQueue > ( UBaseType_t ) ( ( UBaseType_t ) 0U ) ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ - - /* Fill in an TaskStatus_t structure with information on each - * task in the Blocked state. */ - uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), ( List_t * ) pxDelayedTaskList, eBlocked ); - uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), ( List_t * ) pxOverflowDelayedTaskList, eBlocked ); - - - { - /* Fill in an TaskStatus_t structure with information on - * each task that has been deleted but not yet cleaned up. */ - uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xTasksWaitingTermination, eDeleted ); - } - - - - { - /* Fill in an TaskStatus_t structure with information on - * each task in the Suspended state. */ - uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended ); - } -// # 3681 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - { - if( pulTotalRunTime != 0 ) - { - *pulTotalRunTime = 0; - } - } - - } - else - { - ; - } - } - ( void ) xTaskResumeAll(); - - return uxTask; - } - - -/*----------------------------------------------------------*/ - - - - TaskHandle_t * xTaskGetIdleTaskHandle( void ) - { - /* If xTaskGetIdleTaskHandle() is called before the scheduler has been - * started, then xIdleTaskHandle will be NULL. */ - assert(( xIdleTaskHandle != 0 )); - return &( xIdleTaskHandle[ 0 ] ); - } - - -/*----------------------------------------------------------*/ - -/* This conditional compilation should use inequality to 0, not equality to 1. - * This is to ensure vTaskStepTick() is available when user defined low power mode - * implementations require configUSE_TICKLESS_IDLE to be set to a value other than - * 1. */ -// # 3732 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" -/*----------------------------------------------------------*/ - -BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp ) -{ - BaseType_t xYieldOccurred; - - /* Must not be called with the scheduler suspended as the implementation - * relies on xPendedTicks being wound down to 0 in xTaskResumeAll(). */ - assert(uxSchedulerSuspended == 0); - - /* Use xPendedTicks to mimic xTicksToCatchUp number of ticks occurring when - * the scheduler is suspended so the ticks are executed in xTaskResumeAll(). */ - vTaskSuspendAll(); - xPendedTicks += xTicksToCatchUp; - xYieldOccurred = xTaskResumeAll(); - - return xYieldOccurred; -} -/*----------------------------------------------------------*/ - - - - BaseType_t xTaskAbortDelay( TaskHandle_t xTask ) - { - TCB_t * pxTCB = xTask; - BaseType_t xReturn; - - assert(pxTCB); - - vTaskSuspendAll(); - { - /* A task can only be prematurely removed from the Blocked state if - * it is actually in the Blocked state. */ - if( eTaskGetState( xTask ) == eBlocked ) - { - xReturn = ( ( ( char ) 1 ) ); - - /* Remove the reference to the task from the blocked list. An - * interrupt won't touch the xStateListItem because the - * scheduler is suspended. */ - ( void ) uxListRemove( &( pxTCB->xStateListItem ) ); - - /* Is the task waiting on an event also? If so remove it from - * the event list too. Interrupts can touch the event list item, - * even though the scheduler is suspended, so a critical section - * is used. */ - vTaskEnterCritical(); - { - if( ( ( &( pxTCB->xEventListItem ) )->pxContainer ) != 0 ) - { - ( void ) uxListRemove( &( pxTCB->xEventListItem ) ); - - /* This lets the task know it was forcibly removed from the - * blocked state so it should not re-evaluate its block time and - * then block again. */ - pxTCB->ucDelayAborted = ( ( char ) 1 ); - } - else - { - ; - } - } - vTaskExitCritical(); - - /* Place the unblocked task into the appropriate ready list. */ - ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ; - - /* A task being unblocked cannot cause an immediate context - * switch if preemption is turned off. */ - - { - vTaskEnterCritical(); - { - prvYieldForTask( pxTCB, ( ( char ) 0 ) ); - } - vTaskExitCritical(); - } - - } - else - { - xReturn = ( ( ( char ) 0 ) ); - } - } - ( void ) xTaskResumeAll(); - - return xReturn; - } - - -/*----------------------------------------------------------*/ - -BaseType_t xTaskIncrementTick( void ) -{ - TCB_t * pxTCB; - TickType_t xItemValue; - BaseType_t xSwitchRequired = ( ( char ) 0 ); - - - UBaseType_t x; - BaseType_t xCoreYieldList[ 100 ] = { ( ( char ) 0 ) }; - - - vTaskEnterCritical(); - { - /* Called by the portable layer each time a tick interrupt occurs. - * Increments the tick then checks to see if the new tick value will cause any - * tasks to be unblocked. */ - ; - - /* Tick increment should occur on every kernel timer event. Core 0 has the - * responsibility to increment the tick, or increment the pended ticks if the - * scheduler is suspended. If pended ticks is greater than zero, the core that - * calls xTaskResumeAll has the responsibility to increment the tick. */ - if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) ) - { - /* Minor optimisation. The tick count cannot change in this - * block. */ - const TickType_t xConstTickCount = xTickCount + ( TickType_t ) 1; - - /* Increment the RTOS tick, switching the delayed and overflowed - * delayed lists if it wraps to 0. */ - xTickCount = xConstTickCount; - - if( xConstTickCount == ( TickType_t ) 0U ) /*lint !e774 'if' does not always evaluate to false as it is looking for an overflow. */ - { - { List_t * pxTemp; assert(( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) )); pxTemp = pxDelayedTaskList; pxDelayedTaskList = pxOverflowDelayedTaskList; pxOverflowDelayedTaskList = pxTemp; xNumOfOverflows++; prvResetNextTaskUnblockTime(); }; - } - else - { - ; - } - - /* See if this tick has made a timeout expire. Tasks are stored in - * the queue in the order of their wake time - meaning once one task - * has been found whose block time has not expired there is no need to - * look any further down the list. */ - if( xConstTickCount >= xNextTaskUnblockTime ) - { - for( ; ; ) - { - if( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) != ( ( char ) 0 ) ) - { - /* The delayed list is empty. Set xNextTaskUnblockTime - * to the maximum possible value so it is extremely - * unlikely that the - * if( xTickCount >= xNextTaskUnblockTime ) test will pass - * next time through. */ - xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL; /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ - break; - } - else - { - /* The delayed list is not empty, get the value of the - * item at the head of the delayed list. This is the time - * at which the task at the head of the delayed list must - * be removed from the Blocked state. */ - pxTCB = ( ( &( ( pxDelayedTaskList )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ - xItemValue = ( ( &( pxTCB->xStateListItem ) )->xItemValue ); - - if( xConstTickCount < xItemValue ) - { - /* It is not time to unblock this item yet, but the - * item value is the time at which the task at the head - * of the blocked list must be removed from the Blocked - * state - so record the item value in - * xNextTaskUnblockTime. */ - xNextTaskUnblockTime = xItemValue; - break; /*lint !e9011 Code structure here is deemed easier to understand with multiple breaks. */ - } - else - { - ; - } - - /* It is time to remove the item from the Blocked state. */ - ( void ) uxListRemove( &( pxTCB->xStateListItem ) ); - - /* Is the task waiting on an event also? If so remove - * it from the event list. */ - if( ( ( &( pxTCB->xEventListItem ) )->pxContainer ) != 0 ) - { - ( void ) uxListRemove( &( pxTCB->xEventListItem ) ); - } - else - { - ; - } - - /* Place the unblocked task into the appropriate ready - * list. */ - ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ; - - /* A task being unblocked cannot cause an immediate - * context switch if preemption is turned off. */ - - { - prvYieldForTask( pxTCB, ( ( char ) 1 ) ); - } - - } - } - } - - /* Tasks of equal priority to the currently running task will share - * processing time (time slice) if preemption is on, and the application - * writer has not explicitly turned time slicing off. */ - - { - /* TODO: If there are fewer "non-IDLE" READY tasks than cores, do not - * force a context switch that would just shuffle tasks around cores */ - /* TODO: There are certainly better ways of doing this that would reduce - * the number of interrupts and also potentially help prevent tasks from - * moving between cores as often. This, however, works for now. */ - for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) 100; x++ ) - { - if( ( ( &( pxReadyTasksLists[ pxCurrentTCBs[ x ]->uxPriority ] ) )->uxNumberOfItems ) > ( UBaseType_t ) 1 ) - { - xCoreYieldList[ x ] = ( ( char ) 1 ); - } - else - { - ; - } - } - } - - - - { - /* Guard against the tick hook being called when the pended tick - * count is being unwound (when the scheduler is being unlocked). */ - if( xPendedTicks == ( TickType_t ) 0 ) - { - vApplicationTickHook(); - } - else - { - ; - } - } - - - - { - for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) 100; x++ ) - { - if( xYieldPendings[ x ] != ( ( char ) 0 ) ) - { - xCoreYieldList[ x ] = ( ( char ) 1 ); - } - else - { - ; - } - } - } - - - - { - BaseType_t xCoreID; - - xCoreID = VF__get_core_num(); - - for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) 100; x++ ) - { - - - - { - if( xCoreYieldList[ x ] != ( ( char ) 0 ) ) - { - if( x == xCoreID ) - { - xSwitchRequired = ( ( char ) 1 ); - } - else - { - prvYieldCore( x ); - } - } - else - { - ; - } - } - } - } - - } - else - { - ++xPendedTicks; - - /* The tick hook gets called at regular intervals, even if the - * scheduler is locked. */ - - { - vApplicationTickHook(); - } - - } - } - vTaskExitCritical(); - - return xSwitchRequired; -} -/*-----------------------------------------------------------*/ -// # 4070 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" -/*-----------------------------------------------------------*/ -// # 4094 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" -/*-----------------------------------------------------------*/ -// # 4119 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" -/*-----------------------------------------------------------*/ -// # 4152 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" -/*-----------------------------------------------------------*/ - -void vTaskSwitchContext( BaseType_t xCoreID ) -/*@ requires 0 <= xCoreID &*& xCoreID < configNUM_CORES &*& - locked(nil) &*& - [?f_ISR]isrLock() &*& - [?f_task]taskLock() &*& - interruptState_p(xCoreID, ?state) &*& - xCoreID == coreID_f(); -@*/ -//@ ensures true; -{ - /* Acquire both locks: - * - The ISR lock protects the ready list from simultaneous access by - * both other ISRs and tasks. - * - We also take the task lock to pause here in case another core has - * suspended the scheduler. We don't want to simply set xYieldPending - * and move on if another core suspended the scheduler. We should only - * do that if the current core has suspended the scheduler. */ - - VF__portGET_TASK_LOCK(); /* Must always acquire the task lock first */ - VF__portGET_ISR_LOCK(); - //@ get_taskISRLockInv(); - { - /* vTaskSwitchContext() must never be called from within a critical section. - * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */ - - /* Reason for rewrite: VeriFast cannot handle non-pure assertions. */ - { - // PROBLEM: - // Line - // UBaseType_t nesting = pxCurrentTCB->uxCriticalNesting; - // leads to VF error - // "This potentially side-effecting expression is not supported in this position, because of C's unspecified evaluation order" - // - // TODO: Inspect reason. - TaskHandle_t handle = xTaskGetCurrentTaskHandle(); - UBaseType_t nesting = handle->uxCriticalNesting; - assert(nesting == 0); - } - - - - - if( uxSchedulerSuspended != ( UBaseType_t ) ( ( char ) 0 ) ) - { - /* The scheduler is currently suspended - do not allow a context - * switch. */ - xYieldPendings[ xCoreID ] = ( ( char ) 1 ); - } - else - { - xYieldPendings[ xCoreID ] = ( ( char ) 0 ); - ; -// # 4235 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - /* Check for stack overflow, if configured. */ - { const uint32_t * pulStack = ( uint32_t * ) xTaskGetCurrentTaskHandle()->pxStack; const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; if( ( pulStack[ 0 ] != ulCheckValue ) || ( pulStack[ 1 ] != ulCheckValue ) || ( pulStack[ 2 ] != ulCheckValue ) || ( pulStack[ 3 ] != ulCheckValue ) ) { vApplicationStackOverflowHook( ( TaskHandle_t ) xTaskGetCurrentTaskHandle(), xTaskGetCurrentTaskHandle()->pcTaskName ); } }; - - /* Before the currently running task is switched out, save its errno. */ - - - - - - - /* Select a new task to run using either the generic C or port - * optimised asm code. */ - ( void ) prvSelectHighestPriorityTask( xCoreID ); - ; - - /* After the new task is switched in, update the global errno. */ -// # 4269 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - } - } - vPortRecursiveLock(0, spin_lock_instance(14), ( ( char ) 0 )); - vPortRecursiveLock(1, spin_lock_instance(15), ( ( char ) 0 )); -} -/*-----------------------------------------------------------*/ - -void vTaskPlaceOnEventList( List_t * pxEventList, - const TickType_t xTicksToWait ) -{ - assert(pxEventList); - - /* THIS FUNCTION MUST BE CALLED WITH EITHER INTERRUPTS DISABLED OR THE - * SCHEDULER SUSPENDED AND THE QUEUE BEING ACCESSED LOCKED. */ - - /* Place the event list item of the TCB in the appropriate event list. - * This is placed in the list in priority order so the highest priority task - * is the first to be woken by the event. The queue that contains the event - * list is locked, preventing simultaneous access from interrupts. */ - vListInsert( pxEventList, &( xTaskGetCurrentTaskHandle()->xEventListItem ) ); - - prvAddCurrentTaskToDelayedList( xTicksToWait, ( ( char ) 1 ) ); -} -/*-----------------------------------------------------------*/ - -void vTaskPlaceOnUnorderedEventList( List_t * pxEventList, - const TickType_t xItemValue, - const TickType_t xTicksToWait ) -{ - assert(pxEventList); - - /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED. It is used by - * the event groups implementation. */ - assert(uxSchedulerSuspended != 0); - - /* Store the item value in the event list item. It is safe to access the - * event list item here as interrupts won't access the event list item of a - * task that is not in the Blocked state. */ - ( ( &( xTaskGetCurrentTaskHandle()->xEventListItem ) )->xItemValue = ( xItemValue | 0x80000000UL ) ); - - /* Place the event list item of the TCB at the end of the appropriate event - * list. It is safe to access the event list here because it is part of an - * event group implementation - and interrupts don't access event groups - * directly (instead they access them indirectly by pending function calls to - * the task level). */ - vListInsertEnd( pxEventList, &( xTaskGetCurrentTaskHandle()->xEventListItem ) ); - - prvAddCurrentTaskToDelayedList( xTicksToWait, ( ( char ) 1 ) ); -} -/*-----------------------------------------------------------*/ - - - - void vTaskPlaceOnEventListRestricted( List_t * pxEventList, - TickType_t xTicksToWait, - const BaseType_t xWaitIndefinitely ) - { - assert(pxEventList); - - /* This function should not be called by application code hence the - * 'Restricted' in its name. It is not part of the public API. It is - * designed for use by kernel code, and has special calling requirements - - * it should be called with the scheduler suspended. */ - - - /* Place the event list item of the TCB in the appropriate event list. - * In this case it is assume that this is the only task that is going to - * be waiting on this event list, so the faster vListInsertEnd() function - * can be used in place of vListInsert. */ - vListInsertEnd( pxEventList, &( xTaskGetCurrentTaskHandle()->xEventListItem ) ); - - /* If the task should block indefinitely then set the block time to a - * value that will be recognised as an indefinite delay inside the - * prvAddCurrentTaskToDelayedList() function. */ - if( xWaitIndefinitely != ( ( char ) 0 ) ) - { - xTicksToWait = ( TickType_t ) 0xffffffffUL; - } - - ; - prvAddCurrentTaskToDelayedList( xTicksToWait, xWaitIndefinitely ); - } - - -/*-----------------------------------------------------------*/ - -BaseType_t xTaskRemoveFromEventList( const List_t * pxEventList ) -{ - TCB_t * pxUnblockedTCB; - BaseType_t xReturn; - - /* THIS FUNCTION MUST BE CALLED FROM A CRITICAL SECTION. It can also be - * called from a critical section within an ISR. */ - - /* The event list is sorted in priority order, so the first in the list can - * be removed as it is known to be the highest priority. Remove the TCB from - * the delayed list, and add it to the ready list. - * - * If an event is for a queue that is locked then this function will never - * get called - the lock count on the queue will get modified instead. This - * means exclusive access to the event list is guaranteed here. - * - * This function assumes that a check has already been made to ensure that - * pxEventList is not empty. */ - pxUnblockedTCB = ( ( &( ( pxEventList )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ - assert(pxUnblockedTCB); - ( void ) uxListRemove( &( pxUnblockedTCB->xEventListItem ) ); - - if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) ) - { - ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) ); - ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ; -// # 4395 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - } - else - { - /* The delayed and ready lists cannot be accessed, so hold this task - * pending until the scheduler is resumed. */ - vListInsertEnd( &( xPendingReadyList ), &( pxUnblockedTCB->xEventListItem ) ); - } - - xReturn = ( ( char ) 0 ); - - prvYieldForTask( pxUnblockedTCB, ( ( char ) 0 ) ); - - if( xYieldPendings[ VF__get_core_num() ] != ( ( char ) 0 ) ) - { - xReturn = ( ( char ) 1 ); - } - - - return xReturn; -} -/*-----------------------------------------------------------*/ - -void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem, - const TickType_t xItemValue ) -{ - TCB_t * pxUnblockedTCB; - - /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED. It is used by - * the event flags implementation. */ - assert(uxSchedulerSuspended != ( ( char ) 0 )); - - /* Store the new item value in the event list. */ - ( ( pxEventListItem )->xItemValue = ( xItemValue | 0x80000000UL ) ); - - /* Remove the event list form the event flag. Interrupts do not access - * event flags. */ - pxUnblockedTCB = ( ( pxEventListItem )->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ - assert(pxUnblockedTCB); - ( void ) uxListRemove( pxEventListItem ); -// # 4449 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - /* Remove the task from the delayed list and add it to the ready list. The - * scheduler is suspended so interrupts will not be accessing the ready - * lists. */ - ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) ); - ; { if( ( ( pxUnblockedTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxUnblockedTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxUnblockedTCB )->uxPriority ] ), &( ( pxUnblockedTCB )->xStateListItem ) ); ; - - - vTaskEnterCritical(); - { - prvYieldForTask( pxUnblockedTCB, ( ( char ) 0 ) ); - } - vTaskExitCritical(); - -} -/*-----------------------------------------------------------*/ - -void vTaskSetTimeOutState( TimeOut_t * pxTimeOut ) -{ - assert(pxTimeOut); - vTaskEnterCritical(); - { - pxTimeOut->xOverflowCount = xNumOfOverflows; - pxTimeOut->xTimeOnEntering = xTickCount; - } - vTaskExitCritical(); -} -/*-----------------------------------------------------------*/ - -void vTaskInternalSetTimeOutState( TimeOut_t * pxTimeOut ) -{ - /* For internal use only as it does not use a critical section. */ - pxTimeOut->xOverflowCount = xNumOfOverflows; - pxTimeOut->xTimeOnEntering = xTickCount; -} -/*-----------------------------------------------------------*/ - -BaseType_t xTaskCheckForTimeOut( TimeOut_t * pxTimeOut, - TickType_t * pxTicksToWait ) -{ - BaseType_t xReturn; - - assert(pxTimeOut); - assert(pxTicksToWait); - - vTaskEnterCritical(); - { - /* Minor optimisation. The tick count cannot change in this block. */ - const TickType_t xConstTickCount = xTickCount; - const TickType_t xElapsedTime = xConstTickCount - pxTimeOut->xTimeOnEntering; - - - if( xTaskGetCurrentTaskHandle()->ucDelayAborted != ( uint8_t ) ( ( char ) 0 ) ) - { - /* The delay was aborted, which is not the same as a time out, - * but has the same result. */ - xTaskGetCurrentTaskHandle()->ucDelayAborted = ( ( char ) 0 ); - xReturn = ( ( char ) 1 ); - } - else - - - - if( *pxTicksToWait == ( TickType_t ) 0xffffffffUL ) - { - /* If INCLUDE_vTaskSuspend is set to 1 and the block time - * specified is the maximum block time then the task should block - * indefinitely, and therefore never time out. */ - xReturn = ( ( char ) 0 ); - } - else - - - if( ( xNumOfOverflows != pxTimeOut->xOverflowCount ) && ( xConstTickCount >= pxTimeOut->xTimeOnEntering ) ) /*lint !e525 Indentation preferred as is to make code within pre-processor directives clearer. */ - { - /* The tick count is greater than the time at which - * vTaskSetTimeout() was called, but has also overflowed since - * vTaskSetTimeOut() was called. It must have wrapped all the way - * around and gone past again. This passed since vTaskSetTimeout() - * was called. */ - xReturn = ( ( char ) 1 ); - *pxTicksToWait = ( TickType_t ) 0; - } - else if( xElapsedTime < *pxTicksToWait ) /*lint !e961 Explicit casting is only redundant with some compilers, whereas others require it to prevent integer conversion errors. */ - { - /* Not a genuine timeout. Adjust parameters for time remaining. */ - *pxTicksToWait -= xElapsedTime; - vTaskInternalSetTimeOutState( pxTimeOut ); - xReturn = ( ( char ) 0 ); - } - else - { - *pxTicksToWait = ( TickType_t ) 0; - xReturn = ( ( char ) 1 ); - } - } - vTaskExitCritical(); - - return xReturn; -} -/*-----------------------------------------------------------*/ - -void vTaskMissedYield( void ) -{ - /* Must be called from within a critical section */ - xYieldPendings[ VF__get_core_num() ] = ( ( char ) 1 ); -} -/*-----------------------------------------------------------*/ - - - - UBaseType_t uxTaskGetTaskNumber( TaskHandle_t xTask ) - { - UBaseType_t uxReturn; - - /* Reason for rewrite: - * VeriFast does not support const pointers. - */ - TCB_t * pxTCB; - - - - - if( xTask != 0 ) - { - pxTCB = xTask; - uxReturn = pxTCB->uxTaskNumber; - } - else - { - uxReturn = 0U; - } - - return uxReturn; - } - - -/*-----------------------------------------------------------*/ - - - - void vTaskSetTaskNumber( TaskHandle_t xTask, - const UBaseType_t uxHandle ) - { - TCB_t * pxTCB; - - if( xTask != 0 ) - { - pxTCB = xTask; - pxTCB->uxTaskNumber = uxHandle; - } - } - - - -/* - * ----------------------------------------------------------- - * The MinimalIdle task. - * ---------------------------------------------------------- - * - * The minimal idle task is used for all the additional Cores in a SMP system. - * There must be only 1 idle task and the rest are minimal idle tasks. - * - * @todo additional conditional compiles to remove this function. - */ - - - static void prvMinimalIdleTask( void * pvParameters ) - { - vPortYield(); - - for( ; ; ) - { -// # 4632 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - { - /* When using preemption tasks of equal priority will be - * timesliced. If a task that is sharing the idle priority is ready - * to run then the idle task should yield before the end of the - * timeslice. - * - * A critical region is not required here as we are just reading from - * the list, and an occasional incorrect value will not matter. If - * the ready list at the idle priority contains one more task than the - * number of idle tasks, which is equal to the configured numbers of cores - * then a task other than the idle task is ready to execute. */ - if( ( ( &( pxReadyTasksLists[ ( ( UBaseType_t ) 0U ) ] ) )->uxNumberOfItems ) > ( UBaseType_t ) 100 ) - { - vPortYield(); - } - else - { - ; - } - } -// # 4669 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - } - } - - -/* - * ----------------------------------------------------------- - * The Idle task. - * ---------------------------------------------------------- - * - * - */ -static void prvIdleTask( void * pvParameters ) -{ - /* Stop warnings. */ - ( void ) pvParameters; - - /** THIS IS THE RTOS IDLE TASK - WHICH IS CREATED AUTOMATICALLY WHEN THE - * SCHEDULER IS STARTED. **/ - - /* In case a task that has a secure context deletes itself, in which case - * the idle task is responsible for deleting the task's secure context, if - * any. */ - ; - - /* All cores start up in the idle task. This initial yield gets the application - * tasks started. */ - vPortYield(); - - for( ; ; ) - { - /* See if any tasks have deleted themselves - if so then the idle task - * is responsible for freeing the deleted task's TCB and stack. */ - prvCheckTasksWaitingTermination(); -// # 4714 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - { - /* When using preemption tasks of equal priority will be - * timesliced. If a task that is sharing the idle priority is ready - * to run then the idle task should yield before the end of the - * timeslice. - * - * A critical region is not required here as we are just reading from - * the list, and an occasional incorrect value will not matter. If - * the ready list at the idle priority contains one more task than the - * number of idle tasks, which is equal to the configured numbers of cores - * then a task other than the idle task is ready to execute. */ - if( ( ( &( pxReadyTasksLists[ ( ( UBaseType_t ) 0U ) ] ) )->uxNumberOfItems ) > ( UBaseType_t ) 100 ) - { - vPortYield(); - } - else - { - ; - } - } -// # 4750 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - /* This conditional compilation should use inequality to 0, not equality - * to 1. This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when - * user defined low power mode implementations require - * configUSE_TICKLESS_IDLE to be set to a value other than 1. */ -// # 4815 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - } -} -/*-----------------------------------------------------------*/ -// # 4865 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" -/*-----------------------------------------------------------*/ - - - - void vTaskSetThreadLocalStoragePointer( TaskHandle_t xTaskToSet, - BaseType_t xIndex, - void * pvValue ) - { - TCB_t * pxTCB; - - if( xIndex < 5 ) - { - pxTCB = ( ( ( xTaskToSet ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToSet ) ); - assert(pxTCB != 0); - pxTCB->pvThreadLocalStoragePointers[ xIndex ] = pvValue; - } - } - - -/*-----------------------------------------------------------*/ - - - - void * pvTaskGetThreadLocalStoragePointer( TaskHandle_t xTaskToQuery, - BaseType_t xIndex ) - { - void * pvReturn = 0; - TCB_t * pxTCB; - - if( xIndex < 5 ) - { - pxTCB = ( ( ( xTaskToQuery ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTaskToQuery ) ); - pvReturn = pxTCB->pvThreadLocalStoragePointers[ xIndex ]; - } - else - { - pvReturn = 0; - } - - return pvReturn; - } - - -/*-----------------------------------------------------------*/ -// # 4925 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" -/*-----------------------------------------------------------*/ - -static void prvInitialiseTaskLists( void ) -{ - UBaseType_t uxPriority; - - for( uxPriority = ( UBaseType_t ) 0U; uxPriority < ( UBaseType_t ) 32; uxPriority++ ) - { - vListInitialise( &( pxReadyTasksLists[ uxPriority ] ) ); - } - - vListInitialise( &xDelayedTaskList1 ); - vListInitialise( &xDelayedTaskList2 ); - vListInitialise( &xPendingReadyList ); - - - { - vListInitialise( &xTasksWaitingTermination ); - } - - - - { - vListInitialise( &xSuspendedTaskList ); - } - - - /* Start with pxDelayedTaskList using list1 and the pxOverflowDelayedTaskList - * using list2. */ - pxDelayedTaskList = &xDelayedTaskList1; - pxOverflowDelayedTaskList = &xDelayedTaskList2; -} -/*-----------------------------------------------------------*/ - -static void prvCheckTasksWaitingTermination( void ) -{ - /** THIS FUNCTION IS CALLED FROM THE RTOS IDLE TASK **/ - - - { - TCB_t * pxTCB; - - /* uxDeletedTasksWaitingCleanUp is used to prevent taskENTER_CRITICAL() - * being called too often in the idle task. */ - while( uxDeletedTasksWaitingCleanUp > ( UBaseType_t ) 0U ) - { - vTaskEnterCritical(); - { - /* Since we are SMP, multiple idles can be running simultaneously - * and we need to check that other idles did not cleanup while we were - * waiting to enter the critical section */ - if( uxDeletedTasksWaitingCleanUp > ( UBaseType_t ) 0U ) - { - pxTCB = ( ( &( ( ( &xTasksWaitingTermination ) )->xListEnd ) )->pxNext->pvOwner ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ - - if( pxTCB->xTaskRunState == ( TaskRunning_t ) ( -1 ) ) - { - ( void ) uxListRemove( &( pxTCB->xStateListItem ) ); - --uxCurrentNumberOfTasks; - --uxDeletedTasksWaitingCleanUp; - prvDeleteTCB( pxTCB ); - } - else - { - /* The TCB to be deleted still has not yet been switched out - * by the scheduler, so we will just exit this loop early and - * try again next time. */ - vTaskExitCritical(); - break; - } - } - } - vTaskExitCritical(); - } - } - -} -/*-----------------------------------------------------------*/ - - - - void vTaskGetInfo( TaskHandle_t xTask, - TaskStatus_t * pxTaskStatus, - BaseType_t xGetFreeStackSpace, - eTaskState eState ) - { - TCB_t * pxTCB; - - /* xTask is NULL then get the state of the calling task. */ - pxTCB = ( ( ( xTask ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTask ) ); - - pxTaskStatus->xHandle = ( TaskHandle_t ) pxTCB; - pxTaskStatus->pcTaskName = ( const char * ) &( pxTCB->pcTaskName[ 0 ] ); - pxTaskStatus->uxCurrentPriority = pxTCB->uxPriority; - pxTaskStatus->pxStackBase = pxTCB->pxStack; - pxTaskStatus->xTaskNumber = pxTCB->uxTCBNumber; - - - { - pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority; - } -// # 5037 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - { - pxTaskStatus->ulRunTimeCounter = 0; - } - - - /* Obtaining the task state is a little fiddly, so is only done if the - * value of eState passed into this function is eInvalid - otherwise the - * state is just set to whatever is passed in. */ - if( eState != eInvalid ) - { - if( ( ( 0 <= pxTCB->xTaskRunState ) && ( pxTCB->xTaskRunState < 100 ) ) ) - { - pxTaskStatus->eCurrentState = eRunning; - } - else - { - pxTaskStatus->eCurrentState = eState; - - - { - /* If the task is in the suspended list then there is a - * chance it is actually just blocked indefinitely - so really - * it should be reported as being in the Blocked state. */ - if( eState == eSuspended ) - { - vTaskSuspendAll(); - { - if( ( ( &( pxTCB->xEventListItem ) )->pxContainer ) != 0 ) - { - pxTaskStatus->eCurrentState = eBlocked; - } - } - ( void ) xTaskResumeAll(); - } - } - - } - } - else - { - pxTaskStatus->eCurrentState = eTaskGetState( pxTCB ); - } - - /* Obtaining the stack space takes some time, so the xGetFreeStackSpace - * parameter is provided to allow it to be skipped. */ - if( xGetFreeStackSpace != ( ( char ) 0 ) ) - { - - - - - - { - pxTaskStatus->usStackHighWaterMark = prvTaskCheckFreeStackSpace( ( uint8_t * ) pxTCB->pxStack ); - } - - } - else - { - pxTaskStatus->usStackHighWaterMark = 0; - } - } - - -/*-----------------------------------------------------------*/ - - - - static UBaseType_t prvListTasksWithinSingleList( TaskStatus_t * pxTaskStatusArray, - List_t * pxList, - eTaskState eState ) - { - - /* Reason for rewrite: - * VeriFast does not support multiple pointer declarations to - * user-defined types in single statement - * (i.e., `A p1, p2;` is ok, `A *p1, *p2;` fails) - */ - TCB_t * pxNextTCB; - TCB_t * pxFirstTCB; - - - - UBaseType_t uxTask = 0; - - if( ( ( pxList )->uxNumberOfItems ) > ( UBaseType_t ) 0 ) - { - { List_t * pxConstList = ( pxList ); ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; if( ( void * ) ( pxConstList )->pxIndex == ( void * ) &( ( pxConstList )->xListEnd ) ) { ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; } ( pxFirstTCB ) = ( pxConstList )->pxIndex->pvOwner; }; /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ - - /* Populate an TaskStatus_t structure within the - * pxTaskStatusArray array for each task that is referenced from - * pxList. See the definition of TaskStatus_t in task.h for the - * meaning of each TaskStatus_t structure member. */ - do - { - { List_t * pxConstList = ( pxList ); ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; if( ( void * ) ( pxConstList )->pxIndex == ( void * ) &( ( pxConstList )->xListEnd ) ) { ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; } ( pxNextTCB ) = ( pxConstList )->pxIndex->pvOwner; }; /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ - vTaskGetInfo( ( TaskHandle_t ) pxNextTCB, &( pxTaskStatusArray[ uxTask ] ), ( ( char ) 1 ), eState ); - uxTask++; - } while( pxNextTCB != pxFirstTCB ); - } - else - { - ; - } - - return uxTask; - } - - -/*-----------------------------------------------------------*/ - - - - static uint32_t prvTaskCheckFreeStackSpace( const uint8_t * pucStackByte ) - { - uint32_t ulCount = 0U; - - while( *pucStackByte == ( uint8_t ) ( 0xa5U ) ) - { - pucStackByte -= ( -1 ); - ulCount++; - } - - ulCount /= ( uint32_t ) sizeof( StackType_t ); /*lint !e961 Casting is not redundant on smaller architectures. */ - - return ( uint32_t ) ulCount; - } - - -/*-----------------------------------------------------------*/ -// # 5206 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" -/*-----------------------------------------------------------*/ - - - - UBaseType_t uxTaskGetStackHighWaterMark( TaskHandle_t xTask ) - { - TCB_t * pxTCB; - uint8_t * pucEndOfStack; - UBaseType_t uxReturn; - - pxTCB = ( ( ( xTask ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTask ) ); - - - { - pucEndOfStack = ( uint8_t * ) pxTCB->pxStack; - } - - - - - - - uxReturn = ( UBaseType_t ) prvTaskCheckFreeStackSpace( pucEndOfStack ); - - return uxReturn; - } - - -/*-----------------------------------------------------------*/ - - - - static void prvDeleteTCB( TCB_t * pxTCB ) - { - /* This call is required specifically for the TriCore port. It must be - * above the vPortFree() calls. The call is also used by ports/demos that - * want to allocate and clean RAM statically. */ - ( void ) pxTCB; - - /* Free up the memory allocated by the scheduler for the task. It is up - * to the task to free any memory allocated at the application level. - * See the third party link http://www.nadler.com/embedded/newlibAndFreeRTOS.html - * for additional information. */ - - - - - - - - { - /* The task can only have been allocated dynamically - free both - * the stack and TCB. */ - free( (void*) pxTCB->pxStack); - free( (void*) pxTCB); - } -// # 5289 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - } - - -/*-----------------------------------------------------------*/ - -static void prvResetNextTaskUnblockTime( void ) -{ - if( ( ( ( pxDelayedTaskList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? ( ( char ) 1 ) : ( ( char ) 0 ) ) != ( ( char ) 0 ) ) - { - /* The new current delayed list is empty. Set xNextTaskUnblockTime to - * the maximum possible value so it is extremely unlikely that the - * if( xTickCount >= xNextTaskUnblockTime ) test will pass until - * there is an item in the delayed list. */ - xNextTaskUnblockTime = ( TickType_t ) 0xffffffffUL; - } - else - { - /* The new current delayed list is not empty, get the value of - * the item at the head of the delayed list. This is the time at - * which the task at the head of the delayed list should be removed - * from the Blocked state. */ - xNextTaskUnblockTime = ( ( ( pxDelayedTaskList )->xListEnd ).pxNext->xItemValue ); - } -} -/*-----------------------------------------------------------*/ - - - - TaskHandle_t xTaskGetCurrentTaskHandle( void ) - //@ requires interruptState_p(?coreID, ?irpState); - //@ ensures interruptState_p(coreID, irpState); - { - TaskHandle_t xReturn; - uint32_t ulState; - - ulState = VF__portDISABLE_INTERRUPTS(); - //@ open coreLocalGlobalVars_p(); - xReturn = pxCurrentTCBs[ VF__get_core_num() ]; - //@ close coreLocalGlobalVars_p(); - VF__portRESTORE_INTERRUPTS(ulState); - - return xReturn; - } - - TaskHandle_t xTaskGetCurrentTaskHandleCPU( UBaseType_t xCoreID ) - { - TaskHandle_t xReturn = 0; - - if( ( ( BaseType_t ) ( ( 0 <= xCoreID ) && ( xCoreID < 100 ) ) ) != ( ( char ) 0 ) ) - { - xReturn = pxCurrentTCBs[ xCoreID ]; - } - - return xReturn; - } - - -/*-----------------------------------------------------------*/ - - - - BaseType_t xTaskGetSchedulerState( void ) - { - BaseType_t xReturn; - - if( xSchedulerRunning == ( ( char ) 0 ) ) - { - xReturn = ( ( BaseType_t ) 1 ); - } - else - { - vTaskEnterCritical(); - { - if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) ) - { - xReturn = ( ( BaseType_t ) 2 ); - } - else - { - xReturn = ( ( BaseType_t ) 0 ); - } - } - vTaskExitCritical(); - } - - return xReturn; - } - - -/*-----------------------------------------------------------*/ - - - - BaseType_t xTaskPriorityInherit( TaskHandle_t const pxMutexHolder ) - { - - /* Reason for rewrite: - * VeriFast does not support const pointers. - */ - TCB_t * pxMutexHolderTCB = pxMutexHolder; - - - - BaseType_t xReturn = ( ( char ) 0 ); - - /* If the mutex was given back by an interrupt while the queue was - * locked then the mutex holder might now be NULL. _RB_ Is this still - * needed as interrupts can no longer use mutexes? */ - if( pxMutexHolder != 0 ) - { - /* If the holder of the mutex has a priority below the priority of - * the task attempting to obtain the mutex then it will temporarily - * inherit the priority of the task attempting to obtain the mutex. */ - if( pxMutexHolderTCB->uxPriority < xTaskGetCurrentTaskHandle()->uxPriority ) - { - /* Adjust the mutex holder state to account for its new - * priority. Only reset the event list item value if the value is - * not being used for anything else. */ - if( ( ( ( &( pxMutexHolderTCB->xEventListItem ) )->xItemValue ) & 0x80000000UL ) == 0UL ) - { - ( ( &( pxMutexHolderTCB->xEventListItem ) )->xItemValue = ( ( TickType_t ) 32 - ( TickType_t ) xTaskGetCurrentTaskHandle()->uxPriority ) ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ - } - else - { - ; - } - - /* If the task being modified is in the ready state it will need - * to be moved into a new list. */ - if( ( ( ( &( pxMutexHolderTCB->xStateListItem ) )->pxContainer == ( &( pxReadyTasksLists[ pxMutexHolderTCB->uxPriority ] ) ) ) ? ( ( ( char ) 1 ) ) : ( ( ( char ) 0 ) ) ) != ( ( char ) 0 ) ) - { - if( uxListRemove( &( pxMutexHolderTCB->xStateListItem ) ) == ( UBaseType_t ) 0 ) - { - /* It is known that the task is in its ready list so - * there is no need to check again and the port level - * reset macro can be called directly. */ - ; - } - else - { - ; - } - - /* Inherit the priority before being moved into the new list. */ - pxMutexHolderTCB->uxPriority = xTaskGetCurrentTaskHandle()->uxPriority; - ; { if( ( ( pxMutexHolderTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxMutexHolderTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxMutexHolderTCB )->uxPriority ] ), &( ( pxMutexHolderTCB )->xStateListItem ) ); ; - } - else - { - /* Just inherit the priority. */ - pxMutexHolderTCB->uxPriority = xTaskGetCurrentTaskHandle()->uxPriority; - } - - ; - - /* Inheritance occurred. */ - xReturn = ( ( char ) 1 ); - } - else - { - if( pxMutexHolderTCB->uxBasePriority < xTaskGetCurrentTaskHandle()->uxPriority ) - { - /* The base priority of the mutex holder is lower than the - * priority of the task attempting to take the mutex, but the - * current priority of the mutex holder is not lower than the - * priority of the task attempting to take the mutex. - * Therefore the mutex holder must have already inherited a - * priority, but inheritance would have occurred if that had - * not been the case. */ - xReturn = ( ( char ) 1 ); - } - else - { - ; - } - } - } - else - { - ; - } - - return xReturn; - } - - -/*-----------------------------------------------------------*/ - - - - BaseType_t xTaskPriorityDisinherit( TaskHandle_t const pxMutexHolder ) - { - - /* Reason for rewrite: - * VeriFast does not support const pointers. - */ - TCB_t * pxTCB = pxMutexHolder; - - - - BaseType_t xReturn = ( ( char ) 0 ); - - if( pxMutexHolder != 0 ) - { - /* A task can only have an inherited priority if it holds the mutex. - * If the mutex is held by a task then it cannot be given from an - * interrupt, and if a mutex is given by the holding task then it must - * be the running state task. */ - assert(pxTCB == xTaskGetCurrentTaskHandle()); - assert(pxTCB->uxMutexesHeld); - ( pxTCB->uxMutexesHeld )--; - - /* Has the holder of the mutex inherited the priority of another - * task? */ - if( pxTCB->uxPriority != pxTCB->uxBasePriority ) - { - /* Only disinherit if no other mutexes are held. */ - if( pxTCB->uxMutexesHeld == ( UBaseType_t ) 0 ) - { - /* A task can only have an inherited priority if it holds - * the mutex. If the mutex is held by a task then it cannot be - * given from an interrupt, and if a mutex is given by the - * holding task then it must be the running state task. Remove - * the holding task from the ready list. */ - if( uxListRemove( &( pxTCB->xStateListItem ) ) == ( UBaseType_t ) 0 ) - { - ; - } - else - { - ; - } - - /* Disinherit the priority before adding the task into the - * new ready list. */ - ; - pxTCB->uxPriority = pxTCB->uxBasePriority; - - /* Reset the event list item value. It cannot be in use for - * any other purpose if this task is running, and it must be - * running to give back the mutex. */ - ( ( &( pxTCB->xEventListItem ) )->xItemValue = ( ( TickType_t ) 32 - ( TickType_t ) pxTCB->uxPriority ) ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ - ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ; - - /* Return true to indicate that a context switch is required. - * This is only actually required in the corner case whereby - * multiple mutexes were held and the mutexes were given back - * in an order different to that in which they were taken. - * If a context switch did not occur when the first mutex was - * returned, even if a task was waiting on it, then a context - * switch should occur when the last mutex is returned whether - * a task is waiting on it or not. */ - xReturn = ( ( char ) 1 ); - } - else - { - ; - } - } - else - { - ; - } - } - else - { - ; - } - - return xReturn; - } - - -/*-----------------------------------------------------------*/ - - - - void vTaskPriorityDisinheritAfterTimeout( TaskHandle_t const pxMutexHolder, - UBaseType_t uxHighestPriorityWaitingTask ) - { - - /* Reason for rewrite: - * VeriFast does not support const pointers. - */ - TCB_t * pxTCB = pxMutexHolder; - - - - UBaseType_t uxPriorityUsedOnEntry, uxPriorityToUse; - const UBaseType_t uxOnlyOneMutexHeld = ( UBaseType_t ) 1; - - if( pxMutexHolder != 0 ) - { - /* If pxMutexHolder is not NULL then the holder must hold at least - * one mutex. */ - assert(pxTCB->uxMutexesHeld); - - /* Determine the priority to which the priority of the task that - * holds the mutex should be set. This will be the greater of the - * holding task's base priority and the priority of the highest - * priority task that is waiting to obtain the mutex. */ - if( pxTCB->uxBasePriority < uxHighestPriorityWaitingTask ) - { - uxPriorityToUse = uxHighestPriorityWaitingTask; - } - else - { - uxPriorityToUse = pxTCB->uxBasePriority; - } - - /* Does the priority need to change? */ - if( pxTCB->uxPriority != uxPriorityToUse ) - { - /* Only disinherit if no other mutexes are held. This is a - * simplification in the priority inheritance implementation. If - * the task that holds the mutex is also holding other mutexes then - * the other mutexes may have caused the priority inheritance. */ - if( pxTCB->uxMutexesHeld == uxOnlyOneMutexHeld ) - { - /* If a task has timed out because it already holds the - * mutex it was trying to obtain then it cannot of inherited - * its own priority. */ - assert(pxTCB != xTaskGetCurrentTaskHandle()); - - /* Disinherit the priority, remembering the previous - * priority to facilitate determining the subject task's - * state. */ - ; - uxPriorityUsedOnEntry = pxTCB->uxPriority; - pxTCB->uxPriority = uxPriorityToUse; - - /* Only reset the event list item value if the value is not - * being used for anything else. */ - if( ( ( ( &( pxTCB->xEventListItem ) )->xItemValue ) & 0x80000000UL ) == 0UL ) - { - ( ( &( pxTCB->xEventListItem ) )->xItemValue = ( ( TickType_t ) 32 - ( TickType_t ) uxPriorityToUse ) ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ - } - else - { - ; - } - - /* If the running task is not the task that holds the mutex - * then the task that holds the mutex could be in either the - * Ready, Blocked or Suspended states. Only remove the task - * from its current state list if it is in the Ready state as - * the task's priority is going to change and there is one - * Ready list per priority. */ - if( ( ( ( &( pxTCB->xStateListItem ) )->pxContainer == ( &( pxReadyTasksLists[ uxPriorityUsedOnEntry ] ) ) ) ? ( ( ( char ) 1 ) ) : ( ( ( char ) 0 ) ) ) != ( ( char ) 0 ) ) - { - if( uxListRemove( &( pxTCB->xStateListItem ) ) == ( UBaseType_t ) 0 ) - { - /* It is known that the task is in its ready list so - * there is no need to check again and the port level - * reset macro can be called directly. */ - ; - } - else - { - ; - } - - ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ; - } - else - { - ; - } - } - else - { - ; - } - } - else - { - ; - } - } - else - { - ; - } - } - - -/*-----------------------------------------------------------*/ - -/* - * If not in a critical section then yield immediately. - * Otherwise set xYieldPending to true to wait to - * yield until exiting the critical section. - */ -void vTaskYieldWithinAPI( void ) -{ - if( xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0U ) - { - vPortYield(); - } - else - { - xYieldPendings[ VF__get_core_num() ] = ( ( char ) 1 ); - } -} -/*-----------------------------------------------------------*/ - - - - void vTaskEnterCritical( void ) - ///@ requires interruptState_p(?coreID, _) &*& unprotectedGlobalVars(); - ///@ ensures false; - { - VF__portDISABLE_INTERRUPTS(); - //@ open unprotectedGlobalVars(); - - if( xSchedulerRunning != ( ( char ) 0 ) ) - { - if( xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0U ) - { - if( assert_fct(false, "portCHECK_IF_IN_ISR") == ( ( char ) 0 ) ) - { - VF__portGET_TASK_LOCK(); - } - - VF__portGET_ISR_LOCK(); - } - - ( xTaskGetCurrentTaskHandle()->uxCriticalNesting )++; - - /* This should now be interrupt safe. The only time there would be - * a problem is if this is called before a context switch and - * vTaskExitCritical() is called after pxCurrentTCB changes. Therefore - * this should not be used within vTaskSwitchContext(). */ - - if( ( uxSchedulerSuspended == 0U ) && ( xTaskGetCurrentTaskHandle()->uxCriticalNesting == 1U ) ) - { - prvCheckForRunStateChange(); - } - } - else - { - ; - } - } - - -/*-----------------------------------------------------------*/ - - - - void vTaskExitCritical( void ) - { - if( xSchedulerRunning != ( ( char ) 0 ) ) - { - /* If pxCurrentTCB->uxCriticalNesting is zero then this function - * does not match a previous call to vTaskEnterCritical(). */ - assert(xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U); - - if( xTaskGetCurrentTaskHandle()->uxCriticalNesting > 0U ) - { - ( xTaskGetCurrentTaskHandle()->uxCriticalNesting )--; - - if( xTaskGetCurrentTaskHandle()->uxCriticalNesting == 0U ) - { - vPortRecursiveLock(0, spin_lock_instance(14), ( ( char ) 0 )); - - if( assert_fct(false, "portCHECK_IF_IN_ISR") == ( ( char ) 0 ) ) - { - vPortRecursiveLock(1, spin_lock_instance(15), ( ( char ) 0 )); - vPortEnableInterrupts(); - - /* When a task yields in a critical section it just sets - * xYieldPending to true. So now that we have exited the - * critical section check if xYieldPending is true, and - * if so yield. */ - if( prvGetCurrentYieldPending() != ( ( char ) 0 ) ) - { - vPortYield(); - } - } - else - { - /* In an ISR we don't hold the task lock and don't - * need to yield. Yield will happen if necessary when - * the application ISR calls portEND_SWITCHING_ISR() */ - ; - } - } - else - { - ; - } - } - else - { - ; - } - } - else - { - ; - } - } - - -/*-----------------------------------------------------------*/ -// # 5819 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" -/*-----------------------------------------------------------*/ -// # 5925 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" -/*----------------------------------------------------------*/ -// # 6052 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" -/*-----------------------------------------------------------*/ - -TickType_t uxTaskResetEventItemValue( void ) -{ - TickType_t uxReturn; - - uxReturn = ( ( &( xTaskGetCurrentTaskHandle()->xEventListItem ) )->xItemValue ); - - /* Reset the event list item to its normal value - so it can be used with - * queues and semaphores. */ - ( ( &( xTaskGetCurrentTaskHandle()->xEventListItem ) )->xItemValue = ( ( ( TickType_t ) 32 - ( TickType_t ) xTaskGetCurrentTaskHandle()->uxPriority ) ) ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ - - return uxReturn; -} -/*-----------------------------------------------------------*/ - - - - TaskHandle_t pvTaskIncrementMutexHeldCount( void ) - { - /* If xSemaphoreCreateMutex() is called before any tasks have been created - * then pxCurrentTCB will be NULL. */ - if( xTaskGetCurrentTaskHandle() != 0 ) - { - ( xTaskGetCurrentTaskHandle()->uxMutexesHeld )++; - } - - return xTaskGetCurrentTaskHandle(); - } - - -/*-----------------------------------------------------------*/ - - - - uint32_t ulTaskGenericNotifyTake( UBaseType_t uxIndexToWait, - BaseType_t xClearCountOnExit, - TickType_t xTicksToWait ) - { - uint32_t ulReturn; - - assert(uxIndexToWait < 1); - - vTaskEnterCritical(); - { - /* Only block if the notification count is not already non-zero. */ - if( xTaskGetCurrentTaskHandle()->ulNotifiedValue[ uxIndexToWait ] == 0UL ) - { - /* Mark this task as waiting for a notification. */ - xTaskGetCurrentTaskHandle()->ucNotifyState[ uxIndexToWait ] = ( ( uint8_t ) 1 ); - - if( xTicksToWait > ( TickType_t ) 0 ) - { - prvAddCurrentTaskToDelayedList( xTicksToWait, ( ( char ) 1 ) ); - ; - - /* All ports are written to allow a yield in a critical - * section (some will yield immediately, others wait until the - * critical section exits) - but it is not something that - * application code should ever do. */ - vTaskYieldWithinAPI(); - } - else - { - ; - } - } - else - { - ; - } - } - vTaskExitCritical(); - - vTaskEnterCritical(); - { - ; - ulReturn = xTaskGetCurrentTaskHandle()->ulNotifiedValue[ uxIndexToWait ]; - - if( ulReturn != 0UL ) - { - if( xClearCountOnExit != ( ( char ) 0 ) ) - { - xTaskGetCurrentTaskHandle()->ulNotifiedValue[ uxIndexToWait ] = 0UL; - } - else - { - xTaskGetCurrentTaskHandle()->ulNotifiedValue[ uxIndexToWait ] = ulReturn - ( uint32_t ) 1; - } - } - else - { - ; - } - - xTaskGetCurrentTaskHandle()->ucNotifyState[ uxIndexToWait ] = ( ( uint8_t ) 0 ); - } - vTaskExitCritical(); - - return ulReturn; - } - - -/*-----------------------------------------------------------*/ - - - - BaseType_t xTaskGenericNotifyWait( UBaseType_t uxIndexToWait, - uint32_t ulBitsToClearOnEntry, - uint32_t ulBitsToClearOnExit, - uint32_t * pulNotificationValue, - TickType_t xTicksToWait ) - { - BaseType_t xReturn; - - assert(uxIndexToWait < 1); - - vTaskEnterCritical(); - { - /* Only block if a notification is not already pending. */ - if( xTaskGetCurrentTaskHandle()->ucNotifyState[ uxIndexToWait ] != ( ( uint8_t ) 2 ) ) - { - /* Clear bits in the task's notification value as bits may get - * set by the notifying task or interrupt. This can be used to - * clear the value to zero. */ - xTaskGetCurrentTaskHandle()->ulNotifiedValue[ uxIndexToWait ] &= ~ulBitsToClearOnEntry; - - /* Mark this task as waiting for a notification. */ - xTaskGetCurrentTaskHandle()->ucNotifyState[ uxIndexToWait ] = ( ( uint8_t ) 1 ); - - if( xTicksToWait > ( TickType_t ) 0 ) - { - prvAddCurrentTaskToDelayedList( xTicksToWait, ( ( char ) 1 ) ); - ; - - /* All ports are written to allow a yield in a critical - * section (some will yield immediately, others wait until the - * critical section exits) - but it is not something that - * application code should ever do. */ - vTaskYieldWithinAPI(); - } - else - { - ; - } - } - else - { - ; - } - } - vTaskExitCritical(); - - vTaskEnterCritical(); - { - ; - - if( pulNotificationValue != 0 ) - { - /* Output the current notification value, which may or may not - * have changed. */ - *pulNotificationValue = xTaskGetCurrentTaskHandle()->ulNotifiedValue[ uxIndexToWait ]; - } - - /* If ucNotifyValue is set then either the task never entered the - * blocked state (because a notification was already pending) or the - * task unblocked because of a notification. Otherwise the task - * unblocked because of a timeout. */ - if( xTaskGetCurrentTaskHandle()->ucNotifyState[ uxIndexToWait ] != ( ( uint8_t ) 2 ) ) - { - /* A notification was not received. */ - xReturn = ( ( char ) 0 ); - } - else - { - /* A notification was already pending or a notification was - * received while the task was waiting. */ - xTaskGetCurrentTaskHandle()->ulNotifiedValue[ uxIndexToWait ] &= ~ulBitsToClearOnExit; - xReturn = ( ( char ) 1 ); - } - - xTaskGetCurrentTaskHandle()->ucNotifyState[ uxIndexToWait ] = ( ( uint8_t ) 0 ); - } - vTaskExitCritical(); - - return xReturn; - } - - -/*-----------------------------------------------------------*/ - - - - BaseType_t xTaskGenericNotify( TaskHandle_t xTaskToNotify, - UBaseType_t uxIndexToNotify, - uint32_t ulValue, - eNotifyAction eAction, - uint32_t * pulPreviousNotificationValue ) - { - TCB_t * pxTCB; - BaseType_t xReturn = ( ( ( char ) 1 ) ); - uint8_t ucOriginalNotifyState; - - assert(uxIndexToNotify < 1); - assert(xTaskToNotify); - pxTCB = xTaskToNotify; - - vTaskEnterCritical(); - { - if( pulPreviousNotificationValue != 0 ) - { - *pulPreviousNotificationValue = pxTCB->ulNotifiedValue[ uxIndexToNotify ]; - } - - ucOriginalNotifyState = pxTCB->ucNotifyState[ uxIndexToNotify ]; - - pxTCB->ucNotifyState[ uxIndexToNotify ] = ( ( uint8_t ) 2 ); - - switch( eAction ) - { - case eSetBits: - pxTCB->ulNotifiedValue[ uxIndexToNotify ] |= ulValue; - break; - - case eIncrement: - ( pxTCB->ulNotifiedValue[ uxIndexToNotify ] )++; - break; - - case eSetValueWithOverwrite: - pxTCB->ulNotifiedValue[ uxIndexToNotify ] = ulValue; - break; - - case eSetValueWithoutOverwrite: - - if( ucOriginalNotifyState != ( ( uint8_t ) 2 ) ) - { - pxTCB->ulNotifiedValue[ uxIndexToNotify ] = ulValue; - } - else - { - /* The value could not be written to the task. */ - xReturn = ( ( ( char ) 0 ) ); - } - - break; - - case eNoAction: - - /* The task is being notified without its notify value being - * updated. */ - break; - - default: - - /* Should not get here if all enums are handled. - * Artificially force an assert by testing a value the - * compiler can't assume is const. */ - assert(xTickCount == ( TickType_t ) 0); - - break; - } - - ; - - /* If the task is in the blocked state specifically to wait for a - * notification then unblock it now. */ - if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) ) - { - ( void ) uxListRemove( &( pxTCB->xStateListItem ) ); - ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ; - - /* The task should not have been on an event list. */ - assert(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0); -// # 6343 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" - { - prvYieldForTask( pxTCB, ( ( char ) 0 ) ); - } - - } - else - { - ; - } - } - vTaskExitCritical(); - - return xReturn; - } - - -/*-----------------------------------------------------------*/ - - - - BaseType_t xTaskGenericNotifyFromISR( TaskHandle_t xTaskToNotify, - UBaseType_t uxIndexToNotify, - uint32_t ulValue, - eNotifyAction eAction, - uint32_t * pulPreviousNotificationValue, - BaseType_t * pxHigherPriorityTaskWoken ) - { - TCB_t * pxTCB; - uint8_t ucOriginalNotifyState; - BaseType_t xReturn = ( ( ( char ) 1 ) ); - UBaseType_t uxSavedInterruptStatus; - - assert(xTaskToNotify); - assert(uxIndexToNotify < 1); - - /* RTOS ports that support interrupt nesting have the concept of a - * maximum system call (or maximum API call) interrupt priority. - * Interrupts that are above the maximum system call priority are keep - * permanently enabled, even when the RTOS kernel is in a critical section, - * but cannot make any calls to FreeRTOS API functions. If configASSERT() - * is defined in FreeRTOSConfig.h then - * portASSERT_IF_INTERRUPT_PRIORITY_INVALID() will result in an assertion - * failure if a FreeRTOS API function is called from an interrupt that has - * been assigned a priority above the configured maximum system call - * priority. Only FreeRTOS functions that end in FromISR can be called - * from interrupts that have been assigned a priority at or (logically) - * below the maximum system call interrupt priority. FreeRTOS maintains a - * separate interrupt safe API to ensure interrupt entry is as fast and as - * simple as possible. More information (albeit Cortex-M specific) is - * provided on the following link: - * https://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html */ - ; - - pxTCB = xTaskToNotify; - - uxSavedInterruptStatus = assert_fct(false, "portSET_INTERRUPT_MASK_FROM_ISR"); - { - if( pulPreviousNotificationValue != 0 ) - { - *pulPreviousNotificationValue = pxTCB->ulNotifiedValue[ uxIndexToNotify ]; - } - - ucOriginalNotifyState = pxTCB->ucNotifyState[ uxIndexToNotify ]; - pxTCB->ucNotifyState[ uxIndexToNotify ] = ( ( uint8_t ) 2 ); - - switch( eAction ) - { - case eSetBits: - pxTCB->ulNotifiedValue[ uxIndexToNotify ] |= ulValue; - break; - - case eIncrement: - ( pxTCB->ulNotifiedValue[ uxIndexToNotify ] )++; - break; - - case eSetValueWithOverwrite: - pxTCB->ulNotifiedValue[ uxIndexToNotify ] = ulValue; - break; - - case eSetValueWithoutOverwrite: - - if( ucOriginalNotifyState != ( ( uint8_t ) 2 ) ) - { - pxTCB->ulNotifiedValue[ uxIndexToNotify ] = ulValue; - } - else - { - /* The value could not be written to the task. */ - xReturn = ( ( ( char ) 0 ) ); - } - - break; - - case eNoAction: - - /* The task is being notified without its notify value being - * updated. */ - break; - - default: - - /* Should not get here if all enums are handled. - * Artificially force an assert by testing a value the - * compiler can't assume is const. */ - assert(xTickCount == ( TickType_t ) 0); - break; - } - - ; - - /* If the task is in the blocked state specifically to wait for a - * notification then unblock it now. */ - if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) ) - { - /* The task should not have been on an event list. */ - assert(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0); - - if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) ) - { - ( void ) uxListRemove( &( pxTCB->xStateListItem ) ); - ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ; - } - else - { - /* The delayed and ready lists cannot be accessed, so hold - * this task pending until the scheduler is resumed. */ - vListInsertEnd( &( xPendingReadyList ), &( pxTCB->xEventListItem ) ); - } - - - prvYieldForTask( pxTCB, ( ( char ) 0 ) ); - - if( xYieldPendings[ VF__get_core_num() ] == ( ( char ) 1 ) ) - { - if( pxHigherPriorityTaskWoken != 0 ) - { - *pxHigherPriorityTaskWoken = ( ( char ) 1 ); - } - } - - } - } - do { vTaskExitCritical(); VF__portRESTORE_INTERRUPTS(uxSavedInterruptStatus); } while (0); - - return xReturn; - } - - -/*-----------------------------------------------------------*/ - - - - void vTaskGenericNotifyGiveFromISR( TaskHandle_t xTaskToNotify, - UBaseType_t uxIndexToNotify, - BaseType_t * pxHigherPriorityTaskWoken ) - { - TCB_t * pxTCB; - uint8_t ucOriginalNotifyState; - UBaseType_t uxSavedInterruptStatus; - - assert(xTaskToNotify); - assert(uxIndexToNotify < 1); - - /* RTOS ports that support interrupt nesting have the concept of a - * maximum system call (or maximum API call) interrupt priority. - * Interrupts that are above the maximum system call priority are keep - * permanently enabled, even when the RTOS kernel is in a critical section, - * but cannot make any calls to FreeRTOS API functions. If configASSERT() - * is defined in FreeRTOSConfig.h then - * portASSERT_IF_INTERRUPT_PRIORITY_INVALID() will result in an assertion - * failure if a FreeRTOS API function is called from an interrupt that has - * been assigned a priority above the configured maximum system call - * priority. Only FreeRTOS functions that end in FromISR can be called - * from interrupts that have been assigned a priority at or (logically) - * below the maximum system call interrupt priority. FreeRTOS maintains a - * separate interrupt safe API to ensure interrupt entry is as fast and as - * simple as possible. More information (albeit Cortex-M specific) is - * provided on the following link: - * https://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html */ - ; - - pxTCB = xTaskToNotify; - - uxSavedInterruptStatus = assert_fct(false, "portSET_INTERRUPT_MASK_FROM_ISR"); - { - ucOriginalNotifyState = pxTCB->ucNotifyState[ uxIndexToNotify ]; - pxTCB->ucNotifyState[ uxIndexToNotify ] = ( ( uint8_t ) 2 ); - - /* 'Giving' is equivalent to incrementing a count in a counting - * semaphore. */ - ( pxTCB->ulNotifiedValue[ uxIndexToNotify ] )++; - - ; - - /* If the task is in the blocked state specifically to wait for a - * notification then unblock it now. */ - if( ucOriginalNotifyState == ( ( uint8_t ) 1 ) ) - { - /* The task should not have been on an event list. */ - assert(( ( &( pxTCB->xEventListItem ) )->pxContainer ) == 0); - - if( uxSchedulerSuspended == ( UBaseType_t ) ( ( char ) 0 ) ) - { - ( void ) uxListRemove( &( pxTCB->xStateListItem ) ); - ; { if( ( ( pxTCB )->uxPriority ) > uxTopReadyPriority ) { uxTopReadyPriority = ( ( pxTCB )->uxPriority ); } }; vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); ; - } - else - { - /* The delayed and ready lists cannot be accessed, so hold - * this task pending until the scheduler is resumed. */ - vListInsertEnd( &( xPendingReadyList ), &( pxTCB->xEventListItem ) ); - } - - - prvYieldForTask( pxTCB, ( ( char ) 0 ) ); - - if( xYieldPendings[ VF__get_core_num() ] == ( ( char ) 1 ) ) - { - if( pxHigherPriorityTaskWoken != 0 ) - { - *pxHigherPriorityTaskWoken = ( ( char ) 1 ); - } - } - - } - } - do { vTaskExitCritical(); VF__portRESTORE_INTERRUPTS(uxSavedInterruptStatus); } while (0); - } - - -/*-----------------------------------------------------------*/ - - - - BaseType_t xTaskGenericNotifyStateClear( TaskHandle_t xTask, - UBaseType_t uxIndexToClear ) - { - TCB_t * pxTCB; - BaseType_t xReturn; - - assert(uxIndexToClear < 1); - - /* If null is passed in here then it is the calling task that is having - * its notification state cleared. */ - pxTCB = ( ( ( xTask ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTask ) ); - - vTaskEnterCritical(); - { - if( pxTCB->ucNotifyState[ uxIndexToClear ] == ( ( uint8_t ) 2 ) ) - { - pxTCB->ucNotifyState[ uxIndexToClear ] = ( ( uint8_t ) 0 ); - xReturn = ( ( ( char ) 1 ) ); - } - else - { - xReturn = ( ( ( char ) 0 ) ); - } - } - vTaskExitCritical(); - - return xReturn; - } - - -/*-----------------------------------------------------------*/ - - - - uint32_t ulTaskGenericNotifyValueClear( TaskHandle_t xTask, - UBaseType_t uxIndexToClear, - uint32_t ulBitsToClear ) - { - TCB_t * pxTCB; - uint32_t ulReturn; - - /* If null is passed in here then it is the calling task that is having - * its notification state cleared. */ - pxTCB = ( ( ( xTask ) == 0 ) ? xTaskGetCurrentTaskHandle() : ( xTask ) ); - - vTaskEnterCritical(); - { - /* Return the notification as it was before the bits were cleared, - * then clear the bit mask. */ - ulReturn = pxTCB->ulNotifiedValue[ uxIndexToClear ]; - pxTCB->ulNotifiedValue[ uxIndexToClear ] &= ~ulBitsToClear; - } - vTaskExitCritical(); - - return ulReturn; - } - - -/*-----------------------------------------------------------*/ -// # 6652 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" -/*-----------------------------------------------------------*/ - -static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait, - const BaseType_t xCanBlockIndefinitely ) -{ - TickType_t xTimeToWake; - const TickType_t xConstTickCount = xTickCount; - - - { - /* About to enter a delayed list, so ensure the ucDelayAborted flag is - * reset to pdFALSE so it can be detected as having been set to pdTRUE - * when the task leaves the Blocked state. */ - xTaskGetCurrentTaskHandle()->ucDelayAborted = ( ( char ) 0 ); - } - - - /* Remove the task from the ready list before adding it to the blocked list - * as the same list item is used for both lists. */ - if( uxListRemove( &( xTaskGetCurrentTaskHandle()->xStateListItem ) ) == ( UBaseType_t ) 0 ) - { - /* The current task must be in a ready list, so there is no need to - * check, and the port reset macro can be called directly. */ - ; /*lint !e931 pxCurrentTCB cannot change as it is the calling task. pxCurrentTCB->uxPriority and uxTopReadyPriority cannot change as called with scheduler suspended or in a critical section. */ - } - else - { - ; - } - - - { - if( ( xTicksToWait == ( TickType_t ) 0xffffffffUL ) && ( xCanBlockIndefinitely != ( ( char ) 0 ) ) ) - { - /* Add the task to the suspended task list instead of a delayed task - * list to ensure it is not woken by a timing event. It will block - * indefinitely. */ - vListInsertEnd( &xSuspendedTaskList, &( xTaskGetCurrentTaskHandle()->xStateListItem ) ); - } - else - { - /* Calculate the time at which the task should be woken if the event - * does not occur. This may overflow but this doesn't matter, the - * kernel will manage it correctly. */ - xTimeToWake = xConstTickCount + xTicksToWait; - - /* The list item will be inserted in wake time order. */ - ( ( &( xTaskGetCurrentTaskHandle()->xStateListItem ) )->xItemValue = ( xTimeToWake ) ); - - if( xTimeToWake < xConstTickCount ) - { - /* Wake time has overflowed. Place this item in the overflow - * list. */ - vListInsert( pxOverflowDelayedTaskList, &( xTaskGetCurrentTaskHandle()->xStateListItem ) ); - } - else - { - /* The wake time has not overflowed, so the current block list - * is used. */ - vListInsert( pxDelayedTaskList, &( xTaskGetCurrentTaskHandle()->xStateListItem ) ); - - /* If the task entering the blocked state was placed at the - * head of the list of blocked tasks then xNextTaskUnblockTime - * needs to be updated too. */ - if( xTimeToWake < xNextTaskUnblockTime ) - { - xNextTaskUnblockTime = xTimeToWake; - } - else - { - ; - } - } - } - } -// # 6764 "/Users/reitobia/repos2/FreeRTOS-Kernel/tasks.c" -} - -/* Code below here allows additional code to be inserted into this source file, - * especially where access to file scope functions and data is needed (for example - * when performing module tests). */ From 49f0dc1f04c062dafacd858ddc272192c2843257 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 11 Nov 2022 15:11:44 -0500 Subject: [PATCH 101/289] Added preprocessing out dir to .gitignore. --- verification/verifast/.gitignore | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/verification/verifast/.gitignore b/verification/verifast/.gitignore index 1c0ce748b40..a1e1cfa0e02 100644 --- a/verification/verifast/.gitignore +++ b/verification/verifast/.gitignore @@ -1 +1,5 @@ +# Ignore log files custom_build_scripts_RP2040/log_preprocessed_files + +# Ignore preprocessing output +preprocessed_files/* From 0a31349be3490e145a130e012b7bd4ab4ed76153 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 11 Nov 2022 15:37:24 -0500 Subject: [PATCH 102/289] Added automatic rewrite to remove const qualifiers occurring before a star. --- .../verifast/custom_build_scripts_RP2040/vf_rewrite.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh b/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh index 7afe1af046a..d632218e844 100755 --- a/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh +++ b/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh @@ -37,7 +37,8 @@ rewrite "__attribute__(([_a-z]*))" "" rewrite "__attribute__( ( [_a-z]* ) )" "" echo "Removing const qualifiers from pointers" -rewrite "* const" "*" +rewrite "[*] const" "*" +rewrite "const [*]" "*" echo "Uncomment special includes to allow VeriFast proofs to refer to config macros" rewrite "//VF_include #include" "#include" From 7c9711cb885dc5fcacf6db7ac2ff39f3610ac099 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 11 Nov 2022 15:44:23 -0500 Subject: [PATCH 103/289] Reverted manual VF rewrites concerning const pointers. Respective rewrites are applied during preprocessing. --- include/list.h | 42 +++++++++-------------------- tasks.c | 72 +++++++++----------------------------------------- 2 files changed, 24 insertions(+), 90 deletions(-) diff --git a/include/list.h b/include/list.h index b56f449b007..23814161d2f 100644 --- a/include/list.h +++ b/include/list.h @@ -301,36 +301,18 @@ typedef struct xLIST * \page listGET_OWNER_OF_NEXT_ENTRY listGET_OWNER_OF_NEXT_ENTRY * \ingroup LinkedList */ -#ifdef VERIFAST - /* Reason for rewrite: - * VeriFast does not support const pointers. - */ - #define listGET_OWNER_OF_NEXT_ENTRY( pxTCB, pxList ) \ - { \ - List_t * pxConstList = ( pxList ); \ - /* Increment the index to the next item and return the item, ensuring */ \ - /* we don't return the marker used at the end of the list. */ \ - ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; \ - if( ( void * ) ( pxConstList )->pxIndex == ( void * ) &( ( pxConstList )->xListEnd ) ) \ - { \ - ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; \ - } \ - ( pxTCB ) = ( pxConstList )->pxIndex->pvOwner; \ - } -#else - #define listGET_OWNER_OF_NEXT_ENTRY( pxTCB, pxList ) \ - { \ - List_t * const pxConstList = ( pxList ); \ - /* Increment the index to the next item and return the item, ensuring */ \ - /* we don't return the marker used at the end of the list. */ \ - ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; \ - if( ( void * ) ( pxConstList )->pxIndex == ( void * ) &( ( pxConstList )->xListEnd ) ) \ - { \ - ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; \ - } \ - ( pxTCB ) = ( pxConstList )->pxIndex->pvOwner; \ - } -#endif /* VERIFAST */ +#define listGET_OWNER_OF_NEXT_ENTRY( pxTCB, pxList ) \ + { \ + List_t * const pxConstList = ( pxList ); \ + /* Increment the index to the next item and return the item, ensuring */ \ + /* we don't return the marker used at the end of the list. */ \ + ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; \ + if( ( void * ) ( pxConstList )->pxIndex == ( void * ) &( ( pxConstList )->xListEnd ) ) \ + { \ + ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; \ + } \ + ( pxTCB ) = ( pxConstList )->pxIndex->pvOwner; \ + } diff --git a/tasks.c b/tasks.c index 076d43c421a..717a3dcec7d 100644 --- a/tasks.c +++ b/tasks.c @@ -897,14 +897,8 @@ static void prvYieldForTask( TCB_t * pxTCB, if( listLIST_IS_EMPTY( &( pxReadyTasksLists[ uxCurrentPriority ] ) ) == pdFALSE ) { - #ifdef VERIFAST - /* Reason for rewrite: - * VeriFast does not support const pointers. - */ - List_t * pxReadyList = &( pxReadyTasksLists[ uxCurrentPriority ] ); - #else - List_t * const pxReadyList = &( pxReadyTasksLists[ uxCurrentPriority ] ); - #endif /* VERIFAST */ + + List_t * const pxReadyList = &( pxReadyTasksLists[ uxCurrentPriority ] ); ListItem_t * pxLastTaskItem = pxReadyList->pxIndex->pxPrevious; ListItem_t * pxTaskItem = pxLastTaskItem; @@ -2210,11 +2204,11 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) * - multiple pointer declarations to user-defined types in single * statement (i.e., `A p1, p2;` is ok, `A *p1, *p2;` fails) */ - List_t * pxStateList; - List_t * pxDelayedList; - List_t * pxOverflowedDelayedList; + List_t const * pxStateList; + List_t const * pxDelayedList; + List_t const * pxOverflowedDelayedList; #else - List_t * pxStateList, * pxDelayedList, * pxOverflowedDelayedList; + List_t const * pxStateList, * pxDelayedList, * pxOverflowedDelayedList; #endif /* VERIFAST */ const TCB_t * const pxTCB = xTask; @@ -2311,14 +2305,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) UBaseType_t uxTaskPriorityGet( const TaskHandle_t xTask ) { - #ifdef VERIFAST - /* Reason for rewrite: - * VeriFast does not support const pointers. - */ - TCB_t * pxTCB; - #else - TCB_t const * pxTCB; - #endif /* VERIFAST */ + TCB_t const * pxTCB; UBaseType_t uxReturn; taskENTER_CRITICAL(); @@ -2340,14 +2327,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) UBaseType_t uxTaskPriorityGetFromISR( const TaskHandle_t xTask ) { - #ifdef VERIFAST - /* Reason for rewrite: - * VeriFast does not support const pointers. - */ - TCB_t * pxTCB; - #else - TCB_t const * pxTCB; - #endif /* VERIFAST */ + TCB_t const * pxTCB; UBaseType_t uxReturn, uxSavedInterruptState; /* RTOS ports that support interrupt nesting have the concept of a @@ -2886,14 +2866,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) BaseType_t xTaskResumeFromISR( TaskHandle_t xTaskToResume ) { BaseType_t xYieldRequired = pdFALSE; - #ifdef VERIFAST - /* Reason for rewrite: - * VeriFast does not support const pointers. - */ - TCB_t * pxTCB = xTaskToResume; - #else - TCB_t * const pxTCB = xTaskToResume; - #endif /* VERIFAST */ + TCB_t * const pxTCB = xTaskToResume; UBaseType_t uxSavedInterruptStatus; configASSERT( xTaskToResume ); @@ -4559,14 +4532,7 @@ void vTaskMissedYield( void ) UBaseType_t uxTaskGetTaskNumber( TaskHandle_t xTask ) { UBaseType_t uxReturn; - #ifdef VERIFAST - /* Reason for rewrite: - * VeriFast does not support const pointers. - */ - TCB_t * pxTCB; - #else - TCB_t const * pxTCB; - #endif /* VERIFAST */ + TCB_t const * pxTCB; if( xTask != NULL ) { @@ -5381,14 +5347,7 @@ static void prvResetNextTaskUnblockTime( void ) BaseType_t xTaskPriorityInherit( TaskHandle_t const pxMutexHolder ) { - #ifdef VERIFAST - /* Reason for rewrite: - * VeriFast does not support const pointers. - */ - TCB_t * pxMutexHolderTCB = pxMutexHolder; - #else - TCB_t * const pxMutexHolderTCB = pxMutexHolder; - #endif /* VERIFAST */ + TCB_t * const pxMutexHolderTCB = pxMutexHolder; BaseType_t xReturn = pdFALSE; /* If the mutex was given back by an interrupt while the queue was @@ -5566,14 +5525,7 @@ static void prvResetNextTaskUnblockTime( void ) void vTaskPriorityDisinheritAfterTimeout( TaskHandle_t const pxMutexHolder, UBaseType_t uxHighestPriorityWaitingTask ) { - #ifdef VERIFAST - /* Reason for rewrite: - * VeriFast does not support const pointers. - */ - TCB_t * pxTCB = pxMutexHolder; - #else - TCB_t * const pxTCB = pxMutexHolder; - #endif /* VERIFAST */ + TCB_t * const pxTCB = pxMutexHolder; UBaseType_t uxPriorityUsedOnEntry, uxPriorityToUse; const UBaseType_t uxOnlyOneMutexHeld = ( UBaseType_t ) 1; From 1e2acf61396404bd01f81ffe8b37cd86eb6a8643 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sun, 13 Nov 2022 14:35:02 -0500 Subject: [PATCH 104/289] Linked const pointer rewrite to filed VeriFast issue 333. --- verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh b/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh index d632218e844..efdf96c05f8 100755 --- a/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh +++ b/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh @@ -37,6 +37,8 @@ rewrite "__attribute__(([_a-z]*))" "" rewrite "__attribute__( ( [_a-z]* ) )" "" echo "Removing const qualifiers from pointers" +echo "Reported issue 333:" +echo "https://github.com/verifast/verifast/issues/333" rewrite "[*] const" "*" rewrite "const [*]" "*" From a470fec6d090b9495e7b741ddd55b4750438b495 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sun, 13 Nov 2022 14:46:17 -0500 Subject: [PATCH 105/289] Added automatic deletion of void casts (used to suppress warnings) and linked to filed VeriFast issue 335. --- tasks.c | 9 ++------- .../verifast/custom_build_scripts_RP2040/vf_rewrite.sh | 5 +++++ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/tasks.c b/tasks.c index 717a3dcec7d..d85d47afe75 100644 --- a/tasks.c +++ b/tasks.c @@ -1496,17 +1496,12 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, /* Fill the stack with a known value to assist debugging. */ #ifdef VERIFAST /* Reason for rewrite: - * - VeriFast does not support casts involving side-effectful - * expressions. - * - VeriFast report type mismatch because + * - VeriFast reports type mismatch because * `( int ) tskSTACK_FILL_BYTE` is passed for a char argument. * - * Note: The only affect of void casts is to surpress compiler - * warnings. - * * TODO: Is the type mismatch a real error? */ - memset( pxNewTCB->pxStack, ( char ) tskSTACK_FILL_BYTE, ( size_t ) ulStackDepth * sizeof( StackType_t ) ); + ( void ) memset( pxNewTCB->pxStack, ( char ) tskSTACK_FILL_BYTE, ( size_t ) ulStackDepth * sizeof( StackType_t ) ); #else ( void ) memset( pxNewTCB->pxStack, ( int ) tskSTACK_FILL_BYTE, ( size_t ) ulStackDepth * sizeof( StackType_t ) ); #endif diff --git a/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh b/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh index efdf96c05f8..3e95c833b8d 100755 --- a/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh +++ b/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh @@ -36,6 +36,11 @@ rewrite "__attribute__(([_a-z]*))" "" # TODO: Why does matching `\s` or `:space:` not work on MacOs? rewrite "__attribute__( ( [_a-z]* ) )" "" +echo "Delete void casts (used to suppress compiler warnings)" +echo "Reported issue 335" +echo "https://github.com/verifast/verifast/issues/335" +rewrite "( void ) memset" "memset" + echo "Removing const qualifiers from pointers" echo "Reported issue 333:" echo "https://github.com/verifast/verifast/issues/333" From a7fdaca373af4a8e7f341b2770c2c13953a85ac6 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sun, 13 Nov 2022 14:52:14 -0500 Subject: [PATCH 106/289] Reverted manual rewrites involving const pointers. Automatic rewrites are in place. --- tasks.c | 25 +++++-------------------- 1 file changed, 5 insertions(+), 20 deletions(-) diff --git a/tasks.c b/tasks.c index d85d47afe75..99163e63699 100644 --- a/tasks.c +++ b/tasks.c @@ -2194,10 +2194,9 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) eTaskState eReturn; #ifdef VERIFAST /* Reason for rewrite: - * VeriFast does not support the following: - * - const pointers - * - multiple pointer declarations to user-defined types in single - * statement (i.e., `A p1, p2;` is ok, `A *p1, *p2;` fails) + * VeriFast does not support multiple pointer declarations to + * user-defined types in single statement (i.e., `A p1, p2;` is ok, + * `A *p1, *p2;` fails) */ List_t const * pxStateList; List_t const * pxDelayedList; @@ -2802,14 +2801,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) void vTaskResume( TaskHandle_t xTaskToResume ) { - #ifdef VERIFAST - /* Reason for rewrite: - * VeriFast does not support const pointers. - */ - TCB_t * pxTCB = xTaskToResume; - #else - TCB_t * const pxTCB = xTaskToResume; - #endif /* VERIFAST */ + TCB_t * const pxTCB = xTaskToResume; /* It does not make sense to resume the calling task. */ configASSERT( xTaskToResume ); @@ -5432,14 +5424,7 @@ static void prvResetNextTaskUnblockTime( void ) BaseType_t xTaskPriorityDisinherit( TaskHandle_t const pxMutexHolder ) { - #ifdef VERIFAST - /* Reason for rewrite: - * VeriFast does not support const pointers. - */ - TCB_t * pxTCB = pxMutexHolder; - #else - TCB_t * const pxTCB = pxMutexHolder; - #endif /* VERIFAST */ + TCB_t * const pxTCB = pxMutexHolder; BaseType_t xReturn = pdFALSE; if( pxMutexHolder != NULL ) From d2f10a6b25ec3fe1ab82756fc657af9bff463895 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 15 Nov 2022 08:28:21 -0500 Subject: [PATCH 107/289] `vTaskSwitchContexxt` assumes that that interrupts have been deactivated. --- tasks.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/tasks.c b/tasks.c index 99163e63699..f88ea9bd409 100644 --- a/tasks.c +++ b/tasks.c @@ -4117,7 +4117,9 @@ void vTaskSwitchContext( BaseType_t xCoreID ) [?f_ISR]isrLock() &*& [?f_task]taskLock() &*& interruptState_p(xCoreID, ?state) &*& - xCoreID == coreID_f(); + xCoreID == coreID_f() &*& + interruptsDisabled_f(state) == true &*& + coreLocalGlobalVars_p(); @*/ //@ ensures true; { @@ -4132,6 +4134,7 @@ void vTaskSwitchContext( BaseType_t xCoreID ) portGET_TASK_LOCK(); /* Must always acquire the task lock first */ portGET_ISR_LOCK(); //@ get_taskISRLockInv(); + //@ open coreLocalGlobalVars_p(); { /* vTaskSwitchContext() must never be called from within a critical section. * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */ @@ -5268,8 +5271,15 @@ static void prvResetNextTaskUnblockTime( void ) #if ( ( INCLUDE_xTaskGetCurrentTaskHandle == 1 ) || ( configUSE_MUTEXES == 1 ) ) TaskHandle_t xTaskGetCurrentTaskHandle( void ) - //@ requires interruptState_p(?coreID, ?irpState); - //@ ensures interruptState_p(coreID, irpState); + /*@ requires interruptState_p(coreID_f(), ?state) &*& + interruptsDisabled_f(state) == true &*& + pointer(&pxCurrentTCBs[coreID_f], ?taskHandle); + @*/ + /*@ ensures interruptState_p(coreID_f(), state) &*& + interruptsDisabled_f(state) == true &*& + pointer(&pxCurrentTCBs[coreID_f], taskHandle) &*& + result == taskHandle; + @*/ { TaskHandle_t xReturn; uint32_t ulState; From 7a5119e32464bdbf7e3372b3deca9b2894002829 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 15 Nov 2022 09:31:56 -0500 Subject: [PATCH 108/289] Nightly build of Nov 14, 2022 broke old proof for `vTaskCreate`. Ignoring these proofs for now. --- tasks.c | 18 +++++++++++++++--- .../proof/snippets/rp2040_port_c_snippets.c | 11 ++++++++++- verification/verifast/proof/task_predicates.h | 4 ++-- .../verifast/proof/verifast_prelude_extended.h | 1 + .../proof_setup/verifast_RP2040_axioms.h | 4 ++-- .../verifast/start-vfide--preprocessed.sh | 4 ++++ 6 files changed, 34 insertions(+), 8 deletions(-) diff --git a/tasks.c b/tasks.c index f88ea9bd409..43c4f7cbfaa 100644 --- a/tasks.c +++ b/tasks.c @@ -1342,6 +1342,12 @@ static void prvYieldForTask( TCB_t * pxTCB, TaskHandle_t * const pxCreatedTask ) #endif /* ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) */ { + // Proof boken by switch to nightly build Nov 14, 2022 + // TODO: Adapt proof + //@ assume(false); + // ------------------------------------------------------------ + + TCB_t * pxNewTCB; BaseType_t xReturn; @@ -1469,6 +1475,12 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, *pxCreatedTask |-> _; @*/ { + // Proof boken by switch to nightly build Nov 14, 2022 + // TODO: Adapt proof + //@ assume(false); + // ------------------------------------------------------------ + + StackType_t * pxTopOfStack; UBaseType_t x; @@ -1527,7 +1539,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, */ #ifndef VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT // Axiomatize that pointers on RP2040 are 32bit - //@ ptr_range(pxTopOfStack); + //@ ptr_range(pxTopOfStack); /* Convert top and mask to VeriFast bitvectors and establish * relation to C variables. @@ -1545,7 +1557,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, * We further assume that `portPOINTER_SIZE_TYPE` evaluates to * `uint32_t`. */ - //@ ptr_range(pxTopOfStack); + //@ ptr_range(pxTopOfStack); /*@ assume( ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ) > 0 ); @@ -1572,7 +1584,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, /* Axiomatize that alignmet check succeeds. * We further assume that `portPOINTER_SIZE_TYPE` evaluates to * `uint32_t`*/ - //@ ptr_range(pxTopOfStack); + //@ ptr_range(pxTopOfStack); /*@ assume( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL ); @*/ #endif /* VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT */ diff --git a/verification/verifast/proof/snippets/rp2040_port_c_snippets.c b/verification/verifast/proof/snippets/rp2040_port_c_snippets.c index 2ee456a6d2b..d38993779ee 100644 --- a/verification/verifast/proof/snippets/rp2040_port_c_snippets.c +++ b/verification/verifast/proof/snippets/rp2040_port_c_snippets.c @@ -87,6 +87,10 @@ StackType_t* test_stack_pred(uint32_t depth) malloc_block_chars((char*) result, depth * sizeof(StackType_t)); @*/ { + // Proof boken by switch to nightly build Nov 14, 2022 + // TODO: Adapt proof + //@ assume(false); + // ------------------------------------------------------------ StackType_t * stack; @@ -124,6 +128,11 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack, result == pxTopOfStack - 16; @*/ { + // Proof boken by switch to nightly build Nov 14, 2022 + // TODO: Adapt proof + //@ assume(false); + // ------------------------------------------------------------ + //@ StackType_t* gOldTop = pxTopOfStack; //@ char* gcStack = (char*) pxStack; //@ open stack_p_2(_, _, _, _, _, _); @@ -162,7 +171,7 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack, //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 2) == (char*) pxTopOfStack + sizeof(StackType_t) ); // prevent overflow - //@ ptr_range(pxCode); + //@ ptr_range(pxCode); // make stack cell #2 available //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 3)); //@ chars_to_integers_(gOldTop-2, sizeof(StackType_t), false, 1); diff --git a/verification/verifast/proof/task_predicates.h b/verification/verifast/proof/task_predicates.h index fe2d082bf18..9fd1346070a 100644 --- a/verification/verifast/proof/task_predicates.h +++ b/verification/verifast/proof/task_predicates.h @@ -43,7 +43,7 @@ predicate uninit_TCB_p(TCB_t * tcb, int stackSize) = // We assume that the macro `configTASK_NOTIFICATION_ARRAY_ENTRIES` // evaluates to 1. integers__(tcb->ulNotifiedValue, 4, false, 1, _) &*& - uchars_(tcb->ucNotifyState, 1, _) &*& + uchars_((unsigned char*) tcb->ucNotifyState, 1, _) &*& tcb->ucDelayAborted |-> _; @*/ @@ -84,7 +84,7 @@ predicate TCB_p(TCB_t * tcb, uint32_t ulFreeBytesOnStack) = // We assume that the macro `configTASK_NOTIFICATION_ARRAY_ENTRIES` // evaluates to 1. integers_(tcb->ulNotifiedValue, 4, false, 1, _) &*& - uchars(tcb->ucNotifyState, 1, _) &*& + uchars((unsigned char*) tcb->ucNotifyState, 1, _) &*& tcb->ucDelayAborted |-> _; @*/ diff --git a/verification/verifast/proof/verifast_prelude_extended.h b/verification/verifast/proof/verifast_prelude_extended.h index b297a118cc1..beb263831cf 100644 --- a/verification/verifast/proof/verifast_prelude_extended.h +++ b/verification/verifast/proof/verifast_prelude_extended.h @@ -65,6 +65,7 @@ ensures chars(start_ptr, ?c1, ?vs1) &*& close chars(start_ptr, 0, nil); } else { + assert( start_ptr < split_ptr ); // Will fail when pointer provenance checks are turned on open chars(start_ptr, _, _); chars_split_at(start_ptr+1, split_ptr); assert( chars(start_ptr+1, ?c1, _) ); diff --git a/verification/verifast/proof_setup/verifast_RP2040_axioms.h b/verification/verifast/proof_setup/verifast_RP2040_axioms.h index bcbc2e80230..b6dbda41f97 100644 --- a/verification/verifast/proof_setup/verifast_RP2040_axioms.h +++ b/verification/verifast/proof_setup/verifast_RP2040_axioms.h @@ -10,9 +10,9 @@ /*@ // Axiomatizes that: 0 <= ptr <= 2^32 - 1 -lemma void ptr_range(t* ptr); +lemma void ptr_range(void* ptr); requires true; -ensures 0 <= (int) ptr &*& (int) ptr <= 4294967295; +ensures (void*) 0 <= ptr &*& ptr <= (void*) 4294967295; @*/ diff --git a/verification/verifast/start-vfide--preprocessed.sh b/verification/verifast/start-vfide--preprocessed.sh index 2704752150d..e81f5a77873 100755 --- a/verification/verifast/start-vfide--preprocessed.sh +++ b/verification/verifast/start-vfide--preprocessed.sh @@ -29,10 +29,14 @@ cd "$START_WD" echo "\n\nPreprocessing script finished\n\n" # Remarks: +# - Recently, provenance checks have been added to VF that break old proofs +# involving pointer comparisons. The flag `-assume_no_provenance` turns them +# off. # - Need z3v4.5 to handle bitvector arithmetic "$VF_DIR/bin/vfide" "$PP_TASK_C" \ -I proof_setup \ -codeFont "$FONT_SIZE" -traceFont "$FONT_SIZE" \ + -assume_no_provenance \ -prover z3v4.5 # -target 32bit -prover z3v4.5 \ # TODO: If we set the target to 32bit, VF create `uint` chunks instead of `char` chunks during malloc From d95976ebe539ac2e31b246cd8d74e18a752605ee Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 16 Nov 2022 10:28:31 -0500 Subject: [PATCH 109/289] Added info about available tasks to lock predicate. --- tasks.c | 15 +++++++++++-- .../custom_build_scripts_RP2040/vf_rewrite.sh | 1 + .../verifast/proof/ready_list_predicates.h | 8 +++++++ verification/verifast/proof/task_predicates.h | 6 +++++- .../verifast/proof/verifast_lock_predicates.h | 21 ++++++++++++++++++- 5 files changed, 47 insertions(+), 4 deletions(-) create mode 100644 verification/verifast/proof/ready_list_predicates.h diff --git a/tasks.c b/tasks.c index 43c4f7cbfaa..0737e560653 100644 --- a/tasks.c +++ b/tasks.c @@ -30,6 +30,7 @@ */ //@ #include + //@ #include "list.gh" /* The following includes will be visible to VeriFast in the preprocessed * code. VeriFast requires includes to occur befor definitions. Hence, @@ -37,6 +38,8 @@ * ones. */ //VF_include #include "FreeRTOSConfig.h" + + //VF_macro #define NULL 0 #endif /* VERIFAST */ @@ -64,6 +67,7 @@ #include "verifast_proof_defs.h" #include "stack_predicates.h" #include "task_predicates.h" + #include "ready_list_predicates.h" #include "verifast_RP2040_axioms.h" #include "verifast_prelude_extended.h" #include "verifast_bitops_extended.h" @@ -4160,8 +4164,15 @@ void vTaskSwitchContext( BaseType_t xCoreID ) // "This potentially side-effecting expression is not supported in this position, because of C's unspecified evaluation order" // // TODO: Inspect reason. - TaskHandle_t handle = pxCurrentTCB; - UBaseType_t nesting = handle->uxCriticalNesting; + TaskHandle_t currentHandle = pxCurrentTCB; + //@ open taskISRLockInv(); + //@ assert( foreach(?tasks, _) ); + //@ foreach_remove(currentHandle, tasks); + //@ open absTCB_p(currentHandle); + //@ open TCB_p(currentHandle, _); + //@ assert( currentHandle->uxCriticalNesting |-> _ ); + //@ assert( tskTaskControlBlock_uxCriticalNesting(currentHandle, _) ); + UBaseType_t nesting = currentHandle->uxCriticalNesting; configASSERT( nesting == 0 ); } #else diff --git a/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh b/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh index 3e95c833b8d..7a1abe51666 100755 --- a/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh +++ b/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh @@ -49,6 +49,7 @@ rewrite "const [*]" "*" echo "Uncomment special includes to allow VeriFast proofs to refer to config macros" rewrite "//VF_include #include" "#include" +rewrite "//VF_macro #" "#" #echo "VF RW: 'long unsigned int' -> 'unsinged long int'" #echo "backup : $VF_RW_WD/$SOURCE_FILE.backup-$BACKUP_IDX" diff --git a/verification/verifast/proof/ready_list_predicates.h b/verification/verifast/proof/ready_list_predicates.h new file mode 100644 index 00000000000..5918d6b904e --- /dev/null +++ b/verification/verifast/proof/ready_list_predicates.h @@ -0,0 +1,8 @@ +#ifndef READY_LIST_PREDICATES_H +#define READY_LIST_PREDICATES_H + +/*@ +predicate readyLists_p(); +@*/ + +#endif /* READY_LIST_PREDICATES_H */ \ No newline at end of file diff --git a/verification/verifast/proof/task_predicates.h b/verification/verifast/proof/task_predicates.h index 9fd1346070a..e2e7f91524e 100644 --- a/verification/verifast/proof/task_predicates.h +++ b/verification/verifast/proof/task_predicates.h @@ -72,7 +72,7 @@ predicate TCB_p(TCB_t * tcb, uint32_t ulFreeBytesOnStack) = // Assumes macro `configMAX_TASK_NAME_LEN` evaluates to 16. chars_(tcb->pcTaskName, 16, _) &*& - tcb->uxCriticalNesting |-> _ &*& + tcb->uxCriticalNesting |-> ?uxCriticalNesting &*& tcb->uxTCBNumber |-> _ &*& tcb->uxTaskNumber |-> _ &*& tcb->uxBasePriority |-> _ &*& @@ -87,6 +87,10 @@ predicate TCB_p(TCB_t * tcb, uint32_t ulFreeBytesOnStack) = uchars((unsigned char*) tcb->ucNotifyState, 1, _) &*& tcb->ucDelayAborted |-> _; + + +predicate absTCB_p(TCB_t* tcb) = + TCB_p(tcb, _); @*/ #endif /* TASKS_GH */ \ No newline at end of file diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/verification/verifast/proof/verifast_lock_predicates.h index 57d1fd1e986..d8badb047b1 100644 --- a/verification/verifast/proof/verifast_lock_predicates.h +++ b/verification/verifast/proof/verifast_lock_predicates.h @@ -1,6 +1,15 @@ #ifndef VERIFAST_LOCK_PREDICATES_H #define VERIFAST_LOCK_PREDICATES_H + + +// +/*@ +// Declare predicate defined in "task_predicates.h" +// Why does including that header not solve them problem? +//predicate absTCB_p(TCB_t* tcb); +@*/ + /* We follow a minimalistic approach during the definition of the * lock predicates. So far, the only encapsulate the resources and * invariants required to verify `vTaskSwitchContext`. @@ -118,7 +127,17 @@ predicate isrLockInv() = fixpoint int taskISRLockID_f(); predicate taskISRLockInv() = - integer_((int*) &uxSchedulerSuspended, sizeof(UBaseType_t), false, _); + integer_((int*) &uxSchedulerSuspended, sizeof(UBaseType_t), false, _) &*& + readyLists_p() &*& + // `allTasks` stores pointers to all currently valid tasks (i.e. TCB_t instances) + foreach(?tasks, absTCB_p) &*& + // If a task is scheduled, it must be valid + [0.5]pointer(&pxCurrentTCBs[coreID_f()], ?scheduledTask) &*& + scheduledTask != NULL + ? mem(scheduledTask, tasks) == true + : true + &*& + true; lemma void get_taskISRLockInv(); From 360afe43748d39a95aac10745d8ad3f8170ee287 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 16 Nov 2022 10:37:12 -0500 Subject: [PATCH 110/289] Cleaned up lock predicate header. --- tasks.c | 3 +- .../verifast/proof/verifast_lock_predicates.h | 68 ++----------------- 2 files changed, 7 insertions(+), 64 deletions(-) diff --git a/tasks.c b/tasks.c index 0737e560653..ea28c42b607 100644 --- a/tasks.c +++ b/tasks.c @@ -1328,8 +1328,7 @@ static void prvYieldForTask( TCB_t * pxTCB, // We assume that macro `configMAX_TASK_NAME_LEN` evaluates to 16. chars(pcName, 16, _) &*& *pxCreatedTask |-> _ &*& - interruptState_p(?coreID, _) &*& - unprotectedGlobalVars(); + interruptState_p(?coreID, _); @*/ //@ ensures true; #if ( ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) ) diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/verification/verifast/proof/verifast_lock_predicates.h index d8badb047b1..87bd6d29670 100644 --- a/verification/verifast/proof/verifast_lock_predicates.h +++ b/verification/verifast/proof/verifast_lock_predicates.h @@ -3,12 +3,6 @@ -// -/*@ -// Declare predicate defined in "task_predicates.h" -// Why does including that header not solve them problem? -//predicate absTCB_p(TCB_t* tcb); -@*/ /* We follow a minimalistic approach during the definition of the * lock predicates. So far, the only encapsulate the resources and @@ -18,39 +12,14 @@ */ -/*@ -// We assume tha `configNUM_CORES` evaluates to 1. -// TODO: Parametrise in terms of `configNUM_CORES`. -// PROBLEM: Shouldn't `configNUM_CORES` be greater than 1? -predicate otherGlobalVars() = - integer_(&uxCurrentNumberOfTasks, sizeof(UBaseType_t), false, _) - &*& - integer_(&xTickCount, sizeof(TickType_t), false, _) - &*& - integer_(&uxTopReadyPriority, sizeof(UBaseType_t), false, _) - &*& - integer_(&xSchedulerRunning, sizeof(BaseType_t), true, _) - &*& - integer_(&xPendedTicks, sizeof(TickType_t), false, _) - &*& - integers_(&xYieldPendings, sizeof(BaseType_t), true, configNUM_CORES, _) - &*& - integer_(&uxTaskNumber, sizeof(UBaseType_t), false, _) - &*& - integer_(&xNextTaskUnblockTime, sizeof(TickType_t), false, _) - &*& - pointers(&xIdleTaskHandle, configNUM_CORES, _); - -predicate unprotectedGlobalVars() = - [_] integer_(&xSchedulerRunning, sizeof(BaseType_t), true, _); - - -@*/ /* ---------------------------------------------------------------------- - * Core local variables and access restrictions + * Core local data and access restrictions. + * Some data in FreeRTOS such as the pointer to TCB of the task running + * on core `C` may only be accessed from core `C`. Such core-local data + * protected by deactivating interrupts. */ /*@ @@ -62,9 +31,6 @@ predicate coreLocalGlobalVars_p() = pointer(&pxCurrentTCBs[coreID_f], _); predicate coreLocalLocked(uint32_t coreID); - -//lemma acquireCoreLocalPermissions(); -//requires interruptState_p @*/ @@ -86,11 +52,7 @@ predicate locked(list< pair > lockHistory); fixpoint int taskLockID_f(); // Represents an acquired task lock. -predicate taskLock(); - -// Represents an acquired task lock. -// `f` is the fraction held for the unacquired lock. -//predicate taskLocked(real f); +predicate taskLock(); // Represents the invariant associated with the the task lock, i.e., // access permissions to the resources protected by the lock. @@ -105,11 +67,7 @@ predicate taskLockInv(); fixpoint int isrLockID_f(); // Represents an unacquired ISR lock. -predicate isrLock(); - -// Represents an acquired ISR lock. -// `f` is the fraction held for the unacquired lock. -predicate isrLocked(real f); +predicate isrLock(); // Represents the invariant associated with the the ISR lock, i.e., // access permissions to the resources protected by the lock. @@ -151,20 +109,6 @@ ensures locked( cons( pair(_, taskISRLockID_f()), heldLocks) ) &*& -/* -void vf_validate_lock_predicate() -//@ requires module(tasks__pp, true); -//@ ensures true; -{ - //@ open_module(); - uxCurrentNumberOfTasks = 0; - - ///@ coreID_f_range(); - ///@ close coreLocalGlobalVars(); - ///@ close otherGlobalVars(); -} -*/ - From dbf03a0ab2955a7eec9aa319938ca5e71d860bb0 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 16 Nov 2022 10:55:25 -0500 Subject: [PATCH 111/289] Introduced predicates to differentiate between public and private parts of a TCB. --- verification/verifast/proof/task_predicates.h | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/verification/verifast/proof/task_predicates.h b/verification/verifast/proof/task_predicates.h index e2e7f91524e..cf02d2d5b73 100644 --- a/verification/verifast/proof/task_predicates.h +++ b/verification/verifast/proof/task_predicates.h @@ -93,4 +93,19 @@ predicate absTCB_p(TCB_t* tcb) = TCB_p(tcb, _); @*/ +/*@ +// We have to segment TCBs into: +// (i) public parts that can be accessed by anyone after +// following the appropriote synchronization steps and +// (ii) private parts that may only be used by the task itself +// which the TCB represents +// +// The predicates below will be expanded iteratively. + +predicate prvTCB_p(TCB_t* tcb, uint32_t ulFreeBytesOnStack); + +predicate pubTCB_p(TCB_t* tcb) = + tcb->uxCriticalNesting |-> ?uxCriticalNesting; +@*/ + #endif /* TASKS_GH */ \ No newline at end of file From 327423ef670f57a7c75df3964e461835db13a870 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 16 Nov 2022 11:25:37 -0500 Subject: [PATCH 112/289] TCB of currently scheduled task on core C is interrupt protected on core C. Updated invariants to reflect that. --- tasks.c | 16 +++++++--------- verification/verifast/proof/task_predicates.h | 4 ++-- .../verifast/proof/verifast_lock_predicates.h | 14 ++++++++------ 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/tasks.c b/tasks.c index ea28c42b607..e36ee9ce13d 100644 --- a/tasks.c +++ b/tasks.c @@ -4134,7 +4134,10 @@ void vTaskSwitchContext( BaseType_t xCoreID ) interruptState_p(xCoreID, ?state) &*& xCoreID == coreID_f() &*& interruptsDisabled_f(state) == true &*& - coreLocalGlobalVars_p(); + // opened predicate `coreLocalGlobalVars_p()` + pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB) &*& + pubTCB_p(gCurrentTCB, 0); + @*/ //@ ensures true; { @@ -4149,7 +4152,6 @@ void vTaskSwitchContext( BaseType_t xCoreID ) portGET_TASK_LOCK(); /* Must always acquire the task lock first */ portGET_ISR_LOCK(); //@ get_taskISRLockInv(); - //@ open coreLocalGlobalVars_p(); { /* vTaskSwitchContext() must never be called from within a critical section. * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */ @@ -4164,13 +4166,9 @@ void vTaskSwitchContext( BaseType_t xCoreID ) // // TODO: Inspect reason. TaskHandle_t currentHandle = pxCurrentTCB; - //@ open taskISRLockInv(); - //@ assert( foreach(?tasks, _) ); - //@ foreach_remove(currentHandle, tasks); - //@ open absTCB_p(currentHandle); - //@ open TCB_p(currentHandle, _); - //@ assert( currentHandle->uxCriticalNesting |-> _ ); - //@ assert( tskTaskControlBlock_uxCriticalNesting(currentHandle, _) ); + //@ assert( currentHandle == gCurrentTCB ); + ///@ open taskISRLockInv(); + //@ open pubTCB_p(gCurrentTCB, 0); UBaseType_t nesting = currentHandle->uxCriticalNesting; configASSERT( nesting == 0 ); } diff --git a/verification/verifast/proof/task_predicates.h b/verification/verifast/proof/task_predicates.h index cf02d2d5b73..f3834bff663 100644 --- a/verification/verifast/proof/task_predicates.h +++ b/verification/verifast/proof/task_predicates.h @@ -104,8 +104,8 @@ predicate absTCB_p(TCB_t* tcb) = predicate prvTCB_p(TCB_t* tcb, uint32_t ulFreeBytesOnStack); -predicate pubTCB_p(TCB_t* tcb) = - tcb->uxCriticalNesting |-> ?uxCriticalNesting; +predicate pubTCB_p(TCB_t* tcb, UBaseType_t uxCriticalNesting) = + tcb->uxCriticalNesting |-> uxCriticalNesting; @*/ #endif /* TASKS_GH */ \ No newline at end of file diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/verification/verifast/proof/verifast_lock_predicates.h index 87bd6d29670..512e9df91f8 100644 --- a/verification/verifast/proof/verifast_lock_predicates.h +++ b/verification/verifast/proof/verifast_lock_predicates.h @@ -87,14 +87,16 @@ fixpoint int taskISRLockID_f(); predicate taskISRLockInv() = integer_((int*) &uxSchedulerSuspended, sizeof(UBaseType_t), false, _) &*& readyLists_p() &*& + // Update: The current task on this core is interrupt protected. + // TODO: Exclude from `allTasks`. // `allTasks` stores pointers to all currently valid tasks (i.e. TCB_t instances) - foreach(?tasks, absTCB_p) &*& + //foreach(?tasks, absTCB_p) &*& // If a task is scheduled, it must be valid - [0.5]pointer(&pxCurrentTCBs[coreID_f()], ?scheduledTask) &*& - scheduledTask != NULL - ? mem(scheduledTask, tasks) == true - : true - &*& + //[0.5]pointer(&pxCurrentTCBs[coreID_f()], ?scheduledTask) &*& + //scheduledTask != NULL + // ? mem(scheduledTask, tasks) == true + // : true + //&*& true; From d63a8f83cde88d7912561c8f2b06cdadcdab20cb Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 16 Nov 2022 11:31:12 -0500 Subject: [PATCH 113/289] Renamed predicate encapsulating access permissions to core local variables to `coreLocalInterruptInv_p`. --- tasks.c | 6 +++--- verification/verifast/proof/verifast_lock_predicates.h | 2 +- verification/verifast/proof/verifast_port_contracts.h | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/tasks.c b/tasks.c index e36ee9ce13d..8ee8ae71a9f 100644 --- a/tasks.c +++ b/tasks.c @@ -4134,7 +4134,7 @@ void vTaskSwitchContext( BaseType_t xCoreID ) interruptState_p(xCoreID, ?state) &*& xCoreID == coreID_f() &*& interruptsDisabled_f(state) == true &*& - // opened predicate `coreLocalGlobalVars_p()` + // opened predicate `coreLocalInterruptInv_p()` pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB) &*& pubTCB_p(gCurrentTCB, 0); @@ -5305,9 +5305,9 @@ static void prvResetNextTaskUnblockTime( void ) uint32_t ulState; ulState = portDISABLE_INTERRUPTS(); - //@ open coreLocalGlobalVars_p(); + //@ open coreLocalInterruptInv_p(); xReturn = pxCurrentTCBs[ portGET_CORE_ID() ]; - //@ close coreLocalGlobalVars_p(); + //@ close coreLocalInterruptInv_p(); portRESTORE_INTERRUPTS( ulState ); return xReturn; diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/verification/verifast/proof/verifast_lock_predicates.h index 512e9df91f8..f3b3fcbfb26 100644 --- a/verification/verifast/proof/verifast_lock_predicates.h +++ b/verification/verifast/proof/verifast_lock_predicates.h @@ -27,7 +27,7 @@ predicate interruptState_p(uint32_t coreID, uint32_t state); fixpoint bool interruptsDisabled_f(uint32_t); -predicate coreLocalGlobalVars_p() = +predicate coreLocalInterruptInv_p() = pointer(&pxCurrentTCBs[coreID_f], _); predicate coreLocalLocked(uint32_t coreID); diff --git a/verification/verifast/proof/verifast_port_contracts.h b/verification/verifast/proof/verifast_port_contracts.h index 86bef0a9750..b2c9b145a4f 100644 --- a/verification/verifast/proof/verifast_port_contracts.h +++ b/verification/verifast/proof/verifast_port_contracts.h @@ -35,7 +35,7 @@ uint32_t VF__portDISABLE_INTERRUPTS(); /*@ ensures result == state &*& interruptState_p(coreID, ?newState) &*& interruptsDisabled_f(newState) == true &*& - coreLocalGlobalVars_p(); + coreLocalInterruptInv_p(); @*/ #undef portRESTORE_INTERRUPTS @@ -43,7 +43,7 @@ uint32_t VF__portDISABLE_INTERRUPTS(); void VF__portRESTORE_INTERRUPTS(uint32_t ulState); /*@ requires interruptState_p(?coreID, ?tmpState) &*& interruptsDisabled_f(tmpState) == true - ? coreLocalGlobalVars_p() + ? coreLocalInterruptInv_p() : true; @*/ /*@ ensures interruptState_p(coreID, ulState); From 54523ecdcec6497ccdf1959d3209f867c9ad5983 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 16 Nov 2022 13:53:22 -0500 Subject: [PATCH 114/289] Included global variables `pxCurrentTCBs` and `pxYieldingPendings` in interrupt invariant. --- tasks.c | 4 +++- verification/verifast/proof/verifast_lock_predicates.h | 5 ++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/tasks.c b/tasks.c index 8ee8ae71a9f..4f0f498c24b 100644 --- a/tasks.c +++ b/tasks.c @@ -4136,7 +4136,8 @@ void vTaskSwitchContext( BaseType_t xCoreID ) interruptsDisabled_f(state) == true &*& // opened predicate `coreLocalInterruptInv_p()` pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB) &*& - pubTCB_p(gCurrentTCB, 0); + pubTCB_p(gCurrentTCB, 0) &*& + integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _); @*/ //@ ensures true; @@ -4176,6 +4177,7 @@ void vTaskSwitchContext( BaseType_t xCoreID ) configASSERT( pxCurrentTCB->uxCriticalNesting == 0 ); #endif /* VERIFAST */ + //@ open taskISRLockInv(); if( uxSchedulerSuspended != ( UBaseType_t ) pdFALSE ) { /* The scheduler is currently suspended - do not allow a context diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/verification/verifast/proof/verifast_lock_predicates.h index f3b3fcbfb26..4a0324bec30 100644 --- a/verification/verifast/proof/verifast_lock_predicates.h +++ b/verification/verifast/proof/verifast_lock_predicates.h @@ -28,7 +28,10 @@ predicate interruptState_p(uint32_t coreID, uint32_t state); fixpoint bool interruptsDisabled_f(uint32_t); predicate coreLocalInterruptInv_p() = - pointer(&pxCurrentTCBs[coreID_f], _); + pointer(&pxCurrentTCBs[coreID_f], ?currentTCB) &*& + pubTCB_p(currentTCB, 0) &*& + integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _); + predicate coreLocalLocked(uint32_t coreID); @*/ From 4eb2fa573e352565ea6819bc23931d449a7c52c8 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 16 Nov 2022 14:18:03 -0500 Subject: [PATCH 115/289] Wrote contracts for lock release operations. --- tasks.c | 4 +++- .../verifast/proof/verifast_lock_predicates.h | 8 +++++++- .../verifast/proof/verifast_port_contracts.h | 17 +++++++++++++++-- 3 files changed, 25 insertions(+), 4 deletions(-) diff --git a/tasks.c b/tasks.c index 4f0f498c24b..abf0b167089 100644 --- a/tasks.c +++ b/tasks.c @@ -4152,7 +4152,7 @@ void vTaskSwitchContext( BaseType_t xCoreID ) portGET_TASK_LOCK(); /* Must always acquire the task lock first */ portGET_ISR_LOCK(); - //@ get_taskISRLockInv(); + //@ produce_taskISRLockInv(); { /* vTaskSwitchContext() must never be called from within a critical section. * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */ @@ -4253,6 +4253,8 @@ void vTaskSwitchContext( BaseType_t xCoreID ) #endif /* ( configUSE_NEWLIB_REENTRANT == 1 ) && ( configNEWLIB_REENTRANT_IS_DYNAMIC == 0 ) */ } } + //@ close taskISRLockInv(); + //@ consume_taskISRLockInv(); portRELEASE_ISR_LOCK(); portRELEASE_TASK_LOCK(); } diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/verification/verifast/proof/verifast_lock_predicates.h index 4a0324bec30..948b4d93d87 100644 --- a/verification/verifast/proof/verifast_lock_predicates.h +++ b/verification/verifast/proof/verifast_lock_predicates.h @@ -103,13 +103,19 @@ predicate taskISRLockInv() = true; -lemma void get_taskISRLockInv(); +lemma void produce_taskISRLockInv(); requires locked(?heldLocks) &*& heldLocks == cons(?i, cons(?t, nil)) &*& i == pair(?f_isr, isrLockID_f()) &*& t == pair(?f_task, taskLockID_f()); ensures locked( cons( pair(_, taskISRLockID_f()), heldLocks) ) &*& taskISRLockInv(); + + +lemma void consume_taskISRLockInv(); +requires locked( cons( pair(_, taskISRLockID_f()), ?otherLocks) ) &*& + taskISRLockInv(); +ensures locked(otherLocks); @*/ diff --git a/verification/verifast/proof/verifast_port_contracts.h b/verification/verifast/proof/verifast_port_contracts.h index b2c9b145a4f..c2af62d396e 100644 --- a/verification/verifast/proof/verifast_port_contracts.h +++ b/verification/verifast/proof/verifast_port_contracts.h @@ -53,12 +53,25 @@ void VF__portRESTORE_INTERRUPTS(uint32_t ulState); #define portGET_TASK_LOCK VF__portGET_TASK_LOCK void VF__portGET_TASK_LOCK(); //@ requires [?f]taskLock() &*& locked(nil); -//@ ensures taskLockInv() &*& locked( cons( pair(f, taskLockID_f), nil) ); +//@ ensures taskLockInv() &*& locked( cons( pair(f, taskLockID_f()), nil) ); + +#undef portRELEASE_TASK_LOCK +#define portRELEASE_TASK_LOCK VF__portRELEASE_TASK_LOCK +void VF__portRELEASE_TASK_LOCK(); +//@ requires taskLockInv() &*& locked( cons( pair(?f, taskLockID_f()), nil) ); +//@ ensures [f]taskLock() &*& locked(nil); #undef portGET_ISR_LOCK #define portGET_ISR_LOCK VF__portGET_ISR_LOCK void VF__portGET_ISR_LOCK(); //@ requires [?f]isrLock() &*& locked(?heldLocks); -//@ ensures isrLockInv() &*& locked( cons( pair(f, isrLockID_f), heldLocks) ); +//@ ensures isrLockInv() &*& locked( cons( pair(f, isrLockID_f()), heldLocks) ); + +#undef portRELEASE_ISR_LOCK +#define portRELEASE_ISR_LOCK VF__portRELEASE_ISR_LOCK +void VF__portRELEASE_ISR_LOCK(); +//@ requires isrLockInv() &*& locked( cons( pair(?f, isrLockID_f()), ?heldLocks) ); +//@ ensures [f]isrLock() &*& locked(heldLocks); + #endif /* VERIFAST_PORT_CONTRACTS_H */ \ No newline at end of file From b330847935742f70c761c71c008c52779ef94772 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 16 Nov 2022 14:26:37 -0500 Subject: [PATCH 116/289] Added preliminary post condition for `vTaskSwitchContext` --- tasks.c | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/tasks.c b/tasks.c index abf0b167089..cc7ab6f4d60 100644 --- a/tasks.c +++ b/tasks.c @@ -4128,19 +4128,30 @@ BaseType_t xTaskIncrementTick( void ) void vTaskSwitchContext( BaseType_t xCoreID ) /*@ requires 0 <= xCoreID &*& xCoreID < configNUM_CORES &*& - locked(nil) &*& - [?f_ISR]isrLock() &*& - [?f_task]taskLock() &*& - interruptState_p(xCoreID, ?state) &*& - xCoreID == coreID_f() &*& - interruptsDisabled_f(state) == true &*& - // opened predicate `coreLocalInterruptInv_p()` + xCoreID == coreID_f() &*& + // access to locks and disabled interrupts + locked(nil) &*& + [?f_ISR]isrLock() &*& + [?f_task]taskLock() &*& + interruptState_p(xCoreID, ?state) &*& + interruptsDisabled_f(state) == true &*& + // opened predicate `coreLocalInterruptInv_p()` pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB) &*& pubTCB_p(gCurrentTCB, 0) &*& integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _); @*/ -//@ ensures true; +/*@ ensures // all locks release and interrupts remain disabled + locked(nil) &*& + [f_ISR]isrLock() &*& + [f_task]taskLock() &*& + interruptState_p(xCoreID, state) &*& + // opened predicate `coreLocalInterruptInv_p()` + pointer(&pxCurrentTCBs[coreID_f], ?gNewCurrentTCB) &*& + pubTCB_p(gNewCurrentTCB, 0) &*& + integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _); + // Remark: the part of the post condition relating to TCBs will have to change. +@*/ { /* Acquire both locks: * - The ISR lock protects the ready list from simultaneous access by @@ -4253,6 +4264,7 @@ void vTaskSwitchContext( BaseType_t xCoreID ) #endif /* ( configUSE_NEWLIB_REENTRANT == 1 ) && ( configNEWLIB_REENTRANT_IS_DYNAMIC == 0 ) */ } } + //@ close pubTCB_p(gCurrentTCB, 0); //@ close taskISRLockInv(); //@ consume_taskISRLockInv(); portRELEASE_ISR_LOCK(); From 7675b3bbe4c5f26210dcf1b24b77209751497b8f Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 16 Nov 2022 15:28:33 -0500 Subject: [PATCH 117/289] Rewrote macro `taskCHECK_FOR_STACK_OVERFLOW` such that VF can handle it. --- include/stack_macros.h | 48 ++++++++++++++++++++++++++++++------------ 1 file changed, 35 insertions(+), 13 deletions(-) diff --git a/include/stack_macros.h b/include/stack_macros.h index a80613712e8..55fa33ee387 100644 --- a/include/stack_macros.h +++ b/include/stack_macros.h @@ -84,19 +84,41 @@ #if ( ( configCHECK_FOR_STACK_OVERFLOW > 1 ) && ( portSTACK_GROWTH < 0 ) ) - #define taskCHECK_FOR_STACK_OVERFLOW() \ - { \ - const uint32_t * const pulStack = ( uint32_t * ) pxCurrentTCB->pxStack; \ - const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; \ - \ - if( ( pulStack[ 0 ] != ulCheckValue ) || \ - ( pulStack[ 1 ] != ulCheckValue ) || \ - ( pulStack[ 2 ] != ulCheckValue ) || \ - ( pulStack[ 3 ] != ulCheckValue ) ) \ - { \ - vApplicationStackOverflowHook( ( TaskHandle_t ) pxCurrentTCB, pxCurrentTCB->pcTaskName ); \ - } \ - } + #ifdef VERIFAST + /* Reason for rewrite: + * VeriFast complains about unspecified evaluation order of + * `pxCurrentTCB->pxStack`. + * + */ + #define taskCHECK_FOR_STACK_OVERFLOW() \ + { \ + TCB_t* tcb = pxCurrentTCB; \ + const uint32_t * const pulStack = ( uint32_t * ) tcb->pxStack; \ + const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; \ + \ + if( ( pulStack[ 0 ] != ulCheckValue ) || \ + ( pulStack[ 1 ] != ulCheckValue ) || \ + ( pulStack[ 2 ] != ulCheckValue ) || \ + ( pulStack[ 3 ] != ulCheckValue ) ) \ + { \ + vApplicationStackOverflowHook( ( TaskHandle_t ) pxCurrentTCB, pxCurrentTCB->pcTaskName ); \ + } \ + } + #else + #define taskCHECK_FOR_STACK_OVERFLOW() \ + { \ + const uint32_t * const pulStack = ( uint32_t * ) pxCurrentTCB->pxStack; \ + const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; \ + \ + if( ( pulStack[ 0 ] != ulCheckValue ) || \ + ( pulStack[ 1 ] != ulCheckValue ) || \ + ( pulStack[ 2 ] != ulCheckValue ) || \ + ( pulStack[ 3 ] != ulCheckValue ) ) \ + { \ + vApplicationStackOverflowHook( ( TaskHandle_t ) pxCurrentTCB, pxCurrentTCB->pcTaskName ); \ + } \ + } + #endif /* VERIFAST */ #endif /* #if( configCHECK_FOR_STACK_OVERFLOW > 1 ) */ /*-----------------------------------------------------------*/ From 383a0558729eecd5b793d4ed3b1b4e96904b5fd5 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 16 Nov 2022 15:30:40 -0500 Subject: [PATCH 118/289] `taskCHECK_FOR_STACK_OVERFLOW` assumes minimal stack size. Updated stack predicate accordingly. --- verification/verifast/proof/stack_predicates.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/verification/verifast/proof/stack_predicates.h b/verification/verifast/proof/stack_predicates.h index 6c213472123..b8eb1560007 100644 --- a/verification/verifast/proof/stack_predicates.h +++ b/verification/verifast/proof/stack_predicates.h @@ -24,7 +24,11 @@ predicate stack_p_2(StackType_t * pxStack, integers_(pxTopOfStack + 1, sizeof(StackType_t), false, ulUsedCells, _) &*& // Unaligned rest unalignedRestOfStack_p((char*) pxStack + ulFreeBytes + sizeof(StackType_t) * ulUsedCells, - ulUnalignedBytes); + ulUnalignedBytes) &*& + // `taskCHECK_FOR_STACK_OVERFLOW` macro on RP2040 port expects minimal stack size + ulFreeBytes >= 0 &*& + ulUsedCells >= 0 &*& + ulFreeBytes + ulUsedCells * sizeof(StackType_t) >= 3 * sizeof(StackType_t); predicate unalignedRestOfStack_p(char* p, uint32_t ulUnalignedBytes) = chars(p, ulUnalignedBytes, _); From c3c350f8dc1032522d45b2044a2a8710228cb3ca Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 16 Nov 2022 15:31:49 -0500 Subject: [PATCH 119/289] `vTaskSwitchContext` now has access to the current task's stack. --- tasks.c | 23 +++++++++++++++---- verification/verifast/proof/task_predicates.h | 6 ++++- 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/tasks.c b/tasks.c index cc7ab6f4d60..72ec0d38773 100644 --- a/tasks.c +++ b/tasks.c @@ -4128,28 +4128,37 @@ BaseType_t xTaskIncrementTick( void ) void vTaskSwitchContext( BaseType_t xCoreID ) /*@ requires 0 <= xCoreID &*& xCoreID < configNUM_CORES &*& - xCoreID == coreID_f() &*& + xCoreID == coreID_f() + &*& // access to locks and disabled interrupts locked(nil) &*& [?f_ISR]isrLock() &*& [?f_task]taskLock() &*& interruptState_p(xCoreID, ?state) &*& - interruptsDisabled_f(state) == true &*& + interruptsDisabled_f(state) == true + &*& // opened predicate `coreLocalInterruptInv_p()` pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB) &*& pubTCB_p(gCurrentTCB, 0) &*& - integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _); + integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) + &*& + // read access to current task's stack pointer, etc + prvTCB_p(gCurrentTCB, ?ulFreeBytesOnStack); @*/ /*@ ensures // all locks release and interrupts remain disabled locked(nil) &*& [f_ISR]isrLock() &*& [f_task]taskLock() &*& - interruptState_p(xCoreID, state) &*& + interruptState_p(xCoreID, state) + &*& // opened predicate `coreLocalInterruptInv_p()` pointer(&pxCurrentTCBs[coreID_f], ?gNewCurrentTCB) &*& pubTCB_p(gNewCurrentTCB, 0) &*& - integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _); + integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) + &*& + // read access to current task's stack pointer, etc + prvTCB_p(gCurrentTCB, ulFreeBytesOnStack); // Remark: the part of the post condition relating to TCBs will have to change. @*/ { @@ -4229,6 +4238,10 @@ void vTaskSwitchContext( BaseType_t xCoreID ) #endif /* configGENERATE_RUN_TIME_STATS */ /* Check for stack overflow, if configured. */ + //@ open prvTCB_p(gCurrentTCB, ulFreeBytesOnStack); + //@ assert( stack_p_2(?pxStack, ?ulStackDepth, ?pxTopOfStack, ?ulFreeBytes, ?ulUsedCells, ?ulUnalignedBytes) ); + //@ open stack_p_2(pxStack, _, _, _, _, _); + //@ assert(ulFreeBytes + ulUsedCells >= 3 * sizeof(StackType_t) ); taskCHECK_FOR_STACK_OVERFLOW(); /* Before the currently running task is switched out, save its errno. */ diff --git a/verification/verifast/proof/task_predicates.h b/verification/verifast/proof/task_predicates.h index f3834bff663..df199649c77 100644 --- a/verification/verifast/proof/task_predicates.h +++ b/verification/verifast/proof/task_predicates.h @@ -102,7 +102,11 @@ predicate absTCB_p(TCB_t* tcb) = // // The predicates below will be expanded iteratively. -predicate prvTCB_p(TCB_t* tcb, uint32_t ulFreeBytesOnStack); +predicate prvTCB_p(TCB_t* tcb, uint32_t ulFreeBytesOnStack) = + tcb->pxStack |-> ?stackPtr &*& + tcb->pxTopOfStack |-> ?topPtr &*& + stack_p_2(stackPtr, ?ulStackDepth, topPtr, + ulFreeBytesOnStack, ?ulUsedCells, ?ulUnalignedBytes); predicate pubTCB_p(TCB_t* tcb, UBaseType_t uxCriticalNesting) = tcb->uxCriticalNesting |-> uxCriticalNesting; From a7d1ca343aa7c965f5c85b52e28a14876acadb12 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 16 Nov 2022 15:50:09 -0500 Subject: [PATCH 120/289] VF rewrite: Fixed an evaluation order in `taskCHECK_FOR_STACK_OVERFLOW`. --- include/stack_macros.h | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/include/stack_macros.h b/include/stack_macros.h index 55fa33ee387..cb18cb3a3d7 100644 --- a/include/stack_macros.h +++ b/include/stack_macros.h @@ -87,13 +87,14 @@ #ifdef VERIFAST /* Reason for rewrite: * VeriFast complains about unspecified evaluation order of - * `pxCurrentTCB->pxStack`. + * - `pxCurrentTCB->pxStack` + * - `vApplicationStackOverflowHook( ( TaskHandle_t ) pxCurrentTCB, pxCurrentTCB->pcTaskName );` * */ #define taskCHECK_FOR_STACK_OVERFLOW() \ { \ - TCB_t* tcb = pxCurrentTCB; \ - const uint32_t * const pulStack = ( uint32_t * ) tcb->pxStack; \ + TCB_t* tcb0 = pxCurrentTCB; \ + const uint32_t * const pulStack = ( uint32_t * ) tcb0->pxStack; \ const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; \ \ if( ( pulStack[ 0 ] != ulCheckValue ) || \ @@ -101,7 +102,9 @@ ( pulStack[ 2 ] != ulCheckValue ) || \ ( pulStack[ 3 ] != ulCheckValue ) ) \ { \ - vApplicationStackOverflowHook( ( TaskHandle_t ) pxCurrentTCB, pxCurrentTCB->pcTaskName ); \ + TCB_t* tcb1 = pxCurrentTCB; \ + TCB_t* tcb2 = pxCurrentTCB; \ + vApplicationStackOverflowHook( ( TaskHandle_t ) tcb1, tcb2->pcTaskName ); \ } \ } #else From 2f0b8bc82f1e1f62666a26f3809ea01208efd534 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 16 Nov 2022 16:08:15 -0500 Subject: [PATCH 121/289] Added proof steps outlining the verification of stack inspection. Also added TODOs concerning rewrites necessary for the verification of the macro. --- include/stack_macros.h | 2 ++ tasks.c | 14 ++++++++++++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/include/stack_macros.h b/include/stack_macros.h index cb18cb3a3d7..6351e14bbe4 100644 --- a/include/stack_macros.h +++ b/include/stack_macros.h @@ -84,6 +84,8 @@ #if ( ( configCHECK_FOR_STACK_OVERFLOW > 1 ) && ( portSTACK_GROWTH < 0 ) ) + /* TODO: Convert this macro into a function such that we can insert proof annotations. + */ #ifdef VERIFAST /* Reason for rewrite: * VeriFast complains about unspecified evaluation order of diff --git a/tasks.c b/tasks.c index 72ec0d38773..1cc9b064e65 100644 --- a/tasks.c +++ b/tasks.c @@ -4240,8 +4240,18 @@ void vTaskSwitchContext( BaseType_t xCoreID ) /* Check for stack overflow, if configured. */ //@ open prvTCB_p(gCurrentTCB, ulFreeBytesOnStack); //@ assert( stack_p_2(?pxStack, ?ulStackDepth, ?pxTopOfStack, ?ulFreeBytes, ?ulUsedCells, ?ulUnalignedBytes) ); - //@ open stack_p_2(pxStack, _, _, _, _, _); - //@ assert(ulFreeBytes + ulUsedCells >= 3 * sizeof(StackType_t) ); + //@ open stack_p_2(_, _, _, _, _, _); + // The detour below allows us to skip proving that `ulFreeBytes` is a multiple of `sizeof(StackType_t)`. + //@ integers__to_chars(pxTopOfStack+1); + //@ chars_join((char*) pxStack); + //@ chars_to_integers_(pxStack, sizeof(StackType_t), false, 3); + // Converting the stack memory into a char squence is allows us to + // verify the inspection of the stack inside this macro. + // However, we the macro contains a call to `vApplicationStackOverflowHook` + // which expects access to the entire TCB. Therefore, we have to close + // the prvTCB_p predicate inside the macro. + // TODO: Convert the macro into a function and push the proof steps + // above into this function. taskCHECK_FOR_STACK_OVERFLOW(); /* Before the currently running task is switched out, save its errno. */ From d3bda01f16925f3343e4e5aee4a04d7adb16da30 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 17 Nov 2022 09:20:21 -0500 Subject: [PATCH 122/289] Verified macro `taskCHECK_FOR_STACK_OVERFLOW`. --- include/stack_macros.h | 56 +++++++++++++++++-- include/task.h | 6 ++ tasks.c | 23 +++++++- .../verifast/proof/stack_predicates.h | 2 +- .../verifast/start-vfide--preprocessed.sh | 2 +- 5 files changed, 81 insertions(+), 8 deletions(-) diff --git a/include/stack_macros.h b/include/stack_macros.h index 6351e14bbe4..926e7743d70 100644 --- a/include/stack_macros.h +++ b/include/stack_macros.h @@ -93,21 +93,67 @@ * - `vApplicationStackOverflowHook( ( TaskHandle_t ) pxCurrentTCB, pxCurrentTCB->pcTaskName );` * */ - #define taskCHECK_FOR_STACK_OVERFLOW() \ - { \ + #define taskCHECK_FOR_STACK_OVERFLOW() VF__taskCHECK_FOR_STACK_OVERFLOW() + + void VF__taskCHECK_FOR_STACK_OVERFLOW() + /*@ requires prvTCB_p(?gCurrentTCB, ?ulFreeBytesOnStack) &*& + pubTCB_p(gCurrentTCB, ?uxCriticalNesting) &*& + // chunks required by `pxCurrentTCB` aka `xTaskGetCurrentTaskHandle()` + interruptState_p(coreID_f(), ?state) &*& + interruptsDisabled_f(state) == true &*& + pointer(&pxCurrentTCBs[coreID_f], gCurrentTCB); + @*/ + /*@ ensures prvTCB_p(gCurrentTCB, ulFreeBytesOnStack) &*& + pubTCB_p(gCurrentTCB, uxCriticalNesting) &*& + // chunks required by `pxCurrentTCB` aka `xTaskGetCurrentTaskHandle()` + interruptState_p(coreID_f(), state) &*& + interruptsDisabled_f(state) == true &*& + pointer(&pxCurrentTCBs[coreID_f], gCurrentTCB); \ + @*/ \ + { \ + /*@ open prvTCB_p(gCurrentTCB, ulFreeBytesOnStack); @*/ \ + /*@ assert( stack_p_2(?pxStack, ?ulStackDepth, ?pxTopOfStack, \ + ?ulFreeBytes, ?ulUsedCells, ?ulUnalignedBytes) ); \ + @*/ \ + /*@ open stack_p_2(_, _, _, _, _, _); @*/ \ + /* The detour below allows us to skip proving that `ulFreeBytes` \ + * is a multiple of `sizeof(StackType_t)`. \ + */ \ + /*@ integers__to_chars(pxTopOfStack+1); @*/ \ + /*@ chars_join((char*) pxStack); @*/ \ + /*@ chars_to_integers_(pxStack, sizeof(StackType_t), false, 4); @*/ \ TCB_t* tcb0 = pxCurrentTCB; \ - const uint32_t * const pulStack = ( uint32_t * ) tcb0->pxStack; \ + const uint32_t * const pulStack = ( uint32_t * ) tcb0->pxStack; \ const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; \ - \ + \ + /*@ bool gOverflow = false; @*/ \ if( ( pulStack[ 0 ] != ulCheckValue ) || \ ( pulStack[ 1 ] != ulCheckValue ) || \ ( pulStack[ 2 ] != ulCheckValue ) || \ ( pulStack[ 3 ] != ulCheckValue ) ) \ { \ + /*@ gOverflow = true; @*/ \ + /*@ integers__to_chars(pxStack); @*/ \ + /*@ chars_join((char*) pxStack); @*/ \ + /*@ chars_split((char*) pxStack, ulFreeBytesOnStack); @*/ \ + /*@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, \ + ulFreeBytes, ulUsedCells, ulUnalignedBytes); \ + @*/ \ + /*@ close prvTCB_p(gCurrentTCB, ulFreeBytesOnStack); @*/ \ TCB_t* tcb1 = pxCurrentTCB; \ TCB_t* tcb2 = pxCurrentTCB; \ - vApplicationStackOverflowHook( ( TaskHandle_t ) tcb1, tcb2->pcTaskName ); \ + vApplicationStackOverflowHook( ( TaskHandle_t ) tcb1, tcb2->pcTaskName ); \ + } \ + /*@ \ + if(!gOverflow) { \ + integers__to_chars(pxStack); \ + chars_join((char*) pxStack); \ + chars_split((char*) pxStack, ulFreeBytesOnStack); \ + close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, \ + ulFreeBytes, ulUsedCells, ulUnalignedBytes); \ + close prvTCB_p(gCurrentTCB, ulFreeBytesOnStack); \ } \ + @*/ \ } #else #define taskCHECK_FOR_STACK_OVERFLOW() \ diff --git a/include/task.h b/include/task.h index 8bc75d1f333..7afb9743cb8 100644 --- a/include/task.h +++ b/include/task.h @@ -1863,6 +1863,12 @@ configSTACK_DEPTH_TYPE uxTaskGetStackHighWaterMark2( TaskHandle_t xTask ) PRIVIL */ void vApplicationStackOverflowHook( TaskHandle_t xTask, char * pcTaskName ); + /*@ requires prvTCB_p(xTask, ?ulFreeBytesOnStack) &*& + pubTCB_p(xTask, ?uxCriticalNesting); + @*/ + /*@ ensures prvTCB_p(xTask, ulFreeBytesOnStack) &*& + pubTCB_p(xTask, uxCriticalNesting); + @*/ #endif diff --git a/tasks.c b/tasks.c index 1cc9b064e65..61bd1fc652a 100644 --- a/tasks.c +++ b/tasks.c @@ -56,7 +56,16 @@ #include "FreeRTOS.h" #include "task.h" #include "timers.h" -#include "stack_macros.h" + +#ifndef VERIFAST + /* Reason for rewrite: + * The stack macros rely on macros defined later in this file, e.g., + * `pxCurrentTCB`. We need to delay this inclusion until the task macros + * have been defined. Otherwise, VeriFast will report unknown symbols when + * checking the stack macro proofs. + */ + #include "stack_macros.h" +#endif /* VERIFAST */ /* Verifast proof setup * @@ -381,6 +390,18 @@ PRIVILEGED_DATA static List_t * volatile pxDelayedTaskList; /*< Poi PRIVILEGED_DATA static List_t * volatile pxOverflowDelayedTaskList; /*< Points to the delayed task list currently being used to hold tasks that have overflowed the current tick count. */ PRIVILEGED_DATA static List_t xPendingReadyList; /*< Tasks that have been readied while the scheduler was suspended. They will be moved to the ready list when the scheduler is resumed. */ + +#ifdef VERIFAST + /* Reason for rewrite: + * The stack macros rely on some of the macros defined above, e.g., + * `pxCurrentTCB`. We need to delay this inclusion until the relevant task + * macros have been defined. Otherwise, VeriFast will report unknown symbols + * when checking the stack macro proofs. + */ + #include "stack_macros.h" +#endif /* VERIFAST */ + + #if ( INCLUDE_vTaskDelete == 1 ) PRIVILEGED_DATA static List_t xTasksWaitingTermination; /*< Tasks that have been deleted - but their memory not yet freed. */ diff --git a/verification/verifast/proof/stack_predicates.h b/verification/verifast/proof/stack_predicates.h index b8eb1560007..00c295708e4 100644 --- a/verification/verifast/proof/stack_predicates.h +++ b/verification/verifast/proof/stack_predicates.h @@ -28,7 +28,7 @@ predicate stack_p_2(StackType_t * pxStack, // `taskCHECK_FOR_STACK_OVERFLOW` macro on RP2040 port expects minimal stack size ulFreeBytes >= 0 &*& ulUsedCells >= 0 &*& - ulFreeBytes + ulUsedCells * sizeof(StackType_t) >= 3 * sizeof(StackType_t); + ulFreeBytes + ulUsedCells * sizeof(StackType_t) >= 4 * sizeof(StackType_t); predicate unalignedRestOfStack_p(char* p, uint32_t ulUnalignedBytes) = chars(p, ulUnalignedBytes, _); diff --git a/verification/verifast/start-vfide--preprocessed.sh b/verification/verifast/start-vfide--preprocessed.sh index e81f5a77873..de528818fc3 100755 --- a/verification/verifast/start-vfide--preprocessed.sh +++ b/verification/verifast/start-vfide--preprocessed.sh @@ -13,7 +13,7 @@ PP_SCRIPT_DIR="$START_WD/custom_build_scripts_RP2040" PP_SCRIPT="./preprocess_tasks_c.sh" PP_TASK_C="$START_WD/preprocessed_files/tasks__pp.c" -FONT_SIZE=16 +FONT_SIZE=17 # Flags to SKIP expensive proofs: # - VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT From 63a8d73ecc9f54b005ba9e76a4931a58bf825645 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 17 Nov 2022 10:23:39 -0500 Subject: [PATCH 123/289] Apdated proof for `vTaskSwitchContext` to rely on the proof of `taskCHECK_FOR_STACK_OVERFLOW` --- tasks.c | 18 +++--------------- 1 file changed, 3 insertions(+), 15 deletions(-) diff --git a/tasks.c b/tasks.c index 61bd1fc652a..20418e47afa 100644 --- a/tasks.c +++ b/tasks.c @@ -894,6 +894,8 @@ static void prvYieldForTask( TCB_t * pxTCB, #if ( configUSE_PORT_OPTIMISED_TASK_SELECTION == 0 ) static BaseType_t prvSelectHighestPriorityTask( const BaseType_t xCoreID ) + //@ requires true; + //@ assert true; { UBaseType_t uxCurrentPriority = uxTopReadyPriority; BaseType_t xTaskScheduled = pdFALSE; @@ -4213,6 +4215,7 @@ void vTaskSwitchContext( BaseType_t xCoreID ) //@ open pubTCB_p(gCurrentTCB, 0); UBaseType_t nesting = currentHandle->uxCriticalNesting; configASSERT( nesting == 0 ); + //@ close pubTCB_p(gCurrentTCB, 0); } #else configASSERT( pxCurrentTCB->uxCriticalNesting == 0 ); @@ -4259,20 +4262,6 @@ void vTaskSwitchContext( BaseType_t xCoreID ) #endif /* configGENERATE_RUN_TIME_STATS */ /* Check for stack overflow, if configured. */ - //@ open prvTCB_p(gCurrentTCB, ulFreeBytesOnStack); - //@ assert( stack_p_2(?pxStack, ?ulStackDepth, ?pxTopOfStack, ?ulFreeBytes, ?ulUsedCells, ?ulUnalignedBytes) ); - //@ open stack_p_2(_, _, _, _, _, _); - // The detour below allows us to skip proving that `ulFreeBytes` is a multiple of `sizeof(StackType_t)`. - //@ integers__to_chars(pxTopOfStack+1); - //@ chars_join((char*) pxStack); - //@ chars_to_integers_(pxStack, sizeof(StackType_t), false, 3); - // Converting the stack memory into a char squence is allows us to - // verify the inspection of the stack inside this macro. - // However, we the macro contains a call to `vApplicationStackOverflowHook` - // which expects access to the entire TCB. Therefore, we have to close - // the prvTCB_p predicate inside the macro. - // TODO: Convert the macro into a function and push the proof steps - // above into this function. taskCHECK_FOR_STACK_OVERFLOW(); /* Before the currently running task is switched out, save its errno. */ @@ -4308,7 +4297,6 @@ void vTaskSwitchContext( BaseType_t xCoreID ) #endif /* ( configUSE_NEWLIB_REENTRANT == 1 ) && ( configNEWLIB_REENTRANT_IS_DYNAMIC == 0 ) */ } } - //@ close pubTCB_p(gCurrentTCB, 0); //@ close taskISRLockInv(); //@ consume_taskISRLockInv(); portRELEASE_ISR_LOCK(); From fb01980b63958c2919ed8195395b0a56f23d0e33 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 17 Nov 2022 12:08:38 -0500 Subject: [PATCH 124/289] Verified new contract for `xTaskGetCurrentTaskHandle`. --- tasks.c | 4 +--- verification/verifast/proof/verifast_port_contracts.h | 6 ++++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/tasks.c b/tasks.c index 20418e47afa..c847a145740 100644 --- a/tasks.c +++ b/tasks.c @@ -895,7 +895,7 @@ static void prvYieldForTask( TCB_t * pxTCB, static BaseType_t prvSelectHighestPriorityTask( const BaseType_t xCoreID ) //@ requires true; - //@ assert true; + //@ ensures true; { UBaseType_t uxCurrentPriority = uxTopReadyPriority; BaseType_t xTaskScheduled = pdFALSE; @@ -5353,9 +5353,7 @@ static void prvResetNextTaskUnblockTime( void ) uint32_t ulState; ulState = portDISABLE_INTERRUPTS(); - //@ open coreLocalInterruptInv_p(); xReturn = pxCurrentTCBs[ portGET_CORE_ID() ]; - //@ close coreLocalInterruptInv_p(); portRESTORE_INTERRUPTS( ulState ); return xReturn; diff --git a/verification/verifast/proof/verifast_port_contracts.h b/verification/verifast/proof/verifast_port_contracts.h index c2af62d396e..77c645b962b 100644 --- a/verification/verifast/proof/verifast_port_contracts.h +++ b/verification/verifast/proof/verifast_port_contracts.h @@ -35,14 +35,16 @@ uint32_t VF__portDISABLE_INTERRUPTS(); /*@ ensures result == state &*& interruptState_p(coreID, ?newState) &*& interruptsDisabled_f(newState) == true &*& - coreLocalInterruptInv_p(); + interruptsDisabled_f(state) == true + ? newState == state + : coreLocalInterruptInv_p(); @*/ #undef portRESTORE_INTERRUPTS #define portRESTORE_INTERRUPTS(ulState) VF__portRESTORE_INTERRUPTS(ulState) void VF__portRESTORE_INTERRUPTS(uint32_t ulState); /*@ requires interruptState_p(?coreID, ?tmpState) &*& - interruptsDisabled_f(tmpState) == true + (interruptsDisabled_f(tmpState) == true && interruptsDisabled_f(ulState) == false) ? coreLocalInterruptInv_p() : true; @*/ From 9b2871bc921b2e2b415bef4877b28fafdae6886f Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 17 Nov 2022 12:55:01 -0500 Subject: [PATCH 125/289] Formulated first version of contract for `prvSelectHighestPriorityTask` and adapted proof of `vTaskSwitchContext` accordingly. --- tasks.c | 41 +++++++++++++++++++++++++++++++++++++---- 1 file changed, 37 insertions(+), 4 deletions(-) diff --git a/tasks.c b/tasks.c index c847a145740..84f3c8b33aa 100644 --- a/tasks.c +++ b/tasks.c @@ -894,8 +894,40 @@ static void prvYieldForTask( TCB_t * pxTCB, #if ( configUSE_PORT_OPTIMISED_TASK_SELECTION == 0 ) static BaseType_t prvSelectHighestPriorityTask( const BaseType_t xCoreID ) - //@ requires true; - //@ ensures true; + /*@ requires 0 <= xCoreID &*& xCoreID < configNUM_CORES &*& + xCoreID == coreID_f() &*& + // interrupts are disabled and locks acquired + interruptState_p(xCoreID, ?state) &*& + interruptsDisabled_f(state) == true &*& + taskLockInv() &*& + isrLockInv() &*& + taskISRLockInv() + &*& + // opened predicate `coreLocalInterruptInv_p()` + pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB) &*& + pubTCB_p(gCurrentTCB, 0) &*& + integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) + &*& + // read access to current task's stack pointer, etc + prvTCB_p(gCurrentTCB, ?ulFreeBytesOnStack); + @*/ + /*@ ensures 0 <= xCoreID &*& xCoreID < configNUM_CORES &*& + xCoreID == coreID_f() &*& + // interrupts are disabled and locks acquired + interruptState_p(xCoreID, state) &*& + interruptsDisabled_f(state) == true &*& + taskLockInv() &*& + isrLockInv() &*& + taskISRLockInv() + &*& + // opened predicate `coreLocalInterruptInv_p()` + pointer(&pxCurrentTCBs[coreID_f], gCurrentTCB) &*& + pubTCB_p(gCurrentTCB, 0) &*& + integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) + &*& + // read access to current task's stack pointer, etc + prvTCB_p(gCurrentTCB, ulFreeBytesOnStack); + @*/ { UBaseType_t uxCurrentPriority = uxTopReadyPriority; BaseType_t xTaskScheduled = pdFALSE; @@ -4169,7 +4201,7 @@ void vTaskSwitchContext( BaseType_t xCoreID ) prvTCB_p(gCurrentTCB, ?ulFreeBytesOnStack); @*/ -/*@ ensures // all locks release and interrupts remain disabled +/*@ ensures // all locks are released and interrupts remain disabled locked(nil) &*& [f_ISR]isrLock() &*& [f_task]taskLock() &*& @@ -4227,6 +4259,7 @@ void vTaskSwitchContext( BaseType_t xCoreID ) /* The scheduler is currently suspended - do not allow a context * switch. */ xYieldPendings[ xCoreID ] = pdTRUE; + //@ close taskISRLockInv(); } else { @@ -4273,6 +4306,7 @@ void vTaskSwitchContext( BaseType_t xCoreID ) /* Select a new task to run using either the generic C or port * optimised asm code. */ + //@ close taskISRLockInv(); ( void ) prvSelectHighestPriorityTask( xCoreID ); traceTASK_SWITCHED_IN(); @@ -4297,7 +4331,6 @@ void vTaskSwitchContext( BaseType_t xCoreID ) #endif /* ( configUSE_NEWLIB_REENTRANT == 1 ) && ( configNEWLIB_REENTRANT_IS_DYNAMIC == 0 ) */ } } - //@ close taskISRLockInv(); //@ consume_taskISRLockInv(); portRELEASE_ISR_LOCK(); portRELEASE_TASK_LOCK(); From 6dcaef48d6ce55ddb0edacbf132ebf61c67e2fda Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 17 Nov 2022 14:24:44 -0500 Subject: [PATCH 126/289] Added loop invariant to main search loop in `prvSelectHighestPriorityTask`. --- tasks.c | 28 +++++++++++++++++++ .../verifast/proof/verifast_lock_predicates.h | 7 ++++- 2 files changed, 34 insertions(+), 1 deletion(-) diff --git a/tasks.c b/tasks.c index 84f3c8b33aa..1e5541eb97e 100644 --- a/tasks.c +++ b/tasks.c @@ -929,6 +929,9 @@ static void prvYieldForTask( TCB_t * pxTCB, prvTCB_p(gCurrentTCB, ulFreeBytesOnStack); @*/ { + //@ open taskISRLockInv(); + //@ assert( integer_((void*) &uxTopReadyPriority, sizeof(UBaseType_t), false, ?gTopReadyPriority) ); + //@ assert( gTopReadyPriority == uxTopReadyPriority); UBaseType_t uxCurrentPriority = uxTopReadyPriority; BaseType_t xTaskScheduled = pdFALSE; BaseType_t xDecrementTopPriority = pdTRUE; @@ -939,8 +942,33 @@ static void prvYieldForTask( TCB_t * pxTCB, #if ( ( configRUN_MULTIPLE_PRIORITIES == 0 ) && ( configNUM_CORES > 1 ) ) BaseType_t xPriorityDropped = pdFALSE; #endif + //@ close taskISRLockInv(); while( xTaskScheduled == pdFALSE ) + /*@ invariant + // requires clause + 0 <= xCoreID &*& xCoreID < configNUM_CORES &*& + xCoreID == coreID_f() &*& + // interrupts are disabled and locks acquired + interruptState_p(xCoreID, state) &*& + interruptsDisabled_f(state) == true &*& + taskLockInv() &*& + isrLockInv() &*& + taskISRLockInv() + &*& + // opened predicate `coreLocalInterruptInv_p()` + pointer(&pxCurrentTCBs[coreID_f], gCurrentTCB) &*& + pubTCB_p(gCurrentTCB, 0) &*& + integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) + &*& + // read access to current task's stack pointer, etc + prvTCB_p(gCurrentTCB, ulFreeBytesOnStack) + &*& + // additional knowledge + 0 <= uxCurrentPriority &*& uxCurrentPriority <= gTopReadyPriority &*& + gTopReadyPriority < configMAX_PRIORITIES + ; + @*/ { #if ( ( configRUN_MULTIPLE_PRIORITIES == 0 ) && ( configNUM_CORES > 1 ) ) { diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/verification/verifast/proof/verifast_lock_predicates.h index 948b4d93d87..7646dea7985 100644 --- a/verification/verifast/proof/verifast_lock_predicates.h +++ b/verification/verifast/proof/verifast_lock_predicates.h @@ -88,7 +88,12 @@ predicate isrLockInv() = fixpoint int taskISRLockID_f(); predicate taskISRLockInv() = - integer_((int*) &uxSchedulerSuspended, sizeof(UBaseType_t), false, _) &*& + integer_((void*) &uxSchedulerSuspended, sizeof(UBaseType_t), false, _) + &*& + // top ready priority must be in range + integer_((void*) &uxTopReadyPriority, sizeof(UBaseType_t), false, ?gTopReadyPriority) &*& + 0 <= gTopReadyPriority &*& gTopReadyPriority < configMAX_PRIORITIES + &*& readyLists_p() &*& // Update: The current task on this core is interrupt protected. // TODO: Exclude from `allTasks`. From c9e61fce4956488187e60365662e17366179ad4f Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 18 Nov 2022 09:22:31 -0500 Subject: [PATCH 127/289] Introduced initial formulation of predicate to capture shared ready lists. --- tasks.c | 3 ++ .../verifast/proof/nathan/list_predicates.h | 42 +++++++++++++++++++ .../verifast/proof/ready_list_predicates.h | 36 +++++++++++++++- 3 files changed, 80 insertions(+), 1 deletion(-) diff --git a/tasks.c b/tasks.c index 1e5541eb97e..f32e5df24f9 100644 --- a/tasks.c +++ b/tasks.c @@ -982,6 +982,9 @@ static void prvYieldForTask( TCB_t * pxTCB, } #endif + //@ open taskISRLockInv(); + //@ open readyLists_p(); + //@ List_array_p_index_within_limits(&pxReadyTasksLists, uxCurrentPriority); if( listLIST_IS_EMPTY( &( pxReadyTasksLists[ uxCurrentPriority ] ) ) == pdFALSE ) { diff --git a/verification/verifast/proof/nathan/list_predicates.h b/verification/verifast/proof/nathan/list_predicates.h index 439b092b5d4..400dbf91c94 100644 --- a/verification/verifast/proof/nathan/list_predicates.h +++ b/verification/verifast/proof/nathan/list_predicates.h @@ -30,6 +30,48 @@ predicate xList_gen(struct xLIST *l) = l->uxNumberOfItems |-> _ &*& l->pxIndex |-> _; +predicate List_p(List_t* l); +@*/ + + +/* Ferreira et al. (STTT'14) doubly-linked list segment (DLS). */ +/* @ +predicate DLS( + struct xLIST_ITEM *n, + struct xLIST_ITEM *nprev, + struct xLIST_ITEM *mnext, + struct xLIST_ITEM *m, + list cells, + list vals, + struct xLIST *pxContainer) = + n == m + ? cells == cons(n, nil) &*& + vals == cons(?v, nil) &*& + xLIST_ITEM(n, v, mnext, nprev, pxContainer) + : cells == cons(n, ?cells0) &*& + vals == cons(?v, ?vals0) &*& + xLIST_ITEM(n, v, ?o, nprev, pxContainer) &*& DLS(o, n, mnext, m, cells0, vals0, pxContainer); +@*/ + + +/* @ +predicate xLIST( + struct xLIST *l, + int uxNumberOfItems, + struct xLIST_ITEM *pxIndex, + struct xLIST_ITEM *xListEnd, + listcells, + listvals) = + l->uxNumberOfItems |-> uxNumberOfItems &*& + l->pxIndex |-> pxIndex &*& + mem(pxIndex, cells) == true &*& + xListEnd == &(l->xListEnd) &*& + xListEnd == head(cells) &*& + portMAX_DELAY == head(vals) &*& + struct_xLIST_ITEM_padding(&l->xListEnd) &*& + length(cells) == length(vals) &*& + uxNumberOfItems + 1 == length(cells) &*& + DLS(xListEnd, ?endprev, xListEnd, endprev, cells, vals, l); @*/ #endif /* LIST_PREDICATES_H */ \ No newline at end of file diff --git a/verification/verifast/proof/ready_list_predicates.h b/verification/verifast/proof/ready_list_predicates.h index 5918d6b904e..a72731d40c2 100644 --- a/verification/verifast/proof/ready_list_predicates.h +++ b/verification/verifast/proof/ready_list_predicates.h @@ -1,8 +1,42 @@ #ifndef READY_LIST_PREDICATES_H #define READY_LIST_PREDICATES_H + +/*@ +// TODO: Replace List_p by Aaloks list predicate +predicate List_array_p(List_t* array, int size) = + pointer_within_limits(array) == true &*& + size > 0 &*& + List_p(array) &*& + size > 1 + ? List_array_p(array + 1, size - 1) + : true; + +// For testing purposes only! +// TODO: Replace by Aaloks list predicate +predicate List_p(List_t* l); +@*/ + + +/*@ +predicate readyLists_p() = + List_array_p(&pxReadyTasksLists, configMAX_PRIORITIES); +@*/ + + /*@ -predicate readyLists_p(); +lemma void List_array_p_index_within_limits(List_t* array, int index) +requires List_array_p(array, ?size) &*& + 0 <= index &*& index < size; +ensures List_array_p(array, size) &*& + pointer_within_limits(&array[index]) == true; +{ + open List_array_p(array, size); + if( index > 0) { + List_array_p_index_within_limits(&array[1], index-1); + } + close List_array_p(array, size); +} @*/ #endif /* READY_LIST_PREDICATES_H */ \ No newline at end of file From e629319b9f6988fae2f99cc9d51b40b06c9deca1 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 18 Nov 2022 09:32:24 -0500 Subject: [PATCH 128/289] Relaxed contract of `xTaskGetCurrentTaskHandle`. --- tasks.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/tasks.c b/tasks.c index f32e5df24f9..8a1994eb2d9 100644 --- a/tasks.c +++ b/tasks.c @@ -5404,11 +5404,9 @@ static void prvResetNextTaskUnblockTime( void ) TaskHandle_t xTaskGetCurrentTaskHandle( void ) /*@ requires interruptState_p(coreID_f(), ?state) &*& - interruptsDisabled_f(state) == true &*& pointer(&pxCurrentTCBs[coreID_f], ?taskHandle); @*/ /*@ ensures interruptState_p(coreID_f(), state) &*& - interruptsDisabled_f(state) == true &*& pointer(&pxCurrentTCBs[coreID_f], taskHandle) &*& result == taskHandle; @*/ From 18886706562190980dfb7a1a060e7f110456f155 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 18 Nov 2022 13:35:06 -0500 Subject: [PATCH 129/289] Removed unneeded precondition --- tasks.c | 1 - 1 file changed, 1 deletion(-) diff --git a/tasks.c b/tasks.c index 8a1994eb2d9..1e16da10456 100644 --- a/tasks.c +++ b/tasks.c @@ -4274,7 +4274,6 @@ void vTaskSwitchContext( BaseType_t xCoreID ) // TODO: Inspect reason. TaskHandle_t currentHandle = pxCurrentTCB; //@ assert( currentHandle == gCurrentTCB ); - ///@ open taskISRLockInv(); //@ open pubTCB_p(gCurrentTCB, 0); UBaseType_t nesting = currentHandle->uxCriticalNesting; configASSERT( nesting == 0 ); From 02e019fe452db50c5430461dd96faa07f210257a Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 18 Nov 2022 13:44:53 -0500 Subject: [PATCH 130/289] Highlighted that reused list proofs assume single-core setting. --- verification/verifast/proof/nathan/README.md | 3 --- verification/verifast/proof/single_core_proofs/README.md | 3 +++ .../proof/{nathan => single_core_proofs}/list_predicates.h | 0 verification/verifast/proof/task_predicates.h | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) delete mode 100644 verification/verifast/proof/nathan/README.md create mode 100644 verification/verifast/proof/single_core_proofs/README.md rename verification/verifast/proof/{nathan => single_core_proofs}/list_predicates.h (100%) diff --git a/verification/verifast/proof/nathan/README.md b/verification/verifast/proof/nathan/README.md deleted file mode 100644 index d8b83cacb64..00000000000 --- a/verification/verifast/proof/nathan/README.md +++ /dev/null @@ -1,3 +0,0 @@ -This directory contains proof artifacts written by Nathan Chong. -See the following pull request: -https://github.com/FreeRTOS/FreeRTOS/pull/836 diff --git a/verification/verifast/proof/single_core_proofs/README.md b/verification/verifast/proof/single_core_proofs/README.md new file mode 100644 index 00000000000..b749058621a --- /dev/null +++ b/verification/verifast/proof/single_core_proofs/README.md @@ -0,0 +1,3 @@ +This directory contains proof artifacts written by Aalok Thakkar and Nathan Chong. +See the following pull request: +https://github.com/FreeRTOS/FreeRTOS/pull/836 diff --git a/verification/verifast/proof/nathan/list_predicates.h b/verification/verifast/proof/single_core_proofs/list_predicates.h similarity index 100% rename from verification/verifast/proof/nathan/list_predicates.h rename to verification/verifast/proof/single_core_proofs/list_predicates.h diff --git a/verification/verifast/proof/task_predicates.h b/verification/verifast/proof/task_predicates.h index df199649c77..02fc7c8061f 100644 --- a/verification/verifast/proof/task_predicates.h +++ b/verification/verifast/proof/task_predicates.h @@ -2,7 +2,7 @@ #define TASKS_GH -#include "nathan/list_predicates.h" +#include "single_core_proofs/list_predicates.h" /*@ From f5c0a64f86cb058ebd4407706ac5cd99c66c9550 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 18 Nov 2022 14:31:37 -0500 Subject: [PATCH 131/289] Made isr lock predicate abstract. --- verification/verifast/proof/verifast_lock_predicates.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/verification/verifast/proof/verifast_lock_predicates.h index 7646dea7985..0a611756177 100644 --- a/verification/verifast/proof/verifast_lock_predicates.h +++ b/verification/verifast/proof/verifast_lock_predicates.h @@ -74,8 +74,7 @@ predicate isrLock(); // Represents the invariant associated with the the ISR lock, i.e., // access permissions to the resources protected by the lock. -predicate isrLockInv() = - foreach(?vfReadyLists, xList_gen); +predicate isrLockInv(); @*/ From b1fc658413b38201a70c82194b8c99f4ad24f2b1 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 18 Nov 2022 15:38:32 -0500 Subject: [PATCH 132/289] Added single-core list predicates and proofs. Most proofs are commented out for the moment. --- .../single_core_proofs/list_predicates.h | 77 --- .../proof/single_core_proofs/scp_common.h | 635 ++++++++++++++++++ .../single_core_proofs/scp_list_predicates.h | 433 ++++++++++++ verification/verifast/proof/task_predicates.h | 2 +- .../verifast/start-vfide--preprocessed.sh | 1 + 5 files changed, 1070 insertions(+), 78 deletions(-) delete mode 100644 verification/verifast/proof/single_core_proofs/list_predicates.h create mode 100644 verification/verifast/proof/single_core_proofs/scp_common.h create mode 100644 verification/verifast/proof/single_core_proofs/scp_list_predicates.h diff --git a/verification/verifast/proof/single_core_proofs/list_predicates.h b/verification/verifast/proof/single_core_proofs/list_predicates.h deleted file mode 100644 index 400dbf91c94..00000000000 --- a/verification/verifast/proof/single_core_proofs/list_predicates.h +++ /dev/null @@ -1,77 +0,0 @@ -#ifndef LIST_PREDICATES_H - -#define LIST_PREDICATES_H - -/* - * The code below has been taken from: - * pull request: - * https://github.com/FreeRTOS/FreeRTOS/pull/836 - * file: - * FreeRTOS/Test/VeriFast/include/proof/list.h - * - */ - -/*@ -predicate xLIST_ITEM( - struct xLIST_ITEM *n, - TickType_t xItemValue, - struct xLIST_ITEM *pxNext, - struct xLIST_ITEM *pxPrevious, - struct xLIST *pxContainer;) - = - n->xItemValue |-> xItemValue &*& - n->pxNext |-> pxNext &*& - n->pxPrevious |-> pxPrevious &*& - n->pvOwner |-> _ &*& - n->pxContainer |-> pxContainer; - -// by Tobias Reinhard -predicate xList_gen(struct xLIST *l) = - l->uxNumberOfItems |-> _ &*& - l->pxIndex |-> _; - -predicate List_p(List_t* l); -@*/ - - -/* Ferreira et al. (STTT'14) doubly-linked list segment (DLS). */ -/* @ -predicate DLS( - struct xLIST_ITEM *n, - struct xLIST_ITEM *nprev, - struct xLIST_ITEM *mnext, - struct xLIST_ITEM *m, - list cells, - list vals, - struct xLIST *pxContainer) = - n == m - ? cells == cons(n, nil) &*& - vals == cons(?v, nil) &*& - xLIST_ITEM(n, v, mnext, nprev, pxContainer) - : cells == cons(n, ?cells0) &*& - vals == cons(?v, ?vals0) &*& - xLIST_ITEM(n, v, ?o, nprev, pxContainer) &*& DLS(o, n, mnext, m, cells0, vals0, pxContainer); -@*/ - - -/* @ -predicate xLIST( - struct xLIST *l, - int uxNumberOfItems, - struct xLIST_ITEM *pxIndex, - struct xLIST_ITEM *xListEnd, - listcells, - listvals) = - l->uxNumberOfItems |-> uxNumberOfItems &*& - l->pxIndex |-> pxIndex &*& - mem(pxIndex, cells) == true &*& - xListEnd == &(l->xListEnd) &*& - xListEnd == head(cells) &*& - portMAX_DELAY == head(vals) &*& - struct_xLIST_ITEM_padding(&l->xListEnd) &*& - length(cells) == length(vals) &*& - uxNumberOfItems + 1 == length(cells) &*& - DLS(xListEnd, ?endprev, xListEnd, endprev, cells, vals, l); -@*/ - -#endif /* LIST_PREDICATES_H */ \ No newline at end of file diff --git a/verification/verifast/proof/single_core_proofs/scp_common.h b/verification/verifast/proof/single_core_proofs/scp_common.h new file mode 100644 index 00000000000..a1ade6f148c --- /dev/null +++ b/verification/verifast/proof/single_core_proofs/scp_common.h @@ -0,0 +1,635 @@ +/* + * The code below has been taken from: + * pull request: + * https://github.com/FreeRTOS/FreeRTOS/pull/836 + * file: + * FreeRTOS/Test/VeriFast/include/proof/list.h + * + * The file has been converted from a ghost header + * into a regular header. + * It has also been renamed from `common.h` into + * `scp_common.h`. + * The include guards have been updated accordingly. + * + * All changes to the proofs, predicates, etc. + * are guarded by a check that `VERIFAST_SINGLE_CORE` is + * NOT defined. + * + * Temporary removals are guarded by `VERIFAST_TODO`. + */ + + + +/* + * FreeRTOS V202112.00 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * https://www.FreeRTOS.org + * https://github.com/FreeRTOS + * + */ + +#ifndef SCP_COMMON_H +#define SCP_COMMON_H + +/*@ +#include + +fixpoint list rotate_left(int n, list xs) { + return append(drop(n, xs), take(n, xs)); +} + +fixpoint list singleton(t x) { + return cons(x, nil); +} + +@*/ +#ifdef VERIFAST_TODO + +lemma void note(bool b) + requires b; + ensures b; +{} + +lemma_auto void rotate_length(int n, list xs) + requires 0 <= n && n <= length(xs); + ensures length(rotate_left(n, xs)) == length(xs); +{} + +lemma void take_length_eq(int k, list xs, list ys) + requires 0 <= k && k <= length(xs) && take(k, xs) == ys; + ensures length(ys) == k; +{} + +lemma void leq_bound(int x, int b) + requires b <= x && x <= b; + ensures x == b; +{} + +lemma void mul_mono_l_strict(int x, int y, int n) + requires 0 < n &*& x < y; + ensures x * n < y * n; +{ + for (int i = 1; i < n; i++) + invariant i <= n &*& x * i < y * i; + decreases n - i; + {} +} + +lemma void div_leq(int x, int y, int n) + requires 0 < n && x * n <= y * n; + ensures x <= y; +{ + assert x * n <= y * n; + if (x <= y) { + mul_mono_l(x,y,n); + } else { + mul_mono_l_strict(y,x,n); //< contradiction + } +} + +lemma void div_lt(int x, int y, int n) + requires 0 < n && x * n < y * n; + ensures x < y; +{ + assert x * n <= y * n; + if (x == y) { + } else if (x <= y) { + mul_mono_l(x,y,n); + } else { + assert y < x; + mul_mono_l(y,x,n); //< contradiction + } +} + +lemma_auto void mod_same(int n) + requires 0 < n; + ensures n % n == 0; +{ + div_rem_nonneg(n, n); + if (n / n < 1) {} else if (n / n > 1) { + mul_mono_l(2, n/n, n); + } else {} +} + +lemma void mod_lt(int x, int n) + requires 0 <= x && x < n; + ensures x % n == x; +{ + div_rem_nonneg(x, n); + if (x / n > 0) { + mul_mono_l(1, x / n, n); + } else { + } +} + +lemma void mod_plus_one(int x, int y, int n) + requires 0 <= y && 0 < n && x == (y % n); + ensures ((x+1) % n) == ((y+1) % n); +{ + div_rem_nonneg(y, n); + div_rem_nonneg(y+1, n); + div_rem_nonneg(y%n+1, n); + if (y%n+1 < n) { + mod_lt(y%n+1, n); + assert y%n == y - y/n*n; + assert (y+1)%n == y + 1 - (y + 1)/n*n; + if ((y+1)/n > y/n) { + mul_mono_l(y/n + 1, (y+1)/n, n); + } else if ((y+1)/n < y/n) { + mul_mono_l((y+1)/n + 1, y/n, n); + } + assert y - (y+1)/n*n == y - y/n*n; + assert y+1 - (y+1)/n*n == y - y/n*n + 1; + assert (y+1)%n == y%n + 1; + } else { + assert y%n+1 == n; + assert (y%n+1)%n == 0; + if (y/n + 1 < (y+1)/n) { + mul_mono_l(y/n + 2, (y+1)/n, n); + } else if (y/n + 1 > (y+1)/n) { + mul_mono_l((y+1)/n, y/n, n); + } + assert (y+1)/n == y/n + 1; + note((y+1)/n*n == (y/n + 1)*n); + assert (y+1)%n == 0; + } + assert (y%n+1)%n == (y+1)%n; +} + +lemma void mod_mul(int x, int n, int y) + requires 0 < n && 0 <= x && 0 <= y; + ensures (x*n + y)%n == y%n; +{ + mul_mono_l(0, x, n); + div_rem_nonneg(x*n+y, n); + div_rem_nonneg(y, n); + + if ((x*n+y)/n > x + y/n) { + mul_mono_l(x + y/n + 1, (x*n+y)/n, n); + } else if ((x*n+y)/n < x + y/n) { + mul_mono_l((x*n+y)/n + 1, x + y/n, n); + } + note((x*n + y)/n == x + y/n); + note((x*n + y)/n*n == (x + y/n)*n); +} + +lemma void mod_plus_distr(int x, int y, int n) + requires 0 < n && 0 <= x && 0 <= y; + ensures ((x % n) + y) % n == (x + y) % n; +{ + div_rem_nonneg(x, n); + div_rem_nonneg(x%n+y, n); + div_rem_nonneg(x+y, n); + + assert x == x/n*n + x%n; + mod_mul(x/n, n, x%n + y); +} + +lemma_auto void mod_mod(int x, int n) + requires 0 < n && 0 <= x; + ensures (x % n) % n == (x % n); +{ + mod_plus_distr(x, 0, n); +} + +lemma void mod_plus(int x, int y, int n); + requires 0 < n && 0 <= x && 0 <= y; + ensures (x + y) % n == ((x % n) + (y % n)) % n; + +lemma_auto void mod_range(int x, int n) + requires 0 <= x && 0 < n; + ensures 0 <= (x % n) && (x % n) < n; +{ + div_rem_nonneg(x, n); +} + +lemma void head_append(list xs, list ys) + requires 0 < length(xs); + ensures head(append(xs, ys)) == head(xs); +{ + switch(xs) + { + case cons(c, cs): + case nil: + } +} + +lemma void drop_take_singleton(int i, list xs) + requires 0 < i && i < length(xs); + ensures drop(i-1, take(i, xs)) == singleton(nth(i-1, xs)); +{ + switch (xs) { + case nil: + case cons(x0, xs0): + if (i == 1) { + } else { + drop_take_singleton(i-1, xs0); + } + } +} + +lemma void take_singleton(int i, list xs) + requires 0 <= i && i < length(xs); + ensures append(take(i, xs), singleton(nth(i, xs))) == take(i+1, xs); +{ + switch (xs) { + case nil: + case cons(x0, xs0): + if (i == 0) { + } else { + take_singleton(i-1, xs0); + } + } +} + +lemma void drop_update_le(int i, int j, t x, list xs) + requires 0 <= i && i <= j && j < length(xs); + ensures drop(i, update(j, x, xs)) == update(j - i, x, drop(i, xs)); +{ + switch (xs) { + case nil: + case cons(x0, xs0): + if (i == 0) { + } else { + drop_update_le(i - 1, j - 1, x, xs0); + } + } +} + +lemma void drop_update_ge(int i, int j, t x, list xs) + requires 0 <= j && j < i && i < length(xs); + ensures drop(i, update(j, x, xs)) == drop(i, xs); +{ + switch (xs) { + case nil: + case cons(x0, xs0): + if (j == 0) { + } else { + drop_update_ge(i - 1, j - 1, x, xs0); + } + } +} + +lemma void take_update_le(int i, int j, t x, list xs) + requires 0 <= i && i <= j; + ensures take(i, update(j, x, xs)) == take(i, xs); +{ + switch (xs) { + case nil: + case cons(x0, xs0): + if (i == 0) { + } else { + take_update_le(i - 1, j - 1, x, xs0); + } + } +} + +lemma void take_update_ge(int i, int j, t x, list xs) + requires 0 <= j && j < i && i <= length(xs); + ensures take(i, update(j, x, xs)) == update(j, x, take(i, xs)); +{ + switch (xs) { + case nil: + case cons(x0, xs0): + if (j == 0) { + } else { + take_update_ge(i - 1, j - 1, x, xs0); + } + } +} + +lemma void update_eq_append(int i, t x, list xs) + requires 0 <= i && i < length(xs); + ensures update(i, x, xs) == append(take(i, xs), cons(x, drop(i + 1, xs))); +{ + switch (xs) { + case nil: + case cons(x0, xs0): + if (i == 0) { + } else { + update_eq_append(i - 1, x, xs0); + } + } +} + +lemma void take_append_ge(int n, list xs, list ys) + requires length(xs) <= n; + ensures take(n, append(xs, ys)) == append(xs, take(n - length(xs), ys)); +{ + switch (xs) { + case nil: + case cons(x0, xs0): + take_append_ge(n - 1, xs0, ys); + } +} + +lemma void drop_drop(int m, int n, list xs) + requires 0 <= m && 0 <= n; + ensures drop(m, drop(n, xs)) == drop(m+n, xs); +{ + switch (xs) { + case nil: + case cons(x0, xs0): + if (n == 0) {} else { + drop_drop(m, n-1, xs0); + } + } +} + +lemma void take_take(int m, int n, list xs) + requires 0 <= m && m <= n && n <= length(xs); + ensures take(m, take(n, xs)) == take(m, xs); +{ + switch (xs) { + case nil: + case cons(x0, xs0): + if (m == 0) {} else { + take_take(m - 1, n - 1, xs0); + } + } +} + +lemma_auto void take_head(list xs) + requires 0 < length(xs); + ensures take(1, xs) == singleton(head(xs)); +{ + switch(xs) { + case nil: + case cons(x0, xs0): + } +} + +// Following lemma from `verifast/bin/rt/_list.java` +lemma void remove_remove_nth(list xs, t x) + requires mem(x, xs) == true; + ensures remove(x, xs) == remove_nth(index_of(x, xs), xs); +{ + switch (xs) { + case nil: + case cons(h, tl): + if (x == h) { + assert index_of(x, xs) == 0; + } else { + remove_remove_nth(tl, x); + } + } +} + +lemma void mem_take_false(t x, int n, list xs) + requires mem(x, xs) == false; + ensures mem(x, take(n, xs)) == false; +{ + switch (xs) { + case nil: + case cons(x0, xs0): + if (x0 != x && n != 0) + mem_take_false(x, n - 1, xs0); + } +} + +// Following lemma from `verifast/bin/rt/_list.java`. Renamed to +// avoid clash with listex.c's nth_drop lemma. +lemma void nth_drop2(list vs, int i) +requires 0 <= i && i < length(vs); +ensures nth(i, vs) == head(drop(i, vs)); +{ + switch (vs) { + case nil: + case cons(v, vs0): + if (i == 0) { + } else { + nth_drop2(vs0, i - 1); + } + } +} + +lemma void enq_lemma(int k, int i, list xs, list ys, t z) + requires 0 <= k && 0 <= i && 0 < length(xs) && k < length(xs) && i < length(xs) && take(k, rotate_left(i, xs)) == ys; + ensures take(k+1, rotate_left(i, update((i+k)%length(xs), z, xs))) == append(ys, cons(z, nil)); +{ + int j = (i+k)%length(xs); + assert take(k, append(drop(i, xs), take(i, xs))) == ys; + if (i + k < length(xs)) { + mod_lt(i + k, length(xs)); + assert j == i + k; + drop_update_le(i, i + k, z, xs); + assert drop(i, update(i + k, z, xs)) == update(k, z, drop(i, xs)); + take_update_le(i, i + k, z, xs); + assert take(i, update(i + k, z, xs)) == take(i, xs); + take_append(k+1, update(k, z, drop(i, xs)), take(i, xs)); + assert take(k+1, append(update(k, z, drop(i, xs)), take(i, xs))) == take(k+1, update(k, z, drop(i, xs))); + update_eq_append(k, z, drop(i, xs)); + assert update(k, z, drop(i, xs)) == append(take(k, drop(i, xs)), cons(z, drop(k + 1, drop(i, xs)))); + take_append_ge(k+1, take(k, drop(i, xs)), cons(z, drop(k + 1, drop(i, xs)))); + assert take(k+1, append(take(k, drop(i, xs)), cons(z, drop(k + 1, drop(i, xs))))) == + append(take(k, drop(i, xs)), {z}); + take_append(k, drop(i, xs), take(i, xs)); + assert take(k+1, append(take(k, drop(i, xs)), cons(z, drop(k + 1, drop(i, xs))))) == + append(take(k, append(drop(i, xs), take(i, xs))), {z}); + assert take(k+1, update(k, z, drop(i, xs))) == + append(take(k, append(drop(i, xs), take(i, xs))), {z}); + assert take(k+1, append(update(k, z, drop(i, xs)), take(i, xs))) == + append(take(k, append(drop(i, xs), take(i, xs))), {z}); + assert take(k+1, append(drop(i, update(i + k, z, xs)), take(i, update(i + k, z, xs)))) == + append(take(k, append(drop(i, xs), take(i, xs))), {z}); + + } else { + assert i + k < 2 * length(xs); + div_rem_nonneg(i + k, length(xs)); + if ((i + k) / length(xs) > 1) { + mul_mono_l(2, (i + k) / length(xs), length(xs)); + } else if ((i + k) / length(xs) < 1) { + mul_mono_l((i + k) / length(xs), 0, length(xs)); + } + assert j == i + k - length(xs); + assert j < i; + drop_update_ge(i, j, z, xs); + assert drop(i, update(j, z, xs)) == drop(i, xs); + take_update_ge(i, j, z, xs); + assert update(j, z, take(i, xs)) == take(i, update(j, z, xs)); + take_append_ge(k+1, drop(i, xs), take(i, update(j, z, xs))); + assert take(k+1, append(drop(i, update(j, z, xs)), take(i, update(j, z, xs)))) == + append(drop(i, xs), take(j+1, update(j, z, take(i, xs)))); + update_eq_append(j, z, take(i, xs)); + assert update(j, z, take(i, xs)) == append(take(j, take(i, xs)), cons(z, drop(j + 1, take(i, xs)))); + take_take(j, i, xs); + assert update(j, z, take(i, xs)) == append(take(j, xs), cons(z, drop(j+1, take(i, xs)))); + take_append_ge(j+1, take(j, xs), cons(z, drop(j+1, take(i, xs)))); + assert append(drop(i, xs), take(j+1, update(j, z, take(i, xs)))) == + append(drop(i, xs), append(take(j, xs), {z})); + take_append_ge(k, drop(i, xs), take(i, xs)); + append_assoc(drop(i, xs), take(j, xs), {z}); + assert append(drop(i, xs), append(take(j, xs), {z})) == + append(take(k, append(drop(i, xs), take(i, xs))), {z}); + assert append(drop(i, xs), take(j+1, update(j, z, take(i, xs)))) == + append(take(k, append(drop(i, xs), take(i, xs))), {z}); + } + assert take(k+1, append(drop(i, update(j, z, xs)), take(i, update(j, z, xs)))) == + append(take(k, append(drop(i, xs), take(i, xs))), {z}); + assert take(k+1, append(drop(i, update(j, z, xs)), take(i, update(j, z, xs)))) == append(ys, {z}); +} + +lemma void front_enq_lemma(int k, int i, list xs, list ys, t z) + requires 0 < length(xs) && 0 <= k && k < length(xs) && 0 <= i && i < length(xs) && take(k, rotate_left((i+1)%length(xs), xs)) == ys; + ensures take(k+1, rotate_left(i, update(i, z, xs))) == cons(z, ys); +{ + int n = length(xs); + if (i+1 < n) { + mod_lt(i+1, n); + assert i < n; + assert take(k+1, rotate_left(i, update(i, z, xs))) == + take(k+1, append(drop(i, update(i, z, xs)), take(i, update(i, z, xs)))); + drop_update_le(i, i, z, xs); + take_update_le(i, i, z, xs); + assert take(k+1, append(drop(i, update(i, z, xs)), take(i, update(i, z, xs)))) == + take(k+1, append(update(0, z, drop(i, xs)), take(i, xs))); + update_eq_append(0, z, drop(i, xs)); + assert update(0, z, drop(i, xs)) == cons(z, drop(1, drop(i, xs))); + drop_drop(1, i, xs); + assert take(k+1, append(update(0, z, drop(i, xs)), take(i, xs))) == + take(k+1, append(cons(z, drop(i+1, xs)), take(i, xs))); + assert take(k+1, append(cons(z, drop(i+1, xs)), take(i, xs))) == + cons(z, take(k, append(drop(i+1, xs), take(i, xs)))); + + assert ys == take(k, rotate_left(i+1, xs)); + assert ys == take(k, append(drop(i+1, xs), take(i+1, xs))); + if (k <= length(drop(i+1, xs))) { + take_append(k, drop(i+1, xs), take(i+1, xs)); + take_append(k, drop(i+1, xs), take(i, xs)); + } else { + take_append_ge(k, drop(i+1, xs), take(i+1, xs)); + take_append_ge(k, drop(i+1, xs), take(i, xs)); + + assert (i+1) + k < 2 * n; + div_rem_nonneg((i+1) + k, n); + if (((i+1) + k) / n > 1) { + mul_mono_l(2, ((i+1) + k) / n, n); + } else if (((i+1) + k) / n < 1) { + mul_mono_l(((i+1) + k) / n, 0, n); + } + int j = ((i+1)+k)%n; + assert j <= i; + int l = length(drop(i+1, xs)); + assert l == n - i - 1; + take_take(k - l, i + 1, xs); + take_take(k - l, i, xs); + } + } else { + assert i == (n-1); + assert (i + 1) % n == 0; + drop_update_le(i, i, z, xs); + update_eq_append(0, z, xs); + assert take(k+1, rotate_left(i, update(i, z, xs))) == + take(k+1, append(drop(i, update(i, z, xs)), take(i, update(i, z, xs)))); + drop_update_le(i, i, z, xs); + assert take(k+1, rotate_left(i, update(i, z, xs))) == + take(k+1, append(update(0, z, drop(i, xs)), take(i, update(i, z, xs)))); + update_eq_append(0, z, drop(i, xs)); + assert take(k+1, rotate_left(i, update(i, z, xs))) == + take(k+1, append(cons(z, drop(1, drop(i, xs))), take(i, update(i, z, xs)))); + drop_drop(1, i, xs); + assert take(k+1, rotate_left(i, update(i, z, xs))) == + take(k+1, append(cons(z, nil), take(i, update(i, z, xs)))); + take_update_le(i, i, z, xs); + assert take(k+1, rotate_left(i, update(i, z, xs))) == + cons(z, take(k, take(i, xs))); + take_take(k, i, xs); + assert take(k+1, rotate_left(i, update(i, z, xs))) == cons(z, ys); + } +} + +lemma void deq_lemma(int k, int i, list xs, list ys, t z) + requires 0 < k && k <= length(xs) && 0 <= i && i < length(xs) && take(k, rotate_left(i, xs)) == ys && z == head(ys); + ensures take(k-1, rotate_left((i+1)%length(xs), xs)) == tail(ys); +{ + int j = (i+1)%length(xs); + drop_n_plus_one(i, xs); + assert tail(take(k, append(drop(i, xs), take(i, xs)))) == take(k-1, append(drop(i+1, xs), take(i, xs))); + if (i+1 < length(xs)) { + mod_lt(i+1, length(xs)); + assert j == i+1; + if (k-1 <= length(xs)-j) { + take_append(k-1, drop(j, xs), take(j, xs)); + take_append(k-1, drop(j, xs), take(i, xs)); + } else { + assert k+i > length(xs); + take_append_ge(k-1, drop(j, xs), take(j, xs)); + take_append_ge(k-1, drop(j, xs), take(i, xs)); + assert k-1-(length(xs)-j) == k+i-length(xs); + assert k+i-length(xs) <= i; + take_take(k+i-length(xs), j, xs); + take_take(k+i-length(xs), i, xs); + assert take(k+i-length(xs), take(j, xs)) == take(k+i-length(xs), take(i, xs)); + } + } else { + assert i+1 == length(xs); + assert (i+1)%length(xs) == 0; + assert j == 0; + assert append(drop(j, xs), take(j, xs)) == xs; + assert append(drop(i+1, xs), take(i, xs)) == take(i, xs); + take_append_ge(k-1, drop(i+1, xs), take(i, xs)); + take_take(k-1, i, xs); + } + assert take(k-1, append(drop(j, xs), take(j, xs))) == take(k-1, append(drop(i+1, xs), take(i, xs))); + assert take(k-1, append(drop(j, xs), take(j, xs))) == tail(take(k, append(drop(i, xs), take(i, xs)))); +} + +lemma void deq_value_lemma(int k, int i, list xs, list ys) + requires 0 < k && k <= length(ys) && 0 <= i && i < length(xs) && take(k, rotate_left(i, xs)) == ys; + ensures nth(i, xs) == head(ys); +{ + drop_n_plus_one(i, xs); + assert nth(i, xs) == head(take(k, append(drop(i, xs), take(i, xs)))); +} + +lemma void combine_list_no_change(listprefix, t x, listsuffix, int i, list xs) + requires 0 <= i && i < length(xs) && prefix == take(i, xs) && x == nth(i, xs) && suffix == drop(i+1, xs); + ensures xs == append(prefix, cons(x, suffix)); +{ + drop_n_plus_one(i, xs); +} + +// Following lemma from `verifast/examples/vstte2010/problem4.java`. +lemma void update_rewrite(list vs, t v, int pos) + requires 0 <= pos && pos < length(vs); + ensures update(pos, v, vs) == append(take(pos, vs), cons(v, (drop(pos+1, vs)))); +{ + switch(vs) { + case nil: + case cons(h, t): + if (pos == 0) { + } else { + update_rewrite(t, v, pos - 1); + } + } +} + +lemma void combine_list_update(listprefix, t x, listsuffix, int i, list xs) + requires 0 <= i && i < length(xs) && prefix == take(i, xs) && suffix == drop(i+1, xs); + ensures update(i, x, xs) == append(prefix, cons(x, suffix)); +{ + update_rewrite(xs, x, i); +} + +@*/ +#endif /* VERIFAST_TODO */ + +#endif /* SCP_COMMON_H */ diff --git a/verification/verifast/proof/single_core_proofs/scp_list_predicates.h b/verification/verifast/proof/single_core_proofs/scp_list_predicates.h new file mode 100644 index 00000000000..3f044594e79 --- /dev/null +++ b/verification/verifast/proof/single_core_proofs/scp_list_predicates.h @@ -0,0 +1,433 @@ +/* + * The code below has been taken from: + * pull request: + * https://github.com/FreeRTOS/FreeRTOS/pull/836 + * file: + * FreeRTOS/Test/VeriFast/include/proof/list.h + * + * The file has been renamed from `list.h` into + * `scp_list_predicates.h` to avoid naming conflicts. + * The include guards have been updated accordingly. + * + * All changes to the proofs, predicates, etc. + * are guarded by a check that `VERIFAST_SINGLE_CORE` is + * NOT defined. + * + * Temporary removals are guarded by `VERIFAST_TODO`. + */ + + + + +/* + * FreeRTOS V202112.00 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * https://www.FreeRTOS.org + * https://github.com/FreeRTOS + * + */ + +/* *INDENT-OFF* */ + +#ifndef SCP_LIST_PREDICATES_H +#define SCP_LIST_PREDICATES_H + +#ifndef VERIFAST_SINGLE_CORE + /* Reasons for rewrite: + * - "common.gh" was converted into regular header "scp_common.h" + * - Using existing proof setup instead of definitions below. + */ + #include "scp_common.h" +#else + #define VERIFAST + #include + #include + //@#include "common.gh" + + typedef size_t TickType_t; + typedef size_t UBaseType_t; + typedef ssize_t BaseType_t; + + #define pdTRUE 1 + #define pdFALSE 0 + + /* Empty/no-op macros */ + #define mtCOVERAGE_TEST_MARKER() + #define mtCOVERAGE_TEST_DELAY() + #define listSET_LIST_INTEGRITY_CHECK_1_VALUE( pxList ) + #define listSET_LIST_INTEGRITY_CHECK_2_VALUE( pxList ) + #define listTEST_LIST_INTEGRITY( pxList ) + #define listTEST_LIST_ITEM_INTEGRITY( pxListItem ) + #define listSET_FIRST_LIST_ITEM_INTEGRITY_CHECK_VALUE( pxListItem ) + #define listSET_SECOND_LIST_ITEM_INTEGRITY_CHECK_VALUE( pxListItem ) +#endif /* VERIFAST_SINGLE_CORE */ + +/* Max value stored in sentinel xListEnd element */ +#ifndef VERIFAST_SINGLE_CORE + /* Reason for rewrite: Match RP2040 port. */ + //VF_macro #define portMAX_DELAY 0xffffffffUL + + /* Verify that the preprocessor and our VeriFast proofs evaluate + * `portMAX_DELAY` to the same values. + */ + void validate_portMAX_DELAY_value() + //@ requires true; + //@ ensures true; + { + //@ TickType_t gVal = portMAX_DELAY; + TickType_t val = portMAX_DELAY; + //@ assert(val == gVal); + } +#else + #define portMAX_DELAY UINT_MAX +#endif /* VERIFAST_SINGLE_CORE */ + + +#ifdef VERIFAST_SINGLE_CORE + /* Reason for deletion: + * structs already defined in FreeRTOS header "list.h" + */ + + struct xLIST; + + struct xLIST_ITEM { + TickType_t xItemValue; + struct xLIST_ITEM * pxNext; + struct xLIST_ITEM * pxPrevious; + void * pvOwner; + struct xLIST *pxContainer; + }; + typedef struct xLIST_ITEM ListItem_t; + + typedef struct xLIST { + UBaseType_t uxNumberOfItems; + struct xLIST_ITEM *pxIndex; + #ifdef VERIFAST /*< ***change MiniList_t to ListItem_t*** */ + struct xLIST_ITEM xListEnd; + #else + MiniListItem_t xListEnd; + #endif + } List_t; +#endif /* VERIFAST_SINGLE_CORE */ + +/*@ +predicate xLIST_ITEM( + struct xLIST_ITEM *n, + TickType_t xItemValue, + struct xLIST_ITEM *pxNext, + struct xLIST_ITEM *pxPrevious, + struct xLIST *pxContainer;) = + n->xItemValue |-> xItemValue &*& + n->pxNext |-> pxNext &*& + n->pxPrevious |-> pxPrevious &*& + n->pvOwner |-> _ &*& + n->pxContainer |-> pxContainer; +@*/ + +/* Ferreira et al. (STTT'14) doubly-linked list segment (DLS). */ +/*@ +predicate DLS( + struct xLIST_ITEM *n, + struct xLIST_ITEM *nprev, + struct xLIST_ITEM *mnext, + struct xLIST_ITEM *m, + list cells, + list vals, + struct xLIST *pxContainer) = + n == m + ? cells == cons(n, nil) &*& + vals == cons(?v, nil) &*& + xLIST_ITEM(n, v, mnext, nprev, pxContainer) + : cells == cons(n, ?cells0) &*& + vals == cons(?v, ?vals0) &*& + xLIST_ITEM(n, v, ?o, nprev, pxContainer) &*& DLS(o, n, mnext, m, cells0, vals0, pxContainer); + +@*/ +#ifdef VERIFAST_TODO +lemma void dls_star_item( + struct xLIST_ITEM *n, + struct xLIST_ITEM *m, + struct xLIST_ITEM *o) +requires DLS(n, ?nprev, ?mnext, m, ?cells, ?vals, ?l) &*& xLIST_ITEM(o, ?v, ?onext, ?oprev, ?l2); +ensures DLS(n, nprev, mnext, m, cells, vals, l) &*& xLIST_ITEM(o, v, onext, oprev, l2) &*& mem(o, cells) == false; +{ + open DLS(n, nprev, mnext, m, cells, vals, l); + if (n == m) { + assert xLIST_ITEM(n, _, _, _, _); + open xLIST_ITEM(n, _, _, _, _); + open xLIST_ITEM(o, _, _, _, _); + assert n != o; + close xLIST_ITEM(o, _, _, _, _); + close xLIST_ITEM(n, _, _, _, _); + close DLS(n, nprev, mnext, m, cells, vals, l); + } + else { + assert DLS(?nnext, n, mnext, m, tail(cells), tail(vals), l); + dls_star_item(nnext, m, o); + open xLIST_ITEM(n, _, _, _, _); + open xLIST_ITEM(o, _, _, _, _); + assert n != o; + close xLIST_ITEM(o, _, _, _, _); + close xLIST_ITEM(n, _, _, _, _); + close DLS(n, nprev, mnext, m, cells, vals, l); + } +} + +lemma void dls_distinct( + struct xLIST_ITEM *n, + struct xLIST_ITEM *nprev, + struct xLIST_ITEM *mnext, + struct xLIST_ITEM *m, + list cells) +requires DLS(n, nprev, mnext, m, cells, ?vals, ?l); +ensures DLS(n, nprev, mnext, m, cells, vals, l) &*& distinct(cells) == true; +{ + if (n == m) { + open DLS(n, nprev, mnext, m, cells, vals, l); + close DLS(n, nprev, mnext, m, cells, vals, l); + } else { + open DLS(n, nprev, mnext, m, cells, vals, l); + assert DLS(?nnext, n, mnext, m, tail(cells), tail(vals), l); + dls_distinct(nnext, n, mnext, m, tail(cells)); + dls_star_item(nnext, m, n); + close DLS(n, nprev, mnext, m, cells, vals, l); + } +} + +predicate xLIST( + struct xLIST *l, + int uxNumberOfItems, + struct xLIST_ITEM *pxIndex, + struct xLIST_ITEM *xListEnd, + listcells, + listvals) = + l->uxNumberOfItems |-> uxNumberOfItems &*& + l->pxIndex |-> pxIndex &*& + mem(pxIndex, cells) == true &*& + xListEnd == &(l->xListEnd) &*& + xListEnd == head(cells) &*& + portMAX_DELAY == head(vals) &*& + struct_xLIST_ITEM_padding(&l->xListEnd) &*& + length(cells) == length(vals) &*& + uxNumberOfItems + 1 == length(cells) &*& + DLS(xListEnd, ?endprev, xListEnd, endprev, cells, vals, l); + +lemma void xLIST_distinct_cells(struct xLIST *l) +requires xLIST(l, ?n, ?idx, ?end, ?cells, ?vals); +ensures xLIST(l, n, idx, end, cells, vals) &*& distinct(cells) == true; +{ + open xLIST(l, n, idx, end, cells, vals); + assert DLS(end, ?endprev, end, _, cells, vals, l); + dls_distinct(end, endprev, end, endprev, cells); + close xLIST(l, n, idx, end, cells, vals); +} + +lemma void xLIST_star_item(struct xLIST *l, struct xLIST_ITEM *x) +requires xLIST(l, ?n, ?idx, ?end, ?cells, ?vals) &*& xLIST_ITEM(x, ?v, ?xnext, ?xprev, ?l2); +ensures xLIST(l, n, idx, end, cells, vals) &*& xLIST_ITEM(x, v, xnext, xprev, l2) &*& mem(x, cells) == false; +{ + open xLIST(l, n, idx, end, cells, vals); + assert DLS(end, ?endprev, end, _, cells, vals, l); + dls_distinct(end, endprev, end, endprev, cells); + dls_star_item(end, endprev, x); + close xLIST(l, n, idx, end, cells, vals); +} + +lemma void dls_first_mem( + struct xLIST_ITEM *n, + struct xLIST_ITEM *nprev, + struct xLIST_ITEM *mnext, + struct xLIST_ITEM *m, + list cells) +requires DLS(n, nprev, mnext, m, cells, ?vals, ?l); +ensures DLS(n, nprev, mnext, m, cells, vals, l) &*& mem(n, cells) == true &*& index_of(n, cells) == 0; +{ + open DLS(n, nprev, mnext, m, cells, vals, l); + if (n == m) { + assert cells == cons(n, nil); + close DLS(n, nprev, mnext, m, cells, vals, l); + } else { + assert cells == cons(n, ?tail); + close DLS(n, nprev, mnext, m, cells, vals, l); + } +} + +lemma void dls_not_empty( + struct xLIST_ITEM *n, + struct xLIST_ITEM *m, + list cells, + struct xLIST_ITEM *x) +requires DLS(n, m, n, m, cells, ?vals, ?l) &*& mem(x, cells) == true &*& x != n; +ensures DLS(n, m, n, m, cells, vals, l) &*& n != m; +{ + open DLS(n, m, n, m, cells, vals, l); + close DLS(n, m, n, m, cells, vals, l); +} + +lemma void dls_last_mem( + struct xLIST_ITEM *n, + struct xLIST_ITEM *nprev, + struct xLIST_ITEM *mnext, + struct xLIST_ITEM *m, + list cells) +requires DLS(n, nprev, mnext, m, cells, ?vals, ?l); +ensures DLS(n, nprev, mnext, m, cells, vals, l) &*& mem(m, cells) == true &*& index_of(m, cells) == length(cells) - 1; +{ + open DLS(n, nprev, mnext, m, cells, vals, l); + if (n == m) { + // trivial + } else { + open xLIST_ITEM(n, _, ?nnext, _, l); + assert DLS(?o, n, mnext, m, tail(cells), tail(vals), l); + dls_last_mem(o, n, mnext, m, tail(cells)); + close xLIST_ITEM(n, _, nnext, _, l); + } + close DLS(n, nprev, mnext, m, cells, vals, l); +} + +lemma void split( + struct xLIST_ITEM *n, + struct xLIST_ITEM *nprev, + struct xLIST_ITEM *mnext, + struct xLIST_ITEM *m, + list cells, + list vals, + struct xLIST_ITEM *x, + int i) +requires DLS(n, nprev, mnext, m, cells, vals, ?l) &*& x != n &*& mem(x, cells) == true &*& index_of(x,cells) == i; +ensures DLS(n, nprev, x, ?xprev, take(i, cells), take(i, vals), l) &*& DLS(x, xprev, mnext, m, drop(i, cells), drop(i, vals), l) &*& xprev == nth(i-1, cells); +{ + open DLS(n, nprev, mnext, m, cells, vals, l); + assert n != m; + assert xLIST_ITEM(n, ?v, ?nnext, _, _); + assert DLS(nnext, n, mnext, m, tail(cells), tail(vals), l); + if (nnext == x) { + close DLS(n, nprev, x, n, singleton(n), singleton(v), l); + open DLS(x, n, mnext, m, tail(cells), tail(vals), l); + open xLIST_ITEM(x, _, ?xnext, ?xprev, l); + close xLIST_ITEM(x, _, xnext, xprev, l); + close DLS(x, n, mnext, m, tail(cells), tail(vals), l); + } else { + assert nnext != x; + split(nnext, n, mnext, m, tail(cells), tail(vals), x, i - 1); + assert DLS(nnext, n, x, ?xprev, take(i-1, tail(cells)), take(i-1, tail(vals)), l); + dls_distinct(nnext, n, x, xprev, take(i-1, tail(cells))); + dls_star_item(nnext, xprev, n); + dls_last_mem(nnext, n, x, xprev, take(i-1, tail(cells))); + assert n != xprev; + close DLS(n, nprev, x, xprev, take(i, cells), take(i, vals), l); + } +} + +lemma void join( + struct xLIST_ITEM *n1, + struct xLIST_ITEM *nprev1, + struct xLIST_ITEM *mnext1, + struct xLIST_ITEM *m1, + list cells1, + list vals1, + struct xLIST_ITEM *n2, + struct xLIST_ITEM *nprev2, + struct xLIST_ITEM *mnext2, + struct xLIST_ITEM *m2, + list cells2, + list vals2) +requires + DLS(n1, nprev1, mnext1, m1, cells1, vals1, ?l) &*& + DLS(n2, nprev2, mnext2, m2, cells2, vals2, l) &*& + mnext1 == n2 &*& m1 == nprev2; +ensures DLS(n1, nprev1, mnext2, m2, append(cells1, cells2), append(vals1, vals2), l); +{ + if (n1 == m1) { + dls_first_mem(n1, nprev1, mnext1, m1, cells1); + dls_last_mem(n2, nprev2, mnext2, m2, cells2); + open DLS(n1, nprev1, mnext1, m1, cells1, vals1, l); + dls_star_item(n2, m2, n1); + close DLS(n1, nprev1, mnext2, m2, append(singleton(n1), cells2), append(vals1, vals2), l); + } else { + open DLS(n1, nprev1, mnext1, m1, cells1, vals1, l); + assert DLS(?o, n1, mnext1, m1, ?cells1_tail, ?vals1_tail, l); + join(o, n1, mnext1, m1, cells1_tail, vals1_tail, + n2, nprev2, mnext2, m2, cells2, vals2); + assert DLS(o, n1, mnext2, m2, append(cells1_tail, cells2), append(vals1_tail, vals2), l); + dls_last_mem(o, n1, mnext2, m2, append(cells1_tail, cells2)); + dls_star_item(o, m2, n1); + close DLS(n1, nprev1, mnext2, m2, append(cells1, cells2), append(vals1, vals2), l); + } +} + +lemma void idx_remains_in_list( + list cells, + t idx, + t x, + int ix) +requires + idx != x &*& + mem(idx, cells) == true &*& + mem(x, cells) == true &*& + index_of(x, cells) == ix; +ensures mem(idx, remove_nth(ix, cells)) == true; +{ + neq_mem_remove(idx, x, cells); + remove_remove_nth(cells, x); +} +@*/ + +// Following lemma from `verifast/examples/shared_boxes/concurrentqueue.c`. +// Used in the uxListRemove proof to show that the item to remove `x` must +// have value `nth(i, vals)` where `i == index_of(x, cells)`. +/*@ +lemma void drop_nth_index_of(list vs, int i) +requires + 0 <= i && i < length(vs); +ensures + head(drop(i , vs)) == nth(i, vs); +{ + switch(vs) { + case nil: + case cons(h, t): + if (i == 0) { + // trivial + } else { + drop_nth_index_of(t, i - 1); + } + } +} +@*/ + +/*@ +lemma void remove_append(t x, list l1, list l2) + requires mem(x, l1) == false; + ensures remove(x, append(l1, l2)) == append(l1, remove(x, l2)); +{ + switch(l1) { + case nil: + case cons(h1, t1): + remove_append(x, t1, l2); + } +} +@*/ + +#endif /* VERIFAST_TODO */ + +#endif /* SCP_LIST_PREDICATES_H */ + +/* *INDENT-ON* */ diff --git a/verification/verifast/proof/task_predicates.h b/verification/verifast/proof/task_predicates.h index 02fc7c8061f..57e3a89bce7 100644 --- a/verification/verifast/proof/task_predicates.h +++ b/verification/verifast/proof/task_predicates.h @@ -2,7 +2,7 @@ #define TASKS_GH -#include "single_core_proofs/list_predicates.h" +#include "single_core_proofs/scp_list_predicates.h" /*@ diff --git a/verification/verifast/start-vfide--preprocessed.sh b/verification/verifast/start-vfide--preprocessed.sh index de528818fc3..39d4ff706cd 100755 --- a/verification/verifast/start-vfide--preprocessed.sh +++ b/verification/verifast/start-vfide--preprocessed.sh @@ -35,6 +35,7 @@ echo "\n\nPreprocessing script finished\n\n" # - Need z3v4.5 to handle bitvector arithmetic "$VF_DIR/bin/vfide" "$PP_TASK_C" \ -I proof_setup \ + -I proofs \ -codeFont "$FONT_SIZE" -traceFont "$FONT_SIZE" \ -assume_no_provenance \ -prover z3v4.5 From 8f463be9d808bd3e0267b35250bb1868989aa221 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 18 Nov 2022 15:39:41 -0500 Subject: [PATCH 133/289] VF rewrite: Changed type of `List_t.xListEnd` to match expectations of single-core list proofs. --- include/list.h | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/include/list.h b/include/list.h index 23814161d2f..d1543dfed02 100644 --- a/include/list.h +++ b/include/list.h @@ -193,7 +193,15 @@ typedef struct xLIST listFIRST_LIST_INTEGRITY_CHECK_VALUE /*< Set to a known value if configUSE_LIST_DATA_INTEGRITY_CHECK_BYTES is set to 1. */ volatile UBaseType_t uxNumberOfItems; ListItem_t * configLIST_VOLATILE pxIndex; /*< Used to walk through the list. Points to the last item returned by a call to listGET_OWNER_OF_NEXT_ENTRY (). */ - MiniListItem_t xListEnd; /*< List item that contains the maximum possible item value meaning it is always at the end of the list and is therefore used as a marker. */ + #ifdef VERIFAST + /* Reason for rewrite: + * This change allows us to reuse the existing single-core list proofs, + * for which an identical rewrite for assumed. + */ + ListItem_t xListEnd; + #else + MiniListItem_t xListEnd; /*< List item that contains the maximum possible item value meaning it is always at the end of the list and is therefore used as a marker. */ + #endif /* VERIFAST */ listSECOND_LIST_INTEGRITY_CHECK_VALUE /*< Set to a known value if configUSE_LIST_DATA_INTEGRITY_CHECK_BYTES is set to 1. */ } List_t; From cf65065a0caa7133b0c06d165ef9041ea95790ba Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 18 Nov 2022 16:27:38 -0500 Subject: [PATCH 134/289] Used single-core list predicate `xLIST` to express access permissions to ready lists in `readyLists_p`. --- tasks.c | 2 + .../verifast/proof/ready_list_predicates.h | 43 ++++++++++++++++--- .../single_core_proofs/scp_list_predicates.h | 4 ++ 3 files changed, 43 insertions(+), 6 deletions(-) diff --git a/tasks.c b/tasks.c index 1e16da10456..e1f28fb0d5f 100644 --- a/tasks.c +++ b/tasks.c @@ -985,6 +985,8 @@ static void prvYieldForTask( TCB_t * pxTCB, //@ open taskISRLockInv(); //@ open readyLists_p(); //@ List_array_p_index_within_limits(&pxReadyTasksLists, uxCurrentPriority); + //@ List_array_get_l(pxReadyTasksLists, uxCurrentPriority); + //@ open xLIST(&pxReadyTasksLists[uxCurrentPriority], _, _, _, _, _); if( listLIST_IS_EMPTY( &( pxReadyTasksLists[ uxCurrentPriority ] ) ) == pdFALSE ) { diff --git a/verification/verifast/proof/ready_list_predicates.h b/verification/verifast/proof/ready_list_predicates.h index a72731d40c2..9b4af0ea1ce 100644 --- a/verification/verifast/proof/ready_list_predicates.h +++ b/verification/verifast/proof/ready_list_predicates.h @@ -1,17 +1,48 @@ #ifndef READY_LIST_PREDICATES_H #define READY_LIST_PREDICATES_H +#include "single_core_proofs/scp_list_predicates.h" /*@ -// TODO: Replace List_p by Aaloks list predicate predicate List_array_p(List_t* array, int size) = - pointer_within_limits(array) == true &*& - size > 0 &*& - List_p(array) &*& - size > 1 - ? List_array_p(array + 1, size - 1) + size >= 0 &*& + size > 0 + ? ( + pointer_within_limits(array) == true &*& + xLIST(array, + ?uxNumberOfItems, + ?pxIndex, + ?xListEnd, + ?cells, + ?vals) + &*& + List_array_p(array + 1, size - 1) + ) : true; +lemma void List_array_get_l(List_t* array, int index) +requires List_array_p(array, ?size) &*& + 0 <= index &*& index < size; +ensures List_array_p(array, index) &*& + pointer_within_limits(array) == true &*& + xLIST(array + index, + ?uxNumberOfItems, + ?pxIndex, + ?xListEnd, + ?cells, + ?vals) &*& + List_array_p(array + index + 1, size-index-1); +{ + if( index == 0) { + open List_array_p(array, size); + close List_array_p(array, 0); + } else { + open List_array_p(array, size); + List_array_get_l(array + 1, index - 1); + close List_array_p(array, index); + } +} + // For testing purposes only! // TODO: Replace by Aaloks list predicate predicate List_p(List_t* l); diff --git a/verification/verifast/proof/single_core_proofs/scp_list_predicates.h b/verification/verifast/proof/single_core_proofs/scp_list_predicates.h index 3f044594e79..214db8dc2a3 100644 --- a/verification/verifast/proof/single_core_proofs/scp_list_predicates.h +++ b/verification/verifast/proof/single_core_proofs/scp_list_predicates.h @@ -212,6 +212,8 @@ ensures DLS(n, nprev, mnext, m, cells, vals, l) &*& distinct(cells) == true; } } +#endif /* VERIFAST_TODO */ +/*@ predicate xLIST( struct xLIST *l, int uxNumberOfItems, @@ -229,7 +231,9 @@ predicate xLIST( length(cells) == length(vals) &*& uxNumberOfItems + 1 == length(cells) &*& DLS(xListEnd, ?endprev, xListEnd, endprev, cells, vals, l); +@*/ +#ifdef VERIFAST_TODO lemma void xLIST_distinct_cells(struct xLIST *l) requires xLIST(l, ?n, ?idx, ?end, ?cells, ?vals); ensures xLIST(l, n, idx, end, cells, vals) &*& distinct(cells) == true; From 5b6a92f023d7b935e0ea43ad2762659f89e2715a Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 18 Nov 2022 16:47:47 -0500 Subject: [PATCH 135/289] Added TODO --- verification/verifast/proof/ready_list_predicates.h | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/verification/verifast/proof/ready_list_predicates.h b/verification/verifast/proof/ready_list_predicates.h index 9b4af0ea1ce..f2eae2c8caa 100644 --- a/verification/verifast/proof/ready_list_predicates.h +++ b/verification/verifast/proof/ready_list_predicates.h @@ -42,14 +42,12 @@ ensures List_array_p(array, index) &*& close List_array_p(array, index); } } - -// For testing purposes only! -// TODO: Replace by Aaloks list predicate -predicate List_p(List_t* l); @*/ /*@ +// TODO: We know that the list of priority 0 is never empty. +// It contains the idle task and nothing else. predicate readyLists_p() = List_array_p(&pxReadyTasksLists, configMAX_PRIORITIES); @*/ From 81355bc42f5866406ca3a2d93af635216b4ea4e2 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Mon, 21 Nov 2022 08:05:32 -0500 Subject: [PATCH 136/289] Added DLS lemmas related to`split`. --- .../proof/single_core_proofs/scp_list_predicates.h | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/verification/verifast/proof/single_core_proofs/scp_list_predicates.h b/verification/verifast/proof/single_core_proofs/scp_list_predicates.h index 214db8dc2a3..11e2b6c1a9e 100644 --- a/verification/verifast/proof/single_core_proofs/scp_list_predicates.h +++ b/verification/verifast/proof/single_core_proofs/scp_list_predicates.h @@ -160,8 +160,7 @@ predicate DLS( vals == cons(?v, ?vals0) &*& xLIST_ITEM(n, v, ?o, nprev, pxContainer) &*& DLS(o, n, mnext, m, cells0, vals0, pxContainer); -@*/ -#ifdef VERIFAST_TODO + lemma void dls_star_item( struct xLIST_ITEM *n, struct xLIST_ITEM *m, @@ -191,6 +190,7 @@ ensures DLS(n, nprev, mnext, m, cells, vals, l) &*& xLIST_ITEM(o, v, onext, opre } } + lemma void dls_distinct( struct xLIST_ITEM *n, struct xLIST_ITEM *nprev, @@ -212,8 +212,7 @@ ensures DLS(n, nprev, mnext, m, cells, vals, l) &*& distinct(cells) == true; } } -#endif /* VERIFAST_TODO */ -/*@ + predicate xLIST( struct xLIST *l, int uxNumberOfItems, @@ -286,6 +285,8 @@ ensures DLS(n, m, n, m, cells, vals, l) &*& n != m; close DLS(n, m, n, m, cells, vals, l); } +#endif /* VERIFAST_TODO */ +/*@ lemma void dls_last_mem( struct xLIST_ITEM *n, struct xLIST_ITEM *nprev, @@ -307,6 +308,7 @@ ensures DLS(n, nprev, mnext, m, cells, vals, l) &*& mem(m, cells) == true &*& in close DLS(n, nprev, mnext, m, cells, vals, l); } + lemma void split( struct xLIST_ITEM *n, struct xLIST_ITEM *nprev, @@ -340,7 +342,8 @@ ensures DLS(n, nprev, x, ?xprev, take(i, cells), take(i, vals), l) &*& DLS(x, xp close DLS(n, nprev, x, xprev, take(i, cells), take(i, vals), l); } } - +@*/ +#ifdef VERIFAST_TODO lemma void join( struct xLIST_ITEM *n1, struct xLIST_ITEM *nprev1, From 5cf8b4ed1c89c93e6f13ff82f3d79eb0a4628db1 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Mon, 21 Nov 2022 08:06:19 -0500 Subject: [PATCH 137/289] Added shared global variable `xSchedulerRunning` to task-isr lock invariant. --- verification/verifast/proof/verifast_lock_predicates.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/verification/verifast/proof/verifast_lock_predicates.h index 0a611756177..857604e7962 100644 --- a/verification/verifast/proof/verifast_lock_predicates.h +++ b/verification/verifast/proof/verifast_lock_predicates.h @@ -87,7 +87,8 @@ predicate isrLockInv(); fixpoint int taskISRLockID_f(); predicate taskISRLockInv() = - integer_((void*) &uxSchedulerSuspended, sizeof(UBaseType_t), false, _) + integer_((void*) &uxSchedulerSuspended, sizeof(UBaseType_t), false, _) &*& + integer_(&xSchedulerRunning, sizeof(BaseType_t), true, _) &*& // top ready priority must be in range integer_((void*) &uxTopReadyPriority, sizeof(UBaseType_t), false, ?gTopReadyPriority) &*& From 3fee2ec01f0779936019a1bfe6f8499958a7515b Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Mon, 21 Nov 2022 08:16:28 -0500 Subject: [PATCH 138/289] Added more DLS lemmas. --- .../proof/single_core_proofs/scp_list_predicates.h | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/verification/verifast/proof/single_core_proofs/scp_list_predicates.h b/verification/verifast/proof/single_core_proofs/scp_list_predicates.h index 11e2b6c1a9e..f91beb509d8 100644 --- a/verification/verifast/proof/single_core_proofs/scp_list_predicates.h +++ b/verification/verifast/proof/single_core_proofs/scp_list_predicates.h @@ -230,9 +230,7 @@ predicate xLIST( length(cells) == length(vals) &*& uxNumberOfItems + 1 == length(cells) &*& DLS(xListEnd, ?endprev, xListEnd, endprev, cells, vals, l); -@*/ -#ifdef VERIFAST_TODO lemma void xLIST_distinct_cells(struct xLIST *l) requires xLIST(l, ?n, ?idx, ?end, ?cells, ?vals); ensures xLIST(l, n, idx, end, cells, vals) &*& distinct(cells) == true; @@ -285,8 +283,6 @@ ensures DLS(n, m, n, m, cells, vals, l) &*& n != m; close DLS(n, m, n, m, cells, vals, l); } -#endif /* VERIFAST_TODO */ -/*@ lemma void dls_last_mem( struct xLIST_ITEM *n, struct xLIST_ITEM *nprev, @@ -342,8 +338,7 @@ ensures DLS(n, nprev, x, ?xprev, take(i, cells), take(i, vals), l) &*& DLS(x, xp close DLS(n, nprev, x, xprev, take(i, cells), take(i, vals), l); } } -@*/ -#ifdef VERIFAST_TODO + lemma void join( struct xLIST_ITEM *n1, struct xLIST_ITEM *nprev1, @@ -380,7 +375,9 @@ ensures DLS(n1, nprev1, mnext2, m2, append(cells1, cells2), append(vals1, vals2) close DLS(n1, nprev1, mnext2, m2, append(cells1, cells2), append(vals1, vals2), l); } } +@*/ +#ifdef VERIFAST_TODO lemma void idx_remains_in_list( list cells, t idx, From 92a925bb5903ed2cf2776061314ce5f92a1ce963 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Mon, 21 Nov 2022 09:45:22 -0500 Subject: [PATCH 139/289] Verified selection of initial task item in search loop in `prvSelectHighestPriorityTask`. --- tasks.c | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 61 insertions(+), 4 deletions(-) diff --git a/tasks.c b/tasks.c index e1f28fb0d5f..f0aa1ff66e1 100644 --- a/tasks.c +++ b/tasks.c @@ -986,24 +986,75 @@ static void prvYieldForTask( TCB_t * pxTCB, //@ open readyLists_p(); //@ List_array_p_index_within_limits(&pxReadyTasksLists, uxCurrentPriority); //@ List_array_get_l(pxReadyTasksLists, uxCurrentPriority); + /*@ assert( xLIST(&pxReadyTasksLists[ uxCurrentPriority ], + ?gNumberOfItems, + ?gIndex, + ?gListEnd, + ?gCells, + ?gVals) ); + @*/ //@ open xLIST(&pxReadyTasksLists[uxCurrentPriority], _, _, _, _, _); if( listLIST_IS_EMPTY( &( pxReadyTasksLists[ uxCurrentPriority ] ) ) == pdFALSE ) { - List_t * const pxReadyList = &( pxReadyTasksLists[ uxCurrentPriority ] ); + //@ assert( pxReadyList->pxIndex |-> gIndex ); + //@ assert( DLS(gListEnd, ?gEndPrev, gListEnd, gEndPrev, gCells, gVals, &pxReadyTasksLists[uxCurrentPriority]) ); + ///@ open DLS(gListEnd, gEndPrev, gListEnd, gEndPrev, gCells, gVals, &pxReadyTasksLists[uxCurrentPriority]); + //@ assert( mem(pxReadyList->pxIndex, gCells) == true ); + /*@ + if( pxReadyList->pxIndex == gListEnd ) { + open DLS(gListEnd, gEndPrev, gListEnd, gEndPrev, gCells, gVals, &pxReadyTasksLists[uxCurrentPriority]); + assert( gVals == cons(?gV, ?gRest) ); + assert( xLIST_ITEM(gIndex, gV, ?gO, gEndPrev, &pxReadyTasksLists[uxCurrentPriority]) ); + } else { + int gCellIndex = index_of(gIndex, gCells); + split(gListEnd, gEndPrev, gListEnd, gEndPrev, gCells, gVals, gIndex, gCellIndex); + assert( DLS( gListEnd, gEndPrev, gIndex, ?gIndexPrev, take(gCellIndex, gCells), take(gCellIndex, gVals), &pxReadyTasksLists[uxCurrentPriority]) ); + assert( DLS( gIndex, gIndexPrev, gListEnd, gEndPrev, drop(gCellIndex, gCells), drop(gCellIndex, gVals), &pxReadyTasksLists[uxCurrentPriority]) ); + open DLS( gIndex, gIndexPrev, gListEnd, gEndPrev, drop(gCellIndex, gCells), drop(gCellIndex, gVals), &pxReadyTasksLists[uxCurrentPriority]); + } + @*/ ListItem_t * pxLastTaskItem = pxReadyList->pxIndex->pxPrevious; ListItem_t * pxTaskItem = pxLastTaskItem; + /*@ + if( gIndex == gListEnd ) { + close xLIST_ITEM(gIndex, _, _, gEndPrev, &pxReadyTasksLists[uxCurrentPriority]); + close DLS(gListEnd, gEndPrev, gListEnd, gEndPrev, gCells, gVals, &pxReadyTasksLists[uxCurrentPriority]); + } else { + int gCellIndex = index_of(gIndex, gCells); + assert( DLS( gListEnd, gEndPrev, gIndex, ?gIndexPrev, take(gCellIndex, gCells), take(gCellIndex, gVals), &pxReadyTasksLists[uxCurrentPriority]) ); + close xLIST_ITEM(gIndex, _, _, gIndexPrev, &pxReadyTasksLists[uxCurrentPriority]); + close DLS( gIndex, gIndexPrev, gListEnd, gEndPrev, drop(gCellIndex, gCells), drop(gCellIndex, gVals), &pxReadyTasksLists[uxCurrentPriority]); + assert( DLS( gIndex, gIndexPrev, gListEnd, gEndPrev, drop(gCellIndex, gCells), drop(gCellIndex, gVals), &pxReadyTasksLists[uxCurrentPriority]) ); + + join( gListEnd, gEndPrev, gIndex, gIndexPrev, take(gCellIndex, gCells), take(gCellIndex, gVals), + gIndex, gIndexPrev, gListEnd, gEndPrev, drop(gCellIndex, gCells), drop(gCellIndex, gVals) ); + } + @*/ + // Unified ghost breanches + //@ assert( DLS(gListEnd, gEndPrev, gListEnd, gEndPrev, gCells, gVals, &pxReadyTasksLists[uxCurrentPriority]) ); + + //@ open DLS(gListEnd, gEndPrev, gListEnd, gEndPrev, gCells, gVals, &pxReadyTasksLists[uxCurrentPriority]); + //@ assert( xLIST_ITEM(&pxReadyList->xListEnd, _, _, _, &pxReadyTasksLists[uxCurrentPriority]) ); + //@ open xLIST_ITEM(&pxReadyList->xListEnd, _, _, _, &pxReadyTasksLists[uxCurrentPriority]); + // opening required to prove: + ///@ assert( pointer_within_limits( &pxReadyList->xListEnd ) == true ); + //@ close xLIST_ITEM(&pxReadyList->xListEnd, _, _, _, &pxReadyTasksLists[uxCurrentPriority]); if( ( void * ) pxLastTaskItem == ( void * ) &( pxReadyList->xListEnd ) ) { + //@ assert( gVals == cons(?gV, ?gRest) ); + //@ assert( xLIST_ITEM(?gOldLastTaskItem, gV, ?gO, gEndPrev, &pxReadyTasksLists[uxCurrentPriority]) ); pxLastTaskItem = pxLastTaskItem->pxPrevious; + //@ close xLIST_ITEM(gOldLastTaskItem, gV, gO, gEndPrev, &pxReadyTasksLists[uxCurrentPriority]); } + //@ close DLS(gListEnd, gEndPrev, gListEnd, gEndPrev, gCells, gVals, &pxReadyTasksLists[uxCurrentPriority]); /* The ready task list for uxCurrentPriority is not empty, so uxTopReadyPriority * must not be decremented any further */ xDecrementTopPriority = pdFALSE; - + do { TCB_t * pxTCB; @@ -1081,6 +1132,8 @@ static void prvYieldForTask( TCB_t * pxTCB, { if( xDecrementTopPriority != pdFALSE ) { +// TODO: Remove tmp assumptions +//@ assume( uxTopReadyPriority > 0); uxTopReadyPriority--; #if ( ( configRUN_MULTIPLE_PRIORITIES == 0 ) && ( configNUM_CORES > 1 ) ) { @@ -1089,7 +1142,8 @@ static void prvYieldForTask( TCB_t * pxTCB, #endif } } - +// TODO: Remove tmp assumption, prevents checking of rest of function +//@ assume(false); /* This function can get called by vTaskSuspend() before the scheduler is started. * In that case, since the idle tasks have not yet been created it is possible that we * won't find a new task to schedule. Return pdFALSE in this case. */ @@ -1101,7 +1155,8 @@ static void prvYieldForTask( TCB_t * pxTCB, configASSERT( ( uxCurrentPriority > tskIDLE_PRIORITY ) || ( xTaskScheduled == pdTRUE ) ); uxCurrentPriority--; } - +// TODO: Remove tmp assumption, prevents checking of rest of function +//@ assume(false); configASSERT( taskTASK_IS_RUNNING( pxCurrentTCBs[ xCoreID ]->xTaskRunState ) ); #if ( ( configRUN_MULTIPLE_PRIORITIES == 0 ) && ( configNUM_CORES > 1 ) ) @@ -1179,6 +1234,8 @@ static void prvYieldForTask( TCB_t * pxTCB, #endif /* if ( configNUM_CORES > 1 ) */ return pdTRUE; +// TODO: remove tmp assumption, prevents checking of post condition +//@ assume(false); } #else /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ From de3657239fad362b9f24bfa4dc6979371f8242a3 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Mon, 21 Nov 2022 11:32:25 -0500 Subject: [PATCH 140/289] Added minimal loop invariant to inner search loop in `prvSelectHighestPriorityTask`. --- tasks.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/tasks.c b/tasks.c index f0aa1ff66e1..42c66980e7e 100644 --- a/tasks.c +++ b/tasks.c @@ -1039,8 +1039,8 @@ static void prvYieldForTask( TCB_t * pxTCB, //@ open DLS(gListEnd, gEndPrev, gListEnd, gEndPrev, gCells, gVals, &pxReadyTasksLists[uxCurrentPriority]); //@ assert( xLIST_ITEM(&pxReadyList->xListEnd, _, _, _, &pxReadyTasksLists[uxCurrentPriority]) ); //@ open xLIST_ITEM(&pxReadyList->xListEnd, _, _, _, &pxReadyTasksLists[uxCurrentPriority]); - // opening required to prove: - ///@ assert( pointer_within_limits( &pxReadyList->xListEnd ) == true ); + // opening required to prove validity of `&( pxReadyList->xListEnd )` + ///@ assert( pointer_within_limits( &pxReadyList->xListEnd ) == true ); //@ close xLIST_ITEM(&pxReadyList->xListEnd, _, _, _, &pxReadyTasksLists[uxCurrentPriority]); if( ( void * ) pxLastTaskItem == ( void * ) &( pxReadyList->xListEnd ) ) { @@ -1050,15 +1050,26 @@ static void prvYieldForTask( TCB_t * pxTCB, //@ close xLIST_ITEM(gOldLastTaskItem, gV, gO, gEndPrev, &pxReadyTasksLists[uxCurrentPriority]); } //@ close DLS(gListEnd, gEndPrev, gListEnd, gEndPrev, gCells, gVals, &pxReadyTasksLists[uxCurrentPriority]); + /*@ close xLIST(&pxReadyTasksLists[ uxCurrentPriority ], + gNumberOfItems, gIndex, gListEnd, gCells, gVals); + @*/ /* The ready task list for uxCurrentPriority is not empty, so uxTopReadyPriority * must not be decremented any further */ xDecrementTopPriority = pdFALSE; do + /*@ invariant + xLIST(&pxReadyTasksLists[ uxCurrentPriority ], + gNumberOfItems, gIndex, gListEnd, gCells, gVals) &*& + mem(pxTaskItem, gCells) == true; + @*/ { TCB_t * pxTCB; + //@ List_t* gReadyList = &pxReadyTasksLists[ uxCurrentPriority ]; + //@ open xLIST(gReadyList, gNumberOfItems, gIndex, gListEnd, gCells, gVals); + pxTaskItem = pxTaskItem->pxNext; if( ( void * ) pxTaskItem == ( void * ) &( pxReadyList->xListEnd ) ) From 35aef8007277b92ea76495ca8754a4af12b88b3b Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Mon, 21 Nov 2022 14:02:23 -0500 Subject: [PATCH 141/289] Proved that `pxTaskItem` points to valid list item before inner search loop. --- tasks.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tasks.c b/tasks.c index 42c66980e7e..4cf2c0a3334 100644 --- a/tasks.c +++ b/tasks.c @@ -1017,11 +1017,15 @@ static void prvYieldForTask( TCB_t * pxTCB, ListItem_t * pxLastTaskItem = pxReadyList->pxIndex->pxPrevious; ListItem_t * pxTaskItem = pxLastTaskItem; - /*@ if( gIndex == gListEnd ) { close xLIST_ITEM(gIndex, _, _, gEndPrev, &pxReadyTasksLists[uxCurrentPriority]); close DLS(gListEnd, gEndPrev, gListEnd, gEndPrev, gCells, gVals, &pxReadyTasksLists[uxCurrentPriority]); + + // Loop invariant for inner search loop below requires us + // to prove that `pxTaskItem` points to a valid list item. + dls_last_mem(gListEnd, gEndPrev, gListEnd, gEndPrev, gCells); + assert( mem(pxTaskItem, gCells) == true ); } else { int gCellIndex = index_of(gIndex, gCells); assert( DLS( gListEnd, gEndPrev, gIndex, ?gIndexPrev, take(gCellIndex, gCells), take(gCellIndex, gVals), &pxReadyTasksLists[uxCurrentPriority]) ); @@ -1033,7 +1037,7 @@ static void prvYieldForTask( TCB_t * pxTCB, gIndex, gIndexPrev, gListEnd, gEndPrev, drop(gCellIndex, gCells), drop(gCellIndex, gVals) ); } @*/ - // Unified ghost breanches + // Unified ghost branches //@ assert( DLS(gListEnd, gEndPrev, gListEnd, gEndPrev, gCells, gVals, &pxReadyTasksLists[uxCurrentPriority]) ); //@ open DLS(gListEnd, gEndPrev, gListEnd, gEndPrev, gCells, gVals, &pxReadyTasksLists[uxCurrentPriority]); From 2fd6bcc2d730c6dacf209a40f87b1f5b7c9464f2 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 22 Nov 2022 07:14:21 -0500 Subject: [PATCH 142/289] Updated predicate `xLIST_ITEM` to jeep up with breaking VF change. VeriFast now ensures that no uninitialised values are read. `x |-> _` is interpreted as "uninitialised", `x |-> ?v` is interpreted as "initialised". --- .../single_core_proofs/scp_list_predicates.h | 47 ++++++++++++++----- 1 file changed, 34 insertions(+), 13 deletions(-) diff --git a/verification/verifast/proof/single_core_proofs/scp_list_predicates.h b/verification/verifast/proof/single_core_proofs/scp_list_predicates.h index f91beb509d8..a839ee31483 100644 --- a/verification/verifast/proof/single_core_proofs/scp_list_predicates.h +++ b/verification/verifast/proof/single_core_proofs/scp_list_predicates.h @@ -128,19 +128,40 @@ } List_t; #endif /* VERIFAST_SINGLE_CORE */ -/*@ -predicate xLIST_ITEM( - struct xLIST_ITEM *n, - TickType_t xItemValue, - struct xLIST_ITEM *pxNext, - struct xLIST_ITEM *pxPrevious, - struct xLIST *pxContainer;) = - n->xItemValue |-> xItemValue &*& - n->pxNext |-> pxNext &*& - n->pxPrevious |-> pxPrevious &*& - n->pvOwner |-> _ &*& - n->pxContainer |-> pxContainer; -@*/ +#ifndef VERIFAST_SINGLE_CORE + /* Reason for deletion: + * Breaking change in VeriFast. VeriFast now ensures that no uninitialised + * values are read. `x |-> _` is interpreted as "uninitialised", + * `x |-> ?v` is interpreted as "initialised". + */ + /*@ + predicate xLIST_ITEM( + struct xLIST_ITEM *n, + TickType_t xItemValue, + struct xLIST_ITEM *pxNext, + struct xLIST_ITEM *pxPrevious, + struct xLIST *pxContainer;) = + n->xItemValue |-> xItemValue &*& + n->pxNext |-> pxNext &*& + n->pxPrevious |-> pxPrevious &*& + n->pvOwner |-> ?gOwner &*& + n->pxContainer |-> pxContainer; + @*/ +#else + /*@ + predicate xLIST_ITEM( + struct xLIST_ITEM *n, + TickType_t xItemValue, + struct xLIST_ITEM *pxNext, + struct xLIST_ITEM *pxPrevious, + struct xLIST *pxContainer;) = + n->xItemValue |-> xItemValue &*& + n->pxNext |-> pxNext &*& + n->pxPrevious |-> pxPrevious &*& + n->pvOwner |-> _ &*& + n->pxContainer |-> pxContainer; + @*/ +#endif /* VERIFAST_SINGLE_CORE */ /* Ferreira et al. (STTT'14) doubly-linked list segment (DLS). */ /*@ From 49643b6f5ea349008d13ea1e975e5b21de00c7d2 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 22 Nov 2022 07:18:45 -0500 Subject: [PATCH 143/289] Partial proof justifying that updates of `pxTaskItem` in inner search loop in `prvSelectHighestPriorityTask` are safe. --- tasks.c | 84 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) diff --git a/tasks.c b/tasks.c index 4cf2c0a3334..4a7930a2c2f 100644 --- a/tasks.c +++ b/tasks.c @@ -1073,14 +1073,98 @@ static void prvYieldForTask( TCB_t * pxTCB, //@ List_t* gReadyList = &pxReadyTasksLists[ uxCurrentPriority ]; //@ open xLIST(gReadyList, gNumberOfItems, gIndex, gListEnd, gCells, gVals); + //@ assert( DLS(gListEnd, ?gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gReadyList) ); + //@ int gTaskItemIndex0 = index_of(pxTaskItem, gCells); + //@ struct xLIST_ITEM* gTaskItem0 = pxTaskItem; + + // Open DLS predicate to get access to `pxTaskItem` + /*@ + if( gTaskItem0 == gListEnd) { + open DLS(gListEnd, gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gReadyList); + } else { + split(gListEnd, gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gTaskItem0, gTaskItemIndex0); + assert( DLS( gListEnd, gEndPrev2, gTaskItem0, ?gTaskItemPrev, take(gTaskItemIndex0, gCells), take(gTaskItemIndex0, gVals), gReadyList) ); + assert( DLS( gTaskItem0, gTaskItemPrev, gListEnd, gEndPrev2, drop(gTaskItemIndex0, gCells), drop(gTaskItemIndex0, gVals), gReadyList) ); + open DLS(gTaskItem0, gTaskItemPrev, gListEnd, gEndPrev2, drop(gTaskItemIndex0, gCells), _, gReadyList); + } + @*/ pxTaskItem = pxTaskItem->pxNext; + //@ int gTaskItemIndex1 = index_of(pxTaskItem, gCells); + //@ struct xLIST_ITEM* gTaskItem1 = pxTaskItem; + + // We have to prove ethat `gTaskItem1` points to a valid list item. + /*@ + if( gTaskItem0 == gEndPrev2) { + ; + } else { + open DLS(gTaskItem1, ?a, ?b, ?c, ?gCellsSuffix, ?e, gReadyList); + assert( mem(gTaskItem1, gCellsSuffix) == true ); + assert( mem(gTaskItem1, gCells) == true ); + close DLS(gTaskItem1, a, b, c, gCellsSuffix, e, gReadyList); + } + @*/ + + // close DLS predicate again + /*@ + if( gTaskItem0 == gListEnd) { + close xLIST_ITEM(gListEnd, _, _, gEndPrev2, gReadyList); + close DLS(gListEnd, gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gReadyList); + } else { + assert( DLS( gListEnd, gEndPrev2, gTaskItem0, ?gTaskItemPrev, take(gTaskItemIndex0, gCells), take(gTaskItemIndex0, gVals), gReadyList) ); + close xLIST_ITEM(gTaskItem0, _, _, gTaskItemPrev, gReadyList); + close DLS( gTaskItem0, gTaskItemPrev, gListEnd, gEndPrev2, drop(gTaskItemIndex0, gCells), drop(gTaskItemIndex0, gVals), gReadyList); + join(gListEnd, gEndPrev2, gTaskItem0, gTaskItemPrev, take(gTaskItemIndex0, gCells), take(gTaskItemIndex0, gVals), + gTaskItem0, gTaskItemPrev, gListEnd, gEndPrev2, drop(gTaskItemIndex0, gCells), drop(gTaskItemIndex0, gVals)); + } + @*/ + // unifying ghost branches + //@ assert( DLS(gListEnd, gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gReadyList) ); + + + // We have to prove ethat `gTaskItem1` points to a valid list item. + /*@ + if( gTaskItem0 == gEndPrev2) { + dls_first_mem(gListEnd, gEndPrev2, gListEnd, gEndPrev2, gCells); + assert( mem(gTaskItem1, gCells) == true ); + } else { + ; + } + @*/ + + + // Open DLS predicate to get access to `pxTaskItem` + /*@ + if( gTaskItem1 == gListEnd) { + open DLS(gListEnd, gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gReadyList); + } else { + split(gListEnd, gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gTaskItem1, gTaskItemIndex1); + assert( DLS( gListEnd, gEndPrev2, gTaskItem1, ?gTaskItemPrev, take(gTaskItemIndex1, gCells), take(gTaskItemIndex1, gVals), gReadyList) ); + assert( DLS( gTaskItem1, gTaskItemPrev, gListEnd, gEndPrev2, drop(gTaskItemIndex1, gCells), drop(gTaskItemIndex1, gVals), gReadyList) ); + open DLS(gTaskItem1, gTaskItemPrev, gListEnd, gEndPrev2, _, _, gReadyList); + } + @*/ if( ( void * ) pxTaskItem == ( void * ) &( pxReadyList->xListEnd ) ) { pxTaskItem = pxTaskItem->pxNext; } + /*@ + if( gTaskItem1 == gListEnd) { + close xLIST_ITEM(gListEnd, _, _, gEndPrev2, gReadyList); + close DLS(gListEnd, gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gReadyList); + } else { + assert( DLS( gListEnd, gEndPrev2, gTaskItem1, ?gTaskItemPrev, take(gTaskItemIndex1, gCells), take(gTaskItemIndex1, gVals), gReadyList) ); + close xLIST_ITEM(gTaskItem1, _, _, gTaskItemPrev, gReadyList); + close DLS( gTaskItem1, gTaskItemPrev, gListEnd, gEndPrev2, drop(gTaskItemIndex1, gCells), drop(gTaskItemIndex1, gVals), gReadyList); + join(gListEnd, gEndPrev2, gTaskItem1, gTaskItemPrev, take(gTaskItemIndex1, gCells), take(gTaskItemIndex1, gVals), + gTaskItem1, gTaskItemPrev, gListEnd, gEndPrev2, drop(gTaskItemIndex1, gCells), drop(gTaskItemIndex1, gVals)); + } + @*/ + // unifying ghost branches + //@ assert( DLS(gListEnd, gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gReadyList) ); + pxTCB = pxTaskItem->pvOwner; /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */ From f7e537a19f8bb04ef9ea2ce09e43e788f904c2f7 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 22 Nov 2022 10:10:41 -0500 Subject: [PATCH 144/289] Restructured proof. New proof opens the DLS predicate to justify accesses to `pxTaskItem->next` and proves that `pxTaskItem->next` points to a valid list item. --- tasks.c | 182 ++++++++++-------- .../verifast/proof/verifast_lists_extended.h | 15 ++ 2 files changed, 122 insertions(+), 75 deletions(-) create mode 100644 verification/verifast/proof/verifast_lists_extended.h diff --git a/tasks.c b/tasks.c index 4a7930a2c2f..026401fc8e6 100644 --- a/tasks.c +++ b/tasks.c @@ -83,6 +83,7 @@ #include "verifast_asm.h" #include "verifast_port_contracts.h" #include "verifast_lock_predicates.h" + #include "verifast_lists_extended.h" #include "snippets/rp2040_port_c_snippets.c" @@ -1074,97 +1075,128 @@ static void prvYieldForTask( TCB_t * pxTCB, //@ List_t* gReadyList = &pxReadyTasksLists[ uxCurrentPriority ]; //@ open xLIST(gReadyList, gNumberOfItems, gIndex, gListEnd, gCells, gVals); //@ assert( DLS(gListEnd, ?gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gReadyList) ); - //@ int gTaskItemIndex0 = index_of(pxTaskItem, gCells); - //@ struct xLIST_ITEM* gTaskItem0 = pxTaskItem; - // Open DLS predicate to get access to `pxTaskItem` - /*@ - if( gTaskItem0 == gListEnd) { - open DLS(gListEnd, gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gReadyList); - } else { - split(gListEnd, gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gTaskItem0, gTaskItemIndex0); - assert( DLS( gListEnd, gEndPrev2, gTaskItem0, ?gTaskItemPrev, take(gTaskItemIndex0, gCells), take(gTaskItemIndex0, gVals), gReadyList) ); - assert( DLS( gTaskItem0, gTaskItemPrev, gListEnd, gEndPrev2, drop(gTaskItemIndex0, gCells), drop(gTaskItemIndex0, gVals), gReadyList) ); - open DLS(gTaskItem0, gTaskItemPrev, gListEnd, gEndPrev2, drop(gTaskItemIndex0, gCells), _, gReadyList); - } - @*/ + //@ int gTaskItemIndex_0 = index_of(pxTaskItem, gCells); + //@ struct xLIST_ITEM* gTaskItem_0 = pxTaskItem; - pxTaskItem = pxTaskItem->pxNext; - - //@ int gTaskItemIndex1 = index_of(pxTaskItem, gCells); - //@ struct xLIST_ITEM* gTaskItem1 = pxTaskItem; - // We have to prove ethat `gTaskItem1` points to a valid list item. - /*@ - if( gTaskItem0 == gEndPrev2) { - ; - } else { - open DLS(gTaskItem1, ?a, ?b, ?c, ?gCellsSuffix, ?e, gReadyList); - assert( mem(gTaskItem1, gCellsSuffix) == true ); - assert( mem(gTaskItem1, gCells) == true ); - close DLS(gTaskItem1, a, b, c, gCellsSuffix, e, gReadyList); - } - @*/ - - // close DLS predicate again + /* Proof idea: + * - Open DLS predicate to justify access to fields of + * `gTaskItem_0` + * - Prove `mem(gTaskItem_1, gCells) == true` + * + * In if-statement: + * - Open DLS predicate to justify access to + * `gTaskItem_1->next` in if-statement + * - Prove `mem(gTaskItem_2, gCells) == true` + * + * After if-statement: + * - Prove `mem(gTaskItem_3, gCells) == true` + */ + + //@ assert( pxTaskItem == gTaskItem_0 ); + /* Open DLS predicate to justify accessing `gTaskItem_0->pxNext`. + * Note: Case distinction required by `split` lemma. + */ /*@ - if( gTaskItem0 == gListEnd) { - close xLIST_ITEM(gListEnd, _, _, gEndPrev2, gReadyList); - close DLS(gListEnd, gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gReadyList); + if( gTaskItem_0 == gListEnd ) { + open DLS(gListEnd, gEndPrev2, gListEnd, gEndPrev2, + gCells, gVals, gReadyList); + // open DLS and xLIST_ITEM predicates to justify + // accessing `gTaskItem_0->pxNext` + assert( xLIST_ITEM(gListEnd, ?gV, ?gNext, gEndPrev2, gReadyList) ); + open xLIST_ITEM(gListEnd, gV, gNext, gEndPrev2, gReadyList); + assert( DLS(gNext, gListEnd, gListEnd, gEndPrev2, drop(1, gCells), drop(1, gVals), gReadyList ) ); + open DLS(gNext, gListEnd, gListEnd, gEndPrev2, drop(1, gCells), drop(1, gVals), gReadyList ); + + // open DLS and xLIST_ITEM predicates to prove + // `mem( gTaskItem_0->pxNext, gCells) == true )` + // which requires accessing `gTaskItem_0->pxNext` + assert( xLIST_ITEM(gNext, ?gV_next, ?gNextNext, gListEnd, gReadyList) ); + open xLIST_ITEM(gNext, gV_next, gNextNext, gListEnd, gReadyList); + assert( mem(gTaskItem_0->pxNext, gCells) == true ); } else { - assert( DLS( gListEnd, gEndPrev2, gTaskItem0, ?gTaskItemPrev, take(gTaskItemIndex0, gCells), take(gTaskItemIndex0, gVals), gReadyList) ); - close xLIST_ITEM(gTaskItem0, _, _, gTaskItemPrev, gReadyList); - close DLS( gTaskItem0, gTaskItemPrev, gListEnd, gEndPrev2, drop(gTaskItemIndex0, gCells), drop(gTaskItemIndex0, gVals), gReadyList); - join(gListEnd, gEndPrev2, gTaskItem0, gTaskItemPrev, take(gTaskItemIndex0, gCells), take(gTaskItemIndex0, gVals), - gTaskItem0, gTaskItemPrev, gListEnd, gEndPrev2, drop(gTaskItemIndex0, gCells), drop(gTaskItemIndex0, gVals)); + // open DLS and xLIST_ITEM predicates to justify + // accessing `gTaskItem_0->pxNext` + split(gListEnd, gEndPrev2, gListEnd, gEndPrev2, + gCells, gVals, gTaskItem_0, gTaskItemIndex_0); + // DLS prefix + assert( DLS(gListEnd, gEndPrev2, gTaskItem_0, ?gTaskItem_0_prev, + take(gTaskItemIndex_0, gCells), take(gTaskItemIndex_0, gVals), + gReadyList) ); + // DLS suffix + assert( DLS(gTaskItem_0, gTaskItem_0_prev, gListEnd, gEndPrev2, + drop(gTaskItemIndex_0, gCells), drop(gTaskItemIndex_0, gVals), + gReadyList) ); + open DLS(gTaskItem_0, gTaskItem_0_prev, gListEnd, gEndPrev2, + drop(gTaskItemIndex_0, gCells), drop(gTaskItemIndex_0, gVals), + gReadyList); + assert( xLIST_ITEM(gTaskItem_0, ?gV, ?gTaskItem_0_next, gTaskItem_0_prev, gReadyList) ); + + + // open DLS and xLIST_ITEM predicates to prove + // `mem( gTaskItem_0->pxNext, gCells) == true )` + // which requires accessing `gTaskItem_0->pxNext` + if(gTaskItem_0 == gEndPrev2) { + // `gTaskItem_0` is last element in DLS suffix + // -> `gTaskItem_0_next` is head fo DLS prefix + // open DLS prefix + pxTaskItem->pxNext; + assert( mem(gTaskItem_0->pxNext, gCells) == true ); + ; + } else { + // `gTaskItem_0` is not end of DLS suffix + // -> `gTaskItem_0_next` is also in DLS suffix + // open DLS suffix one step further + + + assert( DLS(gTaskItem_0_next, gTaskItem_0, gListEnd, gEndPrev2, + drop(1, drop(gTaskItemIndex_0, gCells)), drop(1, drop(gTaskItemIndex_0, gVals)), //drop(gTaskItemIndex_0 + 1, gCells), drop(gTaskItemIndex_0 + 1, gVals), + gReadyList) ); + open DLS(gTaskItem_0_next, gTaskItem_0, gListEnd, gEndPrev2, + drop(1, drop(gTaskItemIndex_0, gCells)), drop(1, drop(gTaskItemIndex_0, gVals)), + gReadyList); + assert( xLIST_ITEM(gTaskItem_0_next, ?gNextVal, ?gTaskItem_0_next_next, gTaskItem_0, gReadyList) ); + //open xLIST_ITEM(gTaskItem_0_next, gNextVal, gTaskItem_0_next_next, gTaskItem_0, gReadyList); + pxTaskItem->pxNext; + assert( gTaskItem_0_next == pxTaskItem->pxNext ); + assert( mem(gTaskItem_0_next, drop(1, drop(gTaskItemIndex_0, gCells))) == true ); + //assert( gCells == cons(_, drop(1, drop(gTaskItemIndex_0, gCells)) ); + assert( mem(gTaskItem_0_next, drop(gTaskItemIndex_0, gCells)) == true ); + mem_suffix_implies_mem(gTaskItem_0_next, gCells, gTaskItemIndex_0); + assert( mem(gTaskItem_0_next, gCells) == true ); + assert( mem(gTaskItem_0->pxNext, gCells) == true ); + } + + + + } @*/ - // unifying ghost branches - //@ assert( DLS(gListEnd, gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gReadyList) ); + pxTaskItem = pxTaskItem->pxNext; + //@ int gTaskItemIndex_1 = index_of(pxTaskItem, gCells); + //@ struct xLIST_ITEM* gTaskItem_1 = pxTaskItem; - // We have to prove ethat `gTaskItem1` points to a valid list item. - /*@ - if( gTaskItem0 == gEndPrev2) { - dls_first_mem(gListEnd, gEndPrev2, gListEnd, gEndPrev2, gCells); - assert( mem(gTaskItem1, gCells) == true ); - } else { - ; - } - @*/ + //@ assert( mem(gTaskItem_1, gCells) == true ); + //@ assume(false); - - // Open DLS predicate to get access to `pxTaskItem` - /*@ - if( gTaskItem1 == gListEnd) { - open DLS(gListEnd, gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gReadyList); - } else { - split(gListEnd, gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gTaskItem1, gTaskItemIndex1); - assert( DLS( gListEnd, gEndPrev2, gTaskItem1, ?gTaskItemPrev, take(gTaskItemIndex1, gCells), take(gTaskItemIndex1, gVals), gReadyList) ); - assert( DLS( gTaskItem1, gTaskItemPrev, gListEnd, gEndPrev2, drop(gTaskItemIndex1, gCells), drop(gTaskItemIndex1, gVals), gReadyList) ); - open DLS(gTaskItem1, gTaskItemPrev, gListEnd, gEndPrev2, _, _, gReadyList); - } - @*/ if( ( void * ) pxTaskItem == ( void * ) &( pxReadyList->xListEnd ) ) { + //@ assert( pxTaskItem == gTaskItem_1 ); pxTaskItem = pxTaskItem->pxNext; + //@ int gTaskItemIndex_2 = index_of(pxTaskItem, gCells); + //@ struct xLIST_ITEM* gTaskItem_2 = pxTaskItem; } - /*@ - if( gTaskItem1 == gListEnd) { - close xLIST_ITEM(gListEnd, _, _, gEndPrev2, gReadyList); - close DLS(gListEnd, gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gReadyList); - } else { - assert( DLS( gListEnd, gEndPrev2, gTaskItem1, ?gTaskItemPrev, take(gTaskItemIndex1, gCells), take(gTaskItemIndex1, gVals), gReadyList) ); - close xLIST_ITEM(gTaskItem1, _, _, gTaskItemPrev, gReadyList); - close DLS( gTaskItem1, gTaskItemPrev, gListEnd, gEndPrev2, drop(gTaskItemIndex1, gCells), drop(gTaskItemIndex1, gVals), gReadyList); - join(gListEnd, gEndPrev2, gTaskItem1, gTaskItemPrev, take(gTaskItemIndex1, gCells), take(gTaskItemIndex1, gVals), - gTaskItem1, gTaskItemPrev, gListEnd, gEndPrev2, drop(gTaskItemIndex1, gCells), drop(gTaskItemIndex1, gVals)); - } - @*/ - // unifying ghost branches - //@ assert( DLS(gListEnd, gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gReadyList) ); + //@ int gTaskItemIndex_3 = index_of(pxTaskItem, gCells); + //@ struct xLIST_ITEM* gTaskItem_3 = pxTaskItem; + + +// TODO: Remove +// Ensure that we coveredd all cases until this point +//@ assume(false); pxTCB = pxTaskItem->pvOwner; /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */ diff --git a/verification/verifast/proof/verifast_lists_extended.h b/verification/verifast/proof/verifast_lists_extended.h new file mode 100644 index 00000000000..08f1f1c46c9 --- /dev/null +++ b/verification/verifast/proof/verifast_lists_extended.h @@ -0,0 +1,15 @@ +#ifndef VERIFAST_LISTS_EXTENDED_H +#define VERIFAST_LISTS_EXTENDED_H + +/* This file contains lemmas that would fit `list.gh` which is part + * of VeriFast's standard library. + */ + +// TODO: prove +/*@ +lemma void mem_suffix_implies_mem(t x, list xs, int i); +requires mem(x, drop(i, xs)) == true; +ensures mem(x, xs) == true; +@*/ + +#endif /* VERIFAST_LISTS_EXTENDED_H */ \ No newline at end of file From 538f29caebc754d82ea40fac30ca935569f9298c Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 22 Nov 2022 10:17:37 -0500 Subject: [PATCH 145/289] Closed some predicates to simplify proof state. --- tasks.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tasks.c b/tasks.c index 026401fc8e6..e8d2094ebd6 100644 --- a/tasks.c +++ b/tasks.c @@ -1115,6 +1115,7 @@ static void prvYieldForTask( TCB_t * pxTCB, assert( xLIST_ITEM(gNext, ?gV_next, ?gNextNext, gListEnd, gReadyList) ); open xLIST_ITEM(gNext, gV_next, gNextNext, gListEnd, gReadyList); assert( mem(gTaskItem_0->pxNext, gCells) == true ); + close xLIST_ITEM(gNext, gV_next, gNextNext, gListEnd, gReadyList); } else { // open DLS and xLIST_ITEM predicates to justify // accessing `gTaskItem_0->pxNext` @@ -1166,6 +1167,12 @@ static void prvYieldForTask( TCB_t * pxTCB, mem_suffix_implies_mem(gTaskItem_0_next, gCells, gTaskItemIndex_0); assert( mem(gTaskItem_0_next, gCells) == true ); assert( mem(gTaskItem_0->pxNext, gCells) == true ); + + close xLIST_ITEM(gTaskItem_0_next, gNextVal, gTaskItem_0_next_next, gTaskItem_0, gReadyList); + close DLS(gTaskItem_0_next, gTaskItem_0, gListEnd, gEndPrev2, + drop(1, drop(gTaskItemIndex_0, gCells)), drop(1, drop(gTaskItemIndex_0, gVals)), + gReadyList); + } From 397cb12abba487ad9d303c5698375b2a2476e160 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 22 Nov 2022 12:59:52 -0500 Subject: [PATCH 146/289] Added lemmas to reason about updates to pointers in the ready list of the form `pxTaskItem = pxTaskItem->pxNext` --- tasks.c | 81 +------- .../single_core_proofs_extended/README.md | 4 + .../scp_list_predicates_extended.h | 180 ++++++++++++++++++ 3 files changed, 188 insertions(+), 77 deletions(-) create mode 100644 verification/verifast/proof/single_core_proofs_extended/README.md create mode 100644 verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h diff --git a/tasks.c b/tasks.c index e8d2094ebd6..9c9b67cb5f0 100644 --- a/tasks.c +++ b/tasks.c @@ -84,6 +84,8 @@ #include "verifast_port_contracts.h" #include "verifast_lock_predicates.h" #include "verifast_lists_extended.h" + #include "single_core_proofs/scp_list_predicates.h" + #include "single_core_proofs_extended/scp_list_predicates_extended.h" #include "snippets/rp2040_port_c_snippets.c" @@ -1100,84 +1102,9 @@ static void prvYieldForTask( TCB_t * pxTCB, */ /*@ if( gTaskItem_0 == gListEnd ) { - open DLS(gListEnd, gEndPrev2, gListEnd, gEndPrev2, - gCells, gVals, gReadyList); - // open DLS and xLIST_ITEM predicates to justify - // accessing `gTaskItem_0->pxNext` - assert( xLIST_ITEM(gListEnd, ?gV, ?gNext, gEndPrev2, gReadyList) ); - open xLIST_ITEM(gListEnd, gV, gNext, gEndPrev2, gReadyList); - assert( DLS(gNext, gListEnd, gListEnd, gEndPrev2, drop(1, gCells), drop(1, gVals), gReadyList ) ); - open DLS(gNext, gListEnd, gListEnd, gEndPrev2, drop(1, gCells), drop(1, gVals), gReadyList ); - - // open DLS and xLIST_ITEM predicates to prove - // `mem( gTaskItem_0->pxNext, gCells) == true )` - // which requires accessing `gTaskItem_0->pxNext` - assert( xLIST_ITEM(gNext, ?gV_next, ?gNextNext, gListEnd, gReadyList) ); - open xLIST_ITEM(gNext, gV_next, gNextNext, gListEnd, gReadyList); - assert( mem(gTaskItem_0->pxNext, gCells) == true ); - close xLIST_ITEM(gNext, gV_next, gNextNext, gListEnd, gReadyList); + DLS_end_next_open(gReadyList, gTaskItem_0); } else { - // open DLS and xLIST_ITEM predicates to justify - // accessing `gTaskItem_0->pxNext` - split(gListEnd, gEndPrev2, gListEnd, gEndPrev2, - gCells, gVals, gTaskItem_0, gTaskItemIndex_0); - // DLS prefix - assert( DLS(gListEnd, gEndPrev2, gTaskItem_0, ?gTaskItem_0_prev, - take(gTaskItemIndex_0, gCells), take(gTaskItemIndex_0, gVals), - gReadyList) ); - // DLS suffix - assert( DLS(gTaskItem_0, gTaskItem_0_prev, gListEnd, gEndPrev2, - drop(gTaskItemIndex_0, gCells), drop(gTaskItemIndex_0, gVals), - gReadyList) ); - open DLS(gTaskItem_0, gTaskItem_0_prev, gListEnd, gEndPrev2, - drop(gTaskItemIndex_0, gCells), drop(gTaskItemIndex_0, gVals), - gReadyList); - assert( xLIST_ITEM(gTaskItem_0, ?gV, ?gTaskItem_0_next, gTaskItem_0_prev, gReadyList) ); - - - // open DLS and xLIST_ITEM predicates to prove - // `mem( gTaskItem_0->pxNext, gCells) == true )` - // which requires accessing `gTaskItem_0->pxNext` - if(gTaskItem_0 == gEndPrev2) { - // `gTaskItem_0` is last element in DLS suffix - // -> `gTaskItem_0_next` is head fo DLS prefix - // open DLS prefix - pxTaskItem->pxNext; - assert( mem(gTaskItem_0->pxNext, gCells) == true ); - ; - } else { - // `gTaskItem_0` is not end of DLS suffix - // -> `gTaskItem_0_next` is also in DLS suffix - // open DLS suffix one step further - - - assert( DLS(gTaskItem_0_next, gTaskItem_0, gListEnd, gEndPrev2, - drop(1, drop(gTaskItemIndex_0, gCells)), drop(1, drop(gTaskItemIndex_0, gVals)), //drop(gTaskItemIndex_0 + 1, gCells), drop(gTaskItemIndex_0 + 1, gVals), - gReadyList) ); - open DLS(gTaskItem_0_next, gTaskItem_0, gListEnd, gEndPrev2, - drop(1, drop(gTaskItemIndex_0, gCells)), drop(1, drop(gTaskItemIndex_0, gVals)), - gReadyList); - assert( xLIST_ITEM(gTaskItem_0_next, ?gNextVal, ?gTaskItem_0_next_next, gTaskItem_0, gReadyList) ); - //open xLIST_ITEM(gTaskItem_0_next, gNextVal, gTaskItem_0_next_next, gTaskItem_0, gReadyList); - pxTaskItem->pxNext; - assert( gTaskItem_0_next == pxTaskItem->pxNext ); - assert( mem(gTaskItem_0_next, drop(1, drop(gTaskItemIndex_0, gCells))) == true ); - //assert( gCells == cons(_, drop(1, drop(gTaskItemIndex_0, gCells)) ); - assert( mem(gTaskItem_0_next, drop(gTaskItemIndex_0, gCells)) == true ); - mem_suffix_implies_mem(gTaskItem_0_next, gCells, gTaskItemIndex_0); - assert( mem(gTaskItem_0_next, gCells) == true ); - assert( mem(gTaskItem_0->pxNext, gCells) == true ); - - close xLIST_ITEM(gTaskItem_0_next, gNextVal, gTaskItem_0_next_next, gTaskItem_0, gReadyList); - close DLS(gTaskItem_0_next, gTaskItem_0, gListEnd, gEndPrev2, - drop(1, drop(gTaskItemIndex_0, gCells)), drop(1, drop(gTaskItemIndex_0, gVals)), - gReadyList); - - } - - - - + DLS_nonEndItem_next_open(gReadyList, gTaskItem_0); } @*/ pxTaskItem = pxTaskItem->pxNext; diff --git a/verification/verifast/proof/single_core_proofs_extended/README.md b/verification/verifast/proof/single_core_proofs_extended/README.md new file mode 100644 index 00000000000..05888276b2c --- /dev/null +++ b/verification/verifast/proof/single_core_proofs_extended/README.md @@ -0,0 +1,4 @@ +This directory contains proofs that concern the predicates and proofs written +by Aalok Thakkar and Nathan Chong, see directory `single_core_proofs`. +For now, we want to have a clear separation between the reused proofs in +`single_core_proofs` and any new proofs. \ No newline at end of file diff --git a/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h b/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h new file mode 100644 index 00000000000..65c34f3794c --- /dev/null +++ b/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h @@ -0,0 +1,180 @@ +#ifndef SCP_LIST_PREDICATES_EXTENDED_H +#define SCP_LIST_PREDICATES_EXTENDED_H + +#include "single_core_proofs/scp_list_predicates.h" + +/*@ +lemma void DLS_end_next_open(struct xLIST* gReadyList, struct xLIST_ITEM* gTaskItem_0) +requires + DLS(?gListEnd, ?gEndPrev2, gListEnd, gEndPrev2, ?gCells, ?gVals, gReadyList) &*& + mem(gTaskItem_0, gCells) == true &*& + gListEnd == head(gCells) &*& + length(gCells) == length(gVals) &*& + length(gCells) > 1 + &*& + gTaskItem_0 == gListEnd; +ensures xLIST_ITEM(gListEnd, ?gV, ?gNext, gEndPrev2, gReadyList) &*& + DLS(gNext, gListEnd, gListEnd, gEndPrev2, drop(1, gCells), drop(1, gVals), gReadyList ) &*& + mem(gNext, gCells) == true; +{ + open DLS(gListEnd, gEndPrev2, gListEnd, gEndPrev2, + gCells, gVals, gReadyList); + // open DLS and xLIST_ITEM predicates to justify + // accessing `gTaskItem_0->pxNext` + assert( xLIST_ITEM(gListEnd, ?gV, ?gNext, gEndPrev2, gReadyList) ); + open xLIST_ITEM(gListEnd, gV, gNext, gEndPrev2, gReadyList); + assert( DLS(gNext, gListEnd, gListEnd, gEndPrev2, drop(1, gCells), drop(1, gVals), gReadyList ) ); + open DLS(gNext, gListEnd, gListEnd, gEndPrev2, drop(1, gCells), drop(1, gVals), gReadyList ); + + // open DLS and xLIST_ITEM predicates to prove + // `mem( gTaskItem_0->pxNext, gCells) == true )` + // which requires accessing `gTaskItem_0->pxNext` + assert( xLIST_ITEM(gNext, ?gV_next, ?gNextNext, gListEnd, gReadyList) ); + open xLIST_ITEM(gNext, gV_next, gNextNext, gListEnd, gReadyList); + assert( mem(gTaskItem_0->pxNext, gCells) == true ); + close xLIST_ITEM(gNext, gV_next, gNextNext, gListEnd, gReadyList); + + // closing what we opened above + close DLS(gNext, gListEnd, gListEnd, gEndPrev2, drop(1, gCells), drop(1, gVals), gReadyList ); + close xLIST_ITEM(gListEnd, gV, gNext, gEndPrev2, gReadyList); +} + + +lemma void DLS_nonEndItem_next_open(struct xLIST* gReadyList, struct xLIST_ITEM* gTaskItem_0) +requires + DLS(?gListEnd, ?gEndPrev2, gListEnd, gEndPrev2, ?gCells, ?gVals, gReadyList) &*& + mem(gTaskItem_0, gCells) == true &*& + gListEnd == head(gCells) &*& + length(gCells) == length(gVals) &*& + length(gCells) > 1 + &*& + gTaskItem_0 != gListEnd; +ensures // DLS prefix + DLS(gListEnd, gEndPrev2, gTaskItem_0, ?gTaskItem_0_prev, + take(index_of(gTaskItem_0, gCells), gCells), + take(index_of(gTaskItem_0, gCells), gVals), + gReadyList) + &*& + // item of interest + xLIST_ITEM(gTaskItem_0, ?gV, ?gTaskItem_0_next, gTaskItem_0_prev, gReadyList) + &*& + // DLS suffix + (gTaskItem_0 != gEndPrev2 + ? DLS(gTaskItem_0_next, gTaskItem_0, gListEnd, gEndPrev2, + drop(1, drop(index_of(gTaskItem_0, gCells), gCells)), + drop(1, drop(index_of(gTaskItem_0, gCells), gVals)), + gReadyList) + : true + ) + &*& + mem(gTaskItem_0_next, gCells) == true; +{ + int gTaskItemIndex_0 = index_of(gTaskItem_0, gCells); + + + // open DLS and xLIST_ITEM predicates to justify + // accessing `gTaskItem_0->pxNext` + split(gListEnd, gEndPrev2, gListEnd, gEndPrev2, + gCells, gVals, gTaskItem_0, gTaskItemIndex_0); + // DLS prefix + assert( DLS(gListEnd, gEndPrev2, gTaskItem_0, ?gTaskItem_0_prev, + take(gTaskItemIndex_0, gCells), take(gTaskItemIndex_0, gVals), + gReadyList) ); + // DLS suffix + assert( DLS(gTaskItem_0, gTaskItem_0_prev, gListEnd, gEndPrev2, + drop(gTaskItemIndex_0, gCells), drop(gTaskItemIndex_0, gVals), + gReadyList) ); + open DLS(gTaskItem_0, gTaskItem_0_prev, gListEnd, gEndPrev2, + drop(gTaskItemIndex_0, gCells), drop(gTaskItemIndex_0, gVals), + gReadyList); + assert( xLIST_ITEM(gTaskItem_0, ?gV, ?gTaskItem_0_next, gTaskItem_0_prev, gReadyList) ); + + + // open DLS and xLIST_ITEM predicates to prove + // `mem( gTaskItem_0->pxNext, gCells) == true )` + // which requires accessing `gTaskItem_0->pxNext` + if(gTaskItem_0 == gEndPrev2) { + // `gTaskItem_0` is last element in DLS suffix + // -> `gTaskItem_0_next` is head fo DLS prefix + // open DLS prefix + open xLIST_ITEM(gTaskItem_0, gV, gTaskItem_0_next, gTaskItem_0_prev, gReadyList); + assert( gCells == cons(_, _) ); + assert( mem(gTaskItem_0->pxNext, gCells) == true ); + + // close item of interest + close xLIST_ITEM(gTaskItem_0, gV, gTaskItem_0_next, gTaskItem_0_prev, gReadyList); + } else { + // `gTaskItem_0` is not end of DLS suffix + // -> `gTaskItem_0_next` is also in DLS suffix + // open DLS suffix one step further + + // rest of DLS suffix + assert( DLS(gTaskItem_0_next, gTaskItem_0, gListEnd, gEndPrev2, + drop(1, drop(gTaskItemIndex_0, gCells)), drop(1, drop(gTaskItemIndex_0, gVals)), //drop(gTaskItemIndex_0 + 1, gCells), drop(gTaskItemIndex_0 + 1, gVals), + gReadyList) ); + open DLS(gTaskItem_0_next, gTaskItem_0, gListEnd, gEndPrev2, + drop(1, drop(gTaskItemIndex_0, gCells)), drop(1, drop(gTaskItemIndex_0, gVals)), + gReadyList); + assert( xLIST_ITEM(gTaskItem_0_next, ?gNextVal, ?gTaskItem_0_next_next, gTaskItem_0, gReadyList) ); + open xLIST_ITEM(gTaskItem_0, gV, gTaskItem_0_next, gTaskItem_0_prev, gReadyList); + assert( gTaskItem_0_next == gTaskItem_0->pxNext ); + assert( mem(gTaskItem_0_next, drop(1, drop(gTaskItemIndex_0, gCells))) == true ); + //assert( gCells == cons(_, drop(1, drop(gTaskItemIndex_0, gCells)) ); + assert( mem(gTaskItem_0_next, drop(gTaskItemIndex_0, gCells)) == true ); + mem_suffix_implies_mem(gTaskItem_0_next, gCells, gTaskItemIndex_0); + assert( mem(gTaskItem_0_next, gCells) == true ); + assert( mem(gTaskItem_0->pxNext, gCells) == true ); + + // close rest of DLS suffix + close xLIST_ITEM(gTaskItem_0_next, gNextVal, gTaskItem_0_next_next, gTaskItem_0, gReadyList); + close DLS(gTaskItem_0_next, gTaskItem_0, gListEnd, gEndPrev2, + drop(1, drop(gTaskItemIndex_0, gCells)), drop(1, drop(gTaskItemIndex_0, gVals)), + gReadyList); + + // close item of interest + close xLIST_ITEM(gTaskItem_0, gV, gTaskItem_0_next, gTaskItem_0_prev, gReadyList); + } +} +@*/ + +/* By verifying the following function, we can validate that the above lemmas + * apply to the use cases they are meant for. + */ +void lemma_validation__DLS_item_next(struct xLIST_ITEM* pxTaskItem) +/*@ requires + DLS(?gListEnd, ?gEndPrev2, gListEnd, gEndPrev2, ?gCells, ?gVals, ?gReadyList) &*& + mem(pxTaskItem, gCells) == true &*& + gListEnd == head(gCells) &*& + length(gCells) == length(gVals) &*& + length(gCells) > 1; +@*/ +/*@ ensures + DLS(gListEnd, gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gReadyList) &*& + mem(pxTaskItem, gCells) == true; +@*/ +{ + //@ int gTaskItemIndex_0 = index_of(pxTaskItem, gCells); + //@ struct xLIST_ITEM* gTaskItem_0 = pxTaskItem; + + /*@ + if( gTaskItem_0 == gListEnd ) { + DLS_end_next_open(gReadyList, gTaskItem_0); + } else { + DLS_nonEndItem_next_open(gReadyList, gTaskItem_0); + } + @*/ + pxTaskItem = pxTaskItem->pxNext; + + //@ struct xLIST_ITEM* gTaskItem_1 = pxTaskItem; + + //@ assert( mem(gTaskItem_1, gCells) == true ); + + + + // ignore post condition until closing lemmas are finished + //@ assume(false); +} + + + +#endif /* SCP_LIST_PREDICATES_EXTENDED_H */ \ No newline at end of file From 5e2f51caa89b5612111516669576fcdadd3bbd8f Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 22 Nov 2022 13:26:26 -0500 Subject: [PATCH 147/289] Reformatted lemma proofs to improve readability. --- .../scp_list_predicates_extended.h | 187 +++++++++--------- 1 file changed, 94 insertions(+), 93 deletions(-) diff --git a/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h b/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h index 65c34f3794c..6c8b3c488d4 100644 --- a/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h +++ b/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h @@ -4,135 +4,136 @@ #include "single_core_proofs/scp_list_predicates.h" /*@ -lemma void DLS_end_next_open(struct xLIST* gReadyList, struct xLIST_ITEM* gTaskItem_0) +lemma void DLS_end_next_open(struct xLIST* pxList, struct xLIST_ITEM* pxItem) requires - DLS(?gListEnd, ?gEndPrev2, gListEnd, gEndPrev2, ?gCells, ?gVals, gReadyList) &*& - mem(gTaskItem_0, gCells) == true &*& - gListEnd == head(gCells) &*& + DLS(?gEnd, ?gEndPrev, gEnd, gEndPrev, ?gCells, ?gVals, pxList) &*& + mem(pxItem, gCells) == true &*& + gEnd == head(gCells) &*& length(gCells) == length(gVals) &*& length(gCells) > 1 &*& - gTaskItem_0 == gListEnd; -ensures xLIST_ITEM(gListEnd, ?gV, ?gNext, gEndPrev2, gReadyList) &*& - DLS(gNext, gListEnd, gListEnd, gEndPrev2, drop(1, gCells), drop(1, gVals), gReadyList ) &*& - mem(gNext, gCells) == true; + pxItem == gEnd; +ensures + xLIST_ITEM(gEnd, ?gItemVal, ?gItem_next, gEndPrev, pxList) &*& + DLS(gItem_next, gEnd, gEnd, gEndPrev, drop(1, gCells), drop(1, gVals), pxList ) &*& + mem(gItem_next, gCells) == true; { - open DLS(gListEnd, gEndPrev2, gListEnd, gEndPrev2, - gCells, gVals, gReadyList); + open DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, pxList); // open DLS and xLIST_ITEM predicates to justify - // accessing `gTaskItem_0->pxNext` - assert( xLIST_ITEM(gListEnd, ?gV, ?gNext, gEndPrev2, gReadyList) ); - open xLIST_ITEM(gListEnd, gV, gNext, gEndPrev2, gReadyList); - assert( DLS(gNext, gListEnd, gListEnd, gEndPrev2, drop(1, gCells), drop(1, gVals), gReadyList ) ); - open DLS(gNext, gListEnd, gListEnd, gEndPrev2, drop(1, gCells), drop(1, gVals), gReadyList ); + // accessing `pxItem->pxNext` + assert( xLIST_ITEM(gEnd, ?gItemVal, ?gItem_next, gEndPrev, pxList) ); + open xLIST_ITEM(gEnd, gItemVal, gItem_next, gEndPrev, pxList); + assert( DLS(gItem_next, gEnd, gEnd, gEndPrev, + drop(1, gCells), drop(1, gVals), pxList ) ); + open DLS(gItem_next, gEnd, gEnd, gEndPrev, + drop(1, gCells), drop(1, gVals), pxList ); // open DLS and xLIST_ITEM predicates to prove - // `mem( gTaskItem_0->pxNext, gCells) == true )` - // which requires accessing `gTaskItem_0->pxNext` - assert( xLIST_ITEM(gNext, ?gV_next, ?gNextNext, gListEnd, gReadyList) ); - open xLIST_ITEM(gNext, gV_next, gNextNext, gListEnd, gReadyList); - assert( mem(gTaskItem_0->pxNext, gCells) == true ); - close xLIST_ITEM(gNext, gV_next, gNextNext, gListEnd, gReadyList); + // `mem( pxItem->pxNext, gCells) == true )` + // which requires accessing `pxItem->pxNext` + assert( xLIST_ITEM(gItem_next, ?gItem_nextVal, ?gItem_nextNext, gEnd, pxList) ); + open xLIST_ITEM(gItem_next, gItem_nextVal, gItem_nextNext, gEnd, pxList); + assert( mem(pxItem->pxNext, gCells) == true ); + close xLIST_ITEM(gItem_next, gItem_nextVal, gItem_nextNext, gEnd, pxList); // closing what we opened above - close DLS(gNext, gListEnd, gListEnd, gEndPrev2, drop(1, gCells), drop(1, gVals), gReadyList ); - close xLIST_ITEM(gListEnd, gV, gNext, gEndPrev2, gReadyList); + close DLS(gItem_next, gEnd, gEnd, gEndPrev, + drop(1, gCells), drop(1, gVals), pxList ); + close xLIST_ITEM(gEnd, gItemVal, gItem_next, gEndPrev, pxList); } -lemma void DLS_nonEndItem_next_open(struct xLIST* gReadyList, struct xLIST_ITEM* gTaskItem_0) +lemma void DLS_nonEndItem_next_open(struct xLIST* pxList, struct xLIST_ITEM* pxItem) requires - DLS(?gListEnd, ?gEndPrev2, gListEnd, gEndPrev2, ?gCells, ?gVals, gReadyList) &*& - mem(gTaskItem_0, gCells) == true &*& - gListEnd == head(gCells) &*& + DLS(?gEnd, ?gEndPrev, gEnd, gEndPrev, ?gCells, ?gVals, pxList) &*& + mem(pxItem, gCells) == true &*& + gEnd == head(gCells) &*& length(gCells) == length(gVals) &*& length(gCells) > 1 &*& - gTaskItem_0 != gListEnd; + pxItem != gEnd; ensures // DLS prefix - DLS(gListEnd, gEndPrev2, gTaskItem_0, ?gTaskItem_0_prev, - take(index_of(gTaskItem_0, gCells), gCells), - take(index_of(gTaskItem_0, gCells), gVals), - gReadyList) + DLS(gEnd, gEndPrev, pxItem, ?pxItem_prev, + take(index_of(pxItem, gCells), gCells), + take(index_of(pxItem, gCells), gVals), + pxList) &*& // item of interest - xLIST_ITEM(gTaskItem_0, ?gV, ?gTaskItem_0_next, gTaskItem_0_prev, gReadyList) + xLIST_ITEM(pxItem, ?gItemVal, ?pxItem_next, pxItem_prev, pxList) &*& // DLS suffix - (gTaskItem_0 != gEndPrev2 - ? DLS(gTaskItem_0_next, gTaskItem_0, gListEnd, gEndPrev2, - drop(1, drop(index_of(gTaskItem_0, gCells), gCells)), - drop(1, drop(index_of(gTaskItem_0, gCells), gVals)), - gReadyList) + (pxItem != gEndPrev + ? DLS(pxItem_next, pxItem, gEnd, gEndPrev, + drop(1, drop(index_of(pxItem, gCells), gCells)), + drop(1, drop(index_of(pxItem, gCells), gVals)), + pxList) : true ) &*& - mem(gTaskItem_0_next, gCells) == true; + mem(pxItem_next, gCells) == true; { - int gTaskItemIndex_0 = index_of(gTaskItem_0, gCells); + int pxItemIndex_0 = index_of(pxItem, gCells); // open DLS and xLIST_ITEM predicates to justify - // accessing `gTaskItem_0->pxNext` - split(gListEnd, gEndPrev2, gListEnd, gEndPrev2, - gCells, gVals, gTaskItem_0, gTaskItemIndex_0); + // accessing `pxItem->pxNext` + split(gEnd, gEndPrev, gEnd, gEndPrev, + gCells, gVals, pxItem, pxItemIndex_0); // DLS prefix - assert( DLS(gListEnd, gEndPrev2, gTaskItem_0, ?gTaskItem_0_prev, - take(gTaskItemIndex_0, gCells), take(gTaskItemIndex_0, gVals), - gReadyList) ); + assert( DLS(gEnd, gEndPrev, pxItem, ?pxItem_prev, + take(pxItemIndex_0, gCells), take(pxItemIndex_0, gVals), + pxList) ); // DLS suffix - assert( DLS(gTaskItem_0, gTaskItem_0_prev, gListEnd, gEndPrev2, - drop(gTaskItemIndex_0, gCells), drop(gTaskItemIndex_0, gVals), - gReadyList) ); - open DLS(gTaskItem_0, gTaskItem_0_prev, gListEnd, gEndPrev2, - drop(gTaskItemIndex_0, gCells), drop(gTaskItemIndex_0, gVals), - gReadyList); - assert( xLIST_ITEM(gTaskItem_0, ?gV, ?gTaskItem_0_next, gTaskItem_0_prev, gReadyList) ); + assert( DLS(pxItem, pxItem_prev, gEnd, gEndPrev, + drop(pxItemIndex_0, gCells), drop(pxItemIndex_0, gVals), + pxList) ); + open DLS(pxItem, pxItem_prev, gEnd, gEndPrev, + drop(pxItemIndex_0, gCells), drop(pxItemIndex_0, gVals), + pxList); + assert( xLIST_ITEM(pxItem, ?gItemVal, ?pxItem_next, pxItem_prev, pxList) ); // open DLS and xLIST_ITEM predicates to prove - // `mem( gTaskItem_0->pxNext, gCells) == true )` - // which requires accessing `gTaskItem_0->pxNext` - if(gTaskItem_0 == gEndPrev2) { - // `gTaskItem_0` is last element in DLS suffix - // -> `gTaskItem_0_next` is head fo DLS prefix + // `mem( pxItem->pxNext, gCells) == true )` + // which requires accessing `pxItem->pxNext` + if(pxItem == gEndPrev) { + // `pxItem` is last element in DLS suffix + // -> `pxItem_next` is head fo DLS prefix // open DLS prefix - open xLIST_ITEM(gTaskItem_0, gV, gTaskItem_0_next, gTaskItem_0_prev, gReadyList); + open xLIST_ITEM(pxItem, gItemVal, pxItem_next, pxItem_prev, pxList); assert( gCells == cons(_, _) ); - assert( mem(gTaskItem_0->pxNext, gCells) == true ); + assert( mem(pxItem->pxNext, gCells) == true ); // close item of interest - close xLIST_ITEM(gTaskItem_0, gV, gTaskItem_0_next, gTaskItem_0_prev, gReadyList); + close xLIST_ITEM(pxItem, gItemVal, pxItem_next, pxItem_prev, pxList); } else { - // `gTaskItem_0` is not end of DLS suffix - // -> `gTaskItem_0_next` is also in DLS suffix + // `pxItem` is not end of DLS suffix + // -> `pxItem_next` is also in DLS suffix // open DLS suffix one step further // rest of DLS suffix - assert( DLS(gTaskItem_0_next, gTaskItem_0, gListEnd, gEndPrev2, - drop(1, drop(gTaskItemIndex_0, gCells)), drop(1, drop(gTaskItemIndex_0, gVals)), //drop(gTaskItemIndex_0 + 1, gCells), drop(gTaskItemIndex_0 + 1, gVals), - gReadyList) ); - open DLS(gTaskItem_0_next, gTaskItem_0, gListEnd, gEndPrev2, - drop(1, drop(gTaskItemIndex_0, gCells)), drop(1, drop(gTaskItemIndex_0, gVals)), - gReadyList); - assert( xLIST_ITEM(gTaskItem_0_next, ?gNextVal, ?gTaskItem_0_next_next, gTaskItem_0, gReadyList) ); - open xLIST_ITEM(gTaskItem_0, gV, gTaskItem_0_next, gTaskItem_0_prev, gReadyList); - assert( gTaskItem_0_next == gTaskItem_0->pxNext ); - assert( mem(gTaskItem_0_next, drop(1, drop(gTaskItemIndex_0, gCells))) == true ); - //assert( gCells == cons(_, drop(1, drop(gTaskItemIndex_0, gCells)) ); - assert( mem(gTaskItem_0_next, drop(gTaskItemIndex_0, gCells)) == true ); - mem_suffix_implies_mem(gTaskItem_0_next, gCells, gTaskItemIndex_0); - assert( mem(gTaskItem_0_next, gCells) == true ); - assert( mem(gTaskItem_0->pxNext, gCells) == true ); + assert( DLS(pxItem_next, pxItem, gEnd, gEndPrev, + drop(1, drop(pxItemIndex_0, gCells)), + drop(1, drop(pxItemIndex_0, gVals)), + pxList) ); + open DLS(pxItem_next, pxItem, gEnd, gEndPrev, + drop(1, drop(pxItemIndex_0, gCells)), + drop(1, drop(pxItemIndex_0, gVals)), + pxList); + assert( xLIST_ITEM(pxItem_next, ?gItem_nextVal, ?pxItem_next_next, pxItem, pxList) ); + open xLIST_ITEM(pxItem, gItemVal, pxItem_next, pxItem_prev, pxList); + mem_suffix_implies_mem(pxItem_next, gCells, pxItemIndex_0); + assert( mem(pxItem->pxNext, gCells) == true ); // close rest of DLS suffix - close xLIST_ITEM(gTaskItem_0_next, gNextVal, gTaskItem_0_next_next, gTaskItem_0, gReadyList); - close DLS(gTaskItem_0_next, gTaskItem_0, gListEnd, gEndPrev2, - drop(1, drop(gTaskItemIndex_0, gCells)), drop(1, drop(gTaskItemIndex_0, gVals)), - gReadyList); + close xLIST_ITEM(pxItem_next, gItem_nextVal, pxItem_next_next, pxItem, pxList); + close DLS(pxItem_next, pxItem, gEnd, gEndPrev, + drop(1, drop(pxItemIndex_0, gCells)), + drop(1, drop(pxItemIndex_0, gVals)), + pxList); // close item of interest - close xLIST_ITEM(gTaskItem_0, gV, gTaskItem_0_next, gTaskItem_0_prev, gReadyList); + close xLIST_ITEM(pxItem, gItemVal, pxItem_next, pxItem_prev, pxList); } } @*/ @@ -142,32 +143,32 @@ ensures // DLS prefix */ void lemma_validation__DLS_item_next(struct xLIST_ITEM* pxTaskItem) /*@ requires - DLS(?gListEnd, ?gEndPrev2, gListEnd, gEndPrev2, ?gCells, ?gVals, ?gReadyList) &*& + DLS(?gEnd, ?gEndPrev, gEnd, gEndPrev, ?gCells, ?gVals, ?pxList) &*& mem(pxTaskItem, gCells) == true &*& - gListEnd == head(gCells) &*& + gEnd == head(gCells) &*& length(gCells) == length(gVals) &*& length(gCells) > 1; @*/ /*@ ensures - DLS(gListEnd, gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gReadyList) &*& + DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, pxList) &*& mem(pxTaskItem, gCells) == true; @*/ { - //@ int gTaskItemIndex_0 = index_of(pxTaskItem, gCells); - //@ struct xLIST_ITEM* gTaskItem_0 = pxTaskItem; + //@ int pxItemIndex_0 = index_of(pxTaskItem, gCells); + //@ struct xLIST_ITEM* pxItem = pxTaskItem; /*@ - if( gTaskItem_0 == gListEnd ) { - DLS_end_next_open(gReadyList, gTaskItem_0); + if( pxItem == gEnd ) { + DLS_end_next_open(pxList, pxItem); } else { - DLS_nonEndItem_next_open(gReadyList, gTaskItem_0); + DLS_nonEndItem_next_open(pxList, pxItem); } @*/ pxTaskItem = pxTaskItem->pxNext; - //@ struct xLIST_ITEM* gTaskItem_1 = pxTaskItem; + //@ struct xLIST_ITEM* pxItem_1 = pxTaskItem; - //@ assert( mem(gTaskItem_1, gCells) == true ); + //@ assert( mem(pxItem_1, gCells) == true ); From 9e3ea9016e01f46e2b04440378833f31339b8e06 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 23 Nov 2022 08:31:07 -0500 Subject: [PATCH 148/289] Added lemma `DLS_end_next_close` to help closing DLS opened with `DLS_end_next_open` --- .../scp_list_predicates_extended.h | 63 +++++++++++++++---- .../verifast/proof/verifast_lists_extended.h | 26 ++++++++ 2 files changed, 78 insertions(+), 11 deletions(-) diff --git a/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h b/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h index 6c8b3c488d4..c09234dfb55 100644 --- a/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h +++ b/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h @@ -14,7 +14,7 @@ requires &*& pxItem == gEnd; ensures - xLIST_ITEM(gEnd, ?gItemVal, ?gItem_next, gEndPrev, pxList) &*& + xLIST_ITEM(gEnd, head(gVals), ?gItem_next, gEndPrev, pxList) &*& DLS(gItem_next, gEnd, gEnd, gEndPrev, drop(1, gCells), drop(1, gVals), pxList ) &*& mem(gItem_next, gCells) == true; { @@ -43,6 +43,28 @@ ensures } +lemma void DLS_end_next_close(struct xLIST* pxList, struct xLIST_ITEM* pxItem) +requires + xLIST_ITEM(?gEnd, ?gItemVal, ?gItem_next, ?gEndPrev, pxList) &*& + DLS(gItem_next, gEnd, gEnd, gEndPrev, ?gCells, ?gVals, pxList) &*& +// mem(gItem_next, gCells) == true &*& + length(gCells) == length(gVals) &*& + length(gCells) > 0 &*& + pxItem == gEnd; +ensures + DLS(gEnd, gEndPrev, gEnd, gEndPrev, + cons(gEnd, gCells), cons(gItemVal, gVals), pxList); +{ + open DLS(gItem_next, gEnd, gEnd, gEndPrev, gCells, gVals, pxList); + close DLS(gItem_next, gEnd, gEnd, gEndPrev, gCells, gVals, pxList); + dls_star_item(gItem_next, gEndPrev, gEnd); + dls_distinct(gItem_next, gEnd, gEnd, gEndPrev, gCells); + dls_last_mem(gItem_next, gEnd, gEnd, gEndPrev, gCells); + close DLS(gEnd, gEndPrev, gEnd, gEndPrev, + cons(gEnd, gCells), cons(gItemVal, gVals), pxList); +} + + lemma void DLS_nonEndItem_next_open(struct xLIST* pxList, struct xLIST_ITEM* pxItem) requires DLS(?gEnd, ?gEndPrev, gEnd, gEndPrev, ?gCells, ?gVals, pxList) &*& @@ -59,7 +81,8 @@ ensures // DLS prefix pxList) &*& // item of interest - xLIST_ITEM(pxItem, ?gItemVal, ?pxItem_next, pxItem_prev, pxList) + xLIST_ITEM(pxItem, nth(index_of(pxItem, gCells), gVals), + ?pxItem_next, pxItem_prev, pxList) &*& // DLS suffix (pxItem != gEndPrev @@ -91,6 +114,9 @@ ensures // DLS prefix drop(pxItemIndex_0, gCells), drop(pxItemIndex_0, gVals), pxList); assert( xLIST_ITEM(pxItem, ?gItemVal, ?pxItem_next, pxItem_prev, pxList) ); + assert( gItemVal == head(drop(pxItemIndex_0, gVals)) ); + head_drop_n_equals_nths(gVals, pxItemIndex_0); + assert( gItemVal == nth(index_of(pxItem, gCells), gVals) ); // open DLS and xLIST_ITEM predicates to prove @@ -143,25 +169,24 @@ ensures // DLS prefix */ void lemma_validation__DLS_item_next(struct xLIST_ITEM* pxTaskItem) /*@ requires - DLS(?gEnd, ?gEndPrev, gEnd, gEndPrev, ?gCells, ?gVals, ?pxList) &*& + DLS(?gEnd, ?gEndPrev, gEnd, gEndPrev, ?gCells, ?gVals, ?gList) &*& mem(pxTaskItem, gCells) == true &*& gEnd == head(gCells) &*& length(gCells) == length(gVals) &*& length(gCells) > 1; @*/ /*@ ensures - DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, pxList) &*& + DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gList) &*& mem(pxTaskItem, gCells) == true; @*/ { - //@ int pxItemIndex_0 = index_of(pxTaskItem, gCells); - //@ struct xLIST_ITEM* pxItem = pxTaskItem; + //@ struct xLIST_ITEM* gTaskItem_0 = pxTaskItem; /*@ - if( pxItem == gEnd ) { - DLS_end_next_open(pxList, pxItem); + if( gTaskItem_0 == gEnd ) { + DLS_end_next_open(gList, gTaskItem_0); } else { - DLS_nonEndItem_next_open(pxList, pxItem); + DLS_nonEndItem_next_open(gList, gTaskItem_0); } @*/ pxTaskItem = pxTaskItem->pxNext; @@ -170,10 +195,26 @@ void lemma_validation__DLS_item_next(struct xLIST_ITEM* pxTaskItem) //@ assert( mem(pxItem_1, gCells) == true ); + //@ close xLIST_ITEM(gTaskItem_0, ?gTaskItemVal, _, _, gList); + /*@ + if( gTaskItem_0 == gEnd ) { + DLS_end_next_close(gList, gTaskItem_0); + assert( DLS(gEnd, gEndPrev, gEnd, gEndPrev, ?gCells2, ?gVals2, gList) ); + + // why is this necessary? + assert( gCells == cons( _, _) ); + assert( gVals == cons(_, _) ); + // gVals2 == cons (|(intbox) | (|(int) | (head gVals) + assert( DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, _, gList) ); + assert( DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gList) ); + } else { + assume(false); + //DLS_nonEndItem_next_close(gList, gTaskItem_0); + } + @*/ - // ignore post condition until closing lemmas are finished - //@ assume(false); +;; } diff --git a/verification/verifast/proof/verifast_lists_extended.h b/verification/verifast/proof/verifast_lists_extended.h index 08f1f1c46c9..4d019ab5492 100644 --- a/verification/verifast/proof/verifast_lists_extended.h +++ b/verification/verifast/proof/verifast_lists_extended.h @@ -12,4 +12,30 @@ requires mem(x, drop(i, xs)) == true; ensures mem(x, xs) == true; @*/ + +// TODO: prove +/*@ +lemma void head_drop_n_equals_nths(list xs, int n) +requires n >= 0; +ensures head(drop(n, xs)) == nth(n, xs); +{ + // Will prove later. For now, we only validate with an example. + + list _xs = cons(1, cons(2, cons(3, cons(4, cons(5, cons(6, cons(7, nil))))))); + int _n = 4; + + list dn = drop(_n, _xs); + int hdn = head(dn); + int nthn = nth(_n, _xs); + + assert( hdn == head(drop(_n, _xs)) ); + assert( nthn == nth(_n, _xs )); + assert( head(drop(_n, _xs)) == nth(_n, _xs) ); + + + // ADMIT LEMMA, PROVE LATER + assume(false); +} +@*/ + #endif /* VERIFAST_LISTS_EXTENDED_H */ \ No newline at end of file From be9de4d5704a4355065659e126e2f90bfc7f2cee Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 23 Nov 2022 11:28:27 -0500 Subject: [PATCH 149/289] Added lemma `DLS_nonEndItem_next_close` to help closing DLS opened with `DLS_nonEndItem_next_open`. --- .../scp_list_predicates_extended.h | 135 ++++++++++++++---- .../verifast/proof/verifast_lists_extended.h | 55 +++++++ 2 files changed, 160 insertions(+), 30 deletions(-) diff --git a/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h b/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h index c09234dfb55..020f55e0538 100644 --- a/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h +++ b/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h @@ -74,26 +74,29 @@ requires length(gCells) > 1 &*& pxItem != gEnd; -ensures // DLS prefix - DLS(gEnd, gEndPrev, pxItem, ?pxItem_prev, - take(index_of(pxItem, gCells), gCells), - take(index_of(pxItem, gCells), gVals), - pxList) - &*& - // item of interest - xLIST_ITEM(pxItem, nth(index_of(pxItem, gCells), gVals), - ?pxItem_next, pxItem_prev, pxList) - &*& - // DLS suffix - (pxItem != gEndPrev - ? DLS(pxItem_next, pxItem, gEnd, gEndPrev, - drop(1, drop(index_of(pxItem, gCells), gCells)), - drop(1, drop(index_of(pxItem, gCells), gVals)), - pxList) - : true - ) - &*& - mem(pxItem_next, gCells) == true; +ensures + // DLS prefix + DLS(gEnd, gEndPrev, pxItem, ?pxItem_prev, + take(index_of(pxItem, gCells), gCells), + take(index_of(pxItem, gCells), gVals), + pxList) + &*& + // item of interest + xLIST_ITEM(pxItem, ?gItemVal, ?pxItem_next, pxItem_prev, pxList) &*& + gItemVal == nth(index_of(pxItem, gCells), gVals) + &*& + // DLS suffix + (pxItem != gEndPrev + ? DLS(pxItem_next, pxItem, gEnd, gEndPrev, + drop(1, drop(index_of(pxItem, gCells), gCells)), + drop(1, drop(index_of(pxItem, gCells), gVals)), + pxList) + : (pxItem_next == gEnd &*& + index_of(pxItem, gCells) == length(gCells) - 1 + ) + ) + &*& + mem(pxItem_next, gCells) == true; { int pxItemIndex_0 = index_of(pxItem, gCells); @@ -123,6 +126,10 @@ ensures // DLS prefix // `mem( pxItem->pxNext, gCells) == true )` // which requires accessing `pxItem->pxNext` if(pxItem == gEndPrev) { + assert( drop(pxItemIndex_0, gCells) == cons(pxItem, nil) ); + drop_index_equals_singleton_implies_last_element(gCells, pxItem); + assert( pxItemIndex_0 == length(gCells) - 1 ); + // `pxItem` is last element in DLS suffix // -> `pxItem_next` is head fo DLS prefix // open DLS prefix @@ -162,6 +169,79 @@ ensures // DLS prefix close xLIST_ITEM(pxItem, gItemVal, pxItem_next, pxItem_prev, pxList); } } + + +lemma void DLS_nonEndItem_next_close(struct xLIST* pxList, struct xLIST_ITEM* pxItem, + list gCells, + list gVals) +requires + length(gCells) == length(gVals) &*& + length(gCells) > 1 + &*& + // DLS prefix + DLS(?gEnd, ?gEndPrev, pxItem, ?gItem_prev, ?gCellsPrefix, ?gValsPrefix, + pxList) + &*& + mem(pxItem, gCells) == true &*& + gCellsPrefix == take(index_of(pxItem, gCells), gCells) &*& + gValsPrefix == take(index_of(pxItem, gCells), gVals) + &*& + // item of interest + pxItem != gEnd &*& + xLIST_ITEM(pxItem, ?gItemVal, ?gItem_next, gItem_prev, pxList) &*& + mem(gItemVal, gVals) == true &*& + gItemVal == nth(index_of(pxItem, gCells), gVals) + &*& + // DLS suffix + (pxItem != gEndPrev + ? DLS(gItem_next, pxItem, gEnd, gEndPrev, + drop(1, drop(index_of(pxItem, gCells), gCells)), + drop(1, drop(index_of(pxItem, gCells), gVals)), + pxList) + : (gItem_next == gEnd &*& + index_of(pxItem, gCells) == length(gCells) - 1 + ) + ) + &*& + mem(gItem_next, gCells) == true; +ensures + DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, pxList); +{ + int gItemIndex = index_of(pxItem, gCells); + head_drop_n_equals_nths(gCells, gItemIndex); + head_drop_n_equals_nths(gVals, gItemIndex); + + if( pxItem != gEndPrev ) { + assert( drop(gItemIndex, gVals) == cons(_, _) ); + assert( xLIST_ITEM(pxItem, ?gV, _, gItem_prev, pxList) ); + nth_index(gCells, pxItem); + close DLS(pxItem, gItem_prev, gEnd, gEndPrev, + drop(gItemIndex, gCells), drop(gItemIndex, gVals), + pxList); + join(gEnd, gEndPrev, pxItem, gItem_prev, gCellsPrefix, gValsPrefix, + pxItem, gItem_prev, gEnd, gEndPrev, drop(gItemIndex, gCells), drop(gItemIndex, gVals)); + } else { + assert( xLIST_ITEM(pxItem, ?gV, ?gNext, gItem_prev, pxList) ); + assert( xLIST_ITEM(pxItem, gV, gEnd, gItem_prev, pxList) ); + close DLS(pxItem, gItem_prev, gEnd, gEndPrev, cons(pxItem, nil), cons(gItemVal, nil), pxList); + join(gEnd, gEndPrev, pxItem, gItem_prev, gCellsPrefix, gValsPrefix, + pxItem, gItem_prev, gEnd, gEndPrev, cons(pxItem, nil), cons(gItemVal, nil)); + assert( DLS(gEnd, gEndPrev, gEnd, gEndPrev, ?gCellsRes, ?gValsRes, pxList)); + + assert( gCellsPrefix == take(index_of(pxItem, gCells), gCells) ); + assert( gValsPrefix == take(index_of(pxItem, gCells), gVals) ); + assert( gCellsRes == append(gCellsPrefix, cons(pxItem, nil)) ); + assert( gValsRes == append(gValsPrefix, cons(gItemVal, nil)) ); + + + drop_cons(gCells, index_of(pxItem, gCells)); + drop_cons(gVals, index_of(pxItem, gCells)); + nth_index(gCells, pxItem); + + assert( gCellsRes == gCells ); + assert( gValsRes == gVals ); + } +} @*/ /* By verifying the following function, we can validate that the above lemmas @@ -189,12 +269,12 @@ void lemma_validation__DLS_item_next(struct xLIST_ITEM* pxTaskItem) DLS_nonEndItem_next_open(gList, gTaskItem_0); } @*/ - pxTaskItem = pxTaskItem->pxNext; + + pxTaskItem = pxTaskItem->pxNext; //@ struct xLIST_ITEM* pxItem_1 = pxTaskItem; - //@ assert( mem(pxItem_1, gCells) == true ); - + //@ close xLIST_ITEM(gTaskItem_0, ?gTaskItemVal, _, _, gList); /*@ if( gTaskItem_0 == gEnd ) { @@ -204,17 +284,12 @@ void lemma_validation__DLS_item_next(struct xLIST_ITEM* pxTaskItem) // why is this necessary? assert( gCells == cons( _, _) ); assert( gVals == cons(_, _) ); - - // gVals2 == cons (|(intbox) | (|(int) | (head gVals) - assert( DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, _, gList) ); - assert( DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gList) ); } else { - assume(false); - //DLS_nonEndItem_next_close(gList, gTaskItem_0); + DLS_nonEndItem_next_close(gList, gTaskItem_0, gCells, gVals); } @*/ -;; + //@ assert( mem(pxItem_1, gCells) == true ); } diff --git a/verification/verifast/proof/verifast_lists_extended.h b/verification/verifast/proof/verifast_lists_extended.h index 4d019ab5492..adf29a0f044 100644 --- a/verification/verifast/proof/verifast_lists_extended.h +++ b/verification/verifast/proof/verifast_lists_extended.h @@ -33,6 +33,61 @@ ensures head(drop(n, xs)) == nth(n, xs); assert( head(drop(_n, _xs)) == nth(_n, _xs) ); + // ADMIT LEMMA, PROVE LATER + assume(false); +} + +// TODO: prove +lemma void drop_index_equals_singleton_implies_last_element(list xs, t x) +requires drop(index_of(x, xs), xs) == cons(x, nil); +ensures index_of(x, xs) == length(xs) - 1; +{ + // Will prove later. For now, we only validate with an example. + list _xs = cons(1, cons(2, cons(3, cons(4, cons(5, cons(6, cons(7, nil))))))); + int _x = 7; + + int i = index_of(_x, _xs); + list d = drop(index_of(x, xs), _xs); + + assert( index_of(_x, _xs) == length(_xs) - 1 ); + + // ADMIT LEMMA, PROVE LATER + assume(false); +} + +// TODO: prove +lemma void drop_cons(list xs, int n) +requires n < length(xs); +ensures drop(n, xs) == cons(nth(n, xs), drop(n+1, xs)); +{ + // Will prove later. For now, we only validate with an example. + list _xs = cons(1, cons(2, cons(3, cons(4, cons(5, cons(6, cons(7, nil))))))); + int _n = 3; + + list dn = drop(_n, _xs); + int nthn = nth(_n, _xs); + list dnp1 = drop(_n + 1, _xs); + + assert( drop(_n, _xs) == cons(nth(_n, _xs), drop(_n+1, _xs)) ); + + // ADMIT LEMMA, PROVE LATER + assume(false); +} + +// TODO: prove +lemma void nth_index(list xs, t x) +requires mem(x, xs) == true; +ensures nth(index_of(x, xs), xs) == x; +{ + // Will prove later. For now, we only validate with an example. + list _xs = cons(1, cons(2, cons(3, cons(4, cons(5, cons(6, cons(7, nil))))))); + int _x = 4; + + int i = index_of(_x, _xs); + int nthi = nth(index_of(_x, _xs), _xs); + + assert( nth(index_of(_x, _xs), _xs) == _x ); + // ADMIT LEMMA, PROVE LATER assume(false); } From f44473b47c641a2e996ae76dc71d0801bd9e6e50 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 23 Nov 2022 11:34:47 -0500 Subject: [PATCH 150/289] Applied closing lemmas. --- tasks.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tasks.c b/tasks.c index 9c9b67cb5f0..fe8e26156f3 100644 --- a/tasks.c +++ b/tasks.c @@ -1113,6 +1113,18 @@ static void prvYieldForTask( TCB_t * pxTCB, //@ struct xLIST_ITEM* gTaskItem_1 = pxTaskItem; //@ assert( mem(gTaskItem_1, gCells) == true ); + //@ close xLIST_ITEM(gTaskItem_0, _, _, _, gReadyList); + + /*@ + if( gTaskItem_0 == gListEnd ) { + DLS_end_next_close(gReadyList, gTaskItem_0); + } else { + DLS_nonEndItem_next_close(gReadyList, gTaskItem_0, gCells, gVals); + } + @*/ + // unifying ghost branches + //@ assert( DLS(gListEnd, gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gReadyList) ); + //@ assume(false); if( ( void * ) pxTaskItem == ( void * ) &( pxReadyList->xListEnd ) ) From 9d1b47c5e5be50afee641223b5a0ecbe76612de1 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 23 Nov 2022 13:53:10 -0500 Subject: [PATCH 151/289] Added lemmas to simplify opening and closing DLS for cases of the form `pxTask->pxNext` --- tasks.c | 36 ++---- .../scp_list_predicates_extended.h | 120 +++++++++++++++++- 2 files changed, 130 insertions(+), 26 deletions(-) diff --git a/tasks.c b/tasks.c index fe8e26156f3..d397bb9de43 100644 --- a/tasks.c +++ b/tasks.c @@ -1096,17 +1096,8 @@ static void prvYieldForTask( TCB_t * pxTCB, * - Prove `mem(gTaskItem_3, gCells) == true` */ - //@ assert( pxTaskItem == gTaskItem_0 ); - /* Open DLS predicate to justify accessing `gTaskItem_0->pxNext`. - * Note: Case distinction required by `split` lemma. - */ - /*@ - if( gTaskItem_0 == gListEnd ) { - DLS_end_next_open(gReadyList, gTaskItem_0); - } else { - DLS_nonEndItem_next_open(gReadyList, gTaskItem_0); - } - @*/ + + //@ DLS_next_open(gReadyList, gTaskItem_0); pxTaskItem = pxTaskItem->pxNext; //@ int gTaskItemIndex_1 = index_of(pxTaskItem, gCells); @@ -1115,33 +1106,32 @@ static void prvYieldForTask( TCB_t * pxTCB, //@ assert( mem(gTaskItem_1, gCells) == true ); //@ close xLIST_ITEM(gTaskItem_0, _, _, _, gReadyList); - /*@ - if( gTaskItem_0 == gListEnd ) { - DLS_end_next_close(gReadyList, gTaskItem_0); - } else { - DLS_nonEndItem_next_close(gReadyList, gTaskItem_0, gCells, gVals); - } - @*/ - // unifying ghost branches - //@ assert( DLS(gListEnd, gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gReadyList) ); + //@ DLS_next_close(gReadyList, gTaskItem_0, gCells, gVals, gListEnd, gEndPrev2); + - //@ assume(false); if( ( void * ) pxTaskItem == ( void * ) &( pxReadyList->xListEnd ) ) { //@ assert( pxTaskItem == gTaskItem_1 ); + //@ DLS_next_open(gReadyList, gTaskItem_1); + pxTaskItem = pxTaskItem->pxNext; //@ int gTaskItemIndex_2 = index_of(pxTaskItem, gCells); //@ struct xLIST_ITEM* gTaskItem_2 = pxTaskItem; + + //@ close xLIST_ITEM(gTaskItem_1, _, _, _, gReadyList); + //@ DLS_next_close(gReadyList, gTaskItem_1, gCells, gVals, gListEnd, gEndPrev2); } //@ int gTaskItemIndex_3 = index_of(pxTaskItem, gCells); //@ struct xLIST_ITEM* gTaskItem_3 = pxTaskItem; - + + //@ assert( DLS(gListEnd, gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gReadyList) ); + //@ assert( mem(gTaskItem_3, gCells) == true ); // TODO: Remove -// Ensure that we coveredd all cases until this point +// Ensure that we covered all cases until this point //@ assume(false); pxTCB = pxTaskItem->pvOwner; diff --git a/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h b/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h index 020f55e0538..75256144639 100644 --- a/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h +++ b/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h @@ -242,6 +242,116 @@ ensures assert( gValsRes == gVals ); } } + + +lemma void DLS_next_open(struct xLIST* pxList, struct xLIST_ITEM* pxItem) +requires + DLS(?gEnd, ?gEndPrev, gEnd, gEndPrev, ?gCells, ?gVals, pxList) &*& + mem(pxItem, gCells) == true &*& + gEnd == head(gCells) &*& + length(gCells) == length(gVals) &*& + length(gCells) > 1; +ensures + pxItem == gEnd + ? ( + xLIST_ITEM(gEnd, head(gVals), ?gItem_next, gEndPrev, pxList) &*& + DLS(gItem_next, gEnd, gEnd, gEndPrev, drop(1, gCells), drop(1, gVals), pxList ) &*& + mem(gItem_next, gCells) == true + ) + : ( + // DLS prefix + DLS(gEnd, gEndPrev, pxItem, ?gItem_prev, + take(index_of(pxItem, gCells), gCells), + take(index_of(pxItem, gCells), gVals), + pxList) + &*& + // item of interest + xLIST_ITEM(pxItem, ?gItemVal, ?pxItem_next, gItem_prev, pxList) &*& + gItemVal == nth(index_of(pxItem, gCells), gVals) + &*& + // DLS suffix + (pxItem != gEndPrev + ? DLS(pxItem_next, pxItem, gEnd, gEndPrev, + drop(1, drop(index_of(pxItem, gCells), gCells)), + drop(1, drop(index_of(pxItem, gCells), gVals)), + pxList) + : (pxItem_next == gEnd &*& + index_of(pxItem, gCells) == length(gCells) - 1 + ) + ) + &*& + mem(pxItem_next, gCells) == true + ); +{ + if( pxItem == gEnd ) { + DLS_end_next_open(pxList, pxItem); + } else { + DLS_nonEndItem_next_open(pxList, pxItem); + } +} + + +lemma void DLS_next_close(struct xLIST* pxList, struct xLIST_ITEM* pxItem, + list gCells, + list gVals, + struct xLIST_ITEM* gEnd, + struct xLIST_ITEM* gEndPrev) +requires + head(gCells) == gEnd &*& + length(gCells) > 1 &*& + length(gCells) == length(gVals) &*& + pxItem == gEnd + ? ( + xLIST_ITEM(gEnd, ?gItemVal, ?gItem_next, gEndPrev, pxList) &*& + DLS(gItem_next, gEnd, gEnd, gEndPrev, drop(1, gCells), drop(1, gVals), pxList) &*& + length(gCells) == length(gVals) &*& + length(gCells) > 0 &*& + head(gVals) == gItemVal + ) + : ( + length(gCells) == length(gVals) &*& + length(gCells) > 1 + &*& + // DLS prefix + DLS(gEnd, gEndPrev, pxItem, ?gItem_prev, ?gCellsPrefix, ?gValsPrefix, + pxList) + &*& + mem(pxItem, gCells) == true &*& + gCellsPrefix == take(index_of(pxItem, gCells), gCells) &*& + gValsPrefix == take(index_of(pxItem, gCells), gVals) + &*& + // item of interest + pxItem != gEnd &*& + xLIST_ITEM(pxItem, ?gItemVal, ?gItem_next, gItem_prev, pxList) &*& + mem(gItemVal, gVals) == true &*& + gItemVal == nth(index_of(pxItem, gCells), gVals) + &*& + // DLS suffix + (pxItem != gEndPrev + ? DLS(gItem_next, pxItem, gEnd, gEndPrev, + drop(1, drop(index_of(pxItem, gCells), gCells)), + drop(1, drop(index_of(pxItem, gCells), gVals)), + pxList) + : (gItem_next == gEnd &*& + index_of(pxItem, gCells) == length(gCells) - 1 + ) + ) + &*& + mem(gItem_next, gCells) == true + ); +ensures + DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, pxList); +{ + if( pxItem == gEnd ) { + DLS_end_next_close(pxList, pxItem); + + // why is this necessary? + assert( gCells == cons( _, _) ); + assert( gVals == cons(_, _) ); + } else { + DLS_nonEndItem_next_close(pxList, pxItem, gCells, gVals); + } +} @*/ /* By verifying the following function, we can validate that the above lemmas @@ -262,7 +372,7 @@ void lemma_validation__DLS_item_next(struct xLIST_ITEM* pxTaskItem) { //@ struct xLIST_ITEM* gTaskItem_0 = pxTaskItem; - /*@ + /* @ if( gTaskItem_0 == gEnd ) { DLS_end_next_open(gList, gTaskItem_0); } else { @@ -270,13 +380,17 @@ void lemma_validation__DLS_item_next(struct xLIST_ITEM* pxTaskItem) } @*/ - + //@ DLS_next_open(gList, gTaskItem_0); + pxTaskItem = pxTaskItem->pxNext; //@ struct xLIST_ITEM* pxItem_1 = pxTaskItem; //@ close xLIST_ITEM(gTaskItem_0, ?gTaskItemVal, _, _, gList); - /*@ + + //@ DLS_next_close(gList, gTaskItem_0, gCells, gVals, gEnd, gEndPrev); + + /* @ if( gTaskItem_0 == gEnd ) { DLS_end_next_close(gList, gTaskItem_0); assert( DLS(gEnd, gEndPrev, gEnd, gEndPrev, ?gCells2, ?gVals2, gList) ); From 49af8fd30fa80748572f540fe33443b8c89441c5 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 23 Nov 2022 15:18:11 -0500 Subject: [PATCH 152/289] Finished verification of iteration updates in `prvSelectHighestPriorityTask`. --- tasks.c | 44 +++++++++++++++++-- .../scp_list_predicates_extended.h | 5 +++ 2 files changed, 46 insertions(+), 3 deletions(-) diff --git a/tasks.c b/tasks.c index d397bb9de43..90e722d9868 100644 --- a/tasks.c +++ b/tasks.c @@ -1130,11 +1130,48 @@ static void prvYieldForTask( TCB_t * pxTCB, //@ assert( mem(gTaskItem_3, gCells) == true ); -// TODO: Remove -// Ensure that we covered all cases until this point -//@ assume(false); + /*@ + if( gTaskItem_3 == gListEnd ) { + open DLS(gListEnd, gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gReadyList); + } else{ + split(gListEnd, gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gTaskItem_3, gTaskItemIndex_3); + open DLS(gTaskItem_3, _, gListEnd, gEndPrev2, _, _, gReadyList); + } + @*/ + pxTCB = pxTaskItem->pvOwner; + //@ close xLIST_ITEM(gTaskItem_3, ?gTaskItem_3_val, ?gTaskItem_3_next, _, gReadyList); + + /*@ + if( gTaskItem_3 == gListEnd ) { + close DLS(gListEnd, gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gReadyList); + } else{ + assert( DLS(gListEnd, gEndPrev2, gTaskItem_3, ?gTaskItem_3_prev, ?gCellsPrefix, ?gValsPrefix, gReadyList) ); + + if( gTaskItem_3 == gEndPrev2 ) { + close DLS(gTaskItem_3, gTaskItem_3_prev, gListEnd, gEndPrev2, + cons(gTaskItem_3, nil), cons(gTaskItem_3_val, nil), + gReadyList); + } else { + assert( DLS(gTaskItem_3_next, gTaskItem_3, gListEnd, gEndPrev2, + ?gCellsSuffix2, ?gValsSuffix2, gReadyList)); + close DLS(gTaskItem_3, gTaskItem_3_prev, gListEnd, gEndPrev2, + cons(gTaskItem_3, gCellsSuffix2), + cons(gTaskItem_3_val, gValsSuffix2), + gReadyList); + } + assert( DLS(gTaskItem_3, gTaskItem_3_prev, gListEnd, gEndPrev2, ?gCellsSuffix, ?gValsSuffix, gReadyList) ); + join(gListEnd, gEndPrev2, gTaskItem_3, gTaskItem_3_prev, gCellsPrefix, gValsPrefix, + gTaskItem_3, gTaskItem_3_prev, gListEnd, gEndPrev2, gCellsSuffix, gValsSuffix); + } + @*/ + //@ assert( DLS(gListEnd, gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gReadyList) ); + +// Make sure that we covered all cases so far +//@ assume(false); +#ifdef IGNORED + /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */ #if ( ( configRUN_MULTIPLE_PRIORITIES == 0 ) && ( configNUM_CORES > 1 ) ) @@ -1193,6 +1230,7 @@ static void prvYieldForTask( TCB_t * pxTCB, vListInsertEnd( pxReadyList, pxTaskItem ); break; } +#endif /* IGNORED */ } while( pxTaskItem != pxLastTaskItem ); } else diff --git a/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h b/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h index 75256144639..d0ffb5972fd 100644 --- a/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h +++ b/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h @@ -3,6 +3,11 @@ #include "single_core_proofs/scp_list_predicates.h" +/* ============================================================================= + * The lemmas below assist in opening and closing DLS predicates in a way that + * allows accesses to `pxItem->pxNext`. +*/ + /*@ lemma void DLS_end_next_open(struct xLIST* pxList, struct xLIST_ITEM* pxItem) requires From 53189c46d41fc601cd64d0c3b2a0bb646758773f Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sat, 26 Nov 2022 12:15:34 -0500 Subject: [PATCH 153/289] Added new version of DLS opening lemma that reduces case splits in DLS proofs. Proved 3/4 of it. --- tasks.c | 1 + .../scp_list_predicates_extended.h | 208 ++++++++++++++++++ .../verifast/proof/verifast_lists_extended.h | 16 ++ 3 files changed, 225 insertions(+) diff --git a/tasks.c b/tasks.c index 90e722d9868..6de1a23bba9 100644 --- a/tasks.c +++ b/tasks.c @@ -932,6 +932,7 @@ static void prvYieldForTask( TCB_t * pxTCB, prvTCB_p(gCurrentTCB, ulFreeBytesOnStack); @*/ { +//@ assume(false); //@ open taskISRLockInv(); //@ assert( integer_((void*) &uxTopReadyPriority, sizeof(UBaseType_t), false, ?gTopReadyPriority) ); //@ assert( gTopReadyPriority == uxTopReadyPriority); diff --git a/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h b/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h index d0ffb5972fd..100f55d08d4 100644 --- a/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h +++ b/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h @@ -413,4 +413,212 @@ void lemma_validation__DLS_item_next(struct xLIST_ITEM* pxTaskItem) +/* ---------------------------------------- + * The folling lemmas aim to simpilfy the lemmas above and reduce + * the number of case distinctions that are introduced by applying them. + */ + + +/*@ +// Splitting a full DLS of the form +// DLS(end, endPrev, end, endPrev, cells, vals, list) +// at item `I` should result in a prefix, the item of interest and a suffix. +// Both prefix and suffix can be empty, which the standard DLS predicate does +// not allow +predicate DLS_prefix( + // prefix args + list prefCells, + list prefVals, + struct xLIST_ITEM* item, + struct xLIST_ITEM* itemPrev, + // unsplit DLS args + struct xLIST_ITEM *end, + struct xLIST_ITEM *endPrev, + struct xLIST *pxContainer) = + switch(prefCells) { + case nil: return true; + case cons(headItem, tailCells): return + headItem == end &*& + length(prefCells) == length(prefVals) &*& + DLS(end, endPrev, item, itemPrev, prefCells, prefVals, pxContainer); + }; + +predicate DLS_suffix( + // suffix args + list sufCells, + list sufVals, + struct xLIST_ITEM* item, + struct xLIST_ITEM* itemNext, + // unsplit DLS args + struct xLIST_ITEM *end, + struct xLIST_ITEM *endPrev, + struct xLIST *pxContainer) = + switch(sufCells) { + case nil: return true; + case cons(headItem, tailCells): return + length(sufCells) == length(sufVals) &*& + DLS(itemNext, item, end, endPrev, sufCells, sufVals, pxContainer); + }; + + +lemma void DLS_open_2(struct xLIST_ITEM* pxItem) +requires + DLS(?gEnd, ?gEndPrev, gEnd, gEndPrev, ?gCells, ?gVals, ?gList) &*& + mem(pxItem, gCells) == true &*& + gEnd == head(gCells) &*& + length(gCells) == length(gVals) &*& + length(gCells) > 1; +ensures + DLS_prefix(?gPrefCells, ?gPrefVals, pxItem, ?gItemPrev, + gEnd, gEndPrev, gList) + &*& + xLIST_ITEM(pxItem, ?gItemVal, ?gItemNext, gItemPrev, gList) + &*& + DLS_suffix(?gSufCells, ?gSufVals, pxItem, gItemNext, gEnd, gEndPrev, gList) &*& + true + // gCells == gPrefCells + item + gSufCells + // gVals == gPrefVals + item + gSufVals + &*& + // next in cells + mem(gItemNext, gCells) == true &*& + // prev in cells + mem(gItemPrev, gCells) == true + ; +{ + if(pxItem == gEnd) { + // pxItem is first/ left-most item in the list + // -> empty prefix + + open DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gList); + assert( xLIST_ITEM(pxItem, ?gItemVal, ?gItemNext, ?gItemPrev, gList) ); + assert( DLS(gItemNext, pxItem, gEnd, gEndPrev, ?gSufCells, ?gSufVals, + gList) ); + close DLS_prefix(nil, nil, pxItem, gItemPrev, + gEnd, gEndPrev, gList); + + // Prove: `mem(gItemNext, gCells) == true` + open DLS(gItemNext, pxItem, gEnd, gEndPrev, gSufCells, gSufVals, gList); + assert( mem(gItemNext, gCells) == true ); + close DLS(gItemNext, pxItem, gEnd, gEndPrev, gSufCells, gSufVals, gList); + + // Prove: `mem(gItemPrev, gCells) == true ` + assert( gItemPrev == gEndPrev ); + dls_last_mem(gItemNext, pxItem, gEnd, gEndPrev, gSufCells); + assert( mem(gItemPrev, gCells) == true ); + + close DLS_suffix(gSufCells, gSufVals, pxItem, gItemNext, gEnd, gEndPrev, + gList); + } else { + // pxItem is not the first/ left-most item in the list + // -> non-empty prefix + // (potentially empty suffix) + + int gItemIndex = index_of(pxItem, gCells); + split(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, pxItem, gItemIndex); + + assert( DLS(gEnd, gEndPrev, pxItem, ?gItemPrev, ?gPrefCells, ?gPrefVals, + gList) ); + // -> Will be wrapped inside the prefix constructed at the end of this + // lemma. + + assert( DLS(pxItem, gItemPrev, gEnd, gEndPrev, ?gPartCells, ?gPartVals, + gList) ); + // -> The tail of this DLS will make up the suffix constructed at the + // end of this lemma. + + // Prove: `head(gPrefCells) == gEnd` + // Necessary to construct prefix later. + // Implies `mem(gItemPrev, gCells) == true`. + open DLS(gEnd, gEndPrev, pxItem, gItemPrev, gPrefCells, gPrefVals, + gList); + assert( head(gPrefCells) == gEnd ); + close DLS(gEnd, gEndPrev, pxItem, gItemPrev, gPrefCells, gPrefVals, + gList); + assert( mem(gItemPrev, gCells) == true ); + + open DLS(pxItem, gItemPrev, gEnd, gEndPrev, gPartCells, gPartVals, + gList); + assert( xLIST_ITEM(pxItem, ?gItemVal, ?gItemNext, gItemPrev, gList) ); + + if( pxItem == gEndPrev ) { + // pxItem is the last/ right-most item in the list. + // -> empty suffix + assert( gItemNext == gEnd ); + + // prove: `mem(gItemNext, gCells) == true` + dls_first_mem(gEnd, gEndPrev, pxItem, gItemPrev, gPrefCells); + assert( mem(gItemNext, gPrefCells) == true ); + assert( gPrefCells == take(gItemIndex, gCells) ); + mem_prefix_implies_mem(gCells, gItemNext, gItemIndex); + assert( mem(gItemNext, gCells) == true ); + + + // prove: mem(gItemNext, gCells) == true + open xLIST_ITEM(pxItem, gItemVal, gItemNext, gItemPrev, gList); + assert( gItemNext == gEnd ); + assert( mem(gItemNext, gCells) == true ); + close xLIST_ITEM(pxItem, gItemVal, gItemNext, gItemPrev, gList); + + close DLS_prefix(gPrefCells, gPrefVals, pxItem, gItemPrev, + gEnd, gEndPrev, gList); + close DLS_suffix(nil, nil, pxItem, gItemNext, gEnd, gEndPrev, gList); + } else { + // pxItem is not the last/ right-most item in the list. + // -> non-empty suffix + + assert( DLS(gItemNext, pxItem, gEnd, gEndPrev, ?gSufCells, ?gSufVals, + gList) ); + + // Prove: `mem(gItemNext, gCells) == true` + open DLS(gItemNext, pxItem, gEnd, gEndPrev, gSufCells, gSufVals, + gList); + assert( mem(gItemNext, gSufCells) == true ); + assert( drop(gItemIndex, gCells) == cons(pxItem, gSufCells) ); + assert( drop(1, drop(gItemIndex, gCells)) == gSufCells ); + drop_n_plus_m(gCells, 1, gItemIndex); + assert( drop(gItemIndex+1, gCells) == gSufCells ); + mem_suffix_implies_mem(gCells, gItemNext, gItemIndex+1); + assert( mem(gItemNext, gCells) == true ); + close DLS(gItemNext, pxItem, gEnd, gEndPrev, gSufCells, gSufVals, + gList); + + + // assert( xLIST_ITEM(pxItem, ?gItemVal, gItemNext, gItemPrev, gList) ); + + // close DLS_prefix(gPrefCells, gPrefVals, pxItem, gItemPrev, + // gEnd, gEndPrev, gList); + // close DLS_suffix(nil, nil, pxItem, gItemNext, gEnd, gEndPrev, gList); + } + } +} +@*/ + +void lemma_validation__DLS_item_next_2(struct xLIST_ITEM* pxTaskItem) +/*@ requires + DLS(?gEnd, ?gEndPrev, gEnd, gEndPrev, ?gCells, ?gVals, ?gList) &*& + mem(pxTaskItem, gCells) == true &*& + gEnd == head(gCells) &*& + length(gCells) == length(gVals) &*& + length(gCells) > 1; +@*/ +/*@ ensures + DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gList) &*& + mem(pxTaskItem, gCells) == true; +@*/ +{ + //@ struct xLIST_ITEM* gTaskItem_0 = pxTaskItem; + + + + pxTaskItem = pxTaskItem->pxNext; + //@ struct xLIST_ITEM* pxItem_1 = pxTaskItem; + + + //@ assert( mem(pxItem_1, gCells) == true ); +} + + + + + #endif /* SCP_LIST_PREDICATES_EXTENDED_H */ \ No newline at end of file diff --git a/verification/verifast/proof/verifast_lists_extended.h b/verification/verifast/proof/verifast_lists_extended.h index adf29a0f044..7c7e4ab7c01 100644 --- a/verification/verifast/proof/verifast_lists_extended.h +++ b/verification/verifast/proof/verifast_lists_extended.h @@ -56,6 +56,7 @@ ensures index_of(x, xs) == length(xs) - 1; } // TODO: prove +// Can we replace this by standard lemma `drop_n_plus_one`? lemma void drop_cons(list xs, int n) requires n < length(xs); ensures drop(n, xs) == cons(nth(n, xs), drop(n+1, xs)); @@ -91,6 +92,21 @@ ensures nth(index_of(x, xs), xs) == x; // ADMIT LEMMA, PROVE LATER assume(false); } + +// TODO: prove +lemma void mem_prefix_implies_mem(list xs, t x, int n); +requires mem(x, take(n, xs)) == true; +ensures mem(x, xs) == true; + +// TODO: prove +lemma void mem_suffix_implies_mem(list xs, t x, int n); +requires mem(x, drop(n, xs)) == true; +ensures mem(x, xs) == true; + +// TODO: Can we prove this in VeriFast or do we have to axiomatise? +lemma void drop_n_plus_m(list xs, int n, int m); +requires true; +ensures drop(n, drop(m, xs)) == drop(n + m, xs); @*/ #endif /* VERIFAST_LISTS_EXTENDED_H */ \ No newline at end of file From 28fb658a5999f9f9efcc9ae22a10f363d9489693 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sun, 27 Nov 2022 09:29:17 -0500 Subject: [PATCH 154/289] Proved last case in lemma `DLS_open_2`. Will need to revisit once the lemma's postcondition has been strengtened. --- .../scp_list_predicates_extended.h | 37 ++++++++++++------- .../verifast/proof/verifast_lists_extended.h | 13 +++---- 2 files changed, 29 insertions(+), 21 deletions(-) diff --git a/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h b/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h index 100f55d08d4..8f2c536ed80 100644 --- a/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h +++ b/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h @@ -526,6 +526,11 @@ ensures // -> The tail of this DLS will make up the suffix constructed at the // end of this lemma. + // Notes on cell and val lists: + assert( length(gPartCells) == length(gPartVals) ); + assert( gPartCells == drop(gItemIndex, gCells) ); + assert( gPartVals == drop(gItemIndex, gVals) ); + // Prove: `head(gPrefCells) == gEnd` // Necessary to construct prefix later. // Implies `mem(gItemPrev, gCells) == true`. @@ -549,7 +554,7 @@ ensures dls_first_mem(gEnd, gEndPrev, pxItem, gItemPrev, gPrefCells); assert( mem(gItemNext, gPrefCells) == true ); assert( gPrefCells == take(gItemIndex, gCells) ); - mem_prefix_implies_mem(gCells, gItemNext, gItemIndex); + mem_prefix_implies_mem(gItemNext, gCells, gItemIndex); assert( mem(gItemNext, gCells) == true ); @@ -568,26 +573,32 @@ ensures assert( DLS(gItemNext, pxItem, gEnd, gEndPrev, ?gSufCells, ?gSufVals, gList) ); + assert( gSufCells == drop(1, gPartCells) ); + + // Prove: - `drop(gItemIndex+1, gCells) == gSufCells` + // - `drop(gItemIndex+1, gVals) == gSufVals` + // -> Required to prove `mem(gItemNext, gCells) == true` and also to + // prove relationship between gCells/gVals and their segmentation. + assert( drop(1, drop(gItemIndex, gCells)) == gSufCells ); + assert( drop(1, drop(gItemIndex, gVals)) == gSufVals ); + drop_n_plus_m(gCells, 1, gItemIndex); + drop_n_plus_m(gVals, 1, gItemIndex); + assert( drop(gItemIndex+1, gCells) == gSufCells ); + assert( drop(gItemIndex+1, gVals) == gSufVals ); // Prove: `mem(gItemNext, gCells) == true` open DLS(gItemNext, pxItem, gEnd, gEndPrev, gSufCells, gSufVals, gList); assert( mem(gItemNext, gSufCells) == true ); - assert( drop(gItemIndex, gCells) == cons(pxItem, gSufCells) ); - assert( drop(1, drop(gItemIndex, gCells)) == gSufCells ); - drop_n_plus_m(gCells, 1, gItemIndex); - assert( drop(gItemIndex+1, gCells) == gSufCells ); - mem_suffix_implies_mem(gCells, gItemNext, gItemIndex+1); + mem_suffix_implies_mem(gItemNext, gCells, gItemIndex+1); assert( mem(gItemNext, gCells) == true ); close DLS(gItemNext, pxItem, gEnd, gEndPrev, gSufCells, gSufVals, gList); - - - // assert( xLIST_ITEM(pxItem, ?gItemVal, gItemNext, gItemPrev, gList) ); - - // close DLS_prefix(gPrefCells, gPrefVals, pxItem, gItemPrev, - // gEnd, gEndPrev, gList); - // close DLS_suffix(nil, nil, pxItem, gItemNext, gEnd, gEndPrev, gList); + + close DLS_prefix(gPrefCells, gPrefVals, pxItem, gItemPrev, + gEnd, gEndPrev, gList); + close DLS_suffix(gSufCells, gSufVals, pxItem, gItemNext, gEnd, + gEndPrev, gList); } } } diff --git a/verification/verifast/proof/verifast_lists_extended.h b/verification/verifast/proof/verifast_lists_extended.h index 7c7e4ab7c01..e2879c352c9 100644 --- a/verification/verifast/proof/verifast_lists_extended.h +++ b/verification/verifast/proof/verifast_lists_extended.h @@ -5,12 +5,7 @@ * of VeriFast's standard library. */ -// TODO: prove -/*@ -lemma void mem_suffix_implies_mem(t x, list xs, int i); -requires mem(x, drop(i, xs)) == true; -ensures mem(x, xs) == true; -@*/ + // TODO: prove @@ -94,12 +89,12 @@ ensures nth(index_of(x, xs), xs) == x; } // TODO: prove -lemma void mem_prefix_implies_mem(list xs, t x, int n); +lemma void mem_prefix_implies_mem(t x, list xs, int n); requires mem(x, take(n, xs)) == true; ensures mem(x, xs) == true; // TODO: prove -lemma void mem_suffix_implies_mem(list xs, t x, int n); +lemma void mem_suffix_implies_mem(t x, list xs, int n); requires mem(x, drop(n, xs)) == true; ensures mem(x, xs) == true; @@ -109,4 +104,6 @@ requires true; ensures drop(n, drop(m, xs)) == drop(n + m, xs); @*/ + + #endif /* VERIFAST_LISTS_EXTENDED_H */ \ No newline at end of file From 1393ae3c34274a92d14c4364d4d52355ba495eda Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Mon, 28 Nov 2022 08:44:58 -0500 Subject: [PATCH 155/289] Set up lemma `DLS_close_2` in accordance to `DLS_open_2`. Proved cases relating to empty prefix. --- .../scp_list_predicates_extended.h | 116 ++++++++++++++++-- 1 file changed, 103 insertions(+), 13 deletions(-) diff --git a/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h b/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h index 8f2c536ed80..b2277a54ebc 100644 --- a/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h +++ b/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h @@ -427,36 +427,47 @@ void lemma_validation__DLS_item_next(struct xLIST_ITEM* pxTaskItem) // not allow predicate DLS_prefix( // prefix args - list prefCells, - list prefVals, + list prefCells, + list prefVals, struct xLIST_ITEM* item, struct xLIST_ITEM* itemPrev, // unsplit DLS args struct xLIST_ITEM *end, struct xLIST_ITEM *endPrev, struct xLIST *pxContainer) = + length(prefCells) == length(prefVals) &*& switch(prefCells) { - case nil: return true; + case nil: return + prefVals == nil &*& + item == end &*& + itemPrev == endPrev; case cons(headItem, tailCells): return + item != end &*& + // itemPrev != endPrev &*& // do we need to know this? headItem == end &*& - length(prefCells) == length(prefVals) &*& DLS(end, endPrev, item, itemPrev, prefCells, prefVals, pxContainer); }; predicate DLS_suffix( // suffix args - list sufCells, - list sufVals, + list sufCells, + list sufVals, struct xLIST_ITEM* item, struct xLIST_ITEM* itemNext, // unsplit DLS args struct xLIST_ITEM *end, struct xLIST_ITEM *endPrev, struct xLIST *pxContainer) = + length(sufCells) == length(sufVals) &*& switch(sufCells) { - case nil: return true; + case nil: return + sufVals == nil &*& + item == endPrev &*& + itemNext == end; case cons(headItem, tailCells): return - length(sufCells) == length(sufVals) &*& + item != endPrev &*& + mem(endPrev, sufCells) == true &*& + index_of(endPrev, sufCells) == length(sufCells)-1 &*& DLS(itemNext, item, end, endPrev, sufCells, sufVals, pxContainer); }; @@ -474,15 +485,17 @@ ensures &*& xLIST_ITEM(pxItem, ?gItemVal, ?gItemNext, gItemPrev, gList) &*& - DLS_suffix(?gSufCells, ?gSufVals, pxItem, gItemNext, gEnd, gEndPrev, gList) &*& - true + DLS_suffix(?gSufCells, ?gSufVals, pxItem, gItemNext, gEnd, gEndPrev, gList) + &*& // gCells == gPrefCells + item + gSufCells + gCells == append(gPrefCells, append(singleton(pxItem), gSufCells)) &*& // gVals == gPrefVals + item + gSufVals + gVals == append(gPrefVals, append(singleton(gItemVal), gSufVals)) &*& // next in cells - mem(gItemNext, gCells) == true &*& + mem(gItemNext, gCells) == true &*& // prev in cells - mem(gItemPrev, gCells) == true + mem(gItemPrev, gCells) == true ; { if(pxItem == gEnd) { @@ -597,11 +610,80 @@ ensures close DLS_prefix(gPrefCells, gPrefVals, pxItem, gItemPrev, gEnd, gEndPrev, gList); + dls_last_mem(gItemNext, pxItem, gEnd, gEndPrev, gSufCells); close DLS_suffix(gSufCells, gSufVals, pxItem, gItemNext, gEnd, gEndPrev, gList); } } } + +lemma void DLS_close_2(struct xLIST_ITEM* pxItem, + list gCells, + list gVals) +requires + length(gCells) == length(gVals) &*& + DLS_prefix(?gPrefCells, ?gPrefVals, pxItem, ?gItemPrev, + ?gEnd, ?gEndPrev, ?gList) + &*& + gEnd == head(gCells) + &*& + xLIST_ITEM(pxItem, ?gItemVal, ?gItemNext, gItemPrev, gList) + &*& + DLS_suffix(?gSufCells, ?gSufVals, pxItem, gItemNext, gEnd, gEndPrev, gList) + &*& + // gCells == gPrefCells + item + gSufCells + gCells == append(gPrefCells, append(singleton(pxItem), gSufCells)) &*& + // gVals == gPrefVals + item + gSufVals + gVals == append(gPrefVals, append(singleton(gItemVal), gSufVals)) + &*& + // next in cells + mem(gItemNext, gCells) == true &*& + // prev in cells + mem(gItemPrev, gCells) == true + ; +ensures + DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gList) &*& + mem(pxItem, gCells) == true &*& + mem(gItemNext, gCells) == true &*& + mem(gItemPrev, gCells) == true &*& + // length(gCells) == length(gVals) &*& + // length(gCells) > 1; + true; +{ + if( gPrefCells == nil ) { + // pxItem is first/ left-most item in the list + // -> empty prefix + + open DLS_prefix(gPrefCells, gPrefVals, pxItem, gItemPrev, + gEnd, gEndPrev, gList); + assert( pxItem == gEnd ); + assert( gPrefVals == nil ); + + if( gSufCells == nil ) { + // pxItem is last/ right-most item in the list + + open DLS_suffix(gSufCells, gSufVals, pxItem, gItemNext, gEnd, + gEndPrev, gList); + assert( pxItem == gEndPrev ); + assert( gSufVals == nil ); + + close DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gList); + } else { + // pxItem is not last/ right-most item in the list + + open DLS_suffix(gSufCells, gSufVals, pxItem, gItemNext, gEnd, + gEndPrev, gList); + close DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gList); + } + } else { + // pxItem is not the first/ left-most item in the list + // -> non-empty prefix + // (potentially empty suffix) + + + + } +} @*/ void lemma_validation__DLS_item_next_2(struct xLIST_ITEM* pxTaskItem) @@ -620,10 +702,18 @@ void lemma_validation__DLS_item_next_2(struct xLIST_ITEM* pxTaskItem) //@ struct xLIST_ITEM* gTaskItem_0 = pxTaskItem; - + //@ DLS_open_2(gTaskItem_0); + /*@ assert( xLIST_ITEM(gTaskItem_0, ?gTaskItem_0_val, + ?gTaskItem_0_next, ?gTaskItem_0_prev, gList) ); + @*/ pxTaskItem = pxTaskItem->pxNext; //@ struct xLIST_ITEM* pxItem_1 = pxTaskItem; + /*@ close xLIST_ITEM(gTaskItem_0, gTaskItem_0_val, + gTaskItem_0_next, gTaskItem_0_prev, gList); + @*/ + //@ DLS_close_2(gTaskItem_0, gCells, gVals); + //@ assert( mem(pxItem_1, gCells) == true ); } From bb00bee690a4ccb37372c3359cc8f38483e1111d Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Mon, 28 Nov 2022 09:16:08 -0500 Subject: [PATCH 156/289] Finished proof of `DLS_close_2`. --- .../scp_list_predicates_extended.h | 113 ++++++++++++++++-- 1 file changed, 106 insertions(+), 7 deletions(-) diff --git a/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h b/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h index b2277a54ebc..ae943b34d4b 100644 --- a/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h +++ b/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h @@ -680,13 +680,39 @@ ensures // -> non-empty prefix // (potentially empty suffix) - + open DLS_prefix(gPrefCells, gPrefVals, pxItem, gItemPrev, + gEnd, gEndPrev, gList); + + if( gSufCells == nil ) { + // pxItem is the last/ right-most item in the list + // -> empty suffix + + open DLS_suffix(gSufCells, gSufVals, pxItem, gItemNext, gEnd, + gEndPrev, gList); + assert( pxItem == gEndPrev ); + close DLS(pxItem, gItemPrev, gEnd, gEndPrev, + singleton(pxItem), singleton(gItemVal), gList); + join(gEnd, gEndPrev, pxItem, gItemPrev, gPrefCells, gPrefVals, + pxItem, gItemPrev, gEnd, gEndPrev, + singleton(pxItem), singleton(gItemVal)); + } else { + // pxItem is not the last/ right-most item in the list + // -> non-empty suffix + open DLS_suffix(gSufCells, gSufVals, pxItem, gItemNext, gEnd, + gEndPrev, gList); + close DLS(pxItem, gItemPrev, gEnd, gEndPrev, + cons(pxItem, gSufCells), cons(gItemVal, gSufVals), + gList); + join(gEnd, gEndPrev, pxItem, gItemPrev, gPrefCells, gPrefVals, + pxItem, gItemPrev, gEnd, gEndPrev, + cons(pxItem, gSufCells), cons(gItemVal, gSufVals)); + } } } @*/ -void lemma_validation__DLS_item_next_2(struct xLIST_ITEM* pxTaskItem) +struct xLIST_ITEM* lemma_validation__DLS_item_next_2(struct xLIST_ITEM* pxTaskItem) /*@ requires DLS(?gEnd, ?gEndPrev, gEnd, gEndPrev, ?gCells, ?gVals, ?gList) &*& mem(pxTaskItem, gCells) == true &*& @@ -696,29 +722,102 @@ void lemma_validation__DLS_item_next_2(struct xLIST_ITEM* pxTaskItem) @*/ /*@ ensures DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gList) &*& - mem(pxTaskItem, gCells) == true; + mem(pxTaskItem, gCells) == true &*& + mem(result, gCells) == true; @*/ { //@ struct xLIST_ITEM* gTaskItem_0 = pxTaskItem; - + // first iteration step + //@ DLS_open_2(gTaskItem_0); /*@ assert( xLIST_ITEM(gTaskItem_0, ?gTaskItem_0_val, ?gTaskItem_0_next, ?gTaskItem_0_prev, gList) ); @*/ pxTaskItem = pxTaskItem->pxNext; - //@ struct xLIST_ITEM* pxItem_1 = pxTaskItem; + //@ struct xLIST_ITEM* gTaskItem_1 = pxTaskItem; /*@ close xLIST_ITEM(gTaskItem_0, gTaskItem_0_val, gTaskItem_0_next, gTaskItem_0_prev, gList); @*/ - //@ DLS_close_2(gTaskItem_0, gCells, gVals); + //@ DLS_close_2(gTaskItem_0, gCells, gVals); - //@ assert( mem(pxItem_1, gCells) == true ); + // second iteration step + + //@ DLS_open_2(gTaskItem_1); + /*@ assert( xLIST_ITEM(gTaskItem_1, ?gTaskItem_1_val, + ?gTaskItem_1_next, ?gTaskItem_1_prev, gList) ); + @*/ + pxTaskItem = pxTaskItem->pxNext; + //@ struct xLIST_ITEM* gTaskItem_2 = pxTaskItem; + + /*@ close xLIST_ITEM(gTaskItem_1, gTaskItem_1_val, + gTaskItem_1_next, gTaskItem_1_prev, gList); + @*/ + //@ DLS_close_2(gTaskItem_1, gCells, gVals); + + + //@ assert( mem(gTaskItem_2, gCells) == true ); + return pxTaskItem; } +struct xLIST_ITEM* lemma_validation__DLS_item_prev_2(struct xLIST_ITEM* pxTaskItem) +/*@ requires + DLS(?gEnd, ?gEndPrev, gEnd, gEndPrev, ?gCells, ?gVals, ?gList) &*& + mem(pxTaskItem, gCells) == true &*& + gEnd == head(gCells) &*& + length(gCells) == length(gVals) &*& + length(gCells) > 1; +@*/ +/*@ ensures + DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gList) &*& + mem(pxTaskItem, gCells) == true &*& + mem(result, gCells) == true; +@*/ +{ + //@ struct xLIST_ITEM* gTaskItem_0 = pxTaskItem; + + // first iteration step + + //@ DLS_open_2(gTaskItem_0); + /*@ assert( xLIST_ITEM(gTaskItem_0, ?gTaskItem_0_val, + ?gTaskItem_0_next, ?gTaskItem_0_prev, gList) ); + @*/ + pxTaskItem = pxTaskItem->pxPrevious; + //@ struct xLIST_ITEM* gTaskItem_1 = pxTaskItem; + + /*@ close xLIST_ITEM(gTaskItem_0, gTaskItem_0_val, + gTaskItem_0_next, gTaskItem_0_prev, gList); + @*/ + //@ DLS_close_2(gTaskItem_0, gCells, gVals); + + + // second iteration step + + //@ DLS_open_2(gTaskItem_1); + /*@ assert( xLIST_ITEM(gTaskItem_1, ?gTaskItem_1_val, + ?gTaskItem_1_next, ?gTaskItem_1_prev, gList) ); + @*/ + pxTaskItem = pxTaskItem->pxPrevious; + //@ struct xLIST_ITEM* gTaskItem_2 = pxTaskItem; + + /*@ close xLIST_ITEM(gTaskItem_1, gTaskItem_1_val, + gTaskItem_1_next, gTaskItem_1_prev, gList); + @*/ + //@ DLS_close_2(gTaskItem_1, gCells, gVals); + + + //@ assert( mem(gTaskItem_2, gCells) == true ); + return pxTaskItem; +} + + + + + + From c0df2a28948c79212ba892ce495af18da230d78f Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Mon, 28 Nov 2022 10:55:39 -0500 Subject: [PATCH 157/289] Adapted proof of `prvSelectHighestPriorityTask` to use new DLS representation and opening & closing lemmas. --- tasks.c | 165 +++++++++++++------------------------------------------- 1 file changed, 36 insertions(+), 129 deletions(-) diff --git a/tasks.c b/tasks.c index 6de1a23bba9..b192edfc219 100644 --- a/tasks.c +++ b/tasks.c @@ -932,7 +932,6 @@ static void prvYieldForTask( TCB_t * pxTCB, prvTCB_p(gCurrentTCB, ulFreeBytesOnStack); @*/ { -//@ assume(false); //@ open taskISRLockInv(); //@ assert( integer_((void*) &uxTopReadyPriority, sizeof(UBaseType_t), false, ?gTopReadyPriority) ); //@ assert( gTopReadyPriority == uxTopReadyPriority); @@ -990,76 +989,45 @@ static void prvYieldForTask( TCB_t * pxTCB, //@ open readyLists_p(); //@ List_array_p_index_within_limits(&pxReadyTasksLists, uxCurrentPriority); //@ List_array_get_l(pxReadyTasksLists, uxCurrentPriority); - /*@ assert( xLIST(&pxReadyTasksLists[ uxCurrentPriority ], - ?gNumberOfItems, - ?gIndex, - ?gListEnd, - ?gCells, - ?gVals) ); + //@ List_t* gReadyList = &pxReadyTasksLists[uxCurrentPriority]; + /*@ assert( xLIST(gReadyList, ?gNumberOfItems, ?gIndex, ?gListEnd, + ?gCells, ?gVals) ); @*/ - //@ open xLIST(&pxReadyTasksLists[uxCurrentPriority], _, _, _, _, _); + //@ open xLIST(gReadyList, _, _, _, _, _); if( listLIST_IS_EMPTY( &( pxReadyTasksLists[ uxCurrentPriority ] ) ) == pdFALSE ) { List_t * const pxReadyList = &( pxReadyTasksLists[ uxCurrentPriority ] ); //@ assert( pxReadyList->pxIndex |-> gIndex ); - //@ assert( DLS(gListEnd, ?gEndPrev, gListEnd, gEndPrev, gCells, gVals, &pxReadyTasksLists[uxCurrentPriority]) ); - ///@ open DLS(gListEnd, gEndPrev, gListEnd, gEndPrev, gCells, gVals, &pxReadyTasksLists[uxCurrentPriority]); - //@ assert( mem(pxReadyList->pxIndex, gCells) == true ); - /*@ - if( pxReadyList->pxIndex == gListEnd ) { - open DLS(gListEnd, gEndPrev, gListEnd, gEndPrev, gCells, gVals, &pxReadyTasksLists[uxCurrentPriority]); - assert( gVals == cons(?gV, ?gRest) ); - assert( xLIST_ITEM(gIndex, gV, ?gO, gEndPrev, &pxReadyTasksLists[uxCurrentPriority]) ); - } else { - int gCellIndex = index_of(gIndex, gCells); - split(gListEnd, gEndPrev, gListEnd, gEndPrev, gCells, gVals, gIndex, gCellIndex); - assert( DLS( gListEnd, gEndPrev, gIndex, ?gIndexPrev, take(gCellIndex, gCells), take(gCellIndex, gVals), &pxReadyTasksLists[uxCurrentPriority]) ); - assert( DLS( gIndex, gIndexPrev, gListEnd, gEndPrev, drop(gCellIndex, gCells), drop(gCellIndex, gVals), &pxReadyTasksLists[uxCurrentPriority]) ); - open DLS( gIndex, gIndexPrev, gListEnd, gEndPrev, drop(gCellIndex, gCells), drop(gCellIndex, gVals), &pxReadyTasksLists[uxCurrentPriority]); - } - @*/ + /*@ assert( DLS(gListEnd, ?gEndPrev, gListEnd, gEndPrev, + gCells, gVals, gReadyList) ); + @*/ + + //@ DLS_open_2(pxReadyList->pxIndex); + //@ assert( xLIST_ITEM(gIndex, _, ?gIndexNext, ?gIndexPrev, gReadyList) ); ListItem_t * pxLastTaskItem = pxReadyList->pxIndex->pxPrevious; ListItem_t * pxTaskItem = pxLastTaskItem; - /*@ - if( gIndex == gListEnd ) { - close xLIST_ITEM(gIndex, _, _, gEndPrev, &pxReadyTasksLists[uxCurrentPriority]); - close DLS(gListEnd, gEndPrev, gListEnd, gEndPrev, gCells, gVals, &pxReadyTasksLists[uxCurrentPriority]); - - // Loop invariant for inner search loop below requires us - // to prove that `pxTaskItem` points to a valid list item. - dls_last_mem(gListEnd, gEndPrev, gListEnd, gEndPrev, gCells); - assert( mem(pxTaskItem, gCells) == true ); - } else { - int gCellIndex = index_of(gIndex, gCells); - assert( DLS( gListEnd, gEndPrev, gIndex, ?gIndexPrev, take(gCellIndex, gCells), take(gCellIndex, gVals), &pxReadyTasksLists[uxCurrentPriority]) ); - close xLIST_ITEM(gIndex, _, _, gIndexPrev, &pxReadyTasksLists[uxCurrentPriority]); - close DLS( gIndex, gIndexPrev, gListEnd, gEndPrev, drop(gCellIndex, gCells), drop(gCellIndex, gVals), &pxReadyTasksLists[uxCurrentPriority]); - assert( DLS( gIndex, gIndexPrev, gListEnd, gEndPrev, drop(gCellIndex, gCells), drop(gCellIndex, gVals), &pxReadyTasksLists[uxCurrentPriority]) ); - - join( gListEnd, gEndPrev, gIndex, gIndexPrev, take(gCellIndex, gCells), take(gCellIndex, gVals), - gIndex, gIndexPrev, gListEnd, gEndPrev, drop(gCellIndex, gCells), drop(gCellIndex, gVals) ); - } - @*/ - // Unified ghost branches - //@ assert( DLS(gListEnd, gEndPrev, gListEnd, gEndPrev, gCells, gVals, &pxReadyTasksLists[uxCurrentPriority]) ); + //@ close xLIST_ITEM(gIndex, _, gIndexNext, gIndexPrev, gReadyList); + //@ DLS_close_2(pxReadyList->pxIndex, gCells, gVals); - //@ open DLS(gListEnd, gEndPrev, gListEnd, gEndPrev, gCells, gVals, &pxReadyTasksLists[uxCurrentPriority]); - //@ assert( xLIST_ITEM(&pxReadyList->xListEnd, _, _, _, &pxReadyTasksLists[uxCurrentPriority]) ); - //@ open xLIST_ITEM(&pxReadyList->xListEnd, _, _, _, &pxReadyTasksLists[uxCurrentPriority]); + //@ assert( mem(pxTaskItem, gCells) == true); + + //@ open DLS(gListEnd, gEndPrev, gListEnd, gEndPrev, gCells, gVals, gReadyList); + //@ assert( xLIST_ITEM(&pxReadyList->xListEnd, _, _, _, gReadyList) ); + //@ open xLIST_ITEM(&pxReadyList->xListEnd, _, _, _, gReadyList); // opening required to prove validity of `&( pxReadyList->xListEnd )` ///@ assert( pointer_within_limits( &pxReadyList->xListEnd ) == true ); - //@ close xLIST_ITEM(&pxReadyList->xListEnd, _, _, _, &pxReadyTasksLists[uxCurrentPriority]); + //@ close xLIST_ITEM(&pxReadyList->xListEnd, _, _, _, gReadyList); if( ( void * ) pxLastTaskItem == ( void * ) &( pxReadyList->xListEnd ) ) { //@ assert( gVals == cons(?gV, ?gRest) ); - //@ assert( xLIST_ITEM(?gOldLastTaskItem, gV, ?gO, gEndPrev, &pxReadyTasksLists[uxCurrentPriority]) ); + //@ assert( xLIST_ITEM(?gOldLastTaskItem, gV, ?gO, gEndPrev, gReadyList) ); pxLastTaskItem = pxLastTaskItem->pxPrevious; - //@ close xLIST_ITEM(gOldLastTaskItem, gV, gO, gEndPrev, &pxReadyTasksLists[uxCurrentPriority]); + //@ close xLIST_ITEM(gOldLastTaskItem, gV, gO, gEndPrev, gReadyList); } - //@ close DLS(gListEnd, gEndPrev, gListEnd, gEndPrev, gCells, gVals, &pxReadyTasksLists[uxCurrentPriority]); - /*@ close xLIST(&pxReadyTasksLists[ uxCurrentPriority ], - gNumberOfItems, gIndex, gListEnd, gCells, gVals); + //@ close DLS(gListEnd, gEndPrev, gListEnd, gEndPrev, gCells, gVals, gReadyList); + /*@ close xLIST(gReadyList, gNumberOfItems, gIndex, gListEnd, + gCells, gVals); @*/ /* The ready task list for uxCurrentPriority is not empty, so uxTopReadyPriority @@ -1068,107 +1036,46 @@ static void prvYieldForTask( TCB_t * pxTCB, do /*@ invariant - xLIST(&pxReadyTasksLists[ uxCurrentPriority ], - gNumberOfItems, gIndex, gListEnd, gCells, gVals) &*& + xLIST(gReadyList, gNumberOfItems, gIndex, gListEnd, + gCells, gVals) + &*& mem(pxTaskItem, gCells) == true; @*/ { TCB_t * pxTCB; - //@ List_t* gReadyList = &pxReadyTasksLists[ uxCurrentPriority ]; //@ open xLIST(gReadyList, gNumberOfItems, gIndex, gListEnd, gCells, gVals); //@ assert( DLS(gListEnd, ?gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gReadyList) ); - //@ int gTaskItemIndex_0 = index_of(pxTaskItem, gCells); + // Building an SSA for important variables helps us to + // refer to the right instances. //@ struct xLIST_ITEM* gTaskItem_0 = pxTaskItem; - - /* Proof idea: - * - Open DLS predicate to justify access to fields of - * `gTaskItem_0` - * - Prove `mem(gTaskItem_1, gCells) == true` - * - * In if-statement: - * - Open DLS predicate to justify access to - * `gTaskItem_1->next` in if-statement - * - Prove `mem(gTaskItem_2, gCells) == true` - * - * After if-statement: - * - Prove `mem(gTaskItem_3, gCells) == true` - */ - - - //@ DLS_next_open(gReadyList, gTaskItem_0); + //@ DLS_open_2(gTaskItem_0); pxTaskItem = pxTaskItem->pxNext; - - //@ int gTaskItemIndex_1 = index_of(pxTaskItem, gCells); //@ struct xLIST_ITEM* gTaskItem_1 = pxTaskItem; - //@ assert( mem(gTaskItem_1, gCells) == true ); //@ close xLIST_ITEM(gTaskItem_0, _, _, _, gReadyList); - - //@ DLS_next_close(gReadyList, gTaskItem_0, gCells, gVals, gListEnd, gEndPrev2); - - + //@ DLS_close_2(gTaskItem_0, gCells, gVals); if( ( void * ) pxTaskItem == ( void * ) &( pxReadyList->xListEnd ) ) { - //@ assert( pxTaskItem == gTaskItem_1 ); - //@ DLS_next_open(gReadyList, gTaskItem_1); - + //@ DLS_open_2(gTaskItem_1); pxTaskItem = pxTaskItem->pxNext; - //@ int gTaskItemIndex_2 = index_of(pxTaskItem, gCells); //@ struct xLIST_ITEM* gTaskItem_2 = pxTaskItem; //@ close xLIST_ITEM(gTaskItem_1, _, _, _, gReadyList); - //@ DLS_next_close(gReadyList, gTaskItem_1, gCells, gVals, gListEnd, gEndPrev2); + //@ DLS_close_2(gTaskItem_1, gCells, gVals); } - //@ int gTaskItemIndex_3 = index_of(pxTaskItem, gCells); //@ struct xLIST_ITEM* gTaskItem_3 = pxTaskItem; - - //@ assert( DLS(gListEnd, gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gReadyList) ); - //@ assert( mem(gTaskItem_3, gCells) == true ); - - - /*@ - if( gTaskItem_3 == gListEnd ) { - open DLS(gListEnd, gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gReadyList); - } else{ - split(gListEnd, gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gTaskItem_3, gTaskItemIndex_3); - open DLS(gTaskItem_3, _, gListEnd, gEndPrev2, _, _, gReadyList); - } - @*/ + //@ DLS_open_2(gTaskItem_3); pxTCB = pxTaskItem->pvOwner; + //@ close xLIST_ITEM(gTaskItem_3, _, _, _, gReadyList); + //@ DLS_close_2(gTaskItem_3, gCells, gVals); - //@ close xLIST_ITEM(gTaskItem_3, ?gTaskItem_3_val, ?gTaskItem_3_next, _, gReadyList); - - /*@ - if( gTaskItem_3 == gListEnd ) { - close DLS(gListEnd, gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gReadyList); - } else{ - assert( DLS(gListEnd, gEndPrev2, gTaskItem_3, ?gTaskItem_3_prev, ?gCellsPrefix, ?gValsPrefix, gReadyList) ); - - if( gTaskItem_3 == gEndPrev2 ) { - close DLS(gTaskItem_3, gTaskItem_3_prev, gListEnd, gEndPrev2, - cons(gTaskItem_3, nil), cons(gTaskItem_3_val, nil), - gReadyList); - } else { - assert( DLS(gTaskItem_3_next, gTaskItem_3, gListEnd, gEndPrev2, - ?gCellsSuffix2, ?gValsSuffix2, gReadyList)); - close DLS(gTaskItem_3, gTaskItem_3_prev, gListEnd, gEndPrev2, - cons(gTaskItem_3, gCellsSuffix2), - cons(gTaskItem_3_val, gValsSuffix2), - gReadyList); - } - assert( DLS(gTaskItem_3, gTaskItem_3_prev, gListEnd, gEndPrev2, ?gCellsSuffix, ?gValsSuffix, gReadyList) ); - join(gListEnd, gEndPrev2, gTaskItem_3, gTaskItem_3_prev, gCellsPrefix, gValsPrefix, - gTaskItem_3, gTaskItem_3_prev, gListEnd, gEndPrev2, gCellsSuffix, gValsSuffix); - } - @*/ - //@ assert( DLS(gListEnd, gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gReadyList) ); - +//@ assume(false); // Make sure that we covered all cases so far //@ assume(false); #ifdef IGNORED From 2048fb85da0bfef47d6dc170cdd2de847f259a89 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Mon, 28 Nov 2022 12:20:30 -0500 Subject: [PATCH 158/289] Commented old opening and closing lemmas out and switched back from Z3 to VF standard SMT solver --- .../scp_list_predicates_extended.h | 6 +++--- verification/verifast/start-vfide--preprocessed.sh | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h b/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h index ae943b34d4b..5229895f2f7 100644 --- a/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h +++ b/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h @@ -8,7 +8,7 @@ * allows accesses to `pxItem->pxNext`. */ -/*@ +/* @ lemma void DLS_end_next_open(struct xLIST* pxList, struct xLIST_ITEM* pxItem) requires DLS(?gEnd, ?gEndPrev, gEnd, gEndPrev, ?gCells, ?gVals, pxList) &*& @@ -363,14 +363,14 @@ ensures * apply to the use cases they are meant for. */ void lemma_validation__DLS_item_next(struct xLIST_ITEM* pxTaskItem) -/*@ requires +/* @ requires DLS(?gEnd, ?gEndPrev, gEnd, gEndPrev, ?gCells, ?gVals, ?gList) &*& mem(pxTaskItem, gCells) == true &*& gEnd == head(gCells) &*& length(gCells) == length(gVals) &*& length(gCells) > 1; @*/ -/*@ ensures +/* @ ensures DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gList) &*& mem(pxTaskItem, gCells) == true; @*/ diff --git a/verification/verifast/start-vfide--preprocessed.sh b/verification/verifast/start-vfide--preprocessed.sh index 39d4ff706cd..38f833560c0 100755 --- a/verification/verifast/start-vfide--preprocessed.sh +++ b/verification/verifast/start-vfide--preprocessed.sh @@ -13,6 +13,7 @@ PP_SCRIPT_DIR="$START_WD/custom_build_scripts_RP2040" PP_SCRIPT="./preprocess_tasks_c.sh" PP_TASK_C="$START_WD/preprocessed_files/tasks__pp.c" +#FONT_SIZE=20 FONT_SIZE=17 # Flags to SKIP expensive proofs: @@ -38,6 +39,6 @@ echo "\n\nPreprocessing script finished\n\n" -I proofs \ -codeFont "$FONT_SIZE" -traceFont "$FONT_SIZE" \ -assume_no_provenance \ - -prover z3v4.5 + # -prover z3v4.5 # -target 32bit -prover z3v4.5 \ # TODO: If we set the target to 32bit, VF create `uint` chunks instead of `char` chunks during malloc From b310efa029b9b30c87cb1e8d827c640f7427c2f0 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 29 Nov 2022 08:32:32 -0500 Subject: [PATCH 159/289] Added ready list lemmas. --- .../verifast/proof/ready_list_predicates.h | 97 ++++++++++++------- 1 file changed, 63 insertions(+), 34 deletions(-) diff --git a/verification/verifast/proof/ready_list_predicates.h b/verification/verifast/proof/ready_list_predicates.h index f2eae2c8caa..13ab9925cd9 100644 --- a/verification/verifast/proof/ready_list_predicates.h +++ b/verification/verifast/proof/ready_list_predicates.h @@ -4,43 +4,72 @@ #include "single_core_proofs/scp_list_predicates.h" /*@ -predicate List_array_p(List_t* array, int size) = +predicate List_array_p(List_t* array, int size, + list > cellLists) = size >= 0 &*& + length(cellLists) == size &*& size > 0 ? ( + cellLists == cons(?gCells, ?gTailcellLists) &*& pointer_within_limits(array) == true &*& - xLIST(array, - ?uxNumberOfItems, - ?pxIndex, - ?xListEnd, - ?cells, - ?vals) + xLIST(array, ?gNumberOfItems, ?gIndex, ?gListEnd, gCells, ?gVals) &*& - List_array_p(array + 1, size - 1) + List_array_p(array + 1, size - 1, gTailcellLists) ) - : true; + : cellLists == nil; -lemma void List_array_get_l(List_t* array, int index) -requires List_array_p(array, ?size) &*& - 0 <= index &*& index < size; -ensures List_array_p(array, index) &*& - pointer_within_limits(array) == true &*& - xLIST(array + index, - ?uxNumberOfItems, - ?pxIndex, - ?xListEnd, - ?cells, - ?vals) &*& - List_array_p(array + index + 1, size-index-1); +lemma void List_array_size_positive(List_t* pxArray) +requires List_array_p(pxArray, ?gSize, ?gCellLists); +ensures List_array_p(pxArray, gSize, gCellLists) &*& + gSize >= 0 &*& gSize == length(gCellLists); { - if( index == 0) { - open List_array_p(array, size); - close List_array_p(array, 0); - } else { - open List_array_p(array, size); - List_array_get_l(array + 1, index - 1); - close List_array_p(array, index); + open List_array_p(pxArray, gSize, gCellLists); + close List_array_p(pxArray, gSize, gCellLists); +} + +lemma void List_array_split(List_t* array, int index) +requires + List_array_p(array, ?gSize, ?gCellLists) &*& + 0 <= index &*& index < gSize; +ensures + List_array_p(array, index, ?gPrefCellLists) &*& + gPrefCellLists == take(index, gCellLists) &*& + pointer_within_limits(array) == true &*& + xLIST(array + index, _, _, _, ?gCells, ?vals) &*& + gCells == nth(index, gCellLists) &*& + List_array_p(array + index + 1, gSize-index-1, ?gSufCellLists) &*& + gSufCellLists == drop(index+1, gCellLists); +{ + open List_array_p(array, gSize, gCellLists); + + if( index > 0 ) { + List_array_split(array + 1, index - 1); } + + close List_array_p(array, index, take(index, gCellLists)); +} + +lemma void List_array_join(List_t* array) +requires + List_array_p(array, ?gPrefSize, ?gPrefCellLists) &*& + xLIST(array + gPrefSize, _, _, _, ?gCells, _) &*& + pointer_within_limits(array + gPrefSize) == true &*& + List_array_p(array + gPrefSize + 1, ?gSufSize, ?gSufCellLists); +ensures + List_array_p(array, ?gSize, ?gCellLists) &*& + gSize == length(gCellLists) &*& + gSize == gPrefSize + 1 + gSufSize &*& + gCellLists == append(gPrefCellLists, cons(gCells, gSufCellLists)); +{ + open List_array_p(array, gPrefSize, gPrefCellLists); + List_array_size_positive(array + gPrefSize + 1); + + if( gPrefSize > 0 ) { + List_array_join(array + 1); + } + + close List_array_p(array, gPrefSize + 1 + gSufSize, + append(gPrefCellLists, cons(gCells, gSufCellLists))); } @*/ @@ -49,22 +78,22 @@ ensures List_array_p(array, index) &*& // TODO: We know that the list of priority 0 is never empty. // It contains the idle task and nothing else. predicate readyLists_p() = - List_array_p(&pxReadyTasksLists, configMAX_PRIORITIES); + List_array_p(&pxReadyTasksLists, configMAX_PRIORITIES, ?gCellLists); @*/ /*@ lemma void List_array_p_index_within_limits(List_t* array, int index) -requires List_array_p(array, ?size) &*& - 0 <= index &*& index < size; -ensures List_array_p(array, size) &*& +requires List_array_p(array, ?gSize, ?gCellListss) &*& + 0 <= index &*& index < gSize; +ensures List_array_p(array, gSize, gCellListss) &*& pointer_within_limits(&array[index]) == true; { - open List_array_p(array, size); + open List_array_p(array, gSize, gCellListss); if( index > 0) { List_array_p_index_within_limits(&array[1], index-1); } - close List_array_p(array, size); + close List_array_p(array, gSize, gCellListss); } @*/ From 014acb9a002351eb89ef7060ca314a65a878a0b9 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 29 Nov 2022 09:37:23 -0500 Subject: [PATCH 160/289] Refactored lock predicates to improve readability. --- include/stack_macros.h | 14 ++-- include/task.h | 8 +-- tasks.c | 70 ++++++++----------- .../verifast/proof/ready_list_predicates.h | 4 +- verification/verifast/proof/task_predicates.h | 10 ++- .../verifast/proof/verifast_lock_predicates.h | 18 ++--- 6 files changed, 56 insertions(+), 68 deletions(-) diff --git a/include/stack_macros.h b/include/stack_macros.h index 926e7743d70..ea247e4064e 100644 --- a/include/stack_macros.h +++ b/include/stack_macros.h @@ -96,22 +96,22 @@ #define taskCHECK_FOR_STACK_OVERFLOW() VF__taskCHECK_FOR_STACK_OVERFLOW() void VF__taskCHECK_FOR_STACK_OVERFLOW() - /*@ requires prvTCB_p(?gCurrentTCB, ?ulFreeBytesOnStack) &*& - pubTCB_p(gCurrentTCB, ?uxCriticalNesting) &*& + /*@ requires prvSeg_TCB_p(?gCurrentTCB, ?ulFreeBytesOnStack) &*& + coreLocalSeg_TCB_p(gCurrentTCB, ?uxCriticalNesting) &*& // chunks required by `pxCurrentTCB` aka `xTaskGetCurrentTaskHandle()` interruptState_p(coreID_f(), ?state) &*& interruptsDisabled_f(state) == true &*& pointer(&pxCurrentTCBs[coreID_f], gCurrentTCB); @*/ - /*@ ensures prvTCB_p(gCurrentTCB, ulFreeBytesOnStack) &*& - pubTCB_p(gCurrentTCB, uxCriticalNesting) &*& + /*@ ensures prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack) &*& + coreLocalSeg_TCB_p(gCurrentTCB, uxCriticalNesting) &*& // chunks required by `pxCurrentTCB` aka `xTaskGetCurrentTaskHandle()` interruptState_p(coreID_f(), state) &*& interruptsDisabled_f(state) == true &*& pointer(&pxCurrentTCBs[coreID_f], gCurrentTCB); \ @*/ \ { \ - /*@ open prvTCB_p(gCurrentTCB, ulFreeBytesOnStack); @*/ \ + /*@ open prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack); @*/ \ /*@ assert( stack_p_2(?pxStack, ?ulStackDepth, ?pxTopOfStack, \ ?ulFreeBytes, ?ulUsedCells, ?ulUnalignedBytes) ); \ @*/ \ @@ -139,7 +139,7 @@ /*@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, \ ulFreeBytes, ulUsedCells, ulUnalignedBytes); \ @*/ \ - /*@ close prvTCB_p(gCurrentTCB, ulFreeBytesOnStack); @*/ \ + /*@ close prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack); @*/ \ TCB_t* tcb1 = pxCurrentTCB; \ TCB_t* tcb2 = pxCurrentTCB; \ vApplicationStackOverflowHook( ( TaskHandle_t ) tcb1, tcb2->pcTaskName ); \ @@ -151,7 +151,7 @@ chars_split((char*) pxStack, ulFreeBytesOnStack); \ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, \ ulFreeBytes, ulUsedCells, ulUnalignedBytes); \ - close prvTCB_p(gCurrentTCB, ulFreeBytesOnStack); \ + close prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack); \ } \ @*/ \ } diff --git a/include/task.h b/include/task.h index 7afb9743cb8..56e054299c1 100644 --- a/include/task.h +++ b/include/task.h @@ -1863,11 +1863,11 @@ configSTACK_DEPTH_TYPE uxTaskGetStackHighWaterMark2( TaskHandle_t xTask ) PRIVIL */ void vApplicationStackOverflowHook( TaskHandle_t xTask, char * pcTaskName ); - /*@ requires prvTCB_p(xTask, ?ulFreeBytesOnStack) &*& - pubTCB_p(xTask, ?uxCriticalNesting); + /*@ requires prvSeg_TCB_p(xTask, ?ulFreeBytesOnStack) &*& + coreLocalSeg_TCB_p(xTask, ?uxCriticalNesting); @*/ - /*@ ensures prvTCB_p(xTask, ulFreeBytesOnStack) &*& - pubTCB_p(xTask, uxCriticalNesting); + /*@ ensures prvSeg_TCB_p(xTask, ulFreeBytesOnStack) &*& + coreLocalSeg_TCB_p(xTask, uxCriticalNesting); @*/ #endif diff --git a/tasks.c b/tasks.c index b192edfc219..95d77198368 100644 --- a/tasks.c +++ b/tasks.c @@ -908,11 +908,11 @@ static void prvYieldForTask( TCB_t * pxTCB, &*& // opened predicate `coreLocalInterruptInv_p()` pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB) &*& - pubTCB_p(gCurrentTCB, 0) &*& - integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) + integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) &*& + coreLocalSeg_TCB_p(gCurrentTCB, 0) &*& // read access to current task's stack pointer, etc - prvTCB_p(gCurrentTCB, ?ulFreeBytesOnStack); + prvSeg_TCB_p(gCurrentTCB, ?ulFreeBytesOnStack); @*/ /*@ ensures 0 <= xCoreID &*& xCoreID < configNUM_CORES &*& xCoreID == coreID_f() &*& @@ -925,11 +925,11 @@ static void prvYieldForTask( TCB_t * pxTCB, &*& // opened predicate `coreLocalInterruptInv_p()` pointer(&pxCurrentTCBs[coreID_f], gCurrentTCB) &*& - pubTCB_p(gCurrentTCB, 0) &*& - integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) + integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) &*& + coreLocalSeg_TCB_p(gCurrentTCB, 0) &*& // read access to current task's stack pointer, etc - prvTCB_p(gCurrentTCB, ulFreeBytesOnStack); + prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack); @*/ { //@ open taskISRLockInv(); @@ -961,11 +961,12 @@ static void prvYieldForTask( TCB_t * pxTCB, &*& // opened predicate `coreLocalInterruptInv_p()` pointer(&pxCurrentTCBs[coreID_f], gCurrentTCB) &*& - pubTCB_p(gCurrentTCB, 0) &*& - integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) +// pubTCB_p(gCurrentTCB, 0) &*& + integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) &*& + coreLocalSeg_TCB_p(gCurrentTCB, 0) &*& // read access to current task's stack pointer, etc - prvTCB_p(gCurrentTCB, ulFreeBytesOnStack) + prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack) &*& // additional knowledge 0 <= uxCurrentPriority &*& uxCurrentPriority <= gTopReadyPriority &*& @@ -986,19 +987,19 @@ static void prvYieldForTask( TCB_t * pxTCB, #endif //@ open taskISRLockInv(); - //@ open readyLists_p(); + //@ open readyLists_p(?gCellLists); //@ List_array_p_index_within_limits(&pxReadyTasksLists, uxCurrentPriority); - //@ List_array_get_l(pxReadyTasksLists, uxCurrentPriority); + //@ List_array_split(pxReadyTasksLists, uxCurrentPriority); //@ List_t* gReadyList = &pxReadyTasksLists[uxCurrentPriority]; - /*@ assert( xLIST(gReadyList, ?gNumberOfItems, ?gIndex, ?gListEnd, - ?gCells, ?gVals) ); - @*/ + + //@ assert( xLIST(gReadyList, ?gSize, ?gIndex, ?gEnd, ?gCells, ?gVals) ); + //@ open xLIST(gReadyList, _, _, _, _, _); if( listLIST_IS_EMPTY( &( pxReadyTasksLists[ uxCurrentPriority ] ) ) == pdFALSE ) { List_t * const pxReadyList = &( pxReadyTasksLists[ uxCurrentPriority ] ); //@ assert( pxReadyList->pxIndex |-> gIndex ); - /*@ assert( DLS(gListEnd, ?gEndPrev, gListEnd, gEndPrev, + /*@ assert( DLS(gEnd, ?gEndPrev, gEnd, gEndPrev, gCells, gVals, gReadyList) ); @*/ @@ -1012,7 +1013,7 @@ static void prvYieldForTask( TCB_t * pxTCB, //@ assert( mem(pxTaskItem, gCells) == true); - //@ open DLS(gListEnd, gEndPrev, gListEnd, gEndPrev, gCells, gVals, gReadyList); + //@ open DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gReadyList); //@ assert( xLIST_ITEM(&pxReadyList->xListEnd, _, _, _, gReadyList) ); //@ open xLIST_ITEM(&pxReadyList->xListEnd, _, _, _, gReadyList); // opening required to prove validity of `&( pxReadyList->xListEnd )` @@ -1025,10 +1026,8 @@ static void prvYieldForTask( TCB_t * pxTCB, pxLastTaskItem = pxLastTaskItem->pxPrevious; //@ close xLIST_ITEM(gOldLastTaskItem, gV, gO, gEndPrev, gReadyList); } - //@ close DLS(gListEnd, gEndPrev, gListEnd, gEndPrev, gCells, gVals, gReadyList); - /*@ close xLIST(gReadyList, gNumberOfItems, gIndex, gListEnd, - gCells, gVals); - @*/ + //@ close DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gReadyList); + //@ close xLIST(gReadyList, _, gIndex, gEnd, gCells, gVals); /* The ready task list for uxCurrentPriority is not empty, so uxTopReadyPriority * must not be decremented any further */ @@ -1036,16 +1035,14 @@ static void prvYieldForTask( TCB_t * pxTCB, do /*@ invariant - xLIST(gReadyList, gNumberOfItems, gIndex, gListEnd, - gCells, gVals) - &*& - mem(pxTaskItem, gCells) == true; + mem(pxTaskItem, gCells) == true &*& + xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals); @*/ { TCB_t * pxTCB; - //@ open xLIST(gReadyList, gNumberOfItems, gIndex, gListEnd, gCells, gVals); - //@ assert( DLS(gListEnd, ?gEndPrev2, gListEnd, gEndPrev2, gCells, gVals, gReadyList) ); + //@ open xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals); + //@ assert( DLS(gEnd, ?gEndPrev2, gEnd, gEndPrev2, gCells, gVals, gReadyList) ); // Building an SSA for important variables helps us to // refer to the right instances. @@ -1075,10 +1072,6 @@ static void prvYieldForTask( TCB_t * pxTCB, //@ close xLIST_ITEM(gTaskItem_3, _, _, _, gReadyList); //@ DLS_close_2(gTaskItem_3, gCells, gVals); -//@ assume(false); -// Make sure that we covered all cases so far -//@ assume(false); -#ifdef IGNORED /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */ @@ -1138,7 +1131,6 @@ static void prvYieldForTask( TCB_t * pxTCB, vListInsertEnd( pxReadyList, pxTaskItem ); break; } -#endif /* IGNORED */ } while( pxTaskItem != pxLastTaskItem ); } else @@ -4297,11 +4289,11 @@ void vTaskSwitchContext( BaseType_t xCoreID ) &*& // opened predicate `coreLocalInterruptInv_p()` pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB) &*& - pubTCB_p(gCurrentTCB, 0) &*& - integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) + integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) &*& + coreLocalSeg_TCB_p(gCurrentTCB, 0) &*& // read access to current task's stack pointer, etc - prvTCB_p(gCurrentTCB, ?ulFreeBytesOnStack); + prvSeg_TCB_p(gCurrentTCB, ?ulFreeBytesOnStack); @*/ /*@ ensures // all locks are released and interrupts remain disabled @@ -4312,11 +4304,11 @@ void vTaskSwitchContext( BaseType_t xCoreID ) &*& // opened predicate `coreLocalInterruptInv_p()` pointer(&pxCurrentTCBs[coreID_f], ?gNewCurrentTCB) &*& - pubTCB_p(gNewCurrentTCB, 0) &*& - integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) + integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) &*& + coreLocalSeg_TCB_p(gCurrentTCB, 0) &*& // read access to current task's stack pointer, etc - prvTCB_p(gCurrentTCB, ulFreeBytesOnStack); + prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack); // Remark: the part of the post condition relating to TCBs will have to change. @*/ { @@ -4346,10 +4338,10 @@ void vTaskSwitchContext( BaseType_t xCoreID ) // TODO: Inspect reason. TaskHandle_t currentHandle = pxCurrentTCB; //@ assert( currentHandle == gCurrentTCB ); - //@ open pubTCB_p(gCurrentTCB, 0); + //@ open coreLocalSeg_TCB_p(gCurrentTCB, 0); UBaseType_t nesting = currentHandle->uxCriticalNesting; configASSERT( nesting == 0 ); - //@ close pubTCB_p(gCurrentTCB, 0); + //@ close coreLocalSeg_TCB_p(gCurrentTCB, 0); } #else configASSERT( pxCurrentTCB->uxCriticalNesting == 0 ); diff --git a/verification/verifast/proof/ready_list_predicates.h b/verification/verifast/proof/ready_list_predicates.h index 13ab9925cd9..bd3eca7d1d4 100644 --- a/verification/verifast/proof/ready_list_predicates.h +++ b/verification/verifast/proof/ready_list_predicates.h @@ -77,8 +77,8 @@ ensures /*@ // TODO: We know that the list of priority 0 is never empty. // It contains the idle task and nothing else. -predicate readyLists_p() = - List_array_p(&pxReadyTasksLists, configMAX_PRIORITIES, ?gCellLists); +predicate readyLists_p(list > gCellLists) = + List_array_p(&pxReadyTasksLists, configMAX_PRIORITIES, gCellLists); @*/ diff --git a/verification/verifast/proof/task_predicates.h b/verification/verifast/proof/task_predicates.h index 57e3a89bce7..b583cd7ced4 100644 --- a/verification/verifast/proof/task_predicates.h +++ b/verification/verifast/proof/task_predicates.h @@ -66,7 +66,7 @@ predicate TCB_p(TCB_t * tcb, uint32_t ulFreeBytesOnStack) = tcb->uxPriority |-> _ &*& - tcb->xTaskRunState |-> _ &*& + tcb->xTaskRunState |-> ?gTaskRunState &*& tcb->xIsIdle |-> _ &*& // Assumes macro `configMAX_TASK_NAME_LEN` evaluates to 16. @@ -102,13 +102,17 @@ predicate absTCB_p(TCB_t* tcb) = // // The predicates below will be expanded iteratively. -predicate prvTCB_p(TCB_t* tcb, uint32_t ulFreeBytesOnStack) = +predicate prvSeg_TCB_p(TCB_t* tcb, uint32_t ulFreeBytesOnStack) = tcb->pxStack |-> ?stackPtr &*& tcb->pxTopOfStack |-> ?topPtr &*& stack_p_2(stackPtr, ?ulStackDepth, topPtr, ulFreeBytesOnStack, ?ulUsedCells, ?ulUnalignedBytes); -predicate pubTCB_p(TCB_t* tcb, UBaseType_t uxCriticalNesting) = +predicate sharedSeg_TCB_p(TCB_t* tcb) = + tcb->xTaskRunState |-> ?gTaskRunState &*& + true; + +predicate coreLocalSeg_TCB_p(TCB_t* tcb, UBaseType_t uxCriticalNesting) = tcb->uxCriticalNesting |-> uxCriticalNesting; @*/ diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/verification/verifast/proof/verifast_lock_predicates.h index 857604e7962..0bcc05bd344 100644 --- a/verification/verifast/proof/verifast_lock_predicates.h +++ b/verification/verifast/proof/verifast_lock_predicates.h @@ -29,8 +29,9 @@ fixpoint bool interruptsDisabled_f(uint32_t); predicate coreLocalInterruptInv_p() = pointer(&pxCurrentTCBs[coreID_f], ?currentTCB) &*& - pubTCB_p(currentTCB, 0) &*& - integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _); + //pubTCB_p(currentTCB, 0) &*& + integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) &*& + coreLocalSeg_TCB_p(currentTCB, ?gCriticalNesting); predicate coreLocalLocked(uint32_t coreID); @@ -94,20 +95,11 @@ predicate taskISRLockInv() = integer_((void*) &uxTopReadyPriority, sizeof(UBaseType_t), false, ?gTopReadyPriority) &*& 0 <= gTopReadyPriority &*& gTopReadyPriority < configMAX_PRIORITIES &*& - readyLists_p() &*& - // Update: The current task on this core is interrupt protected. - // TODO: Exclude from `allTasks`. - // `allTasks` stores pointers to all currently valid tasks (i.e. TCB_t instances) - //foreach(?tasks, absTCB_p) &*& - // If a task is scheduled, it must be valid - //[0.5]pointer(&pxCurrentTCBs[coreID_f()], ?scheduledTask) &*& - //scheduledTask != NULL - // ? mem(scheduledTask, tasks) == true - // : true - //&*& + readyLists_p(?gCellLists) &*& true; + lemma void produce_taskISRLockInv(); requires locked(?heldLocks) &*& heldLocks == cons(?i, cons(?t, nil)) &*& From e8b8234416302c1c05dc8c811ffe4cada85711d5 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 29 Nov 2022 09:47:50 -0500 Subject: [PATCH 161/289] Renamed predicates to comply with naming conventions --- tasks.c | 42 +++++++++---------- .../verifast/proof/verifast_lock_predicates.h | 27 ++++++------ .../verifast/proof/verifast_port_contracts.h | 16 +++---- 3 files changed, 41 insertions(+), 44 deletions(-) diff --git a/tasks.c b/tasks.c index 95d77198368..c316079024e 100644 --- a/tasks.c +++ b/tasks.c @@ -902,9 +902,9 @@ static void prvYieldForTask( TCB_t * pxTCB, // interrupts are disabled and locks acquired interruptState_p(xCoreID, ?state) &*& interruptsDisabled_f(state) == true &*& - taskLockInv() &*& - isrLockInv() &*& - taskISRLockInv() + taskLockInv_p() &*& + isrLockInv_p() &*& + taskISRLockInv_p() &*& // opened predicate `coreLocalInterruptInv_p()` pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB) &*& @@ -919,9 +919,9 @@ static void prvYieldForTask( TCB_t * pxTCB, // interrupts are disabled and locks acquired interruptState_p(xCoreID, state) &*& interruptsDisabled_f(state) == true &*& - taskLockInv() &*& - isrLockInv() &*& - taskISRLockInv() + taskLockInv_p() &*& + isrLockInv_p() &*& + taskISRLockInv_p() &*& // opened predicate `coreLocalInterruptInv_p()` pointer(&pxCurrentTCBs[coreID_f], gCurrentTCB) &*& @@ -932,7 +932,7 @@ static void prvYieldForTask( TCB_t * pxTCB, prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack); @*/ { - //@ open taskISRLockInv(); + //@ open taskISRLockInv_p(); //@ assert( integer_((void*) &uxTopReadyPriority, sizeof(UBaseType_t), false, ?gTopReadyPriority) ); //@ assert( gTopReadyPriority == uxTopReadyPriority); UBaseType_t uxCurrentPriority = uxTopReadyPriority; @@ -945,7 +945,7 @@ static void prvYieldForTask( TCB_t * pxTCB, #if ( ( configRUN_MULTIPLE_PRIORITIES == 0 ) && ( configNUM_CORES > 1 ) ) BaseType_t xPriorityDropped = pdFALSE; #endif - //@ close taskISRLockInv(); + //@ close taskISRLockInv_p(); while( xTaskScheduled == pdFALSE ) /*@ invariant @@ -955,9 +955,9 @@ static void prvYieldForTask( TCB_t * pxTCB, // interrupts are disabled and locks acquired interruptState_p(xCoreID, state) &*& interruptsDisabled_f(state) == true &*& - taskLockInv() &*& - isrLockInv() &*& - taskISRLockInv() + taskLockInv_p() &*& + isrLockInv_p() &*& + taskISRLockInv_p() &*& // opened predicate `coreLocalInterruptInv_p()` pointer(&pxCurrentTCBs[coreID_f], gCurrentTCB) &*& @@ -986,7 +986,7 @@ static void prvYieldForTask( TCB_t * pxTCB, } #endif - //@ open taskISRLockInv(); + //@ open taskISRLockInv_p(); //@ open readyLists_p(?gCellLists); //@ List_array_p_index_within_limits(&pxReadyTasksLists, uxCurrentPriority); //@ List_array_split(pxReadyTasksLists, uxCurrentPriority); @@ -4281,9 +4281,9 @@ void vTaskSwitchContext( BaseType_t xCoreID ) xCoreID == coreID_f() &*& // access to locks and disabled interrupts - locked(nil) &*& - [?f_ISR]isrLock() &*& - [?f_task]taskLock() &*& + locked_p(nil) &*& + [?f_ISR]isrLock_p() &*& + [?f_task]taskLock_p() &*& interruptState_p(xCoreID, ?state) &*& interruptsDisabled_f(state) == true &*& @@ -4297,9 +4297,9 @@ void vTaskSwitchContext( BaseType_t xCoreID ) @*/ /*@ ensures // all locks are released and interrupts remain disabled - locked(nil) &*& - [f_ISR]isrLock() &*& - [f_task]taskLock() &*& + locked_p(nil) &*& + [f_ISR]isrLock_p() &*& + [f_task]taskLock_p() &*& interruptState_p(xCoreID, state) &*& // opened predicate `coreLocalInterruptInv_p()` @@ -4347,13 +4347,13 @@ void vTaskSwitchContext( BaseType_t xCoreID ) configASSERT( pxCurrentTCB->uxCriticalNesting == 0 ); #endif /* VERIFAST */ - //@ open taskISRLockInv(); + //@ open taskISRLockInv_p(); if( uxSchedulerSuspended != ( UBaseType_t ) pdFALSE ) { /* The scheduler is currently suspended - do not allow a context * switch. */ xYieldPendings[ xCoreID ] = pdTRUE; - //@ close taskISRLockInv(); + //@ close taskISRLockInv_p(); } else { @@ -4400,7 +4400,7 @@ void vTaskSwitchContext( BaseType_t xCoreID ) /* Select a new task to run using either the generic C or port * optimised asm code. */ - //@ close taskISRLockInv(); + //@ close taskISRLockInv_p(); ( void ) prvSelectHighestPriorityTask( xCoreID ); traceTASK_SWITCHED_IN(); diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/verification/verifast/proof/verifast_lock_predicates.h index 0bcc05bd344..640a4e07ffb 100644 --- a/verification/verifast/proof/verifast_lock_predicates.h +++ b/verification/verifast/proof/verifast_lock_predicates.h @@ -32,9 +32,6 @@ predicate coreLocalInterruptInv_p() = //pubTCB_p(currentTCB, 0) &*& integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) &*& coreLocalSeg_TCB_p(currentTCB, ?gCriticalNesting); - - -predicate coreLocalLocked(uint32_t coreID); @*/ @@ -43,7 +40,7 @@ predicate coreLocalLocked(uint32_t coreID); */ /*@ -predicate locked(list< pair > lockHistory); +predicate locked_p(list< pair > lockHistory); @*/ @@ -56,11 +53,11 @@ predicate locked(list< pair > lockHistory); fixpoint int taskLockID_f(); // Represents an acquired task lock. -predicate taskLock(); +predicate taskLock_p(); // Represents the invariant associated with the the task lock, i.e., // access permissions to the resources protected by the lock. -predicate taskLockInv(); +predicate taskLockInv_p(); @*/ /* ---------------------------------------------------------------------- @@ -71,11 +68,11 @@ predicate taskLockInv(); fixpoint int isrLockID_f(); // Represents an unacquired ISR lock. -predicate isrLock(); +predicate isrLock_p(); // Represents the invariant associated with the the ISR lock, i.e., // access permissions to the resources protected by the lock. -predicate isrLockInv(); +predicate isrLockInv_p(); @*/ @@ -87,7 +84,7 @@ predicate isrLockInv(); /*@ fixpoint int taskISRLockID_f(); -predicate taskISRLockInv() = +predicate taskISRLockInv_p() = integer_((void*) &uxSchedulerSuspended, sizeof(UBaseType_t), false, _) &*& integer_(&xSchedulerRunning, sizeof(BaseType_t), true, _) &*& @@ -101,18 +98,18 @@ predicate taskISRLockInv() = lemma void produce_taskISRLockInv(); -requires locked(?heldLocks) &*& +requires locked_p(?heldLocks) &*& heldLocks == cons(?i, cons(?t, nil)) &*& i == pair(?f_isr, isrLockID_f()) &*& t == pair(?f_task, taskLockID_f()); -ensures locked( cons( pair(_, taskISRLockID_f()), heldLocks) ) &*& - taskISRLockInv(); +ensures locked_p( cons( pair(_, taskISRLockID_f()), heldLocks) ) &*& + taskISRLockInv_p(); lemma void consume_taskISRLockInv(); -requires locked( cons( pair(_, taskISRLockID_f()), ?otherLocks) ) &*& - taskISRLockInv(); -ensures locked(otherLocks); +requires locked_p( cons( pair(_, taskISRLockID_f()), ?otherLocks) ) &*& + taskISRLockInv_p(); +ensures locked_p(otherLocks); @*/ diff --git a/verification/verifast/proof/verifast_port_contracts.h b/verification/verifast/proof/verifast_port_contracts.h index 77c645b962b..620e82b75e2 100644 --- a/verification/verifast/proof/verifast_port_contracts.h +++ b/verification/verifast/proof/verifast_port_contracts.h @@ -54,26 +54,26 @@ void VF__portRESTORE_INTERRUPTS(uint32_t ulState); #undef portGET_TASK_LOCK #define portGET_TASK_LOCK VF__portGET_TASK_LOCK void VF__portGET_TASK_LOCK(); -//@ requires [?f]taskLock() &*& locked(nil); -//@ ensures taskLockInv() &*& locked( cons( pair(f, taskLockID_f()), nil) ); +//@ requires [?f]taskLock_p() &*& locked_p(nil); +//@ ensures taskLockInv_p() &*& locked_p( cons( pair(f, taskLockID_f()), nil) ); #undef portRELEASE_TASK_LOCK #define portRELEASE_TASK_LOCK VF__portRELEASE_TASK_LOCK void VF__portRELEASE_TASK_LOCK(); -//@ requires taskLockInv() &*& locked( cons( pair(?f, taskLockID_f()), nil) ); -//@ ensures [f]taskLock() &*& locked(nil); +//@ requires taskLockInv_p() &*& locked_p( cons( pair(?f, taskLockID_f()), nil) ); +//@ ensures [f]taskLock_p() &*& locked_p(nil); #undef portGET_ISR_LOCK #define portGET_ISR_LOCK VF__portGET_ISR_LOCK void VF__portGET_ISR_LOCK(); -//@ requires [?f]isrLock() &*& locked(?heldLocks); -//@ ensures isrLockInv() &*& locked( cons( pair(f, isrLockID_f()), heldLocks) ); +//@ requires [?f]isrLock_p() &*& locked_p(?heldLocks); +//@ ensures isrLockInv_p() &*& locked_p( cons( pair(f, isrLockID_f()), heldLocks) ); #undef portRELEASE_ISR_LOCK #define portRELEASE_ISR_LOCK VF__portRELEASE_ISR_LOCK void VF__portRELEASE_ISR_LOCK(); -//@ requires isrLockInv() &*& locked( cons( pair(?f, isrLockID_f()), ?heldLocks) ); -//@ ensures [f]isrLock() &*& locked(heldLocks); +//@ requires isrLockInv_p() &*& locked_p( cons( pair(?f, isrLockID_f()), ?heldLocks) ); +//@ ensures [f]isrLock_p() &*& locked_p(heldLocks); #endif /* VERIFAST_PORT_CONTRACTS_H */ \ No newline at end of file From 22dc5c1287ffe37ce4ebe44ca9935c0f2b354672 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 29 Nov 2022 13:53:53 -0500 Subject: [PATCH 162/289] Added proof idea and TODOs. Need to refactor single-core list predicates. --- tasks.c | 11 ++++- .../verifast/proof/ready_list_predicates.h | 15 ++++--- .../verifast/proof/verifast_lock_predicates.h | 45 +++++++++++++++++-- 3 files changed, 61 insertions(+), 10 deletions(-) diff --git a/tasks.c b/tasks.c index c316079024e..3a35acd28d9 100644 --- a/tasks.c +++ b/tasks.c @@ -1033,10 +1033,15 @@ static void prvYieldForTask( TCB_t * pxTCB, * must not be decremented any further */ xDecrementTopPriority = pdFALSE; + //@ mem_nth(uxCurrentPriority, gCellLists); + //@ assert( mem(gCells, gCellLists) == true); + //@ open_collection_of_sharedSeg_TCB(gCellLists, gCells); + do /*@ invariant mem(pxTaskItem, gCells) == true &*& - xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals); + xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals) &*& + foreach(gCells, sharedSeg_TCB_of_itemOwner); @*/ { TCB_t * pxTCB; @@ -1072,6 +1077,10 @@ static void prvYieldForTask( TCB_t * pxTCB, //@ close xLIST_ITEM(gTaskItem_3, _, _, _, gReadyList); //@ DLS_close_2(gTaskItem_3, gCells, gVals); + // Get access to sharedSeg_TCB_p(pxTCB). + //@ foreach_remove(gTaskItem_3, gCells); + //@ open sharedSeg_TCB_of_itemOwner(gTaskItem_3); + /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */ diff --git a/verification/verifast/proof/ready_list_predicates.h b/verification/verifast/proof/ready_list_predicates.h index bd3eca7d1d4..d058465cc9f 100644 --- a/verification/verifast/proof/ready_list_predicates.h +++ b/verification/verifast/proof/ready_list_predicates.h @@ -3,7 +3,15 @@ #include "single_core_proofs/scp_list_predicates.h" + /*@ +// TODO: We know that the list of priority 0 is never empty. +// It contains the idle task and nothing else. +predicate readyLists_p(list > gCellLists) = + configMAX_PRIORITIES == length(gCellLists) &*& + List_array_p(&pxReadyTasksLists, configMAX_PRIORITIES, gCellLists); + + predicate List_array_p(List_t* array, int size, list > cellLists) = size >= 0 &*& @@ -74,12 +82,7 @@ ensures @*/ -/*@ -// TODO: We know that the list of priority 0 is never empty. -// It contains the idle task and nothing else. -predicate readyLists_p(list > gCellLists) = - List_array_p(&pxReadyTasksLists, configMAX_PRIORITIES, gCellLists); -@*/ + /*@ diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/verification/verifast/proof/verifast_lock_predicates.h index 640a4e07ffb..e949d161dbb 100644 --- a/verification/verifast/proof/verifast_lock_predicates.h +++ b/verification/verifast/proof/verifast_lock_predicates.h @@ -92,9 +92,11 @@ predicate taskISRLockInv_p() = integer_((void*) &uxTopReadyPriority, sizeof(UBaseType_t), false, ?gTopReadyPriority) &*& 0 <= gTopReadyPriority &*& gTopReadyPriority < configMAX_PRIORITIES &*& - readyLists_p(?gCellLists) &*& - true; - + readyLists_p(?gCellLists) + &*& + // ∀gCells ∈ gCellLists. ∀item ∈ gCells. sharedSeg_TCB_p(item->pvOwner) + //foreach(gCellLists, foreach_sharedSeg_TCB_of_itemOwner); + collection_of_sharedSeg_TCB_p(gCellLists); lemma void produce_taskISRLockInv(); @@ -110,6 +112,43 @@ lemma void consume_taskISRLockInv(); requires locked_p( cons( pair(_, taskISRLockID_f()), ?otherLocks) ) &*& taskISRLockInv_p(); ensures locked_p(otherLocks); + + + +// ∀items ∈ itemLists. ∀it ∈ items. sharedSeg_TCB_p(it->pvOwner) +predicate collection_of_sharedSeg_TCB_p(list > itemLists) = + foreach(itemLists, foreach_sharedSeg_TCB_of_itemOwner); + +// Auxiliary prediactes to express nested quantification +// ∀gCells ∈ gCellLists. ∀item ∈ gCells. sharedSeg_TCB_p(item->pvOwner) +// TODO: Can we refactor this to make easier to understand? + + // We cannot acces `item->pvOwner` without the necessary points-to chunk. + // TODO: Expose list of owners in ITEM and DLS predicates. + + predicate sharedSeg_TCB_of_itemOwner(struct xLIST_ITEM* item) = + sharedSeg_TCB_p(item->pvOwner); + + predicate foreach_sharedSeg_TCB_of_itemOwner(list items) = + foreach(items, sharedSeg_TCB_of_itemOwner); + + +lemma void open_collection_of_sharedSeg_TCB(list > itemLists, + list items) +requires + collection_of_sharedSeg_TCB_p(itemLists) &*& + mem(items, itemLists) == true; +ensures + collection_of_sharedSeg_TCB_p(remove(items, itemLists)) &*& + foreach(items, sharedSeg_TCB_of_itemOwner); +{ + open collection_of_sharedSeg_TCB_p(itemLists); + foreach_remove(items, itemLists); + open foreach_sharedSeg_TCB_of_itemOwner(items); + close collection_of_sharedSeg_TCB_p(remove(items, itemLists)); +} + +// TODO: Add closing lemma @*/ From 70f10417789084ebe8b45acadc5546fe747dd6d6 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 29 Nov 2022 15:55:27 -0500 Subject: [PATCH 163/289] Added documentation. --- verification/verifast/README.md | 76 +++++++++++++ verification/verifast/proof/README.md | 158 ++++++++++++++++++++++++++ 2 files changed, 234 insertions(+) create mode 100644 verification/verifast/README.md create mode 100644 verification/verifast/proof/README.md diff --git a/verification/verifast/README.md b/verification/verifast/README.md new file mode 100644 index 00000000000..d9e1768b47a --- /dev/null +++ b/verification/verifast/README.md @@ -0,0 +1,76 @@ +# FreeROTS VeriFast Proofs +This directory contains an unbounded proof memory safety and thread safety proof +for the core of the task scheduler: `vTaskSwitchContext` +The proof ensures that no call to `vTaskSwitchContext` that complies with the +specified precondition results in unsafe memory accesses. It also ensures that +concurrent instances of `vTaskSwitchContext` running on diffierent cores are +mutually thread safe. + + +# Proof Directory Structure + +``` +FreeRTOS-Kernel +│ +│ +│ +├── tasks.c files +│ The base directory contains the source files, in particular `tasks.c`. +│ `tasks.c` has been annotated with the VeriFast proof steps necessary to +│ prove memory safety and thread safety of `vTaskSwitchContext`. +│ The proof uses many specifications and lemmas residing in +│ `verification/verifast/proof_setup` and `verifcation/verifast/proofs`. +│ +│ +├── include +│ Contains the header files. Some of the header files have been annotated with +│ VeriFast contracts and proofs. +│ +│ +├── portable +│ └── Thirdparty +│ └── GCC +│ └── RP2040 +│ Contains the Raspberry Pi Pico setup. +│ +│ +└── verification + └── verifast + ├── custom_build_scripts_RP2040 + │ Contains scripts to preprocess and rewrite the source code. + │ + ├── demos + │ Contains the FreeRTOS SMP demo. Our proofs use some of its + │ configuartion files. + │ + ├── proof + │ Contains the VeriFast proof files. + │ │ + │ ├── *.h files + │ │ Headers containing VeriFast formalizations and proofs. + │ │ + │ ├── README.md + │ │ Contains more details about the proof. + │ │ + │ ├── single_core_proofs + │ │ Contains the old list formalization and proofs written by + │ │ Aalok Thakkar and Nathan Chong in 2020 for the single-core + │ │ setup. + │ │ + │ └── single_core_proofs_extended + │ Contains new proofs extending the single-core list + │ formalization. + │ + ├── proof_setup + │ Contains config files for the proof. The proof assumes a setup for + │ RP2040. + │ + └── sdks + Contains SDKs referenced by the proof setup. + Some files are annotated with VeriFast contracts. +``` + + + +# Proof Setup +The VeriFast proofs assume a setup for the Raspberry Pi Pico, i.e., RP2040. \ No newline at end of file diff --git a/verification/verifast/proof/README.md b/verification/verifast/proof/README.md new file mode 100644 index 00000000000..00dfdeccd91 --- /dev/null +++ b/verification/verifast/proof/README.md @@ -0,0 +1,158 @@ +This directory contains the bulk of VeriFast formalizations and proofs. + + + + + +# Directory Structure +``` +├── *.h files +│ Headers containing VeriFast formalizations and proofs. +│ +├── README.md +│ Contains more details about the proof. +│ +├── single_core_proofs +│ Contains the old list formalization and proofs written by +│ Aalok Thakkar and Nathan Chong in 2020 for the single-core +│ setup. +│ │ +│ ├── scp_common.h +│ │ Contains auxiliary definitions and lemmas. +│ │ +│ └── scp_list_predicates.h +│ Contains the formalizaton of doubly linked lists and list items. +│ +└── single_core_proofs_extended + Contains new proofs extending the single-core list + formalization. +``` + + + + + +# Reusing the Single-Core List Formalization and Proofs +We reuse the list formalization and proofs written by Aalok Thakkar and Nathan +Chong in 2020. However, due to new challenges that arise in the code we verify, +we have to extend and adapt the existing formalization. +The single-core list formalization defines two main predicates: +- ``` + predicate xLIST_ITEM(struct xLIST_ITEM *n, + TickType_t xItemValue, + struct xLIST_ITEM *pxNext, + struct xLIST_ITEM *pxPrevious, + struct xLIST *pxContainer;) + ``` + Represents a list item of type `xLIST_ITEM`. The arguments have the following + semantics: + - `n`: A pointer to the node whose memory the predicate represents. + - `xItemValue`: The value stored in node `n`. + - `pxNext`: The node's "next" pointer, i.e., `n->pxNext`. + - `pxPrevious`: The node's "previous" pointer, i.e., `n->pxPrevious`. + - `pxContainer`: The doubly linked list containing this node. +- ``` + predicate DLS(struct xLIST_ITEM *n, + struct xLIST_ITEM *nprev, + struct xLIST_ITEM *mnext, + struct xLIST_ITEM *m, + list cells, + list vals, + struct xLIST *pxContainer) + ``` + Represents a non-empty doubly linked list segment. The semantics of the + arguments are as follows: + - `n`: The left-most node in the segment. + - `nPrev`: The left-most node's "previous" pointer, i.e., `n->pxPrevious`. + - `mNext`: The right-most node's "next" pointer, i.e., `m->pxNext`. + - `m`: The right-most node. + - `cells`: A VeriFast list storing pointers to all nodes the list contains. + - `vals`: A VeriFast list storing the list nodes' values. + - `pxContainer`: A pointer to list struct. + + The single-core formalization also uses `DLS` not just to represent list + segments but also to express unsegmented cyclic linked lists. In FreeRTOS + lists start with a sentinel, called "end". Using the `DLS` predicate, a + cyclic list has the form: + `DLS(end, endPrev, end, endPrev, cells, vals, list)` + + + + + +# Iterating through a DLS + +We verify `vTaskSwitchContext` which internally calls +`prvSelectHighestPriorityTask` to select the task that will be scheduled next. +The function `prvSelectHighestPriorityTask` iterates through the ready lists. +Hence, reasoning about it requires us to reason about iteration through memory +described as a DLS predicate instance. Consider the following scenario: +We have a DLS predicate representing our cyclic ready list and a task item +pointer `pxTaskItem` which points to an element of this list. + +- `DLS(end, endPrev, end, endPrev, cells, vals, readyList)` +- `mem(pxTaskItem, cells) == true` + +Suppose we want to move the task pointer forward + +- `pxTaskItem2 = pxTaskItem->pxNext` + +In order to verify this line we have to do two things: + +1. Justify the heap access to `pxTaskItem->pxNext` +2. Prove that `pxTaskItem2` points to an element of the list. This is + necessary to reason about any code that uses `pxTaskItem2`. + +We can do this by opening the recursive predicate at the nodes for `pxTaskItem` +and `pxTaskItem->next`, for which we can reuse the existing list proof lemmas. +When the right parts of the predicate are exposed, we can prove (1) and (2). +Afterwards, we have to close the predicate again. + + + + + +# Issue 1: DLS iteration proofs are hard because of many case splits + +Proving (1) and (2) forces us to consider many different cases, which leads to +complicated proofs. +The position of `pxTaskItem` in the list determines how we should open the `DLS` +(either by using the existing `split` lemma or with VeriFast’s `open` command) +and also how we have to close it at the end of the proof. +Accessing `pxTaskItem->pxNext` introduces more case splits that complicate the +proof. +Again, closing the predicate has to account for all the introduced cases. + +Note that proofs for forward iteration cannot be reused for backwards iteration +but requires separate proofs. + + + + + +# Issue 2: Checking DLS iteration proofs has bad performance + +As explained above, reasoning about about a single statement that moves the item pointer forward or backward introduces many case splits. `prvSelectHighestPriorityTask` contains multiple statements that manipulate the item pointer. From VeriFast’s perspective, each consecutive proof of such an iteration statement splits up the proof tree further. This is the case even though this part of the code we reason about is linear. + +Introducing lemmas for opening and closing shortens the consecutive iteration proofs significantly, but does not eliminate the case splits. The reason for this is that the `DLS` predicate cannot express empty segments and depending of the current proof path, the number of predicate on the symbolic heap after opening the `DLS` changes. + +Hence, we cannot unify the proof state representation of the proof state as long as we stick to the `DLS` predicate. Instead the opening lemma’s postcondition and the closing lemma’s precondition must reflect the case split. Consequently, applying the lemmas in a proof introduces the case splits anyway and consecutive iteration statements/ lemma applications increase the number of proof paths exponentially. VeriFast requires ~20 min to reason about 4 iteration statements. + + + + + +# Solution: Introduce new representation for opened DLS + + +The only way to eliminate the case splits in `prvSelectHighestPriorityTask` is to unify the proof state of an opened `DLS` accross all proof paths. We introduce two new predicates that express potentially empty prefixes and suffixes of opened cyclic `DLS`. With that, we can formalize an opened list in a unified way as + +- `DLS_prefix(....) &*& xLIST_ITEM(pxTaskItem, ...) &*& DLS_suffix(...)` + +Additionally, we write opening and closing lemmas that transform the a DLS predicate instance into our new representation and back. The proof state we get after opening the list does not force VeriFast to consider any case splits. + +Eliminating these case splits reduces verification time from ~20min to ~1min 10s. + +The old opening and closing lemmas required Z3, because they required heavier reasoning about applications of `list` fixpoint functions and the shape of the inductive `list` datatype. VeriFast offers limited capabilities to reason about fixpoint functions (apart from axiomatizing) and the standard SMT solver often has problems reasoning about the shape of results, e.g., assertions of the form `drop(i, vals) == cons(_, _)`. The new lemma proofs don’t require Z3. Hence, we can switch back to VeriFast’s standard SMT solver. This reduces verification time further to an instant. + +Note that the lemmas still have to consider every possible case internally. That is, the opening and closing lemmas remain complicated. From e800ebd293817a7ed7128ea30ad0e8ee64dce50e Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 30 Nov 2022 09:44:25 -0500 Subject: [PATCH 164/289] Exposed node owners in all predicates related to nodes. Adapted proofs to new predicates. Changed predicates: - `xLIST_ITEM` - `DLS` - `xLIST` - `readyLists_p` - `List_array_p` --- tasks.c | 57 +- .../verifast/proof/ready_list_predicates.h | 78 +- .../single_core_proofs/scp_list_predicates.h | 727 ++++++++++++------ .../scp_list_predicates_extended.h | 197 +++-- verification/verifast/proof/task_predicates.h | 8 +- .../verifast/proof/verifast_lock_predicates.h | 5 +- 6 files changed, 708 insertions(+), 364 deletions(-) diff --git a/tasks.c b/tasks.c index 3a35acd28d9..fd6f74a940c 100644 --- a/tasks.c +++ b/tasks.c @@ -987,47 +987,47 @@ static void prvYieldForTask( TCB_t * pxTCB, #endif //@ open taskISRLockInv_p(); - //@ open readyLists_p(?gCellLists); + //@ open readyLists_p(?gCellLists, ?gOwnerLists); //@ List_array_p_index_within_limits(&pxReadyTasksLists, uxCurrentPriority); //@ List_array_split(pxReadyTasksLists, uxCurrentPriority); //@ List_t* gReadyList = &pxReadyTasksLists[uxCurrentPriority]; - //@ assert( xLIST(gReadyList, ?gSize, ?gIndex, ?gEnd, ?gCells, ?gVals) ); + //@ assert( xLIST(gReadyList, ?gSize, ?gIndex, ?gEnd, ?gCells, ?gVals, ?gOwners) ); - //@ open xLIST(gReadyList, _, _, _, _, _); + //@ open xLIST(gReadyList, _, _, _, _, _, _); if( listLIST_IS_EMPTY( &( pxReadyTasksLists[ uxCurrentPriority ] ) ) == pdFALSE ) { List_t * const pxReadyList = &( pxReadyTasksLists[ uxCurrentPriority ] ); //@ assert( pxReadyList->pxIndex |-> gIndex ); /*@ assert( DLS(gEnd, ?gEndPrev, gEnd, gEndPrev, - gCells, gVals, gReadyList) ); + gCells, gVals, gOwners, gReadyList) ); @*/ //@ DLS_open_2(pxReadyList->pxIndex); - //@ assert( xLIST_ITEM(gIndex, _, ?gIndexNext, ?gIndexPrev, gReadyList) ); + //@ assert( xLIST_ITEM(gIndex, _, ?gIndexNext, ?gIndexPrev, _, gReadyList) ); ListItem_t * pxLastTaskItem = pxReadyList->pxIndex->pxPrevious; ListItem_t * pxTaskItem = pxLastTaskItem; - //@ close xLIST_ITEM(gIndex, _, gIndexNext, gIndexPrev, gReadyList); - //@ DLS_close_2(pxReadyList->pxIndex, gCells, gVals); + //@ close xLIST_ITEM(gIndex, _, gIndexNext, gIndexPrev, _, gReadyList); + //@ DLS_close_2(pxReadyList->pxIndex, gCells, gVals, gOwners); //@ assert( mem(pxTaskItem, gCells) == true); - //@ open DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gReadyList); - //@ assert( xLIST_ITEM(&pxReadyList->xListEnd, _, _, _, gReadyList) ); - //@ open xLIST_ITEM(&pxReadyList->xListEnd, _, _, _, gReadyList); + //@ open DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gOwners, gReadyList); + //@ assert( xLIST_ITEM(&pxReadyList->xListEnd, _, _, _, _, gReadyList) ); + //@ open xLIST_ITEM(&pxReadyList->xListEnd, _, _, _, _, gReadyList); // opening required to prove validity of `&( pxReadyList->xListEnd )` ///@ assert( pointer_within_limits( &pxReadyList->xListEnd ) == true ); - //@ close xLIST_ITEM(&pxReadyList->xListEnd, _, _, _, gReadyList); + //@ close xLIST_ITEM(&pxReadyList->xListEnd, _, _, _, _, gReadyList); if( ( void * ) pxLastTaskItem == ( void * ) &( pxReadyList->xListEnd ) ) { //@ assert( gVals == cons(?gV, ?gRest) ); - //@ assert( xLIST_ITEM(?gOldLastTaskItem, gV, ?gO, gEndPrev, gReadyList) ); + //@ assert( xLIST_ITEM(?gOldLastTaskItem, gV, ?gO, gEndPrev, _, gReadyList) ); pxLastTaskItem = pxLastTaskItem->pxPrevious; - //@ close xLIST_ITEM(gOldLastTaskItem, gV, gO, gEndPrev, gReadyList); + //@ close xLIST_ITEM(gOldLastTaskItem, gV, gO, gEndPrev, _, gReadyList); } - //@ close DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gReadyList); - //@ close xLIST(gReadyList, _, gIndex, gEnd, gCells, gVals); + //@ close DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gOwners, gReadyList); + //@ close xLIST(gReadyList, _, gIndex, gEnd, gCells, gVals, gOwners); /* The ready task list for uxCurrentPriority is not empty, so uxTopReadyPriority * must not be decremented any further */ @@ -1035,19 +1035,20 @@ static void prvYieldForTask( TCB_t * pxTCB, //@ mem_nth(uxCurrentPriority, gCellLists); //@ assert( mem(gCells, gCellLists) == true); - //@ open_collection_of_sharedSeg_TCB(gCellLists, gCells); +// //@ open_collection_of_sharedSeg_TCB(gCellLists, gCells); do /*@ invariant mem(pxTaskItem, gCells) == true &*& - xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals) &*& - foreach(gCells, sharedSeg_TCB_of_itemOwner); + xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners) &*& +// foreach(gCells, sharedSeg_TCB_of_itemOwner); + true; @*/ { TCB_t * pxTCB; - //@ open xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals); - //@ assert( DLS(gEnd, ?gEndPrev2, gEnd, gEndPrev2, gCells, gVals, gReadyList) ); + //@ open xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners); + //@ assert( DLS(gEnd, ?gEndPrev2, gEnd, gEndPrev2, gCells, gVals, gOwners, gReadyList) ); // Building an SSA for important variables helps us to // refer to the right instances. @@ -1057,8 +1058,8 @@ static void prvYieldForTask( TCB_t * pxTCB, pxTaskItem = pxTaskItem->pxNext; //@ struct xLIST_ITEM* gTaskItem_1 = pxTaskItem; - //@ close xLIST_ITEM(gTaskItem_0, _, _, _, gReadyList); - //@ DLS_close_2(gTaskItem_0, gCells, gVals); + //@ close xLIST_ITEM(gTaskItem_0, _, _, _, _, gReadyList); + //@ DLS_close_2(gTaskItem_0, gCells, gVals, gOwners); if( ( void * ) pxTaskItem == ( void * ) &( pxReadyList->xListEnd ) ) { @@ -1066,20 +1067,20 @@ static void prvYieldForTask( TCB_t * pxTCB, pxTaskItem = pxTaskItem->pxNext; //@ struct xLIST_ITEM* gTaskItem_2 = pxTaskItem; - //@ close xLIST_ITEM(gTaskItem_1, _, _, _, gReadyList); - //@ DLS_close_2(gTaskItem_1, gCells, gVals); + //@ close xLIST_ITEM(gTaskItem_1, _, _, _, _, gReadyList); + //@ DLS_close_2(gTaskItem_1, gCells, gVals, gOwners); } //@ struct xLIST_ITEM* gTaskItem_3 = pxTaskItem; //@ DLS_open_2(gTaskItem_3); pxTCB = pxTaskItem->pvOwner; - //@ close xLIST_ITEM(gTaskItem_3, _, _, _, gReadyList); - //@ DLS_close_2(gTaskItem_3, gCells, gVals); + //@ close xLIST_ITEM(gTaskItem_3, _, _, _, _, gReadyList); + //@ DLS_close_2(gTaskItem_3, gCells, gVals, gOwners); // Get access to sharedSeg_TCB_p(pxTCB). - //@ foreach_remove(gTaskItem_3, gCells); - //@ open sharedSeg_TCB_of_itemOwner(gTaskItem_3); +// //@ foreach_remove(gTaskItem_3, gCells); +// //@ open sharedSeg_TCB_of_itemOwner(gTaskItem_3); /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */ diff --git a/verification/verifast/proof/ready_list_predicates.h b/verification/verifast/proof/ready_list_predicates.h index d058465cc9f..8a0da795a8f 100644 --- a/verification/verifast/proof/ready_list_predicates.h +++ b/verification/verifast/proof/ready_list_predicates.h @@ -7,69 +7,86 @@ /*@ // TODO: We know that the list of priority 0 is never empty. // It contains the idle task and nothing else. -predicate readyLists_p(list > gCellLists) = +predicate readyLists_p(list > gCellLists, + list > gOwnerLists) = configMAX_PRIORITIES == length(gCellLists) &*& - List_array_p(&pxReadyTasksLists, configMAX_PRIORITIES, gCellLists); + List_array_p(&pxReadyTasksLists, configMAX_PRIORITIES, + gCellLists, gOwnerLists); predicate List_array_p(List_t* array, int size, - list > cellLists) = + list > cellLists, + list > ownerLists) = size >= 0 &*& length(cellLists) == size &*& + length(ownerLists) == length(cellLists) &*& size > 0 ? ( - cellLists == cons(?gCells, ?gTailcellLists) &*& + cellLists == cons(?gCells, ?gTailCellLists) &*& + ownerLists == cons(?gOwners, ?gTailOwnerLists) &*& pointer_within_limits(array) == true &*& - xLIST(array, ?gNumberOfItems, ?gIndex, ?gListEnd, gCells, ?gVals) + xLIST(array, ?gNumberOfItems, ?gIndex, ?gListEnd, gCells, ?gVals, + gOwners) &*& - List_array_p(array + 1, size - 1, gTailcellLists) + List_array_p(array + 1, size - 1, gTailCellLists, gTailOwnerLists) ) - : cellLists == nil; + : ( + cellLists == nil &*& + ownerLists == nil + ); lemma void List_array_size_positive(List_t* pxArray) -requires List_array_p(pxArray, ?gSize, ?gCellLists); -ensures List_array_p(pxArray, gSize, gCellLists) &*& - gSize >= 0 &*& gSize == length(gCellLists); +requires List_array_p(pxArray, ?gSize, ?gCellLists, ?gOwnerLists); +ensures + List_array_p(pxArray, gSize, gCellLists, gOwnerLists) &*& + gSize >= 0 &*& + gSize == length(gCellLists) &*& + length(gCellLists) == length(gOwnerLists); { - open List_array_p(pxArray, gSize, gCellLists); - close List_array_p(pxArray, gSize, gCellLists); + open List_array_p(pxArray, gSize, gCellLists, gOwnerLists); + close List_array_p(pxArray, gSize, gCellLists, gOwnerLists); } lemma void List_array_split(List_t* array, int index) requires - List_array_p(array, ?gSize, ?gCellLists) &*& + List_array_p(array, ?gSize, ?gCellLists, ?gOwnerLists) &*& 0 <= index &*& index < gSize; ensures - List_array_p(array, index, ?gPrefCellLists) &*& + List_array_p(array, index, ?gPrefCellLists, ?gPrefOwnerLists) &*& gPrefCellLists == take(index, gCellLists) &*& + gPrefOwnerLists == take(index, gOwnerLists) &*& pointer_within_limits(array) == true &*& - xLIST(array + index, _, _, _, ?gCells, ?vals) &*& + xLIST(array + index, _, _, _, ?gCells, ?gVals, ?gOwners) &*& gCells == nth(index, gCellLists) &*& - List_array_p(array + index + 1, gSize-index-1, ?gSufCellLists) &*& - gSufCellLists == drop(index+1, gCellLists); + gOwners == nth(index, gOwnerLists) &*& + List_array_p(array + index + 1, gSize-index-1, ?gSufCellLists, ?gSufOwnerLists) &*& + gSufCellLists == drop(index+1, gCellLists) &*& + gSufOwnerLists == drop(index+1, gOwnerLists); { - open List_array_p(array, gSize, gCellLists); + open List_array_p(array, gSize, gCellLists, gOwnerLists); if( index > 0 ) { List_array_split(array + 1, index - 1); } - close List_array_p(array, index, take(index, gCellLists)); + close List_array_p(array, index, take(index, gCellLists), take(index, gOwnerLists)); } lemma void List_array_join(List_t* array) requires - List_array_p(array, ?gPrefSize, ?gPrefCellLists) &*& - xLIST(array + gPrefSize, _, _, _, ?gCells, _) &*& + List_array_p(array, ?gPrefSize, ?gPrefCellLists, ?gPrefOwnerLists) &*& + xLIST(array + gPrefSize, _, _, _, ?gCells, _, ?gOwners) &*& pointer_within_limits(array + gPrefSize) == true &*& - List_array_p(array + gPrefSize + 1, ?gSufSize, ?gSufCellLists); + List_array_p(array + gPrefSize + 1, ?gSufSize, ?gSufCellLists, ?gSufOwnerLists); ensures - List_array_p(array, ?gSize, ?gCellLists) &*& + List_array_p(array, ?gSize, ?gCellLists, ?gOwnerLists) &*& gSize == length(gCellLists) &*& + length(gCellLists) == length(gOwnerLists) &*& gSize == gPrefSize + 1 + gSufSize &*& - gCellLists == append(gPrefCellLists, cons(gCells, gSufCellLists)); + gCellLists == append(gPrefCellLists, cons(gCells, gSufCellLists)) &*& + gOwnerLists == append(gPrefOwnerLists, cons(gOwners, gSufOwnerLists)); { - open List_array_p(array, gPrefSize, gPrefCellLists); + open List_array_p(array, gPrefSize, gPrefCellLists, gPrefOwnerLists); List_array_size_positive(array + gPrefSize + 1); if( gPrefSize > 0 ) { @@ -77,7 +94,8 @@ ensures } close List_array_p(array, gPrefSize + 1 + gSufSize, - append(gPrefCellLists, cons(gCells, gSufCellLists))); + append(gPrefCellLists, cons(gCells, gSufCellLists)), + append(gPrefOwnerLists, cons(gOwners, gSufOwnerLists))); } @*/ @@ -87,16 +105,16 @@ ensures /*@ lemma void List_array_p_index_within_limits(List_t* array, int index) -requires List_array_p(array, ?gSize, ?gCellListss) &*& +requires List_array_p(array, ?gSize, ?gCellLists, ?gOwnerLists) &*& 0 <= index &*& index < gSize; -ensures List_array_p(array, gSize, gCellListss) &*& +ensures List_array_p(array, gSize, gCellLists, gOwnerLists) &*& pointer_within_limits(&array[index]) == true; { - open List_array_p(array, gSize, gCellListss); + open List_array_p(array, gSize, gCellLists, gOwnerLists); if( index > 0) { List_array_p_index_within_limits(&array[1], index-1); } - close List_array_p(array, gSize, gCellListss); + close List_array_p(array, gSize, gCellLists, gOwnerLists); } @*/ diff --git a/verification/verifast/proof/single_core_proofs/scp_list_predicates.h b/verification/verifast/proof/single_core_proofs/scp_list_predicates.h index a839ee31483..9b8ac49dfb5 100644 --- a/verification/verifast/proof/single_core_proofs/scp_list_predicates.h +++ b/verification/verifast/proof/single_core_proofs/scp_list_predicates.h @@ -129,10 +129,12 @@ #endif /* VERIFAST_SINGLE_CORE */ #ifndef VERIFAST_SINGLE_CORE - /* Reason for deletion: - * Breaking change in VeriFast. VeriFast now ensures that no uninitialised - * values are read. `x |-> _` is interpreted as "uninitialised", - * `x |-> ?v` is interpreted as "initialised". + /* Reasons for rewrite: + * - Breaking change in VeriFast. VeriFast now ensures that no uninitialised + * values are read. `x |-> _` is interpreted as "uninitialised", + * `x |-> ?v` is interpreted as "initialised". + * - In order to verify the scheduler, we have to reason about each node's + * owner. Hence, the predicate has to expose it. */ /*@ predicate xLIST_ITEM( @@ -140,11 +142,12 @@ TickType_t xItemValue, struct xLIST_ITEM *pxNext, struct xLIST_ITEM *pxPrevious, + void* pxOwner, struct xLIST *pxContainer;) = n->xItemValue |-> xItemValue &*& n->pxNext |-> pxNext &*& n->pxPrevious |-> pxPrevious &*& - n->pvOwner |-> ?gOwner &*& + n->pvOwner |-> pxOwner &*& n->pxContainer |-> pxContainer; @*/ #else @@ -163,240 +166,522 @@ @*/ #endif /* VERIFAST_SINGLE_CORE */ -/* Ferreira et al. (STTT'14) doubly-linked list segment (DLS). */ -/*@ -predicate DLS( - struct xLIST_ITEM *n, - struct xLIST_ITEM *nprev, - struct xLIST_ITEM *mnext, - struct xLIST_ITEM *m, - list cells, - list vals, - struct xLIST *pxContainer) = - n == m - ? cells == cons(n, nil) &*& - vals == cons(?v, nil) &*& - xLIST_ITEM(n, v, mnext, nprev, pxContainer) - : cells == cons(n, ?cells0) &*& - vals == cons(?v, ?vals0) &*& - xLIST_ITEM(n, v, ?o, nprev, pxContainer) &*& DLS(o, n, mnext, m, cells0, vals0, pxContainer); - - -lemma void dls_star_item( - struct xLIST_ITEM *n, - struct xLIST_ITEM *m, - struct xLIST_ITEM *o) -requires DLS(n, ?nprev, ?mnext, m, ?cells, ?vals, ?l) &*& xLIST_ITEM(o, ?v, ?onext, ?oprev, ?l2); -ensures DLS(n, nprev, mnext, m, cells, vals, l) &*& xLIST_ITEM(o, v, onext, oprev, l2) &*& mem(o, cells) == false; -{ - open DLS(n, nprev, mnext, m, cells, vals, l); - if (n == m) { - assert xLIST_ITEM(n, _, _, _, _); - open xLIST_ITEM(n, _, _, _, _); - open xLIST_ITEM(o, _, _, _, _); - assert n != o; - close xLIST_ITEM(o, _, _, _, _); - close xLIST_ITEM(n, _, _, _, _); - close DLS(n, nprev, mnext, m, cells, vals, l); - } - else { - assert DLS(?nnext, n, mnext, m, tail(cells), tail(vals), l); - dls_star_item(nnext, m, o); - open xLIST_ITEM(n, _, _, _, _); - open xLIST_ITEM(o, _, _, _, _); - assert n != o; - close xLIST_ITEM(o, _, _, _, _); - close xLIST_ITEM(n, _, _, _, _); - close DLS(n, nprev, mnext, m, cells, vals, l); + + +#ifndef VERIFAST_SINGLE_CORE + /* Reason for rewrite: + * In order to verify the scheduler, we have to reason about each node's + * owner. Hence, the predicate has to expose it. + */ + + /* Ferreira et al. (STTT'14) doubly-linked list segment (DLS). */ + /*@ + predicate DLS( + struct xLIST_ITEM *n, + struct xLIST_ITEM *nprev, + struct xLIST_ITEM *mnext, + struct xLIST_ITEM *m, + list cells, + list vals, + list owners, + struct xLIST *pxContainer) = + n == m + ? cells == cons(n, nil) &*& + vals == cons(?v, nil) &*& + owners == cons(?ow, nil) &*& + xLIST_ITEM(n, v, mnext, nprev, ow, pxContainer) + : cells == cons(n, ?cells0) &*& + vals == cons(?v, ?vals0) &*& + owners == cons(?ow, ?owners0) &*& + xLIST_ITEM(n, v, ?o, nprev, ow, pxContainer) &*& DLS(o, n, mnext, m, cells0, vals0, owners0, pxContainer); + @*/ +#else + /* Ferreira et al. (STTT'14) doubly-linked list segment (DLS). */ + /*@ + predicate DLS( + struct xLIST_ITEM *n, + struct xLIST_ITEM *nprev, + struct xLIST_ITEM *mnext, + struct xLIST_ITEM *m, + list cells, + list vals, + struct xLIST *pxContainer) = + n == m + ? cells == cons(n, nil) &*& + vals == cons(?v, nil) &*& + xLIST_ITEM(n, v, mnext, nprev, pxContainer) + : cells == cons(n, ?cells0) &*& + vals == cons(?v, ?vals0) &*& + xLIST_ITEM(n, v, ?o, nprev, pxContainer) &*& DLS(o, n, mnext, m, cells0, vals0, pxContainer); + @*/ +#endif /* VERIFAST_SINGLE_CORE */ + + +#ifndef VERIFAST_SINGLE_CORE + /* Reason for rewrite: + * Predicates `xLIST_ITEM` and `DLS` have been extended to expose node + * owners. Proofs using these predicates must be adapted as well. + */ + + /*@ + lemma void dls_star_item( + struct xLIST_ITEM *n, + struct xLIST_ITEM *m, + struct xLIST_ITEM *o) + requires DLS(n, ?nprev, ?mnext, m, ?cells, ?vals, ?owners, ?l) &*& xLIST_ITEM(o, ?v, ?onext, ?oprev, ?ow, ?l2); + ensures DLS(n, nprev, mnext, m, cells, vals, owners, l) &*& xLIST_ITEM(o, v, onext, oprev, ow, l2) &*& mem(o, cells) == false; + { + open DLS(n, nprev, mnext, m, cells, vals, owners, l); + if (n == m) { + assert xLIST_ITEM(n, _, _, _, _, _); + open xLIST_ITEM(n, _, _, _, _, _); + open xLIST_ITEM(o, _, _, _, _, _); + assert n != o; + close xLIST_ITEM(o, _, _, _, _, _); + close xLIST_ITEM(n, _, _, _, _, _); + close DLS(n, nprev, mnext, m, cells, vals, owners, l); + } + else { + assert DLS(?nnext, n, mnext, m, tail(cells), tail(vals), tail(owners), l); + dls_star_item(nnext, m, o); + open xLIST_ITEM(n, _, _, _, _, _); + open xLIST_ITEM(o, _, _, _, _, _); + assert n != o; + close xLIST_ITEM(o, _, _, _, _, _); + close xLIST_ITEM(n, _, _, _, _, _); + close DLS(n, nprev, mnext, m, cells, vals, owners, l); + } } -} -lemma void dls_distinct( - struct xLIST_ITEM *n, - struct xLIST_ITEM *nprev, - struct xLIST_ITEM *mnext, - struct xLIST_ITEM *m, - list cells) -requires DLS(n, nprev, mnext, m, cells, ?vals, ?l); -ensures DLS(n, nprev, mnext, m, cells, vals, l) &*& distinct(cells) == true; -{ - if (n == m) { - open DLS(n, nprev, mnext, m, cells, vals, l); - close DLS(n, nprev, mnext, m, cells, vals, l); - } else { + lemma void dls_distinct( + struct xLIST_ITEM *n, + struct xLIST_ITEM *nprev, + struct xLIST_ITEM *mnext, + struct xLIST_ITEM *m, + list cells) + requires DLS(n, nprev, mnext, m, cells, ?vals, ?owners, ?l); + ensures DLS(n, nprev, mnext, m, cells, vals, owners, l) &*& distinct(cells) == true; + { + if (n == m) { + open DLS(n, nprev, mnext, m, cells, vals, owners, l); + close DLS(n, nprev, mnext, m, cells, vals, owners, l); + } else { + open DLS(n, nprev, mnext, m, cells, vals, owners, l); + assert DLS(?nnext, n, mnext, m, tail(cells), tail(vals), tail(owners), l); + dls_distinct(nnext, n, mnext, m, tail(cells)); + dls_star_item(nnext, m, n); + close DLS(n, nprev, mnext, m, cells, vals, owners, l); + } + } + @*/ +#else + /*@ + lemma void dls_star_item( + struct xLIST_ITEM *n, + struct xLIST_ITEM *m, + struct xLIST_ITEM *o) + requires DLS(n, ?nprev, ?mnext, m, ?cells, ?vals, ?l) &*& xLIST_ITEM(o, ?v, ?onext, ?oprev, ?l2); + ensures DLS(n, nprev, mnext, m, cells, vals, l) &*& xLIST_ITEM(o, v, onext, oprev, l2) &*& mem(o, cells) == false; + { open DLS(n, nprev, mnext, m, cells, vals, l); - assert DLS(?nnext, n, mnext, m, tail(cells), tail(vals), l); - dls_distinct(nnext, n, mnext, m, tail(cells)); - dls_star_item(nnext, m, n); - close DLS(n, nprev, mnext, m, cells, vals, l); + if (n == m) { + assert xLIST_ITEM(n, _, _, _, _); + open xLIST_ITEM(n, _, _, _, _); + open xLIST_ITEM(o, _, _, _, _); + assert n != o; + close xLIST_ITEM(o, _, _, _, _); + close xLIST_ITEM(n, _, _, _, _); + close DLS(n, nprev, mnext, m, cells, vals, l); + } + else { + assert DLS(?nnext, n, mnext, m, tail(cells), tail(vals), l); + dls_star_item(nnext, m, o); + open xLIST_ITEM(n, _, _, _, _); + open xLIST_ITEM(o, _, _, _, _); + assert n != o; + close xLIST_ITEM(o, _, _, _, _); + close xLIST_ITEM(n, _, _, _, _); + close DLS(n, nprev, mnext, m, cells, vals, l); + } } -} -predicate xLIST( - struct xLIST *l, - int uxNumberOfItems, - struct xLIST_ITEM *pxIndex, - struct xLIST_ITEM *xListEnd, - listcells, - listvals) = - l->uxNumberOfItems |-> uxNumberOfItems &*& - l->pxIndex |-> pxIndex &*& - mem(pxIndex, cells) == true &*& - xListEnd == &(l->xListEnd) &*& - xListEnd == head(cells) &*& - portMAX_DELAY == head(vals) &*& - struct_xLIST_ITEM_padding(&l->xListEnd) &*& - length(cells) == length(vals) &*& - uxNumberOfItems + 1 == length(cells) &*& - DLS(xListEnd, ?endprev, xListEnd, endprev, cells, vals, l); - -lemma void xLIST_distinct_cells(struct xLIST *l) -requires xLIST(l, ?n, ?idx, ?end, ?cells, ?vals); -ensures xLIST(l, n, idx, end, cells, vals) &*& distinct(cells) == true; -{ - open xLIST(l, n, idx, end, cells, vals); - assert DLS(end, ?endprev, end, _, cells, vals, l); - dls_distinct(end, endprev, end, endprev, cells); - close xLIST(l, n, idx, end, cells, vals); -} + lemma void dls_distinct( + struct xLIST_ITEM *n, + struct xLIST_ITEM *nprev, + struct xLIST_ITEM *mnext, + struct xLIST_ITEM *m, + list cells) + requires DLS(n, nprev, mnext, m, cells, ?vals, ?l); + ensures DLS(n, nprev, mnext, m, cells, vals, l) &*& distinct(cells) == true; + { + if (n == m) { + open DLS(n, nprev, mnext, m, cells, vals, l); + close DLS(n, nprev, mnext, m, cells, vals, l); + } else { + open DLS(n, nprev, mnext, m, cells, vals, l); + assert DLS(?nnext, n, mnext, m, tail(cells), tail(vals), l); + dls_distinct(nnext, n, mnext, m, tail(cells)); + dls_star_item(nnext, m, n); + close DLS(n, nprev, mnext, m, cells, vals, l); + } + } + @*/ +#endif /* VERIFAST_SINGLE_CORE */ -lemma void xLIST_star_item(struct xLIST *l, struct xLIST_ITEM *x) -requires xLIST(l, ?n, ?idx, ?end, ?cells, ?vals) &*& xLIST_ITEM(x, ?v, ?xnext, ?xprev, ?l2); -ensures xLIST(l, n, idx, end, cells, vals) &*& xLIST_ITEM(x, v, xnext, xprev, l2) &*& mem(x, cells) == false; -{ - open xLIST(l, n, idx, end, cells, vals); - assert DLS(end, ?endprev, end, _, cells, vals, l); - dls_distinct(end, endprev, end, endprev, cells); - dls_star_item(end, endprev, x); - close xLIST(l, n, idx, end, cells, vals); -} +#ifndef VERIFAST_SINGLE_CORE + /* Reason for rewrite: + * In order to verify the scheduler, we have to reason about each node's + * owner. Hence, the predicate has to expose it. + */ -lemma void dls_first_mem( - struct xLIST_ITEM *n, - struct xLIST_ITEM *nprev, - struct xLIST_ITEM *mnext, - struct xLIST_ITEM *m, - list cells) -requires DLS(n, nprev, mnext, m, cells, ?vals, ?l); -ensures DLS(n, nprev, mnext, m, cells, vals, l) &*& mem(n, cells) == true &*& index_of(n, cells) == 0; -{ - open DLS(n, nprev, mnext, m, cells, vals, l); - if (n == m) { - assert cells == cons(n, nil); - close DLS(n, nprev, mnext, m, cells, vals, l); - } else { - assert cells == cons(n, ?tail); - close DLS(n, nprev, mnext, m, cells, vals, l); + /*@ + predicate xLIST( + struct xLIST *l, + int uxNumberOfItems, + struct xLIST_ITEM *pxIndex, + struct xLIST_ITEM *xListEnd, + listcells, + listvals, + list owners) = + l->uxNumberOfItems |-> uxNumberOfItems &*& + l->pxIndex |-> pxIndex &*& + mem(pxIndex, cells) == true &*& + xListEnd == &(l->xListEnd) &*& + xListEnd == head(cells) &*& + portMAX_DELAY == head(vals) &*& + struct_xLIST_ITEM_padding(&l->xListEnd) &*& + length(cells) == length(vals) &*& + length(owners) == length(cells) &*& + uxNumberOfItems + 1 == length(cells) &*& + DLS(xListEnd, ?endprev, xListEnd, endprev, cells, vals, owners, l); + @*/ +#else + /*@ + predicate xLIST( + struct xLIST *l, + int uxNumberOfItems, + struct xLIST_ITEM *pxIndex, + struct xLIST_ITEM *xListEnd, + listcells, + listvals) = + l->uxNumberOfItems |-> uxNumberOfItems &*& + l->pxIndex |-> pxIndex &*& + mem(pxIndex, cells) == true &*& + xListEnd == &(l->xListEnd) &*& + xListEnd == head(cells) &*& + portMAX_DELAY == head(vals) &*& + struct_xLIST_ITEM_padding(&l->xListEnd) &*& + length(cells) == length(vals) &*& + uxNumberOfItems + 1 == length(cells) &*& + DLS(xListEnd, ?endprev, xListEnd, endprev, cells, vals, l); + @*/ +#endif /* VERIFAST_SINGLE_CORE */ + + + +#ifndef VERIFAST_SINGLE_CORE + /* Reason for rewrite: + * Predicates `xLIST_ITEM`, `DLS` and `xLIST` have been extended to expose + * node owners. Proofs using these predicates must be adapted as well. + */ + + + /*@ + lemma void xLIST_distinct_cells(struct xLIST *l) + requires xLIST(l, ?n, ?idx, ?end, ?cells, ?vals, ?owners); + ensures xLIST(l, n, idx, end, cells, vals, owners) &*& distinct(cells) == true; + { + open xLIST(l, n, idx, end, cells, vals, owners); + assert DLS(end, ?endprev, end, _, cells, vals, owners, l); + dls_distinct(end, endprev, end, endprev, cells); + close xLIST(l, n, idx, end, cells, vals, owners); } -} -lemma void dls_not_empty( - struct xLIST_ITEM *n, - struct xLIST_ITEM *m, - list cells, - struct xLIST_ITEM *x) -requires DLS(n, m, n, m, cells, ?vals, ?l) &*& mem(x, cells) == true &*& x != n; -ensures DLS(n, m, n, m, cells, vals, l) &*& n != m; -{ - open DLS(n, m, n, m, cells, vals, l); - close DLS(n, m, n, m, cells, vals, l); -} + lemma void xLIST_star_item(struct xLIST *l, struct xLIST_ITEM *x) + requires xLIST(l, ?n, ?idx, ?end, ?cells, ?vals, ?owners) &*& xLIST_ITEM(x, ?v, ?xnext, ?xprev, ?ow, ?l2); + ensures xLIST(l, n, idx, end, cells, vals, owners) &*& xLIST_ITEM(x, v, xnext, xprev, ow, l2) &*& mem(x, cells) == false; + { + open xLIST(l, n, idx, end, cells, vals, owners); + assert DLS(end, ?endprev, end, _, cells, vals, owners, l); + dls_distinct(end, endprev, end, endprev, cells); + dls_star_item(end, endprev, x); + close xLIST(l, n, idx, end, cells, vals, owners); + } -lemma void dls_last_mem( - struct xLIST_ITEM *n, - struct xLIST_ITEM *nprev, - struct xLIST_ITEM *mnext, - struct xLIST_ITEM *m, - list cells) -requires DLS(n, nprev, mnext, m, cells, ?vals, ?l); -ensures DLS(n, nprev, mnext, m, cells, vals, l) &*& mem(m, cells) == true &*& index_of(m, cells) == length(cells) - 1; -{ - open DLS(n, nprev, mnext, m, cells, vals, l); - if (n == m) { - // trivial - } else { - open xLIST_ITEM(n, _, ?nnext, _, l); - assert DLS(?o, n, mnext, m, tail(cells), tail(vals), l); - dls_last_mem(o, n, mnext, m, tail(cells)); - close xLIST_ITEM(n, _, nnext, _, l); + lemma void dls_first_mem( + struct xLIST_ITEM *n, + struct xLIST_ITEM *nprev, + struct xLIST_ITEM *mnext, + struct xLIST_ITEM *m, + list cells) + requires DLS(n, nprev, mnext, m, cells, ?vals, ?owners, ?l); + ensures DLS(n, nprev, mnext, m, cells, vals, owners, l) &*& mem(n, cells) == true &*& index_of(n, cells) == 0; + { + open DLS(n, nprev, mnext, m, cells, vals, owners, l); + if (n == m) { + assert cells == cons(n, nil); + close DLS(n, nprev, mnext, m, cells, vals, owners, l); + } else { + assert cells == cons(n, ?tail); + close DLS(n, nprev, mnext, m, cells, vals, owners, l); + } } - close DLS(n, nprev, mnext, m, cells, vals, l); -} + lemma void dls_not_empty( + struct xLIST_ITEM *n, + struct xLIST_ITEM *m, + list cells, + struct xLIST_ITEM *x) + requires DLS(n, m, n, m, cells, ?vals, ?owners, ?l) &*& mem(x, cells) == true &*& x != n; + ensures DLS(n, m, n, m, cells, vals, owners, l) &*& n != m; + { + open DLS(n, m, n, m, cells, vals, owners, l); + close DLS(n, m, n, m, cells, vals, owners, l); + } -lemma void split( - struct xLIST_ITEM *n, - struct xLIST_ITEM *nprev, - struct xLIST_ITEM *mnext, - struct xLIST_ITEM *m, - list cells, - list vals, - struct xLIST_ITEM *x, - int i) -requires DLS(n, nprev, mnext, m, cells, vals, ?l) &*& x != n &*& mem(x, cells) == true &*& index_of(x,cells) == i; -ensures DLS(n, nprev, x, ?xprev, take(i, cells), take(i, vals), l) &*& DLS(x, xprev, mnext, m, drop(i, cells), drop(i, vals), l) &*& xprev == nth(i-1, cells); -{ - open DLS(n, nprev, mnext, m, cells, vals, l); - assert n != m; - assert xLIST_ITEM(n, ?v, ?nnext, _, _); - assert DLS(nnext, n, mnext, m, tail(cells), tail(vals), l); - if (nnext == x) { - close DLS(n, nprev, x, n, singleton(n), singleton(v), l); - open DLS(x, n, mnext, m, tail(cells), tail(vals), l); - open xLIST_ITEM(x, _, ?xnext, ?xprev, l); - close xLIST_ITEM(x, _, xnext, xprev, l); - close DLS(x, n, mnext, m, tail(cells), tail(vals), l); - } else { - assert nnext != x; - split(nnext, n, mnext, m, tail(cells), tail(vals), x, i - 1); - assert DLS(nnext, n, x, ?xprev, take(i-1, tail(cells)), take(i-1, tail(vals)), l); - dls_distinct(nnext, n, x, xprev, take(i-1, tail(cells))); - dls_star_item(nnext, xprev, n); - dls_last_mem(nnext, n, x, xprev, take(i-1, tail(cells))); - assert n != xprev; - close DLS(n, nprev, x, xprev, take(i, cells), take(i, vals), l); + lemma void dls_last_mem( + struct xLIST_ITEM *n, + struct xLIST_ITEM *nprev, + struct xLIST_ITEM *mnext, + struct xLIST_ITEM *m, + list cells) + requires DLS(n, nprev, mnext, m, cells, ?vals, ?owners, ?l); + ensures DLS(n, nprev, mnext, m, cells, vals, owners, l) &*& mem(m, cells) == true &*& index_of(m, cells) == length(cells) - 1; + { + open DLS(n, nprev, mnext, m, cells, vals, owners, l); + if (n == m) { + // trivial + } else { + open xLIST_ITEM(n, _, ?nnext, _, _, l); + assert DLS(?o, n, mnext, m, tail(cells), tail(vals), tail(owners), l); + dls_last_mem(o, n, mnext, m, tail(cells)); + close xLIST_ITEM(n, _, nnext, _, _, l); + } + close DLS(n, nprev, mnext, m, cells, vals, owners, l); } -} -lemma void join( - struct xLIST_ITEM *n1, - struct xLIST_ITEM *nprev1, - struct xLIST_ITEM *mnext1, - struct xLIST_ITEM *m1, - list cells1, - list vals1, - struct xLIST_ITEM *n2, - struct xLIST_ITEM *nprev2, - struct xLIST_ITEM *mnext2, - struct xLIST_ITEM *m2, - list cells2, - list vals2) -requires - DLS(n1, nprev1, mnext1, m1, cells1, vals1, ?l) &*& - DLS(n2, nprev2, mnext2, m2, cells2, vals2, l) &*& - mnext1 == n2 &*& m1 == nprev2; -ensures DLS(n1, nprev1, mnext2, m2, append(cells1, cells2), append(vals1, vals2), l); -{ - if (n1 == m1) { - dls_first_mem(n1, nprev1, mnext1, m1, cells1); - dls_last_mem(n2, nprev2, mnext2, m2, cells2); - open DLS(n1, nprev1, mnext1, m1, cells1, vals1, l); - dls_star_item(n2, m2, n1); - close DLS(n1, nprev1, mnext2, m2, append(singleton(n1), cells2), append(vals1, vals2), l); - } else { - open DLS(n1, nprev1, mnext1, m1, cells1, vals1, l); - assert DLS(?o, n1, mnext1, m1, ?cells1_tail, ?vals1_tail, l); - join(o, n1, mnext1, m1, cells1_tail, vals1_tail, - n2, nprev2, mnext2, m2, cells2, vals2); - assert DLS(o, n1, mnext2, m2, append(cells1_tail, cells2), append(vals1_tail, vals2), l); - dls_last_mem(o, n1, mnext2, m2, append(cells1_tail, cells2)); - dls_star_item(o, m2, n1); - close DLS(n1, nprev1, mnext2, m2, append(cells1, cells2), append(vals1, vals2), l); + + lemma void split( + struct xLIST_ITEM *n, + struct xLIST_ITEM *nprev, + struct xLIST_ITEM *mnext, + struct xLIST_ITEM *m, + list cells, + list vals, + struct xLIST_ITEM *x, + int i) + requires DLS(n, nprev, mnext, m, cells, vals, ?owners, ?l) &*& x != n &*& mem(x, cells) == true &*& index_of(x,cells) == i; + ensures DLS(n, nprev, x, ?xprev, take(i, cells), take(i, vals), take(i, owners), l) &*& DLS(x, xprev, mnext, m, drop(i, cells), drop(i, vals), drop(i, owners), l) &*& xprev == nth(i-1, cells); + { + open DLS(n, nprev, mnext, m, cells, vals, owners, l); + assert n != m; + assert xLIST_ITEM(n, ?v, ?nnext, _, ?ow, _); + assert DLS(nnext, n, mnext, m, tail(cells), tail(vals), tail(owners), l); + if (nnext == x) { + close DLS(n, nprev, x, n, singleton(n), singleton(v), singleton(ow), l); + open DLS(x, n, mnext, m, tail(cells), tail(vals), tail(owners), l); + open xLIST_ITEM(x, _, ?xnext, ?xprev, ?xow, l); + close xLIST_ITEM(x, _, xnext, xprev, xow, l); + close DLS(x, n, mnext, m, tail(cells), tail(vals), tail(owners), l); + } else { + assert nnext != x; + split(nnext, n, mnext, m, tail(cells), tail(vals), x, i - 1); + assert DLS(nnext, n, x, ?xprev, take(i-1, tail(cells)), take(i-1, tail(vals)), take(i-1, tail(owners)), l); + dls_distinct(nnext, n, x, xprev, take(i-1, tail(cells))); + dls_star_item(nnext, xprev, n); + dls_last_mem(nnext, n, x, xprev, take(i-1, tail(cells))); + assert n != xprev; + close DLS(n, nprev, x, xprev, take(i, cells), take(i, vals), take(i, owners), l); + } } -} -@*/ + + lemma void join( + struct xLIST_ITEM *n1, + struct xLIST_ITEM *nprev1, + struct xLIST_ITEM *mnext1, + struct xLIST_ITEM *m1, + list cells1, + list vals1, + struct xLIST_ITEM *n2, + struct xLIST_ITEM *nprev2, + struct xLIST_ITEM *mnext2, + struct xLIST_ITEM *m2, + list cells2, + list vals2) + requires + DLS(n1, nprev1, mnext1, m1, cells1, vals1, ?owners1, ?l) &*& + DLS(n2, nprev2, mnext2, m2, cells2, vals2, ?owners2, l) &*& + mnext1 == n2 &*& m1 == nprev2; + ensures DLS(n1, nprev1, mnext2, m2, append(cells1, cells2), append(vals1, vals2), append(owners1, owners2), l); + { + if (n1 == m1) { + dls_first_mem(n1, nprev1, mnext1, m1, cells1); + dls_last_mem(n2, nprev2, mnext2, m2, cells2); + open DLS(n1, nprev1, mnext1, m1, cells1, vals1, owners1, l); + dls_star_item(n2, m2, n1); + close DLS(n1, nprev1, mnext2, m2, append(singleton(n1), cells2), append(vals1, vals2), append(owners1, owners2) ,l); + } else { + open DLS(n1, nprev1, mnext1, m1, cells1, vals1, owners1, l); + assert DLS(?o, n1, mnext1, m1, ?cells1_tail, ?vals1_tail, ?owners1_tail, l); + join(o, n1, mnext1, m1, cells1_tail, vals1_tail, + n2, nprev2, mnext2, m2, cells2, vals2); + assert DLS(o, n1, mnext2, m2, append(cells1_tail, cells2), append(vals1_tail, vals2), append(owners1_tail, owners2), l); + dls_last_mem(o, n1, mnext2, m2, append(cells1_tail, cells2)); + dls_star_item(o, m2, n1); + close DLS(n1, nprev1, mnext2, m2, append(cells1, cells2), append(vals1, vals2), append(owners1, owners2), l); + } + } + @*/ +#else + /*@ + lemma void xLIST_distinct_cells(struct xLIST *l) + requires xLIST(l, ?n, ?idx, ?end, ?cells, ?vals); + ensures xLIST(l, n, idx, end, cells, vals) &*& distinct(cells) == true; + { + open xLIST(l, n, idx, end, cells, vals); + assert DLS(end, ?endprev, end, _, cells, vals, l); + dls_distinct(end, endprev, end, endprev, cells); + close xLIST(l, n, idx, end, cells, vals); + } + + lemma void xLIST_star_item(struct xLIST *l, struct xLIST_ITEM *x) + requires xLIST(l, ?n, ?idx, ?end, ?cells, ?vals) &*& xLIST_ITEM(x, ?v, ?xnext, ?xprev, ?l2); + ensures xLIST(l, n, idx, end, cells, vals) &*& xLIST_ITEM(x, v, xnext, xprev, l2) &*& mem(x, cells) == false; + { + open xLIST(l, n, idx, end, cells, vals); + assert DLS(end, ?endprev, end, _, cells, vals, l); + dls_distinct(end, endprev, end, endprev, cells); + dls_star_item(end, endprev, x); + close xLIST(l, n, idx, end, cells, vals); + } + + lemma void dls_first_mem( + struct xLIST_ITEM *n, + struct xLIST_ITEM *nprev, + struct xLIST_ITEM *mnext, + struct xLIST_ITEM *m, + list cells) + requires DLS(n, nprev, mnext, m, cells, ?vals, ?l); + ensures DLS(n, nprev, mnext, m, cells, vals, l) &*& mem(n, cells) == true &*& index_of(n, cells) == 0; + { + open DLS(n, nprev, mnext, m, cells, vals, l); + if (n == m) { + assert cells == cons(n, nil); + close DLS(n, nprev, mnext, m, cells, vals, l); + } else { + assert cells == cons(n, ?tail); + close DLS(n, nprev, mnext, m, cells, vals, l); + } + } + + lemma void dls_not_empty( + struct xLIST_ITEM *n, + struct xLIST_ITEM *m, + list cells, + struct xLIST_ITEM *x) + requires DLS(n, m, n, m, cells, ?vals, ?l) &*& mem(x, cells) == true &*& x != n; + ensures DLS(n, m, n, m, cells, vals, l) &*& n != m; + { + open DLS(n, m, n, m, cells, vals, l); + close DLS(n, m, n, m, cells, vals, l); + } + + lemma void dls_last_mem( + struct xLIST_ITEM *n, + struct xLIST_ITEM *nprev, + struct xLIST_ITEM *mnext, + struct xLIST_ITEM *m, + list cells) + requires DLS(n, nprev, mnext, m, cells, ?vals, ?l); + ensures DLS(n, nprev, mnext, m, cells, vals, l) &*& mem(m, cells) == true &*& index_of(m, cells) == length(cells) - 1; + { + open DLS(n, nprev, mnext, m, cells, vals, l); + if (n == m) { + // trivial + } else { + open xLIST_ITEM(n, _, ?nnext, _, l); + assert DLS(?o, n, mnext, m, tail(cells), tail(vals), l); + dls_last_mem(o, n, mnext, m, tail(cells)); + close xLIST_ITEM(n, _, nnext, _, l); + } + close DLS(n, nprev, mnext, m, cells, vals, l); + } + + + lemma void split( + struct xLIST_ITEM *n, + struct xLIST_ITEM *nprev, + struct xLIST_ITEM *mnext, + struct xLIST_ITEM *m, + list cells, + list vals, + struct xLIST_ITEM *x, + int i) + requires DLS(n, nprev, mnext, m, cells, vals, ?l) &*& x != n &*& mem(x, cells) == true &*& index_of(x,cells) == i; + ensures DLS(n, nprev, x, ?xprev, take(i, cells), take(i, vals), l) &*& DLS(x, xprev, mnext, m, drop(i, cells), drop(i, vals), l) &*& xprev == nth(i-1, cells); + { + open DLS(n, nprev, mnext, m, cells, vals, l); + assert n != m; + assert xLIST_ITEM(n, ?v, ?nnext, _, _); + assert DLS(nnext, n, mnext, m, tail(cells), tail(vals), l); + if (nnext == x) { + close DLS(n, nprev, x, n, singleton(n), singleton(v), l); + open DLS(x, n, mnext, m, tail(cells), tail(vals), l); + open xLIST_ITEM(x, _, ?xnext, ?xprev, l); + close xLIST_ITEM(x, _, xnext, xprev, l); + close DLS(x, n, mnext, m, tail(cells), tail(vals), l); + } else { + assert nnext != x; + split(nnext, n, mnext, m, tail(cells), tail(vals), x, i - 1); + assert DLS(nnext, n, x, ?xprev, take(i-1, tail(cells)), take(i-1, tail(vals)), l); + dls_distinct(nnext, n, x, xprev, take(i-1, tail(cells))); + dls_star_item(nnext, xprev, n); + dls_last_mem(nnext, n, x, xprev, take(i-1, tail(cells))); + assert n != xprev; + close DLS(n, nprev, x, xprev, take(i, cells), take(i, vals), l); + } + } + + lemma void join( + struct xLIST_ITEM *n1, + struct xLIST_ITEM *nprev1, + struct xLIST_ITEM *mnext1, + struct xLIST_ITEM *m1, + list cells1, + list vals1, + struct xLIST_ITEM *n2, + struct xLIST_ITEM *nprev2, + struct xLIST_ITEM *mnext2, + struct xLIST_ITEM *m2, + list cells2, + list vals2) + requires + DLS(n1, nprev1, mnext1, m1, cells1, vals1, ?l) &*& + DLS(n2, nprev2, mnext2, m2, cells2, vals2, l) &*& + mnext1 == n2 &*& m1 == nprev2; + ensures DLS(n1, nprev1, mnext2, m2, append(cells1, cells2), append(vals1, vals2), l); + { + if (n1 == m1) { + dls_first_mem(n1, nprev1, mnext1, m1, cells1); + dls_last_mem(n2, nprev2, mnext2, m2, cells2); + open DLS(n1, nprev1, mnext1, m1, cells1, vals1, l); + dls_star_item(n2, m2, n1); + close DLS(n1, nprev1, mnext2, m2, append(singleton(n1), cells2), append(vals1, vals2), l); + } else { + open DLS(n1, nprev1, mnext1, m1, cells1, vals1, l); + assert DLS(?o, n1, mnext1, m1, ?cells1_tail, ?vals1_tail, l); + join(o, n1, mnext1, m1, cells1_tail, vals1_tail, + n2, nprev2, mnext2, m2, cells2, vals2); + assert DLS(o, n1, mnext2, m2, append(cells1_tail, cells2), append(vals1_tail, vals2), l); + dls_last_mem(o, n1, mnext2, m2, append(cells1_tail, cells2)); + dls_star_item(o, m2, n1); + close DLS(n1, nprev1, mnext2, m2, append(cells1, cells2), append(vals1, vals2), l); + } + } + @*/ +#endif /* VERIFAST_SINGLE_CORE */ #ifdef VERIFAST_TODO lemma void idx_remains_in_list( diff --git a/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h b/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h index 5229895f2f7..48e9afb0fa2 100644 --- a/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h +++ b/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h @@ -359,6 +359,7 @@ ensures } @*/ +#ifdef IGNORE_DEPRECATED /* By verifying the following function, we can validate that the above lemmas * apply to the use cases they are meant for. */ @@ -410,6 +411,7 @@ void lemma_validation__DLS_item_next(struct xLIST_ITEM* pxTaskItem) //@ assert( mem(pxItem_1, gCells) == true ); } +#endif I/* GNORE_DEPRECATED */ @@ -429,6 +431,7 @@ predicate DLS_prefix( // prefix args list prefCells, list prefVals, + list prefOwners, struct xLIST_ITEM* item, struct xLIST_ITEM* itemPrev, // unsplit DLS args @@ -436,22 +439,26 @@ predicate DLS_prefix( struct xLIST_ITEM *endPrev, struct xLIST *pxContainer) = length(prefCells) == length(prefVals) &*& + length(prefOwners) == length(prefCells) &*& switch(prefCells) { case nil: return prefVals == nil &*& + prefOwners == nil &*& item == end &*& itemPrev == endPrev; case cons(headItem, tailCells): return item != end &*& // itemPrev != endPrev &*& // do we need to know this? headItem == end &*& - DLS(end, endPrev, item, itemPrev, prefCells, prefVals, pxContainer); + DLS(end, endPrev, item, itemPrev, prefCells, prefVals, prefOwners, + pxContainer); }; predicate DLS_suffix( // suffix args list sufCells, list sufVals, + list sufOwners, struct xLIST_ITEM* item, struct xLIST_ITEM* itemNext, // unsplit DLS args @@ -459,38 +466,43 @@ predicate DLS_suffix( struct xLIST_ITEM *endPrev, struct xLIST *pxContainer) = length(sufCells) == length(sufVals) &*& + length(sufOwners) == length(sufCells) &*& switch(sufCells) { case nil: return sufVals == nil &*& + sufOwners == nil &*& item == endPrev &*& itemNext == end; case cons(headItem, tailCells): return item != endPrev &*& mem(endPrev, sufCells) == true &*& index_of(endPrev, sufCells) == length(sufCells)-1 &*& - DLS(itemNext, item, end, endPrev, sufCells, sufVals, pxContainer); + DLS(itemNext, item, end, endPrev, sufCells, sufVals, sufOwners, + pxContainer); }; lemma void DLS_open_2(struct xLIST_ITEM* pxItem) requires - DLS(?gEnd, ?gEndPrev, gEnd, gEndPrev, ?gCells, ?gVals, ?gList) &*& + DLS(?gEnd, ?gEndPrev, gEnd, gEndPrev, ?gCells, ?gVals, ?gOwners, ?gList) &*& mem(pxItem, gCells) == true &*& gEnd == head(gCells) &*& length(gCells) == length(gVals) &*& + length(gOwners) == length(gCells) &*& length(gCells) > 1; ensures - DLS_prefix(?gPrefCells, ?gPrefVals, pxItem, ?gItemPrev, + DLS_prefix(?gPrefCells, ?gPrefVals, ?gPrefOwners, pxItem, ?gItemPrev, gEnd, gEndPrev, gList) &*& - xLIST_ITEM(pxItem, ?gItemVal, ?gItemNext, gItemPrev, gList) + xLIST_ITEM(pxItem, ?gItemVal, ?gItemNext, gItemPrev, ?gOw, gList) &*& - DLS_suffix(?gSufCells, ?gSufVals, pxItem, gItemNext, gEnd, gEndPrev, gList) + DLS_suffix(?gSufCells, ?gSufVals, ?gSufOwners, pxItem, gItemNext, + gEnd, gEndPrev, gList) &*& - // gCells == gPrefCells + item + gSufCells + // lists have form "prefix + element + suffix" gCells == append(gPrefCells, append(singleton(pxItem), gSufCells)) &*& - // gVals == gPrefVals + item + gSufVals - gVals == append(gPrefVals, append(singleton(gItemVal), gSufVals)) + gVals == append(gPrefVals, append(singleton(gItemVal), gSufVals)) &*& + gOwners == append(gPrefOwners, append(singleton(gOw), gSufOwners)) &*& // next in cells mem(gItemNext, gCells) == true &*& @@ -502,25 +514,27 @@ ensures // pxItem is first/ left-most item in the list // -> empty prefix - open DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gList); - assert( xLIST_ITEM(pxItem, ?gItemVal, ?gItemNext, ?gItemPrev, gList) ); - assert( DLS(gItemNext, pxItem, gEnd, gEndPrev, ?gSufCells, ?gSufVals, - gList) ); - close DLS_prefix(nil, nil, pxItem, gItemPrev, + open DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gOwners, gList); + assert( xLIST_ITEM(pxItem, ?gItemVal, ?gItemNext, ?gItemPrev, ?gOw, gList) ); + assert( DLS(gItemNext, pxItem, gEnd, gEndPrev, + ?gSufCells, ?gSufVals, ?gSufOwners, gList) ); + close DLS_prefix(nil, nil, nil, pxItem, gItemPrev, gEnd, gEndPrev, gList); // Prove: `mem(gItemNext, gCells) == true` - open DLS(gItemNext, pxItem, gEnd, gEndPrev, gSufCells, gSufVals, gList); + open DLS(gItemNext, pxItem, gEnd, gEndPrev, + gSufCells, gSufVals, gSufOwners, gList); assert( mem(gItemNext, gCells) == true ); - close DLS(gItemNext, pxItem, gEnd, gEndPrev, gSufCells, gSufVals, gList); + close DLS(gItemNext, pxItem, gEnd, gEndPrev, + gSufCells, gSufVals, gSufOwners, gList); // Prove: `mem(gItemPrev, gCells) == true ` assert( gItemPrev == gEndPrev ); dls_last_mem(gItemNext, pxItem, gEnd, gEndPrev, gSufCells); assert( mem(gItemPrev, gCells) == true ); - close DLS_suffix(gSufCells, gSufVals, pxItem, gItemNext, gEnd, gEndPrev, - gList); + close DLS_suffix(gSufCells, gSufVals, gSufOwners, pxItem, gItemNext, + gEnd, gEndPrev, gList); } else { // pxItem is not the first/ left-most item in the list // -> non-empty prefix @@ -529,13 +543,13 @@ ensures int gItemIndex = index_of(pxItem, gCells); split(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, pxItem, gItemIndex); - assert( DLS(gEnd, gEndPrev, pxItem, ?gItemPrev, ?gPrefCells, ?gPrefVals, - gList) ); + assert( DLS(gEnd, gEndPrev, pxItem, ?gItemPrev, + ?gPrefCells, ?gPrefVals, ?gPrefOwners, gList) ); // -> Will be wrapped inside the prefix constructed at the end of this // lemma. - assert( DLS(pxItem, gItemPrev, gEnd, gEndPrev, ?gPartCells, ?gPartVals, - gList) ); + assert( DLS(pxItem, gItemPrev, gEnd, gEndPrev, + ?gPartCells, ?gPartVals, ?gPartOwners, gList) ); // -> The tail of this DLS will make up the suffix constructed at the // end of this lemma. @@ -547,16 +561,16 @@ ensures // Prove: `head(gPrefCells) == gEnd` // Necessary to construct prefix later. // Implies `mem(gItemPrev, gCells) == true`. - open DLS(gEnd, gEndPrev, pxItem, gItemPrev, gPrefCells, gPrefVals, - gList); + open DLS(gEnd, gEndPrev, pxItem, gItemPrev, + gPrefCells, gPrefVals, gPrefOwners, gList); assert( head(gPrefCells) == gEnd ); - close DLS(gEnd, gEndPrev, pxItem, gItemPrev, gPrefCells, gPrefVals, - gList); + close DLS(gEnd, gEndPrev, pxItem, gItemPrev, + gPrefCells, gPrefVals, gPrefOwners, gList); assert( mem(gItemPrev, gCells) == true ); - open DLS(pxItem, gItemPrev, gEnd, gEndPrev, gPartCells, gPartVals, - gList); - assert( xLIST_ITEM(pxItem, ?gItemVal, ?gItemNext, gItemPrev, gList) ); + open DLS(pxItem, gItemPrev, gEnd, gEndPrev, + gPartCells, gPartVals, gPartOwners, gList); + assert( xLIST_ITEM(pxItem, ?gItemVal, ?gItemNext, gItemPrev, ?gOw, gList) ); if( pxItem == gEndPrev ) { // pxItem is the last/ right-most item in the list. @@ -572,69 +586,78 @@ ensures // prove: mem(gItemNext, gCells) == true - open xLIST_ITEM(pxItem, gItemVal, gItemNext, gItemPrev, gList); + open xLIST_ITEM(pxItem, gItemVal, gItemNext, gItemPrev, gOw, + gList); assert( gItemNext == gEnd ); assert( mem(gItemNext, gCells) == true ); - close xLIST_ITEM(pxItem, gItemVal, gItemNext, gItemPrev, gList); + close xLIST_ITEM(pxItem, gItemVal, gItemNext, gItemPrev, gOw, + gList); - close DLS_prefix(gPrefCells, gPrefVals, pxItem, gItemPrev, + close DLS_prefix(gPrefCells, gPrefVals, gPrefOwners, pxItem, + gItemPrev, gEnd, gEndPrev, gList); + close DLS_suffix(nil, nil, nil, pxItem, gItemNext, gEnd, gEndPrev, gList); - close DLS_suffix(nil, nil, pxItem, gItemNext, gEnd, gEndPrev, gList); } else { // pxItem is not the last/ right-most item in the list. // -> non-empty suffix - assert( DLS(gItemNext, pxItem, gEnd, gEndPrev, ?gSufCells, ?gSufVals, - gList) ); + assert( DLS(gItemNext, pxItem, gEnd, gEndPrev, + ?gSufCells, ?gSufVals, ?gSufOwners, gList) ); assert( gSufCells == drop(1, gPartCells) ); // Prove: - `drop(gItemIndex+1, gCells) == gSufCells` // - `drop(gItemIndex+1, gVals) == gSufVals` + // - `drop(gItemIndex+1, gOwners) == gSufOwners` // -> Required to prove `mem(gItemNext, gCells) == true` and also to // prove relationship between gCells/gVals and their segmentation. assert( drop(1, drop(gItemIndex, gCells)) == gSufCells ); assert( drop(1, drop(gItemIndex, gVals)) == gSufVals ); + assert( drop(1, drop(gItemIndex, gOwners)) == gSufOwners ); drop_n_plus_m(gCells, 1, gItemIndex); drop_n_plus_m(gVals, 1, gItemIndex); + drop_n_plus_m(gOwners, 1, gItemIndex); assert( drop(gItemIndex+1, gCells) == gSufCells ); assert( drop(gItemIndex+1, gVals) == gSufVals ); + assert( drop(gItemIndex+1, gOwners) == gSufOwners ); // Prove: `mem(gItemNext, gCells) == true` - open DLS(gItemNext, pxItem, gEnd, gEndPrev, gSufCells, gSufVals, - gList); + open DLS(gItemNext, pxItem, gEnd, gEndPrev, + gSufCells, gSufVals, gSufOwners, gList); assert( mem(gItemNext, gSufCells) == true ); mem_suffix_implies_mem(gItemNext, gCells, gItemIndex+1); assert( mem(gItemNext, gCells) == true ); - close DLS(gItemNext, pxItem, gEnd, gEndPrev, gSufCells, gSufVals, - gList); + close DLS(gItemNext, pxItem, gEnd, gEndPrev, + gSufCells, gSufVals, gSufOwners, gList); - close DLS_prefix(gPrefCells, gPrefVals, pxItem, gItemPrev, - gEnd, gEndPrev, gList); + close DLS_prefix(gPrefCells, gPrefVals, gPrefOwners, + pxItem, gItemPrev, gEnd, gEndPrev, gList); dls_last_mem(gItemNext, pxItem, gEnd, gEndPrev, gSufCells); - close DLS_suffix(gSufCells, gSufVals, pxItem, gItemNext, gEnd, - gEndPrev, gList); + close DLS_suffix(gSufCells, gSufVals, gSufOwners, pxItem, gItemNext, + gEnd, gEndPrev, gList); } } } lemma void DLS_close_2(struct xLIST_ITEM* pxItem, list gCells, - list gVals) + list gVals, + list gOwners) requires length(gCells) == length(gVals) &*& - DLS_prefix(?gPrefCells, ?gPrefVals, pxItem, ?gItemPrev, + DLS_prefix(?gPrefCells, ?gPrefVals, ?gPrefOwners, pxItem, ?gItemPrev, ?gEnd, ?gEndPrev, ?gList) &*& gEnd == head(gCells) &*& - xLIST_ITEM(pxItem, ?gItemVal, ?gItemNext, gItemPrev, gList) + xLIST_ITEM(pxItem, ?gItemVal, ?gItemNext, gItemPrev, ?gOw, gList) &*& - DLS_suffix(?gSufCells, ?gSufVals, pxItem, gItemNext, gEnd, gEndPrev, gList) + DLS_suffix(?gSufCells, ?gSufVals, ?gSufOwners, pxItem, gItemNext, + gEnd, gEndPrev, gList) &*& - // gCells == gPrefCells + item + gSufCells + // lists have form "prefix + element + suffix" gCells == append(gPrefCells, append(singleton(pxItem), gSufCells)) &*& - // gVals == gPrefVals + item + gSufVals - gVals == append(gPrefVals, append(singleton(gItemVal), gSufVals)) + gVals == append(gPrefVals, append(singleton(gItemVal), gSufVals)) &*& + gOwners == append(gPrefOwners, append(singleton(gOw), gSufOwners)) &*& // next in cells mem(gItemNext, gCells) == true &*& @@ -642,7 +665,7 @@ requires mem(gItemPrev, gCells) == true ; ensures - DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gList) &*& + DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gOwners, gList) &*& mem(pxItem, gCells) == true &*& mem(gItemNext, gCells) == true &*& mem(gItemPrev, gCells) == true &*& @@ -654,7 +677,7 @@ ensures // pxItem is first/ left-most item in the list // -> empty prefix - open DLS_prefix(gPrefCells, gPrefVals, pxItem, gItemPrev, + open DLS_prefix(gPrefCells, gPrefVals, gPrefOwners, pxItem, gItemPrev, gEnd, gEndPrev, gList); assert( pxItem == gEnd ); assert( gPrefVals == nil ); @@ -662,36 +685,39 @@ ensures if( gSufCells == nil ) { // pxItem is last/ right-most item in the list - open DLS_suffix(gSufCells, gSufVals, pxItem, gItemNext, gEnd, - gEndPrev, gList); + open DLS_suffix(gSufCells, gSufVals, gSufOwners, pxItem, gItemNext, + gEnd, gEndPrev, gList); assert( pxItem == gEndPrev ); assert( gSufVals == nil ); - close DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gList); + close DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gOwners, + gList); } else { // pxItem is not last/ right-most item in the list - open DLS_suffix(gSufCells, gSufVals, pxItem, gItemNext, gEnd, - gEndPrev, gList); - close DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gList); + open DLS_suffix(gSufCells, gSufVals, gSufOwners, pxItem, gItemNext, + gEnd, gEndPrev, gList); + close DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gOwners, + gList); } } else { // pxItem is not the first/ left-most item in the list // -> non-empty prefix // (potentially empty suffix) - open DLS_prefix(gPrefCells, gPrefVals, pxItem, gItemPrev, + open DLS_prefix(gPrefCells, gPrefVals, gPrefOwners, pxItem, gItemPrev, gEnd, gEndPrev, gList); if( gSufCells == nil ) { // pxItem is the last/ right-most item in the list // -> empty suffix - open DLS_suffix(gSufCells, gSufVals, pxItem, gItemNext, gEnd, - gEndPrev, gList); + open DLS_suffix(gSufCells, gSufVals, gSufOwners, pxItem, gItemNext, + gEnd, gEndPrev, gList); assert( pxItem == gEndPrev ); close DLS(pxItem, gItemPrev, gEnd, gEndPrev, - singleton(pxItem), singleton(gItemVal), gList); + singleton(pxItem), singleton(gItemVal), singleton(gOw), + gList); join(gEnd, gEndPrev, pxItem, gItemPrev, gPrefCells, gPrefVals, pxItem, gItemPrev, gEnd, gEndPrev, singleton(pxItem), singleton(gItemVal)); @@ -699,10 +725,11 @@ ensures // pxItem is not the last/ right-most item in the list // -> non-empty suffix - open DLS_suffix(gSufCells, gSufVals, pxItem, gItemNext, gEnd, - gEndPrev, gList); + open DLS_suffix(gSufCells, gSufVals, gSufOwners, pxItem, gItemNext, + gEnd, gEndPrev, gList); close DLS(pxItem, gItemPrev, gEnd, gEndPrev, cons(pxItem, gSufCells), cons(gItemVal, gSufVals), + cons(gOw, gSufOwners), gList); join(gEnd, gEndPrev, pxItem, gItemPrev, gPrefCells, gPrefVals, pxItem, gItemPrev, gEnd, gEndPrev, @@ -714,14 +741,15 @@ ensures struct xLIST_ITEM* lemma_validation__DLS_item_next_2(struct xLIST_ITEM* pxTaskItem) /*@ requires - DLS(?gEnd, ?gEndPrev, gEnd, gEndPrev, ?gCells, ?gVals, ?gList) &*& + DLS(?gEnd, ?gEndPrev, gEnd, gEndPrev, ?gCells, ?gVals, ?gOwners, ?gList) &*& mem(pxTaskItem, gCells) == true &*& gEnd == head(gCells) &*& length(gCells) == length(gVals) &*& + length(gOwners) == length(gCells) &*& length(gCells) > 1; @*/ /*@ ensures - DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gList) &*& + DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gOwners, gList) &*& mem(pxTaskItem, gCells) == true &*& mem(result, gCells) == true; @*/ @@ -732,30 +760,34 @@ struct xLIST_ITEM* lemma_validation__DLS_item_next_2(struct xLIST_ITEM* pxTaskIt //@ DLS_open_2(gTaskItem_0); /*@ assert( xLIST_ITEM(gTaskItem_0, ?gTaskItem_0_val, - ?gTaskItem_0_next, ?gTaskItem_0_prev, gList) ); + ?gTaskItem_0_next, ?gTaskItem_0_prev, ?gTaskItem_0_owner, + gList) ); @*/ pxTaskItem = pxTaskItem->pxNext; //@ struct xLIST_ITEM* gTaskItem_1 = pxTaskItem; /*@ close xLIST_ITEM(gTaskItem_0, gTaskItem_0_val, - gTaskItem_0_next, gTaskItem_0_prev, gList); + gTaskItem_0_next, gTaskItem_0_prev, gTaskItem_0_owner, + gList); @*/ - //@ DLS_close_2(gTaskItem_0, gCells, gVals); + //@ DLS_close_2(gTaskItem_0, gCells, gVals, gOwners); // second iteration step //@ DLS_open_2(gTaskItem_1); /*@ assert( xLIST_ITEM(gTaskItem_1, ?gTaskItem_1_val, - ?gTaskItem_1_next, ?gTaskItem_1_prev, gList) ); + ?gTaskItem_1_next, ?gTaskItem_1_prev, ?gTaskItem_1_owner, + gList) ); @*/ pxTaskItem = pxTaskItem->pxNext; //@ struct xLIST_ITEM* gTaskItem_2 = pxTaskItem; /*@ close xLIST_ITEM(gTaskItem_1, gTaskItem_1_val, - gTaskItem_1_next, gTaskItem_1_prev, gList); + gTaskItem_1_next, gTaskItem_1_prev, gTaskItem_1_owner, + gList); @*/ - //@ DLS_close_2(gTaskItem_1, gCells, gVals); + //@ DLS_close_2(gTaskItem_1, gCells, gVals, gOwners); //@ assert( mem(gTaskItem_2, gCells) == true ); @@ -765,14 +797,15 @@ struct xLIST_ITEM* lemma_validation__DLS_item_next_2(struct xLIST_ITEM* pxTaskIt struct xLIST_ITEM* lemma_validation__DLS_item_prev_2(struct xLIST_ITEM* pxTaskItem) /*@ requires - DLS(?gEnd, ?gEndPrev, gEnd, gEndPrev, ?gCells, ?gVals, ?gList) &*& + DLS(?gEnd, ?gEndPrev, gEnd, gEndPrev, ?gCells, ?gVals, ?gOwners, ?gList) &*& mem(pxTaskItem, gCells) == true &*& gEnd == head(gCells) &*& length(gCells) == length(gVals) &*& + length(gOwners) == length(gCells) &*& length(gCells) > 1; @*/ /*@ ensures - DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gList) &*& + DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gOwners, gList) &*& mem(pxTaskItem, gCells) == true &*& mem(result, gCells) == true; @*/ @@ -783,30 +816,34 @@ struct xLIST_ITEM* lemma_validation__DLS_item_prev_2(struct xLIST_ITEM* pxTaskIt //@ DLS_open_2(gTaskItem_0); /*@ assert( xLIST_ITEM(gTaskItem_0, ?gTaskItem_0_val, - ?gTaskItem_0_next, ?gTaskItem_0_prev, gList) ); + ?gTaskItem_0_next, ?gTaskItem_0_prev, ?gTaskItem_0_owner, + gList) ); @*/ pxTaskItem = pxTaskItem->pxPrevious; //@ struct xLIST_ITEM* gTaskItem_1 = pxTaskItem; /*@ close xLIST_ITEM(gTaskItem_0, gTaskItem_0_val, - gTaskItem_0_next, gTaskItem_0_prev, gList); + gTaskItem_0_next, gTaskItem_0_prev, gTaskItem_0_owner, + gList); @*/ - //@ DLS_close_2(gTaskItem_0, gCells, gVals); + //@ DLS_close_2(gTaskItem_0, gCells, gVals, gOwners); // second iteration step //@ DLS_open_2(gTaskItem_1); /*@ assert( xLIST_ITEM(gTaskItem_1, ?gTaskItem_1_val, - ?gTaskItem_1_next, ?gTaskItem_1_prev, gList) ); + ?gTaskItem_1_next, ?gTaskItem_1_prev, ?gTaskItem_1_owner, + gList) ); @*/ pxTaskItem = pxTaskItem->pxPrevious; //@ struct xLIST_ITEM* gTaskItem_2 = pxTaskItem; /*@ close xLIST_ITEM(gTaskItem_1, gTaskItem_1_val, - gTaskItem_1_next, gTaskItem_1_prev, gList); + gTaskItem_1_next, gTaskItem_1_prev,gTaskItem_1_owner, + gList); @*/ - //@ DLS_close_2(gTaskItem_1, gCells, gVals); + //@ DLS_close_2(gTaskItem_1, gCells, gVals, gOwners); //@ assert( mem(gTaskItem_2, gCells) == true ); diff --git a/verification/verifast/proof/task_predicates.h b/verification/verifast/proof/task_predicates.h index b583cd7ced4..6d824a36817 100644 --- a/verification/verifast/proof/task_predicates.h +++ b/verification/verifast/proof/task_predicates.h @@ -12,9 +12,9 @@ predicate uninit_TCB_p(TCB_t * tcb, int stackSize) = malloc_block_tskTaskControlBlock(tcb) &*& tcb->pxTopOfStack |-> _ &*& - xLIST_ITEM(&tcb->xStateListItem, _, _, _, _) &*& + xLIST_ITEM(&tcb->xStateListItem, _, _, _, _, _) &*& struct_xLIST_ITEM_padding(&tcb->xStateListItem) &*& - xLIST_ITEM(&tcb->xEventListItem, _, _, _, _) &*& + xLIST_ITEM(&tcb->xEventListItem, _, _, _, _, _) &*& struct_xLIST_ITEM_padding(&tcb->xEventListItem) &*& tcb->uxPriority |-> _ &*& @@ -59,9 +59,9 @@ predicate TCB_p(TCB_t * tcb, uint32_t ulFreeBytesOnStack) = stack_p_2(stackPtr, ?ulStackDepth, topPtr, ulFreeBytesOnStack, ?ulUsedCells, ?ulUnalignedBytes) &*& - xLIST_ITEM(&tcb->xStateListItem, _, _, _, _) &*& + xLIST_ITEM(&tcb->xStateListItem, _, _, _, _, _) &*& struct_xLIST_ITEM_padding(&tcb->xStateListItem) &*& - xLIST_ITEM(&tcb->xEventListItem, _, _, _, _) &*& + xLIST_ITEM(&tcb->xEventListItem, _, _, _, _, _) &*& struct_xLIST_ITEM_padding(&tcb->xEventListItem) &*& tcb->uxPriority |-> _ &*& diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/verification/verifast/proof/verifast_lock_predicates.h index e949d161dbb..87bfba9af6e 100644 --- a/verification/verifast/proof/verifast_lock_predicates.h +++ b/verification/verifast/proof/verifast_lock_predicates.h @@ -92,7 +92,7 @@ predicate taskISRLockInv_p() = integer_((void*) &uxTopReadyPriority, sizeof(UBaseType_t), false, ?gTopReadyPriority) &*& 0 <= gTopReadyPriority &*& gTopReadyPriority < configMAX_PRIORITIES &*& - readyLists_p(?gCellLists) + readyLists_p(?gCellLists, ?gOwnerLists) &*& // ∀gCells ∈ gCellLists. ∀item ∈ gCells. sharedSeg_TCB_p(item->pvOwner) //foreach(gCellLists, foreach_sharedSeg_TCB_of_itemOwner); @@ -117,6 +117,9 @@ ensures locked_p(otherLocks); // ∀items ∈ itemLists. ∀it ∈ items. sharedSeg_TCB_p(it->pvOwner) predicate collection_of_sharedSeg_TCB_p(list > itemLists) = + true; +@*/ +/* foreach(itemLists, foreach_sharedSeg_TCB_of_itemOwner); // Auxiliary prediactes to express nested quantification From 78de786d89809706ce63bf955c6f4449b408872e Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 30 Nov 2022 11:05:06 -0500 Subject: [PATCH 165/289] Expanded lock invariant to give us access to shared segments of all ready TCBs. --- tasks.c | 27 ++++++----- .../verifast/proof/ready_list_predicates.h | 1 + .../verifast/proof/verifast_lock_predicates.h | 46 ++++++++++++++++--- 3 files changed, 57 insertions(+), 17 deletions(-) diff --git a/tasks.c b/tasks.c index fd6f74a940c..f30596c92ac 100644 --- a/tasks.c +++ b/tasks.c @@ -993,6 +993,7 @@ static void prvYieldForTask( TCB_t * pxTCB, //@ List_t* gReadyList = &pxReadyTasksLists[uxCurrentPriority]; //@ assert( xLIST(gReadyList, ?gSize, ?gIndex, ?gEnd, ?gCells, ?gVals, ?gOwners) ); + //@ assert( mem(gOwners, gOwnerLists) == true ); //@ open xLIST(gReadyList, _, _, _, _, _, _); if( listLIST_IS_EMPTY( &( pxReadyTasksLists[ uxCurrentPriority ] ) ) == pdFALSE ) @@ -1035,14 +1036,15 @@ static void prvYieldForTask( TCB_t * pxTCB, //@ mem_nth(uxCurrentPriority, gCellLists); //@ assert( mem(gCells, gCellLists) == true); -// //@ open_collection_of_sharedSeg_TCB(gCellLists, gCells); + + // Get access to `sharedSeg_TCB_p` predicates of current ready list. + //@ open_owned_sharedSeg_TCBs(gOwnerLists, gOwners); do /*@ invariant mem(pxTaskItem, gCells) == true &*& xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners) &*& -// foreach(gCells, sharedSeg_TCB_of_itemOwner); - true; + foreach(gOwners, sharedSeg_TCB_p); @*/ { TCB_t * pxTCB; @@ -1071,17 +1073,18 @@ static void prvYieldForTask( TCB_t * pxTCB, //@ DLS_close_2(gTaskItem_1, gCells, gVals, gOwners); } - //@ struct xLIST_ITEM* gTaskItem_3 = pxTaskItem; + //@ struct xLIST_ITEM* gTaskItem_final = pxTaskItem; - //@ DLS_open_2(gTaskItem_3); + //@ DLS_open_2(gTaskItem_final); pxTCB = pxTaskItem->pvOwner; - //@ close xLIST_ITEM(gTaskItem_3, _, _, _, _, gReadyList); - //@ DLS_close_2(gTaskItem_3, gCells, gVals, gOwners); - - // Get access to sharedSeg_TCB_p(pxTCB). -// //@ foreach_remove(gTaskItem_3, gCells); -// //@ open sharedSeg_TCB_of_itemOwner(gTaskItem_3); + /*@ close xLIST_ITEM(gTaskItem_final, _, _, _, + pxTCB, gReadyList); + @*/ + //@ DLS_close_2(gTaskItem_final, gCells, gVals, gOwners); + // Getting access to fields of `pxTCB` + //@ foreach_remove(pxTCB, gOwners); + //@ open sharedSeg_TCB_p(pxTCB); /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */ @@ -1142,6 +1145,8 @@ static void prvYieldForTask( TCB_t * pxTCB, break; } } while( pxTaskItem != pxLastTaskItem ); + + //@ close_owned_sharedSeg_TCBs(gOwnerLists, gOwners); } else { diff --git a/verification/verifast/proof/ready_list_predicates.h b/verification/verifast/proof/ready_list_predicates.h index 8a0da795a8f..2c0f2a952c1 100644 --- a/verification/verifast/proof/ready_list_predicates.h +++ b/verification/verifast/proof/ready_list_predicates.h @@ -59,6 +59,7 @@ ensures xLIST(array + index, _, _, _, ?gCells, ?gVals, ?gOwners) &*& gCells == nth(index, gCellLists) &*& gOwners == nth(index, gOwnerLists) &*& + mem(gOwners, gOwnerLists) == true &*& List_array_p(array + index + 1, gSize-index-1, ?gSufCellLists, ?gSufOwnerLists) &*& gSufCellLists == drop(index+1, gCellLists) &*& gSufOwnerLists == drop(index+1, gOwnerLists); diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/verification/verifast/proof/verifast_lock_predicates.h index 87bfba9af6e..68f6a6148ca 100644 --- a/verification/verifast/proof/verifast_lock_predicates.h +++ b/verification/verifast/proof/verifast_lock_predicates.h @@ -94,9 +94,8 @@ predicate taskISRLockInv_p() = &*& readyLists_p(?gCellLists, ?gOwnerLists) &*& - // ∀gCells ∈ gCellLists. ∀item ∈ gCells. sharedSeg_TCB_p(item->pvOwner) - //foreach(gCellLists, foreach_sharedSeg_TCB_of_itemOwner); - collection_of_sharedSeg_TCB_p(gCellLists); + // ∀owners ∈ gOwnerLists. ∀ow ∈ owners. sharedSeg_TCB_p(owner) + owned_sharedSeg_TCBs_p(gOwnerLists); lemma void produce_taskISRLockInv(); @@ -115,10 +114,45 @@ ensures locked_p(otherLocks); -// ∀items ∈ itemLists. ∀it ∈ items. sharedSeg_TCB_p(it->pvOwner) -predicate collection_of_sharedSeg_TCB_p(list > itemLists) = - true; +// ∀owners ∈ gOwnerLists. ∀ow ∈ owners. sharedSeg_TCB_p(owner) +predicate owned_sharedSeg_TCBs_p(list > ownerLists) = + foreach(ownerLists, foreach_sharedSeg_TCB_p); + +// ∀ow ∈ owners. sharedSeg_TCB_p(owner) +predicate foreach_sharedSeg_TCB_p(list owners) = + foreach(owners, sharedSeg_TCB_p); + +lemma void open_owned_sharedSeg_TCBs(list > ownerLists, + list owners) +requires + owned_sharedSeg_TCBs_p(ownerLists) &*& + mem(owners, ownerLists) == true; +ensures + owned_sharedSeg_TCBs_p(remove(owners, ownerLists)) &*& + foreach(owners, sharedSeg_TCB_p); +{ + open owned_sharedSeg_TCBs_p(ownerLists); + foreach_remove(owners, ownerLists); + close owned_sharedSeg_TCBs_p(remove(owners, ownerLists)); + open foreach_sharedSeg_TCB_p(owners); +} + +lemma void close_owned_sharedSeg_TCBs(list > ownerLists, + list owners) +requires + owned_sharedSeg_TCBs_p(remove(owners, ownerLists)) &*& + foreach(owners, sharedSeg_TCB_p) &*& + mem(owners, ownerLists) == true; +ensures + owned_sharedSeg_TCBs_p(ownerLists); +{ + close foreach_sharedSeg_TCB_p(owners); + open owned_sharedSeg_TCBs_p(remove(owners, ownerLists)); + foreach_unremove(owners, ownerLists); + close owned_sharedSeg_TCBs_p(ownerLists); +} @*/ + /* foreach(itemLists, foreach_sharedSeg_TCB_of_itemOwner); From fe5612cf4fcce0ac34e24187c014e778acafc995 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 30 Nov 2022 15:52:00 -0500 Subject: [PATCH 166/289] Extended lock invariants to justify safe access to ready tasks as well as scheduled task. --- tasks.c | 93 +++++++++++++++++-- .../verifast/proof/verifast_lists_extended.h | 24 +++-- .../verifast/proof/verifast_lock_predicates.h | 88 +++++++++++------- 3 files changed, 160 insertions(+), 45 deletions(-) diff --git a/tasks.c b/tasks.c index f30596c92ac..553e4d9e4eb 100644 --- a/tasks.c +++ b/tasks.c @@ -907,7 +907,7 @@ static void prvYieldForTask( TCB_t * pxTCB, taskISRLockInv_p() &*& // opened predicate `coreLocalInterruptInv_p()` - pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB) &*& + [0.5]pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB) &*& integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) &*& coreLocalSeg_TCB_p(gCurrentTCB, 0) &*& @@ -960,7 +960,7 @@ static void prvYieldForTask( TCB_t * pxTCB, taskISRLockInv_p() &*& // opened predicate `coreLocalInterruptInv_p()` - pointer(&pxCurrentTCBs[coreID_f], gCurrentTCB) &*& + [0.5]pointer(&pxCurrentTCBs[coreID_f], gCurrentTCB) &*& // pubTCB_p(gCurrentTCB, 0) &*& integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) &*& coreLocalSeg_TCB_p(gCurrentTCB, 0) @@ -987,6 +987,16 @@ static void prvYieldForTask( TCB_t * pxTCB, #endif //@ open taskISRLockInv_p(); + //@ assert( valid_sharedSeg_TCBs_p(?gTaskLists) ); + + // Eliminates exists predicate to avoid pattern matching conflicts + //@ open exists(gTaskLists); + + // Get list containing currentTCB and ensure we matched the right variable + //@ assert( exists(?gCurrentTCB_category) ); + //@ assert( mem(gCurrentTCB, gCurrentTCB_category) == true ); + + //@ open readyLists_p(?gCellLists, ?gOwnerLists); //@ List_array_p_index_within_limits(&pxReadyTasksLists, uxCurrentPriority); //@ List_array_split(pxReadyTasksLists, uxCurrentPriority); @@ -1037,14 +1047,27 @@ static void prvYieldForTask( TCB_t * pxTCB, //@ mem_nth(uxCurrentPriority, gCellLists); //@ assert( mem(gCells, gCellLists) == true); - // Get access to `sharedSeg_TCB_p` predicates of current ready list. - //@ open_owned_sharedSeg_TCBs(gOwnerLists, gOwners); + // Prove that `mem(gOwners, gTaskLists) == true` + // Necessary to get access to `sharedSeg_TCB_p` predicates of + // current ready list in the loop + //@ assert( mem(gOwners, gOwnerLists) == true ); + //@ assert( forall(gOwnerLists, (mem_list_elem)(gTaskLists) ) == true ); + //@ forall_instantiate(gOwners, gOwnerLists, (mem_list_elem)(gTaskLists)); + //@ assert( mem(gOwners, gTaskLists) == true ); + ///@ open_valid_sharedSeg_TCBs(gTaskLists, gOwners); do /*@ invariant + 0 <= xCoreID &*& xCoreID < configNUM_CORES &*& + xCoreID == coreID_f() &*& + pointer(&pxCurrentTCBs[coreID_f], gCurrentTCB) &*& mem(pxTaskItem, gCells) == true &*& xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners) &*& - foreach(gOwners, sharedSeg_TCB_p); +// foreach(gOwners, sharedSeg_TCB_p); + valid_sharedSeg_TCBs_p(gTaskLists) &*& + mem(gOwners, gTaskLists) == true &*& + mem(gCurrentTCB, gCurrentTCB_category) == true &*& + mem(gCurrentTCB_category, gTaskLists) == true; @*/ { TCB_t * pxTCB; @@ -1083,6 +1106,7 @@ static void prvYieldForTask( TCB_t * pxTCB, //@ DLS_close_2(gTaskItem_final, gCells, gVals, gOwners); // Getting access to fields of `pxTCB` + //@ open_valid_sharedSeg_TCBs(gTaskLists, gOwners); //@ foreach_remove(pxTCB, gOwners); //@ open sharedSeg_TCB_p(pxTCB); @@ -1111,6 +1135,33 @@ static void prvYieldForTask( TCB_t * pxTCB, #endif #endif { + //@ assert( foreach(remove(pxTCB, gOwners), sharedSeg_TCB_p) ); + //@ assert( gCurrentTCB == pxCurrentTCBs[ xCoreID ] ); + /*@ + if( gCurrentTCB == pxTCB ) { + // We can use the opened `sharedSeg_TCB_p` chunk + // for `pxTCB`. + } else { + if( gCurrentTCB_category == gOwners ) { + // `gCurrentTCB` is different from `pxTCB` but + // they belong to the same ready list. + + assert( mem(gCurrentTCB, gOwners) == true ); + mem_after_remove(gCurrentTCB, gOwners, pxTCB); + assert( mem(gCurrentTCB, remove(pxTCB, gOwners)) == true ); + foreach_remove(gCurrentTCB, remove(pxTCB, gOwners)); + } else { + assert( mem(gCurrentTCB_category, gTaskLists) == true ); + mem_after_remove(gCurrentTCB_category, gTaskLists, gOwners); + assert( mem(gCurrentTCB_category, remove(gOwners, gTaskLists)) == true ); + open_valid_sharedSeg_TCBs(remove(gOwners, gTaskLists), + gCurrentTCB_category); + foreach_remove(gCurrentTCB, gCurrentTCB_category); + } + + open sharedSeg_TCB_p(gCurrentTCB); + } + @*/ /* If the task is not being executed by any core swap it in */ pxCurrentTCBs[ xCoreID ]->xTaskRunState = taskTASK_NOT_RUNNING; #if ( ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) ) @@ -1119,6 +1170,36 @@ static void prvYieldForTask( TCB_t * pxTCB, pxTCB->xTaskRunState = ( TaskRunning_t ) xCoreID; pxCurrentTCBs[ xCoreID ] = pxTCB; xTaskScheduled = pdTRUE; + + /*@ + if( gCurrentTCB == pxTCB ) { + // We can used the opened `sharedSeg_TCB_p` chunk + // for `pxTCB`. + // => We don't have to close anything. + } else { + // Above, we extracted `sharedSeg_TCB_p(gCurrentTCB)` + // from the collection of all remaining shared TCB + // segments and opened it. + // => Close predicate and restore collection. + + close sharedSeg_TCB_p(gCurrentTCB); + + if( gCurrentTCB_category == gOwners ) { + // `gCurrentTCB` is different from `pxTCB` but + // they belong to the same ready list. + + foreach_unremove(gCurrentTCB, remove(pxTCB, gOwners)); + } else { + foreach_unremove(gCurrentTCB, gCurrentTCB_category); + close_valid_sharedSeg_TCBs(remove(gOwners, gTaskLists), + gCurrentTCB_category); + } + } + @*/ + + // Ensure we restored the collection as it was + // at the beginning of the block. + //@ assert( foreach(remove(pxTCB, gOwners), sharedSeg_TCB_p) ); } } else if( pxTCB == pxCurrentTCBs[ xCoreID ] ) @@ -1146,7 +1227,7 @@ static void prvYieldForTask( TCB_t * pxTCB, } } while( pxTaskItem != pxLastTaskItem ); - //@ close_owned_sharedSeg_TCBs(gOwnerLists, gOwners); + //@ close_valid_sharedSeg_TCBs(gOwnerLists, gOwners); } else { diff --git a/verification/verifast/proof/verifast_lists_extended.h b/verification/verifast/proof/verifast_lists_extended.h index e2879c352c9..70bd5d6f47c 100644 --- a/verification/verifast/proof/verifast_lists_extended.h +++ b/verification/verifast/proof/verifast_lists_extended.h @@ -8,7 +8,7 @@ -// TODO: prove +// TODO: Can we prove this in VeriFast or do we have to axiomatise? /*@ lemma void head_drop_n_equals_nths(list xs, int n) requires n >= 0; @@ -32,7 +32,7 @@ ensures head(drop(n, xs)) == nth(n, xs); assume(false); } -// TODO: prove +// TODO: Can we prove this in VeriFast or do we have to axiomatise? lemma void drop_index_equals_singleton_implies_last_element(list xs, t x) requires drop(index_of(x, xs), xs) == cons(x, nil); ensures index_of(x, xs) == length(xs) - 1; @@ -50,7 +50,7 @@ ensures index_of(x, xs) == length(xs) - 1; assume(false); } -// TODO: prove +// TODO: Can we prove this in VeriFast or do we have to axiomatise? // Can we replace this by standard lemma `drop_n_plus_one`? lemma void drop_cons(list xs, int n) requires n < length(xs); @@ -70,7 +70,7 @@ ensures drop(n, xs) == cons(nth(n, xs), drop(n+1, xs)); assume(false); } -// TODO: prove +// TODO: Can we prove this in VeriFast or do we have to axiomatise? lemma void nth_index(list xs, t x) requires mem(x, xs) == true; ensures nth(index_of(x, xs), xs) == x; @@ -88,12 +88,12 @@ ensures nth(index_of(x, xs), xs) == x; assume(false); } -// TODO: prove +// TODO: Can we prove this in VeriFast or do we have to axiomatise? lemma void mem_prefix_implies_mem(t x, list xs, int n); requires mem(x, take(n, xs)) == true; ensures mem(x, xs) == true; -// TODO: prove +// TODO: Can we prove this in VeriFast or do we have to axiomatise? lemma void mem_suffix_implies_mem(t x, list xs, int n); requires mem(x, drop(n, xs)) == true; ensures mem(x, xs) == true; @@ -102,6 +102,18 @@ ensures mem(x, xs) == true; lemma void drop_n_plus_m(list xs, int n, int m); requires true; ensures drop(n, drop(m, xs)) == drop(n + m, xs); + + +// TODO: Can we prove this in VeriFast or do we have to axiomatise? +lemma void forall_instantiate(t x, list xs, fixpoint(t, bool) f); +requires forall(xs, f) == true &*& mem(x, xs) == true; +ensures forall(xs, f) == true &*& f(x) == true; + + +// TODO: Can we prove this in VeriFast or do we have to axiomatise? +lemma void mem_after_remove(t x, list xs, t r); +requires true; +ensures mem(x, remove(r, xs)) == (mem(x, xs) && x != r); @*/ diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/verification/verifast/proof/verifast_lock_predicates.h index 68f6a6148ca..9372b2b5fbf 100644 --- a/verification/verifast/proof/verifast_lock_predicates.h +++ b/verification/verifast/proof/verifast_lock_predicates.h @@ -28,7 +28,7 @@ predicate interruptState_p(uint32_t coreID, uint32_t state); fixpoint bool interruptsDisabled_f(uint32_t); predicate coreLocalInterruptInv_p() = - pointer(&pxCurrentTCBs[coreID_f], ?currentTCB) &*& + [0.5]pointer(&pxCurrentTCBs[coreID_f], ?currentTCB) &*& //pubTCB_p(currentTCB, 0) &*& integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) &*& coreLocalSeg_TCB_p(currentTCB, ?gCriticalNesting); @@ -85,17 +85,29 @@ predicate isrLockInv_p(); fixpoint int taskISRLockID_f(); predicate taskISRLockInv_p() = - integer_((void*) &uxSchedulerSuspended, sizeof(UBaseType_t), false, _) &*& - integer_(&xSchedulerRunning, sizeof(BaseType_t), true, _) + // Access to global variables + [0.5]pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB) &*& + integer_((void*) &uxSchedulerSuspended, sizeof(UBaseType_t), false, _) &*& + integer_(&xSchedulerRunning, sizeof(BaseType_t), true, _) &*& // top ready priority must be in range integer_((void*) &uxTopReadyPriority, sizeof(UBaseType_t), false, ?gTopReadyPriority) &*& 0 <= gTopReadyPriority &*& gTopReadyPriority < configMAX_PRIORITIES &*& - readyLists_p(?gCellLists, ?gOwnerLists) - &*& - // ∀owners ∈ gOwnerLists. ∀ow ∈ owners. sharedSeg_TCB_p(owner) - owned_sharedSeg_TCBs_p(gOwnerLists); + // tasks / TCBs + exists > >(?gTaskLists) + &*& + // ∀l ∈ gTaskLists. ∀t ∈ l. sharedSeg_TCB_p(l) + valid_sharedSeg_TCBs_p(gTaskLists) + &*& + readyLists_p(?gCellLists, ?gOwnerLists) + &*& + // gOwnerLists ⊆ gTaskLists + forall(gOwnerLists, (mem_list_elem)(gTaskLists)) == true + &*& + exists >(?gCurrentTCB_category) &*& + mem(gCurrentTCB_category, gTaskLists) == true &*& + mem(gCurrentTCB, gCurrentTCB_category) == true; lemma void produce_taskISRLockInv(); @@ -113,43 +125,53 @@ requires locked_p( cons( pair(_, taskISRLockID_f()), ?otherLocks) ) &*& ensures locked_p(otherLocks); +// Auxiliary function that allows us to partially apply the list argument. +// +// Notes: +// - Partial application of fixpoint functions in VeriFast is not documented. +// The syntax for partially application is `()()` +// - VeriFast only supports partially applying the first argument, e.g., +// `(mem)(0)` is allowed but `(mem)(_)(nil)` is not. +fixpoint bool mem_list_elem(list xs, t x) { + return mem(x, xs); +} -// ∀owners ∈ gOwnerLists. ∀ow ∈ owners. sharedSeg_TCB_p(owner) -predicate owned_sharedSeg_TCBs_p(list > ownerLists) = - foreach(ownerLists, foreach_sharedSeg_TCB_p); +// l ∈ taskLists. ∀t ∈ tasks. sharedSeg_TCB_p(t) +predicate valid_sharedSeg_TCBs_p(list > taskLists) = + foreach(taskLists, foreach_sharedSeg_TCB_p); -// ∀ow ∈ owners. sharedSeg_TCB_p(owner) -predicate foreach_sharedSeg_TCB_p(list owners) = - foreach(owners, sharedSeg_TCB_p); +// ∀t ∈ tasks. sharedSeg_TCB_p(t) +predicate foreach_sharedSeg_TCB_p(list tasks) = + foreach(tasks, sharedSeg_TCB_p); -lemma void open_owned_sharedSeg_TCBs(list > ownerLists, - list owners) +lemma void open_valid_sharedSeg_TCBs(list > taskLists, + list tasks) requires - owned_sharedSeg_TCBs_p(ownerLists) &*& - mem(owners, ownerLists) == true; + valid_sharedSeg_TCBs_p(taskLists) &*& + mem(tasks, taskLists) == true; ensures - owned_sharedSeg_TCBs_p(remove(owners, ownerLists)) &*& - foreach(owners, sharedSeg_TCB_p); + valid_sharedSeg_TCBs_p(remove(tasks, taskLists)) &*& + foreach(tasks, sharedSeg_TCB_p); { - open owned_sharedSeg_TCBs_p(ownerLists); - foreach_remove(owners, ownerLists); - close owned_sharedSeg_TCBs_p(remove(owners, ownerLists)); - open foreach_sharedSeg_TCB_p(owners); + open valid_sharedSeg_TCBs_p(taskLists); + foreach_remove(tasks, taskLists); + close valid_sharedSeg_TCBs_p(remove(tasks, taskLists)); + open foreach_sharedSeg_TCB_p(tasks); } -lemma void close_owned_sharedSeg_TCBs(list > ownerLists, - list owners) +lemma void close_valid_sharedSeg_TCBs(list > taskLists, + list tasks) requires - owned_sharedSeg_TCBs_p(remove(owners, ownerLists)) &*& - foreach(owners, sharedSeg_TCB_p) &*& - mem(owners, ownerLists) == true; + valid_sharedSeg_TCBs_p(remove(tasks, taskLists)) &*& + foreach(tasks, sharedSeg_TCB_p) &*& + mem(tasks, taskLists) == true; ensures - owned_sharedSeg_TCBs_p(ownerLists); + valid_sharedSeg_TCBs_p(taskLists); { - close foreach_sharedSeg_TCB_p(owners); - open owned_sharedSeg_TCBs_p(remove(owners, ownerLists)); - foreach_unremove(owners, ownerLists); - close owned_sharedSeg_TCBs_p(ownerLists); + close foreach_sharedSeg_TCB_p(tasks); + open valid_sharedSeg_TCBs_p(remove(tasks, taskLists)); + foreach_unremove(tasks, taskLists); + close valid_sharedSeg_TCBs_p(taskLists); } @*/ From 6f782b494a660d67777a90ee0e832e7b444b5bc0 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 1 Dec 2022 08:01:05 -0500 Subject: [PATCH 167/289] VF start script takes font size as 2nd param --- verification/verifast/start-vfide--preprocessed.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/verification/verifast/start-vfide--preprocessed.sh b/verification/verifast/start-vfide--preprocessed.sh index 38f833560c0..378c5741b94 100755 --- a/verification/verifast/start-vfide--preprocessed.sh +++ b/verification/verifast/start-vfide--preprocessed.sh @@ -13,8 +13,11 @@ PP_SCRIPT_DIR="$START_WD/custom_build_scripts_RP2040" PP_SCRIPT="./preprocess_tasks_c.sh" PP_TASK_C="$START_WD/preprocessed_files/tasks__pp.c" -#FONT_SIZE=20 FONT_SIZE=17 +if [ "$2" != "" ] +then + FONT_SIZE="$2" +fi # Flags to SKIP expensive proofs: # - VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT From cd3fa4e577b8adfd77484eba86f9552d236a05e3 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 1 Dec 2022 11:47:52 -0500 Subject: [PATCH 168/289] Added adaptation of Aalok's and Nathan's single-core proof for `uxListRemove` --- list.c | 477 +++++++++++++++++- tasks.c | 7 +- .../proof/single_core_proofs/scp_common.h | 5 +- .../single_core_proofs/scp_list_predicates.h | 2 +- 4 files changed, 484 insertions(+), 7 deletions(-) diff --git a/list.c b/list.c index c97b8cc8a3e..91ac6dea7ba 100644 --- a/list.c +++ b/list.c @@ -186,10 +186,154 @@ void vListInsert( List_t * const pxList, /*-----------------------------------------------------------*/ UBaseType_t uxListRemove( ListItem_t * const pxItemToRemove ) -{ +#ifndef VERIFAST_SINGLE_CORE + /* Reason for rewrite: + * Predicates `xLIST_ITEM`, `DLS` and `xLIST` have been extended to expose + * node owners. Proofs using these predicates must be adapted as well. + */ + + /*@requires + exists(?l) &*& + xLIST(l, ?len, ?idx, ?end, ?cells, ?vals, ?owners) &*& + end != pxItemToRemove &*& + mem(pxItemToRemove, cells) == true;@*/ + /*@ensures + result == len-1 &*& + xLIST_ITEM(pxItemToRemove, nth(index_of(pxItemToRemove, cells), vals), _, ?pxItemToRemovePrevious, nth(index_of(pxItemToRemove, cells), owners), NULL) &*& + pxItemToRemovePrevious == nth(index_of(pxItemToRemove, cells)-1, cells) &*& + xLIST(l, result, idx == pxItemToRemove ? pxItemToRemovePrevious : idx, end, remove(pxItemToRemove, cells), remove_nth(index_of(pxItemToRemove, cells), vals), remove_nth(index_of(pxItemToRemove, cells), owners)); + @*/ + { + /* For brevity we alias x to pxItemToRemove */ + /*@struct xLIST_ITEM *x = pxItemToRemove;@*/ + + /* Start by establishing that the list must be non-empty since x != end */ + /*@open xLIST(l, len, idx, end, cells, vals, owners);@*/ + /*@assert DLS(end, ?endprev, end, _, cells, vals, owners, l);@*/ + /*@assert vals == cons(portMAX_DELAY, _);@*/ + /*@dls_not_empty(end, endprev, cells, x);@*/ + + /* We know the xLIST is a DLS: end...endprev + Split this into DLS1:end...xprev and DLS2:x...endprev */ + /*@int i = index_of(x, cells);@*/ + /*@split(end, endprev, end, endprev, cells, vals, x, i);@*/ + /*@list ys = take(i, cells);@*/ + /*@list zs = drop(i, cells);@*/ + /*@list vs = take(i, vals);@*/ + /*@list ws = drop(i, vals);@*/ + /*@list ts = take(i, owners);@*/ + /*@list us = drop(i, owners);@*/ + /*@assert length(ys) == length(vs);@*/ + /*@assert length(zs) == length(ws);@*/ + /*@assert length(ts) == length(vs);@*/ + /*@assert length(us) == length(ws);@*/ + /*@assert DLS(end, endprev, x, ?xprev, ys, vs, ts, l);@*/ /*< DLS1 (ys, vs) */ + /*@assert DLS(x, xprev, end, endprev, zs, ws, us, l);@*/ /*< DLS2 (zs, ws) */ + + /* Now case split to open DLS1 and DLS2 appropriately */ + /*@ + if (end == xprev) + { + if (x == endprev) + { + //Case A + //DLS1: extract end=prev=next + open DLS(end, endprev, x, xprev, ys, vs, ts, l); + assert owners == cons(_, _); + open xLIST_ITEM(end, portMAX_DELAY, x, endprev, head(owners), l); + //DLS2: extract x + open DLS(x, xprev, end, endprev, zs, ws, us, l); + //Lengths + assert length(ys) == 1; + assert length(zs) == 1; + assert length(us) == 1; + } + else + { + //Case B + //DLS1: extract end=prev + open DLS(end, endprev, x, xprev, ys, vs, ts, l); + open xLIST_ITEM(end, portMAX_DELAY, x, endprev, head(owners), l); + //DLS2: extract next and x + open DLS(x, end, end, endprev, zs, ws, us, l); + assert DLS(?xnext, x, end, endprev, tail(zs), tail(ws), tail(us), l); + open DLS(xnext, x, end, endprev, tail(zs), tail(ws), tail(us), l); + open xLIST_ITEM(xnext, _, _, x, _, l); + //Lengths + assert length(ys) == 1; + } + } + else + { + if (x == endprev) + { + //Case C + //DLS1: extract end=next and prev + dls_last_mem(end, endprev, x, xprev, ys); + assert mem(xprev, ys) == true; + open DLS(end, endprev, x, xprev, ys, vs, ts, l); + open xLIST_ITEM(end, portMAX_DELAY, ?endnext, endprev, head(ts), l); + if (endnext == xprev) + { + open DLS(endnext, end, x, xprev, tail(ys), tail(vs), tail(ts), l); + open xLIST_ITEM(xprev, _, x, _, _, l); + } + else + { + assert DLS(endnext, end, x, xprev, tail(ys), tail(vs), tail(ts), l); + int k = index_of(xprev, tail(ys)); + dls_last_mem(endnext, end, x, xprev, tail(ys)); + split(endnext, end, x, xprev, tail(ys), tail(vs), xprev, k); + open DLS(xprev, _, x, xprev, _, _, _, l); + open xLIST_ITEM(xprev, _, x, _, _, l); + } + //DLS2: extract x + open DLS(x, xprev, end, endprev, zs, ws, us, l); + //Lengths + assert length(zs) == 1; + } + else + { + //Case D + //DLS1: extract prev + dls_last_mem(end, endprev, x, xprev, ys); + int j = index_of(xprev, ys); + open DLS(end, endprev, x, xprev, ys, vs, ts, l); + open xLIST_ITEM(end, portMAX_DELAY, ?endnext, endprev, head(ts), l); + if (endnext == xprev) + { + open DLS(endnext, end, x, xprev, tail(ys), tail(vs), tail(ts), l); + assert tail(ys) == singleton(xprev); + open xLIST_ITEM(xprev, _, x, _, _, l); + } + else + { + assert DLS(endnext, end, x, xprev, tail(ys), tail(vs), tail(ts), l); + int k = index_of(xprev, tail(ys)); + dls_last_mem(endnext, end, x, xprev, tail(ys)); + split(endnext, end, x, xprev, tail(ys), tail(vs), xprev, k); + open DLS(xprev, _, x, xprev, _, _, _, l); + open xLIST_ITEM(xprev, _, x, _, _, l); + } + //DLS2: extract next and x + open DLS(x, xprev, end, endprev, zs, ws, us, l); + assert xLIST_ITEM(x, _, ?xnext, _, _, l); + open DLS(xnext, x, end, endprev, tail(zs), tail(ws), tail(us), l); + open xLIST_ITEM(xnext, _, _, x, _, l); + } + } + @*/ + /*@drop_nth_index_of(vals, i);@*/ + /*@drop_nth_index_of(owners, i);@*/ + /*@open xLIST_ITEM(x, nth(i, vals), ?xnext, xprev, nth(i, owners), l);@*/ + /* The list item knows which list it is in. Obtain the list from the list * item. */ +#ifdef VERIFAST /*< const pointer declaration */ + List_t * pxList = pxItemToRemove->pxContainer; +#else List_t * const pxList = pxItemToRemove->pxContainer; +#endif pxItemToRemove->pxNext->pxPrevious = pxItemToRemove->pxPrevious; pxItemToRemove->pxPrevious->pxNext = pxItemToRemove->pxNext; @@ -211,5 +355,336 @@ UBaseType_t uxListRemove( ListItem_t * const pxItemToRemove ) ( pxList->uxNumberOfItems )--; return pxList->uxNumberOfItems; + + /*@ + // Reassemble DLS1 and a modified DLS2, which no longer includes x + if (end == xprev) + { + if (x == endprev) + { + //Case A + close xLIST_ITEM(end, portMAX_DELAY, _, _, _, _); + close DLS(end, end, end, end, singleton(end), singleton(portMAX_DELAY), singleton(head(owners)), l); + } + else + { + //Case B + close xLIST_ITEM(xprev, _, xnext, endprev, head(owners), l); + close DLS(end, endprev, xnext, xprev, singleton(end), singleton(portMAX_DELAY), singleton(head(owners)), l); + close xLIST_ITEM(xnext, _, _, xprev, _, l); + close DLS(xnext, xprev, end, endprev, tail(zs), tail(ws), tail(us), l); + join(end, endprev, xnext, xprev, singleton(end), singleton(portMAX_DELAY), + xnext, xprev, end, endprev, tail(zs), tail(ws)); + } + } + else + { + if (x == endprev) + { + //Case C + close xLIST_ITEM(end, _, ?endnext, xprev, head(ts), l); + close xLIST_ITEM(xprev, ?xprev_val, end, _, ?xprev_owner, l); + if (endnext == xprev) + { + close DLS(xprev, end, end, xprev, singleton(xprev), singleton(xprev_val), singleton(xprev_owner), l); + close DLS(end, xprev, end, xprev, cons(end, singleton(xprev)), cons(portMAX_DELAY, singleton(xprev_val)), cons(head(ts), singleton(xprev_owner)), l); + } + else + { + close DLS(xprev, ?xprevprev, xnext, xprev, singleton(xprev), singleton(xprev_val), singleton(xprev_owner), l); + assert DLS(endnext, end, xprev, xprevprev, ?cells_endnext_to_xprevprev, ?vals_endnext_to_xprevprev, _, l); + join(endnext, end, xprev, xprevprev, cells_endnext_to_xprevprev, vals_endnext_to_xprevprev, + xprev, xprevprev, xnext, xprev, singleton(xprev), singleton(xprev_val)); + close DLS(end, xprev, end, xprev, ys, vs, ts, l); + } + } + else + { + //Case D + close xLIST_ITEM(xnext, _, ?xnextnext, xprev, ?xnext_owner, l); + close DLS(xnext, xprev, end, endprev, tail(zs), tail(ws), tail(us), l); + close xLIST_ITEM(end, _, ?endnext, endprev, head(ts), l); + close xLIST_ITEM(xprev, ?xprev_val, xnext, _, ?xprev_owner, l); + if (endnext == xprev) + { + close DLS(xprev, _, xnext, xprev, singleton(xprev), singleton(xprev_val), singleton(xprev_owner), l); + close DLS(end, endprev, xnext, xprev, ys, vs, ts, l); + join(end, endprev, xnext, xprev, ys, vs, + xnext, xprev, end, endprev, tail(zs), tail(ws)); + } + else + { + close DLS(xprev, ?xprevprev, xnext, xprev, singleton(xprev), singleton(xprev_val), singleton(xprev_owner), l); + assert DLS(endnext, end, xprev, xprevprev, ?cells_endnext_to_xprevprev, ?vals_endnext_to_xprevprev, _, l); + join(endnext, end, xprev, xprevprev, cells_endnext_to_xprevprev, vals_endnext_to_xprevprev, + xprev, xprevprev, xnext, xprev, singleton(xprev), singleton(xprev_val)); + close DLS(end, endprev, xnext, xprev, ys, vs, ts, l); + join(end, endprev, xnext, xprev, ys, vs, + xnext, xprev, end, endprev, tail(zs), tail(ws)); + } + } + } + @*/ + /*@remove_remove_nth(cells, x);@*/ + /*@ + if (idx == x) + { + close xLIST(l, len-1, xprev, end, append(ys, tail(zs)), append(vs, tail(ws)), append(ts, tail(us))); + } + else + { + idx_remains_in_list(cells, idx, x, i); + close xLIST(l, len-1, idx, end, append(ys, tail(zs)), append(vs, tail(ws)), append(ts, tail(us))); + } + @*/ + /*@close xLIST_ITEM(x, nth(i, vals), xnext, xprev, nth(i, owners), NULL);@*/ } +#else + // Contract and proof written by Aalok Thakkar and Nathan Chong for the + // single-core setup in 2020. + + /*@requires + exists(?l) &*& + xLIST(l, ?len, ?idx, ?end, ?cells, ?vals) &*& + end != pxItemToRemove &*& + mem(pxItemToRemove, cells) == true;@*/ + /*@ensures + result == len-1 &*& + xLIST_ITEM(pxItemToRemove, nth(index_of(pxItemToRemove, cells), vals), _, ?pxItemToRemovePrevious, NULL) &*& + pxItemToRemovePrevious == nth(index_of(pxItemToRemove, cells)-1, cells) &*& + xLIST(l, result, idx == pxItemToRemove ? pxItemToRemovePrevious : idx, end, remove(pxItemToRemove, cells), remove_nth(index_of(pxItemToRemove, cells), vals));@*/ + { + /* For brevity we alias x to pxItemToRemove */ + /*@struct xLIST_ITEM *x = pxItemToRemove;@*/ + + /* Start by establishing that the list must be non-empty since x != end */ + /*@open xLIST(l, len, idx, end, cells, vals);@*/ + /*@assert DLS(end, ?endprev, end, _, cells, vals, l);@*/ + /*@assert vals == cons(portMAX_DELAY, _);@*/ + /*@dls_not_empty(end, endprev, cells, x);@*/ + + /* We know the xLIST is a DLS: end...endprev + Split this into DLS1:end...xprev and DLS2:x...endprev */ + /*@int i = index_of(x, cells);@*/ + /*@split(end, endprev, end, endprev, cells, vals, x, i);@*/ + /*@list ys = take(i, cells);@*/ + /*@list zs = drop(i, cells);@*/ + /*@list vs = take(i, vals);@*/ + /*@list ws = drop(i, vals);@*/ + /*@assert length(ys) == length(vs);@*/ + /*@assert length(zs) == length(ws);@*/ + /*@assert DLS(end, endprev, x, ?xprev, ys, vs, l);@*/ /*< DLS1 (ys, vs) */ + /*@assert DLS(x, xprev, end, endprev, zs, ws, l);@*/ /*< DLS2 (zs, ws) */ + + /* Now case split to open DLS1 and DLS2 appropriately */ + /*@ + if (end == xprev) + { + if (x == endprev) + { + //Case A + //DLS1: extract end=prev=next + open DLS(end, endprev, x, xprev, ys, vs, l); + open xLIST_ITEM(end, portMAX_DELAY, x, endprev, l); + //DLS2: extract x + open DLS(x, xprev, end, endprev, zs, ws, l); + //Lengths + assert length(ys) == 1; + assert length(zs) == 1; + } + else + { + //Case B + //DLS1: extract end=prev + open DLS(end, endprev, x, xprev, ys, vs, l); + open xLIST_ITEM(end, portMAX_DELAY, x, endprev, l); + //DLS2: extract next and x + open DLS(x, end, end, endprev, zs, ws, l); + assert DLS(?xnext, x, end, endprev, tail(zs), tail(ws), l); + open DLS(xnext, x, end, endprev, tail(zs), tail(ws), l); + open xLIST_ITEM(xnext, _, _, x, l); + //Lengths + assert length(ys) == 1; + } + } + else + { + if (x == endprev) + { + //Case C + //DLS1: extract end=next and prev + dls_last_mem(end, endprev, x, xprev, ys); + assert mem(xprev, ys) == true; + open DLS(end, endprev, x, xprev, ys, vs, l); + open xLIST_ITEM(end, portMAX_DELAY, ?endnext, endprev, l); + if (endnext == xprev) + { + open DLS(endnext, end, x, xprev, tail(ys), tail(vs), l); + open xLIST_ITEM(xprev, _, x, _, l); + } + else + { + assert DLS(endnext, end, x, xprev, tail(ys), tail(vs), l); + int k = index_of(xprev, tail(ys)); + dls_last_mem(endnext, end, x, xprev, tail(ys)); + split(endnext, end, x, xprev, tail(ys), tail(vs), xprev, k); + open DLS(xprev, _, x, xprev, _, _, l); + open xLIST_ITEM(xprev, _, x, _, l); + } + //DLS2: extract x + open DLS(x, xprev, end, endprev, zs, ws, l); + //Lengths + assert length(zs) == 1; + } + else + { + //Case D + //DLS1: extract prev + dls_last_mem(end, endprev, x, xprev, ys); + int j = index_of(xprev, ys); + open DLS(end, endprev, x, xprev, ys, vs, l); + open xLIST_ITEM(end, portMAX_DELAY, ?endnext, endprev, l); + if (endnext == xprev) + { + open DLS(endnext, end, x, xprev, tail(ys), tail(vs), l); + assert tail(ys) == singleton(xprev); + open xLIST_ITEM(xprev, _, x, _, l); + } + else + { + assert DLS(endnext, end, x, xprev, tail(ys), tail(vs), l); + int k = index_of(xprev, tail(ys)); + dls_last_mem(endnext, end, x, xprev, tail(ys)); + split(endnext, end, x, xprev, tail(ys), tail(vs), xprev, k); + open DLS(xprev, _, x, xprev, _, _, l); + open xLIST_ITEM(xprev, _, x, _, l); + } + //DLS2: extract next and x + open DLS(x, xprev, end, endprev, zs, ws, l); + assert xLIST_ITEM(x, _, ?xnext, _, l); + open DLS(xnext, x, end, endprev, tail(zs), tail(ws), l); + open xLIST_ITEM(xnext, _, _, x, l); + } + } + @*/ + /*@drop_nth_index_of(vals, i);@*/ + /*@open xLIST_ITEM(x, nth(i, vals), ?xnext, xprev, l);@*/ + + /* The list item knows which list it is in. Obtain the list from the list + * item. */ + #ifdef VERIFAST /*< const pointer declaration */ + List_t * pxList = pxItemToRemove->pxContainer; + #else + List_t * const pxList = pxItemToRemove->pxContainer; + #endif + + pxItemToRemove->pxNext->pxPrevious = pxItemToRemove->pxPrevious; + pxItemToRemove->pxPrevious->pxNext = pxItemToRemove->pxNext; + + /* Only used during decision coverage testing. */ + mtCOVERAGE_TEST_DELAY(); + + /* Make sure the index is left pointing to a valid item. */ + if( pxList->pxIndex == pxItemToRemove ) + { + pxList->pxIndex = pxItemToRemove->pxPrevious; + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + pxItemToRemove->pxContainer = NULL; + ( pxList->uxNumberOfItems )--; + + return pxList->uxNumberOfItems; + + /*@ + // Reassemble DLS1 and a modified DLS2, which no longer includes x + if (end == xprev) + { + if (x == endprev) + { + //Case A + close xLIST_ITEM(end, portMAX_DELAY, _, _, _); + close DLS(end, end, end, end, singleton(end), singleton(portMAX_DELAY), l); + } + else + { + //Case B + close xLIST_ITEM(xprev, _, xnext, endprev, l); + close DLS(end, endprev, xnext, xprev, singleton(end), singleton(portMAX_DELAY), l); + close xLIST_ITEM(xnext, _, _, xprev, l); + close DLS(xnext, xprev, end, endprev, tail(zs), tail(ws), l); + join(end, endprev, xnext, xprev, singleton(end), singleton(portMAX_DELAY), + xnext, xprev, end, endprev, tail(zs), tail(ws)); + } + } + else + { + if (x == endprev) + { + //Case C + close xLIST_ITEM(end, _, ?endnext, xprev, l); + close xLIST_ITEM(xprev, ?xprev_val, end, _, l); + if (endnext == xprev) + { + close DLS(xprev, end, end, xprev, singleton(xprev), singleton(xprev_val), l); + close DLS(end, xprev, end, xprev, cons(end, singleton(xprev)), cons(portMAX_DELAY, singleton(xprev_val)), l); + } + else + { + close DLS(xprev, ?xprevprev, xnext, xprev, singleton(xprev), singleton(xprev_val), l); + assert DLS(endnext, end, xprev, xprevprev, ?cells_endnext_to_xprevprev, ?vals_endnext_to_xprevprev, l); + join(endnext, end, xprev, xprevprev, cells_endnext_to_xprevprev, vals_endnext_to_xprevprev, + xprev, xprevprev, xnext, xprev, singleton(xprev), singleton(xprev_val)); + close DLS(end, xprev, end, xprev, ys, vs, l); + } + } + else + { + //Case D + close xLIST_ITEM(xnext, _, ?xnextnext, xprev, l); + close DLS(xnext, xprev, end, endprev, tail(zs), tail(ws), l); + close xLIST_ITEM(end, _, ?endnext, endprev, l); + close xLIST_ITEM(xprev, ?xprev_val, xnext, _, l); + if (endnext == xprev) + { + close DLS(xprev, _, xnext, xprev, singleton(xprev), singleton(xprev_val), l); + close DLS(end, endprev, xnext, xprev, ys, vs, l); + join(end, endprev, xnext, xprev, ys, vs, + xnext, xprev, end, endprev, tail(zs), tail(ws)); + } + else + { + close DLS(xprev, ?xprevprev, xnext, xprev, singleton(xprev), singleton(xprev_val), l); + assert DLS(endnext, end, xprev, xprevprev, ?cells_endnext_to_xprevprev, ?vals_endnext_to_xprevprev, l); + join(endnext, end, xprev, xprevprev, cells_endnext_to_xprevprev, vals_endnext_to_xprevprev, + xprev, xprevprev, xnext, xprev, singleton(xprev), singleton(xprev_val)); + close DLS(end, endprev, xnext, xprev, ys, vs, l); + join(end, endprev, xnext, xprev, ys, vs, + xnext, xprev, end, endprev, tail(zs), tail(ws)); + } + } + } + @*/ + /*@remove_remove_nth(cells, x);@*/ + /*@ + if (idx == x) + { + close xLIST(l, len-1, xprev, end, append(ys, tail(zs)), append(vs, tail(ws))); + } + else + { + idx_remains_in_list(cells, idx, x, i); + close xLIST(l, len-1, idx, end, append(ys, tail(zs)), append(vs, tail(ws))); + } + @*/ + /*@close xLIST_ITEM(x, nth(i, vals), xnext, xprev, NULL);@*/ + } + + + +#endif /* VERIFAST_SINGLE_CORE */ + /*-----------------------------------------------------------*/ diff --git a/tasks.c b/tasks.c index 553e4d9e4eb..0e6a02de027 100644 --- a/tasks.c +++ b/tasks.c @@ -31,13 +31,14 @@ //@ #include //@ #include "list.gh" + //@ #include /* The following includes will be visible to VeriFast in the preprocessed * code. VeriFast requires includes to occur befor definitions. Hence, * all includes visible to VeriFast must occur before the preprocessed * ones. */ - //VF_include #include "FreeRTOSConfig.h" + //VF_macro #include "FreeRTOSConfig.h" //VF_macro #define NULL 0 #endif /* VERIFAST */ @@ -1217,8 +1218,12 @@ static void prvYieldForTask( TCB_t * pxTCB, } } + //@ close xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners); + if( xTaskScheduled != pdFALSE ) { + //@ close exists(gReadyList); + /* Once a task has been selected to run on this core, * move it to the end of the ready task list. */ uxListRemove( pxTaskItem ); diff --git a/verification/verifast/proof/single_core_proofs/scp_common.h b/verification/verifast/proof/single_core_proofs/scp_common.h index a1ade6f148c..1c3f72ec93f 100644 --- a/verification/verifast/proof/single_core_proofs/scp_common.h +++ b/verification/verifast/proof/single_core_proofs/scp_common.h @@ -60,9 +60,6 @@ fixpoint list singleton(t x) { return cons(x, nil); } -@*/ -#ifdef VERIFAST_TODO - lemma void note(bool b) requires b; ensures b; @@ -630,6 +627,6 @@ lemma void combine_list_update(listprefix, t x, listsuffix, int i, list } @*/ -#endif /* VERIFAST_TODO */ + #endif /* SCP_COMMON_H */ diff --git a/verification/verifast/proof/single_core_proofs/scp_list_predicates.h b/verification/verifast/proof/single_core_proofs/scp_list_predicates.h index 9b8ac49dfb5..57c3c7fbf62 100644 --- a/verification/verifast/proof/single_core_proofs/scp_list_predicates.h +++ b/verification/verifast/proof/single_core_proofs/scp_list_predicates.h @@ -683,7 +683,7 @@ @*/ #endif /* VERIFAST_SINGLE_CORE */ -#ifdef VERIFAST_TODO +/*@ lemma void idx_remains_in_list( list cells, t idx, From 122ecdeac09a1d252a5def35c74d814d422c9be8 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 1 Dec 2022 12:48:43 -0500 Subject: [PATCH 169/289] Proved that call to `uxListRemove` in `prvSelectHighestPriorityTask`is safe. --- tasks.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/tasks.c b/tasks.c index 0e6a02de027..57fc0d3efdf 100644 --- a/tasks.c +++ b/tasks.c @@ -1064,7 +1064,7 @@ static void prvYieldForTask( TCB_t * pxTCB, pointer(&pxCurrentTCBs[coreID_f], gCurrentTCB) &*& mem(pxTaskItem, gCells) == true &*& xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners) &*& -// foreach(gOwners, sharedSeg_TCB_p); + gSize > 0 &*& valid_sharedSeg_TCBs_p(gTaskLists) &*& mem(gOwners, gTaskLists) == true &*& mem(gCurrentTCB, gCurrentTCB_category) == true &*& @@ -1089,12 +1089,20 @@ static void prvYieldForTask( TCB_t * pxTCB, if( ( void * ) pxTaskItem == ( void * ) &( pxReadyList->xListEnd ) ) { - //@ DLS_open_2(gTaskItem_1); + //@ open DLS(gEnd, gEndPrev2, gEnd, gEndPrev2, gCells, gVals, gOwners, gReadyList); + + // Prove that `gTaskItem_1->pxNext != gEnd` + //@ open DLS(?gTaskItem_1_next, _, gEnd, gEndPrev2, _, _, _, gReadyList); + //@ assert( gTaskItem_1_next != gEnd ); + /*@ close DLS(gTaskItem_1_next, _, gEnd, gEndPrev2, + tail(gCells), tail(gVals), tail(gOwners), _); + @*/ + pxTaskItem = pxTaskItem->pxNext; //@ struct xLIST_ITEM* gTaskItem_2 = pxTaskItem; //@ close xLIST_ITEM(gTaskItem_1, _, _, _, _, gReadyList); - //@ DLS_close_2(gTaskItem_1, gCells, gVals, gOwners); + //@ close DLS(gEnd, gEndPrev2, gEnd, gEndPrev2, gCells, gVals, gOwners, gReadyList); } //@ struct xLIST_ITEM* gTaskItem_final = pxTaskItem; From 0633baba2fc7bfe6981dc5cd7072c737de90b4a5 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 1 Dec 2022 12:54:52 -0500 Subject: [PATCH 170/289] Added single-core proof for `vListInsertEnd` by Aalok Thakkar and Nathan Chong. --- list.c | 421 ++++++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 401 insertions(+), 20 deletions(-) diff --git a/list.c b/list.c index 91ac6dea7ba..b1d67fb9029 100644 --- a/list.c +++ b/list.c @@ -86,32 +86,413 @@ void vListInitialiseItem( ListItem_t * const pxItem ) void vListInsertEnd( List_t * const pxList, ListItem_t * const pxNewListItem ) -{ - ListItem_t * const pxIndex = pxList->pxIndex; +#ifndef VERIFAST_SINGLE_CORE + /* Reason for rewrite: + * Predicates `xLIST_ITEM`, `DLS` and `xLIST` have been extended to expose + * node owners. Proofs using these predicates must be adapted as well. + */ + + // TODO: Adapt contract and proof to new version of predicates. - /* Only effective when configASSERT() is also defined, these tests may catch - * the list data structures being overwritten in memory. They will not catch - * data errors caused by incorrect configuration or use of FreeRTOS. */ - listTEST_LIST_INTEGRITY( pxList ); - listTEST_LIST_ITEM_INTEGRITY( pxNewListItem ); + /*@requires xLIST(pxList, ?len, ?idx, ?end, ?cells, ?vals) &*& + xLIST_ITEM(pxNewListItem, ?val, _, _, _);@*/ + /*@ensures xLIST(pxList, len+1, idx, end, ?new_cells, ?new_vals) &*& + idx == end + ? (new_cells == append(cells, singleton(pxNewListItem)) &*& + new_vals == append(vals, singleton(val))) + : (new_cells == append(take(index_of(idx, cells), cells), append(singleton(pxNewListItem), drop(index_of(idx, cells), cells))) &*& + new_vals == append(take(index_of(idx, cells), vals), append(singleton(val), drop(index_of(idx, cells), vals))));@*/ + { + /*@xLIST_star_item(pxList, pxNewListItem);@*/ + /*@assert mem(pxNewListItem, cells) == false;@*/ + /*@open xLIST(pxList, len, idx, end, cells, vals);@*/ + #ifdef VERIFAST /*< const pointer declaration */ + ListItem_t * pxIndex = pxList->pxIndex; + #else + ListItem_t * const pxIndex = pxList->pxIndex; - /* Insert a new list item into pxList, but rather than sort the list, - * makes the new list item the last item to be removed by a call to - * listGET_OWNER_OF_NEXT_ENTRY(). */ - pxNewListItem->pxNext = pxIndex; - pxNewListItem->pxPrevious = pxIndex->pxPrevious; + /* Only effective when configASSERT() is also defined, these tests may catch + * the list data structures being overwritten in memory. They will not catch + * data errors caused by incorrect configuration or use of FreeRTOS. */ + listTEST_LIST_INTEGRITY( pxList ); + listTEST_LIST_ITEM_INTEGRITY( pxNewListItem ); + #endif - /* Only used during decision coverage testing. */ - mtCOVERAGE_TEST_DELAY(); + /*@open xLIST_ITEM(pxNewListItem, _, _, _, _);@*/ + /*@assert DLS(end, ?endprev, end, _, cells, vals, pxList);@*/ + /*@dls_first_mem(end, endprev, end, endprev, cells);@*/ + /*@dls_last_mem(end, endprev, end, endprev, cells);@*/ + /*@ + if (end == idx) + { + open DLS(end, endprev, end, endprev, cells, vals, pxList); + open xLIST_ITEM(end, portMAX_DELAY, ?endnext, endprev, pxList); + if (end == endprev) + { + // Case A (singleton): idx==end==endprev + } + else + { + assert DLS(endnext, end, end, endprev, tail(cells), tail(vals), pxList); + if (endnext == endprev) + { + // Case B (two): idx==end and endnext==endprev + open DLS(endnext, end, end, endnext, _, _, _); + open xLIST_ITEM(endnext, _, _, _, _); + } + else + { + // Case C: idx==end and DLS:endnext...endprev + split(endnext, end, end, endprev, tail(cells), tail(vals), endprev, index_of(endprev, tail(cells))); + open DLS(endprev, _, _, _, _, _, _); + open xLIST_ITEM(endprev, _, _, _, _); + } + } + } + else + { + int i = index_of(idx, cells); + split(end, endprev, end, endprev, cells, vals, idx, i); + assert DLS(end, endprev, idx, ?idxprev, take(i, cells), take(i, vals), pxList); + assert DLS(idx, idxprev, end, endprev, drop(i, cells), drop(i, vals), pxList); + open DLS(idx, idxprev, end, endprev, _, _, _); + open xLIST_ITEM(idx, _, _, _, _); + if (end == idxprev) + { + // Case D: end==idxprev and DLS:idx...endprev + take_take(1, i, vals); + take_head(vals); + open DLS(end, endprev, idx, idxprev, take(i, cells), take(i, vals), pxList); + open xLIST_ITEM(end, portMAX_DELAY, _, _, _); + assert length(take(i, cells)) == 1; + } + else + { + // Case E: DLS:end...idxprev and DLS:idx...endprev + dls_last_mem(end, endprev, idx, idxprev, take(i, cells)); + split(end, endprev, idx, idxprev, take(i, cells), take(i, vals), idxprev, index_of(idxprev, take(i, cells))); + open DLS(idxprev, _, _, idxprev, _, _, _); + length_take(i, cells); + drop_take_singleton(i, vals); + open xLIST_ITEM(idxprev, nth(i-1, vals), _, _, _); + } + } + @*/ - pxIndex->pxPrevious->pxNext = pxNewListItem; - pxIndex->pxPrevious = pxNewListItem; + /* Insert a new list item into pxList, but rather than sort the list, + * makes the new list item the last item to be removed by a call to + * listGET_OWNER_OF_NEXT_ENTRY(). */ + pxNewListItem->pxNext = pxIndex; + pxNewListItem->pxPrevious = pxIndex->pxPrevious; - /* Remember which list the item is in. */ - pxNewListItem->pxContainer = pxList; + /* Only used during decision coverage testing. */ + mtCOVERAGE_TEST_DELAY(); - ( pxList->uxNumberOfItems )++; -} + pxIndex->pxPrevious->pxNext = pxNewListItem; + pxIndex->pxPrevious = pxNewListItem; + + /* Remember which list the item is in. */ + pxNewListItem->pxContainer = pxList; + + ( pxList->uxNumberOfItems )++; + + /*@ + if (end == idx) + { + close xLIST_ITEM(pxNewListItem, val, end, endprev, pxList); + close DLS(pxNewListItem, endprev, end, pxNewListItem, singleton(pxNewListItem), singleton(val), pxList); + close xLIST_ITEM(end, portMAX_DELAY, ?endnext, pxNewListItem, pxList); + if (end == endprev) + { + // Case A (singleton): idx==end==endprev + close DLS(end, pxNewListItem, endnext, end, cells, vals, pxList); + join(end, pxNewListItem, endnext, end, cells, vals, + pxNewListItem, endprev, end, pxNewListItem, singleton(pxNewListItem), singleton(val)); + close xLIST(pxList, len+1, idx, end, append(cells, singleton(pxNewListItem)), append(vals, singleton(val))); + } + else + { + close xLIST_ITEM(endprev, ?endprevval, pxNewListItem, ?endprevprev, _); + if (endnext == endprev) + { + // Case B (two): idx==end and endnext==endprev + close DLS(endprev, end, pxNewListItem, endprev, singleton(endprev), singleton(endprevval), pxList); + close DLS(end, pxNewListItem, pxNewListItem, endprev, cells, vals, pxList); + join(end, pxNewListItem, pxNewListItem, endprev, cells, vals, + pxNewListItem, endprev, end, pxNewListItem, singleton(pxNewListItem), singleton(val)); + close xLIST(pxList, len+1, idx, end, append(cells, singleton(pxNewListItem)), append(vals, singleton(val))); + } + else + { + // Case C: idx==end and DLS:endnext...endprev + close DLS(endprev, endprevprev, pxNewListItem, endprev, singleton(endprev), singleton(endprevval), pxList); + assert DLS(endnext, end, endprev, endprevprev, ?cells_endnext_to_endprevprev, ?vals_endnext_to_endprevprev, pxList); + join(endnext, end, endprev, endprevprev, cells_endnext_to_endprevprev, vals_endnext_to_endprevprev, + endprev, endprevprev, pxNewListItem, endprev, singleton(endprev), singleton(endprevval)); + close DLS(end, pxNewListItem, pxNewListItem, endprev, cells, vals, pxList); + join(end, pxNewListItem, pxNewListItem, endprev, cells, vals, + pxNewListItem, endprev, end, pxNewListItem, singleton(pxNewListItem), singleton(val)); + close xLIST(pxList, len+1, idx, end, append(cells, singleton(pxNewListItem)), append(vals, singleton(val))); + } + } + } + else + { + // Case D: end==idxprev and DLS:idx...endprev + // Case E: DLS:end...idxprev and DLS:idx...endprev + int i = index_of(idx, cells); + close xLIST_ITEM(pxNewListItem, val, idx, ?idxprev, pxList); + close xLIST_ITEM(idx, ?idxval, ?idxnext, pxNewListItem, pxList); + nth_drop2(vals, i); + assert idxval == nth(i, vals); + close xLIST_ITEM(idxprev, ?idxprevval, pxNewListItem, ?idxprevprev, pxList); + + if (end == idxprev) + { + close DLS(end, endprev, pxNewListItem, end, singleton(end), singleton(portMAX_DELAY), pxList); + } + else + { + length_take(i, cells); + take_take(i-1, i, vals); + take_singleton(i-1, vals); + take_singleton(i, vals); + assert DLS(end, endprev, idxprev, idxprevprev, ?cells_end_to_idxprevprev, take(i-1, vals), pxList); + close DLS(idxprev, idxprevprev, pxNewListItem, idxprev, singleton(idxprev), singleton(idxprevval), pxList); + join(end, endprev, idxprev, idxprevprev, cells_end_to_idxprevprev, take(i-1, vals), + idxprev, idxprevprev, pxNewListItem, idxprev, singleton(idxprev), singleton(idxprevval)); + } + + if (idx == endprev) + { + close DLS(idx, pxNewListItem, end, idx, singleton(idx), singleton(idxval), pxList); + } + else + { + assert DLS(end, endprev, pxNewListItem, idxprev, ?cells_end_to_idxprev, ?vals_end_to_idxprev, pxList); + close DLS(idx, pxNewListItem, end, endprev, drop(i, cells), drop(i, vals), pxList); + } + + assert DLS(end, endprev, pxNewListItem, idxprev, take(i, cells), take(i, vals), pxList); + assert DLS(idx, pxNewListItem, end, endprev, drop(i, cells), drop(i, vals), pxList); + assert xLIST_ITEM(pxNewListItem, val, idx, idxprev, pxList); + dls_star_item(idx, endprev, pxNewListItem); + close DLS(pxNewListItem, idxprev, end, endprev, cons(pxNewListItem, drop(i, cells)), cons(val, drop(i, vals)), pxList); + join(end, endprev, pxNewListItem, idxprev, take(i, cells), take(i, vals), + pxNewListItem, idxprev, end, endprev, cons(pxNewListItem, drop(i, cells)), cons(val, drop(i, vals))); + assert DLS(end, endprev, end, endprev, ?cells_new, ?vals_new, pxList); + assert cells_new == append(take(i, cells), append(singleton(pxNewListItem), drop(i, cells))); + assert vals_new == append(take(i, vals) , append(singleton(val), drop(i, vals))); + head_append(take(i, cells), append(singleton(pxNewListItem), drop(i, cells))); + take_take(1, i, cells); + head_append(take(i, vals), append(singleton(val), drop(i, vals))); + take_take(1, i, vals); + close xLIST(pxList, len+1, idx, end, cells_new, vals_new); + } + @*/ + } +#else + /* The contract and proof below have been wirtten by Aalok Thakkar and Nathan + * Chong in 2020 for the single-core setup. + */ + /*@requires xLIST(pxList, ?len, ?idx, ?end, ?cells, ?vals) &*& + xLIST_ITEM(pxNewListItem, ?val, _, _, _);@*/ + /*@ensures xLIST(pxList, len+1, idx, end, ?new_cells, ?new_vals) &*& + idx == end + ? (new_cells == append(cells, singleton(pxNewListItem)) &*& + new_vals == append(vals, singleton(val))) + : (new_cells == append(take(index_of(idx, cells), cells), append(singleton(pxNewListItem), drop(index_of(idx, cells), cells))) &*& + new_vals == append(take(index_of(idx, cells), vals), append(singleton(val), drop(index_of(idx, cells), vals))));@*/ + { + /*@xLIST_star_item(pxList, pxNewListItem);@*/ + /*@assert mem(pxNewListItem, cells) == false;@*/ + /*@open xLIST(pxList, len, idx, end, cells, vals);@*/ + #ifdef VERIFAST /*< const pointer declaration */ + ListItem_t * pxIndex = pxList->pxIndex; + #else + ListItem_t * const pxIndex = pxList->pxIndex; + + /* Only effective when configASSERT() is also defined, these tests may catch + * the list data structures being overwritten in memory. They will not catch + * data errors caused by incorrect configuration or use of FreeRTOS. */ + listTEST_LIST_INTEGRITY( pxList ); + listTEST_LIST_ITEM_INTEGRITY( pxNewListItem ); + #endif + + /*@open xLIST_ITEM(pxNewListItem, _, _, _, _);@*/ + /*@assert DLS(end, ?endprev, end, _, cells, vals, pxList);@*/ + /*@dls_first_mem(end, endprev, end, endprev, cells);@*/ + /*@dls_last_mem(end, endprev, end, endprev, cells);@*/ + /*@ + if (end == idx) + { + open DLS(end, endprev, end, endprev, cells, vals, pxList); + open xLIST_ITEM(end, portMAX_DELAY, ?endnext, endprev, pxList); + if (end == endprev) + { + // Case A (singleton): idx==end==endprev + } + else + { + assert DLS(endnext, end, end, endprev, tail(cells), tail(vals), pxList); + if (endnext == endprev) + { + // Case B (two): idx==end and endnext==endprev + open DLS(endnext, end, end, endnext, _, _, _); + open xLIST_ITEM(endnext, _, _, _, _); + } + else + { + // Case C: idx==end and DLS:endnext...endprev + split(endnext, end, end, endprev, tail(cells), tail(vals), endprev, index_of(endprev, tail(cells))); + open DLS(endprev, _, _, _, _, _, _); + open xLIST_ITEM(endprev, _, _, _, _); + } + } + } + else + { + int i = index_of(idx, cells); + split(end, endprev, end, endprev, cells, vals, idx, i); + assert DLS(end, endprev, idx, ?idxprev, take(i, cells), take(i, vals), pxList); + assert DLS(idx, idxprev, end, endprev, drop(i, cells), drop(i, vals), pxList); + open DLS(idx, idxprev, end, endprev, _, _, _); + open xLIST_ITEM(idx, _, _, _, _); + if (end == idxprev) + { + // Case D: end==idxprev and DLS:idx...endprev + take_take(1, i, vals); + take_head(vals); + open DLS(end, endprev, idx, idxprev, take(i, cells), take(i, vals), pxList); + open xLIST_ITEM(end, portMAX_DELAY, _, _, _); + assert length(take(i, cells)) == 1; + } + else + { + // Case E: DLS:end...idxprev and DLS:idx...endprev + dls_last_mem(end, endprev, idx, idxprev, take(i, cells)); + split(end, endprev, idx, idxprev, take(i, cells), take(i, vals), idxprev, index_of(idxprev, take(i, cells))); + open DLS(idxprev, _, _, idxprev, _, _, _); + length_take(i, cells); + drop_take_singleton(i, vals); + open xLIST_ITEM(idxprev, nth(i-1, vals), _, _, _); + } + } + @*/ + + /* Insert a new list item into pxList, but rather than sort the list, + * makes the new list item the last item to be removed by a call to + * listGET_OWNER_OF_NEXT_ENTRY(). */ + pxNewListItem->pxNext = pxIndex; + pxNewListItem->pxPrevious = pxIndex->pxPrevious; + + /* Only used during decision coverage testing. */ + mtCOVERAGE_TEST_DELAY(); + + pxIndex->pxPrevious->pxNext = pxNewListItem; + pxIndex->pxPrevious = pxNewListItem; + + /* Remember which list the item is in. */ + pxNewListItem->pxContainer = pxList; + + ( pxList->uxNumberOfItems )++; + + /*@ + if (end == idx) + { + close xLIST_ITEM(pxNewListItem, val, end, endprev, pxList); + close DLS(pxNewListItem, endprev, end, pxNewListItem, singleton(pxNewListItem), singleton(val), pxList); + close xLIST_ITEM(end, portMAX_DELAY, ?endnext, pxNewListItem, pxList); + if (end == endprev) + { + // Case A (singleton): idx==end==endprev + close DLS(end, pxNewListItem, endnext, end, cells, vals, pxList); + join(end, pxNewListItem, endnext, end, cells, vals, + pxNewListItem, endprev, end, pxNewListItem, singleton(pxNewListItem), singleton(val)); + close xLIST(pxList, len+1, idx, end, append(cells, singleton(pxNewListItem)), append(vals, singleton(val))); + } + else + { + close xLIST_ITEM(endprev, ?endprevval, pxNewListItem, ?endprevprev, _); + if (endnext == endprev) + { + // Case B (two): idx==end and endnext==endprev + close DLS(endprev, end, pxNewListItem, endprev, singleton(endprev), singleton(endprevval), pxList); + close DLS(end, pxNewListItem, pxNewListItem, endprev, cells, vals, pxList); + join(end, pxNewListItem, pxNewListItem, endprev, cells, vals, + pxNewListItem, endprev, end, pxNewListItem, singleton(pxNewListItem), singleton(val)); + close xLIST(pxList, len+1, idx, end, append(cells, singleton(pxNewListItem)), append(vals, singleton(val))); + } + else + { + // Case C: idx==end and DLS:endnext...endprev + close DLS(endprev, endprevprev, pxNewListItem, endprev, singleton(endprev), singleton(endprevval), pxList); + assert DLS(endnext, end, endprev, endprevprev, ?cells_endnext_to_endprevprev, ?vals_endnext_to_endprevprev, pxList); + join(endnext, end, endprev, endprevprev, cells_endnext_to_endprevprev, vals_endnext_to_endprevprev, + endprev, endprevprev, pxNewListItem, endprev, singleton(endprev), singleton(endprevval)); + close DLS(end, pxNewListItem, pxNewListItem, endprev, cells, vals, pxList); + join(end, pxNewListItem, pxNewListItem, endprev, cells, vals, + pxNewListItem, endprev, end, pxNewListItem, singleton(pxNewListItem), singleton(val)); + close xLIST(pxList, len+1, idx, end, append(cells, singleton(pxNewListItem)), append(vals, singleton(val))); + } + } + } + else + { + // Case D: end==idxprev and DLS:idx...endprev + // Case E: DLS:end...idxprev and DLS:idx...endprev + int i = index_of(idx, cells); + close xLIST_ITEM(pxNewListItem, val, idx, ?idxprev, pxList); + close xLIST_ITEM(idx, ?idxval, ?idxnext, pxNewListItem, pxList); + nth_drop2(vals, i); + assert idxval == nth(i, vals); + close xLIST_ITEM(idxprev, ?idxprevval, pxNewListItem, ?idxprevprev, pxList); + + if (end == idxprev) + { + close DLS(end, endprev, pxNewListItem, end, singleton(end), singleton(portMAX_DELAY), pxList); + } + else + { + length_take(i, cells); + take_take(i-1, i, vals); + take_singleton(i-1, vals); + take_singleton(i, vals); + assert DLS(end, endprev, idxprev, idxprevprev, ?cells_end_to_idxprevprev, take(i-1, vals), pxList); + close DLS(idxprev, idxprevprev, pxNewListItem, idxprev, singleton(idxprev), singleton(idxprevval), pxList); + join(end, endprev, idxprev, idxprevprev, cells_end_to_idxprevprev, take(i-1, vals), + idxprev, idxprevprev, pxNewListItem, idxprev, singleton(idxprev), singleton(idxprevval)); + } + + if (idx == endprev) + { + close DLS(idx, pxNewListItem, end, idx, singleton(idx), singleton(idxval), pxList); + } + else + { + assert DLS(end, endprev, pxNewListItem, idxprev, ?cells_end_to_idxprev, ?vals_end_to_idxprev, pxList); + close DLS(idx, pxNewListItem, end, endprev, drop(i, cells), drop(i, vals), pxList); + } + + assert DLS(end, endprev, pxNewListItem, idxprev, take(i, cells), take(i, vals), pxList); + assert DLS(idx, pxNewListItem, end, endprev, drop(i, cells), drop(i, vals), pxList); + assert xLIST_ITEM(pxNewListItem, val, idx, idxprev, pxList); + dls_star_item(idx, endprev, pxNewListItem); + close DLS(pxNewListItem, idxprev, end, endprev, cons(pxNewListItem, drop(i, cells)), cons(val, drop(i, vals)), pxList); + join(end, endprev, pxNewListItem, idxprev, take(i, cells), take(i, vals), + pxNewListItem, idxprev, end, endprev, cons(pxNewListItem, drop(i, cells)), cons(val, drop(i, vals))); + assert DLS(end, endprev, end, endprev, ?cells_new, ?vals_new, pxList); + assert cells_new == append(take(i, cells), append(singleton(pxNewListItem), drop(i, cells))); + assert vals_new == append(take(i, vals) , append(singleton(val), drop(i, vals))); + head_append(take(i, cells), append(singleton(pxNewListItem), drop(i, cells))); + take_take(1, i, cells); + head_append(take(i, vals), append(singleton(val), drop(i, vals))); + take_take(1, i, vals); + close xLIST(pxList, len+1, idx, end, cells_new, vals_new); + } + @*/ + } +#endif /* VERIFAST_SINGLE_CORE */ /*-----------------------------------------------------------*/ void vListInsert( List_t * const pxList, From 8976bd4d0351d152ec3fddb1612e543d0b4d6f56 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 1 Dec 2022 14:49:19 -0500 Subject: [PATCH 171/289] Adapted single-core proof of `vListInitialise` to new version of predicates. --- list.c | 111 +++++++++++++++++++++++++++++++-------------------------- 1 file changed, 60 insertions(+), 51 deletions(-) diff --git a/list.c b/list.c index b1d67fb9029..5e6dc86f2b4 100644 --- a/list.c +++ b/list.c @@ -94,18 +94,20 @@ void vListInsertEnd( List_t * const pxList, // TODO: Adapt contract and proof to new version of predicates. - /*@requires xLIST(pxList, ?len, ?idx, ?end, ?cells, ?vals) &*& - xLIST_ITEM(pxNewListItem, ?val, _, _, _);@*/ - /*@ensures xLIST(pxList, len+1, idx, end, ?new_cells, ?new_vals) &*& + /*@requires xLIST(pxList, ?len, ?idx, ?end, ?cells, ?vals, ?owners) &*& + xLIST_ITEM(pxNewListItem, ?val, _, _, ?ow, _);@*/ + /*@ensures xLIST(pxList, len+1, idx, end, ?new_cells, ?new_vals, ?new_owners) &*& idx == end ? (new_cells == append(cells, singleton(pxNewListItem)) &*& - new_vals == append(vals, singleton(val))) + new_vals == append(vals, singleton(val)) &*& + new_owners == append(owners, singleton(ow))) : (new_cells == append(take(index_of(idx, cells), cells), append(singleton(pxNewListItem), drop(index_of(idx, cells), cells))) &*& - new_vals == append(take(index_of(idx, cells), vals), append(singleton(val), drop(index_of(idx, cells), vals))));@*/ + new_vals == append(take(index_of(idx, cells), vals), append(singleton(val), drop(index_of(idx, cells), vals))) &*& + new_owners == append(take(index_of(idx, cells), owners), append(singleton(ow), drop(index_of(idx, cells), owners))));@*/ { /*@xLIST_star_item(pxList, pxNewListItem);@*/ /*@assert mem(pxNewListItem, cells) == false;@*/ - /*@open xLIST(pxList, len, idx, end, cells, vals);@*/ + /*@open xLIST(pxList, len, idx, end, cells, vals, owners);@*/ #ifdef VERIFAST /*< const pointer declaration */ ListItem_t * pxIndex = pxList->pxIndex; #else @@ -118,34 +120,34 @@ void vListInsertEnd( List_t * const pxList, listTEST_LIST_ITEM_INTEGRITY( pxNewListItem ); #endif - /*@open xLIST_ITEM(pxNewListItem, _, _, _, _);@*/ - /*@assert DLS(end, ?endprev, end, _, cells, vals, pxList);@*/ + /*@open xLIST_ITEM(pxNewListItem, _, _, _, _, _);@*/ + /*@assert DLS(end, ?endprev, end, _, cells, vals, owners, pxList);@*/ /*@dls_first_mem(end, endprev, end, endprev, cells);@*/ /*@dls_last_mem(end, endprev, end, endprev, cells);@*/ /*@ if (end == idx) { - open DLS(end, endprev, end, endprev, cells, vals, pxList); - open xLIST_ITEM(end, portMAX_DELAY, ?endnext, endprev, pxList); + open DLS(end, endprev, end, endprev, cells, vals, owners, pxList); + open xLIST_ITEM(end, portMAX_DELAY, ?endnext, endprev, head(owners), pxList); if (end == endprev) { // Case A (singleton): idx==end==endprev } else { - assert DLS(endnext, end, end, endprev, tail(cells), tail(vals), pxList); + assert DLS(endnext, end, end, endprev, tail(cells), tail(vals), tail(owners), pxList); if (endnext == endprev) { // Case B (two): idx==end and endnext==endprev - open DLS(endnext, end, end, endnext, _, _, _); - open xLIST_ITEM(endnext, _, _, _, _); + open DLS(endnext, end, end, endnext, _, _, _, _); + open xLIST_ITEM(endnext, _, _, _, _, _); } else { // Case C: idx==end and DLS:endnext...endprev split(endnext, end, end, endprev, tail(cells), tail(vals), endprev, index_of(endprev, tail(cells))); - open DLS(endprev, _, _, _, _, _, _); - open xLIST_ITEM(endprev, _, _, _, _); + open DLS(endprev, _, _, _, _, _, _, _); + open xLIST_ITEM(endprev, _, _, _, _, _); } } } @@ -153,17 +155,17 @@ void vListInsertEnd( List_t * const pxList, { int i = index_of(idx, cells); split(end, endprev, end, endprev, cells, vals, idx, i); - assert DLS(end, endprev, idx, ?idxprev, take(i, cells), take(i, vals), pxList); - assert DLS(idx, idxprev, end, endprev, drop(i, cells), drop(i, vals), pxList); - open DLS(idx, idxprev, end, endprev, _, _, _); - open xLIST_ITEM(idx, _, _, _, _); + assert DLS(end, endprev, idx, ?idxprev, take(i, cells), take(i, vals), take(i, owners), pxList); + assert DLS(idx, idxprev, end, endprev, drop(i, cells), drop(i, vals), drop(i, owners), pxList); + open DLS(idx, idxprev, end, endprev, _, _, _, _); + open xLIST_ITEM(idx, _, _, _, _, _); if (end == idxprev) { // Case D: end==idxprev and DLS:idx...endprev take_take(1, i, vals); take_head(vals); - open DLS(end, endprev, idx, idxprev, take(i, cells), take(i, vals), pxList); - open xLIST_ITEM(end, portMAX_DELAY, _, _, _); + open DLS(end, endprev, idx, idxprev, take(i, cells), take(i, vals), take(i, owners), pxList); + open xLIST_ITEM(end, portMAX_DELAY, _, _, _, _); assert length(take(i, cells)) == 1; } else @@ -171,10 +173,11 @@ void vListInsertEnd( List_t * const pxList, // Case E: DLS:end...idxprev and DLS:idx...endprev dls_last_mem(end, endprev, idx, idxprev, take(i, cells)); split(end, endprev, idx, idxprev, take(i, cells), take(i, vals), idxprev, index_of(idxprev, take(i, cells))); - open DLS(idxprev, _, _, idxprev, _, _, _); + open DLS(idxprev, _, _, idxprev, _, _, _, _); length_take(i, cells); drop_take_singleton(i, vals); - open xLIST_ITEM(idxprev, nth(i-1, vals), _, _, _); + drop_take_singleton(i, owners); + open xLIST_ITEM(idxprev, nth(i-1, vals), _, _, _, _); } } @*/ @@ -199,40 +202,40 @@ void vListInsertEnd( List_t * const pxList, /*@ if (end == idx) { - close xLIST_ITEM(pxNewListItem, val, end, endprev, pxList); - close DLS(pxNewListItem, endprev, end, pxNewListItem, singleton(pxNewListItem), singleton(val), pxList); - close xLIST_ITEM(end, portMAX_DELAY, ?endnext, pxNewListItem, pxList); + close xLIST_ITEM(pxNewListItem, val, end, endprev, ow, pxList); + close DLS(pxNewListItem, endprev, end, pxNewListItem, singleton(pxNewListItem), singleton(val), singleton(ow), pxList); + close xLIST_ITEM(end, portMAX_DELAY, ?endnext, pxNewListItem, head(owners), pxList); if (end == endprev) { // Case A (singleton): idx==end==endprev - close DLS(end, pxNewListItem, endnext, end, cells, vals, pxList); + close DLS(end, pxNewListItem, endnext, end, cells, vals, owners, pxList); join(end, pxNewListItem, endnext, end, cells, vals, pxNewListItem, endprev, end, pxNewListItem, singleton(pxNewListItem), singleton(val)); - close xLIST(pxList, len+1, idx, end, append(cells, singleton(pxNewListItem)), append(vals, singleton(val))); + close xLIST(pxList, len+1, idx, end, append(cells, singleton(pxNewListItem)), append(vals, singleton(val)), append(owners, singleton(ow))); } else { - close xLIST_ITEM(endprev, ?endprevval, pxNewListItem, ?endprevprev, _); + close xLIST_ITEM(endprev, ?endprevval, pxNewListItem, ?endprevprev, ?endprevowner, _); if (endnext == endprev) { // Case B (two): idx==end and endnext==endprev - close DLS(endprev, end, pxNewListItem, endprev, singleton(endprev), singleton(endprevval), pxList); - close DLS(end, pxNewListItem, pxNewListItem, endprev, cells, vals, pxList); + close DLS(endprev, end, pxNewListItem, endprev, singleton(endprev), singleton(endprevval), singleton(endprevowner), pxList); + close DLS(end, pxNewListItem, pxNewListItem, endprev, cells, vals, owners, pxList); join(end, pxNewListItem, pxNewListItem, endprev, cells, vals, pxNewListItem, endprev, end, pxNewListItem, singleton(pxNewListItem), singleton(val)); - close xLIST(pxList, len+1, idx, end, append(cells, singleton(pxNewListItem)), append(vals, singleton(val))); + close xLIST(pxList, len+1, idx, end, append(cells, singleton(pxNewListItem)), append(vals, singleton(val)), append(owners, singleton(ow))); } else { // Case C: idx==end and DLS:endnext...endprev - close DLS(endprev, endprevprev, pxNewListItem, endprev, singleton(endprev), singleton(endprevval), pxList); - assert DLS(endnext, end, endprev, endprevprev, ?cells_endnext_to_endprevprev, ?vals_endnext_to_endprevprev, pxList); + close DLS(endprev, endprevprev, pxNewListItem, endprev, singleton(endprev), singleton(endprevval), singleton(endprevowner), pxList); + assert DLS(endnext, end, endprev, endprevprev, ?cells_endnext_to_endprevprev, ?vals_endnext_to_endprevprev, _, pxList); join(endnext, end, endprev, endprevprev, cells_endnext_to_endprevprev, vals_endnext_to_endprevprev, endprev, endprevprev, pxNewListItem, endprev, singleton(endprev), singleton(endprevval)); - close DLS(end, pxNewListItem, pxNewListItem, endprev, cells, vals, pxList); + close DLS(end, pxNewListItem, pxNewListItem, endprev, cells, vals, owners, pxList); join(end, pxNewListItem, pxNewListItem, endprev, cells, vals, pxNewListItem, endprev, end, pxNewListItem, singleton(pxNewListItem), singleton(val)); - close xLIST(pxList, len+1, idx, end, append(cells, singleton(pxNewListItem)), append(vals, singleton(val))); + close xLIST(pxList, len+1, idx, end, append(cells, singleton(pxNewListItem)), append(vals, singleton(val)), append(owners, singleton(ow))); } } } @@ -241,15 +244,17 @@ void vListInsertEnd( List_t * const pxList, // Case D: end==idxprev and DLS:idx...endprev // Case E: DLS:end...idxprev and DLS:idx...endprev int i = index_of(idx, cells); - close xLIST_ITEM(pxNewListItem, val, idx, ?idxprev, pxList); - close xLIST_ITEM(idx, ?idxval, ?idxnext, pxNewListItem, pxList); + close xLIST_ITEM(pxNewListItem, val, idx, ?idxprev, ow, pxList); + close xLIST_ITEM(idx, ?idxval, ?idxnext, pxNewListItem, ?idxowner, pxList); nth_drop2(vals, i); assert idxval == nth(i, vals); - close xLIST_ITEM(idxprev, ?idxprevval, pxNewListItem, ?idxprevprev, pxList); + nth_drop2(owners, i); + assert idxowner == nth(i, owners); + close xLIST_ITEM(idxprev, ?idxprevval, pxNewListItem, ?idxprevprev, ?idxprevowner, pxList); if (end == idxprev) { - close DLS(end, endprev, pxNewListItem, end, singleton(end), singleton(portMAX_DELAY), pxList); + close DLS(end, endprev, pxNewListItem, end, singleton(end), singleton(portMAX_DELAY), singleton(head(owners)), pxList); } else { @@ -257,37 +262,41 @@ void vListInsertEnd( List_t * const pxList, take_take(i-1, i, vals); take_singleton(i-1, vals); take_singleton(i, vals); - assert DLS(end, endprev, idxprev, idxprevprev, ?cells_end_to_idxprevprev, take(i-1, vals), pxList); - close DLS(idxprev, idxprevprev, pxNewListItem, idxprev, singleton(idxprev), singleton(idxprevval), pxList); + take_take(i-1, i, owners); + take_singleton(i-1, owners); + take_singleton(i, owners); + assert DLS(end, endprev, idxprev, idxprevprev, ?cells_end_to_idxprevprev, take(i-1, vals), take(i-1, owners), pxList); + close DLS(idxprev, idxprevprev, pxNewListItem, idxprev, singleton(idxprev), singleton(idxprevval), singleton(idxprevowner), pxList); join(end, endprev, idxprev, idxprevprev, cells_end_to_idxprevprev, take(i-1, vals), idxprev, idxprevprev, pxNewListItem, idxprev, singleton(idxprev), singleton(idxprevval)); } if (idx == endprev) { - close DLS(idx, pxNewListItem, end, idx, singleton(idx), singleton(idxval), pxList); + close DLS(idx, pxNewListItem, end, idx, singleton(idx), singleton(idxval), singleton(idxowner), pxList); } else { - assert DLS(end, endprev, pxNewListItem, idxprev, ?cells_end_to_idxprev, ?vals_end_to_idxprev, pxList); - close DLS(idx, pxNewListItem, end, endprev, drop(i, cells), drop(i, vals), pxList); + assert DLS(end, endprev, pxNewListItem, idxprev, ?cells_end_to_idxprev, ?vals_end_to_idxprev, _, pxList); + close DLS(idx, pxNewListItem, end, endprev, drop(i, cells), drop(i, vals), drop(i, owners), pxList); } - assert DLS(end, endprev, pxNewListItem, idxprev, take(i, cells), take(i, vals), pxList); - assert DLS(idx, pxNewListItem, end, endprev, drop(i, cells), drop(i, vals), pxList); - assert xLIST_ITEM(pxNewListItem, val, idx, idxprev, pxList); + assert DLS(end, endprev, pxNewListItem, idxprev, take(i, cells), take(i, vals), take(i, owners), pxList); + assert DLS(idx, pxNewListItem, end, endprev, drop(i, cells), drop(i, vals), drop(i, owners), pxList); + assert xLIST_ITEM(pxNewListItem, val, idx, idxprev, ow, pxList); dls_star_item(idx, endprev, pxNewListItem); - close DLS(pxNewListItem, idxprev, end, endprev, cons(pxNewListItem, drop(i, cells)), cons(val, drop(i, vals)), pxList); + close DLS(pxNewListItem, idxprev, end, endprev, cons(pxNewListItem, drop(i, cells)), cons(val, drop(i, vals)), cons(ow, drop(i, owners)), pxList); join(end, endprev, pxNewListItem, idxprev, take(i, cells), take(i, vals), pxNewListItem, idxprev, end, endprev, cons(pxNewListItem, drop(i, cells)), cons(val, drop(i, vals))); - assert DLS(end, endprev, end, endprev, ?cells_new, ?vals_new, pxList); + assert DLS(end, endprev, end, endprev, ?cells_new, ?vals_new, ?owners_new, pxList); assert cells_new == append(take(i, cells), append(singleton(pxNewListItem), drop(i, cells))); assert vals_new == append(take(i, vals) , append(singleton(val), drop(i, vals))); + assert owners_new == append(take(i, owners) , append(singleton(ow), drop(i, owners))); head_append(take(i, cells), append(singleton(pxNewListItem), drop(i, cells))); take_take(1, i, cells); head_append(take(i, vals), append(singleton(val), drop(i, vals))); take_take(1, i, vals); - close xLIST(pxList, len+1, idx, end, cells_new, vals_new); + close xLIST(pxList, len+1, idx, end, cells_new, vals_new, owners_new); } @*/ } From 9b2bb08cb56cc5f41f05ef5be144c89fe9b52c9b Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 1 Dec 2022 14:57:13 -0500 Subject: [PATCH 172/289] Extended precondition of `vListInsertEnd` to prove absence of overflows. --- list.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/list.c b/list.c index 5e6dc86f2b4..5532d8e59e6 100644 --- a/list.c +++ b/list.c @@ -95,7 +95,8 @@ void vListInsertEnd( List_t * const pxList, // TODO: Adapt contract and proof to new version of predicates. /*@requires xLIST(pxList, ?len, ?idx, ?end, ?cells, ?vals, ?owners) &*& - xLIST_ITEM(pxNewListItem, ?val, _, _, ?ow, _);@*/ + xLIST_ITEM(pxNewListItem, ?val, _, _, ?ow, _) &*& + len < INT_MAX;@*/ /*@ensures xLIST(pxList, len+1, idx, end, ?new_cells, ?new_vals, ?new_owners) &*& idx == end ? (new_cells == append(cells, singleton(pxNewListItem)) &*& From 2c6d35943f9d056f1fa7adf367bc15e28b883d2f Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 1 Dec 2022 15:08:43 -0500 Subject: [PATCH 173/289] Update tasks.c Restored loop invariant at end of inner loop. --- tasks.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tasks.c b/tasks.c index 57fc0d3efdf..e37be607c5d 100644 --- a/tasks.c +++ b/tasks.c @@ -1238,9 +1238,13 @@ static void prvYieldForTask( TCB_t * pxTCB, vListInsertEnd( pxReadyList, pxTaskItem ); break; } + + //@ close sharedSeg_TCB_p(pxTCB); + //@ foreach_unremove(pxTCB, gOwners); + //@ close_valid_sharedSeg_TCBs(gTaskLists, gOwners); } while( pxTaskItem != pxLastTaskItem ); - //@ close_valid_sharedSeg_TCBs(gOwnerLists, gOwners); + } else { From eb1cfa53d3ab30cd6c86b2b03bc959cce9da13bf Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 2 Dec 2022 11:54:12 -0500 Subject: [PATCH 174/289] Exposed running state macros to VF. --- .../proof/verifast_task_running_states.h | 46 +++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 verification/verifast/proof/verifast_task_running_states.h diff --git a/verification/verifast/proof/verifast_task_running_states.h b/verification/verifast/proof/verifast_task_running_states.h new file mode 100644 index 00000000000..dcfaa9d6920 --- /dev/null +++ b/verification/verifast/proof/verifast_task_running_states.h @@ -0,0 +1,46 @@ +#ifndef VERIFAST_TASK_RUNNING_STATES_H +#define VERIFAST_TASK_RUNNING_STATES_H + +/* The source file `tasks.c` defines macros to denote the running states of + * tasks: + * - `taskTASK_NOT_RUNNING` == -1 + * - `taskTASK_YIELDING` == -2 + * - state >= 0 => task is running on core with ID `state` + * We cannot import theses definitions into our proof headers. Hence, we define + * our own macros and proof in `tasks.c` that they match. + */ + +#include "portmacro.h" // defines `BaseType_t` + +/* Indicates that the task is not actively running on any core. */ +//VF_macro #define taskTASK_NOT_RUNNING ( BaseType_t ) ( -1 ) + +/* Indicates that the task is actively running but scheduled to yield. */ +//VF_macro #define taskTASK_YIELDING ( BaseType_t ) ( -2 ) + + +/* Verify that the preprocessor and our VeriFast proofs evaluate + * `taskTASK_NOT_RUNNING` to the same values. + */ +void validate_taskTASK_NOT_RUNNING_value() +//@ requires true; +//@ ensures true; +{ + //@ TaskRunning_t gVal = taskTASK_NOT_RUNNING; + TaskRunning_t val = taskTASK_NOT_RUNNING; + //@ assert( gVal == val ); +} + +/* Verify that the preprocessor and our VeriFast proofs evaluate + * `taskTASK_YIELDING` to the same values. + */ +void validate_taskTASK_YIELDING_value() +//@ requires true; +//@ ensures true; +{ + //@ TaskRunning_t gVal = taskTASK_YIELDING; + TaskRunning_t val = taskTASK_YIELDING; + //@ assert( gVal == val ); +} + +#endif /* VERIFAST_TASK_RUNNING_STATES_H */ \ No newline at end of file From df780a18233afe3b7ca689a5266a1d366d210705 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 2 Dec 2022 14:59:06 -0500 Subject: [PATCH 175/289] Introduced list of flat list of tasks in lock invariant. Simplifies access to `sharedSeg_TCB_p` chunks. --- tasks.c | 87 +++++-------------- .../verifast/proof/ready_list_predicates.h | 9 +- .../verifast/proof/verifast_lists_extended.h | 7 ++ .../verifast/proof/verifast_lock_predicates.h | 26 ++++-- 4 files changed, 51 insertions(+), 78 deletions(-) diff --git a/tasks.c b/tasks.c index e37be607c5d..8e36989db04 100644 --- a/tasks.c +++ b/tasks.c @@ -988,15 +988,7 @@ static void prvYieldForTask( TCB_t * pxTCB, #endif //@ open taskISRLockInv_p(); - //@ assert( valid_sharedSeg_TCBs_p(?gTaskLists) ); - - // Eliminates exists predicate to avoid pattern matching conflicts - //@ open exists(gTaskLists); - - // Get list containing currentTCB and ensure we matched the right variable - //@ assert( exists(?gCurrentTCB_category) ); - //@ assert( mem(gCurrentTCB, gCurrentTCB_category) == true ); - + //@ assert( exists_in_taskISRLockInv_p(?gTasks) ); //@ open readyLists_p(?gCellLists, ?gOwnerLists); //@ List_array_p_index_within_limits(&pxReadyTasksLists, uxCurrentPriority); @@ -1048,14 +1040,8 @@ static void prvYieldForTask( TCB_t * pxTCB, //@ mem_nth(uxCurrentPriority, gCellLists); //@ assert( mem(gCells, gCellLists) == true); - // Prove that `mem(gOwners, gTaskLists) == true` - // Necessary to get access to `sharedSeg_TCB_p` predicates of - // current ready list in the loop - //@ assert( mem(gOwners, gOwnerLists) == true ); - //@ assert( forall(gOwnerLists, (mem_list_elem)(gTaskLists) ) == true ); - //@ forall_instantiate(gOwners, gOwnerLists, (mem_list_elem)(gTaskLists)); - //@ assert( mem(gOwners, gTaskLists) == true ); - ///@ open_valid_sharedSeg_TCBs(gTaskLists, gOwners); + // Prove that `gTasks` contains all tasks in current ready + //@ forall_mem(gOwners, gOwnerLists, (superset)(gTasks)); do /*@ invariant @@ -1065,10 +1051,9 @@ static void prvYieldForTask( TCB_t * pxTCB, mem(pxTaskItem, gCells) == true &*& xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners) &*& gSize > 0 &*& - valid_sharedSeg_TCBs_p(gTaskLists) &*& - mem(gOwners, gTaskLists) == true &*& - mem(gCurrentTCB, gCurrentTCB_category) == true &*& - mem(gCurrentTCB_category, gTaskLists) == true; + foreach(gTasks, sharedSeg_TCB_p) &*& + subset(gOwners, gTasks) == true; + @*/ { TCB_t * pxTCB; @@ -1089,9 +1074,9 @@ static void prvYieldForTask( TCB_t * pxTCB, if( ( void * ) pxTaskItem == ( void * ) &( pxReadyList->xListEnd ) ) { - //@ open DLS(gEnd, gEndPrev2, gEnd, gEndPrev2, gCells, gVals, gOwners, gReadyList); - // Prove that `gTaskItem_1->pxNext != gEnd` + //@ dls_distinct(gEnd, gEndPrev2, gEnd, gEndPrev2, gCells); + //@ open DLS(gEnd, gEndPrev2, gEnd, gEndPrev2, gCells, gVals, gOwners, gReadyList); //@ open DLS(?gTaskItem_1_next, _, gEnd, gEndPrev2, _, _, _, gReadyList); //@ assert( gTaskItem_1_next != gEnd ); /*@ close DLS(gTaskItem_1_next, _, gEnd, gEndPrev2, @@ -1104,7 +1089,6 @@ static void prvYieldForTask( TCB_t * pxTCB, //@ close xLIST_ITEM(gTaskItem_1, _, _, _, _, gReadyList); //@ close DLS(gEnd, gEndPrev2, gEnd, gEndPrev2, gCells, gVals, gOwners, gReadyList); } - //@ struct xLIST_ITEM* gTaskItem_final = pxTaskItem; //@ DLS_open_2(gTaskItem_final); @@ -1115,8 +1099,9 @@ static void prvYieldForTask( TCB_t * pxTCB, //@ DLS_close_2(gTaskItem_final, gCells, gVals, gOwners); // Getting access to fields of `pxTCB` - //@ open_valid_sharedSeg_TCBs(gTaskLists, gOwners); - //@ foreach_remove(pxTCB, gOwners); + //@ assert( subset(gOwners, gTasks) == true ); + //@ mem_subset(pxTCB, gOwners, gTasks); + //@ foreach_remove(pxTCB, gTasks); //@ open sharedSeg_TCB_p(pxTCB); /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */ @@ -1144,30 +1129,15 @@ static void prvYieldForTask( TCB_t * pxTCB, #endif #endif { - //@ assert( foreach(remove(pxTCB, gOwners), sharedSeg_TCB_p) ); + //@ assert( foreach(remove(pxTCB, gTasks), sharedSeg_TCB_p) ); //@ assert( gCurrentTCB == pxCurrentTCBs[ xCoreID ] ); /*@ if( gCurrentTCB == pxTCB ) { // We can use the opened `sharedSeg_TCB_p` chunk // for `pxTCB`. } else { - if( gCurrentTCB_category == gOwners ) { - // `gCurrentTCB` is different from `pxTCB` but - // they belong to the same ready list. - - assert( mem(gCurrentTCB, gOwners) == true ); - mem_after_remove(gCurrentTCB, gOwners, pxTCB); - assert( mem(gCurrentTCB, remove(pxTCB, gOwners)) == true ); - foreach_remove(gCurrentTCB, remove(pxTCB, gOwners)); - } else { - assert( mem(gCurrentTCB_category, gTaskLists) == true ); - mem_after_remove(gCurrentTCB_category, gTaskLists, gOwners); - assert( mem(gCurrentTCB_category, remove(gOwners, gTaskLists)) == true ); - open_valid_sharedSeg_TCBs(remove(gOwners, gTaskLists), - gCurrentTCB_category); - foreach_remove(gCurrentTCB, gCurrentTCB_category); - } - + neq_mem_remove(gCurrentTCB, pxTCB, gTasks); + foreach_remove(gCurrentTCB, remove(pxTCB, gTasks)); open sharedSeg_TCB_p(gCurrentTCB); } @*/ @@ -1182,37 +1152,23 @@ static void prvYieldForTask( TCB_t * pxTCB, /*@ if( gCurrentTCB == pxTCB ) { - // We can used the opened `sharedSeg_TCB_p` chunk + // We used the opened `sharedSeg_TCB_p` chunk // for `pxTCB`. // => We don't have to close anything. } else { - // Above, we extracted `sharedSeg_TCB_p(gCurrentTCB)` - // from the collection of all remaining shared TCB - // segments and opened it. - // => Close predicate and restore collection. - close sharedSeg_TCB_p(gCurrentTCB); - - if( gCurrentTCB_category == gOwners ) { - // `gCurrentTCB` is different from `pxTCB` but - // they belong to the same ready list. - - foreach_unremove(gCurrentTCB, remove(pxTCB, gOwners)); - } else { - foreach_unremove(gCurrentTCB, gCurrentTCB_category); - close_valid_sharedSeg_TCBs(remove(gOwners, gTaskLists), - gCurrentTCB_category); - } + foreach_unremove(gCurrentTCB, remove(pxTCB, gTasks)); } @*/ // Ensure we restored the collection as it was // at the beginning of the block. - //@ assert( foreach(remove(pxTCB, gOwners), sharedSeg_TCB_p) ); + //@ assert( foreach(remove(pxTCB, gTasks), sharedSeg_TCB_p) ); } } else if( pxTCB == pxCurrentTCBs[ xCoreID ] ) { +//@ assume(false); configASSERT( ( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == taskTASK_YIELDING ) ); #if ( configNUM_CORES > 1 ) #if ( configUSE_CORE_AFFINITY == 1 ) @@ -1239,9 +1195,8 @@ static void prvYieldForTask( TCB_t * pxTCB, break; } - //@ close sharedSeg_TCB_p(pxTCB); - //@ foreach_unremove(pxTCB, gOwners); - //@ close_valid_sharedSeg_TCBs(gTaskLists, gOwners); + //@ close sharedSeg_TCB_p(pxTCB); + //@ foreach_unremove(pxTCB, gTasks); } while( pxTaskItem != pxLastTaskItem ); @@ -1273,7 +1228,7 @@ static void prvYieldForTask( TCB_t * pxTCB, configASSERT( ( uxCurrentPriority > tskIDLE_PRIORITY ) || ( xTaskScheduled == pdTRUE ) ); uxCurrentPriority--; } -// TODO: Remove tmp assumption, prevents checking of rest of function +// ensure that we covered all cases above //@ assume(false); configASSERT( taskTASK_IS_RUNNING( pxCurrentTCBs[ xCoreID ]->xTaskRunState ) ); diff --git a/verification/verifast/proof/ready_list_predicates.h b/verification/verifast/proof/ready_list_predicates.h index 2c0f2a952c1..1a416a3a82a 100644 --- a/verification/verifast/proof/ready_list_predicates.h +++ b/verification/verifast/proof/ready_list_predicates.h @@ -25,9 +25,10 @@ predicate List_array_p(List_t* array, int size, cellLists == cons(?gCells, ?gTailCellLists) &*& ownerLists == cons(?gOwners, ?gTailOwnerLists) &*& pointer_within_limits(array) == true &*& - xLIST(array, ?gNumberOfItems, ?gIndex, ?gListEnd, gCells, ?gVals, + xLIST(array, ?gLen, ?gIndex, ?gListEnd, gCells, ?gVals, gOwners) &*& + gLen < INT_MAX &*& List_array_p(array + 1, size - 1, gTailCellLists, gTailOwnerLists) ) : ( @@ -56,7 +57,8 @@ ensures gPrefCellLists == take(index, gCellLists) &*& gPrefOwnerLists == take(index, gOwnerLists) &*& pointer_within_limits(array) == true &*& - xLIST(array + index, _, _, _, ?gCells, ?gVals, ?gOwners) &*& + xLIST(array + index, ?gLen, _, _, ?gCells, ?gVals, ?gOwners) &*& + gLen < INT_MAX &*& gCells == nth(index, gCellLists) &*& gOwners == nth(index, gOwnerLists) &*& mem(gOwners, gOwnerLists) == true &*& @@ -76,7 +78,8 @@ ensures lemma void List_array_join(List_t* array) requires List_array_p(array, ?gPrefSize, ?gPrefCellLists, ?gPrefOwnerLists) &*& - xLIST(array + gPrefSize, _, _, _, ?gCells, _, ?gOwners) &*& + xLIST(array + gPrefSize, ?gLen, _, _, ?gCells, _, ?gOwners) &*& + gLen < INT_MAX &*& pointer_within_limits(array + gPrefSize) == true &*& List_array_p(array + gPrefSize + 1, ?gSufSize, ?gSufCellLists, ?gSufOwnerLists); ensures diff --git a/verification/verifast/proof/verifast_lists_extended.h b/verification/verifast/proof/verifast_lists_extended.h index 70bd5d6f47c..0c5450ad10a 100644 --- a/verification/verifast/proof/verifast_lists_extended.h +++ b/verification/verifast/proof/verifast_lists_extended.h @@ -104,16 +104,23 @@ requires true; ensures drop(n, drop(m, xs)) == drop(n + m, xs); +// Can use `forall_mem` from `listex.gh` instead // TODO: Can we prove this in VeriFast or do we have to axiomatise? lemma void forall_instantiate(t x, list xs, fixpoint(t, bool) f); requires forall(xs, f) == true &*& mem(x, xs) == true; ensures forall(xs, f) == true &*& f(x) == true; +// Can use `neq_mem_remove` from `listex.gh` instead // TODO: Can we prove this in VeriFast or do we have to axiomatise? lemma void mem_after_remove(t x, list xs, t r); requires true; ensures mem(x, remove(r, xs)) == (mem(x, xs) && x != r); + + +fixpoint bool superset(list super, list sub) { + return subset(sub, super); +} @*/ diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/verification/verifast/proof/verifast_lock_predicates.h index 9372b2b5fbf..29e6f762348 100644 --- a/verification/verifast/proof/verifast_lock_predicates.h +++ b/verification/verifast/proof/verifast_lock_predicates.h @@ -95,19 +95,20 @@ predicate taskISRLockInv_p() = 0 <= gTopReadyPriority &*& gTopReadyPriority < configMAX_PRIORITIES &*& // tasks / TCBs - exists > >(?gTaskLists) + exists_in_taskISRLockInv_p(?gTasks) &*& - // ∀l ∈ gTaskLists. ∀t ∈ l. sharedSeg_TCB_p(l) - valid_sharedSeg_TCBs_p(gTaskLists) + // Access permissions for every task + // TODO: Convert to read permissions + // ∀t ∈ gTasks. sharedSeg_TCB_p(t) + foreach(gTasks, sharedSeg_TCB_p) &*& readyLists_p(?gCellLists, ?gOwnerLists) &*& - // gOwnerLists ⊆ gTaskLists - forall(gOwnerLists, (mem_list_elem)(gTaskLists)) == true - &*& - exists >(?gCurrentTCB_category) &*& - mem(gCurrentTCB_category, gTaskLists) == true &*& - mem(gCurrentTCB, gCurrentTCB_category) == true; + // gTasks contains all relevant tasks + mem(gCurrentTCB, gTasks) == true + &*& + // ∀l ∈ gOwnerLists. l ⊆ gTasks + forall(gOwnerLists, (superset)(gTasks)) == true; lemma void produce_taskISRLockInv(); @@ -125,6 +126,13 @@ requires locked_p( cons( pair(_, taskISRLockID_f()), ?otherLocks) ) &*& ensures locked_p(otherLocks); + +// Auxiliary predicate to assing names to existentially quantified variables. +// Having multiple `exists` chunks on the heap makes matching against their +// arguments ambiguous in most cases. +predicate exists_in_taskISRLockInv_p(list gTasks) = + exists(gTasks); + // Auxiliary function that allows us to partially apply the list argument. // // Notes: From b44eb855d9d8514525c0e94001b152deab69c285 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 2 Dec 2022 15:05:20 -0500 Subject: [PATCH 176/289] Deleted deprecated predicate and lemmas. --- .../verifast/proof/verifast_lock_predicates.h | 38 ------------------- 1 file changed, 38 deletions(-) diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/verification/verifast/proof/verifast_lock_predicates.h index 29e6f762348..fdb8539c105 100644 --- a/verification/verifast/proof/verifast_lock_predicates.h +++ b/verification/verifast/proof/verifast_lock_predicates.h @@ -143,44 +143,6 @@ predicate exists_in_taskISRLockInv_p(list gTasks) = fixpoint bool mem_list_elem(list xs, t x) { return mem(x, xs); } - -// l ∈ taskLists. ∀t ∈ tasks. sharedSeg_TCB_p(t) -predicate valid_sharedSeg_TCBs_p(list > taskLists) = - foreach(taskLists, foreach_sharedSeg_TCB_p); - -// ∀t ∈ tasks. sharedSeg_TCB_p(t) -predicate foreach_sharedSeg_TCB_p(list tasks) = - foreach(tasks, sharedSeg_TCB_p); - -lemma void open_valid_sharedSeg_TCBs(list > taskLists, - list tasks) -requires - valid_sharedSeg_TCBs_p(taskLists) &*& - mem(tasks, taskLists) == true; -ensures - valid_sharedSeg_TCBs_p(remove(tasks, taskLists)) &*& - foreach(tasks, sharedSeg_TCB_p); -{ - open valid_sharedSeg_TCBs_p(taskLists); - foreach_remove(tasks, taskLists); - close valid_sharedSeg_TCBs_p(remove(tasks, taskLists)); - open foreach_sharedSeg_TCB_p(tasks); -} - -lemma void close_valid_sharedSeg_TCBs(list > taskLists, - list tasks) -requires - valid_sharedSeg_TCBs_p(remove(tasks, taskLists)) &*& - foreach(tasks, sharedSeg_TCB_p) &*& - mem(tasks, taskLists) == true; -ensures - valid_sharedSeg_TCBs_p(taskLists); -{ - close foreach_sharedSeg_TCB_p(tasks); - open valid_sharedSeg_TCBs_p(remove(tasks, taskLists)); - foreach_unremove(tasks, taskLists); - close valid_sharedSeg_TCBs_p(taskLists); -} @*/ /* From 3be9d76d825e09fc952723ced951ed57b1668aa9 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 2 Dec 2022 15:06:25 -0500 Subject: [PATCH 177/289] Made `sharedSeg_TCB_p` precise to allow merging of fractions without opening and closing --- verification/verifast/proof/task_predicates.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/verification/verifast/proof/task_predicates.h b/verification/verifast/proof/task_predicates.h index 6d824a36817..be610c3d8d0 100644 --- a/verification/verifast/proof/task_predicates.h +++ b/verification/verifast/proof/task_predicates.h @@ -108,9 +108,8 @@ predicate prvSeg_TCB_p(TCB_t* tcb, uint32_t ulFreeBytesOnStack) = stack_p_2(stackPtr, ?ulStackDepth, topPtr, ulFreeBytesOnStack, ?ulUsedCells, ?ulUnalignedBytes); -predicate sharedSeg_TCB_p(TCB_t* tcb) = - tcb->xTaskRunState |-> ?gTaskRunState &*& - true; +predicate sharedSeg_TCB_p(TCB_t* tcb;) = + tcb->xTaskRunState |-> ?gTaskRunState; predicate coreLocalSeg_TCB_p(TCB_t* tcb, UBaseType_t uxCriticalNesting) = tcb->uxCriticalNesting |-> uxCriticalNesting; From 1919f8142fd0d272becd5df9b6ed74bf4e633b84 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 2 Dec 2022 15:07:43 -0500 Subject: [PATCH 178/289] Deleted deprecated lemmas and predicates. --- .../verifast/proof/verifast_lock_predicates.h | 36 ------------------- 1 file changed, 36 deletions(-) diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/verification/verifast/proof/verifast_lock_predicates.h index fdb8539c105..e473e4eb34e 100644 --- a/verification/verifast/proof/verifast_lock_predicates.h +++ b/verification/verifast/proof/verifast_lock_predicates.h @@ -145,42 +145,6 @@ fixpoint bool mem_list_elem(list xs, t x) { } @*/ -/* - foreach(itemLists, foreach_sharedSeg_TCB_of_itemOwner); - -// Auxiliary prediactes to express nested quantification -// ∀gCells ∈ gCellLists. ∀item ∈ gCells. sharedSeg_TCB_p(item->pvOwner) -// TODO: Can we refactor this to make easier to understand? - - // We cannot acces `item->pvOwner` without the necessary points-to chunk. - // TODO: Expose list of owners in ITEM and DLS predicates. - - predicate sharedSeg_TCB_of_itemOwner(struct xLIST_ITEM* item) = - sharedSeg_TCB_p(item->pvOwner); - - predicate foreach_sharedSeg_TCB_of_itemOwner(list items) = - foreach(items, sharedSeg_TCB_of_itemOwner); - - -lemma void open_collection_of_sharedSeg_TCB(list > itemLists, - list items) -requires - collection_of_sharedSeg_TCB_p(itemLists) &*& - mem(items, itemLists) == true; -ensures - collection_of_sharedSeg_TCB_p(remove(items, itemLists)) &*& - foreach(items, sharedSeg_TCB_of_itemOwner); -{ - open collection_of_sharedSeg_TCB_p(itemLists); - foreach_remove(items, itemLists); - open foreach_sharedSeg_TCB_of_itemOwner(items); - close collection_of_sharedSeg_TCB_p(remove(items, itemLists)); -} - -// TODO: Add closing lemma -@*/ - - From e4db1f8aba02c24a814e4d26d46913bc94a78e67 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sat, 3 Dec 2022 08:58:19 -0500 Subject: [PATCH 179/289] Refined lock invariant to only give read permission to all tasks and write permission to locally scheduled task --- tasks.c | 16 +++++++++++----- verification/verifast/proof/task_predicates.h | 4 ++++ .../verifast/proof/verifast_lock_predicates.h | 11 +++++++---- 3 files changed, 22 insertions(+), 9 deletions(-) diff --git a/tasks.c b/tasks.c index 8e36989db04..067c664601d 100644 --- a/tasks.c +++ b/tasks.c @@ -1051,7 +1051,12 @@ static void prvYieldForTask( TCB_t * pxTCB, mem(pxTaskItem, gCells) == true &*& xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners) &*& gSize > 0 &*& - foreach(gTasks, sharedSeg_TCB_p) &*& + // Read permissions for every task + foreach(gTasks, readOnly_sharedSeg_TCB_p) + &*& + // Write permission for task scheduled on this core + [1/2]sharedSeg_TCB_p(gCurrentTCB) + &*& subset(gOwners, gTasks) == true; @*/ @@ -1129,7 +1134,7 @@ static void prvYieldForTask( TCB_t * pxTCB, #endif #endif { - //@ assert( foreach(remove(pxTCB, gTasks), sharedSeg_TCB_p) ); + //@ assert( foreach(remove(pxTCB, gTasks), readOnly_sharedSeg_TCB_p) ); //@ assert( gCurrentTCB == pxCurrentTCBs[ xCoreID ] ); /*@ if( gCurrentTCB == pxTCB ) { @@ -1138,7 +1143,6 @@ static void prvYieldForTask( TCB_t * pxTCB, } else { neq_mem_remove(gCurrentTCB, pxTCB, gTasks); foreach_remove(gCurrentTCB, remove(pxTCB, gTasks)); - open sharedSeg_TCB_p(gCurrentTCB); } @*/ /* If the task is not being executed by any core swap it in */ @@ -1157,13 +1161,14 @@ static void prvYieldForTask( TCB_t * pxTCB, // => We don't have to close anything. } else { close sharedSeg_TCB_p(gCurrentTCB); + close readOnly_sharedSeg_TCB_p(gCurrentTCB); foreach_unremove(gCurrentTCB, remove(pxTCB, gTasks)); } @*/ // Ensure we restored the collection as it was // at the beginning of the block. - //@ assert( foreach(remove(pxTCB, gTasks), sharedSeg_TCB_p) ); + //@ assert( foreach(remove(pxTCB, gTasks), readOnly_sharedSeg_TCB_p) ); } } else if( pxTCB == pxCurrentTCBs[ xCoreID ] ) @@ -1195,7 +1200,8 @@ static void prvYieldForTask( TCB_t * pxTCB, break; } - //@ close sharedSeg_TCB_p(pxTCB); + //@ close sharedSeg_TCB_p(pxTCB); + //@ close readOnly_sharedSeg_TCB(pxTCB); //@ foreach_unremove(pxTCB, gTasks); } while( pxTaskItem != pxLastTaskItem ); diff --git a/verification/verifast/proof/task_predicates.h b/verification/verifast/proof/task_predicates.h index be610c3d8d0..ee17bad1fc8 100644 --- a/verification/verifast/proof/task_predicates.h +++ b/verification/verifast/proof/task_predicates.h @@ -111,6 +111,10 @@ predicate prvSeg_TCB_p(TCB_t* tcb, uint32_t ulFreeBytesOnStack) = predicate sharedSeg_TCB_p(TCB_t* tcb;) = tcb->xTaskRunState |-> ?gTaskRunState; +// Auxiliary predicate to allow foreach-quantification about fraction +predicate readOnly_sharedSeg_TCB_p(TCB_t* tcb;) = + [1/2]sharedSeg_TCB_p(tcb); + predicate coreLocalSeg_TCB_p(TCB_t* tcb, UBaseType_t uxCriticalNesting) = tcb->uxCriticalNesting |-> uxCriticalNesting; @*/ diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/verification/verifast/proof/verifast_lock_predicates.h index e473e4eb34e..88017fa40ed 100644 --- a/verification/verifast/proof/verifast_lock_predicates.h +++ b/verification/verifast/proof/verifast_lock_predicates.h @@ -97,10 +97,13 @@ predicate taskISRLockInv_p() = // tasks / TCBs exists_in_taskISRLockInv_p(?gTasks) &*& - // Access permissions for every task - // TODO: Convert to read permissions - // ∀t ∈ gTasks. sharedSeg_TCB_p(t) - foreach(gTasks, sharedSeg_TCB_p) + // (RP-All) Read permissions for every task + // ∀t ∈ gTasks. [1/2]sharedSeg_TCB_p(t) + foreach(gTasks, readOnly_sharedSeg_TCB_p) + &*& + // (RP-Current) Read permission for task currently scheduled on this core + // (RP-All) + (RP-Current) => Write permission for scheduled task + [1/2]sharedSeg_TCB_p(gCurrentTCB) &*& readyLists_p(?gCellLists, ?gOwnerLists) &*& From dda2dbda6f020a22f699b8eba8c8381e4be01163 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sat, 3 Dec 2022 10:04:04 -0500 Subject: [PATCH 180/289] Added states list to lock invariant. --- tasks.c | 15 +++++---- verification/verifast/proof/task_predicates.h | 8 ++--- .../verifast/proof/verifast_lock_predicates.h | 32 +++++++++++++++---- 3 files changed, 37 insertions(+), 18 deletions(-) diff --git a/tasks.c b/tasks.c index 067c664601d..ea8bbeb26c2 100644 --- a/tasks.c +++ b/tasks.c @@ -988,7 +988,7 @@ static void prvYieldForTask( TCB_t * pxTCB, #endif //@ open taskISRLockInv_p(); - //@ assert( exists_in_taskISRLockInv_p(?gTasks) ); + //@ assert( exists_in_taskISRLockInv_p(?gTasks, ?gStates) ); //@ open readyLists_p(?gCellLists, ?gOwnerLists); //@ List_array_p_index_within_limits(&pxReadyTasksLists, uxCurrentPriority); @@ -1052,10 +1052,14 @@ static void prvYieldForTask( TCB_t * pxTCB, xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners) &*& gSize > 0 &*& // Read permissions for every task - foreach(gTasks, readOnly_sharedSeg_TCB_p) + foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStates)) &*& // Write permission for task scheduled on this core - [1/2]sharedSeg_TCB_p(gCurrentTCB) + [1/2]sharedSeg_TCB_p(gCurrentTCB, ?gCurrentTCB_state) + &*& + // TODO: + // Write permissions for unscheduled tasks + true &*& subset(gOwners, gTasks) == true; @@ -1107,7 +1111,6 @@ static void prvYieldForTask( TCB_t * pxTCB, //@ assert( subset(gOwners, gTasks) == true ); //@ mem_subset(pxTCB, gOwners, gTasks); //@ foreach_remove(pxTCB, gTasks); - //@ open sharedSeg_TCB_p(pxTCB); /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */ @@ -1134,7 +1137,7 @@ static void prvYieldForTask( TCB_t * pxTCB, #endif #endif { - //@ assert( foreach(remove(pxTCB, gTasks), readOnly_sharedSeg_TCB_p) ); + //@ assert( foreach(remove(pxTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); //@ assert( gCurrentTCB == pxCurrentTCBs[ xCoreID ] ); /*@ if( gCurrentTCB == pxTCB ) { @@ -1168,7 +1171,7 @@ static void prvYieldForTask( TCB_t * pxTCB, // Ensure we restored the collection as it was // at the beginning of the block. - //@ assert( foreach(remove(pxTCB, gTasks), readOnly_sharedSeg_TCB_p) ); + //@ assert( foreach(remove(pxTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); } } else if( pxTCB == pxCurrentTCBs[ xCoreID ] ) diff --git a/verification/verifast/proof/task_predicates.h b/verification/verifast/proof/task_predicates.h index ee17bad1fc8..ebd37d71cb6 100644 --- a/verification/verifast/proof/task_predicates.h +++ b/verification/verifast/proof/task_predicates.h @@ -108,12 +108,8 @@ predicate prvSeg_TCB_p(TCB_t* tcb, uint32_t ulFreeBytesOnStack) = stack_p_2(stackPtr, ?ulStackDepth, topPtr, ulFreeBytesOnStack, ?ulUsedCells, ?ulUnalignedBytes); -predicate sharedSeg_TCB_p(TCB_t* tcb;) = - tcb->xTaskRunState |-> ?gTaskRunState; - -// Auxiliary predicate to allow foreach-quantification about fraction -predicate readOnly_sharedSeg_TCB_p(TCB_t* tcb;) = - [1/2]sharedSeg_TCB_p(tcb); +predicate sharedSeg_TCB_p(TCB_t* tcb, TaskRunning_t state;) = + tcb->xTaskRunState |-> state; predicate coreLocalSeg_TCB_p(TCB_t* tcb, UBaseType_t uxCriticalNesting) = tcb->uxCriticalNesting |-> uxCriticalNesting; diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/verification/verifast/proof/verifast_lock_predicates.h index 88017fa40ed..e66dc0096c4 100644 --- a/verification/verifast/proof/verifast_lock_predicates.h +++ b/verification/verifast/proof/verifast_lock_predicates.h @@ -95,15 +95,24 @@ predicate taskISRLockInv_p() = 0 <= gTopReadyPriority &*& gTopReadyPriority < configMAX_PRIORITIES &*& // tasks / TCBs - exists_in_taskISRLockInv_p(?gTasks) + exists_in_taskISRLockInv_p(?gTasks, ?gStates) &*& // (RP-All) Read permissions for every task - // ∀t ∈ gTasks. [1/2]sharedSeg_TCB_p(t) - foreach(gTasks, readOnly_sharedSeg_TCB_p) + // and recording of task states in state list + // (∀t ∈ gTasks. + // [1/2]sharedSeg_TCB_p(t, _)) + // ∧ + // ∀i. ∀t. gTasks[i] == t -> gStates[i] == t->xTaskRunState + foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStates)) &*& // (RP-Current) Read permission for task currently scheduled on this core // (RP-All) + (RP-Current) => Write permission for scheduled task - [1/2]sharedSeg_TCB_p(gCurrentTCB) + [1/2]sharedSeg_TCB_p(gCurrentTCB, ?gCurrentTCB_state) + &*& + // TODO: + // (RP-Unsched) Read permissions for unscheduled tasks + // (RP-All) + (RP-Unsched) => Write permissions for unscheduled tasks + true &*& readyLists_p(?gCellLists, ?gOwnerLists) &*& @@ -133,8 +142,11 @@ ensures locked_p(otherLocks); // Auxiliary predicate to assing names to existentially quantified variables. // Having multiple `exists` chunks on the heap makes matching against their // arguments ambiguous in most cases. -predicate exists_in_taskISRLockInv_p(list gTasks) = - exists(gTasks); +predicate exists_in_taskISRLockInv_p(list gTasks, + list gStates) = + exists(gTasks) &*& + exists(gStates) &*& + length(gTasks) == length(gStates); // Auxiliary function that allows us to partially apply the list argument. // @@ -146,6 +158,14 @@ predicate exists_in_taskISRLockInv_p(list gTasks) = fixpoint bool mem_list_elem(list xs, t x) { return mem(x, xs); } + +// Auxiliary predicate to allow foreach-quantification about fraction +// and reflection of `t->xTaskRunState` in state list. +predicate_ctor readOnly_sharedSeg_TCB_p + (list tasks, list states) + (TCB_t* t;) = + mem(t, tasks) == true &*& + [1/2]sharedSeg_TCB_p(t, nth(index_of(t, tasks), states)); @*/ From 0df45b465e3c1e80f02a95e3083cf0b6843f8dd2 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sat, 3 Dec 2022 14:54:26 -0500 Subject: [PATCH 181/289] Added lemmas that allow updating the lock invariant after a state update. --- tasks.c | 92 ++++++++++--- .../verifast/proof/verifast_lists_extended.h | 55 ++++++++ .../verifast/proof/verifast_lock_predicates.h | 126 +++++++++++++++++- 3 files changed, 247 insertions(+), 26 deletions(-) diff --git a/tasks.c b/tasks.c index ea8bbeb26c2..577afa43aa4 100644 --- a/tasks.c +++ b/tasks.c @@ -1051,6 +1051,8 @@ static void prvYieldForTask( TCB_t * pxTCB, mem(pxTaskItem, gCells) == true &*& xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners) &*& gSize > 0 &*& + exists_in_taskISRLockInv_p(gTasks, gStates) + &*& // Read permissions for every task foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStates)) &*& @@ -1059,7 +1061,7 @@ static void prvYieldForTask( TCB_t * pxTCB, &*& // TODO: // Write permissions for unscheduled tasks - true + foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) &*& subset(gOwners, gTasks) == true; @@ -1107,10 +1109,12 @@ static void prvYieldForTask( TCB_t * pxTCB, @*/ //@ DLS_close_2(gTaskItem_final, gCells, gVals, gOwners); - // Getting access to fields of `pxTCB` + // Getting read access to fields of `pxTCB` + // aka first half of write permission //@ assert( subset(gOwners, gTasks) == true ); //@ mem_subset(pxTCB, gOwners, gTasks); //@ foreach_remove(pxTCB, gTasks); + //@ assert( foreach(remove(pxTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */ @@ -1139,17 +1143,64 @@ static void prvYieldForTask( TCB_t * pxTCB, { //@ assert( foreach(remove(pxTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); //@ assert( gCurrentTCB == pxCurrentTCBs[ xCoreID ] ); - /*@ - if( gCurrentTCB == pxTCB ) { - // We can use the opened `sharedSeg_TCB_p` chunk - // for `pxTCB`. - } else { - neq_mem_remove(gCurrentTCB, pxTCB, gTasks); - foreach_remove(gCurrentTCB, remove(pxTCB, gTasks)); - } - @*/ + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) ); + + /* We could reuse the read permission to `pxTCB` we extracted before the if statement. + * But putting permissions back as soon as we no longer need them simplifies the + * proof state and elimintates case-splits in the proof. + */ + + // Put read permission for `pxTCB` back + //@ close [1/2]sharedSeg_TCB_p(pxTCB, _); + //@ close readOnly_sharedSeg_TCB_p(gTasks, gStates)(pxTCB); + //@ foreach_unremove(pxTCB, gTasks); + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); + + // Get 2nd half of write permission for `gCurrentTCB` + //@ foreach_remove(gCurrentTCB, gTasks); + //@ assert( foreach(remove(gCurrentTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); + + //@ int gCurrentTCB_index = index_of(gCurrentTCB, gTasks); + /*@ list gStates1 = + update(gCurrentTCB_index, taskTASK_NOT_RUNNING, gStates); + @*/ + /* If the task is not being executed by any core swap it in */ pxCurrentTCBs[ xCoreID ]->xTaskRunState = taskTASK_NOT_RUNNING; + + //@ assert( foreach(remove(gCurrentTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); + + //@ open exists_in_taskISRLockInv_p(gTasks, gStates); + + /*@ close_updated_foreach_readOnly_sharedSeg_TCB + (gCurrentTCB, gTasks, gStates, + gStates1, taskTASK_NOT_RUNNING); + @*/ + +//@ assume(false); + /*@ list gStates2 = + update(gCurrentTCB_index, taskTASK_NOT_RUNNING, gStates); + @*/ + + // If we acquired an additional second half of a + // write permission for `gCurrentTCB`, release it. + /*@ + if( gCurrentTCB == pxTCB ) { + // We used the opened `sharedSeg_TCB_p` chunk + // for `pxTCB`. + // => We don't have to close anything. + } else { + close sharedSeg_TCB_p(gCurrentTCB, taskTASK_NOT_RUNNING); + assert( gCurrentTCB_index < length(gTasks) ); + assert( gCurrentTCB_index < length(gStates) ); + // nonauto_nth_update(gCurrentTCB_index, gCurrentTCB_index, taskTASK_NOT_RUNNING, gStates); + // assert( taskTASK_NOT_RUNNING == nth(gCurrentTCB_index, gStates2) ); + assume( taskTASK_NOT_RUNNING == nth(gCurrentTCB_index, gStates2) ); + close readOnly_sharedSeg_TCB_p(gTasks, gStates2)(gCurrentTCB); + foreach_unremove(gCurrentTCB, remove(pxTCB, gTasks)); + } + @*/ + #if ( ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) ) pxPreviousTCB = pxCurrentTCBs[ xCoreID ]; #endif @@ -1157,21 +1208,18 @@ static void prvYieldForTask( TCB_t * pxTCB, pxCurrentTCBs[ xCoreID ] = pxTCB; xTaskScheduled = pdTRUE; - /*@ - if( gCurrentTCB == pxTCB ) { - // We used the opened `sharedSeg_TCB_p` chunk - // for `pxTCB`. - // => We don't have to close anything. - } else { - close sharedSeg_TCB_p(gCurrentTCB); - close readOnly_sharedSeg_TCB_p(gCurrentTCB); - foreach_unremove(gCurrentTCB, remove(pxTCB, gTasks)); - } - @*/ + + + + + + // Release second half of write permission for `pxTCB` + //@ foreach_unremove(pxTCB, gTasks); // Ensure we restored the collection as it was // at the beginning of the block. //@ assert( foreach(remove(pxTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) ); } } else if( pxTCB == pxCurrentTCBs[ xCoreID ] ) diff --git a/verification/verifast/proof/verifast_lists_extended.h b/verification/verifast/proof/verifast_lists_extended.h index 0c5450ad10a..23080910ccf 100644 --- a/verification/verifast/proof/verifast_lists_extended.h +++ b/verification/verifast/proof/verifast_lists_extended.h @@ -121,6 +121,61 @@ ensures mem(x, remove(r, xs)) == (mem(x, xs) && x != r); fixpoint bool superset(list super, list sub) { return subset(sub, super); } + + +// TODO: Can we prove this in VeriFast or do we have to axiomatise? +lemma void update_out_of_bounds(int index, t x, list xs) +requires (index < 0 || index >= length(xs)); +ensures update(index, x, xs) == xs; +{ + switch(xs) { + case nil: // nothing to do + case cons(h, rest): { + update_out_of_bounds(index-1, x, rest); + } + } +} + + +lemma void index_of_different(t x1, t x2, list xs) +requires x1 != x2 &*& mem(x1, xs) == true &*& mem(x2, xs) == true; +ensures index_of(x1, xs) != index_of(x2, xs); +{ + switch(xs) { + case nil: + case cons(h, rest): + if(h != x1 && h != x2) { + index_of_different(x1, x2, rest); + } + } +} + +// TODO: Can we prove this in VeriFast or do we have to axiomatise? +lemma void subset_cons_tail(list xs); +requires xs == cons(?h, ?t); +ensures subset(t, xs) == true; + +// TODO: Can we prove this in VeriFast or do we have to axiomatise? +lemma void remove_result_subset(t x, list xs); +requires true; +ensures subset(remove(x, xs), xs) == true; +// TODO: Revisit this lemma +// { +// switch(xs) { +// case nil: +// case cons(h, t): +// remove_result_subset(x, t); +// if(h == x) { +// assert( remove(x, xs) == t ); +// subset_cons_tail(xs); +// assert( subset(t, cons(x, t) ) == true ); +// } else { +// ; +// } +// } +// } + + @*/ diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/verification/verifast/proof/verifast_lock_predicates.h index e66dc0096c4..27f4b238879 100644 --- a/verification/verifast/proof/verifast_lock_predicates.h +++ b/verification/verifast/proof/verifast_lock_predicates.h @@ -1,7 +1,7 @@ #ifndef VERIFAST_LOCK_PREDICATES_H #define VERIFAST_LOCK_PREDICATES_H - +#include "verifast_task_running_states.h" /* We follow a minimalistic approach during the definition of the @@ -11,7 +11,7 @@ * other parts of FRTOS. */ - +#include "verifast_lists_extended.h" @@ -112,7 +112,9 @@ predicate taskISRLockInv_p() = // TODO: // (RP-Unsched) Read permissions for unscheduled tasks // (RP-All) + (RP-Unsched) => Write permissions for unscheduled tasks - true + // ∀t ∈ tasks. t->xTaskState == taskTASK_NOT_RUNNING + // -> [1/2]shared_TCB_p(t, taskTASK_NOT_RUNNING) + foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) &*& readyLists_p(?gCellLists, ?gOwnerLists) &*& @@ -146,7 +148,8 @@ predicate exists_in_taskISRLockInv_p(list gTasks, list gStates) = exists(gTasks) &*& exists(gStates) &*& - length(gTasks) == length(gStates); + length(gTasks) == length(gStates) &*& + distinct(gTasks) == true; // Auxiliary function that allows us to partially apply the list argument. // @@ -166,10 +169,125 @@ predicate_ctor readOnly_sharedSeg_TCB_p (TCB_t* t;) = mem(t, tasks) == true &*& [1/2]sharedSeg_TCB_p(t, nth(index_of(t, tasks), states)); + +predicate_ctor readOnly_sharedSeg_TCB_IF_not_running_p + (list tasks, list states) + (TCB_t* t;) = + mem(t, tasks) == true &*& + nth(index_of(t, tasks), states) == taskTASK_NOT_RUNNING + ? [1/2]sharedSeg_TCB_p(t, taskTASK_NOT_RUNNING) + : true; +@*/ + + + +/*@ +lemma void nonauto_nth_update(int i, int j, t y, list xs); + requires 0 <= i && i < length(xs) && 0 <= j && j < length(xs); + ensures nth(i, update(j, y, xs)) == (i == j ? y : nth(i, xs)); +@*/ + + + +/*@ +lemma void update_readOnly_sharedSeg_TCB(TCB_t* t, + list tasks, + list states, + int updatedIndex, + TaskRunning_t s) +requires readOnly_sharedSeg_TCB_p(tasks, states)(t) &*& + updatedIndex != index_of(t, tasks) &*& + mem(t, tasks) == true &*& + length(tasks) == length(states); +ensures readOnly_sharedSeg_TCB_p(tasks, update(updatedIndex, s, states))(t); +{ + list states2 = update(updatedIndex, s, states); + int t_index = index_of(t, tasks); + + if( updatedIndex < 0 || updatedIndex >= length(states) ) { + update_out_of_bounds(updatedIndex, s, states); + } else { + open readOnly_sharedSeg_TCB_p(tasks, states)(t); + open [1/2]sharedSeg_TCB_p(t, nth(t_index, states)); + + mem_index_of(t, tasks); + nth_update(t_index, updatedIndex, s, states); + assert( nth(t_index, states) == nth(t_index, states2) ); + + close [1/2]sharedSeg_TCB_p(t, nth(t_index, states2)); + close readOnly_sharedSeg_TCB_p(tasks, states2)(t); + } +} + + +lemma void update_foreach_readOnly_sharedSeg_TCB(TCB_t* updatedTask, + list tasks, + list subTasks, + list states, + list states2, + TaskRunning_t s) +requires + mem(updatedTask, tasks) == true &*& + length(tasks) == length(states) &*& + foreach(subTasks, readOnly_sharedSeg_TCB_p(tasks, states)) &*& + states2 == update(index_of(updatedTask, tasks), s, states) &*& + distinct(tasks) == true &*& + mem(updatedTask, subTasks) == false &*& + subset(subTasks, tasks) == true; +ensures + foreach(subTasks, readOnly_sharedSeg_TCB_p(tasks, states2)); +{ + switch(subTasks) { + case nil: + open foreach(nil, readOnly_sharedSeg_TCB_p(tasks, states)); + close foreach(nil, readOnly_sharedSeg_TCB_p(tasks, states2)); + case cons(h, rest): + int index = index_of(updatedTask, tasks); +// distinct_mem_remove(t, tasks); +// neq_mem_remove(h, t, tasks); +// index_of_different(h, t, tasks); + open foreach(subTasks, readOnly_sharedSeg_TCB_p(tasks, states)); + assert( updatedTask != h ); + index_of_different(updatedTask, h, tasks); + assert( index != index_of(h, tasks) ); + update_readOnly_sharedSeg_TCB(h, tasks, states, index, s); + assert( mem(updatedTask, rest) == false ); + update_foreach_readOnly_sharedSeg_TCB(updatedTask, tasks, rest, + states, states2, s); + close foreach(subTasks, readOnly_sharedSeg_TCB_p(tasks, states2)); + } +} + + +lemma void close_updated_foreach_readOnly_sharedSeg_TCB(TCB_t* updatedTask, + list tasks, + list states, + list states2, + TaskRunning_t s) +requires + mem(updatedTask, tasks) == true &*& + length(states) == length(tasks) &*& + distinct(tasks) == true &*& + foreach(remove(updatedTask, tasks), readOnly_sharedSeg_TCB_p(tasks, states)) &*& + states2 == update(index_of(updatedTask, tasks), s, states) &*& + [1/2]sharedSeg_TCB_p(updatedTask, s); +ensures + foreach(tasks, readOnly_sharedSeg_TCB_p(tasks, states2)); +{ + distinct_mem_remove(updatedTask, tasks); + remove_result_subset(updatedTask, tasks); + + close readOnly_sharedSeg_TCB_p(tasks, states2)(updatedTask); + update_foreach_readOnly_sharedSeg_TCB(updatedTask, tasks, + remove(updatedTask, tasks), + states, states2, s); + foreach_unremove(updatedTask, tasks); +} @*/ + #endif /* VERIFAST_LOCK_PREDICATES_H */ \ No newline at end of file From e403e8bc74d94da36b330c9c6df66ddb1c82ab0b Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sat, 3 Dec 2022 18:05:15 -0500 Subject: [PATCH 182/289] Added lemma to update the read permissions for unscheduled tasks after a task has been stopped. --- tasks.c | 64 +++++++++---------- .../verifast/proof/verifast_lock_predicates.h | 53 ++++++++++++++- 2 files changed, 83 insertions(+), 34 deletions(-) diff --git a/tasks.c b/tasks.c index 577afa43aa4..14522b50585 100644 --- a/tasks.c +++ b/tasks.c @@ -1057,7 +1057,9 @@ static void prvYieldForTask( TCB_t * pxTCB, foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStates)) &*& // Write permission for task scheduled on this core - [1/2]sharedSeg_TCB_p(gCurrentTCB, ?gCurrentTCB_state) + [1/2]sharedSeg_TCB_p(gCurrentTCB, ?gCurrentTCB_state) &*& + gCurrentTCB_state != taskTASK_NOT_RUNNING &*& + nth(index_of(gCurrentTCB, gTasks), gStates) == gCurrentTCB_state &*& // TODO: // Write permissions for unscheduled tasks @@ -1155,56 +1157,54 @@ static void prvYieldForTask( TCB_t * pxTCB, //@ close readOnly_sharedSeg_TCB_p(gTasks, gStates)(pxTCB); //@ foreach_unremove(pxTCB, gTasks); //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) ); // Get 2nd half of write permission for `gCurrentTCB` //@ foreach_remove(gCurrentTCB, gTasks); //@ assert( foreach(remove(gCurrentTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); - //@ int gCurrentTCB_index = index_of(gCurrentTCB, gTasks); - /*@ list gStates1 = - update(gCurrentTCB_index, taskTASK_NOT_RUNNING, gStates); - @*/ - /* If the task is not being executed by any core swap it in */ pxCurrentTCBs[ xCoreID ]->xTaskRunState = taskTASK_NOT_RUNNING; - //@ assert( foreach(remove(gCurrentTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) ); + /*@ list gStates1 = + update(index_of(gCurrentTCB, gTasks), taskTASK_NOT_RUNNING, gStates); + @*/ //@ open exists_in_taskISRLockInv_p(gTasks, gStates); - /*@ close_updated_foreach_readOnly_sharedSeg_TCB - (gCurrentTCB, gTasks, gStates, - gStates1, taskTASK_NOT_RUNNING); + /*@ close_updated_foreach_readOnly_sharedSeg_TCB(gCurrentTCB, gTasks, gStates, + gStates1, taskTASK_NOT_RUNNING); @*/ - -//@ assume(false); - /*@ list gStates2 = - update(gCurrentTCB_index, taskTASK_NOT_RUNNING, gStates); + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStates1)) ); + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) ); + /*@ stopUpdate_foreach_readOnly_sharedSeg_TCB_IF_not_running + (gCurrentTCB, gTasks, gTasks, gStates, gStates1); @*/ + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates1)) ); - // If we acquired an additional second half of a - // write permission for `gCurrentTCB`, release it. - /*@ - if( gCurrentTCB == pxTCB ) { - // We used the opened `sharedSeg_TCB_p` chunk - // for `pxTCB`. - // => We don't have to close anything. - } else { - close sharedSeg_TCB_p(gCurrentTCB, taskTASK_NOT_RUNNING); - assert( gCurrentTCB_index < length(gTasks) ); - assert( gCurrentTCB_index < length(gStates) ); - // nonauto_nth_update(gCurrentTCB_index, gCurrentTCB_index, taskTASK_NOT_RUNNING, gStates); - // assert( taskTASK_NOT_RUNNING == nth(gCurrentTCB_index, gStates2) ); - assume( taskTASK_NOT_RUNNING == nth(gCurrentTCB_index, gStates2) ); - close readOnly_sharedSeg_TCB_p(gTasks, gStates2)(gCurrentTCB); - foreach_unremove(gCurrentTCB, remove(pxTCB, gTasks)); - } - @*/ + + // Get write permission for `pxTCB` + //@ foreach_remove(pxTCB, gTasks); + //@ foreach_remove(pxTCB, gTasks); #if ( ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) ) pxPreviousTCB = pxCurrentTCBs[ xCoreID ]; #endif pxTCB->xTaskRunState = ( TaskRunning_t ) xCoreID; + //@ assert( foreach(remove(pxTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates1)) ); + //@ assert( foreach(remove(pxTCB, gTasks), readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) ); + /*@ list gStates2 = + update(index_of(pxTCB, gTasks), xCoreID, gStates1); + @*/ + + /*@ close_updated_foreach_readOnly_sharedSeg_TCB(pxTCB, gTasks, gStates1, + gStates2, xCoreID); + @*/ + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStates2)) ); + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates2)) ); + + pxCurrentTCBs[ xCoreID ] = pxTCB; xTaskScheduled = pdTRUE; diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/verification/verifast/proof/verifast_lock_predicates.h index 27f4b238879..1a23bd9f92c 100644 --- a/verification/verifast/proof/verifast_lock_predicates.h +++ b/verification/verifast/proof/verifast_lock_predicates.h @@ -107,9 +107,10 @@ predicate taskISRLockInv_p() = &*& // (RP-Current) Read permission for task currently scheduled on this core // (RP-All) + (RP-Current) => Write permission for scheduled task - [1/2]sharedSeg_TCB_p(gCurrentTCB, ?gCurrentTCB_state) + [1/2]sharedSeg_TCB_p(gCurrentTCB, ?gCurrentTCB_state) &*& + gCurrentTCB_state != taskTASK_NOT_RUNNING &*& + nth(index_of(gCurrentTCB, gTasks), gStates) == gCurrentTCB_state &*& - // TODO: // (RP-Unsched) Read permissions for unscheduled tasks // (RP-All) + (RP-Unsched) => Write permissions for unscheduled tasks // ∀t ∈ tasks. t->xTaskState == taskTASK_NOT_RUNNING @@ -283,6 +284,54 @@ ensures states, states2, s); foreach_unremove(updatedTask, tasks); } + + +lemma void stopUpdate_foreach_readOnly_sharedSeg_TCB_IF_not_running + (TCB_t* stoppedTask, list tasks, list subTasks, + list states, list states2) +requires + distinct(tasks) == true &*& + distinct(subTasks) == true &*& + length(tasks) == length(states) &*& + foreach(subTasks, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states)) &*& + states2 == update(index_of(stoppedTask, tasks), taskTASK_NOT_RUNNING, states) &*& + nth(index_of(stoppedTask, tasks), states) != taskTASK_NOT_RUNNING &*& + subset(subTasks, tasks) == true &*& + mem(stoppedTask, tasks) == true &*& + mem(stoppedTask, subTasks) + ? [1/2]sharedSeg_TCB_p(stoppedTask, taskTASK_NOT_RUNNING) + : true; +ensures + foreach(subTasks, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states2)); +{ + switch(subTasks) { + case nil: + open foreach(nil, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states)); + close foreach(nil, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states2)); + case cons(h, t): + if( h == stoppedTask ) { + assert( remove(stoppedTask, subTasks) == t ); + distinct_mem_remove(stoppedTask, subTasks); + assert( mem(stoppedTask, t) == false ); + mem_index_of(stoppedTask, tasks); + } else { + mem_index_of(stoppedTask, tasks); + nth_update(index_of(h, tasks), index_of(stoppedTask, tasks), taskTASK_NOT_RUNNING, states); + index_of_different(h, stoppedTask, tasks); + assert( index_of(h, tasks) != index_of(stoppedTask, tasks) ); + assert( nth(index_of(h, tasks), states) == nth(index_of(h, tasks), states2) ); + } + + nth_update(index_of(stoppedTask, tasks), index_of(stoppedTask, tasks), taskTASK_NOT_RUNNING, states); + open foreach(subTasks, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states)); + open readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states)(h); + assert( nth(index_of(stoppedTask, tasks), states2) == taskTASK_NOT_RUNNING ); + close readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states2)(h); + stopUpdate_foreach_readOnly_sharedSeg_TCB_IF_not_running + (stoppedTask, tasks, t, states, states2); + close foreach(subTasks, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states2)); + } +} @*/ From 6a0b2116fe167c585b6dc74fe2082a938ce357ae Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sun, 4 Dec 2022 09:17:13 -0500 Subject: [PATCH 183/289] Added lemmas to define updated state lists and reason locally about results. Local reasoning necessary to avoid auto-lemma application loops. --- tasks.c | 14 +++-- .../verifast/proof/verifast_lists_extended.h | 6 +- .../verifast/proof/verifast_lock_predicates.h | 61 +++++++++++++++++++ 3 files changed, 74 insertions(+), 7 deletions(-) diff --git a/tasks.c b/tasks.c index 14522b50585..7a27470110f 100644 --- a/tasks.c +++ b/tasks.c @@ -1143,6 +1143,8 @@ static void prvYieldForTask( TCB_t * pxTCB, #endif #endif { + //@ open exists_in_taskISRLockInv_p(gTasks, gStates); + //@ assert( nth(index_of(pxTCB, gTasks), gStates) == taskTASK_NOT_RUNNING); //@ assert( foreach(remove(pxTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); //@ assert( gCurrentTCB == pxCurrentTCBs[ xCoreID ] ); //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) ); @@ -1167,11 +1169,10 @@ static void prvYieldForTask( TCB_t * pxTCB, pxCurrentTCBs[ xCoreID ]->xTaskRunState = taskTASK_NOT_RUNNING; //@ assert( foreach(remove(gCurrentTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) ); - /*@ list gStates1 = - update(index_of(gCurrentTCB, gTasks), taskTASK_NOT_RUNNING, gStates); - @*/ - //@ open exists_in_taskISRLockInv_p(gTasks, gStates); + // New stsates list reflects state update above. + //@ list gStates1 = def_state1(gTasks, gStates, gCurrentTCB, pxTCB); + //@ assert( nth(index_of(pxTCB, gTasks), gStates1) == taskTASK_NOT_RUNNING); /*@ close_updated_foreach_readOnly_sharedSeg_TCB(gCurrentTCB, gTasks, gStates, gStates1, taskTASK_NOT_RUNNING); @@ -1187,15 +1188,16 @@ static void prvYieldForTask( TCB_t * pxTCB, // Get write permission for `pxTCB` //@ foreach_remove(pxTCB, gTasks); //@ foreach_remove(pxTCB, gTasks); + //@ open readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates1)(pxTCB); #if ( ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) ) pxPreviousTCB = pxCurrentTCBs[ xCoreID ]; #endif pxTCB->xTaskRunState = ( TaskRunning_t ) xCoreID; //@ assert( foreach(remove(pxTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates1)) ); - //@ assert( foreach(remove(pxTCB, gTasks), readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) ); + //@ assert( foreach(remove(pxTCB, gTasks), readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates1)) ); /*@ list gStates2 = - update(index_of(pxTCB, gTasks), xCoreID, gStates1); + def_state2(gTasks, gStates, gCurrentTCB, pxTCB, xCoreID); @*/ /*@ close_updated_foreach_readOnly_sharedSeg_TCB(pxTCB, gTasks, gStates1, diff --git a/verification/verifast/proof/verifast_lists_extended.h b/verification/verifast/proof/verifast_lists_extended.h index 23080910ccf..ff56d5c0cd6 100644 --- a/verification/verifast/proof/verifast_lists_extended.h +++ b/verification/verifast/proof/verifast_lists_extended.h @@ -175,7 +175,11 @@ ensures subset(remove(x, xs), xs) == true; // } // } - +// TODO: Can we prove this in VeriFast or do we have to axiomatise? +// Special case of `nth_update` from `listex.gh`. +lemma void update_preserves_rest(int i, int u, t v, list xs); +requires 0 <= i && i < length(xs) && 0 <= u && u < length(xs) && i != u; +ensures nth(i, update(u, v, xs)) == nth(i, xs); @*/ diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/verification/verifast/proof/verifast_lock_predicates.h index 1a23bd9f92c..a71eb59f5d7 100644 --- a/verification/verifast/proof/verifast_lock_predicates.h +++ b/verification/verifast/proof/verifast_lock_predicates.h @@ -190,6 +190,9 @@ lemma void nonauto_nth_update(int i, int j, t y, list xs); +// ----------------------------------------------------------------------- +// TODO: Move lemmas below to separate header file. + /*@ lemma void update_readOnly_sharedSeg_TCB(TCB_t* t, list tasks, @@ -334,6 +337,64 @@ ensures } @*/ +/*@ +lemma list def_state1(list tasks, + list states, + TCB_t* currentTask, + TCB_t* readyTask) +requires + distinct(tasks) == true &*& + length(tasks) == length(states) &*& + currentTask != readyTask &*& + mem(currentTask, tasks) == true &*& + mem(readyTask, tasks) == true &*& + nth(index_of(readyTask, tasks), states) == taskTASK_NOT_RUNNING; +ensures + result == update(index_of(currentTask, tasks), taskTASK_NOT_RUNNING, states) &*& + nth(index_of(readyTask, tasks), result) == taskTASK_NOT_RUNNING &*& + nth(index_of(currentTask, tasks), result) == taskTASK_NOT_RUNNING; +{ + list states1 = + update(index_of(currentTask, tasks), taskTASK_NOT_RUNNING, states); + + mem_index_of(currentTask, tasks); + mem_index_of(readyTask, tasks); + nth_update(index_of(readyTask, tasks), index_of(currentTask, tasks), taskTASK_NOT_RUNNING, states); + + return states1; +} + +lemma list def_state2(list tasks, + list states, + TCB_t* currentTask, + TCB_t* readyTask, + int coreID) +requires + distinct(tasks) == true &*& + length(tasks) == length(states) &*& + currentTask != readyTask &*& + mem(currentTask, tasks) == true &*& + mem(readyTask, tasks) == true &*& + nth(index_of(readyTask, tasks), states) == taskTASK_NOT_RUNNING &*& + nth(index_of(currentTask, tasks), states) != taskTASK_NOT_RUNNING &*& + 0 <= coreID &*& coreID < configNUM_CORES; +ensures + result == + update(index_of(readyTask, tasks), coreID, + update(index_of(currentTask, tasks), taskTASK_NOT_RUNNING, states)) + &*& + nth(index_of(readyTask, tasks), result) == coreID &*& + nth(index_of(currentTask, tasks), result) == taskTASK_NOT_RUNNING; +{ + list states1 = def_state1(tasks, states, currentTask, readyTask); + + list states2 = + update(index_of(readyTask, tasks), coreID, states1); + + return states2; +} +@*/ + From fbf4ba981fae37b99799c11d9e6c08aed460dd30 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sun, 4 Dec 2022 10:19:48 -0500 Subject: [PATCH 184/289] Added lemmas to update read permissions for unscheduled tasks after new task has been started. --- tasks.c | 3 + .../verifast/proof/verifast_lock_predicates.h | 63 +++++++++++++++++++ 2 files changed, 66 insertions(+) diff --git a/tasks.c b/tasks.c index 7a27470110f..0f9f37b01aa 100644 --- a/tasks.c +++ b/tasks.c @@ -1203,6 +1203,9 @@ static void prvYieldForTask( TCB_t * pxTCB, /*@ close_updated_foreach_readOnly_sharedSeg_TCB(pxTCB, gTasks, gStates1, gStates2, xCoreID); @*/ + /*@ startUpdate_foreach_readOnly_sharedSeg_TCB_IF_not_running + (pxTCB, gTasks, gStates1, gStates2, xCoreID); + @*/ //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStates2)) ); //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates2)) ); diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/verification/verifast/proof/verifast_lock_predicates.h index a71eb59f5d7..f369d791286 100644 --- a/verification/verifast/proof/verifast_lock_predicates.h +++ b/verification/verifast/proof/verifast_lock_predicates.h @@ -335,8 +335,71 @@ ensures close foreach(subTasks, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states2)); } } + +lemma void updateUnaffectedStates_in_foreach_readOnly_sharedSeg_TCB_IF_not_running + (TCB_t* updatedTask, list tasks, list subTasks, + list states, list updatedStates, + TaskRunning_t s) +requires + distinct(tasks) == true &*& + distinct(subTasks) == true &*& + length(tasks) == length(states) &*& + mem(updatedTask, tasks) == true &*& + mem(updatedTask, subTasks) == false &*& + subset(subTasks, tasks) == true &*& + foreach(subTasks, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states)) &*& + updatedStates == update(index_of(updatedTask, tasks), s, states); +ensures + foreach(subTasks, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, updatedStates)); +{ + switch(subTasks) { + case nil: + open foreach(nil, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states)); + close foreach(nil, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, updatedStates)); + case cons(h, t): + open foreach(subTasks, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states)); + + // Prove that update preserves state of `h`. + index_of_different(h, updatedTask, tasks); + nth_update(index_of(h, tasks), index_of(updatedTask, tasks), s, states); + assert( nth(index_of(h, tasks), states) == nth(index_of(h, tasks), updatedStates) ); + + open readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states)(h); + close readOnly_sharedSeg_TCB_IF_not_running_p(tasks, updatedStates)(h); + updateUnaffectedStates_in_foreach_readOnly_sharedSeg_TCB_IF_not_running + (updatedTask, tasks, t, states, updatedStates, s); + close foreach(subTasks, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, updatedStates)); + } +} + +lemma void startUpdate_foreach_readOnly_sharedSeg_TCB_IF_not_running + (TCB_t* startedTask, list tasks, + list states, list updatedStates, + int coreID) +requires + distinct(tasks) == true &*& + length(tasks) == length(states) &*& + mem(startedTask, tasks) == true &*& + foreach(remove(startedTask, tasks), readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states)) &*& + updatedStates == update(index_of(startedTask, tasks), coreID, states) &*& + 0 <= coreID &*& coreID < configNUM_CORES; +ensures + foreach(tasks, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, updatedStates)); +{ + distinct_remove(startedTask, tasks); + distinct_mem_remove(startedTask, tasks); + remove_result_subset(startedTask, tasks); + updateUnaffectedStates_in_foreach_readOnly_sharedSeg_TCB_IF_not_running + (startedTask, tasks, remove(startedTask, tasks), states, updatedStates, + coreID); + + assert( foreach(remove(startedTask, tasks), readOnly_sharedSeg_TCB_IF_not_running_p(tasks, updatedStates)) ); + close readOnly_sharedSeg_TCB_IF_not_running_p(tasks, updatedStates)(startedTask); + foreach_unremove(startedTask, tasks); +} @*/ + /*@ lemma list def_state1(list tasks, list states, From b594404b5960c834cc44e0e995f0a34a980b58fd Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sun, 4 Dec 2022 10:33:36 -0500 Subject: [PATCH 185/289] Restored loop invariant at end of task-swapping branch --- tasks.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/tasks.c b/tasks.c index 0f9f37b01aa..342a42ffbeb 100644 --- a/tasks.c +++ b/tasks.c @@ -1135,6 +1135,7 @@ static void prvYieldForTask( TCB_t * pxTCB, } #endif /* if ( ( configRUN_MULTIPLE_PRIORITIES == 0 ) && ( configNUM_CORES > 1 ) ) */ + //@ bool gPxTCB_not_running = (pxTCB->xTaskRunState == taskTASK_NOT_RUNNING); if( pxTCB->xTaskRunState == taskTASK_NOT_RUNNING ) { #if ( configNUM_CORES > 1 ) @@ -1213,18 +1214,9 @@ static void prvYieldForTask( TCB_t * pxTCB, pxCurrentTCBs[ xCoreID ] = pxTCB; xTaskScheduled = pdTRUE; - - - - - - // Release second half of write permission for `pxTCB` - //@ foreach_unremove(pxTCB, gTasks); - - // Ensure we restored the collection as it was - // at the beginning of the block. - //@ assert( foreach(remove(pxTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) ); + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStates2)) ); + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates2)) ); + //@ close exists_in_taskISRLockInv_p(gTasks, gStates2); } } else if( pxTCB == pxCurrentTCBs[ xCoreID ] ) @@ -1242,6 +1234,14 @@ static void prvYieldForTask( TCB_t * pxTCB, xTaskScheduled = pdTRUE; } } + /*@ + if( !gPxTCB_not_running ) { // else branch of swapping if-statement above + // Put read permission for `pxTCB` back + close [1/2]sharedSeg_TCB_p(pxTCB, _); + close readOnly_sharedSeg_TCB_p(gTasks, gStates)(pxTCB); + foreach_unremove(pxTCB, gTasks); + } + @*/ //@ close xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners); @@ -1256,9 +1256,9 @@ static void prvYieldForTask( TCB_t * pxTCB, break; } - //@ close sharedSeg_TCB_p(pxTCB); - //@ close readOnly_sharedSeg_TCB(pxTCB); - //@ foreach_unremove(pxTCB, gTasks); + //@ assert( exists_in_taskISRLockInv_p(gTasks, ?gStatesEnd) ); + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStatesEnd)) ); + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStatesEnd)) ); } while( pxTaskItem != pxLastTaskItem ); From 61bffc4617152d723eafc1fcd1bb99c6e500b30a Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sun, 4 Dec 2022 10:46:05 -0500 Subject: [PATCH 186/289] Adapted loop invariant to reflect potential change of state lists. --- tasks.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks.c b/tasks.c index 342a42ffbeb..01ae07e4f17 100644 --- a/tasks.c +++ b/tasks.c @@ -988,7 +988,7 @@ static void prvYieldForTask( TCB_t * pxTCB, #endif //@ open taskISRLockInv_p(); - //@ assert( exists_in_taskISRLockInv_p(?gTasks, ?gStates) ); + //@ assert( exists_in_taskISRLockInv_p(?gTasks, ?gStates0) ); //@ open readyLists_p(?gCellLists, ?gOwnerLists); //@ List_array_p_index_within_limits(&pxReadyTasksLists, uxCurrentPriority); @@ -1051,7 +1051,7 @@ static void prvYieldForTask( TCB_t * pxTCB, mem(pxTaskItem, gCells) == true &*& xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners) &*& gSize > 0 &*& - exists_in_taskISRLockInv_p(gTasks, gStates) + exists_in_taskISRLockInv_p(gTasks, ?gStates) &*& // Read permissions for every task foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStates)) From 00bb9d4a17871fac409d08e7572b44f47e5d1ef1 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sun, 4 Dec 2022 11:54:07 -0500 Subject: [PATCH 187/289] Verified runtime assertion that running task is either scheduled or yielding. --- tasks.c | 22 ++++++++-- .../verifast/proof/verifast_lock_predicates.h | 42 ++++++++++++++++++- 2 files changed, 59 insertions(+), 5 deletions(-) diff --git a/tasks.c b/tasks.c index 01ae07e4f17..19fc931cf26 100644 --- a/tasks.c +++ b/tasks.c @@ -1058,7 +1058,8 @@ static void prvYieldForTask( TCB_t * pxTCB, &*& // Write permission for task scheduled on this core [1/2]sharedSeg_TCB_p(gCurrentTCB, ?gCurrentTCB_state) &*& - gCurrentTCB_state != taskTASK_NOT_RUNNING &*& +// gCurrentTCB_state != taskTASK_NOT_RUNNING &*& + (gCurrentTCB_state == coreID_f() || gCurrentTCB_state == taskTASK_YIELDING) &*& nth(index_of(gCurrentTCB, gTasks), gStates) == gCurrentTCB_state &*& // TODO: @@ -1221,7 +1222,6 @@ static void prvYieldForTask( TCB_t * pxTCB, } else if( pxTCB == pxCurrentTCBs[ xCoreID ] ) { -//@ assume(false); configASSERT( ( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == taskTASK_YIELDING ) ); #if ( configNUM_CORES > 1 ) #if ( configUSE_CORE_AFFINITY == 1 ) @@ -1229,13 +1229,27 @@ static void prvYieldForTask( TCB_t * pxTCB, #endif #endif { + //@ assert( pxTCB->xTaskRunState != taskTASK_NOT_RUNNING ); + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) ); + //@ assert( nth(index_of(pxTCB, gTasks), gStates) != taskTASK_NOT_RUNNING); + /* The task is already running on this core, mark it as scheduled */ pxTCB->xTaskRunState = ( TaskRunning_t ) xCoreID; xTaskScheduled = pdTRUE; + + /*@ list gEquivStates + = update(index_of(pxTCB, gTasks), xCoreID, gStates); + @*/ + //@ open exists_in_taskISRLockInv_p(gTasks, gStates); + /*@ scheduleRunning_in_foreach_readOnly_sharedSeg_TCB_IF_not_running + (pxTCB, gTasks, gStates, gEquivStates, xCoreID); + @*/ + //@ close exists_in_taskISRLockInv_p(gTasks, gEquivStates); } } /*@ - if( !gPxTCB_not_running ) { // else branch of swapping if-statement above + if( !gPxTCB_not_running && pxTCB != gCurrentTCB ) { + assert( exists_in_taskISRLockInv_p(gTasks, gStates) ); // Put read permission for `pxTCB` back close [1/2]sharedSeg_TCB_p(pxTCB, _); close readOnly_sharedSeg_TCB_p(gTasks, gStates)(pxTCB); @@ -1256,7 +1270,7 @@ static void prvYieldForTask( TCB_t * pxTCB, break; } - //@ assert( exists_in_taskISRLockInv_p(gTasks, ?gStatesEnd) ); + //@ assert( exists_in_taskISRLockInv_p(gTasks, ?gStatesEnd) ); //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStatesEnd)) ); //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStatesEnd)) ); } while( pxTaskItem != pxLastTaskItem ); diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/verification/verifast/proof/verifast_lock_predicates.h index f369d791286..c6eea6a7ff2 100644 --- a/verification/verifast/proof/verifast_lock_predicates.h +++ b/verification/verifast/proof/verifast_lock_predicates.h @@ -108,7 +108,8 @@ predicate taskISRLockInv_p() = // (RP-Current) Read permission for task currently scheduled on this core // (RP-All) + (RP-Current) => Write permission for scheduled task [1/2]sharedSeg_TCB_p(gCurrentTCB, ?gCurrentTCB_state) &*& - gCurrentTCB_state != taskTASK_NOT_RUNNING &*& +// gCurrentTCB_state != taskTASK_NOT_RUNNING &*& + (gCurrentTCB_state == coreID_f() || gCurrentTCB_state == taskTASK_YIELDING) &*& nth(index_of(gCurrentTCB, gTasks), gStates) == gCurrentTCB_state &*& // (RP-Unsched) Read permissions for unscheduled tasks @@ -397,6 +398,45 @@ ensures close readOnly_sharedSeg_TCB_IF_not_running_p(tasks, updatedStates)(startedTask); foreach_unremove(startedTask, tasks); } + +lemma void scheduleRunning_in_foreach_readOnly_sharedSeg_TCB_IF_not_running + (TCB_t* runningTask, list tasks, + list states, list updatedStates, + int coreID) +requires + distinct(tasks) == true &*& + length(tasks) == length(states) &*& + mem(runningTask, tasks) == true &*& + (nth(index_of(runningTask, tasks), states) == coreID + || nth(index_of(runningTask, tasks), states) == taskTASK_YIELDING) + &*& + foreach(tasks, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states)) &*& + updatedStates == update(index_of(runningTask, tasks), coreID, states) &*& + 0 <= coreID &*& coreID < configNUM_CORES; +ensures + foreach(tasks, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, updatedStates)) &*& + nth(index_of(runningTask, tasks), updatedStates) == coreID; +{ + switch(tasks) { + case nil: + open foreach(nil, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states)); + close foreach(nil, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, updatedStates)); + case cons(h, t): + foreach_remove(runningTask, tasks); + + distinct_remove(runningTask, tasks); + distinct_mem_remove(runningTask, tasks); + remove_result_subset(runningTask, tasks); + updateUnaffectedStates_in_foreach_readOnly_sharedSeg_TCB_IF_not_running + (runningTask, tasks, remove(runningTask, tasks), + states, updatedStates, coreID); + + open readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states)(runningTask); + close readOnly_sharedSeg_TCB_IF_not_running_p(tasks, updatedStates)(runningTask); + + foreach_unremove(runningTask, tasks); + } +} @*/ From e71756e4cb4a66da6cb319d3b650422fad100335 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sun, 4 Dec 2022 13:46:32 -0500 Subject: [PATCH 188/289] Proved that decrementing `uxTopReadyPriority` does not lead to underflow. --- tasks.c | 17 ++++--- .../verifast/proof/ready_list_predicates.h | 5 ++- .../verifast/proof/verifast_lock_predicates.h | 45 +++++++++++++++++++ 3 files changed, 57 insertions(+), 10 deletions(-) diff --git a/tasks.c b/tasks.c index 19fc931cf26..e2380e65b02 100644 --- a/tasks.c +++ b/tasks.c @@ -946,7 +946,7 @@ static void prvYieldForTask( TCB_t * pxTCB, #if ( ( configRUN_MULTIPLE_PRIORITIES == 0 ) && ( configNUM_CORES > 1 ) ) BaseType_t xPriorityDropped = pdFALSE; #endif - //@ close taskISRLockInv_p(); + //@ close _taskISRLockInv_p(gTopReadyPriority); while( xTaskScheduled == pdFALSE ) /*@ invariant @@ -958,7 +958,7 @@ static void prvYieldForTask( TCB_t * pxTCB, interruptsDisabled_f(state) == true &*& taskLockInv_p() &*& isrLockInv_p() &*& - taskISRLockInv_p() + _taskISRLockInv_p(gTopReadyPriority) &*& // opened predicate `coreLocalInterruptInv_p()` [0.5]pointer(&pxCurrentTCBs[coreID_f], gCurrentTCB) &*& @@ -971,8 +971,8 @@ static void prvYieldForTask( TCB_t * pxTCB, &*& // additional knowledge 0 <= uxCurrentPriority &*& uxCurrentPriority <= gTopReadyPriority &*& - gTopReadyPriority < configMAX_PRIORITIES - ; + gTopReadyPriority < configMAX_PRIORITIES; +// 0 <= uxCurrentPriority &*& uxCurrentPriority < configMAX_PRIORITIES; @*/ { #if ( ( configRUN_MULTIPLE_PRIORITIES == 0 ) && ( configNUM_CORES > 1 ) ) @@ -987,8 +987,10 @@ static void prvYieldForTask( TCB_t * pxTCB, } #endif - //@ open taskISRLockInv_p(); + //@ open _taskISRLockInv_p(gTopReadyPriority); //@ assert( exists_in_taskISRLockInv_p(?gTasks, ?gStates0) ); + //@ assert( integer_((void*) &uxTopReadyPriority, sizeof(UBaseType_t), false, gTopReadyPriority) ); + //@ assert( gTopReadyPriority == uxTopReadyPriority); //@ open readyLists_p(?gCellLists, ?gOwnerLists); //@ List_array_p_index_within_limits(&pxReadyTasksLists, uxCurrentPriority); @@ -999,6 +1001,7 @@ static void prvYieldForTask( TCB_t * pxTCB, //@ assert( mem(gOwners, gOwnerLists) == true ); //@ open xLIST(gReadyList, _, _, _, _, _, _); + //@ assert( length(gCells) == gReadyList->uxNumberOfItems + 1 ); if( listLIST_IS_EMPTY( &( pxReadyTasksLists[ uxCurrentPriority ] ) ) == pdFALSE ) { List_t * const pxReadyList = &( pxReadyTasksLists[ uxCurrentPriority ] ); @@ -1058,11 +1061,9 @@ static void prvYieldForTask( TCB_t * pxTCB, &*& // Write permission for task scheduled on this core [1/2]sharedSeg_TCB_p(gCurrentTCB, ?gCurrentTCB_state) &*& -// gCurrentTCB_state != taskTASK_NOT_RUNNING &*& (gCurrentTCB_state == coreID_f() || gCurrentTCB_state == taskTASK_YIELDING) &*& nth(index_of(gCurrentTCB, gTasks), gStates) == gCurrentTCB_state &*& - // TODO: // Write permissions for unscheduled tasks foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) &*& @@ -1281,8 +1282,6 @@ static void prvYieldForTask( TCB_t * pxTCB, { if( xDecrementTopPriority != pdFALSE ) { -// TODO: Remove tmp assumptions -//@ assume( uxTopReadyPriority > 0); uxTopReadyPriority--; #if ( ( configRUN_MULTIPLE_PRIORITIES == 0 ) && ( configNUM_CORES > 1 ) ) { diff --git a/verification/verifast/proof/ready_list_predicates.h b/verification/verifast/proof/ready_list_predicates.h index 1a416a3a82a..aec568dea40 100644 --- a/verification/verifast/proof/ready_list_predicates.h +++ b/verification/verifast/proof/ready_list_predicates.h @@ -11,7 +11,10 @@ predicate readyLists_p(list > gCellLists, list > gOwnerLists) = configMAX_PRIORITIES == length(gCellLists) &*& List_array_p(&pxReadyTasksLists, configMAX_PRIORITIES, - gCellLists, gOwnerLists); + gCellLists, gOwnerLists) &*& + // List of priority 0 always contains the idle task and the end marker + // nothing else + length( nth(0, gCellLists) ) == 2; predicate List_array_p(List_t* array, int size, diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/verification/verifast/proof/verifast_lock_predicates.h index c6eea6a7ff2..c4592b2d090 100644 --- a/verification/verifast/proof/verifast_lock_predicates.h +++ b/verification/verifast/proof/verifast_lock_predicates.h @@ -127,6 +127,51 @@ predicate taskISRLockInv_p() = forall(gOwnerLists, (superset)(gTasks)) == true; +// Auxiliary predicate. Equal to the lock invariant above but exposes +// some details. +predicate _taskISRLockInv_p(UBaseType_t gTopReadyPriority) = + // Access to global variables + [0.5]pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB) &*& + integer_((void*) &uxSchedulerSuspended, sizeof(UBaseType_t), false, _) &*& + integer_(&xSchedulerRunning, sizeof(BaseType_t), true, _) + &*& + // top ready priority must be in range + integer_((void*) &uxTopReadyPriority, sizeof(UBaseType_t), false, gTopReadyPriority) &*& + 0 <= gTopReadyPriority &*& gTopReadyPriority < configMAX_PRIORITIES + &*& + // tasks / TCBs + exists_in_taskISRLockInv_p(?gTasks, ?gStates) + &*& + // (RP-All) Read permissions for every task + // and recording of task states in state list + // (∀t ∈ gTasks. + // [1/2]sharedSeg_TCB_p(t, _)) + // ∧ + // ∀i. ∀t. gTasks[i] == t -> gStates[i] == t->xTaskRunState + foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStates)) + &*& + // (RP-Current) Read permission for task currently scheduled on this core + // (RP-All) + (RP-Current) => Write permission for scheduled task + [1/2]sharedSeg_TCB_p(gCurrentTCB, ?gCurrentTCB_state) &*& +// gCurrentTCB_state != taskTASK_NOT_RUNNING &*& + (gCurrentTCB_state == coreID_f() || gCurrentTCB_state == taskTASK_YIELDING) &*& + nth(index_of(gCurrentTCB, gTasks), gStates) == gCurrentTCB_state + &*& + // (RP-Unsched) Read permissions for unscheduled tasks + // (RP-All) + (RP-Unsched) => Write permissions for unscheduled tasks + // ∀t ∈ tasks. t->xTaskState == taskTASK_NOT_RUNNING + // -> [1/2]shared_TCB_p(t, taskTASK_NOT_RUNNING) + foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) + &*& + readyLists_p(?gCellLists, ?gOwnerLists) + &*& + // gTasks contains all relevant tasks + mem(gCurrentTCB, gTasks) == true + &*& + // ∀l ∈ gOwnerLists. l ⊆ gTasks + forall(gOwnerLists, (superset)(gTasks)) == true; + + lemma void produce_taskISRLockInv(); requires locked_p(?heldLocks) &*& heldLocks == cons(?i, cons(?t, nil)) &*& From 346a7f778a5bbbaf86a4b01a17415a6a569d8d12 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Mon, 5 Dec 2022 14:40:01 -0500 Subject: [PATCH 189/289] Added lemma to close ready lists predicate. --- .../verifast/proof/ready_list_predicates.h | 48 +++++++++++++++++++ .../verifast/proof/verifast_lists_extended.h | 5 ++ 2 files changed, 53 insertions(+) diff --git a/verification/verifast/proof/ready_list_predicates.h b/verification/verifast/proof/ready_list_predicates.h index aec568dea40..b92bd16105b 100644 --- a/verification/verifast/proof/ready_list_predicates.h +++ b/verification/verifast/proof/ready_list_predicates.h @@ -4,6 +4,9 @@ #include "single_core_proofs/scp_list_predicates.h" +#include "verifast_lists_extended.h" + + /*@ // TODO: We know that the list of priority 0 is never empty. // It contains the idle task and nothing else. @@ -12,6 +15,7 @@ predicate readyLists_p(list > gCellLists, configMAX_PRIORITIES == length(gCellLists) &*& List_array_p(&pxReadyTasksLists, configMAX_PRIORITIES, gCellLists, gOwnerLists) &*& + length(gCellLists) == length(gOwnerLists) &*& // List of priority 0 always contains the idle task and the end marker // nothing else length( nth(0, gCellLists) ) == 2; @@ -125,4 +129,48 @@ ensures List_array_p(array, gSize, gCellLists, gOwnerLists) &*& } @*/ + + +// ------------------------------------------------------------------------- +// Lemmas to close the ready list predicate in different scenarios. +/*@ +lemma void closeUnchanged_readyLists(list > cellLists, + list > ownerLists) +requires + configMAX_PRIORITIES == length(cellLists) &*& + configMAX_PRIORITIES == length(ownerLists) &*& + length( nth(0, cellLists) ) == 2 &*& + List_array_p(&pxReadyTasksLists, ?gIndex, ?gPrefCellLists, ?gPrefOwnerLists) &*& + gIndex < length(cellLists) &*& + xLIST(&pxReadyTasksLists + gIndex, ?gLen, _, _, ?gCells, ?gVals, ?gOwners) &*& + gLen < INT_MAX &*& + gCells == nth(gIndex, cellLists) &*& + gOwners == nth(gIndex, ownerLists) &*& + pointer_within_limits(&pxReadyTasksLists + gIndex) == true &*& + List_array_p(&pxReadyTasksLists + gIndex + 1, configMAX_PRIORITIES - gIndex - 1, + ?gSufCellLists, ?gSufOwnerLists) &*& + gPrefCellLists == take(gIndex, cellLists) &*& + gSufCellLists == drop(gIndex+1, cellLists) &*& + gPrefOwnerLists == take(gIndex, ownerLists) &*& + gSufOwnerLists == drop(gIndex+1, ownerLists); +ensures + readyLists_p(cellLists, ownerLists); +{ + // Prove `0 <= gIndex`: + open List_array_p(&pxReadyTasksLists, gIndex, gPrefCellLists, gPrefOwnerLists); + close List_array_p(&pxReadyTasksLists, gIndex, gPrefCellLists, gPrefOwnerLists); + assert( 0 <= gIndex ); + + List_array_join(&pxReadyTasksLists); + assert( List_array_p(&pxReadyTasksLists, ?gSize, ?gCellLists2, ?gOwnerLists2) ); + + append_take_nth_drop(gIndex, cellLists); + append_take_nth_drop(gIndex, ownerLists); + assert( gSize == configMAX_PRIORITIES ); + assert( gCellLists2 == cellLists ); + assert( gOwnerLists2 == ownerLists ); + + close readyLists_p(cellLists, ownerLists); +} +@*/ #endif /* READY_LIST_PREDICATES_H */ \ No newline at end of file diff --git a/verification/verifast/proof/verifast_lists_extended.h b/verification/verifast/proof/verifast_lists_extended.h index ff56d5c0cd6..0a375e494bd 100644 --- a/verification/verifast/proof/verifast_lists_extended.h +++ b/verification/verifast/proof/verifast_lists_extended.h @@ -180,6 +180,11 @@ ensures subset(remove(x, xs), xs) == true; lemma void update_preserves_rest(int i, int u, t v, list xs); requires 0 <= i && i < length(xs) && 0 <= u && u < length(xs) && i != u; ensures nth(i, update(u, v, xs)) == nth(i, xs); + +// TODO: Can we prove this in VeriFast or do we have to axiomatise? +lemma void append_take_nth_drop(int n, list xs); +requires 0 <= n &*& n < length(xs); +ensures xs == append( take(n, xs), cons(nth(n, xs), drop(n+1, xs)) ); @*/ From ee2922ad80c308d6e8c72a1bceabe1493935c602 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Mon, 5 Dec 2022 14:46:11 -0500 Subject: [PATCH 190/289] Finished some proof branches in `prvSelectHighestPriorityTask`. --- tasks.c | 196 +++++++++++++++--- .../verifast/start-vfide--preprocessed.sh | 1 + 2 files changed, 167 insertions(+), 30 deletions(-) diff --git a/tasks.c b/tasks.c index e2380e65b02..e608f9352b4 100644 --- a/tasks.c +++ b/tasks.c @@ -908,12 +908,13 @@ static void prvYieldForTask( TCB_t * pxTCB, taskISRLockInv_p() &*& // opened predicate `coreLocalInterruptInv_p()` - [0.5]pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB) &*& - integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) &*& - coreLocalSeg_TCB_p(gCurrentTCB, 0) + [1/2]pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB0) &*& + integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) +// coreLocalSeg_TCB_p(gCurrentTCB0, 0) &*& // read access to current task's stack pointer, etc - prvSeg_TCB_p(gCurrentTCB, ?ulFreeBytesOnStack); +// prvSeg_TCB_p(gCurrentTCB0, ?ulFreeBytesOnStack); + true; @*/ /*@ ensures 0 <= xCoreID &*& xCoreID < configNUM_CORES &*& xCoreID == coreID_f() &*& @@ -925,17 +926,18 @@ static void prvYieldForTask( TCB_t * pxTCB, taskISRLockInv_p() &*& // opened predicate `coreLocalInterruptInv_p()` - pointer(&pxCurrentTCBs[coreID_f], gCurrentTCB) &*& - integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) &*& - coreLocalSeg_TCB_p(gCurrentTCB, 0) + [1/2]pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB) &*& + integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) +// coreLocalSeg_TCB_p(gCurrentTCB, 0) &*& // read access to current task's stack pointer, etc - prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack); +// prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack); + true; @*/ { //@ open taskISRLockInv_p(); - //@ assert( integer_((void*) &uxTopReadyPriority, sizeof(UBaseType_t), false, ?gTopReadyPriority) ); - //@ assert( gTopReadyPriority == uxTopReadyPriority); + //@ assert( integer_((void*) &uxTopReadyPriority, sizeof(UBaseType_t), false, ?gTopReadyPriority0) ); + //@ assert( gTopReadyPriority0 == uxTopReadyPriority); UBaseType_t uxCurrentPriority = uxTopReadyPriority; BaseType_t xTaskScheduled = pdFALSE; BaseType_t xDecrementTopPriority = pdTRUE; @@ -946,7 +948,7 @@ static void prvYieldForTask( TCB_t * pxTCB, #if ( ( configRUN_MULTIPLE_PRIORITIES == 0 ) && ( configNUM_CORES > 1 ) ) BaseType_t xPriorityDropped = pdFALSE; #endif - //@ close _taskISRLockInv_p(gTopReadyPriority); + //@ close _taskISRLockInv_p(gTopReadyPriority0); while( xTaskScheduled == pdFALSE ) /*@ invariant @@ -958,21 +960,23 @@ static void prvYieldForTask( TCB_t * pxTCB, interruptsDisabled_f(state) == true &*& taskLockInv_p() &*& isrLockInv_p() &*& - _taskISRLockInv_p(gTopReadyPriority) + _taskISRLockInv_p(?gTopReadyPriority) &*& // opened predicate `coreLocalInterruptInv_p()` - [0.5]pointer(&pxCurrentTCBs[coreID_f], gCurrentTCB) &*& -// pubTCB_p(gCurrentTCB, 0) &*& - integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) &*& - coreLocalSeg_TCB_p(gCurrentTCB, 0) - &*& + [0.5]pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB) &*& + integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) +// coreLocalSeg_TCB_p(gCurrentTCB, 0) +// &*& // read access to current task's stack pointer, etc - prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack) +// prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack) &*& // additional knowledge - 0 <= uxCurrentPriority &*& uxCurrentPriority <= gTopReadyPriority &*& - gTopReadyPriority < configMAX_PRIORITIES; -// 0 <= uxCurrentPriority &*& uxCurrentPriority < configMAX_PRIORITIES; + (xTaskScheduled == 0 + ? (0 <= uxCurrentPriority &*& uxCurrentPriority <= gTopReadyPriority &*& + gTopReadyPriority < configMAX_PRIORITIES + // 0 <= uxCurrentPriority &*& uxCurrentPriority < configMAX_PRIORITIES + ) : true + ); @*/ { #if ( ( configRUN_MULTIPLE_PRIORITIES == 0 ) && ( configNUM_CORES > 1 ) ) @@ -993,8 +997,13 @@ static void prvYieldForTask( TCB_t * pxTCB, //@ assert( gTopReadyPriority == uxTopReadyPriority); //@ open readyLists_p(?gCellLists, ?gOwnerLists); + //@ assert( List_array_p(&pxReadyTasksLists, configMAX_PRIORITIES, gCellLists, gOwnerLists) ); //@ List_array_p_index_within_limits(&pxReadyTasksLists, uxCurrentPriority); //@ List_array_split(pxReadyTasksLists, uxCurrentPriority); + //@ assert( List_array_p(&pxReadyTasksLists, uxCurrentPriority, ?gPrefCellLists, ?gPrefOwnerLists) ); + /*@ assert( List_array_p(&pxReadyTasksLists + uxCurrentPriority + 1, + configMAX_PRIORITIES-uxCurrentPriority-1, ?gSufCellLists, ?gSufOwnerLists) ); + @*/ //@ List_t* gReadyList = &pxReadyTasksLists[uxCurrentPriority]; //@ assert( xLIST(gReadyList, ?gSize, ?gIndex, ?gEnd, ?gCells, ?gVals, ?gOwners) ); @@ -1046,6 +1055,7 @@ static void prvYieldForTask( TCB_t * pxTCB, // Prove that `gTasks` contains all tasks in current ready //@ forall_mem(gOwners, gOwnerLists, (superset)(gTasks)); + //@ bool gInnerLoopBroken = false; do /*@ invariant 0 <= xCoreID &*& xCoreID < configNUM_CORES &*& @@ -1067,7 +1077,17 @@ static void prvYieldForTask( TCB_t * pxTCB, // Write permissions for unscheduled tasks foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) &*& - subset(gOwners, gTasks) == true; + subset(gOwners, gTasks) == true &*& + (uxCurrentPriority == 0 + ? length(gCells) == 2 + : true + ) &*& + List_array_p(&pxReadyTasksLists, uxCurrentPriority, gPrefCellLists, + gPrefOwnerLists) &*& + List_array_p(&pxReadyTasksLists + uxCurrentPriority + 1, + configMAX_PRIORITIES-uxCurrentPriority-1, gSufCellLists, + gSufOwnerLists) &*& + !gInnerLoopBroken; @*/ { @@ -1219,6 +1239,9 @@ static void prvYieldForTask( TCB_t * pxTCB, //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStates2)) ); //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates2)) ); //@ close exists_in_taskISRLockInv_p(gTasks, gStates2); + + // Putting back first have of write permission to `pxTCB` + //@ close [1/2]sharedSeg_TCB_p(pxTCB, _); } } else if( pxTCB == pxCurrentTCBs[ xCoreID ] ) @@ -1233,6 +1256,7 @@ static void prvYieldForTask( TCB_t * pxTCB, //@ assert( pxTCB->xTaskRunState != taskTASK_NOT_RUNNING ); //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) ); //@ assert( nth(index_of(pxTCB, gTasks), gStates) != taskTASK_NOT_RUNNING); + //@ assert( foreach(remove(pxTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); /* The task is already running on this core, mark it as scheduled */ pxTCB->xTaskRunState = ( TaskRunning_t ) xCoreID; @@ -1245,7 +1269,21 @@ static void prvYieldForTask( TCB_t * pxTCB, /*@ scheduleRunning_in_foreach_readOnly_sharedSeg_TCB_IF_not_running (pxTCB, gTasks, gStates, gEquivStates, xCoreID); @*/ + + //@ distinct_mem_remove(pxTCB, gTasks); + //@ remove_result_subset(pxTCB, gTasks); + /*@ update_foreach_readOnly_sharedSeg_TCB + (pxTCB, gTasks, remove(pxTCB, gTasks), + gStates, gEquivStates, xCoreID); + @*/ + //@ close exists_in_taskISRLockInv_p(gTasks, gEquivStates); + + // Put read permission for `pxTCB` back + //@ foreach_unremove(pxTCB, gTasks); + + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gEquivStates)) ); + //@ close [1/2]sharedSeg_TCB_p(pxTCB, _); } } /*@ @@ -1263,11 +1301,49 @@ static void prvYieldForTask( TCB_t * pxTCB, if( xTaskScheduled != pdFALSE ) { //@ close exists(gReadyList); +//@ assume(false); + //@ assert( xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners) ); /* Once a task has been selected to run on this core, * move it to the end of the ready task list. */ uxListRemove( pxTaskItem ); + //@ assert( xLIST(gReadyList, gSize-1, ?gIndex2, gEnd, ?gCells2, ?gVals2, ?gOwners2) ); + //@ assert( forall(gOwners, (mem_list_elem)(gTasks)) == true ); + //@ assert( forall(gOwners2, (mem_list_elem)(gTasks)) == true ); vListInsertEnd( pxReadyList, pxTaskItem ); + //@ assert( xLIST(gReadyList, gSize, ?gIndex3, gEnd, ?gCells3, ?gVals3, ?gOwners3) ); + //@ assert( forall(gOwners3, (mem_list_elem)(gTasks)) == true ); + + //@ assert( length(gCells3) == length(gCells) ); + //@ List_array_join(&pxReadyTasksLists); + //@ assert( List_array_p(pxReadyTasksLists, configMAX_PRIORITIES, ?gCellLists2, ?gOwnerLists2) ); + // . //@ assert( gCellLists2 == gCellLists ); + // . //@ assert( gOwnerLists2 == gOwnerLists ); + + + // We need to prove `forall(gOwnerLists2, (superset)(gTasks)) == true` + //@ assert( forall(gOwnerLists, (superset)(gTasks)) == true ); + /*@ assert( gOwnerLists2 == + append(gPrefOwnerLists, cons(gOwners3, gSufOwnerLists)) ); + @*/ + //@ assert( gPrefOwnerLists == take(uxCurrentPriority, gOwnerLists) ); + //@ assert( gSufOwnerLists == drop(uxCurrentPriority + 1, gOwnerLists) ); + //@ assert( gOwners == nth(uxCurrentPriority, gOwnerLists) ); + //@ assert( forall(gPrefOwnerLists, (superset)(gTasks)) == true ); + //@ forall_drop(gOwnerLists, (superset)(gTasks), uxCurrentPriority+1); + //@ assert( forall(gSufOwnerLists, (superset)(gTasks)) == true ); + //@ assert( superset(gTasks, gOwners3) == true ); + //@ assert( forall(gOwnerLists2, (superset)(gTasks)) == true ); + + + //@ assert( exists_in_taskISRLockInv_p(gTasks, ?gStatesEnd) ); + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStatesEnd)) ); + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStatesEnd)) ); + +// //@ close [1/2]sharedSeg_TCB_p(pxTCB, _); + + //@ close readyLists_p(gCellLists2, gOwnerLists2); + //@ gInnerLoopBroken = true; break; } @@ -1276,7 +1352,25 @@ static void prvYieldForTask( TCB_t * pxTCB, //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStatesEnd)) ); } while( pxTaskItem != pxLastTaskItem ); - + /* - If the loop above terminated via the break-branch, + * the heap already contains a `readyLists_p` predicate. + * - If the loop terminated normally, the heap matches + * the loop invariant (plus all chunks not touched by the + * loop). In this case, we still have to close the + * `readyLists_p` predicate. + */ + /*@ + if( !gInnerLoopBroken ) { + closeUnchanged_readyLists(gCellLists, gOwnerLists); + + assert( readyLists_p(gCellLists, gOwnerLists) ); + assert( forall(gOwnerLists, (superset)(gTasks)) == true ); + } + @*/ + + + //@ assert( readyLists_p(?gCellLists3, ?gOwnerLists3) ); + //@ assert( forall(gOwnerLists3, (superset)(gTasks)) == true ); } else { @@ -1289,23 +1383,65 @@ static void prvYieldForTask( TCB_t * pxTCB, } #endif } + + //@ close xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners); + + //@ closeUnchanged_readyLists(gCellLists, gOwnerLists); } -// TODO: Remove tmp assumption, prevents checking of rest of function -//@ assume(false); + /* This function can get called by vTaskSuspend() before the scheduler is started. * In that case, since the idle tasks have not yet been created it is possible that we * won't find a new task to schedule. Return pdFALSE in this case. */ if( ( xSchedulerRunning == pdFALSE ) && ( uxCurrentPriority == tskIDLE_PRIORITY ) && ( xTaskScheduled == pdFALSE ) ) { + // @ assert( xLIST(gReadyList, ?gReadyListSize, _, _, gCells, gVals, gOwners) ); + // @ assert( gReadyListSize == gSize ); + // @ List_array_join(&pxReadyTasksLists); + // @ assert( List_array_p(&pxReadyTasksLists, ?gSize2, ?gCellLists2, ?gOwnerLists2) ); + // @ assert( gPrefCellLists == take(uxCurrentPriority, gCellLists) ); + // @ assert( gSufCellLists == drop(uxCurrentPriority + 1, gCellLists) ); + // @ assert( gCells == nth(uxCurrentPriority, gCellLists) ); + // @ assert( gCellLists2 == append(gPrefCellLists, cons(gCells, gSufCellLists)) ); + // @ append_take_nth_drop(uxCurrentPriority, gCellLists); + // @ append_take_nth_drop(uxCurrentPriority, gOwnerLists); + + // @ close readyLists_p(gCellLists2, gOwnerLists2); + //@ close taskISRLockInv_p(); return pdFALSE; } +#ifndef VERIFAST configASSERT( ( uxCurrentPriority > tskIDLE_PRIORITY ) || ( xTaskScheduled == pdTRUE ) ); +#endif /* VERIFAST */ + +//@ assume(uxCurrentPriority > 0); + uxCurrentPriority--; - } -// ensure that we covered all cases above -//@ assume(false); + + // @ close xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners); + // @ assert( xLIST(gReadyList, ?gReadyListSize, _, _, gCells, gVals, gOwners) ); + // @ assert( gReadyListSize == gSize ); + // @ List_array_join(&pxReadyTasksLists); + // @ assert( List_array_p(&pxReadyTasksLists, ?gSize2, ?gCellLists2, ?gOwnerLists2) ); + // @ assert( gPrefCellLists == take(uxCurrentPriority, gCellLists) ); + // @ assert( gSufCellLists == drop(uxCurrentPriority + 1, gCellLists) ); + // @ assert( gCells == nth(uxCurrentPriority, gCellLists) ); + // @ assert( gCellLists2 == append(gPrefCellLists, cons(gCells, gSufCellLists)) ); + // @ append_take_nth_drop(uxCurrentPriority, gCellLists); + // @ append_take_nth_drop(uxCurrentPriority, gOwnerLists); + + +// //@ assert( List_array_p(&pxReadyTasksLists, ?gSize2, ?gCellLists2, ?gOwnerLists2) ); + + + //@ assert( exists_in_taskISRLockInv_p(gTasks, ?gStates) ); + // //@ close readyLists_p(gCellLists2, gOwnerLists2); + //@ close _taskISRLockInv_p(uxTopReadyPriority); + } // outer loop end + +#ifndef VERIFAST configASSERT( taskTASK_IS_RUNNING( pxCurrentTCBs[ xCoreID ]->xTaskRunState ) ); +#endif /* VERIFAST */ #if ( ( configRUN_MULTIPLE_PRIORITIES == 0 ) && ( configNUM_CORES > 1 ) ) if( xPriorityDropped != pdFALSE ) @@ -1381,9 +1517,9 @@ static void prvYieldForTask( TCB_t * pxTCB, #endif /* if ( configUSE_CORE_AFFINITY == 1 ) */ #endif /* if ( configNUM_CORES > 1 ) */ + //@ open _taskISRLockInv_p(_); + //@ close taskISRLockInv_p(); return pdTRUE; -// TODO: remove tmp assumption, prevents checking of post condition -//@ assume(false); } #else /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ diff --git a/verification/verifast/start-vfide--preprocessed.sh b/verification/verifast/start-vfide--preprocessed.sh index 378c5741b94..19496cb1f4e 100755 --- a/verification/verifast/start-vfide--preprocessed.sh +++ b/verification/verifast/start-vfide--preprocessed.sh @@ -42,6 +42,7 @@ echo "\n\nPreprocessing script finished\n\n" -I proofs \ -codeFont "$FONT_SIZE" -traceFont "$FONT_SIZE" \ -assume_no_provenance \ + -disable_overflow_check # -prover z3v4.5 # -target 32bit -prover z3v4.5 \ # TODO: If we set the target to 32bit, VF create `uint` chunks instead of `char` chunks during malloc From 4ac0f5e4ceef5116e2b31fac88d79369e3552d2a Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Mon, 5 Dec 2022 15:52:01 -0500 Subject: [PATCH 191/289] Added lemma to close reordered ready lists. --- .../verifast/proof/ready_list_predicates.h | 70 ++++++++++++++++++- .../verifast/proof/verifast_lists_extended.h | 12 ++++ 2 files changed, 80 insertions(+), 2 deletions(-) diff --git a/verification/verifast/proof/ready_list_predicates.h b/verification/verifast/proof/ready_list_predicates.h index b92bd16105b..2a7175c3ab7 100644 --- a/verification/verifast/proof/ready_list_predicates.h +++ b/verification/verifast/proof/ready_list_predicates.h @@ -135,7 +135,7 @@ ensures List_array_p(array, gSize, gCellLists, gOwnerLists) &*& // Lemmas to close the ready list predicate in different scenarios. /*@ lemma void closeUnchanged_readyLists(list > cellLists, - list > ownerLists) + list > ownerLists) requires configMAX_PRIORITIES == length(cellLists) &*& configMAX_PRIORITIES == length(ownerLists) &*& @@ -169,8 +169,74 @@ ensures assert( gSize == configMAX_PRIORITIES ); assert( gCellLists2 == cellLists ); assert( gOwnerLists2 == ownerLists ); - + close readyLists_p(cellLists, ownerLists); } + +lemma void closeReordered_readyLists(list > cellLists, + list > ownerLists, + list reorderedCells, + list reorderedOwners, + list tasks) +requires + configMAX_PRIORITIES == length(cellLists) &*& + configMAX_PRIORITIES == length(ownerLists) &*& + length( nth(0, cellLists) ) == 2 &*& + List_array_p(&pxReadyTasksLists, ?gIndex, ?gPrefCellLists, ?gPrefOwnerLists) &*& + gIndex < length(cellLists) &*& + xLIST(&pxReadyTasksLists + gIndex, ?gLen, _, _, reorderedCells, _, reorderedOwners) &*& + gLen < INT_MAX &*& + length(reorderedCells) == length(nth(gIndex, cellLists)) &*& + length(reorderedOwners) == length(nth(gIndex, ownerLists)) &*& + pointer_within_limits(&pxReadyTasksLists + gIndex) == true &*& + List_array_p(&pxReadyTasksLists + gIndex + 1, configMAX_PRIORITIES - gIndex - 1, + ?gSufCellLists, ?gSufOwnerLists) &*& + gPrefCellLists == take(gIndex, cellLists) &*& + gSufCellLists == drop(gIndex+1, cellLists) &*& + gPrefOwnerLists == take(gIndex, ownerLists) &*& + gSufOwnerLists == drop(gIndex+1, ownerLists) &*& + forall(ownerLists, (superset)(tasks)) == true &*& + forall(reorderedOwners, (mem_list_elem)(tasks)) == true; +ensures + readyLists_p(?gReorderedCellLists, ?gReorderedOwnerLists) &*& + forall(gReorderedOwnerLists, (superset)(tasks)) == true; +{ + // Prove that `gIndex != 0 -> gIndex > 0` + if(gIndex != 0) { + open List_array_p(&pxReadyTasksLists, gIndex, gPrefCellLists, gPrefOwnerLists); + close List_array_p(&pxReadyTasksLists, gIndex, gPrefCellLists, gPrefOwnerLists); + assert( gIndex > 0 ); + } + + List_array_join(&pxReadyTasksLists); + assert( List_array_p(&pxReadyTasksLists, configMAX_PRIORITIES, + ?gReorderedCellLists, ?gReorderedOwnerLists) ); + + if(gIndex == 0) { + assert( nth(0, gReorderedCellLists) == reorderedCells ); + } else { + nth_take(0, gIndex, cellLists); + assert( nth(0, gReorderedCellLists) == nth(0, gPrefCellLists) ); + assert( nth(0, gPrefCellLists) == nth(0, cellLists) ); + } + assert( length(nth(0, gReorderedCellLists)) == length(nth(0, cellLists)) ); + assert( length(nth(0, gReorderedCellLists)) == 2 ); + + close readyLists_p(gReorderedCellLists, gReorderedOwnerLists); + + + // Below we prove `forall(gReorderedOwnerLists, (superset)(tasks)) == true` + forall_take(ownerLists, (superset)(tasks), gIndex); + forall_drop(ownerLists, (superset)(tasks), gIndex+1); + assert( forall(gPrefOwnerLists, (superset)(tasks)) == true ); + assert( forall(gSufOwnerLists, (superset)(tasks)) == true ); + forall_mem_implies_superset(tasks, reorderedOwners); + assert( superset(tasks, reorderedOwners) == true ); + assert( forall(singleton(reorderedOwners), (superset)(tasks)) == true ); + assert( forall(cons(reorderedOwners, gSufOwnerLists), (superset)(tasks)) == true ); + + forall_append(gPrefOwnerLists, cons(reorderedOwners, gSufOwnerLists), + (superset)(tasks)); +} @*/ #endif /* READY_LIST_PREDICATES_H */ \ No newline at end of file diff --git a/verification/verifast/proof/verifast_lists_extended.h b/verification/verifast/proof/verifast_lists_extended.h index 0a375e494bd..c6eaa7f0c41 100644 --- a/verification/verifast/proof/verifast_lists_extended.h +++ b/verification/verifast/proof/verifast_lists_extended.h @@ -185,6 +185,18 @@ ensures nth(i, update(u, v, xs)) == nth(i, xs); lemma void append_take_nth_drop(int n, list xs); requires 0 <= n &*& n < length(xs); ensures xs == append( take(n, xs), cons(nth(n, xs), drop(n+1, xs)) ); + +// TODO: Can we prove this in VeriFast or do we have to axiomatise? +// Note: `listex.gh` contains lemma `forall_drop` but no corresponding +// `forall_take`. +lemma void forall_take(list xs, fixpoint(t, bool) p, int i); + requires forall(xs, p) == true; + ensures forall(take(i, xs), p) == true; + +// TODO: Can we prove this in VeriFast or do we have to axiomatise? +lemma void forall_mem_implies_superset(list super, list sub); +requires forall(sub, (mem_list_elem)(super)) == true; +ensures superset(super, sub) == true; @*/ From d028b1d04a3692f323440ac4cdfbdb4e659c2548 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 6 Dec 2022 09:17:17 -0500 Subject: [PATCH 192/289] Added lemma to reason about reordering of ready lists. --- .../verifast/proof/ready_list_predicates.h | 145 ++++++++++++++++++ .../verifast/proof/verifast_lists_extended.h | 41 +++++ 2 files changed, 186 insertions(+) diff --git a/verification/verifast/proof/ready_list_predicates.h b/verification/verifast/proof/ready_list_predicates.h index 2a7175c3ab7..549586ff11a 100644 --- a/verification/verifast/proof/ready_list_predicates.h +++ b/verification/verifast/proof/ready_list_predicates.h @@ -239,4 +239,149 @@ ensures (superset)(tasks)); } @*/ + + +/*@ +predicate VF_reordeReadyList__ghost_args(list tasks, + list > cellLists, + list > ownerLists, + int offset) + = true; +@*/ + +void VF_reordeReadyList(List_t* pxReadyList, ListItem_t * pxTaskItem) +/*@ requires + // ghost arguments + VF_reordeReadyList__ghost_args(?gTasks, ?gCellLists, ?gOwnerLists, ?gOffset) + &*& + length(gCellLists) == configMAX_PRIORITIES &*& + length(gOwnerLists) == configMAX_PRIORITIES &*& + length(nth(0, gCellLists)) == 2 &*& + 0 <= gOffset &*& gOffset < length(gCellLists) + &*& + // current ready list + xLIST(pxReadyList, ?gSize, ?gIndex, ?gEnd, ?gCells, ?gVals, ?gOwners) &*& + pxReadyList == &pxReadyTasksLists + gOffset &*& + pointer_within_limits(pxReadyList) == true &*& + gSize < INT_MAX &*& + gEnd != pxTaskItem &*& + mem(pxTaskItem, gCells) == true &*& + gCells == nth(gOffset, gCellLists) &*& + gOwners == nth(gOffset, gOwnerLists) + &*& + // prefix and suffix of ready lists array + List_array_p(&pxReadyTasksLists, gOffset, ?gPrefCellLists, ?gPrefOwnerLists) &*& + List_array_p(&pxReadyTasksLists + gOffset + 1, configMAX_PRIORITIES - gOffset - 1, + ?gSufCellLists, ?gSufOwnerLists) + &*& + gPrefCellLists == take(gOffset, gCellLists) &*& + gSufCellLists == drop(gOffset+1, gCellLists) &*& + gPrefOwnerLists == take(gOffset, gOwnerLists) &*& + gSufOwnerLists == drop(gOffset+1, gOwnerLists) &*& + forall(gOwnerLists, (superset)(gTasks)) == true &*& + forall(gOwners, (mem_list_elem)(gTasks)) == true; +@*/ +/*@ ensures + readyLists_p(?gReorderedCellLists, ?gReorderedOwnerLists) &*& + length(gReorderedCellLists) == length(gCellLists) &*& + length(gReorderedOwnerLists) == length(gOwnerLists) &*& + length(gReorderedCellLists) == length(gReorderedOwnerLists); + @*/ +{ + //@ open VF_reordeReadyList__ghost_args(_, _, _, _); + + // Proving `length(gCells) == length(gOwners) == gSize + 1`: + //@ open xLIST(pxReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners); + //@ close xLIST(pxReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners); + //@ assert( length(gCells) == length(gOwners) ); + //@ assert( length(gCells) == gSize +1 ); + + //@ close exists(pxReadyList); + uxListRemove( pxTaskItem ); + //@ assert( xLIST(pxReadyList, gSize-1, ?gIndex2, gEnd, ?gCells2, ?gVals2, ?gOwners2) ); + //@ assert( xLIST_ITEM(pxTaskItem, _, _, _, ?gTaskItem_owner, _) ); + + // Proving `length(gCell2) == length(gOwners2) == gSize` and `gIndex2 ∈ gCells2`: + //@ open xLIST(pxReadyList, gSize-1, gIndex2, gEnd, gCells2, gVals2, gOwners2); + //@ close xLIST(pxReadyList, gSize-1, gIndex2, gEnd, gCells2, gVals2, gOwners2); + //@ assert( length(gCells2) == gSize ); + //@ assert( length(gOwners2) == gSize ); + //@ assert( mem(gIndex2, gCells2) == true ); + + // Proving `gTaskItem_owner ∈ gOwners`: + //@ assert( gTaskItem_owner == nth(index_of(pxTaskItem, gCells), gOwners) ); + //@ mem_index_of(pxTaskItem, gCells); + //@ nth_implies_mem(index_of(pxTaskItem, gCells), gOwners); + //@ assert( mem(gTaskItem_owner, gOwners) == true ); + + // Proving `gTaskItem_owner ∈ gTasks`: + //@ forall_mem(gTaskItem_owner, gOwners, (mem_list_elem)(gTasks)); + //@ assert( mem(gTaskItem_owner, gTasks) == true ); + + // Proving `gOwners2 ⊆ gTasks` + //@ assert( forall(gOwners, (mem_list_elem)(gTasks)) == true ); + //@ forall_remove_nth(index_of(pxTaskItem, gCells), gOwners, (mem_list_elem)(gTasks)); + //@ assert( forall(gOwners2, (mem_list_elem)(gTasks)) == true ); + //@ forall_mem_implies_subset(gOwners2, gTasks); + //@ assert( subset(gOwners2, gTasks) == true ); + + vListInsertEnd( pxReadyList, pxTaskItem ); + //@ assert( xLIST(pxReadyList, gSize, ?gIndex3, gEnd, ?gCells3, ?gVals3, ?gOwners3) ); + + // Proving `gOwners3 ⊆ gTasks` and `length(gOwners3) == length(gOwners)`: + // We must handle the case split introduced by postcondition of `vListInsertEnd`. + /*@ + if( gIndex2 == gEnd ) { + assert( gCells3 == append(gCells2, singleton(pxTaskItem)) ); + assert( gOwners3 == append(gOwners2, singleton(gTaskItem_owner)) ); + + assert( subset(singleton(gTaskItem_owner), gTasks) == true ); + subset_append(gOwners2, singleton(gTaskItem_owner), gTasks); + } else { + int i = index_of(gIndex2, gCells2); + assert( gCells3 == append(take(i, gCells2), + append(singleton(pxTaskItem), + drop(i, gCells2))) ); + list ot = append(singleton(gTaskItem_owner), drop(i, gOwners2)); + assert( gOwners3 == append(take(i, gOwners2), ot) ); + + + // Proving `take(i, gOwners2) ⊆ gTasks`: + subset_take(i, gOwners2); + assert( subset(take(i, gOwners2), gOwners2) == true ); + assert( subset(gOwners2, gTasks) == true ); + subset_trans(take(i, gOwners2), gOwners2, gTasks); + assert( subset(take(i, gOwners2), gTasks) == true ); + + // Proving `drop(i, gOwners2) ⊆ gTasks`: + subset_drop(i, gOwners2); + subset_trans(drop(i, gOwners2), gOwners2, gTasks); + assert( subset(drop(i, gOwners2), gTasks) == true ); + + // Proving `gOwners3 ⊆ gTasks`: + subset_append(singleton(gTaskItem_owner), drop(i, gOwners2), gTasks); + subset_append(take(i, gOwners2), ot, gTasks); + assert( subset(gOwners3, gTasks) == true ); + + // Proving `length(gOwners3) == length(gOwners)`: + mem_index_of(gIndex2, gCells2); + append_take_nth_drop(i, gOwners2); + assert( length(gOwners3) == gSize+1 ); + } + @*/ + //@ assert( subset(gOwners3, gTasks) == true ); + //@ assert( length(gOwners3) == length(gOwners) ); + + //@ subset_implies_forall_mem(gOwners3, gTasks); + //@ assert( forall(gOwners3, (mem_list_elem)(gTasks)) == true ); + + //@ closeReordered_readyLists(gCellLists, gOwnerLists, gCells3, gOwners3, gTasks); + + // Proving that reordering preserves the length of cell lists and owner lists: + //@ open readyLists_p(?gReorderedCellLists, ?gReorderedOwnerLists); + //@ close readyLists_p(gReorderedCellLists, gReorderedOwnerLists); + //@ assert( length(gReorderedCellLists) == length(gCellLists) ); + //@ assert( length(gReorderedOwnerLists) == length(gOwnerLists) ); + //@ assert( length(gReorderedCellLists) == length(gReorderedOwnerLists) ); +} #endif /* READY_LIST_PREDICATES_H */ \ No newline at end of file diff --git a/verification/verifast/proof/verifast_lists_extended.h b/verification/verifast/proof/verifast_lists_extended.h index c6eaa7f0c41..147e112ae31 100644 --- a/verification/verifast/proof/verifast_lists_extended.h +++ b/verification/verifast/proof/verifast_lists_extended.h @@ -197,6 +197,47 @@ lemma void forall_take(list xs, fixpoint(t, bool) p, int i); lemma void forall_mem_implies_superset(list super, list sub); requires forall(sub, (mem_list_elem)(super)) == true; ensures superset(super, sub) == true; + +// TODO: Can we prove this in VeriFast or do we have to axiomatise? +// TODO: Rename into "forall_mem_implies_superset" +lemma void forall_mem_implies_subset(list sub, list super); +requires forall(sub, (mem_list_elem)(super)) == true; +ensures superset(super, sub) == true; + +// TODO: Can we prove this in VeriFast or do we have to axiomatise? +lemma void subset_implies_forall_mem(list sub, list super); +requires subset(sub, super) == true; +ensures forall(sub, (mem_list_elem)(super)) == true; + +// TODO: Can we prove this in VeriFast or do we have to axiomatise? +lemma void forall_remove(t x, list xs, fixpoint(t, bool) p); +requires forall(xs, p) == true; +ensures forall(remove(x, xs), p) == true; + +// TODO: Can we prove this in VeriFast or do we have to axiomatise? +lemma void forall_remove_nth(int n, list xs, fixpoint(t, bool) p); +requires forall(xs, p) == true; +ensures forall(remove_nth(n, xs), p) == true; + +// TODO: Can we prove this in VeriFast or do we have to axiomatise? +lemma void nth_implies_mem(int n, list xs); +requires 0 <= n &*& n < length(xs); +ensures mem(nth(n, xs), xs) == true; + +// TODO: Can we prove this in VeriFast or do we have to axiomatise? +lemma void subset_append(list sub1, list sub2, list super); +requires subset(sub1, super) == true &*& subset(sub2, super) == true; +ensures subset(append(sub1, sub2), super) == true; + +// TODO: Can we prove this in VeriFast or do we have to axiomatise? +lemma void subset_take(int i, list xs); +requires true; +ensures subset(take(i, xs), xs) == true; + +// TODO: Can we prove this in VeriFast or do we have to axiomatise? +lemma void subset_drop(int i, list xs); +requires true; +ensures subset(drop(i, xs), xs) == true; @*/ From 7fe2ec22f23047649136ec7fbf9fb4aef58f6661 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 6 Dec 2022 09:24:08 -0500 Subject: [PATCH 193/289] Strengthened postcondition of reordering lemma. --- verification/verifast/proof/ready_list_predicates.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/verification/verifast/proof/ready_list_predicates.h b/verification/verifast/proof/ready_list_predicates.h index 549586ff11a..c06acf3b626 100644 --- a/verification/verifast/proof/ready_list_predicates.h +++ b/verification/verifast/proof/ready_list_predicates.h @@ -285,7 +285,8 @@ void VF_reordeReadyList(List_t* pxReadyList, ListItem_t * pxTaskItem) readyLists_p(?gReorderedCellLists, ?gReorderedOwnerLists) &*& length(gReorderedCellLists) == length(gCellLists) &*& length(gReorderedOwnerLists) == length(gOwnerLists) &*& - length(gReorderedCellLists) == length(gReorderedOwnerLists); + length(gReorderedCellLists) == length(gReorderedOwnerLists) &*& + forall(gReorderedOwnerLists, (superset)(gTasks)) == true; @*/ { //@ open VF_reordeReadyList__ghost_args(_, _, _, _); From e68b45969b1237e5a82614fae33ad907b0ce4841 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 6 Dec 2022 09:53:35 -0500 Subject: [PATCH 194/289] Refined precondition of reordering lemma. --- verification/verifast/proof/ready_list_predicates.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/verification/verifast/proof/ready_list_predicates.h b/verification/verifast/proof/ready_list_predicates.h index c06acf3b626..b3e4f3676e1 100644 --- a/verification/verifast/proof/ready_list_predicates.h +++ b/verification/verifast/proof/ready_list_predicates.h @@ -279,7 +279,7 @@ void VF_reordeReadyList(List_t* pxReadyList, ListItem_t * pxTaskItem) gPrefOwnerLists == take(gOffset, gOwnerLists) &*& gSufOwnerLists == drop(gOffset+1, gOwnerLists) &*& forall(gOwnerLists, (superset)(gTasks)) == true &*& - forall(gOwners, (mem_list_elem)(gTasks)) == true; + subset(gOwners, gTasks) == true; @*/ /*@ ensures readyLists_p(?gReorderedCellLists, ?gReorderedOwnerLists) &*& @@ -291,6 +291,12 @@ void VF_reordeReadyList(List_t* pxReadyList, ListItem_t * pxTaskItem) { //@ open VF_reordeReadyList__ghost_args(_, _, _, _); + // Proving `∀o ∈ gOwners. o ∈ gTasks` + //@ forall_mem(gOwners, gOwnerLists, (superset)(gTasks)); + //@ assert( superset(gTasks, gOwners) == true ); + //@ subset_implies_forall_mem(gOwners, gTasks); + //@ assert( forall(gOwners, (mem_list_elem)(gTasks)) == true ); + // Proving `length(gCells) == length(gOwners) == gSize + 1`: //@ open xLIST(pxReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners); //@ close xLIST(pxReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners); From f98779f0cbc8c1d17e11a3cd343386fe1e43c25b Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 6 Dec 2022 10:16:22 -0500 Subject: [PATCH 195/289] Finished proof branch dealing with ready list reordering. Strict positivity of `uxCurrentPriority` remains to be proven. --- tasks.c | 63 ++++++++++++++++++++++++--------------------------------- 1 file changed, 26 insertions(+), 37 deletions(-) diff --git a/tasks.c b/tasks.c index e608f9352b4..9af489e3977 100644 --- a/tasks.c +++ b/tasks.c @@ -1193,7 +1193,7 @@ static void prvYieldForTask( TCB_t * pxTCB, //@ assert( foreach(remove(gCurrentTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) ); - // New stsates list reflects state update above. + // New states list reflects state update above. //@ list gStates1 = def_state1(gTasks, gStates, gCurrentTCB, pxTCB); //@ assert( nth(index_of(pxTCB, gTasks), gStates1) == taskTASK_NOT_RUNNING); @@ -1301,48 +1301,37 @@ static void prvYieldForTask( TCB_t * pxTCB, if( xTaskScheduled != pdFALSE ) { //@ close exists(gReadyList); -//@ assume(false); + //@ assert( xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners) ); /* Once a task has been selected to run on this core, * move it to the end of the ready task list. */ +#ifdef VERIFAST + /* Reasons for rewrite: + * - Linearization of subproof for performance reasons: + * The contracts of `uxListRemove` and `vListInserEnd` introduce case distinctions, i.e., + * branch splits in the proof tree. This increases the size of the proof tree exponentially + * and checking the proof with VeriFast takes very long. + * The contract of lemma `VF_reordeReadyList` does not expose these case distinctions. + * Hence, wrapping the function calls inside the lemma linearizes the subproof and + * improves the performance of VeriFast exponentially. + * - Reasoning about the function calls requires us introduce many temporary new facts + * about the cell and owner lists by calling list lemmas. Introducing such facts can + * easily lead to an infinite loop of auto lemmas calls. Encapsulating the subproof in a + * lemma allows us to ingore facts necessary for different parts of the proof. + * That is, makes it easier to ensure that we don't run into an infinite auto lemma call + * loop. + */ + /*@ close VF_reordeReadyList__ghost_args + (gTasks, gCellLists, gOwnerLists, uxCurrentPriority); + @*/ + VF_reordeReadyList( pxReadyList, pxTaskItem); +#else uxListRemove( pxTaskItem ); - //@ assert( xLIST(gReadyList, gSize-1, ?gIndex2, gEnd, ?gCells2, ?gVals2, ?gOwners2) ); - //@ assert( forall(gOwners, (mem_list_elem)(gTasks)) == true ); - //@ assert( forall(gOwners2, (mem_list_elem)(gTasks)) == true ); vListInsertEnd( pxReadyList, pxTaskItem ); - //@ assert( xLIST(gReadyList, gSize, ?gIndex3, gEnd, ?gCells3, ?gVals3, ?gOwners3) ); - //@ assert( forall(gOwners3, (mem_list_elem)(gTasks)) == true ); - - //@ assert( length(gCells3) == length(gCells) ); - //@ List_array_join(&pxReadyTasksLists); - //@ assert( List_array_p(pxReadyTasksLists, configMAX_PRIORITIES, ?gCellLists2, ?gOwnerLists2) ); - // . //@ assert( gCellLists2 == gCellLists ); - // . //@ assert( gOwnerLists2 == gOwnerLists ); - - - // We need to prove `forall(gOwnerLists2, (superset)(gTasks)) == true` - //@ assert( forall(gOwnerLists, (superset)(gTasks)) == true ); - /*@ assert( gOwnerLists2 == - append(gPrefOwnerLists, cons(gOwners3, gSufOwnerLists)) ); - @*/ - //@ assert( gPrefOwnerLists == take(uxCurrentPriority, gOwnerLists) ); - //@ assert( gSufOwnerLists == drop(uxCurrentPriority + 1, gOwnerLists) ); - //@ assert( gOwners == nth(uxCurrentPriority, gOwnerLists) ); - //@ assert( forall(gPrefOwnerLists, (superset)(gTasks)) == true ); - //@ forall_drop(gOwnerLists, (superset)(gTasks), uxCurrentPriority+1); - //@ assert( forall(gSufOwnerLists, (superset)(gTasks)) == true ); - //@ assert( superset(gTasks, gOwners3) == true ); - //@ assert( forall(gOwnerLists2, (superset)(gTasks)) == true ); - - - //@ assert( exists_in_taskISRLockInv_p(gTasks, ?gStatesEnd) ); - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStatesEnd)) ); - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStatesEnd)) ); - -// //@ close [1/2]sharedSeg_TCB_p(pxTCB, _); - - //@ close readyLists_p(gCellLists2, gOwnerLists2); +#endif /* VERIFAST */ + //@ assert( readyLists_p(?gReorderedCellLists, ?gReorderedOwnerLists) ); + //@ assert( forall(gReorderedOwnerLists, (superset)(gTasks)) == true ); //@ gInnerLoopBroken = true; break; } From 9a81e7b860435aeb83a28587a55e544a543183d7 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 6 Dec 2022 12:01:53 -0500 Subject: [PATCH 196/289] Reordered verifast args in startup script to not only support the IDE but also the command line tool. --- verification/verifast/start-vfide--preprocessed.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/verification/verifast/start-vfide--preprocessed.sh b/verification/verifast/start-vfide--preprocessed.sh index 19496cb1f4e..de77373ecbb 100755 --- a/verification/verifast/start-vfide--preprocessed.sh +++ b/verification/verifast/start-vfide--preprocessed.sh @@ -40,9 +40,10 @@ echo "\n\nPreprocessing script finished\n\n" "$VF_DIR/bin/vfide" "$PP_TASK_C" \ -I proof_setup \ -I proofs \ - -codeFont "$FONT_SIZE" -traceFont "$FONT_SIZE" \ -assume_no_provenance \ - -disable_overflow_check + -disable_overflow_check \ + "$PP_TASK_C" \ + -codeFont "$FONT_SIZE" -traceFont "$FONT_SIZE" \ # -prover z3v4.5 # -target 32bit -prover z3v4.5 \ # TODO: If we set the target to 32bit, VF create `uint` chunks instead of `char` chunks during malloc From 136b1d69b2669dd4c3b8f81083d51e1255386f6d Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 7 Dec 2022 07:34:46 -0500 Subject: [PATCH 197/289] Updated ready list invariant from requiring exactly 1 idle task to configNUM_CORES idle tasks. --- tasks.c | 2 +- verification/verifast/proof/ready_list_predicates.h | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/tasks.c b/tasks.c index 9af489e3977..79060396736 100644 --- a/tasks.c +++ b/tasks.c @@ -1079,7 +1079,7 @@ static void prvYieldForTask( TCB_t * pxTCB, &*& subset(gOwners, gTasks) == true &*& (uxCurrentPriority == 0 - ? length(gCells) == 2 + ? length(gCells) == configNUM_CORES : true ) &*& List_array_p(&pxReadyTasksLists, uxCurrentPriority, gPrefCellLists, diff --git a/verification/verifast/proof/ready_list_predicates.h b/verification/verifast/proof/ready_list_predicates.h index b3e4f3676e1..6893ebb2099 100644 --- a/verification/verifast/proof/ready_list_predicates.h +++ b/verification/verifast/proof/ready_list_predicates.h @@ -18,7 +18,7 @@ predicate readyLists_p(list > gCellLists, length(gCellLists) == length(gOwnerLists) &*& // List of priority 0 always contains the idle task and the end marker // nothing else - length( nth(0, gCellLists) ) == 2; + length( nth(0, gCellLists) ) == configNUM_CORES; predicate List_array_p(List_t* array, int size, @@ -139,7 +139,7 @@ lemma void closeUnchanged_readyLists(list > cellLists, requires configMAX_PRIORITIES == length(cellLists) &*& configMAX_PRIORITIES == length(ownerLists) &*& - length( nth(0, cellLists) ) == 2 &*& + length( nth(0, cellLists) ) == configNUM_CORES &*& List_array_p(&pxReadyTasksLists, ?gIndex, ?gPrefCellLists, ?gPrefOwnerLists) &*& gIndex < length(cellLists) &*& xLIST(&pxReadyTasksLists + gIndex, ?gLen, _, _, ?gCells, ?gVals, ?gOwners) &*& @@ -181,7 +181,7 @@ lemma void closeReordered_readyLists(list > cellLists, requires configMAX_PRIORITIES == length(cellLists) &*& configMAX_PRIORITIES == length(ownerLists) &*& - length( nth(0, cellLists) ) == 2 &*& + length( nth(0, cellLists) ) == configNUM_CORES &*& List_array_p(&pxReadyTasksLists, ?gIndex, ?gPrefCellLists, ?gPrefOwnerLists) &*& gIndex < length(cellLists) &*& xLIST(&pxReadyTasksLists + gIndex, ?gLen, _, _, reorderedCells, _, reorderedOwners) &*& @@ -220,7 +220,7 @@ ensures assert( nth(0, gPrefCellLists) == nth(0, cellLists) ); } assert( length(nth(0, gReorderedCellLists)) == length(nth(0, cellLists)) ); - assert( length(nth(0, gReorderedCellLists)) == 2 ); + assert( length(nth(0, gReorderedCellLists)) == configNUM_CORES ); close readyLists_p(gReorderedCellLists, gReorderedOwnerLists); @@ -256,7 +256,7 @@ void VF_reordeReadyList(List_t* pxReadyList, ListItem_t * pxTaskItem) &*& length(gCellLists) == configMAX_PRIORITIES &*& length(gOwnerLists) == configMAX_PRIORITIES &*& - length(nth(0, gCellLists)) == 2 &*& + length(nth(0, gCellLists)) == configNUM_CORES &*& 0 <= gOffset &*& gOffset < length(gCellLists) &*& // current ready list From 99d46f9e515bb31cc711bd5d685c7a878c17a824 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 8 Dec 2022 08:45:17 -0500 Subject: [PATCH 198/289] Guarded unsafe decrements of `uxTopReadyPriority` and `uxCurrentPriority` --- tasks.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/tasks.c b/tasks.c index 79060396736..9c048fcc437 100644 --- a/tasks.c +++ b/tasks.c @@ -1365,7 +1365,15 @@ static void prvYieldForTask( TCB_t * pxTCB, { if( xDecrementTopPriority != pdFALSE ) { +#if VERIFAST + /* Reason for rewrite: Code not memory safe. + */ + if(uxTopReadyPriority > 0) { + uxTopReadyPriority--; + } +#else uxTopReadyPriority--; +#endif /* VERIFAST */ #if ( ( configRUN_MULTIPLE_PRIORITIES == 0 ) && ( configNUM_CORES > 1 ) ) { xPriorityDropped = pdTRUE; @@ -1403,9 +1411,16 @@ static void prvYieldForTask( TCB_t * pxTCB, configASSERT( ( uxCurrentPriority > tskIDLE_PRIORITY ) || ( xTaskScheduled == pdTRUE ) ); #endif /* VERIFAST */ -//@ assume(uxCurrentPriority > 0); +#if VERIFAST + /* Reason for rewrite: Code not memory safe. + */ + if(uxCurrentPriority > 0) { + uxCurrentPriority--; + } +#else uxCurrentPriority--; +#endif /* VERIFAST */ // @ close xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners); // @ assert( xLIST(gReadyList, ?gReadyListSize, _, _, gCells, gVals, gOwners) ); From eef76ea83997a3710003fda3c0b896e8efeb9c96 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 8 Dec 2022 08:49:59 -0500 Subject: [PATCH 199/289] Simplified invariants. --- tasks.c | 9 --------- verification/verifast/proof/ready_list_predicates.h | 9 +-------- 2 files changed, 1 insertion(+), 17 deletions(-) diff --git a/tasks.c b/tasks.c index 9c048fcc437..8f14ca88267 100644 --- a/tasks.c +++ b/tasks.c @@ -965,16 +965,11 @@ static void prvYieldForTask( TCB_t * pxTCB, // opened predicate `coreLocalInterruptInv_p()` [0.5]pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB) &*& integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) -// coreLocalSeg_TCB_p(gCurrentTCB, 0) -// &*& - // read access to current task's stack pointer, etc -// prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack) &*& // additional knowledge (xTaskScheduled == 0 ? (0 <= uxCurrentPriority &*& uxCurrentPriority <= gTopReadyPriority &*& gTopReadyPriority < configMAX_PRIORITIES - // 0 <= uxCurrentPriority &*& uxCurrentPriority < configMAX_PRIORITIES ) : true ); @*/ @@ -1078,10 +1073,6 @@ static void prvYieldForTask( TCB_t * pxTCB, foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) &*& subset(gOwners, gTasks) == true &*& - (uxCurrentPriority == 0 - ? length(gCells) == configNUM_CORES - : true - ) &*& List_array_p(&pxReadyTasksLists, uxCurrentPriority, gPrefCellLists, gPrefOwnerLists) &*& List_array_p(&pxReadyTasksLists + uxCurrentPriority + 1, diff --git a/verification/verifast/proof/ready_list_predicates.h b/verification/verifast/proof/ready_list_predicates.h index 6893ebb2099..ac971fe6254 100644 --- a/verification/verifast/proof/ready_list_predicates.h +++ b/verification/verifast/proof/ready_list_predicates.h @@ -15,10 +15,7 @@ predicate readyLists_p(list > gCellLists, configMAX_PRIORITIES == length(gCellLists) &*& List_array_p(&pxReadyTasksLists, configMAX_PRIORITIES, gCellLists, gOwnerLists) &*& - length(gCellLists) == length(gOwnerLists) &*& - // List of priority 0 always contains the idle task and the end marker - // nothing else - length( nth(0, gCellLists) ) == configNUM_CORES; + length(gCellLists) == length(gOwnerLists); predicate List_array_p(List_t* array, int size, @@ -139,7 +136,6 @@ lemma void closeUnchanged_readyLists(list > cellLists, requires configMAX_PRIORITIES == length(cellLists) &*& configMAX_PRIORITIES == length(ownerLists) &*& - length( nth(0, cellLists) ) == configNUM_CORES &*& List_array_p(&pxReadyTasksLists, ?gIndex, ?gPrefCellLists, ?gPrefOwnerLists) &*& gIndex < length(cellLists) &*& xLIST(&pxReadyTasksLists + gIndex, ?gLen, _, _, ?gCells, ?gVals, ?gOwners) &*& @@ -181,7 +177,6 @@ lemma void closeReordered_readyLists(list > cellLists, requires configMAX_PRIORITIES == length(cellLists) &*& configMAX_PRIORITIES == length(ownerLists) &*& - length( nth(0, cellLists) ) == configNUM_CORES &*& List_array_p(&pxReadyTasksLists, ?gIndex, ?gPrefCellLists, ?gPrefOwnerLists) &*& gIndex < length(cellLists) &*& xLIST(&pxReadyTasksLists + gIndex, ?gLen, _, _, reorderedCells, _, reorderedOwners) &*& @@ -220,7 +215,6 @@ ensures assert( nth(0, gPrefCellLists) == nth(0, cellLists) ); } assert( length(nth(0, gReorderedCellLists)) == length(nth(0, cellLists)) ); - assert( length(nth(0, gReorderedCellLists)) == configNUM_CORES ); close readyLists_p(gReorderedCellLists, gReorderedOwnerLists); @@ -256,7 +250,6 @@ void VF_reordeReadyList(List_t* pxReadyList, ListItem_t * pxTaskItem) &*& length(gCellLists) == configMAX_PRIORITIES &*& length(gOwnerLists) == configMAX_PRIORITIES &*& - length(nth(0, gCellLists)) == configNUM_CORES &*& 0 <= gOffset &*& gOffset < length(gCellLists) &*& // current ready list From 2e78ed5884ce39442e3ed456f9460fe6ab84c7e1 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 9 Dec 2022 09:47:27 -0500 Subject: [PATCH 200/289] Renamed VeriFast proof direcotry to comply with structure of main FreeRTOS repository. --- .gitmodules | 4 ++-- .../VeriFast/tasks/vTaskSwitchContext}/.gitignore | 0 .../VeriFast/tasks/vTaskSwitchContext}/README.md | 0 .../custom_build_scripts_RP2040/build_full.sh | 0 .../custom_build_scripts_RP2040/preprocess_tasks_c.sh | 2 +- .../custom_build_scripts_RP2040/vf_rewrite.sh | 0 .../tasks/vTaskSwitchContext}/demos/FreeRTOS-SMP-Demos | 0 .../VeriFast/tasks/vTaskSwitchContext}/problems/README.md | 0 .../problems/bugs/define_name/defining_header.h | 0 .../vTaskSwitchContext}/problems/bugs/define_name/main.c | 0 .../problems/bugs/define_name/testing_header.h | 0 .../VeriFast/tasks/vTaskSwitchContext}/proof/README.md | 0 .../tasks/vTaskSwitchContext}/proof/ready_list_predicates.h | 0 .../vTaskSwitchContext}/proof/single_core_proofs/README.md | 0 .../vTaskSwitchContext}/proof/single_core_proofs/scp_common.h | 0 .../proof/single_core_proofs/scp_list_predicates.h | 0 .../proof/single_core_proofs_extended/README.md | 0 .../scp_list_predicates_extended.h | 0 .../proof/snippets/rp2040_port_c_snippets.c | 0 .../tasks/vTaskSwitchContext}/proof/stack_predicates.h | 0 .../tasks/vTaskSwitchContext}/proof/task_predicates.h | 0 .../vTaskSwitchContext}/proof/verifast_bitops_extended.h | 0 .../tasks/vTaskSwitchContext}/proof/verifast_lists_extended.h | 0 .../vTaskSwitchContext}/proof/verifast_lock_predicates.h | 0 .../tasks/vTaskSwitchContext}/proof/verifast_port_contracts.h | 0 .../vTaskSwitchContext}/proof/verifast_prelude_extended.h | 0 .../vTaskSwitchContext}/proof/verifast_task_running_states.h | 0 .../tasks/vTaskSwitchContext}/proof_setup/FreeRTOSConfig.h | 0 .../VeriFast/tasks/vTaskSwitchContext}/proof_setup/README.md | 0 .../tasks/vTaskSwitchContext}/proof_setup/generated/README.md | 0 .../proof_setup/generated/pico_base/pico/README.md | 0 .../proof_setup/generated/pico_base/pico/config_autogen.h | 0 .../proof_setup/generated/pico_base/pico/version.h | 0 .../tasks/vTaskSwitchContext}/proof_setup/sys/README.md | 0 .../tasks/vTaskSwitchContext}/proof_setup/sys/cdefs.h | 0 .../vTaskSwitchContext}/proof_setup/verifast_RP2040_axioms.h | 0 .../tasks/vTaskSwitchContext}/proof_setup/verifast_asm.h | 0 .../vTaskSwitchContext}/proof_setup/verifast_proof_defs.h | 0 .../VeriFast/tasks/vTaskSwitchContext}/sdks/pico-sdk | 0 .../tasks/vTaskSwitchContext}/start-vfide--original.sh | 0 .../tasks/vTaskSwitchContext}/start-vfide--preprocessed.sh | 3 +++ 41 files changed, 6 insertions(+), 3 deletions(-) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/.gitignore (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/README.md (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/custom_build_scripts_RP2040/build_full.sh (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/custom_build_scripts_RP2040/preprocess_tasks_c.sh (99%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/custom_build_scripts_RP2040/vf_rewrite.sh (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/demos/FreeRTOS-SMP-Demos (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/problems/README.md (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/problems/bugs/define_name/defining_header.h (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/problems/bugs/define_name/main.c (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/problems/bugs/define_name/testing_header.h (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/proof/README.md (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/proof/ready_list_predicates.h (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/proof/single_core_proofs/README.md (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/proof/single_core_proofs/scp_common.h (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/proof/single_core_proofs/scp_list_predicates.h (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/proof/single_core_proofs_extended/README.md (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/proof/single_core_proofs_extended/scp_list_predicates_extended.h (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/proof/snippets/rp2040_port_c_snippets.c (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/proof/stack_predicates.h (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/proof/task_predicates.h (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/proof/verifast_bitops_extended.h (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/proof/verifast_lists_extended.h (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/proof/verifast_lock_predicates.h (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/proof/verifast_port_contracts.h (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/proof/verifast_prelude_extended.h (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/proof/verifast_task_running_states.h (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/proof_setup/FreeRTOSConfig.h (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/proof_setup/README.md (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/proof_setup/generated/README.md (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/proof_setup/generated/pico_base/pico/README.md (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/proof_setup/generated/pico_base/pico/config_autogen.h (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/proof_setup/generated/pico_base/pico/version.h (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/proof_setup/sys/README.md (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/proof_setup/sys/cdefs.h (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/proof_setup/verifast_RP2040_axioms.h (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/proof_setup/verifast_asm.h (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/proof_setup/verifast_proof_defs.h (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/sdks/pico-sdk (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/start-vfide--original.sh (100%) rename {verification/verifast => Test/VeriFast/tasks/vTaskSwitchContext}/start-vfide--preprocessed.sh (97%) diff --git a/.gitmodules b/.gitmodules index c0ce92937b8..f304bb47270 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,8 +1,8 @@ [submodule "verification/verifast/demos/FreeRTOS-SMP-Demos"] - path = verification/verifast/demos/FreeRTOS-SMP-Demos + path = Test/VeriFast/tasks/vTaskSwitchContext/demos/FreeRTOS-SMP-Demos url = https://github.com/Tobias-internship-AWS-2022/FreeRTOS-SMP-Demos.git branch = verifast [submodule "verification/verifast/sdks/pico-sdk"] - path = verification/verifast/sdks/pico-sdk + path = Test/VeriFast/tasks/vTaskSwitchContext/sdks/pico-sdk url = https://github.com/Tobias-internship-AWS-2022/pico-sdk.git branch = verifast diff --git a/verification/verifast/.gitignore b/Test/VeriFast/tasks/vTaskSwitchContext/.gitignore similarity index 100% rename from verification/verifast/.gitignore rename to Test/VeriFast/tasks/vTaskSwitchContext/.gitignore diff --git a/verification/verifast/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/README.md similarity index 100% rename from verification/verifast/README.md rename to Test/VeriFast/tasks/vTaskSwitchContext/README.md diff --git a/verification/verifast/custom_build_scripts_RP2040/build_full.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/build_full.sh similarity index 100% rename from verification/verifast/custom_build_scripts_RP2040/build_full.sh rename to Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/build_full.sh diff --git a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_tasks_c.sh similarity index 99% rename from verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh rename to Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_tasks_c.sh index 4de715265b9..e2a9fefbcee 100755 --- a/verification/verifast/custom_build_scripts_RP2040/preprocess_tasks_c.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_tasks_c.sh @@ -7,7 +7,7 @@ ps -o comm= -p $$ VF_DIR="$1" PP_SCRIPT_WD=`pwd` -REPO_BASE_DIR=`cd ../../..; pwd` +REPO_BASE_DIR=`cd ../../../../..; pwd` VF_PROOF_BASE_DIR=`cd ..; pwd` diff --git a/verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/vf_rewrite.sh similarity index 100% rename from verification/verifast/custom_build_scripts_RP2040/vf_rewrite.sh rename to Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/vf_rewrite.sh diff --git a/verification/verifast/demos/FreeRTOS-SMP-Demos b/Test/VeriFast/tasks/vTaskSwitchContext/demos/FreeRTOS-SMP-Demos similarity index 100% rename from verification/verifast/demos/FreeRTOS-SMP-Demos rename to Test/VeriFast/tasks/vTaskSwitchContext/demos/FreeRTOS-SMP-Demos diff --git a/verification/verifast/problems/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/problems/README.md similarity index 100% rename from verification/verifast/problems/README.md rename to Test/VeriFast/tasks/vTaskSwitchContext/problems/README.md diff --git a/verification/verifast/problems/bugs/define_name/defining_header.h b/Test/VeriFast/tasks/vTaskSwitchContext/problems/bugs/define_name/defining_header.h similarity index 100% rename from verification/verifast/problems/bugs/define_name/defining_header.h rename to Test/VeriFast/tasks/vTaskSwitchContext/problems/bugs/define_name/defining_header.h diff --git a/verification/verifast/problems/bugs/define_name/main.c b/Test/VeriFast/tasks/vTaskSwitchContext/problems/bugs/define_name/main.c similarity index 100% rename from verification/verifast/problems/bugs/define_name/main.c rename to Test/VeriFast/tasks/vTaskSwitchContext/problems/bugs/define_name/main.c diff --git a/verification/verifast/problems/bugs/define_name/testing_header.h b/Test/VeriFast/tasks/vTaskSwitchContext/problems/bugs/define_name/testing_header.h similarity index 100% rename from verification/verifast/problems/bugs/define_name/testing_header.h rename to Test/VeriFast/tasks/vTaskSwitchContext/problems/bugs/define_name/testing_header.h diff --git a/verification/verifast/proof/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/proof/README.md similarity index 100% rename from verification/verifast/proof/README.md rename to Test/VeriFast/tasks/vTaskSwitchContext/proof/README.md diff --git a/verification/verifast/proof/ready_list_predicates.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/ready_list_predicates.h similarity index 100% rename from verification/verifast/proof/ready_list_predicates.h rename to Test/VeriFast/tasks/vTaskSwitchContext/proof/ready_list_predicates.h diff --git a/verification/verifast/proof/single_core_proofs/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/proof/single_core_proofs/README.md similarity index 100% rename from verification/verifast/proof/single_core_proofs/README.md rename to Test/VeriFast/tasks/vTaskSwitchContext/proof/single_core_proofs/README.md diff --git a/verification/verifast/proof/single_core_proofs/scp_common.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/single_core_proofs/scp_common.h similarity index 100% rename from verification/verifast/proof/single_core_proofs/scp_common.h rename to Test/VeriFast/tasks/vTaskSwitchContext/proof/single_core_proofs/scp_common.h diff --git a/verification/verifast/proof/single_core_proofs/scp_list_predicates.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/single_core_proofs/scp_list_predicates.h similarity index 100% rename from verification/verifast/proof/single_core_proofs/scp_list_predicates.h rename to Test/VeriFast/tasks/vTaskSwitchContext/proof/single_core_proofs/scp_list_predicates.h diff --git a/verification/verifast/proof/single_core_proofs_extended/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/proof/single_core_proofs_extended/README.md similarity index 100% rename from verification/verifast/proof/single_core_proofs_extended/README.md rename to Test/VeriFast/tasks/vTaskSwitchContext/proof/single_core_proofs_extended/README.md diff --git a/verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/single_core_proofs_extended/scp_list_predicates_extended.h similarity index 100% rename from verification/verifast/proof/single_core_proofs_extended/scp_list_predicates_extended.h rename to Test/VeriFast/tasks/vTaskSwitchContext/proof/single_core_proofs_extended/scp_list_predicates_extended.h diff --git a/verification/verifast/proof/snippets/rp2040_port_c_snippets.c b/Test/VeriFast/tasks/vTaskSwitchContext/proof/snippets/rp2040_port_c_snippets.c similarity index 100% rename from verification/verifast/proof/snippets/rp2040_port_c_snippets.c rename to Test/VeriFast/tasks/vTaskSwitchContext/proof/snippets/rp2040_port_c_snippets.c diff --git a/verification/verifast/proof/stack_predicates.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/stack_predicates.h similarity index 100% rename from verification/verifast/proof/stack_predicates.h rename to Test/VeriFast/tasks/vTaskSwitchContext/proof/stack_predicates.h diff --git a/verification/verifast/proof/task_predicates.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/task_predicates.h similarity index 100% rename from verification/verifast/proof/task_predicates.h rename to Test/VeriFast/tasks/vTaskSwitchContext/proof/task_predicates.h diff --git a/verification/verifast/proof/verifast_bitops_extended.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_bitops_extended.h similarity index 100% rename from verification/verifast/proof/verifast_bitops_extended.h rename to Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_bitops_extended.h diff --git a/verification/verifast/proof/verifast_lists_extended.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_lists_extended.h similarity index 100% rename from verification/verifast/proof/verifast_lists_extended.h rename to Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_lists_extended.h diff --git a/verification/verifast/proof/verifast_lock_predicates.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_lock_predicates.h similarity index 100% rename from verification/verifast/proof/verifast_lock_predicates.h rename to Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_lock_predicates.h diff --git a/verification/verifast/proof/verifast_port_contracts.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_port_contracts.h similarity index 100% rename from verification/verifast/proof/verifast_port_contracts.h rename to Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_port_contracts.h diff --git a/verification/verifast/proof/verifast_prelude_extended.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_prelude_extended.h similarity index 100% rename from verification/verifast/proof/verifast_prelude_extended.h rename to Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_prelude_extended.h diff --git a/verification/verifast/proof/verifast_task_running_states.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_task_running_states.h similarity index 100% rename from verification/verifast/proof/verifast_task_running_states.h rename to Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_task_running_states.h diff --git a/verification/verifast/proof_setup/FreeRTOSConfig.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/FreeRTOSConfig.h similarity index 100% rename from verification/verifast/proof_setup/FreeRTOSConfig.h rename to Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/FreeRTOSConfig.h diff --git a/verification/verifast/proof_setup/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/README.md similarity index 100% rename from verification/verifast/proof_setup/README.md rename to Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/README.md diff --git a/verification/verifast/proof_setup/generated/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/generated/README.md similarity index 100% rename from verification/verifast/proof_setup/generated/README.md rename to Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/generated/README.md diff --git a/verification/verifast/proof_setup/generated/pico_base/pico/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/generated/pico_base/pico/README.md similarity index 100% rename from verification/verifast/proof_setup/generated/pico_base/pico/README.md rename to Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/generated/pico_base/pico/README.md diff --git a/verification/verifast/proof_setup/generated/pico_base/pico/config_autogen.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/generated/pico_base/pico/config_autogen.h similarity index 100% rename from verification/verifast/proof_setup/generated/pico_base/pico/config_autogen.h rename to Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/generated/pico_base/pico/config_autogen.h diff --git a/verification/verifast/proof_setup/generated/pico_base/pico/version.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/generated/pico_base/pico/version.h similarity index 100% rename from verification/verifast/proof_setup/generated/pico_base/pico/version.h rename to Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/generated/pico_base/pico/version.h diff --git a/verification/verifast/proof_setup/sys/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/sys/README.md similarity index 100% rename from verification/verifast/proof_setup/sys/README.md rename to Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/sys/README.md diff --git a/verification/verifast/proof_setup/sys/cdefs.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/sys/cdefs.h similarity index 100% rename from verification/verifast/proof_setup/sys/cdefs.h rename to Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/sys/cdefs.h diff --git a/verification/verifast/proof_setup/verifast_RP2040_axioms.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/verifast_RP2040_axioms.h similarity index 100% rename from verification/verifast/proof_setup/verifast_RP2040_axioms.h rename to Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/verifast_RP2040_axioms.h diff --git a/verification/verifast/proof_setup/verifast_asm.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/verifast_asm.h similarity index 100% rename from verification/verifast/proof_setup/verifast_asm.h rename to Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/verifast_asm.h diff --git a/verification/verifast/proof_setup/verifast_proof_defs.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/verifast_proof_defs.h similarity index 100% rename from verification/verifast/proof_setup/verifast_proof_defs.h rename to Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/verifast_proof_defs.h diff --git a/verification/verifast/sdks/pico-sdk b/Test/VeriFast/tasks/vTaskSwitchContext/sdks/pico-sdk similarity index 100% rename from verification/verifast/sdks/pico-sdk rename to Test/VeriFast/tasks/vTaskSwitchContext/sdks/pico-sdk diff --git a/verification/verifast/start-vfide--original.sh b/Test/VeriFast/tasks/vTaskSwitchContext/start-vfide--original.sh similarity index 100% rename from verification/verifast/start-vfide--original.sh rename to Test/VeriFast/tasks/vTaskSwitchContext/start-vfide--original.sh diff --git a/verification/verifast/start-vfide--preprocessed.sh b/Test/VeriFast/tasks/vTaskSwitchContext/start-vfide--preprocessed.sh similarity index 97% rename from verification/verifast/start-vfide--preprocessed.sh rename to Test/VeriFast/tasks/vTaskSwitchContext/start-vfide--preprocessed.sh index de77373ecbb..b288dc70ac5 100755 --- a/verification/verifast/start-vfide--preprocessed.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/start-vfide--preprocessed.sh @@ -32,6 +32,9 @@ cd "$START_WD" echo "\n\nPreprocessing script finished\n\n" +echo "File" +echo $PP_TASK_C + # Remarks: # - Recently, provenance checks have been added to VF that break old proofs # involving pointer comparisons. The flag `-assume_no_provenance` turns them From cc7ed1e3ebd42ee2068e23ec445569b004f920fb Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 9 Dec 2022 10:34:19 -0500 Subject: [PATCH 201/289] Copied modified source and header files to proof subdirectory. --- .../tasks/vTaskSwitchContext/include/list.h | 453 ++ .../vTaskSwitchContext/include/portable.h | 245 + .../vTaskSwitchContext/include/stack_macros.h | 208 + .../tasks/vTaskSwitchContext/include/task.h | 3318 ++++++++ .../tasks/vTaskSwitchContext/src/list.c | 1081 +++ .../tasks/vTaskSwitchContext/src/tasks.c | 7195 +++++++++++++++++ 6 files changed, 12500 insertions(+) create mode 100644 Test/VeriFast/tasks/vTaskSwitchContext/include/list.h create mode 100644 Test/VeriFast/tasks/vTaskSwitchContext/include/portable.h create mode 100644 Test/VeriFast/tasks/vTaskSwitchContext/include/stack_macros.h create mode 100644 Test/VeriFast/tasks/vTaskSwitchContext/include/task.h create mode 100644 Test/VeriFast/tasks/vTaskSwitchContext/src/list.c create mode 100644 Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/include/list.h b/Test/VeriFast/tasks/vTaskSwitchContext/include/list.h new file mode 100644 index 00000000000..d1543dfed02 --- /dev/null +++ b/Test/VeriFast/tasks/vTaskSwitchContext/include/list.h @@ -0,0 +1,453 @@ +/* + * FreeRTOS SMP Kernel V202110.00 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * https://www.FreeRTOS.org + * https://github.com/FreeRTOS + * + */ + +/* + * This is the list implementation used by the scheduler. While it is tailored + * heavily for the schedulers needs, it is also available for use by + * application code. + * + * list_ts can only store pointers to list_item_ts. Each ListItem_t contains a + * numeric value (xItemValue). Most of the time the lists are sorted in + * descending item value order. + * + * Lists are created already containing one list item. The value of this + * item is the maximum possible that can be stored, it is therefore always at + * the end of the list and acts as a marker. The list member pxHead always + * points to this marker - even though it is at the tail of the list. This + * is because the tail contains a wrap back pointer to the true head of + * the list. + * + * In addition to it's value, each list item contains a pointer to the next + * item in the list (pxNext), a pointer to the list it is in (pxContainer) + * and a pointer to back to the object that contains it. These later two + * pointers are included for efficiency of list manipulation. There is + * effectively a two way link between the object containing the list item and + * the list item itself. + * + * + * \page ListIntroduction List Implementation + * \ingroup FreeRTOSIntro + */ + + +#ifndef LIST_H +#define LIST_H + + +#ifdef VERIFAST + /* Reason for rewrite: + * VeriFast bug: + * Both `#ifdef INC_FREERTOS_H` and its negation `#ifdef INC_FREERTOS_H` + * evaluate to true. See minimal example `define_name`. + */ + #define INC_FREERTOS_H + /* Remember that this header is included indirectly `tasks.c` after it + * includes `FreeRTOS.h`. + */ + // TODO: Remove this work-around once VF has been fixed. +#endif /* VERIFAST */ + +#ifndef INC_FREERTOS_H + #error "FreeRTOS.h must be included before list.h" +#endif + +#ifdef VERIFAST + /* Reason for rewrite: + * VeriFast's normal and context-free preprocessor consume different + * numbers of tokens when expanding `PRIVILEGED_FUNCTION` in this file. + */ + #define PRIVILEGED_FUNCTION + // TODO: Figure out why the preprocessors consume different amounts of + // of tokens. This most likely has to do with the path/context + // from which this header is included. +#endif /* VERIFAST */ + +/* + * The list structure members are modified from within interrupts, and therefore + * by rights should be declared volatile. However, they are only modified in a + * functionally atomic way (within critical sections of with the scheduler + * suspended) and are either passed by reference into a function or indexed via + * a volatile variable. Therefore, in all use cases tested so far, the volatile + * qualifier can be omitted in order to provide a moderate performance + * improvement without adversely affecting functional behaviour. The assembly + * instructions generated by the IAR, ARM and GCC compilers when the respective + * compiler's options were set for maximum optimisation has been inspected and + * deemed to be as intended. That said, as compiler technology advances, and + * especially if aggressive cross module optimisation is used (a use case that + * has not been exercised to any great extend) then it is feasible that the + * volatile qualifier will be needed for correct optimisation. It is expected + * that a compiler removing essential code because, without the volatile + * qualifier on the list structure members and with aggressive cross module + * optimisation, the compiler deemed the code unnecessary will result in + * complete and obvious failure of the scheduler. If this is ever experienced + * then the volatile qualifier can be inserted in the relevant places within the + * list structures by simply defining configLIST_VOLATILE to volatile in + * FreeRTOSConfig.h (as per the example at the bottom of this comment block). + * If configLIST_VOLATILE is not defined then the preprocessor directives below + * will simply #define configLIST_VOLATILE away completely. + * + * To use volatile list structure members then add the following line to + * FreeRTOSConfig.h (without the quotes): + * "#define configLIST_VOLATILE volatile" + */ +#ifndef configLIST_VOLATILE + #define configLIST_VOLATILE +#endif /* configSUPPORT_CROSS_MODULE_OPTIMISATION */ + +/* *INDENT-OFF* */ +#ifdef __cplusplus + extern "C" { +#endif +/* *INDENT-ON* */ + +/* Macros that can be used to place known values within the list structures, + * then check that the known values do not get corrupted during the execution of + * the application. These may catch the list data structures being overwritten in + * memory. They will not catch data errors caused by incorrect configuration or + * use of FreeRTOS.*/ +#if ( configUSE_LIST_DATA_INTEGRITY_CHECK_BYTES == 0 ) + /* Define the macros to do nothing. */ + #define listFIRST_LIST_ITEM_INTEGRITY_CHECK_VALUE + #define listSECOND_LIST_ITEM_INTEGRITY_CHECK_VALUE + #define listFIRST_LIST_INTEGRITY_CHECK_VALUE + #define listSECOND_LIST_INTEGRITY_CHECK_VALUE + #define listSET_FIRST_LIST_ITEM_INTEGRITY_CHECK_VALUE( pxItem ) + #define listSET_SECOND_LIST_ITEM_INTEGRITY_CHECK_VALUE( pxItem ) + #define listSET_LIST_INTEGRITY_CHECK_1_VALUE( pxList ) + #define listSET_LIST_INTEGRITY_CHECK_2_VALUE( pxList ) + #define listTEST_LIST_ITEM_INTEGRITY( pxItem ) + #define listTEST_LIST_INTEGRITY( pxList ) +#else /* if ( configUSE_LIST_DATA_INTEGRITY_CHECK_BYTES == 0 ) */ + /* Define macros that add new members into the list structures. */ + #define listFIRST_LIST_ITEM_INTEGRITY_CHECK_VALUE TickType_t xListItemIntegrityValue1; + #define listSECOND_LIST_ITEM_INTEGRITY_CHECK_VALUE TickType_t xListItemIntegrityValue2; + #define listFIRST_LIST_INTEGRITY_CHECK_VALUE TickType_t xListIntegrityValue1; + #define listSECOND_LIST_INTEGRITY_CHECK_VALUE TickType_t xListIntegrityValue2; + +/* Define macros that set the new structure members to known values. */ + #define listSET_FIRST_LIST_ITEM_INTEGRITY_CHECK_VALUE( pxItem ) ( pxItem )->xListItemIntegrityValue1 = pdINTEGRITY_CHECK_VALUE + #define listSET_SECOND_LIST_ITEM_INTEGRITY_CHECK_VALUE( pxItem ) ( pxItem )->xListItemIntegrityValue2 = pdINTEGRITY_CHECK_VALUE + #define listSET_LIST_INTEGRITY_CHECK_1_VALUE( pxList ) ( pxList )->xListIntegrityValue1 = pdINTEGRITY_CHECK_VALUE + #define listSET_LIST_INTEGRITY_CHECK_2_VALUE( pxList ) ( pxList )->xListIntegrityValue2 = pdINTEGRITY_CHECK_VALUE + +/* Define macros that will assert if one of the structure members does not + * contain its expected value. */ + #define listTEST_LIST_ITEM_INTEGRITY( pxItem ) configASSERT( ( ( pxItem )->xListItemIntegrityValue1 == pdINTEGRITY_CHECK_VALUE ) && ( ( pxItem )->xListItemIntegrityValue2 == pdINTEGRITY_CHECK_VALUE ) ) + #define listTEST_LIST_INTEGRITY( pxList ) configASSERT( ( ( pxList )->xListIntegrityValue1 == pdINTEGRITY_CHECK_VALUE ) && ( ( pxList )->xListIntegrityValue2 == pdINTEGRITY_CHECK_VALUE ) ) +#endif /* configUSE_LIST_DATA_INTEGRITY_CHECK_BYTES */ + + +/* + * Definition of the only type of object that a list can contain. + */ +struct xLIST; +struct xLIST_ITEM +{ + listFIRST_LIST_ITEM_INTEGRITY_CHECK_VALUE /*< Set to a known value if configUSE_LIST_DATA_INTEGRITY_CHECK_BYTES is set to 1. */ + configLIST_VOLATILE TickType_t xItemValue; /*< The value being listed. In most cases this is used to sort the list in descending order. */ + struct xLIST_ITEM * configLIST_VOLATILE pxNext; /*< Pointer to the next ListItem_t in the list. */ + struct xLIST_ITEM * configLIST_VOLATILE pxPrevious; /*< Pointer to the previous ListItem_t in the list. */ + void * pvOwner; /*< Pointer to the object (normally a TCB) that contains the list item. There is therefore a two way link between the object containing the list item and the list item itself. */ + struct xLIST * configLIST_VOLATILE pxContainer; /*< Pointer to the list in which this list item is placed (if any). */ + listSECOND_LIST_ITEM_INTEGRITY_CHECK_VALUE /*< Set to a known value if configUSE_LIST_DATA_INTEGRITY_CHECK_BYTES is set to 1. */ +}; +typedef struct xLIST_ITEM ListItem_t; /* For some reason lint wants this as two separate definitions. */ + +struct xMINI_LIST_ITEM +{ + listFIRST_LIST_ITEM_INTEGRITY_CHECK_VALUE /*< Set to a known value if configUSE_LIST_DATA_INTEGRITY_CHECK_BYTES is set to 1. */ + configLIST_VOLATILE TickType_t xItemValue; + struct xLIST_ITEM * configLIST_VOLATILE pxNext; + struct xLIST_ITEM * configLIST_VOLATILE pxPrevious; +}; +typedef struct xMINI_LIST_ITEM MiniListItem_t; + +/* + * Definition of the type of queue used by the scheduler. + */ +typedef struct xLIST +{ + listFIRST_LIST_INTEGRITY_CHECK_VALUE /*< Set to a known value if configUSE_LIST_DATA_INTEGRITY_CHECK_BYTES is set to 1. */ + volatile UBaseType_t uxNumberOfItems; + ListItem_t * configLIST_VOLATILE pxIndex; /*< Used to walk through the list. Points to the last item returned by a call to listGET_OWNER_OF_NEXT_ENTRY (). */ + #ifdef VERIFAST + /* Reason for rewrite: + * This change allows us to reuse the existing single-core list proofs, + * for which an identical rewrite for assumed. + */ + ListItem_t xListEnd; + #else + MiniListItem_t xListEnd; /*< List item that contains the maximum possible item value meaning it is always at the end of the list and is therefore used as a marker. */ + #endif /* VERIFAST */ + listSECOND_LIST_INTEGRITY_CHECK_VALUE /*< Set to a known value if configUSE_LIST_DATA_INTEGRITY_CHECK_BYTES is set to 1. */ +} List_t; + +/* + * Access macro to set the owner of a list item. The owner of a list item + * is the object (usually a TCB) that contains the list item. + * + * \page listSET_LIST_ITEM_OWNER listSET_LIST_ITEM_OWNER + * \ingroup LinkedList + */ +#define listSET_LIST_ITEM_OWNER( pxListItem, pxOwner ) ( ( pxListItem )->pvOwner = ( void * ) ( pxOwner ) ) + +/* + * Access macro to get the owner of a list item. The owner of a list item + * is the object (usually a TCB) that contains the list item. + * + * \page listGET_LIST_ITEM_OWNER listSET_LIST_ITEM_OWNER + * \ingroup LinkedList + */ +#define listGET_LIST_ITEM_OWNER( pxListItem ) ( ( pxListItem )->pvOwner ) + +/* + * Access macro to set the value of the list item. In most cases the value is + * used to sort the list in descending order. + * + * \page listSET_LIST_ITEM_VALUE listSET_LIST_ITEM_VALUE + * \ingroup LinkedList + */ +#define listSET_LIST_ITEM_VALUE( pxListItem, xValue ) ( ( pxListItem )->xItemValue = ( xValue ) ) + +/* + * Access macro to retrieve the value of the list item. The value can + * represent anything - for example the priority of a task, or the time at + * which a task should be unblocked. + * + * \page listGET_LIST_ITEM_VALUE listGET_LIST_ITEM_VALUE + * \ingroup LinkedList + */ +#define listGET_LIST_ITEM_VALUE( pxListItem ) ( ( pxListItem )->xItemValue ) + +/* + * Access macro to retrieve the value of the list item at the head of a given + * list. + * + * \page listGET_LIST_ITEM_VALUE listGET_LIST_ITEM_VALUE + * \ingroup LinkedList + */ +#define listGET_ITEM_VALUE_OF_HEAD_ENTRY( pxList ) ( ( ( pxList )->xListEnd ).pxNext->xItemValue ) + +/* + * Return the list item at the head of the list. + * + * \page listGET_HEAD_ENTRY listGET_HEAD_ENTRY + * \ingroup LinkedList + */ +#define listGET_HEAD_ENTRY( pxList ) ( ( ( pxList )->xListEnd ).pxNext ) + +/* + * Return the next list item. + * + * \page listGET_NEXT listGET_NEXT + * \ingroup LinkedList + */ +#define listGET_NEXT( pxListItem ) ( ( pxListItem )->pxNext ) + +/* + * Return the list item that marks the end of the list + * + * \page listGET_END_MARKER listGET_END_MARKER + * \ingroup LinkedList + */ +#define listGET_END_MARKER( pxList ) ( ( ListItem_t const * ) ( &( ( pxList )->xListEnd ) ) ) + +/* + * Access macro to determine if a list contains any items. The macro will + * only have the value true if the list is empty. + * + * \page listLIST_IS_EMPTY listLIST_IS_EMPTY + * \ingroup LinkedList + */ +#define listLIST_IS_EMPTY( pxList ) ( ( ( pxList )->uxNumberOfItems == ( UBaseType_t ) 0 ) ? pdTRUE : pdFALSE ) + +/* + * Access macro to return the number of items in the list. + */ +#define listCURRENT_LIST_LENGTH( pxList ) ( ( pxList )->uxNumberOfItems ) + +/* + * Access function to obtain the owner of the next entry in a list. + * + * The list member pxIndex is used to walk through a list. Calling + * listGET_OWNER_OF_NEXT_ENTRY increments pxIndex to the next item in the list + * and returns that entry's pxOwner parameter. Using multiple calls to this + * function it is therefore possible to move through every item contained in + * a list. + * + * The pxOwner parameter of a list item is a pointer to the object that owns + * the list item. In the scheduler this is normally a task control block. + * The pxOwner parameter effectively creates a two way link between the list + * item and its owner. + * + * @param pxTCB pxTCB is set to the address of the owner of the next list item. + * @param pxList The list from which the next item owner is to be returned. + * + * \page listGET_OWNER_OF_NEXT_ENTRY listGET_OWNER_OF_NEXT_ENTRY + * \ingroup LinkedList + */ +#define listGET_OWNER_OF_NEXT_ENTRY( pxTCB, pxList ) \ + { \ + List_t * const pxConstList = ( pxList ); \ + /* Increment the index to the next item and return the item, ensuring */ \ + /* we don't return the marker used at the end of the list. */ \ + ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; \ + if( ( void * ) ( pxConstList )->pxIndex == ( void * ) &( ( pxConstList )->xListEnd ) ) \ + { \ + ( pxConstList )->pxIndex = ( pxConstList )->pxIndex->pxNext; \ + } \ + ( pxTCB ) = ( pxConstList )->pxIndex->pvOwner; \ + } + + + +/* + * Access function to obtain the owner of the first entry in a list. Lists + * are normally sorted in ascending item value order. + * + * This function returns the pxOwner member of the first item in the list. + * The pxOwner parameter of a list item is a pointer to the object that owns + * the list item. In the scheduler this is normally a task control block. + * The pxOwner parameter effectively creates a two way link between the list + * item and its owner. + * + * @param pxList The list from which the owner of the head item is to be + * returned. + * + * \page listGET_OWNER_OF_HEAD_ENTRY listGET_OWNER_OF_HEAD_ENTRY + * \ingroup LinkedList + */ +#define listGET_OWNER_OF_HEAD_ENTRY( pxList ) ( ( &( ( pxList )->xListEnd ) )->pxNext->pvOwner ) + +/* + * Check to see if a list item is within a list. The list item maintains a + * "container" pointer that points to the list it is in. All this macro does + * is check to see if the container and the list match. + * + * @param pxList The list we want to know if the list item is within. + * @param pxListItem The list item we want to know if is in the list. + * @return pdTRUE if the list item is in the list, otherwise pdFALSE. + */ +#define listIS_CONTAINED_WITHIN( pxList, pxListItem ) ( ( ( pxListItem )->pxContainer == ( pxList ) ) ? ( pdTRUE ) : ( pdFALSE ) ) + +/* + * Return the list a list item is contained within (referenced from). + * + * @param pxListItem The list item being queried. + * @return A pointer to the List_t object that references the pxListItem + */ +#define listLIST_ITEM_CONTAINER( pxListItem ) ( ( pxListItem )->pxContainer ) + +/* + * This provides a crude means of knowing if a list has been initialised, as + * pxList->xListEnd.xItemValue is set to portMAX_DELAY by the vListInitialise() + * function. + */ +#define listLIST_IS_INITIALISED( pxList ) ( ( pxList )->xListEnd.xItemValue == portMAX_DELAY ) + +/* + * Must be called before a list is used! This initialises all the members + * of the list structure and inserts the xListEnd item into the list as a + * marker to the back of the list. + * + * @param pxList Pointer to the list being initialised. + * + * \page vListInitialise vListInitialise + * \ingroup LinkedList + */ +void vListInitialise( List_t * const pxList ) PRIVILEGED_FUNCTION; + +/* + * Must be called before a list item is used. This sets the list container to + * null so the item does not think that it is already contained in a list. + * + * @param pxItem Pointer to the list item being initialised. + * + * \page vListInitialiseItem vListInitialiseItem + * \ingroup LinkedList + */ +void vListInitialiseItem( ListItem_t * const pxItem ) PRIVILEGED_FUNCTION; +//@ requires pxItem->pxContainer |-> _; +//@ ensures pxItem->pxContainer |-> 0; + +/* + * Insert a list item into a list. The item will be inserted into the list in + * a position determined by its item value (descending item value order). + * + * @param pxList The list into which the item is to be inserted. + * + * @param pxNewListItem The item that is to be placed in the list. + * + * \page vListInsert vListInsert + * \ingroup LinkedList + */ +void vListInsert( List_t * const pxList, + ListItem_t * const pxNewListItem ) PRIVILEGED_FUNCTION; + +/* + * Insert a list item into a list. The item will be inserted in a position + * such that it will be the last item within the list returned by multiple + * calls to listGET_OWNER_OF_NEXT_ENTRY. + * + * The list member pxIndex is used to walk through a list. Calling + * listGET_OWNER_OF_NEXT_ENTRY increments pxIndex to the next item in the list. + * Placing an item in a list using vListInsertEnd effectively places the item + * in the list position pointed to by pxIndex. This means that every other + * item within the list will be returned by listGET_OWNER_OF_NEXT_ENTRY before + * the pxIndex parameter again points to the item being inserted. + * + * @param pxList The list into which the item is to be inserted. + * + * @param pxNewListItem The list item to be inserted into the list. + * + * \page vListInsertEnd vListInsertEnd + * \ingroup LinkedList + */ +void vListInsertEnd( List_t * const pxList, + ListItem_t * const pxNewListItem ) PRIVILEGED_FUNCTION; + +/* + * Remove an item from a list. The list item has a pointer to the list that + * it is in, so only the list item need be passed into the function. + * + * @param uxListRemove The item to be removed. The item will remove itself from + * the list pointed to by it's pxContainer parameter. + * + * @return The number of items that remain in the list after the list item has + * been removed. + * + * \page uxListRemove uxListRemove + * \ingroup LinkedList + */ +UBaseType_t uxListRemove( ListItem_t * const pxItemToRemove ) PRIVILEGED_FUNCTION; + +/* *INDENT-OFF* */ +#ifdef __cplusplus + } +#endif +/* *INDENT-ON* */ + +#endif /* ifndef LIST_H */ diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/include/portable.h b/Test/VeriFast/tasks/vTaskSwitchContext/include/portable.h new file mode 100644 index 00000000000..d9bb2e72089 --- /dev/null +++ b/Test/VeriFast/tasks/vTaskSwitchContext/include/portable.h @@ -0,0 +1,245 @@ +/* + * FreeRTOS SMP Kernel V202110.00 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * https://www.FreeRTOS.org + * https://github.com/FreeRTOS + * + */ + +/*----------------------------------------------------------- +* Portable layer API. Each function must be defined for each port. +*----------------------------------------------------------*/ + +#ifndef PORTABLE_H +#define PORTABLE_H + +/* Each FreeRTOS port has a unique portmacro.h header file. Originally a + * pre-processor definition was used to ensure the pre-processor found the correct + * portmacro.h file for the port being used. That scheme was deprecated in favour + * of setting the compiler's include path such that it found the correct + * portmacro.h file - removing the need for the constant and allowing the + * portmacro.h file to be located anywhere in relation to the port being used. + * Purely for reasons of backward compatibility the old method is still valid, but + * to make it clear that new projects should not use it, support for the port + * specific constants has been moved into the deprecated_definitions.h header + * file. */ +#include "deprecated_definitions.h" + +/* If portENTER_CRITICAL is not defined then including deprecated_definitions.h + * did not result in a portmacro.h header file being included - and it should be + * included here. In this case the path to the correct portmacro.h header file + * must be set in the compiler's include path. */ +#ifndef portENTER_CRITICAL + #include "portmacro.h" +#endif + +#if portBYTE_ALIGNMENT == 32 + #define portBYTE_ALIGNMENT_MASK ( 0x001f ) +#endif + +#if portBYTE_ALIGNMENT == 16 + #define portBYTE_ALIGNMENT_MASK ( 0x000f ) +#endif + +#if portBYTE_ALIGNMENT == 8 + #define portBYTE_ALIGNMENT_MASK ( 0x0007 ) +#endif + +#if portBYTE_ALIGNMENT == 4 + #define portBYTE_ALIGNMENT_MASK ( 0x0003 ) +#endif + +#if portBYTE_ALIGNMENT == 2 + #define portBYTE_ALIGNMENT_MASK ( 0x0001 ) +#endif + +#if portBYTE_ALIGNMENT == 1 + #define portBYTE_ALIGNMENT_MASK ( 0x0000 ) +#endif + +#ifndef portBYTE_ALIGNMENT_MASK + #error "Invalid portBYTE_ALIGNMENT definition" +#endif + +#ifndef portNUM_CONFIGURABLE_REGIONS + #define portNUM_CONFIGURABLE_REGIONS 1 +#endif + +#ifndef portHAS_STACK_OVERFLOW_CHECKING + #define portHAS_STACK_OVERFLOW_CHECKING 0 +#endif + +#ifndef portARCH_NAME + #define portARCH_NAME NULL +#endif + +/* *INDENT-OFF* */ +#ifdef __cplusplus + extern "C" { +#endif +/* *INDENT-ON* */ + +#include "mpu_wrappers.h" + +/* + * Setup the stack of a new task so it is ready to be placed under the + * scheduler control. The registers have to be placed on the stack in + * the order that the port expects to find them. + * + */ +#if ( portUSING_MPU_WRAPPERS == 1 ) + #if ( portHAS_STACK_OVERFLOW_CHECKING == 1 ) + StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack, + StackType_t * pxEndOfStack, + TaskFunction_t pxCode, + void * pvParameters, + BaseType_t xRunPrivileged ) PRIVILEGED_FUNCTION; + #else + StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack, + TaskFunction_t pxCode, + void * pvParameters, + BaseType_t xRunPrivileged ) PRIVILEGED_FUNCTION; + #endif +#else /* if ( portUSING_MPU_WRAPPERS == 1 ) */ + #if ( portHAS_STACK_OVERFLOW_CHECKING == 1 ) + StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack, + StackType_t * pxEndOfStack, + TaskFunction_t pxCode, + void * pvParameters ) PRIVILEGED_FUNCTION; + #else + StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack, + TaskFunction_t pxCode, + void * pvParameters ) PRIVILEGED_FUNCTION; + ///@ requires true; + ///@ ensures true; + #endif +#endif /* if ( portUSING_MPU_WRAPPERS == 1 ) */ + +/* Used by heap_5.c to define the start address and size of each memory region + * that together comprise the total FreeRTOS heap space. */ +typedef struct HeapRegion +{ + uint8_t * pucStartAddress; + size_t xSizeInBytes; +} HeapRegion_t; + +/* Used to pass information about the heap out of vPortGetHeapStats(). */ +typedef struct xHeapStats +{ + size_t xAvailableHeapSpaceInBytes; /* The total heap size currently available - this is the sum of all the free blocks, not the largest block that can be allocated. */ + size_t xSizeOfLargestFreeBlockInBytes; /* The maximum size, in bytes, of all the free blocks within the heap at the time vPortGetHeapStats() is called. */ + size_t xSizeOfSmallestFreeBlockInBytes; /* The minimum size, in bytes, of all the free blocks within the heap at the time vPortGetHeapStats() is called. */ + size_t xNumberOfFreeBlocks; /* The number of free memory blocks within the heap at the time vPortGetHeapStats() is called. */ + size_t xMinimumEverFreeBytesRemaining; /* The minimum amount of total free memory (sum of all free blocks) there has been in the heap since the system booted. */ + size_t xNumberOfSuccessfulAllocations; /* The number of calls to pvPortMalloc() that have returned a valid memory block. */ + size_t xNumberOfSuccessfulFrees; /* The number of calls to vPortFree() that has successfully freed a block of memory. */ +} HeapStats_t; + +/* + * Used to define multiple heap regions for use by heap_5.c. This function + * must be called before any calls to pvPortMalloc() - not creating a task, + * queue, semaphore, mutex, software timer, event group, etc. will result in + * pvPortMalloc being called. + * + * pxHeapRegions passes in an array of HeapRegion_t structures - each of which + * defines a region of memory that can be used as the heap. The array is + * terminated by a HeapRegions_t structure that has a size of 0. The region + * with the lowest start address must appear first in the array. + */ +void vPortDefineHeapRegions( const HeapRegion_t * const pxHeapRegions ) PRIVILEGED_FUNCTION; + +/* + * Returns a HeapStats_t structure filled with information about the current + * heap state. + */ +void vPortGetHeapStats( HeapStats_t * pxHeapStats ); + +#ifdef VERIFAST + /* Reason for rewrite: + * VeriFast treats the `malloc` and `free` functions specially, + * in a particular built-in way that cannot be axiomatized within + * VeriFast's specification language. + * + * When `malloc( sizeof(struct S) )` is called for a user defined + * struct `S`, VeriFast instantiates the corresponding + * `malloc_block_S(...)` predicate as well as points-to chunks + * for its fields. + * Reversely, calling `free` cleans up all the predicates instantiated + * by `malloc`. + */ + #define pvPortMalloc malloc + #define vPortFree(ptr) free( (void*) ptr) +#else + /* + * Map to the memory management routines required for the port. + */ + void * pvPortMalloc( size_t xSize ) PRIVILEGED_FUNCTION; + void vPortFree( void * pv ) PRIVILEGED_FUNCTION; +#endif /* VERIFAST */ + + +void vPortInitialiseBlocks( void ) PRIVILEGED_FUNCTION; +size_t xPortGetFreeHeapSize( void ) PRIVILEGED_FUNCTION; +size_t xPortGetMinimumEverFreeHeapSize( void ) PRIVILEGED_FUNCTION; + +#if( configSTACK_ALLOCATION_FROM_SEPARATE_HEAP == 1 ) + void *pvPortMallocStack( size_t xSize ) PRIVILEGED_FUNCTION; + void vPortFreeStack( void *pv ) PRIVILEGED_FUNCTION; +#else + #define pvPortMallocStack pvPortMalloc + #define vPortFreeStack vPortFree +#endif + +/* + * Setup the hardware ready for the scheduler to take control. This generally + * sets up a tick interrupt and sets timers for the correct tick frequency. + */ +BaseType_t xPortStartScheduler( void ) PRIVILEGED_FUNCTION; + +/* + * Undo any hardware/ISR setup that was performed by xPortStartScheduler() so + * the hardware is left in its original condition after the scheduler stops + * executing. + */ +void vPortEndScheduler( void ) PRIVILEGED_FUNCTION; + +/* + * The structures and methods of manipulating the MPU are contained within the + * port layer. + * + * Fills the xMPUSettings structure with the memory region information + * contained in xRegions. + */ +#if ( portUSING_MPU_WRAPPERS == 1 ) + struct xMEMORY_REGION; + void vPortStoreTaskMPUSettings( xMPU_SETTINGS * xMPUSettings, + const struct xMEMORY_REGION * const xRegions, + StackType_t * pxBottomOfStack, + uint32_t ulStackDepth ) PRIVILEGED_FUNCTION; +#endif + +/* *INDENT-OFF* */ +#ifdef __cplusplus + } +#endif +/* *INDENT-ON* */ + +#endif /* PORTABLE_H */ diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/include/stack_macros.h b/Test/VeriFast/tasks/vTaskSwitchContext/include/stack_macros.h new file mode 100644 index 00000000000..ea247e4064e --- /dev/null +++ b/Test/VeriFast/tasks/vTaskSwitchContext/include/stack_macros.h @@ -0,0 +1,208 @@ +/* + * FreeRTOS SMP Kernel V202110.00 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * https://www.FreeRTOS.org + * https://github.com/FreeRTOS + * + */ + +#ifndef STACK_MACROS_H +#define STACK_MACROS_H + +/* + * Call the stack overflow hook function if the stack of the task being swapped + * out is currently overflowed, or looks like it might have overflowed in the + * past. + * + * Setting configCHECK_FOR_STACK_OVERFLOW to 1 will cause the macro to check + * the current stack state only - comparing the current top of stack value to + * the stack limit. Setting configCHECK_FOR_STACK_OVERFLOW to greater than 1 + * will also cause the last few stack bytes to be checked to ensure the value + * to which the bytes were set when the task was created have not been + * overwritten. Note this second test does not guarantee that an overflowed + * stack will always be recognised. + */ + +/*-----------------------------------------------------------*/ + +/* + * portSTACK_LIMIT_PADDING is a number of extra words to consider to be in + * use on the stack. + */ +#ifndef portSTACK_LIMIT_PADDING + #define portSTACK_LIMIT_PADDING 0 +#endif + +#if ( ( configCHECK_FOR_STACK_OVERFLOW == 1 ) && ( portSTACK_GROWTH < 0 ) ) + +/* Only the current stack state is to be checked. */ + #define taskCHECK_FOR_STACK_OVERFLOW() \ + { \ + /* Is the currently saved stack pointer within the stack limit? */ \ + if( pxCurrentTCB->pxTopOfStack <= pxCurrentTCB->pxStack + portSTACK_LIMIT_PADDING ) \ + { \ + vApplicationStackOverflowHook( ( TaskHandle_t ) pxCurrentTCB, pxCurrentTCB->pcTaskName ); \ + } \ + } + +#endif /* configCHECK_FOR_STACK_OVERFLOW == 1 */ +/*-----------------------------------------------------------*/ + +#if ( ( configCHECK_FOR_STACK_OVERFLOW == 1 ) && ( portSTACK_GROWTH > 0 ) ) + +/* Only the current stack state is to be checked. */ + #define taskCHECK_FOR_STACK_OVERFLOW() \ + { \ + \ + /* Is the currently saved stack pointer within the stack limit? */ \ + if( pxCurrentTCB->pxTopOfStack >= pxCurrentTCB->pxEndOfStack - portSTACK_LIMIT_PADDING ) \ + { \ + vApplicationStackOverflowHook( ( TaskHandle_t ) pxCurrentTCB, pxCurrentTCB->pcTaskName ); \ + } \ + } + +#endif /* configCHECK_FOR_STACK_OVERFLOW == 1 */ +/*-----------------------------------------------------------*/ + +#if ( ( configCHECK_FOR_STACK_OVERFLOW > 1 ) && ( portSTACK_GROWTH < 0 ) ) + + /* TODO: Convert this macro into a function such that we can insert proof annotations. + */ + #ifdef VERIFAST + /* Reason for rewrite: + * VeriFast complains about unspecified evaluation order of + * - `pxCurrentTCB->pxStack` + * - `vApplicationStackOverflowHook( ( TaskHandle_t ) pxCurrentTCB, pxCurrentTCB->pcTaskName );` + * + */ + #define taskCHECK_FOR_STACK_OVERFLOW() VF__taskCHECK_FOR_STACK_OVERFLOW() + + void VF__taskCHECK_FOR_STACK_OVERFLOW() + /*@ requires prvSeg_TCB_p(?gCurrentTCB, ?ulFreeBytesOnStack) &*& + coreLocalSeg_TCB_p(gCurrentTCB, ?uxCriticalNesting) &*& + // chunks required by `pxCurrentTCB` aka `xTaskGetCurrentTaskHandle()` + interruptState_p(coreID_f(), ?state) &*& + interruptsDisabled_f(state) == true &*& + pointer(&pxCurrentTCBs[coreID_f], gCurrentTCB); + @*/ + /*@ ensures prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack) &*& + coreLocalSeg_TCB_p(gCurrentTCB, uxCriticalNesting) &*& + // chunks required by `pxCurrentTCB` aka `xTaskGetCurrentTaskHandle()` + interruptState_p(coreID_f(), state) &*& + interruptsDisabled_f(state) == true &*& + pointer(&pxCurrentTCBs[coreID_f], gCurrentTCB); \ + @*/ \ + { \ + /*@ open prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack); @*/ \ + /*@ assert( stack_p_2(?pxStack, ?ulStackDepth, ?pxTopOfStack, \ + ?ulFreeBytes, ?ulUsedCells, ?ulUnalignedBytes) ); \ + @*/ \ + /*@ open stack_p_2(_, _, _, _, _, _); @*/ \ + /* The detour below allows us to skip proving that `ulFreeBytes` \ + * is a multiple of `sizeof(StackType_t)`. \ + */ \ + /*@ integers__to_chars(pxTopOfStack+1); @*/ \ + /*@ chars_join((char*) pxStack); @*/ \ + /*@ chars_to_integers_(pxStack, sizeof(StackType_t), false, 4); @*/ \ + TCB_t* tcb0 = pxCurrentTCB; \ + const uint32_t * const pulStack = ( uint32_t * ) tcb0->pxStack; \ + const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; \ + \ + /*@ bool gOverflow = false; @*/ \ + if( ( pulStack[ 0 ] != ulCheckValue ) || \ + ( pulStack[ 1 ] != ulCheckValue ) || \ + ( pulStack[ 2 ] != ulCheckValue ) || \ + ( pulStack[ 3 ] != ulCheckValue ) ) \ + { \ + /*@ gOverflow = true; @*/ \ + /*@ integers__to_chars(pxStack); @*/ \ + /*@ chars_join((char*) pxStack); @*/ \ + /*@ chars_split((char*) pxStack, ulFreeBytesOnStack); @*/ \ + /*@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, \ + ulFreeBytes, ulUsedCells, ulUnalignedBytes); \ + @*/ \ + /*@ close prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack); @*/ \ + TCB_t* tcb1 = pxCurrentTCB; \ + TCB_t* tcb2 = pxCurrentTCB; \ + vApplicationStackOverflowHook( ( TaskHandle_t ) tcb1, tcb2->pcTaskName ); \ + } \ + /*@ \ + if(!gOverflow) { \ + integers__to_chars(pxStack); \ + chars_join((char*) pxStack); \ + chars_split((char*) pxStack, ulFreeBytesOnStack); \ + close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, \ + ulFreeBytes, ulUsedCells, ulUnalignedBytes); \ + close prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack); \ + } \ + @*/ \ + } + #else + #define taskCHECK_FOR_STACK_OVERFLOW() \ + { \ + const uint32_t * const pulStack = ( uint32_t * ) pxCurrentTCB->pxStack; \ + const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; \ + \ + if( ( pulStack[ 0 ] != ulCheckValue ) || \ + ( pulStack[ 1 ] != ulCheckValue ) || \ + ( pulStack[ 2 ] != ulCheckValue ) || \ + ( pulStack[ 3 ] != ulCheckValue ) ) \ + { \ + vApplicationStackOverflowHook( ( TaskHandle_t ) pxCurrentTCB, pxCurrentTCB->pcTaskName ); \ + } \ + } + #endif /* VERIFAST */ + +#endif /* #if( configCHECK_FOR_STACK_OVERFLOW > 1 ) */ +/*-----------------------------------------------------------*/ + +#if ( ( configCHECK_FOR_STACK_OVERFLOW > 1 ) && ( portSTACK_GROWTH > 0 ) ) + + #define taskCHECK_FOR_STACK_OVERFLOW() \ + { \ + int8_t * pcEndOfStack = ( int8_t * ) pxCurrentTCB->pxEndOfStack; \ + static const uint8_t ucExpectedStackBytes[] = { tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, \ + tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, \ + tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, \ + tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, \ + tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE, tskSTACK_FILL_BYTE }; \ + \ + \ + pcEndOfStack -= sizeof( ucExpectedStackBytes ); \ + \ + /* Has the extremity of the task stack ever been written over? */ \ + if( memcmp( ( void * ) pcEndOfStack, ( void * ) ucExpectedStackBytes, sizeof( ucExpectedStackBytes ) ) != 0 ) \ + { \ + vApplicationStackOverflowHook( ( TaskHandle_t ) pxCurrentTCB, pxCurrentTCB->pcTaskName ); \ + } \ + } + +#endif /* #if( configCHECK_FOR_STACK_OVERFLOW > 1 ) */ +/*-----------------------------------------------------------*/ + +/* Remove stack overflow macro if not being used. */ +#ifndef taskCHECK_FOR_STACK_OVERFLOW + #define taskCHECK_FOR_STACK_OVERFLOW() +#endif + + + +#endif /* STACK_MACROS_H */ diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/include/task.h b/Test/VeriFast/tasks/vTaskSwitchContext/include/task.h new file mode 100644 index 00000000000..56e054299c1 --- /dev/null +++ b/Test/VeriFast/tasks/vTaskSwitchContext/include/task.h @@ -0,0 +1,3318 @@ +/* + * FreeRTOS SMP Kernel V202110.00 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * https://www.FreeRTOS.org + * https://github.com/FreeRTOS + * + */ + + +#ifndef INC_TASK_H +#define INC_TASK_H + +#ifdef VERIFAST + /* Reason for rewrite: + * VeriFast bug: + * Both `#ifdef INC_FREERTOS_H` and its negation `#ifdef INC_FREERTOS_H` + * evaluate to true. See minimal example `define_name`. + */ + #define INC_FREERTOS_H + /* Remember that this header is included by `tasks.c` after it includes + * `FreeRTOS.h`. + */ + // TODO: Remove this work-around once VF has been fixed. +#endif /* VERIFAST */ + + +/* Remark: + * Note that the following VF section renders the previous one obsolete. + * However, we keep the above as a reminder until the corresponding bug + * has been fixed. + */ +#ifdef VERIFAST + /* Reason for rewrite: + * Even though in the current verification setup, `FreeRTOS.h` is always + * included before this file is processed, VeriFast does not consider this + * context when processing this file. VeriFast forbids macro expansions to + * depend on a potentially variable context, e.g, `configSTACK_DEPTH_TYPE` + * which expands to 'uint16_t' if and only if `FreeRTOS.h` has been + * included. + */ + #include "FreeRTOS.h" +#endif /* VERIFAST */ + +#ifndef INC_FREERTOS_H + #error "include FreeRTOS.h must appear in source files before include task.h" +#endif + +#include "list.h" + +/* *INDENT-OFF* */ +#ifdef __cplusplus + extern "C" { +#endif +/* *INDENT-ON* */ + +/*----------------------------------------------------------- +* MACROS AND DEFINITIONS +*----------------------------------------------------------*/ + +#define tskKERNEL_VERSION_NUMBER "V10.4.3" +#define tskKERNEL_VERSION_MAJOR 10 +#define tskKERNEL_VERSION_MINOR 4 +#define tskKERNEL_VERSION_BUILD 3 + +/* MPU region parameters passed in ulParameters + * of MemoryRegion_t struct. */ +#define tskMPU_REGION_READ_ONLY ( 1UL << 0UL ) +#define tskMPU_REGION_READ_WRITE ( 1UL << 1UL ) +#define tskMPU_REGION_EXECUTE_NEVER ( 1UL << 2UL ) +#define tskMPU_REGION_NORMAL_MEMORY ( 1UL << 3UL ) +#define tskMPU_REGION_DEVICE_MEMORY ( 1UL << 4UL ) + +/* The direct to task notification feature used to have only a single notification + * per task. Now there is an array of notifications per task that is dimensioned by + * configTASK_NOTIFICATION_ARRAY_ENTRIES. For backward compatibility, any use of the + * original direct to task notification defaults to using the first index in the + * array. */ +#define tskDEFAULT_INDEX_TO_NOTIFY ( 0 ) + +/** + * task. h + * + * Type by which tasks are referenced. For example, a call to xTaskCreate + * returns (via a pointer parameter) an TaskHandle_t variable that can then + * be used as a parameter to vTaskDelete to delete the task. + * + * \defgroup TaskHandle_t TaskHandle_t + * \ingroup Tasks + */ +struct tskTaskControlBlock; /* The old naming convention is used to prevent breaking kernel aware debuggers. */ +typedef struct tskTaskControlBlock * TaskHandle_t; + +/* + * Defines the prototype to which the application task hook function must + * conform. + */ +typedef BaseType_t (* TaskHookFunction_t)( void * ); + +/* Task states returned by eTaskGetState. */ +typedef enum +{ + eRunning = 0, /* A task is querying the state of itself, so must be running. */ + eReady, /* The task being queried is in a ready or pending ready list. */ + eBlocked, /* The task being queried is in the Blocked state. */ + eSuspended, /* The task being queried is in the Suspended state, or is in the Blocked state with an infinite time out. */ + eDeleted, /* The task being queried has been deleted, but its TCB has not yet been freed. */ + eInvalid /* Used as an 'invalid state' value. */ +} eTaskState; + +/* Actions that can be performed when vTaskNotify() is called. */ +typedef enum +{ + eNoAction = 0, /* Notify the task without updating its notify value. */ + eSetBits, /* Set bits in the task's notification value. */ + eIncrement, /* Increment the task's notification value. */ + eSetValueWithOverwrite, /* Set the task's notification value to a specific value even if the previous value has not yet been read by the task. */ + eSetValueWithoutOverwrite /* Set the task's notification value if the previous value has been read by the task. */ +} eNotifyAction; + +/* + * Used internally only. + */ +typedef struct xTIME_OUT +{ + BaseType_t xOverflowCount; + TickType_t xTimeOnEntering; +} TimeOut_t; + +/* + * Defines the memory ranges allocated to the task when an MPU is used. + */ +typedef struct xMEMORY_REGION +{ + void * pvBaseAddress; + uint32_t ulLengthInBytes; + uint32_t ulParameters; +} MemoryRegion_t; + +/* + * Parameters required to create an MPU protected task. + */ +typedef struct xTASK_PARAMETERS +{ + TaskFunction_t pvTaskCode; + const char * pcName; /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + configSTACK_DEPTH_TYPE usStackDepth; + void * pvParameters; + UBaseType_t uxPriority; + StackType_t * puxStackBuffer; + MemoryRegion_t xRegions[ portNUM_CONFIGURABLE_REGIONS ]; + #if ( ( portUSING_MPU_WRAPPERS == 1 ) && ( configSUPPORT_STATIC_ALLOCATION == 1 ) ) + StaticTask_t * const pxTaskBuffer; + #endif +} TaskParameters_t; + +/* Used with the uxTaskGetSystemState() function to return the state of each task + * in the system. */ +typedef struct xTASK_STATUS +{ + TaskHandle_t xHandle; /* The handle of the task to which the rest of the information in the structure relates. */ + const char * pcTaskName; /* A pointer to the task's name. This value will be invalid if the task was deleted since the structure was populated! */ /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + UBaseType_t xTaskNumber; /* A number unique to the task. */ + eTaskState eCurrentState; /* The state in which the task existed when the structure was populated. */ + UBaseType_t uxCurrentPriority; /* The priority at which the task was running (may be inherited) when the structure was populated. */ + UBaseType_t uxBasePriority; /* The priority to which the task will return if the task's current priority has been inherited to avoid unbounded priority inversion when obtaining a mutex. Only valid if configUSE_MUTEXES is defined as 1 in FreeRTOSConfig.h. */ + uint32_t ulRunTimeCounter; /* The total run time allocated to the task so far, as defined by the run time stats clock. See https://www.FreeRTOS.org/rtos-run-time-stats.html. Only valid when configGENERATE_RUN_TIME_STATS is defined as 1 in FreeRTOSConfig.h. */ + StackType_t * pxStackBase; /* Points to the lowest address of the task's stack area. */ + configSTACK_DEPTH_TYPE usStackHighWaterMark; /* The minimum amount of stack space that has remained for the task since the task was created. The closer this value is to zero the closer the task has come to overflowing its stack. */ +} TaskStatus_t; + +/* Possible return values for eTaskConfirmSleepModeStatus(). */ +typedef enum +{ + eAbortSleep = 0, /* A task has been made ready or a context switch pended since portSUPPRESS_TICKS_AND_SLEEP() was called - abort entering a sleep mode. */ + eStandardSleep, /* Enter a sleep mode that will not last any longer than the expected idle time. */ + eNoTasksWaitingTimeout /* No tasks are waiting for a timeout so it is safe to enter a sleep mode that can only be exited by an external interrupt. */ +} eSleepModeStatus; + +/** + * Defines the priority used by the idle task. This must not be modified. + * + * \ingroup TaskUtils + */ +#define tskIDLE_PRIORITY ( ( UBaseType_t ) 0U ) + +/** + * Defines affinity to all available cores. + * + */ +#define tskNO_AFFINITY ( ( UBaseType_t ) -1U ) + + + +/** + * task. h + * + * Macro for forcing a context switch. + * + * \defgroup taskYIELD taskYIELD + * \ingroup SchedulerControl + */ +#define taskYIELD() portYIELD() + +/** + * task. h + * + * Macro to mark the start of a critical code region. Preemptive context + * switches cannot occur when in a critical region. + * + * NOTE: This may alter the stack (depending on the portable implementation) + * so must be used with care! + * + * \defgroup taskENTER_CRITICAL taskENTER_CRITICAL + * \ingroup SchedulerControl + */ +#define taskENTER_CRITICAL() portENTER_CRITICAL() +#define taskENTER_CRITICAL_FROM_ISR() portSET_INTERRUPT_MASK_FROM_ISR() + +/** + * task. h + * + * Macro to mark the end of a critical code region. Preemptive context + * switches cannot occur when in a critical region. + * + * NOTE: This may alter the stack (depending on the portable implementation) + * so must be used with care! + * + * \defgroup taskEXIT_CRITICAL taskEXIT_CRITICAL + * \ingroup SchedulerControl + */ +#define taskEXIT_CRITICAL() portEXIT_CRITICAL() +#define taskEXIT_CRITICAL_FROM_ISR( x ) portCLEAR_INTERRUPT_MASK_FROM_ISR( x ) + +/** + * task. h + * + * Macro to disable all maskable interrupts. + * This also returns what the interrupt state was + * upon being called. This state may subsequently + * be passed to taskRESTORE_INTERRUPTS(). + * + * \defgroup taskDISABLE_INTERRUPTS taskDISABLE_INTERRUPTS + * \ingroup SchedulerControl + */ +#define taskDISABLE_INTERRUPTS() portDISABLE_INTERRUPTS() + +/** + * task. h + * + * Macro to enable microcontroller interrupts. + * + * \defgroup taskENABLE_INTERRUPTS taskENABLE_INTERRUPTS + * \ingroup SchedulerControl + */ +#define taskENABLE_INTERRUPTS() portENABLE_INTERRUPTS() + +/** + * task. h + * + * Macro to restore microcontroller interrupts to + * a previous state. + * + * \defgroup taskRESTORE_INTERRUPTS taskRESTORE_INTERRUPTS + * \ingroup SchedulerControl + */ +#define taskRESTORE_INTERRUPTS(ulState) portRESTORE_INTERRUPTS(ulState) + +/** + * task. h + * + * Macro that determines if it is being called from within an ISR + * or a task. Returns non-zero if it is in an ISR. + * + * \defgroup taskCHECK_IF_IN_ISR taskCHECK_IF_IN_ISR + * \ingroup SchedulerControl + */ +#define taskCHECK_IF_IN_ISR() portCHECK_IF_IN_ISR() + +/* Definitions returned by xTaskGetSchedulerState(). taskSCHEDULER_SUSPENDED is + * 0 to generate more optimal code when configASSERT() is defined as the constant + * is used in assert() statements. */ +#define taskSCHEDULER_SUSPENDED ( ( BaseType_t ) 0 ) +#define taskSCHEDULER_NOT_STARTED ( ( BaseType_t ) 1 ) +#define taskSCHEDULER_RUNNING ( ( BaseType_t ) 2 ) + +/* Check if core value is valid */ +#define taskVALID_CORE_ID( xCoreID ) ( ( BaseType_t ) ( ( 0 <= xCoreID ) && ( xCoreID < configNUM_CORES ) ) ) + +/*----------------------------------------------------------- +* TASK CREATION API +*----------------------------------------------------------*/ + +/** + * task. h + *
+ * BaseType_t xTaskCreate(
+ *                            TaskFunction_t pxTaskCode,
+ *                            const char *pcName,
+ *                            configSTACK_DEPTH_TYPE usStackDepth,
+ *                            void *pvParameters,
+ *                            UBaseType_t uxPriority,
+ *                            TaskHandle_t *pxCreatedTask
+ *                        );
+ * 
+ * + * Create a new task and add it to the list of tasks that are ready to run. + * + * Internally, within the FreeRTOS implementation, tasks use two blocks of + * memory. The first block is used to hold the task's data structures. The + * second block is used by the task as its stack. If a task is created using + * xTaskCreate() then both blocks of memory are automatically dynamically + * allocated inside the xTaskCreate() function. (see + * https://www.FreeRTOS.org/a00111.html). If a task is created using + * xTaskCreateStatic() then the application writer must provide the required + * memory. xTaskCreateStatic() therefore allows a task to be created without + * using any dynamic memory allocation. + * + * See xTaskCreateStatic() for a version that does not use any dynamic memory + * allocation. + * + * xTaskCreate() can only be used to create a task that has unrestricted + * access to the entire microcontroller memory map. Systems that include MPU + * support can alternatively create an MPU constrained task using + * xTaskCreateRestricted(). + * + * @param pxTaskCode Pointer to the task entry function. Tasks + * must be implemented to never return (i.e. continuous loop). + * + * @param pcName A descriptive name for the task. This is mainly used to + * facilitate debugging. Max length defined by configMAX_TASK_NAME_LEN - default + * is 16. + * + * @param usStackDepth The size of the task stack specified as the number of + * variables the stack can hold - not the number of bytes. For example, if + * the stack is 16 bits wide and usStackDepth is defined as 100, 200 bytes + * will be allocated for stack storage. + * + * @param pvParameters Pointer that will be used as the parameter for the task + * being created. + * + * @param uxPriority The priority at which the task should run. Systems that + * include MPU support can optionally create tasks in a privileged (system) + * mode by setting bit portPRIVILEGE_BIT of the priority parameter. For + * example, to create a privileged task at priority 2 the uxPriority parameter + * should be set to ( 2 | portPRIVILEGE_BIT ). + * + * @param pxCreatedTask Used to pass back a handle by which the created task + * can be referenced. + * + * @return pdPASS if the task was successfully created and added to a ready + * list, otherwise an error code defined in the file projdefs.h + * + * Example usage: + *
+ * // Task to be created.
+ * void vTaskCode( void * pvParameters )
+ * {
+ *   for( ;; )
+ *   {
+ *       // Task code goes here.
+ *   }
+ * }
+ *
+ * // Function that creates a task.
+ * void vOtherFunction( void )
+ * {
+ * static uint8_t ucParameterToPass;
+ * TaskHandle_t xHandle = NULL;
+ *
+ *   // Create the task, storing the handle.  Note that the passed parameter ucParameterToPass
+ *   // must exist for the lifetime of the task, so in this case is declared static.  If it was just an
+ *   // an automatic stack variable it might no longer exist, or at least have been corrupted, by the time
+ *   // the new task attempts to access it.
+ *   xTaskCreate( vTaskCode, "NAME", STACK_SIZE, &ucParameterToPass, tskIDLE_PRIORITY, &xHandle );
+ *   configASSERT( xHandle );
+ *
+ *   // Use the handle to delete the task.
+ *   if( xHandle != NULL )
+ *   {
+ *      vTaskDelete( xHandle );
+ *   }
+ * }
+ * 
+ * \defgroup xTaskCreate xTaskCreate + * \ingroup Tasks + */ +#if ( configSUPPORT_DYNAMIC_ALLOCATION == 1 ) + BaseType_t xTaskCreate( TaskFunction_t pxTaskCode, + const char * const pcName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + const configSTACK_DEPTH_TYPE usStackDepth, + void * const pvParameters, + UBaseType_t uxPriority, + TaskHandle_t * const pxCreatedTask ) PRIVILEGED_FUNCTION; +#endif + +#if ( ( configSUPPORT_DYNAMIC_ALLOCATION == 1 ) && ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) ) + BaseType_t xTaskCreateAffinitySet( TaskFunction_t pxTaskCode, + const char * const pcName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + const configSTACK_DEPTH_TYPE usStackDepth, + void * const pvParameters, + UBaseType_t uxPriority, + UBaseType_t uxCoreAffinityMask, + TaskHandle_t * const pxCreatedTask ) PRIVILEGED_FUNCTION; +#endif + +/** + * task. h + *
+* TaskHandle_t xTaskCreateStatic( TaskFunction_t pxTaskCode,
+ *                               const char *pcName,
+ *                               uint32_t ulStackDepth,
+ *                               void *pvParameters,
+ *                               UBaseType_t uxPriority,
+ *                               StackType_t *puxStackBuffer,
+ *                               StaticTask_t *pxTaskBuffer );
+ * 
+ * + * Create a new task and add it to the list of tasks that are ready to run. + * + * Internally, within the FreeRTOS implementation, tasks use two blocks of + * memory. The first block is used to hold the task's data structures. The + * second block is used by the task as its stack. If a task is created using + * xTaskCreate() then both blocks of memory are automatically dynamically + * allocated inside the xTaskCreate() function. (see + * https://www.FreeRTOS.org/a00111.html). If a task is created using + * xTaskCreateStatic() then the application writer must provide the required + * memory. xTaskCreateStatic() therefore allows a task to be created without + * using any dynamic memory allocation. + * + * @param pxTaskCode Pointer to the task entry function. Tasks + * must be implemented to never return (i.e. continuous loop). + * + * @param pcName A descriptive name for the task. This is mainly used to + * facilitate debugging. The maximum length of the string is defined by + * configMAX_TASK_NAME_LEN in FreeRTOSConfig.h. + * + * @param ulStackDepth The size of the task stack specified as the number of + * variables the stack can hold - not the number of bytes. For example, if + * the stack is 32-bits wide and ulStackDepth is defined as 100 then 400 bytes + * will be allocated for stack storage. + * + * @param pvParameters Pointer that will be used as the parameter for the task + * being created. + * + * @param uxPriority The priority at which the task will run. + * + * @param puxStackBuffer Must point to a StackType_t array that has at least + * ulStackDepth indexes - the array will then be used as the task's stack, + * removing the need for the stack to be allocated dynamically. + * + * @param pxTaskBuffer Must point to a variable of type StaticTask_t, which will + * then be used to hold the task's data structures, removing the need for the + * memory to be allocated dynamically. + * + * @return If neither puxStackBuffer nor pxTaskBuffer are NULL, then the task + * will be created and a handle to the created task is returned. If either + * puxStackBuffer or pxTaskBuffer are NULL then the task will not be created and + * NULL is returned. + * + * Example usage: + *
+ *
+ *  // Dimensions of the buffer that the task being created will use as its stack.
+ *  // NOTE:  This is the number of words the stack will hold, not the number of
+ *  // bytes.  For example, if each stack item is 32-bits, and this is set to 100,
+ *  // then 400 bytes (100 * 32-bits) will be allocated.
+ #define STACK_SIZE 200
+ *
+ *  // Structure that will hold the TCB of the task being created.
+ *  StaticTask_t xTaskBuffer;
+ *
+ *  // Buffer that the task being created will use as its stack.  Note this is
+ *  // an array of StackType_t variables.  The size of StackType_t is dependent on
+ *  // the RTOS port.
+ *  StackType_t xStack[ STACK_SIZE ];
+ *
+ *  // Function that implements the task being created.
+ *  void vTaskCode( void * pvParameters )
+ *  {
+ *      // The parameter value is expected to be 1 as 1 is passed in the
+ *      // pvParameters value in the call to xTaskCreateStatic().
+ *      configASSERT( ( uint32_t ) pvParameters == 1UL );
+ *
+ *      for( ;; )
+ *      {
+ *          // Task code goes here.
+ *      }
+ *  }
+ *
+ *  // Function that creates a task.
+ *  void vOtherFunction( void )
+ *  {
+ *      TaskHandle_t xHandle = NULL;
+ *
+ *      // Create the task without using any dynamic memory allocation.
+ *      xHandle = xTaskCreateStatic(
+ *                    vTaskCode,       // Function that implements the task.
+ *                    "NAME",          // Text name for the task.
+ *                    STACK_SIZE,      // Stack size in words, not bytes.
+ *                    ( void * ) 1,    // Parameter passed into the task.
+ *                    tskIDLE_PRIORITY,// Priority at which the task is created.
+ *                    xStack,          // Array to use as the task's stack.
+ *                    &xTaskBuffer );  // Variable to hold the task's data structure.
+ *
+ *      // puxStackBuffer and pxTaskBuffer were not NULL, so the task will have
+ *      // been created, and xHandle will be the task's handle.  Use the handle
+ *      // to suspend the task.
+ *      vTaskSuspend( xHandle );
+ *  }
+ * 
+ * \defgroup xTaskCreateStatic xTaskCreateStatic + * \ingroup Tasks + */ +#if ( configSUPPORT_STATIC_ALLOCATION == 1 ) + TaskHandle_t xTaskCreateStatic( TaskFunction_t pxTaskCode, + const char * const pcName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + const uint32_t ulStackDepth, + void * const pvParameters, + UBaseType_t uxPriority, + StackType_t * const puxStackBuffer, + StaticTask_t * const pxTaskBuffer ) PRIVILEGED_FUNCTION; +#endif /* configSUPPORT_STATIC_ALLOCATION */ + +#if ( ( configSUPPORT_STATIC_ALLOCATION == 1 ) && ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) ) + TaskHandle_t xTaskCreateStaticAffinitySet( TaskFunction_t pxTaskCode, + const char * const pcName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + const uint32_t ulStackDepth, + void * const pvParameters, + UBaseType_t uxPriority, + StackType_t * const puxStackBuffer, + StaticTask_t * const pxTaskBuffer, + UBaseType_t uxCoreAffinityMask ) PRIVILEGED_FUNCTION; +#endif + +/** + * task. h + *
+ * BaseType_t xTaskCreateRestricted( TaskParameters_t *pxTaskDefinition, TaskHandle_t *pxCreatedTask );
+ * 
+ * + * Only available when configSUPPORT_DYNAMIC_ALLOCATION is set to 1. + * + * xTaskCreateRestricted() should only be used in systems that include an MPU + * implementation. + * + * Create a new task and add it to the list of tasks that are ready to run. + * The function parameters define the memory regions and associated access + * permissions allocated to the task. + * + * See xTaskCreateRestrictedStatic() for a version that does not use any + * dynamic memory allocation. + * + * @param pxTaskDefinition Pointer to a structure that contains a member + * for each of the normal xTaskCreate() parameters (see the xTaskCreate() API + * documentation) plus an optional stack buffer and the memory region + * definitions. + * + * @param pxCreatedTask Used to pass back a handle by which the created task + * can be referenced. + * + * @return pdPASS if the task was successfully created and added to a ready + * list, otherwise an error code defined in the file projdefs.h + * + * Example usage: + *
+ * // Create an TaskParameters_t structure that defines the task to be created.
+ * static const TaskParameters_t xCheckTaskParameters =
+ * {
+ *  vATask,     // pvTaskCode - the function that implements the task.
+ *  "ATask",    // pcName - just a text name for the task to assist debugging.
+ *  100,        // usStackDepth - the stack size DEFINED IN WORDS.
+ *  NULL,       // pvParameters - passed into the task function as the function parameters.
+ *  ( 1UL | portPRIVILEGE_BIT ),// uxPriority - task priority, set the portPRIVILEGE_BIT if the task should run in a privileged state.
+ *  cStackBuffer,// puxStackBuffer - the buffer to be used as the task stack.
+ *
+ *  // xRegions - Allocate up to three separate memory regions for access by
+ *  // the task, with appropriate access permissions.  Different processors have
+ *  // different memory alignment requirements - refer to the FreeRTOS documentation
+ *  // for full information.
+ *  {
+ *      // Base address                 Length  Parameters
+ *      { cReadWriteArray,              32,     portMPU_REGION_READ_WRITE },
+ *      { cReadOnlyArray,               32,     portMPU_REGION_READ_ONLY },
+ *      { cPrivilegedOnlyAccessArray,   128,    portMPU_REGION_PRIVILEGED_READ_WRITE }
+ *  }
+ * };
+ *
+ * int main( void )
+ * {
+ * TaskHandle_t xHandle;
+ *
+ *  // Create a task from the const structure defined above.  The task handle
+ *  // is requested (the second parameter is not NULL) but in this case just for
+ *  // demonstration purposes as its not actually used.
+ *  xTaskCreateRestricted( &xRegTest1Parameters, &xHandle );
+ *
+ *  // Start the scheduler.
+ *  vTaskStartScheduler();
+ *
+ *  // Will only get here if there was insufficient memory to create the idle
+ *  // and/or timer task.
+ *  for( ;; );
+ * }
+ * 
+ * \defgroup xTaskCreateRestricted xTaskCreateRestricted + * \ingroup Tasks + */ +#if ( portUSING_MPU_WRAPPERS == 1 ) + BaseType_t xTaskCreateRestricted( const TaskParameters_t * const pxTaskDefinition, + TaskHandle_t * pxCreatedTask ) PRIVILEGED_FUNCTION; +#endif + +#if ( ( portUSING_MPU_WRAPPERS == 1 ) && ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) ) + BaseType_t xTaskCreateRestrictedAffinitySet( const TaskParameters_t * const pxTaskDefinition, + UBaseType_t uxCoreAffinityMask, + TaskHandle_t * pxCreatedTask ) PRIVILEGED_FUNCTION; +#endif + +/** + * task. h + *
+ * BaseType_t xTaskCreateRestrictedStatic( TaskParameters_t *pxTaskDefinition, TaskHandle_t *pxCreatedTask );
+ * 
+ * + * Only available when configSUPPORT_STATIC_ALLOCATION is set to 1. + * + * xTaskCreateRestrictedStatic() should only be used in systems that include an + * MPU implementation. + * + * Internally, within the FreeRTOS implementation, tasks use two blocks of + * memory. The first block is used to hold the task's data structures. The + * second block is used by the task as its stack. If a task is created using + * xTaskCreateRestricted() then the stack is provided by the application writer, + * and the memory used to hold the task's data structure is automatically + * dynamically allocated inside the xTaskCreateRestricted() function. If a task + * is created using xTaskCreateRestrictedStatic() then the application writer + * must provide the memory used to hold the task's data structures too. + * xTaskCreateRestrictedStatic() therefore allows a memory protected task to be + * created without using any dynamic memory allocation. + * + * @param pxTaskDefinition Pointer to a structure that contains a member + * for each of the normal xTaskCreate() parameters (see the xTaskCreate() API + * documentation) plus an optional stack buffer and the memory region + * definitions. If configSUPPORT_STATIC_ALLOCATION is set to 1 the structure + * contains an additional member, which is used to point to a variable of type + * StaticTask_t - which is then used to hold the task's data structure. + * + * @param pxCreatedTask Used to pass back a handle by which the created task + * can be referenced. + * + * @return pdPASS if the task was successfully created and added to a ready + * list, otherwise an error code defined in the file projdefs.h + * + * Example usage: + *
+ * // Create an TaskParameters_t structure that defines the task to be created.
+ * // The StaticTask_t variable is only included in the structure when
+ * // configSUPPORT_STATIC_ALLOCATION is set to 1.  The PRIVILEGED_DATA macro can
+ * // be used to force the variable into the RTOS kernel's privileged data area.
+ * static PRIVILEGED_DATA StaticTask_t xTaskBuffer;
+ * static const TaskParameters_t xCheckTaskParameters =
+ * {
+ *  vATask,     // pvTaskCode - the function that implements the task.
+ *  "ATask",    // pcName - just a text name for the task to assist debugging.
+ *  100,        // usStackDepth - the stack size DEFINED IN WORDS.
+ *  NULL,       // pvParameters - passed into the task function as the function parameters.
+ *  ( 1UL | portPRIVILEGE_BIT ),// uxPriority - task priority, set the portPRIVILEGE_BIT if the task should run in a privileged state.
+ *  cStackBuffer,// puxStackBuffer - the buffer to be used as the task stack.
+ *
+ *  // xRegions - Allocate up to three separate memory regions for access by
+ *  // the task, with appropriate access permissions.  Different processors have
+ *  // different memory alignment requirements - refer to the FreeRTOS documentation
+ *  // for full information.
+ *  {
+ *      // Base address                 Length  Parameters
+ *      { cReadWriteArray,              32,     portMPU_REGION_READ_WRITE },
+ *      { cReadOnlyArray,               32,     portMPU_REGION_READ_ONLY },
+ *      { cPrivilegedOnlyAccessArray,   128,    portMPU_REGION_PRIVILEGED_READ_WRITE }
+ *  }
+ *
+ *  &xTaskBuffer; // Holds the task's data structure.
+ * };
+ *
+ * int main( void )
+ * {
+ * TaskHandle_t xHandle;
+ *
+ *  // Create a task from the const structure defined above.  The task handle
+ *  // is requested (the second parameter is not NULL) but in this case just for
+ *  // demonstration purposes as its not actually used.
+ *  xTaskCreateRestricted( &xRegTest1Parameters, &xHandle );
+ *
+ *  // Start the scheduler.
+ *  vTaskStartScheduler();
+ *
+ *  // Will only get here if there was insufficient memory to create the idle
+ *  // and/or timer task.
+ *  for( ;; );
+ * }
+ * 
+ * \defgroup xTaskCreateRestrictedStatic xTaskCreateRestrictedStatic + * \ingroup Tasks + */ +#if ( ( portUSING_MPU_WRAPPERS == 1 ) && ( configSUPPORT_STATIC_ALLOCATION == 1 ) ) + BaseType_t xTaskCreateRestrictedStatic( const TaskParameters_t * const pxTaskDefinition, + TaskHandle_t * pxCreatedTask ) PRIVILEGED_FUNCTION; +#endif + +#if ( ( portUSING_MPU_WRAPPERS == 1 ) && ( configSUPPORT_STATIC_ALLOCATION == 1 ) && ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) ) + BaseType_t xTaskCreateRestrictedStaticAffinitySet( const TaskParameters_t * const pxTaskDefinition, + UBaseType_t uxCoreAffinityMask, + TaskHandle_t * pxCreatedTask ) PRIVILEGED_FUNCTION; +#endif + +/** + * task. h + *
+ * void vTaskAllocateMPURegions( TaskHandle_t xTask, const MemoryRegion_t * const pxRegions );
+ * 
+ * + * Memory regions are assigned to a restricted task when the task is created by + * a call to xTaskCreateRestricted(). These regions can be redefined using + * vTaskAllocateMPURegions(). + * + * @param xTask The handle of the task being updated. + * + * @param xRegions A pointer to a MemoryRegion_t structure that contains the + * new memory region definitions. + * + * Example usage: + *
+ * // Define an array of MemoryRegion_t structures that configures an MPU region
+ * // allowing read/write access for 1024 bytes starting at the beginning of the
+ * // ucOneKByte array.  The other two of the maximum 3 definable regions are
+ * // unused so set to zero.
+ * static const MemoryRegion_t xAltRegions[ portNUM_CONFIGURABLE_REGIONS ] =
+ * {
+ *  // Base address     Length      Parameters
+ *  { ucOneKByte,       1024,       portMPU_REGION_READ_WRITE },
+ *  { 0,                0,          0 },
+ *  { 0,                0,          0 }
+ * };
+ *
+ * void vATask( void *pvParameters )
+ * {
+ *  // This task was created such that it has access to certain regions of
+ *  // memory as defined by the MPU configuration.  At some point it is
+ *  // desired that these MPU regions are replaced with that defined in the
+ *  // xAltRegions const struct above.  Use a call to vTaskAllocateMPURegions()
+ *  // for this purpose.  NULL is used as the task handle to indicate that this
+ *  // function should modify the MPU regions of the calling task.
+ *  vTaskAllocateMPURegions( NULL, xAltRegions );
+ *
+ *  // Now the task can continue its function, but from this point on can only
+ *  // access its stack and the ucOneKByte array (unless any other statically
+ *  // defined or shared regions have been declared elsewhere).
+ * }
+ * 
+ * \defgroup xTaskCreateRestricted xTaskCreateRestricted + * \ingroup Tasks + */ +void vTaskAllocateMPURegions( TaskHandle_t xTask, + const MemoryRegion_t * const pxRegions ) PRIVILEGED_FUNCTION; + +/** + * task. h + *
+ * void vTaskDelete( TaskHandle_t xTaskToDelete );
+ * 
+ * + * INCLUDE_vTaskDelete must be defined as 1 for this function to be available. + * See the configuration section for more information. + * + * Remove a task from the RTOS real time kernel's management. The task being + * deleted will be removed from all ready, blocked, suspended and event lists. + * + * NOTE: The idle task is responsible for freeing the kernel allocated + * memory from tasks that have been deleted. It is therefore important that + * the idle task is not starved of microcontroller processing time if your + * application makes any calls to vTaskDelete (). Memory allocated by the + * task code is not automatically freed, and should be freed before the task + * is deleted. + * + * See the demo application file death.c for sample code that utilises + * vTaskDelete (). + * + * @param xTaskToDelete The handle of the task to be deleted. Passing NULL will + * cause the calling task to be deleted. + * + * Example usage: + *
+ * void vOtherFunction( void )
+ * {
+ * TaskHandle_t xHandle;
+ *
+ *   // Create the task, storing the handle.
+ *   xTaskCreate( vTaskCode, "NAME", STACK_SIZE, NULL, tskIDLE_PRIORITY, &xHandle );
+ *
+ *   // Use the handle to delete the task.
+ *   vTaskDelete( xHandle );
+ * }
+ * 
+ * \defgroup vTaskDelete vTaskDelete + * \ingroup Tasks + */ +void vTaskDelete( TaskHandle_t xTaskToDelete ) PRIVILEGED_FUNCTION; + +/*----------------------------------------------------------- +* TASK CONTROL API +*----------------------------------------------------------*/ + +/** + * task. h + *
+ * void vTaskDelay( const TickType_t xTicksToDelay );
+ * 
+ * + * Delay a task for a given number of ticks. The actual time that the + * task remains blocked depends on the tick rate. The constant + * portTICK_PERIOD_MS can be used to calculate real time from the tick + * rate - with the resolution of one tick period. + * + * INCLUDE_vTaskDelay must be defined as 1 for this function to be available. + * See the configuration section for more information. + * + * + * vTaskDelay() specifies a time at which the task wishes to unblock relative to + * the time at which vTaskDelay() is called. For example, specifying a block + * period of 100 ticks will cause the task to unblock 100 ticks after + * vTaskDelay() is called. vTaskDelay() does not therefore provide a good method + * of controlling the frequency of a periodic task as the path taken through the + * code, as well as other task and interrupt activity, will effect the frequency + * at which vTaskDelay() gets called and therefore the time at which the task + * next executes. See xTaskDelayUntil() for an alternative API function designed + * to facilitate fixed frequency execution. It does this by specifying an + * absolute time (rather than a relative time) at which the calling task should + * unblock. + * + * @param xTicksToDelay The amount of time, in tick periods, that + * the calling task should block. + * + * Example usage: + * + * void vTaskFunction( void * pvParameters ) + * { + * // Block for 500ms. + * const TickType_t xDelay = 500 / portTICK_PERIOD_MS; + * + * for( ;; ) + * { + * // Simply toggle the LED every 500ms, blocking between each toggle. + * vToggleLED(); + * vTaskDelay( xDelay ); + * } + * } + * + * \defgroup vTaskDelay vTaskDelay + * \ingroup TaskCtrl + */ +void vTaskDelay( const TickType_t xTicksToDelay ) PRIVILEGED_FUNCTION; + +/** + * task. h + *
+ * BaseType_t xTaskDelayUntil( TickType_t *pxPreviousWakeTime, const TickType_t xTimeIncrement );
+ * 
+ * + * INCLUDE_xTaskDelayUntil must be defined as 1 for this function to be available. + * See the configuration section for more information. + * + * Delay a task until a specified time. This function can be used by periodic + * tasks to ensure a constant execution frequency. + * + * This function differs from vTaskDelay () in one important aspect: vTaskDelay () will + * cause a task to block for the specified number of ticks from the time vTaskDelay () is + * called. It is therefore difficult to use vTaskDelay () by itself to generate a fixed + * execution frequency as the time between a task starting to execute and that task + * calling vTaskDelay () may not be fixed [the task may take a different path though the + * code between calls, or may get interrupted or preempted a different number of times + * each time it executes]. + * + * Whereas vTaskDelay () specifies a wake time relative to the time at which the function + * is called, xTaskDelayUntil () specifies the absolute (exact) time at which it wishes to + * unblock. + * + * The macro pdMS_TO_TICKS() can be used to calculate the number of ticks from a + * time specified in milliseconds with a resolution of one tick period. + * + * @param pxPreviousWakeTime Pointer to a variable that holds the time at which the + * task was last unblocked. The variable must be initialised with the current time + * prior to its first use (see the example below). Following this the variable is + * automatically updated within xTaskDelayUntil (). + * + * @param xTimeIncrement The cycle time period. The task will be unblocked at + * time *pxPreviousWakeTime + xTimeIncrement. Calling xTaskDelayUntil with the + * same xTimeIncrement parameter value will cause the task to execute with + * a fixed interface period. + * + * @return Value which can be used to check whether the task was actually delayed. + * Will be pdTRUE if the task way delayed and pdFALSE otherwise. A task will not + * be delayed if the next expected wake time is in the past. + * + * Example usage: + *
+ * // Perform an action every 10 ticks.
+ * void vTaskFunction( void * pvParameters )
+ * {
+ * TickType_t xLastWakeTime;
+ * const TickType_t xFrequency = 10;
+ * BaseType_t xWasDelayed;
+ *
+ *     // Initialise the xLastWakeTime variable with the current time.
+ *     xLastWakeTime = xTaskGetTickCount ();
+ *     for( ;; )
+ *     {
+ *         // Wait for the next cycle.
+ *         xWasDelayed = xTaskDelayUntil( &xLastWakeTime, xFrequency );
+ *
+ *         // Perform action here. xWasDelayed value can be used to determine
+ *         // whether a deadline was missed if the code here took too long.
+ *     }
+ * }
+ * 
+ * \defgroup xTaskDelayUntil xTaskDelayUntil + * \ingroup TaskCtrl + */ +BaseType_t xTaskDelayUntil( TickType_t * const pxPreviousWakeTime, + const TickType_t xTimeIncrement ) PRIVILEGED_FUNCTION; + +/* + * vTaskDelayUntil() is the older version of xTaskDelayUntil() and does not + * return a value. + */ +#define vTaskDelayUntil( pxPreviousWakeTime, xTimeIncrement ) \ +{ \ + ( void ) xTaskDelayUntil( pxPreviousWakeTime, xTimeIncrement ); \ +} + + +/** + * task. h + *
+ * BaseType_t xTaskAbortDelay( TaskHandle_t xTask );
+ * 
+ * + * INCLUDE_xTaskAbortDelay must be defined as 1 in FreeRTOSConfig.h for this + * function to be available. + * + * A task will enter the Blocked state when it is waiting for an event. The + * event it is waiting for can be a temporal event (waiting for a time), such + * as when vTaskDelay() is called, or an event on an object, such as when + * xQueueReceive() or ulTaskNotifyTake() is called. If the handle of a task + * that is in the Blocked state is used in a call to xTaskAbortDelay() then the + * task will leave the Blocked state, and return from whichever function call + * placed the task into the Blocked state. + * + * There is no 'FromISR' version of this function as an interrupt would need to + * know which object a task was blocked on in order to know which actions to + * take. For example, if the task was blocked on a queue the interrupt handler + * would then need to know if the queue was locked. + * + * @param xTask The handle of the task to remove from the Blocked state. + * + * @return If the task referenced by xTask was not in the Blocked state then + * pdFAIL is returned. Otherwise pdPASS is returned. + * + * \defgroup xTaskAbortDelay xTaskAbortDelay + * \ingroup TaskCtrl + */ +BaseType_t xTaskAbortDelay( TaskHandle_t xTask ) PRIVILEGED_FUNCTION; + +/** + * task. h + *
+ * UBaseType_t uxTaskPriorityGet( const TaskHandle_t xTask );
+ * 
+ * + * INCLUDE_uxTaskPriorityGet must be defined as 1 for this function to be available. + * See the configuration section for more information. + * + * Obtain the priority of any task. + * + * @param xTask Handle of the task to be queried. Passing a NULL + * handle results in the priority of the calling task being returned. + * + * @return The priority of xTask. + * + * Example usage: + *
+ * void vAFunction( void )
+ * {
+ * TaskHandle_t xHandle;
+ *
+ *   // Create a task, storing the handle.
+ *   xTaskCreate( vTaskCode, "NAME", STACK_SIZE, NULL, tskIDLE_PRIORITY, &xHandle );
+ *
+ *   // ...
+ *
+ *   // Use the handle to obtain the priority of the created task.
+ *   // It was created with tskIDLE_PRIORITY, but may have changed
+ *   // it itself.
+ *   if( uxTaskPriorityGet( xHandle ) != tskIDLE_PRIORITY )
+ *   {
+ *       // The task has changed it's priority.
+ *   }
+ *
+ *   // ...
+ *
+ *   // Is our priority higher than the created task?
+ *   if( uxTaskPriorityGet( xHandle ) < uxTaskPriorityGet( NULL ) )
+ *   {
+ *       // Our priority (obtained using NULL handle) is higher.
+ *   }
+ * }
+ * 
+ * \defgroup uxTaskPriorityGet uxTaskPriorityGet + * \ingroup TaskCtrl + */ +UBaseType_t uxTaskPriorityGet( const TaskHandle_t xTask ) PRIVILEGED_FUNCTION; + +/** + * task. h + *
+ * UBaseType_t uxTaskPriorityGetFromISR( const TaskHandle_t xTask );
+ * 
+ * + * A version of uxTaskPriorityGet() that can be used from an ISR. + */ +UBaseType_t uxTaskPriorityGetFromISR( const TaskHandle_t xTask ) PRIVILEGED_FUNCTION; + +/** + * task. h + *
+ * eTaskState eTaskGetState( TaskHandle_t xTask );
+ * 
+ * + * INCLUDE_eTaskGetState must be defined as 1 for this function to be available. + * See the configuration section for more information. + * + * Obtain the state of any task. States are encoded by the eTaskState + * enumerated type. + * + * @param xTask Handle of the task to be queried. + * + * @return The state of xTask at the time the function was called. Note the + * state of the task might change between the function being called, and the + * functions return value being tested by the calling task. + */ +eTaskState eTaskGetState( TaskHandle_t xTask ) PRIVILEGED_FUNCTION; + +/** + * task. h + *
+ * void vTaskGetInfo( TaskHandle_t xTask, TaskStatus_t *pxTaskStatus, BaseType_t xGetFreeStackSpace, eTaskState eState );
+ * 
+ * + * configUSE_TRACE_FACILITY must be defined as 1 for this function to be + * available. See the configuration section for more information. + * + * Populates a TaskStatus_t structure with information about a task. + * + * @param xTask Handle of the task being queried. If xTask is NULL then + * information will be returned about the calling task. + * + * @param pxTaskStatus A pointer to the TaskStatus_t structure that will be + * filled with information about the task referenced by the handle passed using + * the xTask parameter. + * + * @xGetFreeStackSpace The TaskStatus_t structure contains a member to report + * the stack high water mark of the task being queried. Calculating the stack + * high water mark takes a relatively long time, and can make the system + * temporarily unresponsive - so the xGetFreeStackSpace parameter is provided to + * allow the high water mark checking to be skipped. The high watermark value + * will only be written to the TaskStatus_t structure if xGetFreeStackSpace is + * not set to pdFALSE; + * + * @param eState The TaskStatus_t structure contains a member to report the + * state of the task being queried. Obtaining the task state is not as fast as + * a simple assignment - so the eState parameter is provided to allow the state + * information to be omitted from the TaskStatus_t structure. To obtain state + * information then set eState to eInvalid - otherwise the value passed in + * eState will be reported as the task state in the TaskStatus_t structure. + * + * Example usage: + *
+ * void vAFunction( void )
+ * {
+ * TaskHandle_t xHandle;
+ * TaskStatus_t xTaskDetails;
+ *
+ *  // Obtain the handle of a task from its name.
+ *  xHandle = xTaskGetHandle( "Task_Name" );
+ *
+ *  // Check the handle is not NULL.
+ *  configASSERT( xHandle );
+ *
+ *  // Use the handle to obtain further information about the task.
+ *  vTaskGetInfo( xHandle,
+ *                &xTaskDetails,
+ *                pdTRUE, // Include the high water mark in xTaskDetails.
+ *                eInvalid ); // Include the task state in xTaskDetails.
+ * }
+ * 
+ * \defgroup vTaskGetInfo vTaskGetInfo + * \ingroup TaskCtrl + */ +void vTaskGetInfo( TaskHandle_t xTask, + TaskStatus_t * pxTaskStatus, + BaseType_t xGetFreeStackSpace, + eTaskState eState ) PRIVILEGED_FUNCTION; + +/** + * task. h + *
+ * void vTaskPrioritySet( TaskHandle_t xTask, UBaseType_t uxNewPriority );
+ * 
+ * + * INCLUDE_vTaskPrioritySet must be defined as 1 for this function to be available. + * See the configuration section for more information. + * + * Set the priority of any task. + * + * A context switch will occur before the function returns if the priority + * being set is higher than the currently executing task. + * + * @param xTask Handle to the task for which the priority is being set. + * Passing a NULL handle results in the priority of the calling task being set. + * + * @param uxNewPriority The priority to which the task will be set. + * + * Example usage: + *
+ * void vAFunction( void )
+ * {
+ * TaskHandle_t xHandle;
+ *
+ *   // Create a task, storing the handle.
+ *   xTaskCreate( vTaskCode, "NAME", STACK_SIZE, NULL, tskIDLE_PRIORITY, &xHandle );
+ *
+ *   // ...
+ *
+ *   // Use the handle to raise the priority of the created task.
+ *   vTaskPrioritySet( xHandle, tskIDLE_PRIORITY + 1 );
+ *
+ *   // ...
+ *
+ *   // Use a NULL handle to raise our priority to the same value.
+ *   vTaskPrioritySet( NULL, tskIDLE_PRIORITY + 1 );
+ * }
+ * 
+ * \defgroup vTaskPrioritySet vTaskPrioritySet + * \ingroup TaskCtrl + */ +void vTaskPrioritySet( TaskHandle_t xTask, + UBaseType_t uxNewPriority ) PRIVILEGED_FUNCTION; + +/** + * task. h + *
+ * void vTaskSuspend( TaskHandle_t xTaskToSuspend );
+ * 
+ * + * INCLUDE_vTaskSuspend must be defined as 1 for this function to be available. + * See the configuration section for more information. + * + * Suspend any task. When suspended a task will never get any microcontroller + * processing time, no matter what its priority. + * + * Calls to vTaskSuspend are not accumulative - + * i.e. calling vTaskSuspend () twice on the same task still only requires one + * call to vTaskResume () to ready the suspended task. + * + * @param xTaskToSuspend Handle to the task being suspended. Passing a NULL + * handle will cause the calling task to be suspended. + * + * Example usage: + *
+ * void vAFunction( void )
+ * {
+ * TaskHandle_t xHandle;
+ *
+ *   // Create a task, storing the handle.
+ *   xTaskCreate( vTaskCode, "NAME", STACK_SIZE, NULL, tskIDLE_PRIORITY, &xHandle );
+ *
+ *   // ...
+ *
+ *   // Use the handle to suspend the created task.
+ *   vTaskSuspend( xHandle );
+ *
+ *   // ...
+ *
+ *   // The created task will not run during this period, unless
+ *   // another task calls vTaskResume( xHandle ).
+ *
+ *   //...
+ *
+ *
+ *   // Suspend ourselves.
+ *   vTaskSuspend( NULL );
+ *
+ *   // We cannot get here unless another task calls vTaskResume
+ *   // with our handle as the parameter.
+ * }
+ * 
+ * \defgroup vTaskSuspend vTaskSuspend + * \ingroup TaskCtrl + */ +void vTaskSuspend( TaskHandle_t xTaskToSuspend ) PRIVILEGED_FUNCTION; + +/** + * task. h + *
+ * void vTaskResume( TaskHandle_t xTaskToResume );
+ * 
+ * + * INCLUDE_vTaskSuspend must be defined as 1 for this function to be available. + * See the configuration section for more information. + * + * Resumes a suspended task. + * + * A task that has been suspended by one or more calls to vTaskSuspend () + * will be made available for running again by a single call to + * vTaskResume (). + * + * @param xTaskToResume Handle to the task being readied. + * + * Example usage: + *
+ * void vAFunction( void )
+ * {
+ * TaskHandle_t xHandle;
+ *
+ *   // Create a task, storing the handle.
+ *   xTaskCreate( vTaskCode, "NAME", STACK_SIZE, NULL, tskIDLE_PRIORITY, &xHandle );
+ *
+ *   // ...
+ *
+ *   // Use the handle to suspend the created task.
+ *   vTaskSuspend( xHandle );
+ *
+ *   // ...
+ *
+ *   // The created task will not run during this period, unless
+ *   // another task calls vTaskResume( xHandle ).
+ *
+ *   //...
+ *
+ *
+ *   // Resume the suspended task ourselves.
+ *   vTaskResume( xHandle );
+ *
+ *   // The created task will once again get microcontroller processing
+ *   // time in accordance with its priority within the system.
+ * }
+ * 
+ * \defgroup vTaskResume vTaskResume + * \ingroup TaskCtrl + */ +void vTaskResume( TaskHandle_t xTaskToResume ) PRIVILEGED_FUNCTION; + +/** + * task. h + *
+ * void xTaskResumeFromISR( TaskHandle_t xTaskToResume );
+ * 
+ * + * INCLUDE_xTaskResumeFromISR must be defined as 1 for this function to be + * available. See the configuration section for more information. + * + * An implementation of vTaskResume() that can be called from within an ISR. + * + * A task that has been suspended by one or more calls to vTaskSuspend () + * will be made available for running again by a single call to + * xTaskResumeFromISR (). + * + * xTaskResumeFromISR() should not be used to synchronise a task with an + * interrupt if there is a chance that the interrupt could arrive prior to the + * task being suspended - as this can lead to interrupts being missed. Use of a + * semaphore as a synchronisation mechanism would avoid this eventuality. + * + * @param xTaskToResume Handle to the task being readied. + * + * @return pdTRUE if resuming the task should result in a context switch, + * otherwise pdFALSE. This is used by the ISR to determine if a context switch + * may be required following the ISR. + * + * \defgroup vTaskResumeFromISR vTaskResumeFromISR + * \ingroup TaskCtrl + */ +BaseType_t xTaskResumeFromISR( TaskHandle_t xTaskToResume ) PRIVILEGED_FUNCTION; + +#if ( configUSE_CORE_AFFINITY == 1) + /** + * @brief Sets the core affinity mask for a task. + * + * It sets the cores on which a task can run. configUSE_CORE_AFFINITY must + * be defined as 1 for this function to be available. + * + * @param xTask The handle of the task to set the core affinity mask for. + * Passing NULL will set the core affinity mask for the calling task. + * + * @param uxCoreAffinityMask A bitwise value that indicates the cores on + * which the task can run. Cores are numbered from 0 to configNUM_CORES - 1. + * For example, to ensure that a task can run on core 0 and core 1, set + * uxCoreAffinityMask to 0x03. + * + * Example usage: + * + * // The function that creates task. + * void vAFunction( void ) + * { + * TaskHandle_t xHandle; + * UBaseType_t uxCoreAffinityMask; + * + * // Create a task, storing the handle. + * xTaskCreate( vTaskCode, "NAME", STACK_SIZE, NULL, tskIDLE_PRIORITY, &( xHandle ) ); + * + * // Define the core affinity mask such that this task can only run + * // on core 0 and core 2. + * uxCoreAffinityMask = ( ( 1 << 0 ) | ( 1 << 2 ) ); + * + * //Set the core affinity mask for the task. + * vTaskCoreAffinitySet( xHandle, uxCoreAffinityMask ); + * } + */ + void vTaskCoreAffinitySet( const TaskHandle_t xTask, UBaseType_t uxCoreAffinityMask ); +#endif + +#if ( configUSE_CORE_AFFINITY == 1) + /** + * @brief Gets the core affinity mask for a task. + * + * configUSE_CORE_AFFINITY must be defined as 1 for this function to be + * available. + * + * @param xTask The handle of the task to get the core affinity mask for. + * Passing NULL will get the core affinity mask for the calling task. + * + * @return The core affinity mask which is a bitwise value that indicates + * the cores on which a task can run. Cores are numbered from 0 to + * configNUM_CORES - 1. For example, if a task can run on core 0 and core 1, + * the core affinity mask is 0x03. + * + * Example usage: + * + * // Task handle of the networking task - it is populated elsewhere. + * TaskHandle_t xNetworkingTaskHandle; + * + * void vAFunction( void ) + * { + * TaskHandle_t xHandle; + * UBaseType_t uxNetworkingCoreAffinityMask; + * + * // Create a task, storing the handle. + * xTaskCreate( vTaskCode, "NAME", STACK_SIZE, NULL, tskIDLE_PRIORITY, &( xHandle ) ); + * + * //Get the core affinity mask for the networking task. + * uxNetworkingCoreAffinityMask = vTaskCoreAffinityGet( xNetworkingTaskHandle ); + * + * // Here is a hypothetical scenario, just for the example. Assume that we + * // have 2 cores - Core 0 and core 1. We want to pin the application task to + * // the core different than the networking task to ensure that the + * // application task does not interfere with networking. + * if( ( uxNetworkingCoreAffinityMask & ( 1 << 0 ) ) != 0 ) + * { + * // The networking task can run on core 0, pin our task to core 1. + * vTaskCoreAffinitySet( xHandle, ( 1 << 1 ) ); + * } + * else + * { + * // Otherwise, pin our task to core 0. + * vTaskCoreAffinitySet( xHandle, ( 1 << 0 ) ); + * } + * } + */ + UBaseType_t vTaskCoreAffinityGet( const TaskHandle_t xTask ); +#endif + +/** + * @brief Disables preemption for a task. + * + * @param xTask The handle of the task to disable preemption. Passing NULL + * disables preemption for the calling task. + * + * Example usage: + * + * void vTaskCode( void *pvParameters ) + * { + * // Silence warnings about unused parameters. + * ( void ) pvParameters; + * + * for( ;; ) + * { + * // ... Perform some function here. + * + * // Disable preemption for this task. + * vTaskPreemptionDisable( NULL ); + * + * // The task will not be preempted when it is executing in this portion ... + * + * // ... until the preemption is enabled again. + * vTaskPreemptionEnable( NULL ); + * + * // The task can be preempted when it is executing in this portion. + * } + * } + */ +void vTaskPreemptionDisable( const TaskHandle_t xTask ); + +/** + * @brief Enables preemption for a task. + * + * @param xTask The handle of the task to enable preemption. Passing NULL + * enables preemption for the calling task. + * + * Example usage: + * + * void vTaskCode( void *pvParameters ) + * { + * // Silence warnings about unused parameters. + * ( void ) pvParameters; + * + * for( ;; ) + * { + * // ... Perform some function here. + * + * // Disable preemption for this task. + * vTaskPreemptionDisable( NULL ); + * + * // The task will not be preempted when it is executing in this portion ... + * + * // ... until the preemption is enabled again. + * vTaskPreemptionEnable( NULL ); + * + * // The task can be preempted when it is executing in this portion. + * } + * } + */ +void vTaskPreemptionEnable( const TaskHandle_t xTask ); + +/*----------------------------------------------------------- +* SCHEDULER CONTROL +*----------------------------------------------------------*/ + +/** + * task. h + *
+ * void vTaskStartScheduler( void );
+ * 
+ * + * Starts the real time kernel tick processing. After calling the kernel + * has control over which tasks are executed and when. + * + * See the demo application file main.c for an example of creating + * tasks and starting the kernel. + * + * Example usage: + *
+ * void vAFunction( void )
+ * {
+ *   // Create at least one task before starting the kernel.
+ *   xTaskCreate( vTaskCode, "NAME", STACK_SIZE, NULL, tskIDLE_PRIORITY, NULL );
+ *
+ *   // Start the real time kernel with preemption.
+ *   vTaskStartScheduler ();
+ *
+ *   // Will not get here unless a task calls vTaskEndScheduler ()
+ * }
+ * 
+ * + * \defgroup vTaskStartScheduler vTaskStartScheduler + * \ingroup SchedulerControl + */ +void vTaskStartScheduler( void ) PRIVILEGED_FUNCTION; + +/** + * task. h + *
+ * void vTaskEndScheduler( void );
+ * 
+ * + * NOTE: At the time of writing only the x86 real mode port, which runs on a PC + * in place of DOS, implements this function. + * + * Stops the real time kernel tick. All created tasks will be automatically + * deleted and multitasking (either preemptive or cooperative) will + * stop. Execution then resumes from the point where vTaskStartScheduler () + * was called, as if vTaskStartScheduler () had just returned. + * + * See the demo application file main. c in the demo/PC directory for an + * example that uses vTaskEndScheduler (). + * + * vTaskEndScheduler () requires an exit function to be defined within the + * portable layer (see vPortEndScheduler () in port. c for the PC port). This + * performs hardware specific operations such as stopping the kernel tick. + * + * vTaskEndScheduler () will cause all of the resources allocated by the + * kernel to be freed - but will not free resources allocated by application + * tasks. + * + * Example usage: + *
+ * void vTaskCode( void * pvParameters )
+ * {
+ *   for( ;; )
+ *   {
+ *       // Task code goes here.
+ *
+ *       // At some point we want to end the real time kernel processing
+ *       // so call ...
+ *       vTaskEndScheduler ();
+ *   }
+ * }
+ *
+ * void vAFunction( void )
+ * {
+ *   // Create at least one task before starting the kernel.
+ *   xTaskCreate( vTaskCode, "NAME", STACK_SIZE, NULL, tskIDLE_PRIORITY, NULL );
+ *
+ *   // Start the real time kernel with preemption.
+ *   vTaskStartScheduler ();
+ *
+ *   // Will only get here when the vTaskCode () task has called
+ *   // vTaskEndScheduler ().  When we get here we are back to single task
+ *   // execution.
+ * }
+ * 
+ * + * \defgroup vTaskEndScheduler vTaskEndScheduler + * \ingroup SchedulerControl + */ +void vTaskEndScheduler( void ) PRIVILEGED_FUNCTION; + +/** + * task. h + *
+ * void vTaskSuspendAll( void );
+ * 
+ * + * Suspends the scheduler without disabling interrupts. Context switches will + * not occur while the scheduler is suspended. + * + * After calling vTaskSuspendAll () the calling task will continue to execute + * without risk of being swapped out until a call to xTaskResumeAll () has been + * made. + * + * API functions that have the potential to cause a context switch (for example, + * xTaskDelayUntil(), xQueueSend(), etc.) must not be called while the scheduler + * is suspended. + * + * Example usage: + *
+ * void vTask1( void * pvParameters )
+ * {
+ *   for( ;; )
+ *   {
+ *       // Task code goes here.
+ *
+ *       // ...
+ *
+ *       // At some point the task wants to perform a long operation during
+ *       // which it does not want to get swapped out.  It cannot use
+ *       // taskENTER_CRITICAL ()/taskEXIT_CRITICAL () as the length of the
+ *       // operation may cause interrupts to be missed - including the
+ *       // ticks.
+ *
+ *       // Prevent the real time kernel swapping out the task.
+ *       vTaskSuspendAll ();
+ *
+ *       // Perform the operation here.  There is no need to use critical
+ *       // sections as we have all the microcontroller processing time.
+ *       // During this time interrupts will still operate and the kernel
+ *       // tick count will be maintained.
+ *
+ *       // ...
+ *
+ *       // The operation is complete.  Restart the kernel.
+ *       xTaskResumeAll ();
+ *   }
+ * }
+ * 
+ * \defgroup vTaskSuspendAll vTaskSuspendAll + * \ingroup SchedulerControl + */ +void vTaskSuspendAll( void ) PRIVILEGED_FUNCTION; + +/** + * task. h + *
+ * BaseType_t xTaskResumeAll( void );
+ * 
+ * + * Resumes scheduler activity after it was suspended by a call to + * vTaskSuspendAll(). + * + * xTaskResumeAll() only resumes the scheduler. It does not unsuspend tasks + * that were previously suspended by a call to vTaskSuspend(). + * + * @return If resuming the scheduler caused a context switch then pdTRUE is + * returned, otherwise pdFALSE is returned. + * + * Example usage: + *
+ * void vTask1( void * pvParameters )
+ * {
+ *   for( ;; )
+ *   {
+ *       // Task code goes here.
+ *
+ *       // ...
+ *
+ *       // At some point the task wants to perform a long operation during
+ *       // which it does not want to get swapped out.  It cannot use
+ *       // taskENTER_CRITICAL ()/taskEXIT_CRITICAL () as the length of the
+ *       // operation may cause interrupts to be missed - including the
+ *       // ticks.
+ *
+ *       // Prevent the real time kernel swapping out the task.
+ *       vTaskSuspendAll ();
+ *
+ *       // Perform the operation here.  There is no need to use critical
+ *       // sections as we have all the microcontroller processing time.
+ *       // During this time interrupts will still operate and the real
+ *       // time kernel tick count will be maintained.
+ *
+ *       // ...
+ *
+ *       // The operation is complete.  Restart the kernel.  We want to force
+ *       // a context switch - but there is no point if resuming the scheduler
+ *       // caused a context switch already.
+ *       if( !xTaskResumeAll () )
+ *       {
+ *            taskYIELD ();
+ *       }
+ *   }
+ * }
+ * 
+ * \defgroup xTaskResumeAll xTaskResumeAll + * \ingroup SchedulerControl + */ +BaseType_t xTaskResumeAll( void ) PRIVILEGED_FUNCTION; + +/*----------------------------------------------------------- +* TASK UTILITIES +*----------------------------------------------------------*/ + +/** + * task. h + *
TickType_t xTaskGetTickCount( void );
+ * + * @return The count of ticks since vTaskStartScheduler was called. + * + * \defgroup xTaskGetTickCount xTaskGetTickCount + * \ingroup TaskUtils + */ +TickType_t xTaskGetTickCount( void ) PRIVILEGED_FUNCTION; + +/** + * task. h + *
TickType_t xTaskGetTickCountFromISR( void );
+ * + * @return The count of ticks since vTaskStartScheduler was called. + * + * This is a version of xTaskGetTickCount() that is safe to be called from an + * ISR - provided that TickType_t is the natural word size of the + * microcontroller being used or interrupt nesting is either not supported or + * not being used. + * + * \defgroup xTaskGetTickCountFromISR xTaskGetTickCountFromISR + * \ingroup TaskUtils + */ +TickType_t xTaskGetTickCountFromISR( void ) PRIVILEGED_FUNCTION; + +/** + * task. h + *
uint16_t uxTaskGetNumberOfTasks( void );
+ * + * @return The number of tasks that the real time kernel is currently managing. + * This includes all ready, blocked and suspended tasks. A task that + * has been deleted but not yet freed by the idle task will also be + * included in the count. + * + * \defgroup uxTaskGetNumberOfTasks uxTaskGetNumberOfTasks + * \ingroup TaskUtils + */ +UBaseType_t uxTaskGetNumberOfTasks( void ) PRIVILEGED_FUNCTION; + +/** + * task. h + *
char *pcTaskGetName( TaskHandle_t xTaskToQuery );
+ * + * @return The text (human readable) name of the task referenced by the handle + * xTaskToQuery. A task can query its own name by either passing in its own + * handle, or by setting xTaskToQuery to NULL. + * + * \defgroup pcTaskGetName pcTaskGetName + * \ingroup TaskUtils + */ +char * pcTaskGetName( TaskHandle_t xTaskToQuery ) PRIVILEGED_FUNCTION; /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + +/** + * task. h + *
TaskHandle_t xTaskGetHandle( const char *pcNameToQuery );
+ * + * NOTE: This function takes a relatively long time to complete and should be + * used sparingly. + * + * @return The handle of the task that has the human readable name pcNameToQuery. + * NULL is returned if no matching name is found. INCLUDE_xTaskGetHandle + * must be set to 1 in FreeRTOSConfig.h for pcTaskGetHandle() to be available. + * + * \defgroup pcTaskGetHandle pcTaskGetHandle + * \ingroup TaskUtils + */ +TaskHandle_t xTaskGetHandle( const char * pcNameToQuery ) PRIVILEGED_FUNCTION; /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + +/** + * task.h + *
UBaseType_t uxTaskGetStackHighWaterMark( TaskHandle_t xTask );
+ * + * INCLUDE_uxTaskGetStackHighWaterMark must be set to 1 in FreeRTOSConfig.h for + * this function to be available. + * + * Returns the high water mark of the stack associated with xTask. That is, + * the minimum free stack space there has been (in words, so on a 32 bit machine + * a value of 1 means 4 bytes) since the task started. The smaller the returned + * number the closer the task has come to overflowing its stack. + * + * uxTaskGetStackHighWaterMark() and uxTaskGetStackHighWaterMark2() are the + * same except for their return type. Using configSTACK_DEPTH_TYPE allows the + * user to determine the return type. It gets around the problem of the value + * overflowing on 8-bit types without breaking backward compatibility for + * applications that expect an 8-bit return type. + * + * @param xTask Handle of the task associated with the stack to be checked. + * Set xTask to NULL to check the stack of the calling task. + * + * @return The smallest amount of free stack space there has been (in words, so + * actual spaces on the stack rather than bytes) since the task referenced by + * xTask was created. + */ +UBaseType_t uxTaskGetStackHighWaterMark( TaskHandle_t xTask ) PRIVILEGED_FUNCTION; + +/** + * task.h + *
configSTACK_DEPTH_TYPE uxTaskGetStackHighWaterMark2( TaskHandle_t xTask );
+ * + * INCLUDE_uxTaskGetStackHighWaterMark2 must be set to 1 in FreeRTOSConfig.h for + * this function to be available. + * + * Returns the high water mark of the stack associated with xTask. That is, + * the minimum free stack space there has been (in words, so on a 32 bit machine + * a value of 1 means 4 bytes) since the task started. The smaller the returned + * number the closer the task has come to overflowing its stack. + * + * uxTaskGetStackHighWaterMark() and uxTaskGetStackHighWaterMark2() are the + * same except for their return type. Using configSTACK_DEPTH_TYPE allows the + * user to determine the return type. It gets around the problem of the value + * overflowing on 8-bit types without breaking backward compatibility for + * applications that expect an 8-bit return type. + * + * @param xTask Handle of the task associated with the stack to be checked. + * Set xTask to NULL to check the stack of the calling task. + * + * @return The smallest amount of free stack space there has been (in words, so + * actual spaces on the stack rather than bytes) since the task referenced by + * xTask was created. + */ +configSTACK_DEPTH_TYPE uxTaskGetStackHighWaterMark2( TaskHandle_t xTask ) PRIVILEGED_FUNCTION; + +/* When using trace macros it is sometimes necessary to include task.h before + * FreeRTOS.h. When this is done TaskHookFunction_t will not yet have been defined, + * so the following two prototypes will cause a compilation error. This can be + * fixed by simply guarding against the inclusion of these two prototypes unless + * they are explicitly required by the configUSE_APPLICATION_TASK_TAG configuration + * constant. */ +#ifdef configUSE_APPLICATION_TASK_TAG + #if configUSE_APPLICATION_TASK_TAG == 1 + +/** + * task.h + *
+ * void vTaskSetApplicationTaskTag( TaskHandle_t xTask, TaskHookFunction_t pxHookFunction );
+ * 
+ * + * Sets pxHookFunction to be the task hook function used by the task xTask. + * Passing xTask as NULL has the effect of setting the calling tasks hook + * function. + */ + void vTaskSetApplicationTaskTag( TaskHandle_t xTask, + TaskHookFunction_t pxHookFunction ) PRIVILEGED_FUNCTION; + +/** + * task.h + *
+ * void xTaskGetApplicationTaskTag( TaskHandle_t xTask );
+ * 
+ * + * Returns the pxHookFunction value assigned to the task xTask. Do not + * call from an interrupt service routine - call + * xTaskGetApplicationTaskTagFromISR() instead. + */ + TaskHookFunction_t xTaskGetApplicationTaskTag( TaskHandle_t xTask ) PRIVILEGED_FUNCTION; + +/** + * task.h + *
+ * void xTaskGetApplicationTaskTagFromISR( TaskHandle_t xTask );
+ * 
+ * + * Returns the pxHookFunction value assigned to the task xTask. Can + * be called from an interrupt service routine. + */ + TaskHookFunction_t xTaskGetApplicationTaskTagFromISR( TaskHandle_t xTask ) PRIVILEGED_FUNCTION; + #endif /* configUSE_APPLICATION_TASK_TAG ==1 */ +#endif /* ifdef configUSE_APPLICATION_TASK_TAG */ + +#if ( configNUM_THREAD_LOCAL_STORAGE_POINTERS > 0 ) + +/* Each task contains an array of pointers that is dimensioned by the + * configNUM_THREAD_LOCAL_STORAGE_POINTERS setting in FreeRTOSConfig.h. The + * kernel does not use the pointers itself, so the application writer can use + * the pointers for any purpose they wish. The following two functions are + * used to set and query a pointer respectively. */ + void vTaskSetThreadLocalStoragePointer( TaskHandle_t xTaskToSet, + BaseType_t xIndex, + void * pvValue ) PRIVILEGED_FUNCTION; + void * pvTaskGetThreadLocalStoragePointer( TaskHandle_t xTaskToQuery, + BaseType_t xIndex ) PRIVILEGED_FUNCTION; + +#endif + +#if ( configCHECK_FOR_STACK_OVERFLOW > 0 ) + + /** + * task.h + *
void vApplicationStackOverflowHook( TaskHandle_t xTask char *pcTaskName); 
+ * + * The application stack overflow hook is called when a stack overflow is detected for a task. + * + * Details on stack overflow detection can be found here: https://www.FreeRTOS.org/Stacks-and-stack-overflow-checking.html + * + * @param xTask the task that just exceeded its stack boundaries. + * @param pcTaskName A character string containing the name of the offending task. + */ + void vApplicationStackOverflowHook( TaskHandle_t xTask, + char * pcTaskName ); + /*@ requires prvSeg_TCB_p(xTask, ?ulFreeBytesOnStack) &*& + coreLocalSeg_TCB_p(xTask, ?uxCriticalNesting); + @*/ + /*@ ensures prvSeg_TCB_p(xTask, ulFreeBytesOnStack) &*& + coreLocalSeg_TCB_p(xTask, uxCriticalNesting); + @*/ + +#endif + +#if ( configUSE_TICK_HOOK > 0 ) + /** + * task.h + *
void vApplicationTickHook( void ); 
+ * + * This hook function is called in the system tick handler after any OS work is completed. + */ + void vApplicationTickHook( void ); /*lint !e526 Symbol not defined as it is an application callback. */ + +#endif + +#if ( configSUPPORT_STATIC_ALLOCATION == 1 ) + /** + * task.h + *
void vApplicationGetIdleTaskMemory( StaticTask_t ** ppxIdleTaskTCBBuffer, StackType_t ** ppxIdleTaskStackBuffer, uint32_t *pulIdleTaskStackSize ) 
+ * + * This function is used to provide a statically allocated block of memory to FreeRTOS to hold the Idle Task TCB. This function is required when + * configSUPPORT_STATIC_ALLOCATION is set. For more information see this URI: https://www.FreeRTOS.org/a00110.html#configSUPPORT_STATIC_ALLOCATION + * + * @param ppxIdleTaskTCBBuffer A handle to a statically allocated TCB buffer + * @param ppxIdleTaskStackBuffer A handle to a statically allocated Stack buffer for the idle task + * @param pulIdleTaskStackSize A pointer to the number of elements that will fit in the allocated stack buffer + */ + void vApplicationGetIdleTaskMemory( StaticTask_t ** ppxIdleTaskTCBBuffer, + StackType_t ** ppxIdleTaskStackBuffer, + uint32_t * pulIdleTaskStackSize ); /*lint !e526 Symbol not defined as it is an application callback. */ +#endif + +/** + * task.h + *
+ * BaseType_t xTaskCallApplicationTaskHook( TaskHandle_t xTask, void *pvParameter );
+ * 
+ * + * Calls the hook function associated with xTask. Passing xTask as NULL has + * the effect of calling the Running tasks (the calling task) hook function. + * + * pvParameter is passed to the hook function for the task to interpret as it + * wants. The return value is the value returned by the task hook function + * registered by the user. + */ +BaseType_t xTaskCallApplicationTaskHook( TaskHandle_t xTask, + void * pvParameter ) PRIVILEGED_FUNCTION; + +/** + * xTaskGetIdleTaskHandle() is only available if + * INCLUDE_xTaskGetIdleTaskHandle is set to 1 in FreeRTOSConfig.h. + * + * Simply returns a pointer to the array of idle task handles. + * It is not valid to call xTaskGetIdleTaskHandle() before the scheduler has been started. + */ +TaskHandle_t *xTaskGetIdleTaskHandle( void ) PRIVILEGED_FUNCTION; + +/** + * configUSE_TRACE_FACILITY must be defined as 1 in FreeRTOSConfig.h for + * uxTaskGetSystemState() to be available. + * + * uxTaskGetSystemState() populates an TaskStatus_t structure for each task in + * the system. TaskStatus_t structures contain, among other things, members + * for the task handle, task name, task priority, task state, and total amount + * of run time consumed by the task. See the TaskStatus_t structure + * definition in this file for the full member list. + * + * NOTE: This function is intended for debugging use only as its use results in + * the scheduler remaining suspended for an extended period. + * + * @param pxTaskStatusArray A pointer to an array of TaskStatus_t structures. + * The array must contain at least one TaskStatus_t structure for each task + * that is under the control of the RTOS. The number of tasks under the control + * of the RTOS can be determined using the uxTaskGetNumberOfTasks() API function. + * + * @param uxArraySize The size of the array pointed to by the pxTaskStatusArray + * parameter. The size is specified as the number of indexes in the array, or + * the number of TaskStatus_t structures contained in the array, not by the + * number of bytes in the array. + * + * @param pulTotalRunTime If configGENERATE_RUN_TIME_STATS is set to 1 in + * FreeRTOSConfig.h then *pulTotalRunTime is set by uxTaskGetSystemState() to the + * total run time (as defined by the run time stats clock, see + * https://www.FreeRTOS.org/rtos-run-time-stats.html) since the target booted. + * pulTotalRunTime can be set to NULL to omit the total run time information. + * + * @return The number of TaskStatus_t structures that were populated by + * uxTaskGetSystemState(). This should equal the number returned by the + * uxTaskGetNumberOfTasks() API function, but will be zero if the value passed + * in the uxArraySize parameter was too small. + * + * Example usage: + *
+ *  // This example demonstrates how a human readable table of run time stats
+ *  // information is generated from raw data provided by uxTaskGetSystemState().
+ *  // The human readable table is written to pcWriteBuffer
+ *  void vTaskGetRunTimeStats( char *pcWriteBuffer )
+ *  {
+ *  TaskStatus_t *pxTaskStatusArray;
+ *  volatile UBaseType_t uxArraySize, x;
+ *  uint32_t ulTotalRunTime, ulStatsAsPercentage;
+ *
+ *      // Make sure the write buffer does not contain a string.
+ * pcWriteBuffer = 0x00;
+ *
+ *      // Take a snapshot of the number of tasks in case it changes while this
+ *      // function is executing.
+ *      uxArraySize = uxTaskGetNumberOfTasks();
+ *
+ *      // Allocate a TaskStatus_t structure for each task.  An array could be
+ *      // allocated statically at compile time.
+ *      pxTaskStatusArray = pvPortMalloc( uxArraySize * sizeof( TaskStatus_t ) );
+ *
+ *      if( pxTaskStatusArray != NULL )
+ *      {
+ *          // Generate raw status information about each task.
+ *          uxArraySize = uxTaskGetSystemState( pxTaskStatusArray, uxArraySize, &ulTotalRunTime );
+ *
+ *          // For percentage calculations.
+ *          ulTotalRunTime /= 100UL;
+ *
+ *          // Avoid divide by zero errors.
+ *          if( ulTotalRunTime > 0 )
+ *          {
+ *              // For each populated position in the pxTaskStatusArray array,
+ *              // format the raw data as human readable ASCII data
+ *              for( x = 0; x < uxArraySize; x++ )
+ *              {
+ *                  // What percentage of the total run time has the task used?
+ *                  // This will always be rounded down to the nearest integer.
+ *                  // ulTotalRunTimeDiv100 has already been divided by 100.
+ *                  ulStatsAsPercentage = pxTaskStatusArray[ x ].ulRunTimeCounter / ulTotalRunTime;
+ *
+ *                  if( ulStatsAsPercentage > 0UL )
+ *                  {
+ *                      sprintf( pcWriteBuffer, "%s\t\t%lu\t\t%lu%%\r\n", pxTaskStatusArray[ x ].pcTaskName, pxTaskStatusArray[ x ].ulRunTimeCounter, ulStatsAsPercentage );
+ *                  }
+ *                  else
+ *                  {
+ *                      // If the percentage is zero here then the task has
+ *                      // consumed less than 1% of the total run time.
+ *                      sprintf( pcWriteBuffer, "%s\t\t%lu\t\t<1%%\r\n", pxTaskStatusArray[ x ].pcTaskName, pxTaskStatusArray[ x ].ulRunTimeCounter );
+ *                  }
+ *
+ *                  pcWriteBuffer += strlen( ( char * ) pcWriteBuffer );
+ *              }
+ *          }
+ *
+ *          // The array is no longer needed, free the memory it consumes.
+ *          vPortFree( pxTaskStatusArray );
+ *      }
+ *  }
+ *  
+ */ +UBaseType_t uxTaskGetSystemState( TaskStatus_t * const pxTaskStatusArray, + const UBaseType_t uxArraySize, + uint32_t * const pulTotalRunTime ) PRIVILEGED_FUNCTION; + +/** + * task. h + *
void vTaskList( char *pcWriteBuffer );
+ * + * configUSE_TRACE_FACILITY and configUSE_STATS_FORMATTING_FUNCTIONS must + * both be defined as 1 for this function to be available. See the + * configuration section of the FreeRTOS.org website for more information. + * + * NOTE 1: This function will disable interrupts for its duration. It is + * not intended for normal application runtime use but as a debug aid. + * + * Lists all the current tasks, along with their current state and stack + * usage high water mark. + * + * Tasks are reported as blocked ('B'), ready ('R'), deleted ('D') or + * suspended ('S'). + * + * PLEASE NOTE: + * + * This function is provided for convenience only, and is used by many of the + * demo applications. Do not consider it to be part of the scheduler. + * + * vTaskList() calls uxTaskGetSystemState(), then formats part of the + * uxTaskGetSystemState() output into a human readable table that displays task: + * names, states, priority, stack usage and task number. + * Stack usage specified as the number of unused StackType_t words stack can hold + * on top of stack - not the number of bytes. + * + * vTaskList() has a dependency on the sprintf() C library function that might + * bloat the code size, use a lot of stack, and provide different results on + * different platforms. An alternative, tiny, third party, and limited + * functionality implementation of sprintf() is provided in many of the + * FreeRTOS/Demo sub-directories in a file called printf-stdarg.c (note + * printf-stdarg.c does not provide a full snprintf() implementation!). + * + * It is recommended that production systems call uxTaskGetSystemState() + * directly to get access to raw stats data, rather than indirectly through a + * call to vTaskList(). + * + * @param pcWriteBuffer A buffer into which the above mentioned details + * will be written, in ASCII form. This buffer is assumed to be large + * enough to contain the generated report. Approximately 40 bytes per + * task should be sufficient. + * + * \defgroup vTaskList vTaskList + * \ingroup TaskUtils + */ +void vTaskList( char * pcWriteBuffer ) PRIVILEGED_FUNCTION; /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + +/** + * task. h + *
void vTaskGetRunTimeStats( char *pcWriteBuffer );
+ * + * configGENERATE_RUN_TIME_STATS and configUSE_STATS_FORMATTING_FUNCTIONS + * must both be defined as 1 for this function to be available. The application + * must also then provide definitions for + * portCONFIGURE_TIMER_FOR_RUN_TIME_STATS() and portGET_RUN_TIME_COUNTER_VALUE() + * to configure a peripheral timer/counter and return the timers current count + * value respectively. The counter should be at least 10 times the frequency of + * the tick count. + * + * NOTE 1: This function will disable interrupts for its duration. It is + * not intended for normal application runtime use but as a debug aid. + * + * Setting configGENERATE_RUN_TIME_STATS to 1 will result in a total + * accumulated execution time being stored for each task. The resolution + * of the accumulated time value depends on the frequency of the timer + * configured by the portCONFIGURE_TIMER_FOR_RUN_TIME_STATS() macro. + * Calling vTaskGetRunTimeStats() writes the total execution time of each + * task into a buffer, both as an absolute count value and as a percentage + * of the total system execution time. + * + * NOTE 2: + * + * This function is provided for convenience only, and is used by many of the + * demo applications. Do not consider it to be part of the scheduler. + * + * vTaskGetRunTimeStats() calls uxTaskGetSystemState(), then formats part of the + * uxTaskGetSystemState() output into a human readable table that displays the + * amount of time each task has spent in the Running state in both absolute and + * percentage terms. + * + * vTaskGetRunTimeStats() has a dependency on the sprintf() C library function + * that might bloat the code size, use a lot of stack, and provide different + * results on different platforms. An alternative, tiny, third party, and + * limited functionality implementation of sprintf() is provided in many of the + * FreeRTOS/Demo sub-directories in a file called printf-stdarg.c (note + * printf-stdarg.c does not provide a full snprintf() implementation!). + * + * It is recommended that production systems call uxTaskGetSystemState() directly + * to get access to raw stats data, rather than indirectly through a call to + * vTaskGetRunTimeStats(). + * + * @param pcWriteBuffer A buffer into which the execution times will be + * written, in ASCII form. This buffer is assumed to be large enough to + * contain the generated report. Approximately 40 bytes per task should + * be sufficient. + * + * \defgroup vTaskGetRunTimeStats vTaskGetRunTimeStats + * \ingroup TaskUtils + */ +void vTaskGetRunTimeStats( char * pcWriteBuffer ) PRIVILEGED_FUNCTION; /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + +/** + * task. h + *
uint32_t ulTaskGetIdleRunTimeCounter( void );
+ * + * configGENERATE_RUN_TIME_STATS and configUSE_STATS_FORMATTING_FUNCTIONS + * must both be defined as 1 for this function to be available. The application + * must also then provide definitions for + * portCONFIGURE_TIMER_FOR_RUN_TIME_STATS() and portGET_RUN_TIME_COUNTER_VALUE() + * to configure a peripheral timer/counter and return the timers current count + * value respectively. The counter should be at least 10 times the frequency of + * the tick count. + * + * Setting configGENERATE_RUN_TIME_STATS to 1 will result in a total + * accumulated execution time being stored for each task. The resolution + * of the accumulated time value depends on the frequency of the timer + * configured by the portCONFIGURE_TIMER_FOR_RUN_TIME_STATS() macro. + * While uxTaskGetSystemState() and vTaskGetRunTimeStats() writes the total + * execution time of each task into a buffer, ulTaskGetIdleRunTimeCounter() + * returns the total execution time of just the idle task. + * + * @return The total run time of the idle task. This is the amount of time the + * idle task has actually been executing. The unit of time is dependent on the + * frequency configured using the portCONFIGURE_TIMER_FOR_RUN_TIME_STATS() and + * portGET_RUN_TIME_COUNTER_VALUE() macros. + * + * \defgroup ulTaskGetIdleRunTimeCounter ulTaskGetIdleRunTimeCounter + * \ingroup TaskUtils + */ +uint32_t ulTaskGetIdleRunTimeCounter( void ) PRIVILEGED_FUNCTION; + +/** + * task. h + *
BaseType_t xTaskNotifyIndexed( TaskHandle_t xTaskToNotify, UBaseType_t uxIndexToNotify, uint32_t ulValue, eNotifyAction eAction );
+ *
BaseType_t xTaskNotify( TaskHandle_t xTaskToNotify, uint32_t ulValue, eNotifyAction eAction );
+ * + * See https://www.FreeRTOS.org/RTOS-task-notifications.html for details. + * + * configUSE_TASK_NOTIFICATIONS must be undefined or defined as 1 for these + * functions to be available. + * + * Sends a direct to task notification to a task, with an optional value and + * action. + * + * Each task has a private array of "notification values" (or 'notifications'), + * each of which is a 32-bit unsigned integer (uint32_t). The constant + * configTASK_NOTIFICATION_ARRAY_ENTRIES sets the number of indexes in the + * array, and (for backward compatibility) defaults to 1 if left undefined. + * Prior to FreeRTOS V10.4.0 there was only one notification value per task. + * + * Events can be sent to a task using an intermediary object. Examples of such + * objects are queues, semaphores, mutexes and event groups. Task notifications + * are a method of sending an event directly to a task without the need for such + * an intermediary object. + * + * A notification sent to a task can optionally perform an action, such as + * update, overwrite or increment one of the task's notification values. In + * that way task notifications can be used to send data to a task, or be used as + * light weight and fast binary or counting semaphores. + * + * A task can use xTaskNotifyWaitIndexed() or ulTaskNotifyTakeIndexed() to + * [optionally] block to wait for a notification to be pending. The task does + * not consume any CPU time while it is in the Blocked state. + * + * A notification sent to a task will remain pending until it is cleared by the + * task calling xTaskNotifyWaitIndexed() or ulTaskNotifyTakeIndexed() (or their + * un-indexed equivalents). If the task was already in the Blocked state to + * wait for a notification when the notification arrives then the task will + * automatically be removed from the Blocked state (unblocked) and the + * notification cleared. + * + * **NOTE** Each notification within the array operates independently - a task + * can only block on one notification within the array at a time and will not be + * unblocked by a notification sent to any other array index. + * + * Backward compatibility information: + * Prior to FreeRTOS V10.4.0 each task had a single "notification value", and + * all task notification API functions operated on that value. Replacing the + * single notification value with an array of notification values necessitated a + * new set of API functions that could address specific notifications within the + * array. xTaskNotify() is the original API function, and remains backward + * compatible by always operating on the notification value at index 0 in the + * array. Calling xTaskNotify() is equivalent to calling xTaskNotifyIndexed() + * with the uxIndexToNotify parameter set to 0. + * + * @param xTaskToNotify The handle of the task being notified. The handle to a + * task can be returned from the xTaskCreate() API function used to create the + * task, and the handle of the currently running task can be obtained by calling + * xTaskGetCurrentTaskHandle(). + * + * @param uxIndexToNotify The index within the target task's array of + * notification values to which the notification is to be sent. uxIndexToNotify + * must be less than configTASK_NOTIFICATION_ARRAY_ENTRIES. xTaskNotify() does + * not have this parameter and always sends notifications to index 0. + * + * @param ulValue Data that can be sent with the notification. How the data is + * used depends on the value of the eAction parameter. + * + * @param eAction Specifies how the notification updates the task's notification + * value, if at all. Valid values for eAction are as follows: + * + * eSetBits - + * The target notification value is bitwise ORed with ulValue. + * xTaskNotifyIndexed() always returns pdPASS in this case. + * + * eIncrement - + * The target notification value is incremented. ulValue is not used and + * xTaskNotifyIndexed() always returns pdPASS in this case. + * + * eSetValueWithOverwrite - + * The target notification value is set to the value of ulValue, even if the + * task being notified had not yet processed the previous notification at the + * same array index (the task already had a notification pending at that index). + * xTaskNotifyIndexed() always returns pdPASS in this case. + * + * eSetValueWithoutOverwrite - + * If the task being notified did not already have a notification pending at the + * same array index then the target notification value is set to ulValue and + * xTaskNotifyIndexed() will return pdPASS. If the task being notified already + * had a notification pending at the same array index then no action is + * performed and pdFAIL is returned. + * + * eNoAction - + * The task receives a notification at the specified array index without the + * notification value at that index being updated. ulValue is not used and + * xTaskNotifyIndexed() always returns pdPASS in this case. + * + * pulPreviousNotificationValue - + * Can be used to pass out the subject task's notification value before any + * bits are modified by the notify function. + * + * @return Dependent on the value of eAction. See the description of the + * eAction parameter. + * + * \defgroup xTaskNotifyIndexed xTaskNotifyIndexed + * \ingroup TaskNotifications + */ +BaseType_t xTaskGenericNotify( TaskHandle_t xTaskToNotify, + UBaseType_t uxIndexToNotify, + uint32_t ulValue, + eNotifyAction eAction, + uint32_t * pulPreviousNotificationValue ) PRIVILEGED_FUNCTION; +#define xTaskNotify( xTaskToNotify, ulValue, eAction ) \ + xTaskGenericNotify( ( xTaskToNotify ), ( tskDEFAULT_INDEX_TO_NOTIFY ), ( ulValue ), ( eAction ), NULL ) +#define xTaskNotifyIndexed( xTaskToNotify, uxIndexToNotify, ulValue, eAction ) \ + xTaskGenericNotify( ( xTaskToNotify ), ( uxIndexToNotify ), ( ulValue ), ( eAction ), NULL ) + +/** + * task. h + *
BaseType_t xTaskNotifyAndQueryIndexed( TaskHandle_t xTaskToNotify, UBaseType_t uxIndexToNotify, uint32_t ulValue, eNotifyAction eAction, uint32_t *pulPreviousNotifyValue );
+ *
BaseType_t xTaskNotifyAndQuery( TaskHandle_t xTaskToNotify, uint32_t ulValue, eNotifyAction eAction, uint32_t *pulPreviousNotifyValue );
+ * + * See https://www.FreeRTOS.org/RTOS-task-notifications.html for details. + * + * xTaskNotifyAndQueryIndexed() performs the same operation as + * xTaskNotifyIndexed() with the addition that it also returns the subject + * task's prior notification value (the notification value at the time the + * function is called rather than when the function returns) in the additional + * pulPreviousNotifyValue parameter. + * + * xTaskNotifyAndQuery() performs the same operation as xTaskNotify() with the + * addition that it also returns the subject task's prior notification value + * (the notification value as it was at the time the function is called, rather + * than when the function returns) in the additional pulPreviousNotifyValue + * parameter. + * + * \defgroup xTaskNotifyAndQueryIndexed xTaskNotifyAndQueryIndexed + * \ingroup TaskNotifications + */ +#define xTaskNotifyAndQuery( xTaskToNotify, ulValue, eAction, pulPreviousNotifyValue ) \ + xTaskGenericNotify( ( xTaskToNotify ), ( tskDEFAULT_INDEX_TO_NOTIFY ), ( ulValue ), ( eAction ), ( pulPreviousNotifyValue ) ) +#define xTaskNotifyAndQueryIndexed( xTaskToNotify, uxIndexToNotify, ulValue, eAction, pulPreviousNotifyValue ) \ + xTaskGenericNotify( ( xTaskToNotify ), ( uxIndexToNotify ), ( ulValue ), ( eAction ), ( pulPreviousNotifyValue ) ) + +/** + * task. h + *
BaseType_t xTaskNotifyIndexedFromISR( TaskHandle_t xTaskToNotify, UBaseType_t uxIndexToNotify, uint32_t ulValue, eNotifyAction eAction, BaseType_t *pxHigherPriorityTaskWoken );
+ *
BaseType_t xTaskNotifyFromISR( TaskHandle_t xTaskToNotify, uint32_t ulValue, eNotifyAction eAction, BaseType_t *pxHigherPriorityTaskWoken );
+ * + * See https://www.FreeRTOS.org/RTOS-task-notifications.html for details. + * + * configUSE_TASK_NOTIFICATIONS must be undefined or defined as 1 for these + * functions to be available. + * + * A version of xTaskNotifyIndexed() that can be used from an interrupt service + * routine (ISR). + * + * Each task has a private array of "notification values" (or 'notifications'), + * each of which is a 32-bit unsigned integer (uint32_t). The constant + * configTASK_NOTIFICATION_ARRAY_ENTRIES sets the number of indexes in the + * array, and (for backward compatibility) defaults to 1 if left undefined. + * Prior to FreeRTOS V10.4.0 there was only one notification value per task. + * + * Events can be sent to a task using an intermediary object. Examples of such + * objects are queues, semaphores, mutexes and event groups. Task notifications + * are a method of sending an event directly to a task without the need for such + * an intermediary object. + * + * A notification sent to a task can optionally perform an action, such as + * update, overwrite or increment one of the task's notification values. In + * that way task notifications can be used to send data to a task, or be used as + * light weight and fast binary or counting semaphores. + * + * A task can use xTaskNotifyWaitIndexed() to [optionally] block to wait for a + * notification to be pending, or ulTaskNotifyTakeIndexed() to [optionally] block + * to wait for a notification value to have a non-zero value. The task does + * not consume any CPU time while it is in the Blocked state. + * + * A notification sent to a task will remain pending until it is cleared by the + * task calling xTaskNotifyWaitIndexed() or ulTaskNotifyTakeIndexed() (or their + * un-indexed equivalents). If the task was already in the Blocked state to + * wait for a notification when the notification arrives then the task will + * automatically be removed from the Blocked state (unblocked) and the + * notification cleared. + * + * **NOTE** Each notification within the array operates independently - a task + * can only block on one notification within the array at a time and will not be + * unblocked by a notification sent to any other array index. + * + * Backward compatibility information: + * Prior to FreeRTOS V10.4.0 each task had a single "notification value", and + * all task notification API functions operated on that value. Replacing the + * single notification value with an array of notification values necessitated a + * new set of API functions that could address specific notifications within the + * array. xTaskNotifyFromISR() is the original API function, and remains + * backward compatible by always operating on the notification value at index 0 + * within the array. Calling xTaskNotifyFromISR() is equivalent to calling + * xTaskNotifyIndexedFromISR() with the uxIndexToNotify parameter set to 0. + * + * @param uxIndexToNotify The index within the target task's array of + * notification values to which the notification is to be sent. uxIndexToNotify + * must be less than configTASK_NOTIFICATION_ARRAY_ENTRIES. xTaskNotifyFromISR() + * does not have this parameter and always sends notifications to index 0. + * + * @param xTaskToNotify The handle of the task being notified. The handle to a + * task can be returned from the xTaskCreate() API function used to create the + * task, and the handle of the currently running task can be obtained by calling + * xTaskGetCurrentTaskHandle(). + * + * @param ulValue Data that can be sent with the notification. How the data is + * used depends on the value of the eAction parameter. + * + * @param eAction Specifies how the notification updates the task's notification + * value, if at all. Valid values for eAction are as follows: + * + * eSetBits - + * The task's notification value is bitwise ORed with ulValue. xTaskNotify() + * always returns pdPASS in this case. + * + * eIncrement - + * The task's notification value is incremented. ulValue is not used and + * xTaskNotify() always returns pdPASS in this case. + * + * eSetValueWithOverwrite - + * The task's notification value is set to the value of ulValue, even if the + * task being notified had not yet processed the previous notification (the + * task already had a notification pending). xTaskNotify() always returns + * pdPASS in this case. + * + * eSetValueWithoutOverwrite - + * If the task being notified did not already have a notification pending then + * the task's notification value is set to ulValue and xTaskNotify() will + * return pdPASS. If the task being notified already had a notification + * pending then no action is performed and pdFAIL is returned. + * + * eNoAction - + * The task receives a notification without its notification value being + * updated. ulValue is not used and xTaskNotify() always returns pdPASS in + * this case. + * + * @param pxHigherPriorityTaskWoken xTaskNotifyFromISR() will set + * *pxHigherPriorityTaskWoken to pdTRUE if sending the notification caused the + * task to which the notification was sent to leave the Blocked state, and the + * unblocked task has a priority higher than the currently running task. If + * xTaskNotifyFromISR() sets this value to pdTRUE then a context switch should + * be requested before the interrupt is exited. How a context switch is + * requested from an ISR is dependent on the port - see the documentation page + * for the port in use. + * + * @return Dependent on the value of eAction. See the description of the + * eAction parameter. + * + * \defgroup xTaskNotifyIndexedFromISR xTaskNotifyIndexedFromISR + * \ingroup TaskNotifications + */ +BaseType_t xTaskGenericNotifyFromISR( TaskHandle_t xTaskToNotify, + UBaseType_t uxIndexToNotify, + uint32_t ulValue, + eNotifyAction eAction, + uint32_t * pulPreviousNotificationValue, + BaseType_t * pxHigherPriorityTaskWoken ) PRIVILEGED_FUNCTION; +#define xTaskNotifyFromISR( xTaskToNotify, ulValue, eAction, pxHigherPriorityTaskWoken ) \ + xTaskGenericNotifyFromISR( ( xTaskToNotify ), ( tskDEFAULT_INDEX_TO_NOTIFY ), ( ulValue ), ( eAction ), NULL, ( pxHigherPriorityTaskWoken ) ) +#define xTaskNotifyIndexedFromISR( xTaskToNotify, uxIndexToNotify, ulValue, eAction, pxHigherPriorityTaskWoken ) \ + xTaskGenericNotifyFromISR( ( xTaskToNotify ), ( uxIndexToNotify ), ( ulValue ), ( eAction ), NULL, ( pxHigherPriorityTaskWoken ) ) + +/** + * task. h + *
BaseType_t xTaskNotifyAndQueryIndexedFromISR( TaskHandle_t xTaskToNotify, UBaseType_t uxIndexToNotify, uint32_t ulValue, eNotifyAction eAction, uint32_t *pulPreviousNotificationValue, BaseType_t *pxHigherPriorityTaskWoken );
+ *
BaseType_t xTaskNotifyAndQueryFromISR( TaskHandle_t xTaskToNotify, uint32_t ulValue, eNotifyAction eAction, uint32_t *pulPreviousNotificationValue, BaseType_t *pxHigherPriorityTaskWoken );
+ * + * See https://www.FreeRTOS.org/RTOS-task-notifications.html for details. + * + * xTaskNotifyAndQueryIndexedFromISR() performs the same operation as + * xTaskNotifyIndexedFromISR() with the addition that it also returns the + * subject task's prior notification value (the notification value at the time + * the function is called rather than at the time the function returns) in the + * additional pulPreviousNotifyValue parameter. + * + * xTaskNotifyAndQueryFromISR() performs the same operation as + * xTaskNotifyFromISR() with the addition that it also returns the subject + * task's prior notification value (the notification value at the time the + * function is called rather than at the time the function returns) in the + * additional pulPreviousNotifyValue parameter. + * + * \defgroup xTaskNotifyAndQueryIndexedFromISR xTaskNotifyAndQueryIndexedFromISR + * \ingroup TaskNotifications + */ +#define xTaskNotifyAndQueryIndexedFromISR( xTaskToNotify, uxIndexToNotify, ulValue, eAction, pulPreviousNotificationValue, pxHigherPriorityTaskWoken ) \ + xTaskGenericNotifyFromISR( ( xTaskToNotify ), ( uxIndexToNotify ), ( ulValue ), ( eAction ), ( pulPreviousNotificationValue ), ( pxHigherPriorityTaskWoken ) ) +#define xTaskNotifyAndQueryFromISR( xTaskToNotify, ulValue, eAction, pulPreviousNotificationValue, pxHigherPriorityTaskWoken ) \ + xTaskGenericNotifyFromISR( ( xTaskToNotify ), ( tskDEFAULT_INDEX_TO_NOTIFY ), ( ulValue ), ( eAction ), ( pulPreviousNotificationValue ), ( pxHigherPriorityTaskWoken ) ) + +/** + * task. h + *
+ * BaseType_t xTaskNotifyWaitIndexed( UBaseType_t uxIndexToWaitOn, uint32_t ulBitsToClearOnEntry, uint32_t ulBitsToClearOnExit, uint32_t *pulNotificationValue, TickType_t xTicksToWait );
+ *
+ * BaseType_t xTaskNotifyWait( uint32_t ulBitsToClearOnEntry, uint32_t ulBitsToClearOnExit, uint32_t *pulNotificationValue, TickType_t xTicksToWait );
+ * 
+ * + * Waits for a direct to task notification to be pending at a given index within + * an array of direct to task notifications. + * + * See https://www.FreeRTOS.org/RTOS-task-notifications.html for details. + * + * configUSE_TASK_NOTIFICATIONS must be undefined or defined as 1 for this + * function to be available. + * + * Each task has a private array of "notification values" (or 'notifications'), + * each of which is a 32-bit unsigned integer (uint32_t). The constant + * configTASK_NOTIFICATION_ARRAY_ENTRIES sets the number of indexes in the + * array, and (for backward compatibility) defaults to 1 if left undefined. + * Prior to FreeRTOS V10.4.0 there was only one notification value per task. + * + * Events can be sent to a task using an intermediary object. Examples of such + * objects are queues, semaphores, mutexes and event groups. Task notifications + * are a method of sending an event directly to a task without the need for such + * an intermediary object. + * + * A notification sent to a task can optionally perform an action, such as + * update, overwrite or increment one of the task's notification values. In + * that way task notifications can be used to send data to a task, or be used as + * light weight and fast binary or counting semaphores. + * + * A notification sent to a task will remain pending until it is cleared by the + * task calling xTaskNotifyWaitIndexed() or ulTaskNotifyTakeIndexed() (or their + * un-indexed equivalents). If the task was already in the Blocked state to + * wait for a notification when the notification arrives then the task will + * automatically be removed from the Blocked state (unblocked) and the + * notification cleared. + * + * A task can use xTaskNotifyWaitIndexed() to [optionally] block to wait for a + * notification to be pending, or ulTaskNotifyTakeIndexed() to [optionally] block + * to wait for a notification value to have a non-zero value. The task does + * not consume any CPU time while it is in the Blocked state. + * + * **NOTE** Each notification within the array operates independently - a task + * can only block on one notification within the array at a time and will not be + * unblocked by a notification sent to any other array index. + * + * Backward compatibility information: + * Prior to FreeRTOS V10.4.0 each task had a single "notification value", and + * all task notification API functions operated on that value. Replacing the + * single notification value with an array of notification values necessitated a + * new set of API functions that could address specific notifications within the + * array. xTaskNotifyWait() is the original API function, and remains backward + * compatible by always operating on the notification value at index 0 in the + * array. Calling xTaskNotifyWait() is equivalent to calling + * xTaskNotifyWaitIndexed() with the uxIndexToWaitOn parameter set to 0. + * + * @param uxIndexToWaitOn The index within the calling task's array of + * notification values on which the calling task will wait for a notification to + * be received. uxIndexToWaitOn must be less than + * configTASK_NOTIFICATION_ARRAY_ENTRIES. xTaskNotifyWait() does + * not have this parameter and always waits for notifications on index 0. + * + * @param ulBitsToClearOnEntry Bits that are set in ulBitsToClearOnEntry value + * will be cleared in the calling task's notification value before the task + * checks to see if any notifications are pending, and optionally blocks if no + * notifications are pending. Setting ulBitsToClearOnEntry to ULONG_MAX (if + * limits.h is included) or 0xffffffffUL (if limits.h is not included) will have + * the effect of resetting the task's notification value to 0. Setting + * ulBitsToClearOnEntry to 0 will leave the task's notification value unchanged. + * + * @param ulBitsToClearOnExit If a notification is pending or received before + * the calling task exits the xTaskNotifyWait() function then the task's + * notification value (see the xTaskNotify() API function) is passed out using + * the pulNotificationValue parameter. Then any bits that are set in + * ulBitsToClearOnExit will be cleared in the task's notification value (note + * *pulNotificationValue is set before any bits are cleared). Setting + * ulBitsToClearOnExit to ULONG_MAX (if limits.h is included) or 0xffffffffUL + * (if limits.h is not included) will have the effect of resetting the task's + * notification value to 0 before the function exits. Setting + * ulBitsToClearOnExit to 0 will leave the task's notification value unchanged + * when the function exits (in which case the value passed out in + * pulNotificationValue will match the task's notification value). + * + * @param pulNotificationValue Used to pass the task's notification value out + * of the function. Note the value passed out will not be effected by the + * clearing of any bits caused by ulBitsToClearOnExit being non-zero. + * + * @param xTicksToWait The maximum amount of time that the task should wait in + * the Blocked state for a notification to be received, should a notification + * not already be pending when xTaskNotifyWait() was called. The task + * will not consume any processing time while it is in the Blocked state. This + * is specified in kernel ticks, the macro pdMS_TO_TICKS( value_in_ms ) can be + * used to convert a time specified in milliseconds to a time specified in + * ticks. + * + * @return If a notification was received (including notifications that were + * already pending when xTaskNotifyWait was called) then pdPASS is + * returned. Otherwise pdFAIL is returned. + * + * \defgroup xTaskNotifyWaitIndexed xTaskNotifyWaitIndexed + * \ingroup TaskNotifications + */ +BaseType_t xTaskGenericNotifyWait( UBaseType_t uxIndexToWaitOn, + uint32_t ulBitsToClearOnEntry, + uint32_t ulBitsToClearOnExit, + uint32_t * pulNotificationValue, + TickType_t xTicksToWait ) PRIVILEGED_FUNCTION; +#define xTaskNotifyWait( ulBitsToClearOnEntry, ulBitsToClearOnExit, pulNotificationValue, xTicksToWait ) \ + xTaskGenericNotifyWait( tskDEFAULT_INDEX_TO_NOTIFY, ( ulBitsToClearOnEntry ), ( ulBitsToClearOnExit ), ( pulNotificationValue ), ( xTicksToWait ) ) +#define xTaskNotifyWaitIndexed( uxIndexToWaitOn, ulBitsToClearOnEntry, ulBitsToClearOnExit, pulNotificationValue, xTicksToWait ) \ + xTaskGenericNotifyWait( ( uxIndexToWaitOn ), ( ulBitsToClearOnEntry ), ( ulBitsToClearOnExit ), ( pulNotificationValue ), ( xTicksToWait ) ) + +/** + * task. h + *
BaseType_t xTaskNotifyGiveIndexed( TaskHandle_t xTaskToNotify, UBaseType_t uxIndexToNotify );
+ *
BaseType_t xTaskNotifyGive( TaskHandle_t xTaskToNotify );
+ * + * Sends a direct to task notification to a particular index in the target + * task's notification array in a manner similar to giving a counting semaphore. + * + * See https://www.FreeRTOS.org/RTOS-task-notifications.html for more details. + * + * configUSE_TASK_NOTIFICATIONS must be undefined or defined as 1 for these + * macros to be available. + * + * Each task has a private array of "notification values" (or 'notifications'), + * each of which is a 32-bit unsigned integer (uint32_t). The constant + * configTASK_NOTIFICATION_ARRAY_ENTRIES sets the number of indexes in the + * array, and (for backward compatibility) defaults to 1 if left undefined. + * Prior to FreeRTOS V10.4.0 there was only one notification value per task. + * + * Events can be sent to a task using an intermediary object. Examples of such + * objects are queues, semaphores, mutexes and event groups. Task notifications + * are a method of sending an event directly to a task without the need for such + * an intermediary object. + * + * A notification sent to a task can optionally perform an action, such as + * update, overwrite or increment one of the task's notification values. In + * that way task notifications can be used to send data to a task, or be used as + * light weight and fast binary or counting semaphores. + * + * xTaskNotifyGiveIndexed() is a helper macro intended for use when task + * notifications are used as light weight and faster binary or counting + * semaphore equivalents. Actual FreeRTOS semaphores are given using the + * xSemaphoreGive() API function, the equivalent action that instead uses a task + * notification is xTaskNotifyGiveIndexed(). + * + * When task notifications are being used as a binary or counting semaphore + * equivalent then the task being notified should wait for the notification + * using the ulTaskNotificationTakeIndexed() API function rather than the + * xTaskNotifyWaitIndexed() API function. + * + * **NOTE** Each notification within the array operates independently - a task + * can only block on one notification within the array at a time and will not be + * unblocked by a notification sent to any other array index. + * + * Backward compatibility information: + * Prior to FreeRTOS V10.4.0 each task had a single "notification value", and + * all task notification API functions operated on that value. Replacing the + * single notification value with an array of notification values necessitated a + * new set of API functions that could address specific notifications within the + * array. xTaskNotifyGive() is the original API function, and remains backward + * compatible by always operating on the notification value at index 0 in the + * array. Calling xTaskNotifyGive() is equivalent to calling + * xTaskNotifyGiveIndexed() with the uxIndexToNotify parameter set to 0. + * + * @param xTaskToNotify The handle of the task being notified. The handle to a + * task can be returned from the xTaskCreate() API function used to create the + * task, and the handle of the currently running task can be obtained by calling + * xTaskGetCurrentTaskHandle(). + * + * @param uxIndexToNotify The index within the target task's array of + * notification values to which the notification is to be sent. uxIndexToNotify + * must be less than configTASK_NOTIFICATION_ARRAY_ENTRIES. xTaskNotifyGive() + * does not have this parameter and always sends notifications to index 0. + * + * @return xTaskNotifyGive() is a macro that calls xTaskNotify() with the + * eAction parameter set to eIncrement - so pdPASS is always returned. + * + * \defgroup xTaskNotifyGiveIndexed xTaskNotifyGiveIndexed + * \ingroup TaskNotifications + */ +#define xTaskNotifyGive( xTaskToNotify ) \ + xTaskGenericNotify( ( xTaskToNotify ), ( tskDEFAULT_INDEX_TO_NOTIFY ), ( 0 ), eIncrement, NULL ) +#define xTaskNotifyGiveIndexed( xTaskToNotify, uxIndexToNotify ) \ + xTaskGenericNotify( ( xTaskToNotify ), ( uxIndexToNotify ), ( 0 ), eIncrement, NULL ) + +/** + * task. h + *
void vTaskNotifyGiveIndexedFromISR( TaskHandle_t xTaskHandle, UBaseType_t uxIndexToNotify, BaseType_t *pxHigherPriorityTaskWoken );
+ *
void vTaskNotifyGiveFromISR( TaskHandle_t xTaskHandle, BaseType_t *pxHigherPriorityTaskWoken );
+ * + * A version of xTaskNotifyGiveIndexed() that can be called from an interrupt + * service routine (ISR). + * + * See https://www.FreeRTOS.org/RTOS-task-notifications.html for more details. + * + * configUSE_TASK_NOTIFICATIONS must be undefined or defined as 1 for this macro + * to be available. + * + * Each task has a private array of "notification values" (or 'notifications'), + * each of which is a 32-bit unsigned integer (uint32_t). The constant + * configTASK_NOTIFICATION_ARRAY_ENTRIES sets the number of indexes in the + * array, and (for backward compatibility) defaults to 1 if left undefined. + * Prior to FreeRTOS V10.4.0 there was only one notification value per task. + * + * Events can be sent to a task using an intermediary object. Examples of such + * objects are queues, semaphores, mutexes and event groups. Task notifications + * are a method of sending an event directly to a task without the need for such + * an intermediary object. + * + * A notification sent to a task can optionally perform an action, such as + * update, overwrite or increment one of the task's notification values. In + * that way task notifications can be used to send data to a task, or be used as + * light weight and fast binary or counting semaphores. + * + * vTaskNotifyGiveIndexedFromISR() is intended for use when task notifications + * are used as light weight and faster binary or counting semaphore equivalents. + * Actual FreeRTOS semaphores are given from an ISR using the + * xSemaphoreGiveFromISR() API function, the equivalent action that instead uses + * a task notification is vTaskNotifyGiveIndexedFromISR(). + * + * When task notifications are being used as a binary or counting semaphore + * equivalent then the task being notified should wait for the notification + * using the ulTaskNotificationTakeIndexed() API function rather than the + * xTaskNotifyWaitIndexed() API function. + * + * **NOTE** Each notification within the array operates independently - a task + * can only block on one notification within the array at a time and will not be + * unblocked by a notification sent to any other array index. + * + * Backward compatibility information: + * Prior to FreeRTOS V10.4.0 each task had a single "notification value", and + * all task notification API functions operated on that value. Replacing the + * single notification value with an array of notification values necessitated a + * new set of API functions that could address specific notifications within the + * array. xTaskNotifyFromISR() is the original API function, and remains + * backward compatible by always operating on the notification value at index 0 + * within the array. Calling xTaskNotifyGiveFromISR() is equivalent to calling + * xTaskNotifyGiveIndexedFromISR() with the uxIndexToNotify parameter set to 0. + * + * @param xTaskToNotify The handle of the task being notified. The handle to a + * task can be returned from the xTaskCreate() API function used to create the + * task, and the handle of the currently running task can be obtained by calling + * xTaskGetCurrentTaskHandle(). + * + * @param uxIndexToNotify The index within the target task's array of + * notification values to which the notification is to be sent. uxIndexToNotify + * must be less than configTASK_NOTIFICATION_ARRAY_ENTRIES. + * xTaskNotifyGiveFromISR() does not have this parameter and always sends + * notifications to index 0. + * + * @param pxHigherPriorityTaskWoken vTaskNotifyGiveFromISR() will set + * *pxHigherPriorityTaskWoken to pdTRUE if sending the notification caused the + * task to which the notification was sent to leave the Blocked state, and the + * unblocked task has a priority higher than the currently running task. If + * vTaskNotifyGiveFromISR() sets this value to pdTRUE then a context switch + * should be requested before the interrupt is exited. How a context switch is + * requested from an ISR is dependent on the port - see the documentation page + * for the port in use. + * + * \defgroup vTaskNotifyGiveIndexedFromISR vTaskNotifyGiveIndexedFromISR + * \ingroup TaskNotifications + */ +void vTaskGenericNotifyGiveFromISR( TaskHandle_t xTaskToNotify, + UBaseType_t uxIndexToNotify, + BaseType_t * pxHigherPriorityTaskWoken ) PRIVILEGED_FUNCTION; +#define vTaskNotifyGiveFromISR( xTaskToNotify, pxHigherPriorityTaskWoken ) \ + vTaskGenericNotifyGiveFromISR( ( xTaskToNotify ), ( tskDEFAULT_INDEX_TO_NOTIFY ), ( pxHigherPriorityTaskWoken ) ); +#define vTaskNotifyGiveIndexedFromISR( xTaskToNotify, uxIndexToNotify, pxHigherPriorityTaskWoken ) \ + vTaskGenericNotifyGiveFromISR( ( xTaskToNotify ), ( uxIndexToNotify ), ( pxHigherPriorityTaskWoken ) ); + +/** + * task. h + *
+ * uint32_t ulTaskNotifyTakeIndexed( UBaseType_t uxIndexToWaitOn, BaseType_t xClearCountOnExit, TickType_t xTicksToWait );
+ *
+ * uint32_t ulTaskNotifyTake( BaseType_t xClearCountOnExit, TickType_t xTicksToWait );
+ * 
+ * + * Waits for a direct to task notification on a particular index in the calling + * task's notification array in a manner similar to taking a counting semaphore. + * + * See https://www.FreeRTOS.org/RTOS-task-notifications.html for details. + * + * configUSE_TASK_NOTIFICATIONS must be undefined or defined as 1 for this + * function to be available. + * + * Each task has a private array of "notification values" (or 'notifications'), + * each of which is a 32-bit unsigned integer (uint32_t). The constant + * configTASK_NOTIFICATION_ARRAY_ENTRIES sets the number of indexes in the + * array, and (for backward compatibility) defaults to 1 if left undefined. + * Prior to FreeRTOS V10.4.0 there was only one notification value per task. + * + * Events can be sent to a task using an intermediary object. Examples of such + * objects are queues, semaphores, mutexes and event groups. Task notifications + * are a method of sending an event directly to a task without the need for such + * an intermediary object. + * + * A notification sent to a task can optionally perform an action, such as + * update, overwrite or increment one of the task's notification values. In + * that way task notifications can be used to send data to a task, or be used as + * light weight and fast binary or counting semaphores. + * + * ulTaskNotifyTakeIndexed() is intended for use when a task notification is + * used as a faster and lighter weight binary or counting semaphore alternative. + * Actual FreeRTOS semaphores are taken using the xSemaphoreTake() API function, + * the equivalent action that instead uses a task notification is + * ulTaskNotifyTakeIndexed(). + * + * When a task is using its notification value as a binary or counting semaphore + * other tasks should send notifications to it using the xTaskNotifyGiveIndexed() + * macro, or xTaskNotifyIndex() function with the eAction parameter set to + * eIncrement. + * + * ulTaskNotifyTakeIndexed() can either clear the task's notification value at + * the array index specified by the uxIndexToWaitOn parameter to zero on exit, + * in which case the notification value acts like a binary semaphore, or + * decrement the notification value on exit, in which case the notification + * value acts like a counting semaphore. + * + * A task can use ulTaskNotifyTakeIndexed() to [optionally] block to wait for + * a notification. The task does not consume any CPU time while it is in the + * Blocked state. + * + * Where as xTaskNotifyWaitIndexed() will return when a notification is pending, + * ulTaskNotifyTakeIndexed() will return when the task's notification value is + * not zero. + * + * **NOTE** Each notification within the array operates independently - a task + * can only block on one notification within the array at a time and will not be + * unblocked by a notification sent to any other array index. + * + * Backward compatibility information: + * Prior to FreeRTOS V10.4.0 each task had a single "notification value", and + * all task notification API functions operated on that value. Replacing the + * single notification value with an array of notification values necessitated a + * new set of API functions that could address specific notifications within the + * array. ulTaskNotifyTake() is the original API function, and remains backward + * compatible by always operating on the notification value at index 0 in the + * array. Calling ulTaskNotifyTake() is equivalent to calling + * ulTaskNotifyTakeIndexed() with the uxIndexToWaitOn parameter set to 0. + * + * @param uxIndexToWaitOn The index within the calling task's array of + * notification values on which the calling task will wait for a notification to + * be non-zero. uxIndexToWaitOn must be less than + * configTASK_NOTIFICATION_ARRAY_ENTRIES. xTaskNotifyTake() does + * not have this parameter and always waits for notifications on index 0. + * + * @param xClearCountOnExit if xClearCountOnExit is pdFALSE then the task's + * notification value is decremented when the function exits. In this way the + * notification value acts like a counting semaphore. If xClearCountOnExit is + * not pdFALSE then the task's notification value is cleared to zero when the + * function exits. In this way the notification value acts like a binary + * semaphore. + * + * @param xTicksToWait The maximum amount of time that the task should wait in + * the Blocked state for the task's notification value to be greater than zero, + * should the count not already be greater than zero when + * ulTaskNotifyTake() was called. The task will not consume any processing + * time while it is in the Blocked state. This is specified in kernel ticks, + * the macro pdMS_TO_TICKS( value_in_ms ) can be used to convert a time + * specified in milliseconds to a time specified in ticks. + * + * @return The task's notification count before it is either cleared to zero or + * decremented (see the xClearCountOnExit parameter). + * + * \defgroup ulTaskNotifyTakeIndexed ulTaskNotifyTakeIndexed + * \ingroup TaskNotifications + */ +uint32_t ulTaskGenericNotifyTake( UBaseType_t uxIndexToWaitOn, + BaseType_t xClearCountOnExit, + TickType_t xTicksToWait ) PRIVILEGED_FUNCTION; +#define ulTaskNotifyTake( xClearCountOnExit, xTicksToWait ) \ + ulTaskGenericNotifyTake( ( tskDEFAULT_INDEX_TO_NOTIFY ), ( xClearCountOnExit ), ( xTicksToWait ) ) +#define ulTaskNotifyTakeIndexed( uxIndexToWaitOn, xClearCountOnExit, xTicksToWait ) \ + ulTaskGenericNotifyTake( ( uxIndexToWaitOn ), ( xClearCountOnExit ), ( xTicksToWait ) ) + +/** + * task. h + *
+ * BaseType_t xTaskNotifyStateClearIndexed( TaskHandle_t xTask, UBaseType_t uxIndexToCLear );
+ *
+ * BaseType_t xTaskNotifyStateClear( TaskHandle_t xTask );
+ * 
+ * + * See https://www.FreeRTOS.org/RTOS-task-notifications.html for details. + * + * configUSE_TASK_NOTIFICATIONS must be undefined or defined as 1 for these + * functions to be available. + * + * Each task has a private array of "notification values" (or 'notifications'), + * each of which is a 32-bit unsigned integer (uint32_t). The constant + * configTASK_NOTIFICATION_ARRAY_ENTRIES sets the number of indexes in the + * array, and (for backward compatibility) defaults to 1 if left undefined. + * Prior to FreeRTOS V10.4.0 there was only one notification value per task. + * + * If a notification is sent to an index within the array of notifications then + * the notification at that index is said to be 'pending' until it is read or + * explicitly cleared by the receiving task. xTaskNotifyStateClearIndexed() + * is the function that clears a pending notification without reading the + * notification value. The notification value at the same array index is not + * altered. Set xTask to NULL to clear the notification state of the calling + * task. + * + * Backward compatibility information: + * Prior to FreeRTOS V10.4.0 each task had a single "notification value", and + * all task notification API functions operated on that value. Replacing the + * single notification value with an array of notification values necessitated a + * new set of API functions that could address specific notifications within the + * array. xTaskNotifyStateClear() is the original API function, and remains + * backward compatible by always operating on the notification value at index 0 + * within the array. Calling xTaskNotifyStateClear() is equivalent to calling + * xTaskNotifyStateClearIndexed() with the uxIndexToNotify parameter set to 0. + * + * @param xTask The handle of the RTOS task that will have a notification state + * cleared. Set xTask to NULL to clear a notification state in the calling + * task. To obtain a task's handle create the task using xTaskCreate() and + * make use of the pxCreatedTask parameter, or create the task using + * xTaskCreateStatic() and store the returned value, or use the task's name in + * a call to xTaskGetHandle(). + * + * @param uxIndexToClear The index within the target task's array of + * notification values to act upon. For example, setting uxIndexToClear to 1 + * will clear the state of the notification at index 1 within the array. + * uxIndexToClear must be less than configTASK_NOTIFICATION_ARRAY_ENTRIES. + * ulTaskNotifyStateClear() does not have this parameter and always acts on the + * notification at index 0. + * + * @return pdTRUE if the task's notification state was set to + * eNotWaitingNotification, otherwise pdFALSE. + * + * \defgroup xTaskNotifyStateClearIndexed xTaskNotifyStateClearIndexed + * \ingroup TaskNotifications + */ +BaseType_t xTaskGenericNotifyStateClear( TaskHandle_t xTask, + UBaseType_t uxIndexToClear ) PRIVILEGED_FUNCTION; +#define xTaskNotifyStateClear( xTask ) \ + xTaskGenericNotifyStateClear( ( xTask ), ( tskDEFAULT_INDEX_TO_NOTIFY ) ) +#define xTaskNotifyStateClearIndexed( xTask, uxIndexToClear ) \ + xTaskGenericNotifyStateClear( ( xTask ), ( uxIndexToClear ) ) + +/** + * task. h + *
+ * uint32_t ulTaskNotifyValueClearIndexed( TaskHandle_t xTask, UBaseType_t uxIndexToClear, uint32_t ulBitsToClear );
+ *
+ * uint32_t ulTaskNotifyValueClear( TaskHandle_t xTask, uint32_t ulBitsToClear );
+ * 
+ * + * See https://www.FreeRTOS.org/RTOS-task-notifications.html for details. + * + * configUSE_TASK_NOTIFICATIONS must be undefined or defined as 1 for these + * functions to be available. + * + * Each task has a private array of "notification values" (or 'notifications'), + * each of which is a 32-bit unsigned integer (uint32_t). The constant + * configTASK_NOTIFICATION_ARRAY_ENTRIES sets the number of indexes in the + * array, and (for backward compatibility) defaults to 1 if left undefined. + * Prior to FreeRTOS V10.4.0 there was only one notification value per task. + * + * ulTaskNotifyValueClearIndexed() clears the bits specified by the + * ulBitsToClear bit mask in the notification value at array index uxIndexToClear + * of the task referenced by xTask. + * + * Backward compatibility information: + * Prior to FreeRTOS V10.4.0 each task had a single "notification value", and + * all task notification API functions operated on that value. Replacing the + * single notification value with an array of notification values necessitated a + * new set of API functions that could address specific notifications within the + * array. ulTaskNotifyValueClear() is the original API function, and remains + * backward compatible by always operating on the notification value at index 0 + * within the array. Calling ulTaskNotifyValueClear() is equivalent to calling + * ulTaskNotifyValueClearIndexed() with the uxIndexToClear parameter set to 0. + * + * @param xTask The handle of the RTOS task that will have bits in one of its + * notification values cleared. Set xTask to NULL to clear bits in a + * notification value of the calling task. To obtain a task's handle create the + * task using xTaskCreate() and make use of the pxCreatedTask parameter, or + * create the task using xTaskCreateStatic() and store the returned value, or + * use the task's name in a call to xTaskGetHandle(). + * + * @param uxIndexToClear The index within the target task's array of + * notification values in which to clear the bits. uxIndexToClear + * must be less than configTASK_NOTIFICATION_ARRAY_ENTRIES. + * ulTaskNotifyValueClear() does not have this parameter and always clears bits + * in the notification value at index 0. + * + * @param ulBitsToClear Bit mask of the bits to clear in the notification value of + * xTask. Set a bit to 1 to clear the corresponding bits in the task's notification + * value. Set ulBitsToClear to 0xffffffff (UINT_MAX on 32-bit architectures) to clear + * the notification value to 0. Set ulBitsToClear to 0 to query the task's + * notification value without clearing any bits. + * + * + * @return The value of the target task's notification value before the bits + * specified by ulBitsToClear were cleared. + * \defgroup ulTaskNotifyValueClear ulTaskNotifyValueClear + * \ingroup TaskNotifications + */ +uint32_t ulTaskGenericNotifyValueClear( TaskHandle_t xTask, + UBaseType_t uxIndexToClear, + uint32_t ulBitsToClear ) PRIVILEGED_FUNCTION; +#define ulTaskNotifyValueClear( xTask, ulBitsToClear ) \ + ulTaskGenericNotifyValueClear( ( xTask ), ( tskDEFAULT_INDEX_TO_NOTIFY ), ( ulBitsToClear ) ) +#define ulTaskNotifyValueClearIndexed( xTask, uxIndexToClear, ulBitsToClear ) \ + ulTaskGenericNotifyValueClear( ( xTask ), ( uxIndexToClear ), ( ulBitsToClear ) ) + +/** + * task.h + *
+ * void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut );
+ * 
+ * + * Capture the current time for future use with xTaskCheckForTimeOut(). + * + * @param pxTimeOut Pointer to a timeout object into which the current time + * is to be captured. The captured time includes the tick count and the number + * of times the tick count has overflowed since the system first booted. + * \defgroup vTaskSetTimeOutState vTaskSetTimeOutState + * \ingroup TaskCtrl + */ +void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut ) PRIVILEGED_FUNCTION; + +/** + * task.h + *
+ * BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut, TickType_t * const pxTicksToWait );
+ * 
+ * + * Determines if pxTicksToWait ticks has passed since a time was captured + * using a call to vTaskSetTimeOutState(). The captured time includes the tick + * count and the number of times the tick count has overflowed. + * + * @param pxTimeOut The time status as captured previously using + * vTaskSetTimeOutState. If the timeout has not yet occurred, it is updated + * to reflect the current time status. + * @param pxTicksToWait The number of ticks to check for timeout i.e. if + * pxTicksToWait ticks have passed since pxTimeOut was last updated (either by + * vTaskSetTimeOutState() or xTaskCheckForTimeOut()), the timeout has occurred. + * If the timeout has not occurred, pxTicksToWait is updated to reflect the + * number of remaining ticks. + * + * @return If timeout has occurred, pdTRUE is returned. Otherwise pdFALSE is + * returned and pxTicksToWait is updated to reflect the number of remaining + * ticks. + * + * @see https://www.FreeRTOS.org/xTaskCheckForTimeOut.html + * + * Example Usage: + *
+ *  // Driver library function used to receive uxWantedBytes from an Rx buffer
+ *  // that is filled by a UART interrupt. If there are not enough bytes in the
+ *  // Rx buffer then the task enters the Blocked state until it is notified that
+ *  // more data has been placed into the buffer. If there is still not enough
+ *  // data then the task re-enters the Blocked state, and xTaskCheckForTimeOut()
+ *  // is used to re-calculate the Block time to ensure the total amount of time
+ *  // spent in the Blocked state does not exceed MAX_TIME_TO_WAIT. This
+ *  // continues until either the buffer contains at least uxWantedBytes bytes,
+ *  // or the total amount of time spent in the Blocked state reaches
+ *  // MAX_TIME_TO_WAIT – at which point the task reads however many bytes are
+ *  // available up to a maximum of uxWantedBytes.
+ *
+ *  size_t xUART_Receive( uint8_t *pucBuffer, size_t uxWantedBytes )
+ *  {
+ *  size_t uxReceived = 0;
+ *  TickType_t xTicksToWait = MAX_TIME_TO_WAIT;
+ *  TimeOut_t xTimeOut;
+ *
+ *      // Initialize xTimeOut.  This records the time at which this function
+ *      // was entered.
+ *      vTaskSetTimeOutState( &xTimeOut );
+ *
+ *      // Loop until the buffer contains the wanted number of bytes, or a
+ *      // timeout occurs.
+ *      while( UART_bytes_in_rx_buffer( pxUARTInstance ) < uxWantedBytes )
+ *      {
+ *          // The buffer didn't contain enough data so this task is going to
+ *          // enter the Blocked state. Adjusting xTicksToWait to account for
+ *          // any time that has been spent in the Blocked state within this
+ *          // function so far to ensure the total amount of time spent in the
+ *          // Blocked state does not exceed MAX_TIME_TO_WAIT.
+ *          if( xTaskCheckForTimeOut( &xTimeOut, &xTicksToWait ) != pdFALSE )
+ *          {
+ *              //Timed out before the wanted number of bytes were available,
+ *              // exit the loop.
+ *              break;
+ *          }
+ *
+ *          // Wait for a maximum of xTicksToWait ticks to be notified that the
+ *          // receive interrupt has placed more data into the buffer.
+ *          ulTaskNotifyTake( pdTRUE, xTicksToWait );
+ *      }
+ *
+ *      // Attempt to read uxWantedBytes from the receive buffer into pucBuffer.
+ *      // The actual number of bytes read (which might be less than
+ *      // uxWantedBytes) is returned.
+ *      uxReceived = UART_read_from_receive_buffer( pxUARTInstance,
+ *                                                  pucBuffer,
+ *                                                  uxWantedBytes );
+ *
+ *      return uxReceived;
+ *  }
+ * 
+ * \defgroup xTaskCheckForTimeOut xTaskCheckForTimeOut + * \ingroup TaskCtrl + */ +BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut, + TickType_t * const pxTicksToWait ) PRIVILEGED_FUNCTION; + +/** + * task.h + *
+ * BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp );
+ * 
+ * + * This function corrects the tick count value after the application code has held + * interrupts disabled for an extended period resulting in tick interrupts having + * been missed. + * + * This function is similar to vTaskStepTick(), however, unlike + * vTaskStepTick(), xTaskCatchUpTicks() may move the tick count forward past a + * time at which a task should be removed from the blocked state. That means + * tasks may have to be removed from the blocked state as the tick count is + * moved. + * + * @param xTicksToCatchUp The number of tick interrupts that have been missed due to + * interrupts being disabled. Its value is not computed automatically, so must be + * computed by the application writer. + * + * @return pdTRUE if moving the tick count forward resulted in a task leaving the + * blocked state and a context switch being performed. Otherwise pdFALSE. + * + * \defgroup xTaskCatchUpTicks xTaskCatchUpTicks + * \ingroup TaskCtrl + */ +BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp ) PRIVILEGED_FUNCTION; + + +/*----------------------------------------------------------- +* SCHEDULER INTERNALS AVAILABLE FOR PORTING PURPOSES +*----------------------------------------------------------*/ + +/* + * THIS FUNCTION MUST NOT BE USED FROM APPLICATION CODE. IT IS ONLY + * INTENDED FOR USE WHEN IMPLEMENTING A PORT OF THE SCHEDULER AND IS + * AN INTERFACE WHICH IS FOR THE EXCLUSIVE USE OF THE SCHEDULER. + * + * Called from the real time kernel tick (either preemptive or cooperative), + * this increments the tick count and checks if any tasks that are blocked + * for a finite period required removing from a blocked list and placing on + * a ready list. If a non-zero value is returned then a context switch is + * required because either: + * + A task was removed from a blocked list because its timeout had expired, + * or + * + Time slicing is in use and there is a task of equal priority to the + * currently running task. + */ +BaseType_t xTaskIncrementTick( void ) PRIVILEGED_FUNCTION; + +/* + * THIS FUNCTION MUST NOT BE USED FROM APPLICATION CODE. IT IS AN + * INTERFACE WHICH IS FOR THE EXCLUSIVE USE OF THE SCHEDULER. + * + * THIS FUNCTION MUST BE CALLED WITH INTERRUPTS DISABLED. + * + * Removes the calling task from the ready list and places it both + * on the list of tasks waiting for a particular event, and the + * list of delayed tasks. The task will be removed from both lists + * and replaced on the ready list should either the event occur (and + * there be no higher priority tasks waiting on the same event) or + * the delay period expires. + * + * The 'unordered' version replaces the event list item value with the + * xItemValue value, and inserts the list item at the end of the list. + * + * The 'ordered' version uses the existing event list item value (which is the + * owning task's priority) to insert the list item into the event list in task + * priority order. + * + * @param pxEventList The list containing tasks that are blocked waiting + * for the event to occur. + * + * @param xItemValue The item value to use for the event list item when the + * event list is not ordered by task priority. + * + * @param xTicksToWait The maximum amount of time that the task should wait + * for the event to occur. This is specified in kernel ticks, the constant + * portTICK_PERIOD_MS can be used to convert kernel ticks into a real time + * period. + */ +void vTaskPlaceOnEventList( List_t * const pxEventList, + const TickType_t xTicksToWait ) PRIVILEGED_FUNCTION; +void vTaskPlaceOnUnorderedEventList( List_t * pxEventList, + const TickType_t xItemValue, + const TickType_t xTicksToWait ) PRIVILEGED_FUNCTION; + +/* + * THIS FUNCTION MUST NOT BE USED FROM APPLICATION CODE. IT IS AN + * INTERFACE WHICH IS FOR THE EXCLUSIVE USE OF THE SCHEDULER. + * + * THIS FUNCTION MUST BE CALLED WITH INTERRUPTS DISABLED. + * + * This function performs nearly the same function as vTaskPlaceOnEventList(). + * The difference being that this function does not permit tasks to block + * indefinitely, whereas vTaskPlaceOnEventList() does. + * + */ +void vTaskPlaceOnEventListRestricted( List_t * const pxEventList, + TickType_t xTicksToWait, + const BaseType_t xWaitIndefinitely ) PRIVILEGED_FUNCTION; + +/* + * THIS FUNCTION MUST NOT BE USED FROM APPLICATION CODE. IT IS AN + * INTERFACE WHICH IS FOR THE EXCLUSIVE USE OF THE SCHEDULER. + * + * THIS FUNCTION MUST BE CALLED WITH INTERRUPTS DISABLED. + * + * Removes a task from both the specified event list and the list of blocked + * tasks, and places it on a ready queue. + * + * xTaskRemoveFromEventList()/vTaskRemoveFromUnorderedEventList() will be called + * if either an event occurs to unblock a task, or the block timeout period + * expires. + * + * xTaskRemoveFromEventList() is used when the event list is in task priority + * order. It removes the list item from the head of the event list as that will + * have the highest priority owning task of all the tasks on the event list. + * vTaskRemoveFromUnorderedEventList() is used when the event list is not + * ordered and the event list items hold something other than the owning tasks + * priority. In this case the event list item value is updated to the value + * passed in the xItemValue parameter. + * + * @return pdTRUE if the task being removed has a higher priority than the task + * making the call, otherwise pdFALSE. + */ +BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList ) PRIVILEGED_FUNCTION; +void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem, + const TickType_t xItemValue ) PRIVILEGED_FUNCTION; + +/* + * THIS FUNCTION MUST NOT BE USED FROM APPLICATION CODE. IT IS ONLY + * INTENDED FOR USE WHEN IMPLEMENTING A PORT OF THE SCHEDULER AND IS + * AN INTERFACE WHICH IS FOR THE EXCLUSIVE USE OF THE SCHEDULER. + * + * Sets the pointer to the current TCB to the TCB of the highest priority task + * that is ready to run. + */ +portDONT_DISCARD void vTaskSwitchContext( BaseType_t xCoreID ) PRIVILEGED_FUNCTION; + +/* + * THESE FUNCTIONS MUST NOT BE USED FROM APPLICATION CODE. THEY ARE USED BY + * THE EVENT BITS MODULE. + */ +TickType_t uxTaskResetEventItemValue( void ) PRIVILEGED_FUNCTION; + +/* + * Return the handle of the calling task. + */ +TaskHandle_t xTaskGetCurrentTaskHandle( void ) PRIVILEGED_FUNCTION; + +/* + * Return the handle of the task running on specified core. + */ +TaskHandle_t xTaskGetCurrentTaskHandleCPU( UBaseType_t xCoreID ) PRIVILEGED_FUNCTION; + +/* + * Shortcut used by the queue implementation to prevent unnecessary call to + * taskYIELD(); + */ +void vTaskMissedYield( void ) PRIVILEGED_FUNCTION; + +/* + * Returns the scheduler state as taskSCHEDULER_RUNNING, + * taskSCHEDULER_NOT_STARTED or taskSCHEDULER_SUSPENDED. + */ +BaseType_t xTaskGetSchedulerState( void ) PRIVILEGED_FUNCTION; + +/* + * Raises the priority of the mutex holder to that of the calling task should + * the mutex holder have a priority less than the calling task. + */ +BaseType_t xTaskPriorityInherit( TaskHandle_t const pxMutexHolder ) PRIVILEGED_FUNCTION; + +/* + * Set the priority of a task back to its proper priority in the case that it + * inherited a higher priority while it was holding a semaphore. + */ +BaseType_t xTaskPriorityDisinherit( TaskHandle_t const pxMutexHolder ) PRIVILEGED_FUNCTION; + +/* + * If a higher priority task attempting to obtain a mutex caused a lower + * priority task to inherit the higher priority task's priority - but the higher + * priority task then timed out without obtaining the mutex, then the lower + * priority task will disinherit the priority again - but only down as far as + * the highest priority task that is still waiting for the mutex (if there were + * more than one task waiting for the mutex). + */ +void vTaskPriorityDisinheritAfterTimeout( TaskHandle_t const pxMutexHolder, + UBaseType_t uxHighestPriorityWaitingTask ) PRIVILEGED_FUNCTION; + +/* + * Get the uxTCBNumber assigned to the task referenced by the xTask parameter. + */ +UBaseType_t uxTaskGetTaskNumber( TaskHandle_t xTask ) PRIVILEGED_FUNCTION; + +/* + * Set the uxTaskNumber of the task referenced by the xTask parameter to + * uxHandle. + */ +void vTaskSetTaskNumber( TaskHandle_t xTask, + const UBaseType_t uxHandle ) PRIVILEGED_FUNCTION; + +/* + * Only available when configUSE_TICKLESS_IDLE is set to 1. + * If tickless mode is being used, or a low power mode is implemented, then + * the tick interrupt will not execute during idle periods. When this is the + * case, the tick count value maintained by the scheduler needs to be kept up + * to date with the actual execution time by being skipped forward by a time + * equal to the idle period. + */ +void vTaskStepTick( const TickType_t xTicksToJump ) PRIVILEGED_FUNCTION; + +/* + * Only available when configUSE_TICKLESS_IDLE is set to 1. + * Provided for use within portSUPPRESS_TICKS_AND_SLEEP() to allow the port + * specific sleep function to determine if it is ok to proceed with the sleep, + * and if it is ok to proceed, if it is ok to sleep indefinitely. + * + * This function is necessary because portSUPPRESS_TICKS_AND_SLEEP() is only + * called with the scheduler suspended, not from within a critical section. It + * is therefore possible for an interrupt to request a context switch between + * portSUPPRESS_TICKS_AND_SLEEP() and the low power mode actually being + * entered. eTaskConfirmSleepModeStatus() should be called from a short + * critical section between the timer being stopped and the sleep mode being + * entered to ensure it is ok to proceed into the sleep mode. + */ +eSleepModeStatus eTaskConfirmSleepModeStatus( void ) PRIVILEGED_FUNCTION; + +/* + * For internal use only. Increment the mutex held count when a mutex is + * taken and return the handle of the task that has taken the mutex. + */ +TaskHandle_t pvTaskIncrementMutexHeldCount( void ) PRIVILEGED_FUNCTION; + +/* + * For internal use only. Same as vTaskSetTimeOutState(), but without a critical + * section. + */ +void vTaskInternalSetTimeOutState( TimeOut_t * const pxTimeOut ) PRIVILEGED_FUNCTION; + +/* + * For internal use only. Same as portYIELD_WITHIN_API() in single core FreeRTOS. + * For SMP this is not defined by the port. + */ +void vTaskYieldWithinAPI( void ); + +/* *INDENT-OFF* */ +#ifdef __cplusplus + } +#endif +/* *INDENT-ON* */ +#endif /* INC_TASK_H */ diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/src/list.c b/Test/VeriFast/tasks/vTaskSwitchContext/src/list.c new file mode 100644 index 00000000000..5532d8e59e6 --- /dev/null +++ b/Test/VeriFast/tasks/vTaskSwitchContext/src/list.c @@ -0,0 +1,1081 @@ +/* + * FreeRTOS SMP Kernel V202110.00 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * https://www.FreeRTOS.org + * https://github.com/FreeRTOS + * + */ + + +#include + +/* Defining MPU_WRAPPERS_INCLUDED_FROM_API_FILE prevents task.h from redefining + * all the API functions to use the MPU wrappers. That should only be done when + * task.h is included from an application file. */ +#define MPU_WRAPPERS_INCLUDED_FROM_API_FILE + +#include "FreeRTOS.h" +#include "list.h" + +/* Lint e9021, e961 and e750 are suppressed as a MISRA exception justified + * because the MPU ports require MPU_WRAPPERS_INCLUDED_FROM_API_FILE to be + * defined for the header files above, but not in this file, in order to + * generate the correct privileged Vs unprivileged linkage and placement. */ +#undef MPU_WRAPPERS_INCLUDED_FROM_API_FILE /*lint !e961 !e750 !e9021. */ + +/*----------------------------------------------------------- +* PUBLIC LIST API documented in list.h +*----------------------------------------------------------*/ + +void vListInitialise( List_t * const pxList ) +{ + /* The list structure contains a list item which is used to mark the + * end of the list. To initialise the list the list end is inserted + * as the only list entry. */ + pxList->pxIndex = ( ListItem_t * ) &( pxList->xListEnd ); /*lint !e826 !e740 !e9087 The mini list structure is used as the list end to save RAM. This is checked and valid. */ + + /* The list end value is the highest possible value in the list to + * ensure it remains at the end of the list. */ + pxList->xListEnd.xItemValue = portMAX_DELAY; + + /* The list end next and previous pointers point to itself so we know + * when the list is empty. */ + pxList->xListEnd.pxNext = ( ListItem_t * ) &( pxList->xListEnd ); /*lint !e826 !e740 !e9087 The mini list structure is used as the list end to save RAM. This is checked and valid. */ + pxList->xListEnd.pxPrevious = ( ListItem_t * ) &( pxList->xListEnd ); /*lint !e826 !e740 !e9087 The mini list structure is used as the list end to save RAM. This is checked and valid. */ + + pxList->uxNumberOfItems = ( UBaseType_t ) 0U; + + /* Write known values into the list if + * configUSE_LIST_DATA_INTEGRITY_CHECK_BYTES is set to 1. */ + listSET_LIST_INTEGRITY_CHECK_1_VALUE( pxList ); + listSET_LIST_INTEGRITY_CHECK_2_VALUE( pxList ); +} +/*-----------------------------------------------------------*/ + +void vListInitialiseItem( ListItem_t * const pxItem ) +//@ requires pxItem->pxContainer |-> _; +//@ ensures pxItem->pxContainer |-> 0; +{ + /* Make sure the list item is not recorded as being on a list. */ + pxItem->pxContainer = NULL; + + /* Write known values into the list item if + * configUSE_LIST_DATA_INTEGRITY_CHECK_BYTES is set to 1. */ + listSET_FIRST_LIST_ITEM_INTEGRITY_CHECK_VALUE( pxItem ); + listSET_SECOND_LIST_ITEM_INTEGRITY_CHECK_VALUE( pxItem ); +} +/*-----------------------------------------------------------*/ + +void vListInsertEnd( List_t * const pxList, + ListItem_t * const pxNewListItem ) +#ifndef VERIFAST_SINGLE_CORE + /* Reason for rewrite: + * Predicates `xLIST_ITEM`, `DLS` and `xLIST` have been extended to expose + * node owners. Proofs using these predicates must be adapted as well. + */ + + // TODO: Adapt contract and proof to new version of predicates. + + /*@requires xLIST(pxList, ?len, ?idx, ?end, ?cells, ?vals, ?owners) &*& + xLIST_ITEM(pxNewListItem, ?val, _, _, ?ow, _) &*& + len < INT_MAX;@*/ + /*@ensures xLIST(pxList, len+1, idx, end, ?new_cells, ?new_vals, ?new_owners) &*& + idx == end + ? (new_cells == append(cells, singleton(pxNewListItem)) &*& + new_vals == append(vals, singleton(val)) &*& + new_owners == append(owners, singleton(ow))) + : (new_cells == append(take(index_of(idx, cells), cells), append(singleton(pxNewListItem), drop(index_of(idx, cells), cells))) &*& + new_vals == append(take(index_of(idx, cells), vals), append(singleton(val), drop(index_of(idx, cells), vals))) &*& + new_owners == append(take(index_of(idx, cells), owners), append(singleton(ow), drop(index_of(idx, cells), owners))));@*/ + { + /*@xLIST_star_item(pxList, pxNewListItem);@*/ + /*@assert mem(pxNewListItem, cells) == false;@*/ + /*@open xLIST(pxList, len, idx, end, cells, vals, owners);@*/ + #ifdef VERIFAST /*< const pointer declaration */ + ListItem_t * pxIndex = pxList->pxIndex; + #else + ListItem_t * const pxIndex = pxList->pxIndex; + + /* Only effective when configASSERT() is also defined, these tests may catch + * the list data structures being overwritten in memory. They will not catch + * data errors caused by incorrect configuration or use of FreeRTOS. */ + listTEST_LIST_INTEGRITY( pxList ); + listTEST_LIST_ITEM_INTEGRITY( pxNewListItem ); + #endif + + /*@open xLIST_ITEM(pxNewListItem, _, _, _, _, _);@*/ + /*@assert DLS(end, ?endprev, end, _, cells, vals, owners, pxList);@*/ + /*@dls_first_mem(end, endprev, end, endprev, cells);@*/ + /*@dls_last_mem(end, endprev, end, endprev, cells);@*/ + /*@ + if (end == idx) + { + open DLS(end, endprev, end, endprev, cells, vals, owners, pxList); + open xLIST_ITEM(end, portMAX_DELAY, ?endnext, endprev, head(owners), pxList); + if (end == endprev) + { + // Case A (singleton): idx==end==endprev + } + else + { + assert DLS(endnext, end, end, endprev, tail(cells), tail(vals), tail(owners), pxList); + if (endnext == endprev) + { + // Case B (two): idx==end and endnext==endprev + open DLS(endnext, end, end, endnext, _, _, _, _); + open xLIST_ITEM(endnext, _, _, _, _, _); + } + else + { + // Case C: idx==end and DLS:endnext...endprev + split(endnext, end, end, endprev, tail(cells), tail(vals), endprev, index_of(endprev, tail(cells))); + open DLS(endprev, _, _, _, _, _, _, _); + open xLIST_ITEM(endprev, _, _, _, _, _); + } + } + } + else + { + int i = index_of(idx, cells); + split(end, endprev, end, endprev, cells, vals, idx, i); + assert DLS(end, endprev, idx, ?idxprev, take(i, cells), take(i, vals), take(i, owners), pxList); + assert DLS(idx, idxprev, end, endprev, drop(i, cells), drop(i, vals), drop(i, owners), pxList); + open DLS(idx, idxprev, end, endprev, _, _, _, _); + open xLIST_ITEM(idx, _, _, _, _, _); + if (end == idxprev) + { + // Case D: end==idxprev and DLS:idx...endprev + take_take(1, i, vals); + take_head(vals); + open DLS(end, endprev, idx, idxprev, take(i, cells), take(i, vals), take(i, owners), pxList); + open xLIST_ITEM(end, portMAX_DELAY, _, _, _, _); + assert length(take(i, cells)) == 1; + } + else + { + // Case E: DLS:end...idxprev and DLS:idx...endprev + dls_last_mem(end, endprev, idx, idxprev, take(i, cells)); + split(end, endprev, idx, idxprev, take(i, cells), take(i, vals), idxprev, index_of(idxprev, take(i, cells))); + open DLS(idxprev, _, _, idxprev, _, _, _, _); + length_take(i, cells); + drop_take_singleton(i, vals); + drop_take_singleton(i, owners); + open xLIST_ITEM(idxprev, nth(i-1, vals), _, _, _, _); + } + } + @*/ + + /* Insert a new list item into pxList, but rather than sort the list, + * makes the new list item the last item to be removed by a call to + * listGET_OWNER_OF_NEXT_ENTRY(). */ + pxNewListItem->pxNext = pxIndex; + pxNewListItem->pxPrevious = pxIndex->pxPrevious; + + /* Only used during decision coverage testing. */ + mtCOVERAGE_TEST_DELAY(); + + pxIndex->pxPrevious->pxNext = pxNewListItem; + pxIndex->pxPrevious = pxNewListItem; + + /* Remember which list the item is in. */ + pxNewListItem->pxContainer = pxList; + + ( pxList->uxNumberOfItems )++; + + /*@ + if (end == idx) + { + close xLIST_ITEM(pxNewListItem, val, end, endprev, ow, pxList); + close DLS(pxNewListItem, endprev, end, pxNewListItem, singleton(pxNewListItem), singleton(val), singleton(ow), pxList); + close xLIST_ITEM(end, portMAX_DELAY, ?endnext, pxNewListItem, head(owners), pxList); + if (end == endprev) + { + // Case A (singleton): idx==end==endprev + close DLS(end, pxNewListItem, endnext, end, cells, vals, owners, pxList); + join(end, pxNewListItem, endnext, end, cells, vals, + pxNewListItem, endprev, end, pxNewListItem, singleton(pxNewListItem), singleton(val)); + close xLIST(pxList, len+1, idx, end, append(cells, singleton(pxNewListItem)), append(vals, singleton(val)), append(owners, singleton(ow))); + } + else + { + close xLIST_ITEM(endprev, ?endprevval, pxNewListItem, ?endprevprev, ?endprevowner, _); + if (endnext == endprev) + { + // Case B (two): idx==end and endnext==endprev + close DLS(endprev, end, pxNewListItem, endprev, singleton(endprev), singleton(endprevval), singleton(endprevowner), pxList); + close DLS(end, pxNewListItem, pxNewListItem, endprev, cells, vals, owners, pxList); + join(end, pxNewListItem, pxNewListItem, endprev, cells, vals, + pxNewListItem, endprev, end, pxNewListItem, singleton(pxNewListItem), singleton(val)); + close xLIST(pxList, len+1, idx, end, append(cells, singleton(pxNewListItem)), append(vals, singleton(val)), append(owners, singleton(ow))); + } + else + { + // Case C: idx==end and DLS:endnext...endprev + close DLS(endprev, endprevprev, pxNewListItem, endprev, singleton(endprev), singleton(endprevval), singleton(endprevowner), pxList); + assert DLS(endnext, end, endprev, endprevprev, ?cells_endnext_to_endprevprev, ?vals_endnext_to_endprevprev, _, pxList); + join(endnext, end, endprev, endprevprev, cells_endnext_to_endprevprev, vals_endnext_to_endprevprev, + endprev, endprevprev, pxNewListItem, endprev, singleton(endprev), singleton(endprevval)); + close DLS(end, pxNewListItem, pxNewListItem, endprev, cells, vals, owners, pxList); + join(end, pxNewListItem, pxNewListItem, endprev, cells, vals, + pxNewListItem, endprev, end, pxNewListItem, singleton(pxNewListItem), singleton(val)); + close xLIST(pxList, len+1, idx, end, append(cells, singleton(pxNewListItem)), append(vals, singleton(val)), append(owners, singleton(ow))); + } + } + } + else + { + // Case D: end==idxprev and DLS:idx...endprev + // Case E: DLS:end...idxprev and DLS:idx...endprev + int i = index_of(idx, cells); + close xLIST_ITEM(pxNewListItem, val, idx, ?idxprev, ow, pxList); + close xLIST_ITEM(idx, ?idxval, ?idxnext, pxNewListItem, ?idxowner, pxList); + nth_drop2(vals, i); + assert idxval == nth(i, vals); + nth_drop2(owners, i); + assert idxowner == nth(i, owners); + close xLIST_ITEM(idxprev, ?idxprevval, pxNewListItem, ?idxprevprev, ?idxprevowner, pxList); + + if (end == idxprev) + { + close DLS(end, endprev, pxNewListItem, end, singleton(end), singleton(portMAX_DELAY), singleton(head(owners)), pxList); + } + else + { + length_take(i, cells); + take_take(i-1, i, vals); + take_singleton(i-1, vals); + take_singleton(i, vals); + take_take(i-1, i, owners); + take_singleton(i-1, owners); + take_singleton(i, owners); + assert DLS(end, endprev, idxprev, idxprevprev, ?cells_end_to_idxprevprev, take(i-1, vals), take(i-1, owners), pxList); + close DLS(idxprev, idxprevprev, pxNewListItem, idxprev, singleton(idxprev), singleton(idxprevval), singleton(idxprevowner), pxList); + join(end, endprev, idxprev, idxprevprev, cells_end_to_idxprevprev, take(i-1, vals), + idxprev, idxprevprev, pxNewListItem, idxprev, singleton(idxprev), singleton(idxprevval)); + } + + if (idx == endprev) + { + close DLS(idx, pxNewListItem, end, idx, singleton(idx), singleton(idxval), singleton(idxowner), pxList); + } + else + { + assert DLS(end, endprev, pxNewListItem, idxprev, ?cells_end_to_idxprev, ?vals_end_to_idxprev, _, pxList); + close DLS(idx, pxNewListItem, end, endprev, drop(i, cells), drop(i, vals), drop(i, owners), pxList); + } + + assert DLS(end, endprev, pxNewListItem, idxprev, take(i, cells), take(i, vals), take(i, owners), pxList); + assert DLS(idx, pxNewListItem, end, endprev, drop(i, cells), drop(i, vals), drop(i, owners), pxList); + assert xLIST_ITEM(pxNewListItem, val, idx, idxprev, ow, pxList); + dls_star_item(idx, endprev, pxNewListItem); + close DLS(pxNewListItem, idxprev, end, endprev, cons(pxNewListItem, drop(i, cells)), cons(val, drop(i, vals)), cons(ow, drop(i, owners)), pxList); + join(end, endprev, pxNewListItem, idxprev, take(i, cells), take(i, vals), + pxNewListItem, idxprev, end, endprev, cons(pxNewListItem, drop(i, cells)), cons(val, drop(i, vals))); + assert DLS(end, endprev, end, endprev, ?cells_new, ?vals_new, ?owners_new, pxList); + assert cells_new == append(take(i, cells), append(singleton(pxNewListItem), drop(i, cells))); + assert vals_new == append(take(i, vals) , append(singleton(val), drop(i, vals))); + assert owners_new == append(take(i, owners) , append(singleton(ow), drop(i, owners))); + head_append(take(i, cells), append(singleton(pxNewListItem), drop(i, cells))); + take_take(1, i, cells); + head_append(take(i, vals), append(singleton(val), drop(i, vals))); + take_take(1, i, vals); + close xLIST(pxList, len+1, idx, end, cells_new, vals_new, owners_new); + } + @*/ + } +#else + /* The contract and proof below have been wirtten by Aalok Thakkar and Nathan + * Chong in 2020 for the single-core setup. + */ + /*@requires xLIST(pxList, ?len, ?idx, ?end, ?cells, ?vals) &*& + xLIST_ITEM(pxNewListItem, ?val, _, _, _);@*/ + /*@ensures xLIST(pxList, len+1, idx, end, ?new_cells, ?new_vals) &*& + idx == end + ? (new_cells == append(cells, singleton(pxNewListItem)) &*& + new_vals == append(vals, singleton(val))) + : (new_cells == append(take(index_of(idx, cells), cells), append(singleton(pxNewListItem), drop(index_of(idx, cells), cells))) &*& + new_vals == append(take(index_of(idx, cells), vals), append(singleton(val), drop(index_of(idx, cells), vals))));@*/ + { + /*@xLIST_star_item(pxList, pxNewListItem);@*/ + /*@assert mem(pxNewListItem, cells) == false;@*/ + /*@open xLIST(pxList, len, idx, end, cells, vals);@*/ + #ifdef VERIFAST /*< const pointer declaration */ + ListItem_t * pxIndex = pxList->pxIndex; + #else + ListItem_t * const pxIndex = pxList->pxIndex; + + /* Only effective when configASSERT() is also defined, these tests may catch + * the list data structures being overwritten in memory. They will not catch + * data errors caused by incorrect configuration or use of FreeRTOS. */ + listTEST_LIST_INTEGRITY( pxList ); + listTEST_LIST_ITEM_INTEGRITY( pxNewListItem ); + #endif + + /*@open xLIST_ITEM(pxNewListItem, _, _, _, _);@*/ + /*@assert DLS(end, ?endprev, end, _, cells, vals, pxList);@*/ + /*@dls_first_mem(end, endprev, end, endprev, cells);@*/ + /*@dls_last_mem(end, endprev, end, endprev, cells);@*/ + /*@ + if (end == idx) + { + open DLS(end, endprev, end, endprev, cells, vals, pxList); + open xLIST_ITEM(end, portMAX_DELAY, ?endnext, endprev, pxList); + if (end == endprev) + { + // Case A (singleton): idx==end==endprev + } + else + { + assert DLS(endnext, end, end, endprev, tail(cells), tail(vals), pxList); + if (endnext == endprev) + { + // Case B (two): idx==end and endnext==endprev + open DLS(endnext, end, end, endnext, _, _, _); + open xLIST_ITEM(endnext, _, _, _, _); + } + else + { + // Case C: idx==end and DLS:endnext...endprev + split(endnext, end, end, endprev, tail(cells), tail(vals), endprev, index_of(endprev, tail(cells))); + open DLS(endprev, _, _, _, _, _, _); + open xLIST_ITEM(endprev, _, _, _, _); + } + } + } + else + { + int i = index_of(idx, cells); + split(end, endprev, end, endprev, cells, vals, idx, i); + assert DLS(end, endprev, idx, ?idxprev, take(i, cells), take(i, vals), pxList); + assert DLS(idx, idxprev, end, endprev, drop(i, cells), drop(i, vals), pxList); + open DLS(idx, idxprev, end, endprev, _, _, _); + open xLIST_ITEM(idx, _, _, _, _); + if (end == idxprev) + { + // Case D: end==idxprev and DLS:idx...endprev + take_take(1, i, vals); + take_head(vals); + open DLS(end, endprev, idx, idxprev, take(i, cells), take(i, vals), pxList); + open xLIST_ITEM(end, portMAX_DELAY, _, _, _); + assert length(take(i, cells)) == 1; + } + else + { + // Case E: DLS:end...idxprev and DLS:idx...endprev + dls_last_mem(end, endprev, idx, idxprev, take(i, cells)); + split(end, endprev, idx, idxprev, take(i, cells), take(i, vals), idxprev, index_of(idxprev, take(i, cells))); + open DLS(idxprev, _, _, idxprev, _, _, _); + length_take(i, cells); + drop_take_singleton(i, vals); + open xLIST_ITEM(idxprev, nth(i-1, vals), _, _, _); + } + } + @*/ + + /* Insert a new list item into pxList, but rather than sort the list, + * makes the new list item the last item to be removed by a call to + * listGET_OWNER_OF_NEXT_ENTRY(). */ + pxNewListItem->pxNext = pxIndex; + pxNewListItem->pxPrevious = pxIndex->pxPrevious; + + /* Only used during decision coverage testing. */ + mtCOVERAGE_TEST_DELAY(); + + pxIndex->pxPrevious->pxNext = pxNewListItem; + pxIndex->pxPrevious = pxNewListItem; + + /* Remember which list the item is in. */ + pxNewListItem->pxContainer = pxList; + + ( pxList->uxNumberOfItems )++; + + /*@ + if (end == idx) + { + close xLIST_ITEM(pxNewListItem, val, end, endprev, pxList); + close DLS(pxNewListItem, endprev, end, pxNewListItem, singleton(pxNewListItem), singleton(val), pxList); + close xLIST_ITEM(end, portMAX_DELAY, ?endnext, pxNewListItem, pxList); + if (end == endprev) + { + // Case A (singleton): idx==end==endprev + close DLS(end, pxNewListItem, endnext, end, cells, vals, pxList); + join(end, pxNewListItem, endnext, end, cells, vals, + pxNewListItem, endprev, end, pxNewListItem, singleton(pxNewListItem), singleton(val)); + close xLIST(pxList, len+1, idx, end, append(cells, singleton(pxNewListItem)), append(vals, singleton(val))); + } + else + { + close xLIST_ITEM(endprev, ?endprevval, pxNewListItem, ?endprevprev, _); + if (endnext == endprev) + { + // Case B (two): idx==end and endnext==endprev + close DLS(endprev, end, pxNewListItem, endprev, singleton(endprev), singleton(endprevval), pxList); + close DLS(end, pxNewListItem, pxNewListItem, endprev, cells, vals, pxList); + join(end, pxNewListItem, pxNewListItem, endprev, cells, vals, + pxNewListItem, endprev, end, pxNewListItem, singleton(pxNewListItem), singleton(val)); + close xLIST(pxList, len+1, idx, end, append(cells, singleton(pxNewListItem)), append(vals, singleton(val))); + } + else + { + // Case C: idx==end and DLS:endnext...endprev + close DLS(endprev, endprevprev, pxNewListItem, endprev, singleton(endprev), singleton(endprevval), pxList); + assert DLS(endnext, end, endprev, endprevprev, ?cells_endnext_to_endprevprev, ?vals_endnext_to_endprevprev, pxList); + join(endnext, end, endprev, endprevprev, cells_endnext_to_endprevprev, vals_endnext_to_endprevprev, + endprev, endprevprev, pxNewListItem, endprev, singleton(endprev), singleton(endprevval)); + close DLS(end, pxNewListItem, pxNewListItem, endprev, cells, vals, pxList); + join(end, pxNewListItem, pxNewListItem, endprev, cells, vals, + pxNewListItem, endprev, end, pxNewListItem, singleton(pxNewListItem), singleton(val)); + close xLIST(pxList, len+1, idx, end, append(cells, singleton(pxNewListItem)), append(vals, singleton(val))); + } + } + } + else + { + // Case D: end==idxprev and DLS:idx...endprev + // Case E: DLS:end...idxprev and DLS:idx...endprev + int i = index_of(idx, cells); + close xLIST_ITEM(pxNewListItem, val, idx, ?idxprev, pxList); + close xLIST_ITEM(idx, ?idxval, ?idxnext, pxNewListItem, pxList); + nth_drop2(vals, i); + assert idxval == nth(i, vals); + close xLIST_ITEM(idxprev, ?idxprevval, pxNewListItem, ?idxprevprev, pxList); + + if (end == idxprev) + { + close DLS(end, endprev, pxNewListItem, end, singleton(end), singleton(portMAX_DELAY), pxList); + } + else + { + length_take(i, cells); + take_take(i-1, i, vals); + take_singleton(i-1, vals); + take_singleton(i, vals); + assert DLS(end, endprev, idxprev, idxprevprev, ?cells_end_to_idxprevprev, take(i-1, vals), pxList); + close DLS(idxprev, idxprevprev, pxNewListItem, idxprev, singleton(idxprev), singleton(idxprevval), pxList); + join(end, endprev, idxprev, idxprevprev, cells_end_to_idxprevprev, take(i-1, vals), + idxprev, idxprevprev, pxNewListItem, idxprev, singleton(idxprev), singleton(idxprevval)); + } + + if (idx == endprev) + { + close DLS(idx, pxNewListItem, end, idx, singleton(idx), singleton(idxval), pxList); + } + else + { + assert DLS(end, endprev, pxNewListItem, idxprev, ?cells_end_to_idxprev, ?vals_end_to_idxprev, pxList); + close DLS(idx, pxNewListItem, end, endprev, drop(i, cells), drop(i, vals), pxList); + } + + assert DLS(end, endprev, pxNewListItem, idxprev, take(i, cells), take(i, vals), pxList); + assert DLS(idx, pxNewListItem, end, endprev, drop(i, cells), drop(i, vals), pxList); + assert xLIST_ITEM(pxNewListItem, val, idx, idxprev, pxList); + dls_star_item(idx, endprev, pxNewListItem); + close DLS(pxNewListItem, idxprev, end, endprev, cons(pxNewListItem, drop(i, cells)), cons(val, drop(i, vals)), pxList); + join(end, endprev, pxNewListItem, idxprev, take(i, cells), take(i, vals), + pxNewListItem, idxprev, end, endprev, cons(pxNewListItem, drop(i, cells)), cons(val, drop(i, vals))); + assert DLS(end, endprev, end, endprev, ?cells_new, ?vals_new, pxList); + assert cells_new == append(take(i, cells), append(singleton(pxNewListItem), drop(i, cells))); + assert vals_new == append(take(i, vals) , append(singleton(val), drop(i, vals))); + head_append(take(i, cells), append(singleton(pxNewListItem), drop(i, cells))); + take_take(1, i, cells); + head_append(take(i, vals), append(singleton(val), drop(i, vals))); + take_take(1, i, vals); + close xLIST(pxList, len+1, idx, end, cells_new, vals_new); + } + @*/ + } +#endif /* VERIFAST_SINGLE_CORE */ +/*-----------------------------------------------------------*/ + +void vListInsert( List_t * const pxList, + ListItem_t * const pxNewListItem ) +{ + ListItem_t * pxIterator; + const TickType_t xValueOfInsertion = pxNewListItem->xItemValue; + + /* Only effective when configASSERT() is also defined, these tests may catch + * the list data structures being overwritten in memory. They will not catch + * data errors caused by incorrect configuration or use of FreeRTOS. */ + listTEST_LIST_INTEGRITY( pxList ); + listTEST_LIST_ITEM_INTEGRITY( pxNewListItem ); + + /* Insert the new list item into the list, sorted in xItemValue order. + * + * If the list already contains a list item with the same item value then the + * new list item should be placed after it. This ensures that TCBs which are + * stored in ready lists (all of which have the same xItemValue value) get a + * share of the CPU. However, if the xItemValue is the same as the back marker + * the iteration loop below will not end. Therefore the value is checked + * first, and the algorithm slightly modified if necessary. */ + if( xValueOfInsertion == portMAX_DELAY ) + { + pxIterator = pxList->xListEnd.pxPrevious; + } + else + { + /* *** NOTE *********************************************************** + * If you find your application is crashing here then likely causes are + * listed below. In addition see https://www.FreeRTOS.org/FAQHelp.html for + * more tips, and ensure configASSERT() is defined! + * https://www.FreeRTOS.org/a00110.html#configASSERT + * + * 1) Stack overflow - + * see https://www.FreeRTOS.org/Stacks-and-stack-overflow-checking.html + * 2) Incorrect interrupt priority assignment, especially on Cortex-M + * parts where numerically high priority values denote low actual + * interrupt priorities, which can seem counter intuitive. See + * https://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html and the definition + * of configMAX_SYSCALL_INTERRUPT_PRIORITY on + * https://www.FreeRTOS.org/a00110.html + * 3) Calling an API function from within a critical section or when + * the scheduler is suspended, or calling an API function that does + * not end in "FromISR" from an interrupt. + * 4) Using a queue or semaphore before it has been initialised or + * before the scheduler has been started (are interrupts firing + * before vTaskStartScheduler() has been called?). + * 5) If the FreeRTOS port supports interrupt nesting then ensure that + * the priority of the tick interrupt is at or below + * configMAX_SYSCALL_INTERRUPT_PRIORITY. + **********************************************************************/ + + for( pxIterator = ( ListItem_t * ) &( pxList->xListEnd ); pxIterator->pxNext->xItemValue <= xValueOfInsertion; pxIterator = pxIterator->pxNext ) /*lint !e826 !e740 !e9087 The mini list structure is used as the list end to save RAM. This is checked and valid. *//*lint !e440 The iterator moves to a different value, not xValueOfInsertion. */ + { + /* There is nothing to do here, just iterating to the wanted + * insertion position. */ + } + } + + pxNewListItem->pxNext = pxIterator->pxNext; + pxNewListItem->pxNext->pxPrevious = pxNewListItem; + pxNewListItem->pxPrevious = pxIterator; + pxIterator->pxNext = pxNewListItem; + + /* Remember which list the item is in. This allows fast removal of the + * item later. */ + pxNewListItem->pxContainer = pxList; + + ( pxList->uxNumberOfItems )++; +} +/*-----------------------------------------------------------*/ + +UBaseType_t uxListRemove( ListItem_t * const pxItemToRemove ) +#ifndef VERIFAST_SINGLE_CORE + /* Reason for rewrite: + * Predicates `xLIST_ITEM`, `DLS` and `xLIST` have been extended to expose + * node owners. Proofs using these predicates must be adapted as well. + */ + + /*@requires + exists(?l) &*& + xLIST(l, ?len, ?idx, ?end, ?cells, ?vals, ?owners) &*& + end != pxItemToRemove &*& + mem(pxItemToRemove, cells) == true;@*/ + /*@ensures + result == len-1 &*& + xLIST_ITEM(pxItemToRemove, nth(index_of(pxItemToRemove, cells), vals), _, ?pxItemToRemovePrevious, nth(index_of(pxItemToRemove, cells), owners), NULL) &*& + pxItemToRemovePrevious == nth(index_of(pxItemToRemove, cells)-1, cells) &*& + xLIST(l, result, idx == pxItemToRemove ? pxItemToRemovePrevious : idx, end, remove(pxItemToRemove, cells), remove_nth(index_of(pxItemToRemove, cells), vals), remove_nth(index_of(pxItemToRemove, cells), owners)); + @*/ + { + /* For brevity we alias x to pxItemToRemove */ + /*@struct xLIST_ITEM *x = pxItemToRemove;@*/ + + /* Start by establishing that the list must be non-empty since x != end */ + /*@open xLIST(l, len, idx, end, cells, vals, owners);@*/ + /*@assert DLS(end, ?endprev, end, _, cells, vals, owners, l);@*/ + /*@assert vals == cons(portMAX_DELAY, _);@*/ + /*@dls_not_empty(end, endprev, cells, x);@*/ + + /* We know the xLIST is a DLS: end...endprev + Split this into DLS1:end...xprev and DLS2:x...endprev */ + /*@int i = index_of(x, cells);@*/ + /*@split(end, endprev, end, endprev, cells, vals, x, i);@*/ + /*@list ys = take(i, cells);@*/ + /*@list zs = drop(i, cells);@*/ + /*@list vs = take(i, vals);@*/ + /*@list ws = drop(i, vals);@*/ + /*@list ts = take(i, owners);@*/ + /*@list us = drop(i, owners);@*/ + /*@assert length(ys) == length(vs);@*/ + /*@assert length(zs) == length(ws);@*/ + /*@assert length(ts) == length(vs);@*/ + /*@assert length(us) == length(ws);@*/ + /*@assert DLS(end, endprev, x, ?xprev, ys, vs, ts, l);@*/ /*< DLS1 (ys, vs) */ + /*@assert DLS(x, xprev, end, endprev, zs, ws, us, l);@*/ /*< DLS2 (zs, ws) */ + + /* Now case split to open DLS1 and DLS2 appropriately */ + /*@ + if (end == xprev) + { + if (x == endprev) + { + //Case A + //DLS1: extract end=prev=next + open DLS(end, endprev, x, xprev, ys, vs, ts, l); + assert owners == cons(_, _); + open xLIST_ITEM(end, portMAX_DELAY, x, endprev, head(owners), l); + //DLS2: extract x + open DLS(x, xprev, end, endprev, zs, ws, us, l); + //Lengths + assert length(ys) == 1; + assert length(zs) == 1; + assert length(us) == 1; + } + else + { + //Case B + //DLS1: extract end=prev + open DLS(end, endprev, x, xprev, ys, vs, ts, l); + open xLIST_ITEM(end, portMAX_DELAY, x, endprev, head(owners), l); + //DLS2: extract next and x + open DLS(x, end, end, endprev, zs, ws, us, l); + assert DLS(?xnext, x, end, endprev, tail(zs), tail(ws), tail(us), l); + open DLS(xnext, x, end, endprev, tail(zs), tail(ws), tail(us), l); + open xLIST_ITEM(xnext, _, _, x, _, l); + //Lengths + assert length(ys) == 1; + } + } + else + { + if (x == endprev) + { + //Case C + //DLS1: extract end=next and prev + dls_last_mem(end, endprev, x, xprev, ys); + assert mem(xprev, ys) == true; + open DLS(end, endprev, x, xprev, ys, vs, ts, l); + open xLIST_ITEM(end, portMAX_DELAY, ?endnext, endprev, head(ts), l); + if (endnext == xprev) + { + open DLS(endnext, end, x, xprev, tail(ys), tail(vs), tail(ts), l); + open xLIST_ITEM(xprev, _, x, _, _, l); + } + else + { + assert DLS(endnext, end, x, xprev, tail(ys), tail(vs), tail(ts), l); + int k = index_of(xprev, tail(ys)); + dls_last_mem(endnext, end, x, xprev, tail(ys)); + split(endnext, end, x, xprev, tail(ys), tail(vs), xprev, k); + open DLS(xprev, _, x, xprev, _, _, _, l); + open xLIST_ITEM(xprev, _, x, _, _, l); + } + //DLS2: extract x + open DLS(x, xprev, end, endprev, zs, ws, us, l); + //Lengths + assert length(zs) == 1; + } + else + { + //Case D + //DLS1: extract prev + dls_last_mem(end, endprev, x, xprev, ys); + int j = index_of(xprev, ys); + open DLS(end, endprev, x, xprev, ys, vs, ts, l); + open xLIST_ITEM(end, portMAX_DELAY, ?endnext, endprev, head(ts), l); + if (endnext == xprev) + { + open DLS(endnext, end, x, xprev, tail(ys), tail(vs), tail(ts), l); + assert tail(ys) == singleton(xprev); + open xLIST_ITEM(xprev, _, x, _, _, l); + } + else + { + assert DLS(endnext, end, x, xprev, tail(ys), tail(vs), tail(ts), l); + int k = index_of(xprev, tail(ys)); + dls_last_mem(endnext, end, x, xprev, tail(ys)); + split(endnext, end, x, xprev, tail(ys), tail(vs), xprev, k); + open DLS(xprev, _, x, xprev, _, _, _, l); + open xLIST_ITEM(xprev, _, x, _, _, l); + } + //DLS2: extract next and x + open DLS(x, xprev, end, endprev, zs, ws, us, l); + assert xLIST_ITEM(x, _, ?xnext, _, _, l); + open DLS(xnext, x, end, endprev, tail(zs), tail(ws), tail(us), l); + open xLIST_ITEM(xnext, _, _, x, _, l); + } + } + @*/ + /*@drop_nth_index_of(vals, i);@*/ + /*@drop_nth_index_of(owners, i);@*/ + /*@open xLIST_ITEM(x, nth(i, vals), ?xnext, xprev, nth(i, owners), l);@*/ + +/* The list item knows which list it is in. Obtain the list from the list + * item. */ +#ifdef VERIFAST /*< const pointer declaration */ + List_t * pxList = pxItemToRemove->pxContainer; +#else + List_t * const pxList = pxItemToRemove->pxContainer; +#endif + + pxItemToRemove->pxNext->pxPrevious = pxItemToRemove->pxPrevious; + pxItemToRemove->pxPrevious->pxNext = pxItemToRemove->pxNext; + + /* Only used during decision coverage testing. */ + mtCOVERAGE_TEST_DELAY(); + + /* Make sure the index is left pointing to a valid item. */ + if( pxList->pxIndex == pxItemToRemove ) + { + pxList->pxIndex = pxItemToRemove->pxPrevious; + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + pxItemToRemove->pxContainer = NULL; + ( pxList->uxNumberOfItems )--; + + return pxList->uxNumberOfItems; + + /*@ + // Reassemble DLS1 and a modified DLS2, which no longer includes x + if (end == xprev) + { + if (x == endprev) + { + //Case A + close xLIST_ITEM(end, portMAX_DELAY, _, _, _, _); + close DLS(end, end, end, end, singleton(end), singleton(portMAX_DELAY), singleton(head(owners)), l); + } + else + { + //Case B + close xLIST_ITEM(xprev, _, xnext, endprev, head(owners), l); + close DLS(end, endprev, xnext, xprev, singleton(end), singleton(portMAX_DELAY), singleton(head(owners)), l); + close xLIST_ITEM(xnext, _, _, xprev, _, l); + close DLS(xnext, xprev, end, endprev, tail(zs), tail(ws), tail(us), l); + join(end, endprev, xnext, xprev, singleton(end), singleton(portMAX_DELAY), + xnext, xprev, end, endprev, tail(zs), tail(ws)); + } + } + else + { + if (x == endprev) + { + //Case C + close xLIST_ITEM(end, _, ?endnext, xprev, head(ts), l); + close xLIST_ITEM(xprev, ?xprev_val, end, _, ?xprev_owner, l); + if (endnext == xprev) + { + close DLS(xprev, end, end, xprev, singleton(xprev), singleton(xprev_val), singleton(xprev_owner), l); + close DLS(end, xprev, end, xprev, cons(end, singleton(xprev)), cons(portMAX_DELAY, singleton(xprev_val)), cons(head(ts), singleton(xprev_owner)), l); + } + else + { + close DLS(xprev, ?xprevprev, xnext, xprev, singleton(xprev), singleton(xprev_val), singleton(xprev_owner), l); + assert DLS(endnext, end, xprev, xprevprev, ?cells_endnext_to_xprevprev, ?vals_endnext_to_xprevprev, _, l); + join(endnext, end, xprev, xprevprev, cells_endnext_to_xprevprev, vals_endnext_to_xprevprev, + xprev, xprevprev, xnext, xprev, singleton(xprev), singleton(xprev_val)); + close DLS(end, xprev, end, xprev, ys, vs, ts, l); + } + } + else + { + //Case D + close xLIST_ITEM(xnext, _, ?xnextnext, xprev, ?xnext_owner, l); + close DLS(xnext, xprev, end, endprev, tail(zs), tail(ws), tail(us), l); + close xLIST_ITEM(end, _, ?endnext, endprev, head(ts), l); + close xLIST_ITEM(xprev, ?xprev_val, xnext, _, ?xprev_owner, l); + if (endnext == xprev) + { + close DLS(xprev, _, xnext, xprev, singleton(xprev), singleton(xprev_val), singleton(xprev_owner), l); + close DLS(end, endprev, xnext, xprev, ys, vs, ts, l); + join(end, endprev, xnext, xprev, ys, vs, + xnext, xprev, end, endprev, tail(zs), tail(ws)); + } + else + { + close DLS(xprev, ?xprevprev, xnext, xprev, singleton(xprev), singleton(xprev_val), singleton(xprev_owner), l); + assert DLS(endnext, end, xprev, xprevprev, ?cells_endnext_to_xprevprev, ?vals_endnext_to_xprevprev, _, l); + join(endnext, end, xprev, xprevprev, cells_endnext_to_xprevprev, vals_endnext_to_xprevprev, + xprev, xprevprev, xnext, xprev, singleton(xprev), singleton(xprev_val)); + close DLS(end, endprev, xnext, xprev, ys, vs, ts, l); + join(end, endprev, xnext, xprev, ys, vs, + xnext, xprev, end, endprev, tail(zs), tail(ws)); + } + } + } + @*/ + /*@remove_remove_nth(cells, x);@*/ + /*@ + if (idx == x) + { + close xLIST(l, len-1, xprev, end, append(ys, tail(zs)), append(vs, tail(ws)), append(ts, tail(us))); + } + else + { + idx_remains_in_list(cells, idx, x, i); + close xLIST(l, len-1, idx, end, append(ys, tail(zs)), append(vs, tail(ws)), append(ts, tail(us))); + } + @*/ + /*@close xLIST_ITEM(x, nth(i, vals), xnext, xprev, nth(i, owners), NULL);@*/ +} +#else + // Contract and proof written by Aalok Thakkar and Nathan Chong for the + // single-core setup in 2020. + + /*@requires + exists(?l) &*& + xLIST(l, ?len, ?idx, ?end, ?cells, ?vals) &*& + end != pxItemToRemove &*& + mem(pxItemToRemove, cells) == true;@*/ + /*@ensures + result == len-1 &*& + xLIST_ITEM(pxItemToRemove, nth(index_of(pxItemToRemove, cells), vals), _, ?pxItemToRemovePrevious, NULL) &*& + pxItemToRemovePrevious == nth(index_of(pxItemToRemove, cells)-1, cells) &*& + xLIST(l, result, idx == pxItemToRemove ? pxItemToRemovePrevious : idx, end, remove(pxItemToRemove, cells), remove_nth(index_of(pxItemToRemove, cells), vals));@*/ + { + /* For brevity we alias x to pxItemToRemove */ + /*@struct xLIST_ITEM *x = pxItemToRemove;@*/ + + /* Start by establishing that the list must be non-empty since x != end */ + /*@open xLIST(l, len, idx, end, cells, vals);@*/ + /*@assert DLS(end, ?endprev, end, _, cells, vals, l);@*/ + /*@assert vals == cons(portMAX_DELAY, _);@*/ + /*@dls_not_empty(end, endprev, cells, x);@*/ + + /* We know the xLIST is a DLS: end...endprev + Split this into DLS1:end...xprev and DLS2:x...endprev */ + /*@int i = index_of(x, cells);@*/ + /*@split(end, endprev, end, endprev, cells, vals, x, i);@*/ + /*@list ys = take(i, cells);@*/ + /*@list zs = drop(i, cells);@*/ + /*@list vs = take(i, vals);@*/ + /*@list ws = drop(i, vals);@*/ + /*@assert length(ys) == length(vs);@*/ + /*@assert length(zs) == length(ws);@*/ + /*@assert DLS(end, endprev, x, ?xprev, ys, vs, l);@*/ /*< DLS1 (ys, vs) */ + /*@assert DLS(x, xprev, end, endprev, zs, ws, l);@*/ /*< DLS2 (zs, ws) */ + + /* Now case split to open DLS1 and DLS2 appropriately */ + /*@ + if (end == xprev) + { + if (x == endprev) + { + //Case A + //DLS1: extract end=prev=next + open DLS(end, endprev, x, xprev, ys, vs, l); + open xLIST_ITEM(end, portMAX_DELAY, x, endprev, l); + //DLS2: extract x + open DLS(x, xprev, end, endprev, zs, ws, l); + //Lengths + assert length(ys) == 1; + assert length(zs) == 1; + } + else + { + //Case B + //DLS1: extract end=prev + open DLS(end, endprev, x, xprev, ys, vs, l); + open xLIST_ITEM(end, portMAX_DELAY, x, endprev, l); + //DLS2: extract next and x + open DLS(x, end, end, endprev, zs, ws, l); + assert DLS(?xnext, x, end, endprev, tail(zs), tail(ws), l); + open DLS(xnext, x, end, endprev, tail(zs), tail(ws), l); + open xLIST_ITEM(xnext, _, _, x, l); + //Lengths + assert length(ys) == 1; + } + } + else + { + if (x == endprev) + { + //Case C + //DLS1: extract end=next and prev + dls_last_mem(end, endprev, x, xprev, ys); + assert mem(xprev, ys) == true; + open DLS(end, endprev, x, xprev, ys, vs, l); + open xLIST_ITEM(end, portMAX_DELAY, ?endnext, endprev, l); + if (endnext == xprev) + { + open DLS(endnext, end, x, xprev, tail(ys), tail(vs), l); + open xLIST_ITEM(xprev, _, x, _, l); + } + else + { + assert DLS(endnext, end, x, xprev, tail(ys), tail(vs), l); + int k = index_of(xprev, tail(ys)); + dls_last_mem(endnext, end, x, xprev, tail(ys)); + split(endnext, end, x, xprev, tail(ys), tail(vs), xprev, k); + open DLS(xprev, _, x, xprev, _, _, l); + open xLIST_ITEM(xprev, _, x, _, l); + } + //DLS2: extract x + open DLS(x, xprev, end, endprev, zs, ws, l); + //Lengths + assert length(zs) == 1; + } + else + { + //Case D + //DLS1: extract prev + dls_last_mem(end, endprev, x, xprev, ys); + int j = index_of(xprev, ys); + open DLS(end, endprev, x, xprev, ys, vs, l); + open xLIST_ITEM(end, portMAX_DELAY, ?endnext, endprev, l); + if (endnext == xprev) + { + open DLS(endnext, end, x, xprev, tail(ys), tail(vs), l); + assert tail(ys) == singleton(xprev); + open xLIST_ITEM(xprev, _, x, _, l); + } + else + { + assert DLS(endnext, end, x, xprev, tail(ys), tail(vs), l); + int k = index_of(xprev, tail(ys)); + dls_last_mem(endnext, end, x, xprev, tail(ys)); + split(endnext, end, x, xprev, tail(ys), tail(vs), xprev, k); + open DLS(xprev, _, x, xprev, _, _, l); + open xLIST_ITEM(xprev, _, x, _, l); + } + //DLS2: extract next and x + open DLS(x, xprev, end, endprev, zs, ws, l); + assert xLIST_ITEM(x, _, ?xnext, _, l); + open DLS(xnext, x, end, endprev, tail(zs), tail(ws), l); + open xLIST_ITEM(xnext, _, _, x, l); + } + } + @*/ + /*@drop_nth_index_of(vals, i);@*/ + /*@open xLIST_ITEM(x, nth(i, vals), ?xnext, xprev, l);@*/ + + /* The list item knows which list it is in. Obtain the list from the list + * item. */ + #ifdef VERIFAST /*< const pointer declaration */ + List_t * pxList = pxItemToRemove->pxContainer; + #else + List_t * const pxList = pxItemToRemove->pxContainer; + #endif + + pxItemToRemove->pxNext->pxPrevious = pxItemToRemove->pxPrevious; + pxItemToRemove->pxPrevious->pxNext = pxItemToRemove->pxNext; + + /* Only used during decision coverage testing. */ + mtCOVERAGE_TEST_DELAY(); + + /* Make sure the index is left pointing to a valid item. */ + if( pxList->pxIndex == pxItemToRemove ) + { + pxList->pxIndex = pxItemToRemove->pxPrevious; + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + pxItemToRemove->pxContainer = NULL; + ( pxList->uxNumberOfItems )--; + + return pxList->uxNumberOfItems; + + /*@ + // Reassemble DLS1 and a modified DLS2, which no longer includes x + if (end == xprev) + { + if (x == endprev) + { + //Case A + close xLIST_ITEM(end, portMAX_DELAY, _, _, _); + close DLS(end, end, end, end, singleton(end), singleton(portMAX_DELAY), l); + } + else + { + //Case B + close xLIST_ITEM(xprev, _, xnext, endprev, l); + close DLS(end, endprev, xnext, xprev, singleton(end), singleton(portMAX_DELAY), l); + close xLIST_ITEM(xnext, _, _, xprev, l); + close DLS(xnext, xprev, end, endprev, tail(zs), tail(ws), l); + join(end, endprev, xnext, xprev, singleton(end), singleton(portMAX_DELAY), + xnext, xprev, end, endprev, tail(zs), tail(ws)); + } + } + else + { + if (x == endprev) + { + //Case C + close xLIST_ITEM(end, _, ?endnext, xprev, l); + close xLIST_ITEM(xprev, ?xprev_val, end, _, l); + if (endnext == xprev) + { + close DLS(xprev, end, end, xprev, singleton(xprev), singleton(xprev_val), l); + close DLS(end, xprev, end, xprev, cons(end, singleton(xprev)), cons(portMAX_DELAY, singleton(xprev_val)), l); + } + else + { + close DLS(xprev, ?xprevprev, xnext, xprev, singleton(xprev), singleton(xprev_val), l); + assert DLS(endnext, end, xprev, xprevprev, ?cells_endnext_to_xprevprev, ?vals_endnext_to_xprevprev, l); + join(endnext, end, xprev, xprevprev, cells_endnext_to_xprevprev, vals_endnext_to_xprevprev, + xprev, xprevprev, xnext, xprev, singleton(xprev), singleton(xprev_val)); + close DLS(end, xprev, end, xprev, ys, vs, l); + } + } + else + { + //Case D + close xLIST_ITEM(xnext, _, ?xnextnext, xprev, l); + close DLS(xnext, xprev, end, endprev, tail(zs), tail(ws), l); + close xLIST_ITEM(end, _, ?endnext, endprev, l); + close xLIST_ITEM(xprev, ?xprev_val, xnext, _, l); + if (endnext == xprev) + { + close DLS(xprev, _, xnext, xprev, singleton(xprev), singleton(xprev_val), l); + close DLS(end, endprev, xnext, xprev, ys, vs, l); + join(end, endprev, xnext, xprev, ys, vs, + xnext, xprev, end, endprev, tail(zs), tail(ws)); + } + else + { + close DLS(xprev, ?xprevprev, xnext, xprev, singleton(xprev), singleton(xprev_val), l); + assert DLS(endnext, end, xprev, xprevprev, ?cells_endnext_to_xprevprev, ?vals_endnext_to_xprevprev, l); + join(endnext, end, xprev, xprevprev, cells_endnext_to_xprevprev, vals_endnext_to_xprevprev, + xprev, xprevprev, xnext, xprev, singleton(xprev), singleton(xprev_val)); + close DLS(end, endprev, xnext, xprev, ys, vs, l); + join(end, endprev, xnext, xprev, ys, vs, + xnext, xprev, end, endprev, tail(zs), tail(ws)); + } + } + } + @*/ + /*@remove_remove_nth(cells, x);@*/ + /*@ + if (idx == x) + { + close xLIST(l, len-1, xprev, end, append(ys, tail(zs)), append(vs, tail(ws))); + } + else + { + idx_remains_in_list(cells, idx, x, i); + close xLIST(l, len-1, idx, end, append(ys, tail(zs)), append(vs, tail(ws))); + } + @*/ + /*@close xLIST_ITEM(x, nth(i, vals), xnext, xprev, NULL);@*/ + } + + + +#endif /* VERIFAST_SINGLE_CORE */ + +/*-----------------------------------------------------------*/ diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c b/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c new file mode 100644 index 00000000000..8f14ca88267 --- /dev/null +++ b/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c @@ -0,0 +1,7195 @@ +/* + * FreeRTOS SMP Kernel V202110.00 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * https://www.FreeRTOS.org + * https://github.com/FreeRTOS + * + */ + +#ifdef VERIFAST + /* Ghost header include must occur before any non-ghost includes or other + * non-ghost code. Otherwise VeriFast will report an unspecific parse error. + */ + + //@ #include + //@ #include "list.gh" + //@ #include + + /* The following includes will be visible to VeriFast in the preprocessed + * code. VeriFast requires includes to occur befor definitions. Hence, + * all includes visible to VeriFast must occur before the preprocessed + * ones. + */ + //VF_macro #include "FreeRTOSConfig.h" + + //VF_macro #define NULL 0 +#endif /* VERIFAST */ + + +/* Standard includes. */ +#include +#include + +/* Defining MPU_WRAPPERS_INCLUDED_FROM_API_FILE prevents task.h from redefining + * all the API functions to use the MPU wrappers. That should only be done when + * task.h is included from an application file. */ +#define MPU_WRAPPERS_INCLUDED_FROM_API_FILE + +/* FreeRTOS includes. */ +#include "FreeRTOS.h" +#include "task.h" +#include "timers.h" + +#ifndef VERIFAST + /* Reason for rewrite: + * The stack macros rely on macros defined later in this file, e.g., + * `pxCurrentTCB`. We need to delay this inclusion until the task macros + * have been defined. Otherwise, VeriFast will report unknown symbols when + * checking the stack macro proofs. + */ + #include "stack_macros.h" +#endif /* VERIFAST */ + +/* Verifast proof setup + * + * Note that redefinitions of macros must be included after + * original ones have been included. + */ +#ifdef VERIFAST + #include "verifast_proof_defs.h" + #include "stack_predicates.h" + #include "task_predicates.h" + #include "ready_list_predicates.h" + #include "verifast_RP2040_axioms.h" + #include "verifast_prelude_extended.h" + #include "verifast_bitops_extended.h" + #include "verifast_asm.h" + #include "verifast_port_contracts.h" + #include "verifast_lock_predicates.h" + #include "verifast_lists_extended.h" + #include "single_core_proofs/scp_list_predicates.h" + #include "single_core_proofs_extended/scp_list_predicates_extended.h" + + #include "snippets/rp2040_port_c_snippets.c" + + #include "list.c" +#endif + +/* Lint e9021, e961 and e750 are suppressed as a MISRA exception justified + * because the MPU ports require MPU_WRAPPERS_INCLUDED_FROM_API_FILE to be defined + * for the header files above, but not in this file, in order to generate the + * correct privileged Vs unprivileged linkage and placement. */ +#undef MPU_WRAPPERS_INCLUDED_FROM_API_FILE /*lint !e961 !e750 !e9021. */ + +/* Set configUSE_STATS_FORMATTING_FUNCTIONS to 2 to include the stats formatting + * functions but without including stdio.h here. */ +#if ( configUSE_STATS_FORMATTING_FUNCTIONS == 1 ) + +/* At the bottom of this file are two optional functions that can be used + * to generate human readable text from the raw data generated by the + * uxTaskGetSystemState() function. Note the formatting functions are provided + * for convenience only, and are NOT considered part of the kernel. */ + #include +#endif /* configUSE_STATS_FORMATTING_FUNCTIONS == 1 ) */ + +#if ( configUSE_PREEMPTION == 0 ) + +/* If the cooperative scheduler is being used then a yield should not be + * performed just because a higher priority task has been woken. */ + #define taskYIELD_IF_USING_PREEMPTION() +#else + #define taskYIELD_IF_USING_PREEMPTION() vTaskYieldWithinAPI() +#endif + +/* Values that can be assigned to the ucNotifyState member of the TCB. */ +#define taskNOT_WAITING_NOTIFICATION ( ( uint8_t ) 0 ) /* Must be zero as it is the initialised value. */ +#define taskWAITING_NOTIFICATION ( ( uint8_t ) 1 ) +#define taskNOTIFICATION_RECEIVED ( ( uint8_t ) 2 ) + +/* + * The value used to fill the stack of a task when the task is created. This + * is used purely for checking the high water mark for tasks. + */ +#define tskSTACK_FILL_BYTE ( 0xa5U ) + +/* Bits used to record how a task's stack and TCB were allocated. */ +#define tskDYNAMICALLY_ALLOCATED_STACK_AND_TCB ( ( uint8_t ) 0 ) +#define tskSTATICALLY_ALLOCATED_STACK_ONLY ( ( uint8_t ) 1 ) +#define tskSTATICALLY_ALLOCATED_STACK_AND_TCB ( ( uint8_t ) 2 ) + +/* If any of the following are set then task stacks are filled with a known + * value so the high water mark can be determined. If none of the following are + * set then don't fill the stack so there is no unnecessary dependency on memset. */ +#if ( ( configCHECK_FOR_STACK_OVERFLOW > 1 ) || ( configUSE_TRACE_FACILITY == 1 ) || ( INCLUDE_uxTaskGetStackHighWaterMark == 1 ) || ( INCLUDE_uxTaskGetStackHighWaterMark2 == 1 ) ) + #define tskSET_NEW_STACKS_TO_KNOWN_VALUE 1 +#else + #define tskSET_NEW_STACKS_TO_KNOWN_VALUE 0 +#endif + +/* + * Macros used by vListTask to indicate which state a task is in. + */ +#define tskRUNNING_CHAR ( 'X' ) +#define tskBLOCKED_CHAR ( 'B' ) +#define tskREADY_CHAR ( 'R' ) +#define tskDELETED_CHAR ( 'D' ) +#define tskSUSPENDED_CHAR ( 'S' ) + +/* + * Some kernel aware debuggers require the data the debugger needs access to to + * be global, rather than file scope. + */ +#ifdef portREMOVE_STATIC_QUALIFIER + #define static +#endif + +/* The name allocated to the Idle task. This can be overridden by defining + * configIDLE_TASK_NAME in FreeRTOSConfig.h. */ +#ifndef configIDLE_TASK_NAME + #define configIDLE_TASK_NAME "IDLE" +#endif + +#if ( configUSE_PORT_OPTIMISED_TASK_SELECTION == 0 ) + +/* If configUSE_PORT_OPTIMISED_TASK_SELECTION is 0 then task selection is + * performed in a generic way that is not optimised to any particular + * microcontroller architecture. */ + +/* uxTopReadyPriority holds the priority of the highest priority ready + * state task. */ + #define taskRECORD_READY_PRIORITY( uxPriority ) \ + { \ + if( ( uxPriority ) > uxTopReadyPriority ) \ + { \ + uxTopReadyPriority = ( uxPriority ); \ + } \ + } /* taskRECORD_READY_PRIORITY */ + + /*-----------------------------------------------------------*/ + +/* Define away taskRESET_READY_PRIORITY() and portRESET_READY_PRIORITY() as + * they are only required when a port optimised method of task selection is + * being used. */ + #define taskRESET_READY_PRIORITY( uxPriority ) + #define portRESET_READY_PRIORITY( uxPriority, uxTopReadyPriority ) + +#else /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ + + #error configUSE_PORT_OPTIMISED_TASK_SELECTION not yet supported in SMP + +/* If configUSE_PORT_OPTIMISED_TASK_SELECTION is 1 then task selection is + * performed in a way that is tailored to the particular microcontroller + * architecture being used. */ + +/* A port optimised version is provided. Call the port defined macros. */ + #define taskRECORD_READY_PRIORITY( uxPriority ) portRECORD_READY_PRIORITY( uxPriority, uxTopReadyPriority ) + + /*-----------------------------------------------------------*/ + +/* A port optimised version is provided, call it only if the TCB being reset + * is being referenced from a ready list. If it is referenced from a delayed + * or suspended list then it won't be in a ready list. */ + #define taskRESET_READY_PRIORITY( uxPriority ) \ + { \ + if( listCURRENT_LIST_LENGTH( &( pxReadyTasksLists[ ( uxPriority ) ] ) ) == ( UBaseType_t ) 0 ) \ + { \ + portRESET_READY_PRIORITY( ( uxPriority ), ( uxTopReadyPriority ) ); \ + } \ + } + +#endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ + +/*-----------------------------------------------------------*/ + +/* pxDelayedTaskList and pxOverflowDelayedTaskList are switched when the tick + * count overflows. */ +#define taskSWITCH_DELAYED_LISTS() \ + { \ + List_t * pxTemp; \ + \ + /* The delayed tasks list should be empty when the lists are switched. */ \ + configASSERT( ( listLIST_IS_EMPTY( pxDelayedTaskList ) ) ); \ + \ + pxTemp = pxDelayedTaskList; \ + pxDelayedTaskList = pxOverflowDelayedTaskList; \ + pxOverflowDelayedTaskList = pxTemp; \ + xNumOfOverflows++; \ + prvResetNextTaskUnblockTime(); \ + } + +/*-----------------------------------------------------------*/ + +/* + * Place the task represented by pxTCB into the appropriate ready list for + * the task. It is inserted at the end of the list. + */ +#define prvAddTaskToReadyList( pxTCB ) \ + traceMOVED_TASK_TO_READY_STATE( pxTCB ); \ + taskRECORD_READY_PRIORITY( ( pxTCB )->uxPriority ); \ + vListInsertEnd( &( pxReadyTasksLists[ ( pxTCB )->uxPriority ] ), &( ( pxTCB )->xStateListItem ) ); \ + tracePOST_MOVED_TASK_TO_READY_STATE( pxTCB ) +/*-----------------------------------------------------------*/ + +/* + * Several functions take a TaskHandle_t parameter that can optionally be NULL, + * where NULL is used to indicate that the handle of the currently executing + * task should be used in place of the parameter. This macro simply checks to + * see if the parameter is NULL and returns a pointer to the appropriate TCB. + */ +#define prvGetTCBFromHandle( pxHandle ) ( ( ( pxHandle ) == NULL ) ? pxCurrentTCB : ( pxHandle ) ) + +/* The item value of the event list item is normally used to hold the priority + * of the task to which it belongs (coded to allow it to be held in reverse + * priority order). However, it is occasionally borrowed for other purposes. It + * is important its value is not updated due to a task priority change while it is + * being used for another purpose. The following bit definition is used to inform + * the scheduler that the value should not be changed - in which case it is the + * responsibility of whichever module is using the value to ensure it gets set back + * to its original value when it is released. */ +#if ( configUSE_16_BIT_TICKS == 1 ) + #define taskEVENT_LIST_ITEM_VALUE_IN_USE 0x8000U +#else + #define taskEVENT_LIST_ITEM_VALUE_IN_USE 0x80000000UL +#endif + +/* Indicates that the task is not actively running on any core. */ +#define taskTASK_NOT_RUNNING ( TaskRunning_t ) ( -1 ) + +/* Indicates that the task is actively running but scheduled to yield. */ +#define taskTASK_YIELDING ( TaskRunning_t ) ( -2 ) + +/* Returns pdTRUE if the task is actively running and not scheduled to yield. */ +#define taskTASK_IS_RUNNING( xTaskRunState ) ( ( 0 <= xTaskRunState ) && ( xTaskRunState < configNUM_CORES ) ) + +typedef BaseType_t TaskRunning_t; + +/* + * Task control block. A task control block (TCB) is allocated for each task, + * and stores task state information, including a pointer to the task's context + * (the task's run time environment, including register values) + */ +typedef struct tskTaskControlBlock /* The old naming convention is used to prevent breaking kernel aware debuggers. */ +{ + volatile StackType_t * pxTopOfStack; /*< Points to the location of the last item placed on the tasks stack. THIS MUST BE THE FIRST MEMBER OF THE TCB STRUCT. */ + + #if ( portUSING_MPU_WRAPPERS == 1 ) + xMPU_SETTINGS xMPUSettings; /*< The MPU settings are defined as part of the port layer. THIS MUST BE THE SECOND MEMBER OF THE TCB STRUCT. */ + #endif + + #if ( configUSE_CORE_AFFINITY == 1 && configNUM_CORES > 1 ) + UBaseType_t uxCoreAffinityMask; /*< Used to link the task to certain cores. UBaseType_t must have >= the same number of bits as SMP confNUM_CORES */ + #endif + + ListItem_t xStateListItem; /*< The list that the state list item of a task is reference from denotes the state of that task (Ready, Blocked, Suspended ). */ + ListItem_t xEventListItem; /*< Used to reference a task from an event list. */ + UBaseType_t uxPriority; /*< The priority of the task. 0 is the lowest priority. */ + StackType_t * pxStack; /*< Points to the start of the stack. */ + volatile TaskRunning_t xTaskRunState; /*< Used to identify the core the task is running on, if any. */ + BaseType_t xIsIdle; /*< Used to identify the idle tasks. */ + char pcTaskName[ configMAX_TASK_NAME_LEN ]; /*< Descriptive name given to the task when created. Facilitates debugging only. */ /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + + #if ( configUSE_TASK_PREEMPTION_DISABLE == 1 ) + BaseType_t xPreemptionDisable; /*< Used to prevent the task from being preempted */ + #endif + + #if ( ( portSTACK_GROWTH > 0 ) || ( configRECORD_STACK_HIGH_ADDRESS == 1 ) ) + StackType_t * pxEndOfStack; /*< Points to the highest valid address for the stack. */ + #endif + + #if ( portCRITICAL_NESTING_IN_TCB == 1 ) + UBaseType_t uxCriticalNesting; /*< Holds the critical section nesting depth for ports that do not maintain their own count in the port layer. */ + #endif + + #if ( configUSE_TRACE_FACILITY == 1 ) + UBaseType_t uxTCBNumber; /*< Stores a number that increments each time a TCB is created. It allows debuggers to determine when a task has been deleted and then recreated. */ + UBaseType_t uxTaskNumber; /*< Stores a number specifically for use by third party trace code. */ + #endif + + #if ( configUSE_MUTEXES == 1 ) + UBaseType_t uxBasePriority; /*< The priority last assigned to the task - used by the priority inheritance mechanism. */ + UBaseType_t uxMutexesHeld; + #endif + + #if ( configUSE_APPLICATION_TASK_TAG == 1 ) + TaskHookFunction_t pxTaskTag; + #endif + + #if ( configNUM_THREAD_LOCAL_STORAGE_POINTERS > 0 ) + void * pvThreadLocalStoragePointers[ configNUM_THREAD_LOCAL_STORAGE_POINTERS ]; + #endif + + #if ( configGENERATE_RUN_TIME_STATS == 1 ) + uint32_t ulRunTimeCounter; /*< Stores the amount of time the task has spent in the Running state. */ + #endif + + #if ( configUSE_NEWLIB_REENTRANT == 1 ) + /* Allocate a Newlib reent structure that is specific to this task. + * Note Newlib support has been included by popular demand, but is not + * used by the FreeRTOS maintainers themselves. FreeRTOS is not + * responsible for resulting newlib operation. User must be familiar with + * newlib and must provide system-wide implementations of the necessary + * stubs. Be warned that (at the time of writing) the current newlib design + * implements a system-wide malloc() that must be provided with locks. + * + * See the third party link http://www.nadler.com/embedded/newlibAndFreeRTOS.html + * for additional information. */ + struct _reent xNewLib_reent; + #endif + + #if ( configUSE_TASK_NOTIFICATIONS == 1 ) + volatile uint32_t ulNotifiedValue[ configTASK_NOTIFICATION_ARRAY_ENTRIES ]; + volatile uint8_t ucNotifyState[ configTASK_NOTIFICATION_ARRAY_ENTRIES ]; + #endif + + /* See the comments in FreeRTOS.h with the definition of + * tskSTATIC_AND_DYNAMIC_ALLOCATION_POSSIBLE. */ + #if ( tskSTATIC_AND_DYNAMIC_ALLOCATION_POSSIBLE != 0 ) /*lint !e731 !e9029 Macro has been consolidated for readability reasons. */ + uint8_t ucStaticallyAllocated; /*< Set to pdTRUE if the task is a statically allocated to ensure no attempt is made to free the memory. */ + #endif + + #if ( INCLUDE_xTaskAbortDelay == 1 ) + uint8_t ucDelayAborted; + #endif + + #if ( configUSE_POSIX_ERRNO == 1 ) + int iTaskErrno; + #endif +} tskTCB; + +/* The old tskTCB name is maintained above then typedefed to the new TCB_t name + * below to enable the use of older kernel aware debuggers. */ +typedef tskTCB TCB_t; + +/*lint -save -e956 A manual analysis and inspection has been used to determine + * which static variables must be declared volatile. */ +PRIVILEGED_DATA TCB_t * volatile pxCurrentTCBs[ configNUM_CORES ] = { NULL }; +#define pxCurrentTCB xTaskGetCurrentTaskHandle() + +/* Lists for ready and blocked tasks. -------------------- + * xDelayedTaskList1 and xDelayedTaskList2 could be moved to function scope but + * doing so breaks some kernel aware debuggers and debuggers that rely on removing + * the static qualifier. */ +PRIVILEGED_DATA static List_t pxReadyTasksLists[ configMAX_PRIORITIES ]; /*< Prioritised ready tasks. */ +PRIVILEGED_DATA static List_t xDelayedTaskList1; /*< Delayed tasks. */ +PRIVILEGED_DATA static List_t xDelayedTaskList2; /*< Delayed tasks (two lists are used - one for delays that have overflowed the current tick count. */ +PRIVILEGED_DATA static List_t * volatile pxDelayedTaskList; /*< Points to the delayed task list currently being used. */ +PRIVILEGED_DATA static List_t * volatile pxOverflowDelayedTaskList; /*< Points to the delayed task list currently being used to hold tasks that have overflowed the current tick count. */ +PRIVILEGED_DATA static List_t xPendingReadyList; /*< Tasks that have been readied while the scheduler was suspended. They will be moved to the ready list when the scheduler is resumed. */ + + +#ifdef VERIFAST + /* Reason for rewrite: + * The stack macros rely on some of the macros defined above, e.g., + * `pxCurrentTCB`. We need to delay this inclusion until the relevant task + * macros have been defined. Otherwise, VeriFast will report unknown symbols + * when checking the stack macro proofs. + */ + #include "stack_macros.h" +#endif /* VERIFAST */ + + +#if ( INCLUDE_vTaskDelete == 1 ) + + PRIVILEGED_DATA static List_t xTasksWaitingTermination; /*< Tasks that have been deleted - but their memory not yet freed. */ + PRIVILEGED_DATA static volatile UBaseType_t uxDeletedTasksWaitingCleanUp = ( UBaseType_t ) 0U; + +#endif + +#if ( INCLUDE_vTaskSuspend == 1 ) + + PRIVILEGED_DATA static List_t xSuspendedTaskList; /*< Tasks that are currently suspended. */ + +#endif + +/* Global POSIX errno. Its value is changed upon context switching to match + * the errno of the currently running task. */ +#if ( configUSE_POSIX_ERRNO == 1 ) + int FreeRTOS_errno = 0; +#endif + +/* Other file private variables. --------------------------------*/ +PRIVILEGED_DATA static volatile UBaseType_t uxCurrentNumberOfTasks = ( UBaseType_t ) 0U; +PRIVILEGED_DATA static volatile TickType_t xTickCount = ( TickType_t ) configINITIAL_TICK_COUNT; +PRIVILEGED_DATA static volatile UBaseType_t uxTopReadyPriority = tskIDLE_PRIORITY; +PRIVILEGED_DATA static volatile BaseType_t xSchedulerRunning = pdFALSE; +PRIVILEGED_DATA static volatile TickType_t xPendedTicks = ( TickType_t ) 0U; +PRIVILEGED_DATA static volatile BaseType_t xYieldPendings[ configNUM_CORES ] = { pdFALSE }; +PRIVILEGED_DATA static volatile BaseType_t xNumOfOverflows = ( BaseType_t ) 0; +PRIVILEGED_DATA static UBaseType_t uxTaskNumber = ( UBaseType_t ) 0U; +PRIVILEGED_DATA static volatile TickType_t xNextTaskUnblockTime = ( TickType_t ) 0U; /* Initialised to portMAX_DELAY before the scheduler starts. */ +PRIVILEGED_DATA static TaskHandle_t xIdleTaskHandle[ configNUM_CORES ] = { NULL }; /*< Holds the handle of the idle task. The idle task is created automatically when the scheduler is started. */ + +#define xYieldPending prvGetCurrentYieldPending() + +/* Improve support for OpenOCD. The kernel tracks Ready tasks via priority lists. + * For tracking the state of remote threads, OpenOCD uses uxTopUsedPriority + * to determine the number of priority lists to read back from the remote target. */ +const volatile UBaseType_t uxTopUsedPriority = configMAX_PRIORITIES - 1U; + +/* Context switches are held pending while the scheduler is suspended. Also, + * interrupts must not manipulate the xStateListItem of a TCB, or any of the + * lists the xStateListItem can be referenced from, if the scheduler is suspended. + * If an interrupt needs to unblock a task while the scheduler is suspended then it + * moves the task's event list item into the xPendingReadyList, ready for the + * kernel to move the task from the pending ready list into the real ready list + * when the scheduler is unsuspended. The pending ready list itself can only be + * accessed from a critical section. + * + * Updates to uxSchedulerSuspended must be protected by both the task and ISR locks and + * must not be done by an ISR. Reads must be protected by either lock and may be done by + * either an ISR or a task. */ +PRIVILEGED_DATA static volatile UBaseType_t uxSchedulerSuspended = ( UBaseType_t ) pdFALSE; + +#if ( configGENERATE_RUN_TIME_STATS == 1 ) + +/* Do not move these variables to function scope as doing so prevents the + * code working with debuggers that need to remove the static qualifier. */ + PRIVILEGED_DATA static uint32_t ulTaskSwitchedInTime = 0UL; /*< Holds the value of a timer/counter the last time a task was switched in. */ + PRIVILEGED_DATA static volatile uint32_t ulTotalRunTime = 0UL; /*< Holds the total amount of execution time as defined by the run time counter clock. */ + +#endif + +/*lint -restore */ + +/*-----------------------------------------------------------*/ + +/* File private functions. --------------------------------*/ + +/* + * Creates the idle tasks during scheduler start + */ +static BaseType_t prvCreateIdleTasks( void ); + +/* + * Returns the yield pending count for the calling core. + */ +static BaseType_t prvGetCurrentYieldPending( void ); + +/* + * Checks to see if another task moved the current task out of the ready + * list while it was waiting to enter a critical section and yields if so. + */ +static void prvCheckForRunStateChange( void ); + +/* + * Yields the given core. + */ +static void prvYieldCore( BaseType_t xCoreID ); + +/* + * Yields a core, or cores if multiple priorities are not allowed to run + * simultaneously, to allow the task pxTCB to run. + */ +static void prvYieldForTask( TCB_t * pxTCB, + const BaseType_t xPreemptEqualPriority ); + +/* + * Selects the highest priority available task + */ +static BaseType_t prvSelectHighestPriorityTask( const BaseType_t xCoreID ); + +/** + * Utility task that simply returns pdTRUE if the task referenced by xTask is + * currently in the Suspended state, or pdFALSE if the task referenced by xTask + * is in any other state. + */ +#if ( INCLUDE_vTaskSuspend == 1 ) + + static BaseType_t prvTaskIsTaskSuspended( const TaskHandle_t xTask ) PRIVILEGED_FUNCTION; + +#endif /* INCLUDE_vTaskSuspend */ + +/* + * Utility to ready all the lists used by the scheduler. This is called + * automatically upon the creation of the first task. + */ +static void prvInitialiseTaskLists( void ) PRIVILEGED_FUNCTION; + +/* + * The idle task, which as all tasks is implemented as a never ending loop. + * The idle task is automatically created and added to the ready lists upon + * creation of the first user task. + * + */ +static portTASK_FUNCTION_PROTO( prvIdleTask, pvParameters ) PRIVILEGED_FUNCTION; +#if ( configNUM_CORES > 1 ) + static portTASK_FUNCTION_PROTO( prvMinimalIdleTask, pvParameters ) PRIVILEGED_FUNCTION; +#endif + +/* + * Utility to free all memory allocated by the scheduler to hold a TCB, + * including the stack pointed to by the TCB. + * + * This does not free memory allocated by the task itself (i.e. memory + * allocated by calls to pvPortMalloc from within the tasks application code). + */ +#if ( INCLUDE_vTaskDelete == 1 ) + + static void prvDeleteTCB( TCB_t * pxTCB ) PRIVILEGED_FUNCTION; + +#endif + +/* + * Used only by the idle task. This checks to see if anything has been placed + * in the list of tasks waiting to be deleted. If so the task is cleaned up + * and its TCB deleted. + */ +static void prvCheckTasksWaitingTermination( void ) PRIVILEGED_FUNCTION; + +/* + * The currently executing task is entering the Blocked state. Add the task to + * either the current or the overflow delayed task list. + */ +static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait, + const BaseType_t xCanBlockIndefinitely ) PRIVILEGED_FUNCTION; + +/* + * Fills an TaskStatus_t structure with information on each task that is + * referenced from the pxList list (which may be a ready list, a delayed list, + * a suspended list, etc.). + * + * THIS FUNCTION IS INTENDED FOR DEBUGGING ONLY, AND SHOULD NOT BE CALLED FROM + * NORMAL APPLICATION CODE. + */ +#if ( configUSE_TRACE_FACILITY == 1 ) + + static UBaseType_t prvListTasksWithinSingleList( TaskStatus_t * pxTaskStatusArray, + List_t * pxList, + eTaskState eState ) PRIVILEGED_FUNCTION; + +#endif + +/* + * Searches pxList for a task with name pcNameToQuery - returning a handle to + * the task if it is found, or NULL if the task is not found. + */ +#if ( INCLUDE_xTaskGetHandle == 1 ) + + static TCB_t * prvSearchForNameWithinSingleList( List_t * pxList, + const char pcNameToQuery[] ) PRIVILEGED_FUNCTION; + +#endif + +/* + * When a task is created, the stack of the task is filled with a known value. + * This function determines the 'high water mark' of the task stack by + * determining how much of the stack remains at the original preset value. + */ +#if ( ( configUSE_TRACE_FACILITY == 1 ) || ( INCLUDE_uxTaskGetStackHighWaterMark == 1 ) || ( INCLUDE_uxTaskGetStackHighWaterMark2 == 1 ) ) + + static configSTACK_DEPTH_TYPE prvTaskCheckFreeStackSpace( const uint8_t * pucStackByte ) PRIVILEGED_FUNCTION; + +#endif + +/* + * Return the amount of time, in ticks, that will pass before the kernel will + * next move a task from the Blocked state to the Running state. + * + * This conditional compilation should use inequality to 0, not equality to 1. + * This is to ensure portSUPPRESS_TICKS_AND_SLEEP() can be called when user + * defined low power mode implementations require configUSE_TICKLESS_IDLE to be + * set to a value other than 1. + */ +#if ( configUSE_TICKLESS_IDLE != 0 ) + + static TickType_t prvGetExpectedIdleTime( void ) PRIVILEGED_FUNCTION; + +#endif + +/* + * Set xNextTaskUnblockTime to the time at which the next Blocked state task + * will exit the Blocked state. + */ +static void prvResetNextTaskUnblockTime( void ) PRIVILEGED_FUNCTION; + +#if ( ( configUSE_TRACE_FACILITY == 1 ) && ( configUSE_STATS_FORMATTING_FUNCTIONS > 0 ) ) + +/* + * Helper function used to pad task names with spaces when printing out + * human readable tables of task information. + */ + static char * prvWriteNameToBuffer( char * pcBuffer, + const char * pcTaskName ) PRIVILEGED_FUNCTION; + +#endif + +/* + * Called after a Task_t structure has been allocated either statically or + * dynamically to fill in the structure's members. + */ +static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, + const char * const pcName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + const uint32_t ulStackDepth, + void * const pvParameters, + UBaseType_t uxPriority, + TaskHandle_t * const pxCreatedTask, + TCB_t * pxNewTCB, + const MemoryRegion_t * const xRegions ) PRIVILEGED_FUNCTION; + +/* + * Called after a new task has been created and initialised to place the task + * under the control of the scheduler. + */ +static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) PRIVILEGED_FUNCTION; + +/* + * freertos_tasks_c_additions_init() should only be called if the user definable + * macro FREERTOS_TASKS_C_ADDITIONS_INIT() is defined, as that is the only macro + * called by the function. + */ +#ifdef FREERTOS_TASKS_C_ADDITIONS_INIT + + static void freertos_tasks_c_additions_init( void ) PRIVILEGED_FUNCTION; + +#endif + +/*-----------------------------------------------------------*/ + +#ifndef VERIFAST + /* Reason for rewrite: + * VeriFast cannot handle inline assembler and both `portDISABLE_INTERRUPTS` + * and `portRESTORE_INTERRUPTS` expand to inline assembler instructions. + */ + static BaseType_t prvGetCurrentYieldPending( void ) + { + BaseType_t xReturn; + UBaseType_t ulState; + + ulState = portDISABLE_INTERRUPTS(); + xReturn = xYieldPendings[ portGET_CORE_ID() ]; + portRESTORE_INTERRUPTS( ulState ); + + return xReturn; + } +#endif /* VERIFAST */ + +/*-----------------------------------------------------------*/ + +#ifndef VERIFAST + /* Reason for rewrite: + * VeriFast cannot handle inline assembler and `portCHECK_IF_IN_ISR` + * expands to inline assembler. + */ +static void prvCheckForRunStateChange( void ) +{ + UBaseType_t uxPrevCriticalNesting; + UBaseType_t uxPrevSchedulerSuspended; + TCB_t * pxThisTCB; + + /* This should be skipped when entering a critical section within + * an ISR. If the task on the current core is no longer running, then + * vTaskSwitchContext() probably should be run before returning, but + * we don't have a way to force that to happen from here. */ + if( portCHECK_IF_IN_ISR() == pdFALSE ) + { + /* This function is always called with interrupts disabled + * so this is safe. */ + pxThisTCB = pxCurrentTCBs[ portGET_CORE_ID() ]; + + while( pxThisTCB->xTaskRunState == taskTASK_YIELDING ) + { + /* We are only here if we just entered a critical section + * or if we just suspended the scheduler, and another task + * has requested that we yield. + * + * This is slightly complicated since we need to save and restore + * the suspension and critical nesting counts, as well as release + * and reacquire the correct locks. And then do it all over again + * if our state changed again during the reacquisition. */ + + uxPrevCriticalNesting = pxThisTCB->uxCriticalNesting; + uxPrevSchedulerSuspended = uxSchedulerSuspended; + + /* this must only be called the first time we enter into a critical + * section, otherwise it could context switch in the middle of a + * critical section. */ + configASSERT( uxPrevCriticalNesting + uxPrevSchedulerSuspended == 1U ); + + uxSchedulerSuspended = 0U; + + if( uxPrevCriticalNesting > 0U ) + { + pxThisTCB->uxCriticalNesting = 0U; + portRELEASE_ISR_LOCK(); + portRELEASE_TASK_LOCK(); + } + else + { + /* uxPrevSchedulerSuspended must be 1 */ + portRELEASE_TASK_LOCK(); + } + + portMEMORY_BARRIER(); + configASSERT( pxThisTCB->xTaskRunState == taskTASK_YIELDING ); + + portENABLE_INTERRUPTS(); + + /* Enabling interrupts should cause this core to immediately + * service the pending interrupt and yield. If the run state is still + * yielding here then that is a problem. */ + configASSERT( pxThisTCB->xTaskRunState != taskTASK_YIELDING ); + + portDISABLE_INTERRUPTS(); + portGET_TASK_LOCK(); + portGET_ISR_LOCK(); + pxCurrentTCB->uxCriticalNesting = uxPrevCriticalNesting; + uxSchedulerSuspended = uxPrevSchedulerSuspended; + + if( uxPrevCriticalNesting == 0U ) + { + /* uxPrevSchedulerSuspended must be 1 */ + configASSERT( uxPrevSchedulerSuspended != ( UBaseType_t ) pdFALSE ); + portRELEASE_ISR_LOCK(); + } + } + } +} +#endif /* VERIFAST */ + +/*-----------------------------------------------------------*/ + +static void prvYieldCore( BaseType_t xCoreID ) +{ + /* This must be called from a critical section and + * xCoreID must be valid. */ + + if( portCHECK_IF_IN_ISR() && ( xCoreID == portGET_CORE_ID() ) ) + { + xYieldPendings[ xCoreID ] = pdTRUE; + } + else if( pxCurrentTCBs[ xCoreID ]->xTaskRunState != taskTASK_YIELDING ) + { + if( xCoreID == portGET_CORE_ID() ) + { + xYieldPendings[ xCoreID ] = pdTRUE; + } + #if ( configNUM_CORES > 1 ) + else + { + portYIELD_CORE( xCoreID ); + pxCurrentTCBs[ xCoreID ]->xTaskRunState = taskTASK_YIELDING; + } + #endif + } +} + +/*-----------------------------------------------------------*/ + +static void prvYieldForTask( TCB_t * pxTCB, + const BaseType_t xPreemptEqualPriority ) +{ + BaseType_t xLowestPriority; + BaseType_t xTaskPriority; + BaseType_t xLowestPriorityCore = -1; + BaseType_t xYieldCount = 0; + BaseType_t x; + TaskRunning_t xTaskRunState; + + /* THIS FUNCTION MUST BE CALLED FROM A CRITICAL SECTION */ + + configASSERT( pxCurrentTCB->uxCriticalNesting > 0U ); + + #if ( ( configRUN_MULTIPLE_PRIORITIES == 0 ) && ( configNUM_CORES > 1 ) ) + { + /* No task should yield for this one if it is a lower priority + * than priority level of currently ready tasks. */ + if( pxTCB->uxPriority < uxTopReadyPriority ) + { + return; + } + } + #endif + + xLowestPriority = ( BaseType_t ) pxTCB->uxPriority; + + if( xPreemptEqualPriority == pdFALSE ) + { + /* xLowestPriority will be decremented to -1 if the priority of pxTCB + * is 0. This is ok as we will give system idle tasks a priority of -1 below. */ + --xLowestPriority; + } + + for( x = ( BaseType_t ) 0; x < ( BaseType_t ) configNUM_CORES; x++ ) + { + /* System idle tasks are being assigned a priority of tskIDLE_PRIORITY - 1 here */ + xTaskPriority = ( BaseType_t ) pxCurrentTCBs[ x ]->uxPriority - pxCurrentTCBs[ x ]->xIsIdle; + xTaskRunState = pxCurrentTCBs[ x ]->xTaskRunState; + + if( ( taskTASK_IS_RUNNING( xTaskRunState ) != pdFALSE ) && ( xYieldPendings[ x ] == pdFALSE ) ) + { + if( xTaskPriority <= xLowestPriority ) + { + #if ( configNUM_CORES > 1 ) + #if ( configUSE_CORE_AFFINITY == 1 ) + if( ( pxTCB->uxCoreAffinityMask & ( 1 << x ) ) != 0 ) + #endif + #endif + { + #if ( configUSE_TASK_PREEMPTION_DISABLE == 1 ) + if( pxCurrentTCBs[ x ]->xPreemptionDisable == pdFALSE ) + #endif + { + xLowestPriority = xTaskPriority; + xLowestPriorityCore = x; + } + } + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + #if ( ( configRUN_MULTIPLE_PRIORITIES == 0 ) && ( configNUM_CORES > 1 ) ) && 1 + { + /* Yield all currently running non-idle tasks with a priority lower than + * the task that needs to run. */ + if( ( ( BaseType_t ) tskIDLE_PRIORITY - 1 < xTaskPriority ) && ( xTaskPriority < ( BaseType_t ) pxTCB->uxPriority ) ) + { + prvYieldCore( x ); + xYieldCount++; + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + #endif /* if ( ( configRUN_MULTIPLE_PRIORITIES == 0 ) && ( configNUM_CORES > 1 ) ) && 1 */ + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + + if( ( xYieldCount == 0 ) && taskVALID_CORE_ID( xLowestPriorityCore ) ) + { + prvYieldCore( xLowestPriorityCore ); + xYieldCount++; + } + + #if ( ( configRUN_MULTIPLE_PRIORITIES == 0 ) && ( configNUM_CORES > 1 ) ) + /* Verify that the calling core always yields to higher priority tasks */ + if( !pxCurrentTCBs[ portGET_CORE_ID() ]->xIsIdle && ( pxTCB->uxPriority > pxCurrentTCBs[ portGET_CORE_ID() ]->uxPriority ) ) + { + configASSERT( xYieldPendings[ portGET_CORE_ID() ] == pdTRUE || taskTASK_IS_RUNNING( pxCurrentTCBs[ portGET_CORE_ID() ]->xTaskRunState ) == pdFALSE ); + } + #endif +} +/*-----------------------------------------------------------*/ + +#if ( configUSE_PORT_OPTIMISED_TASK_SELECTION == 0 ) + + static BaseType_t prvSelectHighestPriorityTask( const BaseType_t xCoreID ) + /*@ requires 0 <= xCoreID &*& xCoreID < configNUM_CORES &*& + xCoreID == coreID_f() &*& + // interrupts are disabled and locks acquired + interruptState_p(xCoreID, ?state) &*& + interruptsDisabled_f(state) == true &*& + taskLockInv_p() &*& + isrLockInv_p() &*& + taskISRLockInv_p() + &*& + // opened predicate `coreLocalInterruptInv_p()` + [1/2]pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB0) &*& + integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) +// coreLocalSeg_TCB_p(gCurrentTCB0, 0) + &*& + // read access to current task's stack pointer, etc +// prvSeg_TCB_p(gCurrentTCB0, ?ulFreeBytesOnStack); + true; + @*/ + /*@ ensures 0 <= xCoreID &*& xCoreID < configNUM_CORES &*& + xCoreID == coreID_f() &*& + // interrupts are disabled and locks acquired + interruptState_p(xCoreID, state) &*& + interruptsDisabled_f(state) == true &*& + taskLockInv_p() &*& + isrLockInv_p() &*& + taskISRLockInv_p() + &*& + // opened predicate `coreLocalInterruptInv_p()` + [1/2]pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB) &*& + integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) +// coreLocalSeg_TCB_p(gCurrentTCB, 0) + &*& + // read access to current task's stack pointer, etc +// prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack); + true; + @*/ + { + //@ open taskISRLockInv_p(); + //@ assert( integer_((void*) &uxTopReadyPriority, sizeof(UBaseType_t), false, ?gTopReadyPriority0) ); + //@ assert( gTopReadyPriority0 == uxTopReadyPriority); + UBaseType_t uxCurrentPriority = uxTopReadyPriority; + BaseType_t xTaskScheduled = pdFALSE; + BaseType_t xDecrementTopPriority = pdTRUE; + + #if ( ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) ) + TCB_t * pxPreviousTCB = NULL; + #endif + #if ( ( configRUN_MULTIPLE_PRIORITIES == 0 ) && ( configNUM_CORES > 1 ) ) + BaseType_t xPriorityDropped = pdFALSE; + #endif + //@ close _taskISRLockInv_p(gTopReadyPriority0); + + while( xTaskScheduled == pdFALSE ) + /*@ invariant + // requires clause + 0 <= xCoreID &*& xCoreID < configNUM_CORES &*& + xCoreID == coreID_f() &*& + // interrupts are disabled and locks acquired + interruptState_p(xCoreID, state) &*& + interruptsDisabled_f(state) == true &*& + taskLockInv_p() &*& + isrLockInv_p() &*& + _taskISRLockInv_p(?gTopReadyPriority) + &*& + // opened predicate `coreLocalInterruptInv_p()` + [0.5]pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB) &*& + integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) + &*& + // additional knowledge + (xTaskScheduled == 0 + ? (0 <= uxCurrentPriority &*& uxCurrentPriority <= gTopReadyPriority &*& + gTopReadyPriority < configMAX_PRIORITIES + ) : true + ); + @*/ + { + #if ( ( configRUN_MULTIPLE_PRIORITIES == 0 ) && ( configNUM_CORES > 1 ) ) + { + if( uxCurrentPriority < uxTopReadyPriority ) + { + /* We can't schedule any tasks, other than idle, that have a + * priority lower than the priority of a task currently running + * on another core. */ + uxCurrentPriority = tskIDLE_PRIORITY; + } + } + #endif + + //@ open _taskISRLockInv_p(gTopReadyPriority); + //@ assert( exists_in_taskISRLockInv_p(?gTasks, ?gStates0) ); + //@ assert( integer_((void*) &uxTopReadyPriority, sizeof(UBaseType_t), false, gTopReadyPriority) ); + //@ assert( gTopReadyPriority == uxTopReadyPriority); + + //@ open readyLists_p(?gCellLists, ?gOwnerLists); + //@ assert( List_array_p(&pxReadyTasksLists, configMAX_PRIORITIES, gCellLists, gOwnerLists) ); + //@ List_array_p_index_within_limits(&pxReadyTasksLists, uxCurrentPriority); + //@ List_array_split(pxReadyTasksLists, uxCurrentPriority); + //@ assert( List_array_p(&pxReadyTasksLists, uxCurrentPriority, ?gPrefCellLists, ?gPrefOwnerLists) ); + /*@ assert( List_array_p(&pxReadyTasksLists + uxCurrentPriority + 1, + configMAX_PRIORITIES-uxCurrentPriority-1, ?gSufCellLists, ?gSufOwnerLists) ); + @*/ + //@ List_t* gReadyList = &pxReadyTasksLists[uxCurrentPriority]; + + //@ assert( xLIST(gReadyList, ?gSize, ?gIndex, ?gEnd, ?gCells, ?gVals, ?gOwners) ); + //@ assert( mem(gOwners, gOwnerLists) == true ); + + //@ open xLIST(gReadyList, _, _, _, _, _, _); + //@ assert( length(gCells) == gReadyList->uxNumberOfItems + 1 ); + if( listLIST_IS_EMPTY( &( pxReadyTasksLists[ uxCurrentPriority ] ) ) == pdFALSE ) + { + List_t * const pxReadyList = &( pxReadyTasksLists[ uxCurrentPriority ] ); + //@ assert( pxReadyList->pxIndex |-> gIndex ); + /*@ assert( DLS(gEnd, ?gEndPrev, gEnd, gEndPrev, + gCells, gVals, gOwners, gReadyList) ); + @*/ + + + //@ DLS_open_2(pxReadyList->pxIndex); + //@ assert( xLIST_ITEM(gIndex, _, ?gIndexNext, ?gIndexPrev, _, gReadyList) ); + ListItem_t * pxLastTaskItem = pxReadyList->pxIndex->pxPrevious; + ListItem_t * pxTaskItem = pxLastTaskItem; + //@ close xLIST_ITEM(gIndex, _, gIndexNext, gIndexPrev, _, gReadyList); + //@ DLS_close_2(pxReadyList->pxIndex, gCells, gVals, gOwners); + + //@ assert( mem(pxTaskItem, gCells) == true); + + //@ open DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gOwners, gReadyList); + //@ assert( xLIST_ITEM(&pxReadyList->xListEnd, _, _, _, _, gReadyList) ); + //@ open xLIST_ITEM(&pxReadyList->xListEnd, _, _, _, _, gReadyList); + // opening required to prove validity of `&( pxReadyList->xListEnd )` + ///@ assert( pointer_within_limits( &pxReadyList->xListEnd ) == true ); + //@ close xLIST_ITEM(&pxReadyList->xListEnd, _, _, _, _, gReadyList); + if( ( void * ) pxLastTaskItem == ( void * ) &( pxReadyList->xListEnd ) ) + { + //@ assert( gVals == cons(?gV, ?gRest) ); + //@ assert( xLIST_ITEM(?gOldLastTaskItem, gV, ?gO, gEndPrev, _, gReadyList) ); + pxLastTaskItem = pxLastTaskItem->pxPrevious; + //@ close xLIST_ITEM(gOldLastTaskItem, gV, gO, gEndPrev, _, gReadyList); + } + //@ close DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gOwners, gReadyList); + //@ close xLIST(gReadyList, _, gIndex, gEnd, gCells, gVals, gOwners); + + /* The ready task list for uxCurrentPriority is not empty, so uxTopReadyPriority + * must not be decremented any further */ + xDecrementTopPriority = pdFALSE; + + //@ mem_nth(uxCurrentPriority, gCellLists); + //@ assert( mem(gCells, gCellLists) == true); + + // Prove that `gTasks` contains all tasks in current ready + //@ forall_mem(gOwners, gOwnerLists, (superset)(gTasks)); + + //@ bool gInnerLoopBroken = false; + do + /*@ invariant + 0 <= xCoreID &*& xCoreID < configNUM_CORES &*& + xCoreID == coreID_f() &*& + pointer(&pxCurrentTCBs[coreID_f], gCurrentTCB) &*& + mem(pxTaskItem, gCells) == true &*& + xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners) &*& + gSize > 0 &*& + exists_in_taskISRLockInv_p(gTasks, ?gStates) + &*& + // Read permissions for every task + foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStates)) + &*& + // Write permission for task scheduled on this core + [1/2]sharedSeg_TCB_p(gCurrentTCB, ?gCurrentTCB_state) &*& + (gCurrentTCB_state == coreID_f() || gCurrentTCB_state == taskTASK_YIELDING) &*& + nth(index_of(gCurrentTCB, gTasks), gStates) == gCurrentTCB_state + &*& + // Write permissions for unscheduled tasks + foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) + &*& + subset(gOwners, gTasks) == true &*& + List_array_p(&pxReadyTasksLists, uxCurrentPriority, gPrefCellLists, + gPrefOwnerLists) &*& + List_array_p(&pxReadyTasksLists + uxCurrentPriority + 1, + configMAX_PRIORITIES-uxCurrentPriority-1, gSufCellLists, + gSufOwnerLists) &*& + !gInnerLoopBroken; + + @*/ + { + TCB_t * pxTCB; + + //@ open xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners); + //@ assert( DLS(gEnd, ?gEndPrev2, gEnd, gEndPrev2, gCells, gVals, gOwners, gReadyList) ); + + // Building an SSA for important variables helps us to + // refer to the right instances. + //@ struct xLIST_ITEM* gTaskItem_0 = pxTaskItem; + + //@ DLS_open_2(gTaskItem_0); + pxTaskItem = pxTaskItem->pxNext; + //@ struct xLIST_ITEM* gTaskItem_1 = pxTaskItem; + + //@ close xLIST_ITEM(gTaskItem_0, _, _, _, _, gReadyList); + //@ DLS_close_2(gTaskItem_0, gCells, gVals, gOwners); + + if( ( void * ) pxTaskItem == ( void * ) &( pxReadyList->xListEnd ) ) + { + // Prove that `gTaskItem_1->pxNext != gEnd` + //@ dls_distinct(gEnd, gEndPrev2, gEnd, gEndPrev2, gCells); + //@ open DLS(gEnd, gEndPrev2, gEnd, gEndPrev2, gCells, gVals, gOwners, gReadyList); + //@ open DLS(?gTaskItem_1_next, _, gEnd, gEndPrev2, _, _, _, gReadyList); + //@ assert( gTaskItem_1_next != gEnd ); + /*@ close DLS(gTaskItem_1_next, _, gEnd, gEndPrev2, + tail(gCells), tail(gVals), tail(gOwners), _); + @*/ + + pxTaskItem = pxTaskItem->pxNext; + //@ struct xLIST_ITEM* gTaskItem_2 = pxTaskItem; + + //@ close xLIST_ITEM(gTaskItem_1, _, _, _, _, gReadyList); + //@ close DLS(gEnd, gEndPrev2, gEnd, gEndPrev2, gCells, gVals, gOwners, gReadyList); + } + //@ struct xLIST_ITEM* gTaskItem_final = pxTaskItem; + + //@ DLS_open_2(gTaskItem_final); + pxTCB = pxTaskItem->pvOwner; + /*@ close xLIST_ITEM(gTaskItem_final, _, _, _, + pxTCB, gReadyList); + @*/ + //@ DLS_close_2(gTaskItem_final, gCells, gVals, gOwners); + + // Getting read access to fields of `pxTCB` + // aka first half of write permission + //@ assert( subset(gOwners, gTasks) == true ); + //@ mem_subset(pxTCB, gOwners, gTasks); + //@ foreach_remove(pxTCB, gTasks); + //@ assert( foreach(remove(pxTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); + + /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */ + + #if ( ( configRUN_MULTIPLE_PRIORITIES == 0 ) && ( configNUM_CORES > 1 ) ) + { + /* When falling back to the idle priority because only one priority + * level is allowed to run at a time, we should ONLY schedule the true + * idle tasks, not user tasks at the idle priority. */ + if( uxCurrentPriority < uxTopReadyPriority ) + { + if( pxTCB->xIsIdle == pdFALSE ) + { + continue; + } + } + } + #endif /* if ( ( configRUN_MULTIPLE_PRIORITIES == 0 ) && ( configNUM_CORES > 1 ) ) */ + + //@ bool gPxTCB_not_running = (pxTCB->xTaskRunState == taskTASK_NOT_RUNNING); + if( pxTCB->xTaskRunState == taskTASK_NOT_RUNNING ) + { + #if ( configNUM_CORES > 1 ) + #if ( configUSE_CORE_AFFINITY == 1 ) + if( ( pxTCB->uxCoreAffinityMask & ( 1 << xCoreID ) ) != 0 ) + #endif + #endif + { + //@ open exists_in_taskISRLockInv_p(gTasks, gStates); + //@ assert( nth(index_of(pxTCB, gTasks), gStates) == taskTASK_NOT_RUNNING); + //@ assert( foreach(remove(pxTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); + //@ assert( gCurrentTCB == pxCurrentTCBs[ xCoreID ] ); + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) ); + + /* We could reuse the read permission to `pxTCB` we extracted before the if statement. + * But putting permissions back as soon as we no longer need them simplifies the + * proof state and elimintates case-splits in the proof. + */ + + // Put read permission for `pxTCB` back + //@ close [1/2]sharedSeg_TCB_p(pxTCB, _); + //@ close readOnly_sharedSeg_TCB_p(gTasks, gStates)(pxTCB); + //@ foreach_unremove(pxTCB, gTasks); + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) ); + + // Get 2nd half of write permission for `gCurrentTCB` + //@ foreach_remove(gCurrentTCB, gTasks); + //@ assert( foreach(remove(gCurrentTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); + + /* If the task is not being executed by any core swap it in */ + pxCurrentTCBs[ xCoreID ]->xTaskRunState = taskTASK_NOT_RUNNING; + //@ assert( foreach(remove(gCurrentTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) ); + + // New states list reflects state update above. + //@ list gStates1 = def_state1(gTasks, gStates, gCurrentTCB, pxTCB); + //@ assert( nth(index_of(pxTCB, gTasks), gStates1) == taskTASK_NOT_RUNNING); + + /*@ close_updated_foreach_readOnly_sharedSeg_TCB(gCurrentTCB, gTasks, gStates, + gStates1, taskTASK_NOT_RUNNING); + @*/ + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStates1)) ); + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) ); + /*@ stopUpdate_foreach_readOnly_sharedSeg_TCB_IF_not_running + (gCurrentTCB, gTasks, gTasks, gStates, gStates1); + @*/ + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates1)) ); + + + // Get write permission for `pxTCB` + //@ foreach_remove(pxTCB, gTasks); + //@ foreach_remove(pxTCB, gTasks); + //@ open readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates1)(pxTCB); + + #if ( ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) ) + pxPreviousTCB = pxCurrentTCBs[ xCoreID ]; + #endif + pxTCB->xTaskRunState = ( TaskRunning_t ) xCoreID; + //@ assert( foreach(remove(pxTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates1)) ); + //@ assert( foreach(remove(pxTCB, gTasks), readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates1)) ); + /*@ list gStates2 = + def_state2(gTasks, gStates, gCurrentTCB, pxTCB, xCoreID); + @*/ + + /*@ close_updated_foreach_readOnly_sharedSeg_TCB(pxTCB, gTasks, gStates1, + gStates2, xCoreID); + @*/ + /*@ startUpdate_foreach_readOnly_sharedSeg_TCB_IF_not_running + (pxTCB, gTasks, gStates1, gStates2, xCoreID); + @*/ + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStates2)) ); + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates2)) ); + + + pxCurrentTCBs[ xCoreID ] = pxTCB; + xTaskScheduled = pdTRUE; + + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStates2)) ); + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates2)) ); + //@ close exists_in_taskISRLockInv_p(gTasks, gStates2); + + // Putting back first have of write permission to `pxTCB` + //@ close [1/2]sharedSeg_TCB_p(pxTCB, _); + } + } + else if( pxTCB == pxCurrentTCBs[ xCoreID ] ) + { + configASSERT( ( pxTCB->xTaskRunState == xCoreID ) || ( pxTCB->xTaskRunState == taskTASK_YIELDING ) ); + #if ( configNUM_CORES > 1 ) + #if ( configUSE_CORE_AFFINITY == 1 ) + if( ( pxTCB->uxCoreAffinityMask & ( 1 << xCoreID ) ) != 0 ) + #endif + #endif + { + //@ assert( pxTCB->xTaskRunState != taskTASK_NOT_RUNNING ); + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) ); + //@ assert( nth(index_of(pxTCB, gTasks), gStates) != taskTASK_NOT_RUNNING); + //@ assert( foreach(remove(pxTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); + + /* The task is already running on this core, mark it as scheduled */ + pxTCB->xTaskRunState = ( TaskRunning_t ) xCoreID; + xTaskScheduled = pdTRUE; + + /*@ list gEquivStates + = update(index_of(pxTCB, gTasks), xCoreID, gStates); + @*/ + //@ open exists_in_taskISRLockInv_p(gTasks, gStates); + /*@ scheduleRunning_in_foreach_readOnly_sharedSeg_TCB_IF_not_running + (pxTCB, gTasks, gStates, gEquivStates, xCoreID); + @*/ + + //@ distinct_mem_remove(pxTCB, gTasks); + //@ remove_result_subset(pxTCB, gTasks); + /*@ update_foreach_readOnly_sharedSeg_TCB + (pxTCB, gTasks, remove(pxTCB, gTasks), + gStates, gEquivStates, xCoreID); + @*/ + + //@ close exists_in_taskISRLockInv_p(gTasks, gEquivStates); + + // Put read permission for `pxTCB` back + //@ foreach_unremove(pxTCB, gTasks); + + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gEquivStates)) ); + //@ close [1/2]sharedSeg_TCB_p(pxTCB, _); + } + } + /*@ + if( !gPxTCB_not_running && pxTCB != gCurrentTCB ) { + assert( exists_in_taskISRLockInv_p(gTasks, gStates) ); + // Put read permission for `pxTCB` back + close [1/2]sharedSeg_TCB_p(pxTCB, _); + close readOnly_sharedSeg_TCB_p(gTasks, gStates)(pxTCB); + foreach_unremove(pxTCB, gTasks); + } + @*/ + + //@ close xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners); + + if( xTaskScheduled != pdFALSE ) + { + //@ close exists(gReadyList); + + //@ assert( xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners) ); + + /* Once a task has been selected to run on this core, + * move it to the end of the ready task list. */ +#ifdef VERIFAST + /* Reasons for rewrite: + * - Linearization of subproof for performance reasons: + * The contracts of `uxListRemove` and `vListInserEnd` introduce case distinctions, i.e., + * branch splits in the proof tree. This increases the size of the proof tree exponentially + * and checking the proof with VeriFast takes very long. + * The contract of lemma `VF_reordeReadyList` does not expose these case distinctions. + * Hence, wrapping the function calls inside the lemma linearizes the subproof and + * improves the performance of VeriFast exponentially. + * - Reasoning about the function calls requires us introduce many temporary new facts + * about the cell and owner lists by calling list lemmas. Introducing such facts can + * easily lead to an infinite loop of auto lemmas calls. Encapsulating the subproof in a + * lemma allows us to ingore facts necessary for different parts of the proof. + * That is, makes it easier to ensure that we don't run into an infinite auto lemma call + * loop. + */ + /*@ close VF_reordeReadyList__ghost_args + (gTasks, gCellLists, gOwnerLists, uxCurrentPriority); + @*/ + VF_reordeReadyList( pxReadyList, pxTaskItem); +#else + uxListRemove( pxTaskItem ); + vListInsertEnd( pxReadyList, pxTaskItem ); +#endif /* VERIFAST */ + //@ assert( readyLists_p(?gReorderedCellLists, ?gReorderedOwnerLists) ); + //@ assert( forall(gReorderedOwnerLists, (superset)(gTasks)) == true ); + //@ gInnerLoopBroken = true; + break; + } + + //@ assert( exists_in_taskISRLockInv_p(gTasks, ?gStatesEnd) ); + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStatesEnd)) ); + //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStatesEnd)) ); + } while( pxTaskItem != pxLastTaskItem ); + + /* - If the loop above terminated via the break-branch, + * the heap already contains a `readyLists_p` predicate. + * - If the loop terminated normally, the heap matches + * the loop invariant (plus all chunks not touched by the + * loop). In this case, we still have to close the + * `readyLists_p` predicate. + */ + /*@ + if( !gInnerLoopBroken ) { + closeUnchanged_readyLists(gCellLists, gOwnerLists); + + assert( readyLists_p(gCellLists, gOwnerLists) ); + assert( forall(gOwnerLists, (superset)(gTasks)) == true ); + } + @*/ + + + //@ assert( readyLists_p(?gCellLists3, ?gOwnerLists3) ); + //@ assert( forall(gOwnerLists3, (superset)(gTasks)) == true ); + } + else + { + if( xDecrementTopPriority != pdFALSE ) + { +#if VERIFAST + /* Reason for rewrite: Code not memory safe. + */ + if(uxTopReadyPriority > 0) { + uxTopReadyPriority--; + } +#else + uxTopReadyPriority--; +#endif /* VERIFAST */ + #if ( ( configRUN_MULTIPLE_PRIORITIES == 0 ) && ( configNUM_CORES > 1 ) ) + { + xPriorityDropped = pdTRUE; + } + #endif + } + + //@ close xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners); + + //@ closeUnchanged_readyLists(gCellLists, gOwnerLists); + } + + /* This function can get called by vTaskSuspend() before the scheduler is started. + * In that case, since the idle tasks have not yet been created it is possible that we + * won't find a new task to schedule. Return pdFALSE in this case. */ + if( ( xSchedulerRunning == pdFALSE ) && ( uxCurrentPriority == tskIDLE_PRIORITY ) && ( xTaskScheduled == pdFALSE ) ) + { + // @ assert( xLIST(gReadyList, ?gReadyListSize, _, _, gCells, gVals, gOwners) ); + // @ assert( gReadyListSize == gSize ); + // @ List_array_join(&pxReadyTasksLists); + // @ assert( List_array_p(&pxReadyTasksLists, ?gSize2, ?gCellLists2, ?gOwnerLists2) ); + // @ assert( gPrefCellLists == take(uxCurrentPriority, gCellLists) ); + // @ assert( gSufCellLists == drop(uxCurrentPriority + 1, gCellLists) ); + // @ assert( gCells == nth(uxCurrentPriority, gCellLists) ); + // @ assert( gCellLists2 == append(gPrefCellLists, cons(gCells, gSufCellLists)) ); + // @ append_take_nth_drop(uxCurrentPriority, gCellLists); + // @ append_take_nth_drop(uxCurrentPriority, gOwnerLists); + + // @ close readyLists_p(gCellLists2, gOwnerLists2); + //@ close taskISRLockInv_p(); + return pdFALSE; + } + +#ifndef VERIFAST + configASSERT( ( uxCurrentPriority > tskIDLE_PRIORITY ) || ( xTaskScheduled == pdTRUE ) ); +#endif /* VERIFAST */ + + +#if VERIFAST + /* Reason for rewrite: Code not memory safe. + */ + if(uxCurrentPriority > 0) { + uxCurrentPriority--; + } +#else + uxCurrentPriority--; +#endif /* VERIFAST */ + + // @ close xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners); + // @ assert( xLIST(gReadyList, ?gReadyListSize, _, _, gCells, gVals, gOwners) ); + // @ assert( gReadyListSize == gSize ); + // @ List_array_join(&pxReadyTasksLists); + // @ assert( List_array_p(&pxReadyTasksLists, ?gSize2, ?gCellLists2, ?gOwnerLists2) ); + // @ assert( gPrefCellLists == take(uxCurrentPriority, gCellLists) ); + // @ assert( gSufCellLists == drop(uxCurrentPriority + 1, gCellLists) ); + // @ assert( gCells == nth(uxCurrentPriority, gCellLists) ); + // @ assert( gCellLists2 == append(gPrefCellLists, cons(gCells, gSufCellLists)) ); + // @ append_take_nth_drop(uxCurrentPriority, gCellLists); + // @ append_take_nth_drop(uxCurrentPriority, gOwnerLists); + + +// //@ assert( List_array_p(&pxReadyTasksLists, ?gSize2, ?gCellLists2, ?gOwnerLists2) ); + + + //@ assert( exists_in_taskISRLockInv_p(gTasks, ?gStates) ); + // //@ close readyLists_p(gCellLists2, gOwnerLists2); + //@ close _taskISRLockInv_p(uxTopReadyPriority); + } // outer loop end + +#ifndef VERIFAST + configASSERT( taskTASK_IS_RUNNING( pxCurrentTCBs[ xCoreID ]->xTaskRunState ) ); +#endif /* VERIFAST */ + + #if ( ( configRUN_MULTIPLE_PRIORITIES == 0 ) && ( configNUM_CORES > 1 ) ) + if( xPriorityDropped != pdFALSE ) + { + /* There may be several ready tasks that were being prevented from running because there was + * a higher priority task running. Now that the last of the higher priority tasks is no longer + * running, make sure all the other idle tasks yield. */ + UBaseType_t x; + + for( x = ( BaseType_t ) 0; x < ( BaseType_t ) configNUM_CORES; x++ ) + { + if( pxCurrentTCBs[ x ]->xIsIdle != pdFALSE ) + { + prvYieldCore( x ); + } + } + } + #endif /* if ( ( configRUN_MULTIPLE_PRIORITIES == 0 ) && ( configNUM_CORES > 1 ) ) */ + + #if ( configNUM_CORES > 1 ) + #if ( configUSE_CORE_AFFINITY == 1 ) + if( ( pxPreviousTCB != NULL ) && ( listIS_CONTAINED_WITHIN( &( pxReadyTasksLists[ pxPreviousTCB->uxPriority ] ), &( pxPreviousTCB->xStateListItem ) ) != pdFALSE ) ) + { + /* A ready task was just bumped off this core. Look at the cores it can run from + * from to see if it is able to run on any of them */ + UBaseType_t uxCoreMap = pxPreviousTCB->uxCoreAffinityMask; + BaseType_t xLowestPriority = pxPreviousTCB->uxPriority - pxPreviousTCB->xIsIdle; + BaseType_t xLowestPriorityCore = -1; + + if( ( uxCoreMap & ( 1 << xCoreID ) ) != 0 ) + { + /* The ready task that was removed from this core is not excluded from it. + * Only look at the intersection of the cores the removed task is allowed to run + * on with the cores that the new task is excluded from. It is possible that the + * new task was only placed onto this core because it is excluded from another. + * Check to see if the previous task could run on one of those cores. */ + uxCoreMap &= ~( pxCurrentTCBs[ xCoreID ]->uxCoreAffinityMask ); + } + else + { + /* The ready task that was removed from this core is excluded from it. */ + } + + uxCoreMap &= ( ( 1 << configNUM_CORES ) - 1 ); + + while( uxCoreMap != 0 ) + { + int uxCore = 31UL - ( uint32_t ) __builtin_clz( uxCoreMap ); + + configASSERT( taskVALID_CORE_ID( uxCore ) ); + + uxCoreMap &= ~( 1 << uxCore ); + + BaseType_t xTaskPriority = ( BaseType_t ) pxCurrentTCBs[ uxCore ]->uxPriority - pxCurrentTCBs[ uxCore ]->xIsIdle; + + if( ( xTaskPriority < xLowestPriority ) && ( taskTASK_IS_RUNNING( pxCurrentTCBs[ uxCore ]->xTaskRunState ) != pdFALSE ) && ( xYieldPendings[ uxCore ] == pdFALSE ) ) + { + #if ( configUSE_TASK_PREEMPTION_DISABLE == 1 ) + if( pxCurrentTCBs[ uxCore ]->xPreemptionDisable == pdFALSE ) + #endif + { + xLowestPriority = xTaskPriority; + xLowestPriorityCore = uxCore; + } + } + } + + if( taskVALID_CORE_ID( xLowestPriorityCore ) ) + { + prvYieldCore( xLowestPriorityCore ); + } + } + #endif /* if ( configUSE_CORE_AFFINITY == 1 ) */ + #endif /* if ( configNUM_CORES > 1 ) */ + + //@ open _taskISRLockInv_p(_); + //@ close taskISRLockInv_p(); + return pdTRUE; + } + +#else /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ + + static void prvSelectHighestPriorityTask( BaseType_t xCoreID ) + { + UBaseType_t uxTopPriority; + + /* Find the highest priority list that contains ready tasks. */ + portGET_HIGHEST_PRIORITY( uxTopPriority, uxTopReadyPriority ); + configASSERT( listCURRENT_LIST_LENGTH( &( pxReadyTasksLists[ uxTopPriority ] ) ) > 0 ); + listGET_OWNER_OF_NEXT_ENTRY( pxCurrentTCB, &( pxReadyTasksLists[ uxTopPriority ] ) ); + } + +#endif /* configUSE_PORT_OPTIMISED_TASK_SELECTION */ +/*-----------------------------------------------------------*/ + +#if ( configSUPPORT_STATIC_ALLOCATION == 1 ) + + TaskHandle_t xTaskCreateStatic( TaskFunction_t pxTaskCode, + const char * const pcName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + const uint32_t ulStackDepth, + void * const pvParameters, + UBaseType_t uxPriority, + StackType_t * const puxStackBuffer, + StaticTask_t * const pxTaskBuffer ) + #if ( ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) ) + { + return xTaskCreateStaticAffinitySet(pxTaskCode, pcName, ulStackDepth, pvParameters, uxPriority, puxStackBuffer, pxTaskBuffer, tskNO_AFFINITY); + } + + TaskHandle_t xTaskCreateStaticAffinitySet( TaskFunction_t pxTaskCode, + const char * const pcName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + const uint32_t ulStackDepth, + void * const pvParameters, + UBaseType_t uxPriority, + StackType_t * const puxStackBuffer, + StaticTask_t * const pxTaskBuffer, + UBaseType_t uxCoreAffinityMask ) + #endif /* ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) */ + { + TCB_t * pxNewTCB; + TaskHandle_t xReturn; + + configASSERT( puxStackBuffer != NULL ); + configASSERT( pxTaskBuffer != NULL ); + + #if ( configASSERT_DEFINED == 1 ) + { + /* Sanity check that the size of the structure used to declare a + * variable of type StaticTask_t equals the size of the real task + * structure. */ + volatile size_t xSize = sizeof( StaticTask_t ); + configASSERT( xSize == sizeof( TCB_t ) ); + ( void ) xSize; /* Prevent lint warning when configASSERT() is not used. */ + } + #endif /* configASSERT_DEFINED */ + + if( ( pxTaskBuffer != NULL ) && ( puxStackBuffer != NULL ) ) + { + /* The memory used for the task's TCB and stack are passed into this + * function - use them. */ + pxNewTCB = ( TCB_t * ) pxTaskBuffer; /*lint !e740 !e9087 Unusual cast is ok as the structures are designed to have the same alignment, and the size is checked by an assert. */ + pxNewTCB->pxStack = ( StackType_t * ) puxStackBuffer; + + #if ( tskSTATIC_AND_DYNAMIC_ALLOCATION_POSSIBLE != 0 ) /*lint !e731 !e9029 Macro has been consolidated for readability reasons. */ + { + /* Tasks can be created statically or dynamically, so note this + * task was created statically in case the task is later deleted. */ + pxNewTCB->ucStaticallyAllocated = tskSTATICALLY_ALLOCATED_STACK_AND_TCB; + } + #endif /* tskSTATIC_AND_DYNAMIC_ALLOCATION_POSSIBLE */ + + prvInitialiseNewTask( pxTaskCode, pcName, ulStackDepth, pvParameters, uxPriority, &xReturn, pxNewTCB, NULL ); + + #if ( ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) ) + { + /* Set the task's affinity before scheduling it */ + pxNewTCB->uxCoreAffinityMask = uxCoreAffinityMask; + } + #endif + + prvAddNewTaskToReadyList( pxNewTCB ); + } + else + { + xReturn = NULL; + } + + return xReturn; + } + +#endif /* SUPPORT_STATIC_ALLOCATION */ +/*-----------------------------------------------------------*/ + +#if ( ( portUSING_MPU_WRAPPERS == 1 ) && ( configSUPPORT_STATIC_ALLOCATION == 1 ) ) + + BaseType_t xTaskCreateRestrictedStatic( const TaskParameters_t * const pxTaskDefinition, + TaskHandle_t * pxCreatedTask ) + #if ( ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) ) + { + return xTaskCreateRestrictedStaticAffinitySet( pxTaskDefinition, tskNO_AFFINITY, pxCreatedTask ); + } + + BaseType_t xTaskCreateRestrictedStaticAffinitySet( const TaskParameters_t * const pxTaskDefinition, + UBaseType_t uxCoreAffinityMask, + TaskHandle_t * pxCreatedTask ) + #endif /* ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) */ + { + TCB_t * pxNewTCB; + BaseType_t xReturn = errCOULD_NOT_ALLOCATE_REQUIRED_MEMORY; + + configASSERT( pxTaskDefinition->puxStackBuffer != NULL ); + configASSERT( pxTaskDefinition->pxTaskBuffer != NULL ); + + if( ( pxTaskDefinition->puxStackBuffer != NULL ) && ( pxTaskDefinition->pxTaskBuffer != NULL ) ) + { + /* Allocate space for the TCB. Where the memory comes from depends + * on the implementation of the port malloc function and whether or + * not static allocation is being used. */ + pxNewTCB = ( TCB_t * ) pxTaskDefinition->pxTaskBuffer; + + /* Store the stack location in the TCB. */ + pxNewTCB->pxStack = pxTaskDefinition->puxStackBuffer; + + #if ( tskSTATIC_AND_DYNAMIC_ALLOCATION_POSSIBLE != 0 ) + { + /* Tasks can be created statically or dynamically, so note this + * task was created statically in case the task is later deleted. */ + pxNewTCB->ucStaticallyAllocated = tskSTATICALLY_ALLOCATED_STACK_AND_TCB; + } + #endif /* tskSTATIC_AND_DYNAMIC_ALLOCATION_POSSIBLE */ + + prvInitialiseNewTask( pxTaskDefinition->pvTaskCode, + pxTaskDefinition->pcName, + ( uint32_t ) pxTaskDefinition->usStackDepth, + pxTaskDefinition->pvParameters, + pxTaskDefinition->uxPriority, + pxCreatedTask, pxNewTCB, + pxTaskDefinition->xRegions ); + + #if ( ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) ) + { + /* Set the task's affinity before scheduling it */ + pxNewTCB->uxCoreAffinityMask = uxCoreAffinityMask; + } + #endif + + prvAddNewTaskToReadyList( pxNewTCB ); + xReturn = pdPASS; + } + + return xReturn; + } + +#endif /* ( portUSING_MPU_WRAPPERS == 1 ) && ( configSUPPORT_STATIC_ALLOCATION == 1 ) */ +/*-----------------------------------------------------------*/ + +#if ( ( portUSING_MPU_WRAPPERS == 1 ) && ( configSUPPORT_DYNAMIC_ALLOCATION == 1 ) ) + + BaseType_t xTaskCreateRestricted( const TaskParameters_t * const pxTaskDefinition, + TaskHandle_t * pxCreatedTask ) + #if ( ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) ) + { + return xTaskCreateRestrictedAffinitySet( pxTaskDefinition, tskNO_AFFINITY, pxCreatedTask ); + } + + BaseType_t xTaskCreateRestrictedAffinitySet( const TaskParameters_t * const pxTaskDefinition, + UBaseType_t uxCoreAffinityMask, + TaskHandle_t * pxCreatedTask ) + #endif /* ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) */ + { + TCB_t * pxNewTCB; + BaseType_t xReturn = errCOULD_NOT_ALLOCATE_REQUIRED_MEMORY; + + configASSERT( pxTaskDefinition->puxStackBuffer ); + + if( pxTaskDefinition->puxStackBuffer != NULL ) + { + /* Allocate space for the TCB. Where the memory comes from depends + * on the implementation of the port malloc function and whether or + * not static allocation is being used. */ + pxNewTCB = ( TCB_t * ) pvPortMalloc( sizeof( TCB_t ) ); + + if( pxNewTCB != NULL ) + { + /* Store the stack location in the TCB. */ + pxNewTCB->pxStack = pxTaskDefinition->puxStackBuffer; + + #if ( tskSTATIC_AND_DYNAMIC_ALLOCATION_POSSIBLE != 0 ) + { + /* Tasks can be created statically or dynamically, so note + * this task had a statically allocated stack in case it is + * later deleted. The TCB was allocated dynamically. */ + pxNewTCB->ucStaticallyAllocated = tskSTATICALLY_ALLOCATED_STACK_ONLY; + } + #endif /* tskSTATIC_AND_DYNAMIC_ALLOCATION_POSSIBLE */ + + prvInitialiseNewTask( pxTaskDefinition->pvTaskCode, + pxTaskDefinition->pcName, + ( uint32_t ) pxTaskDefinition->usStackDepth, + pxTaskDefinition->pvParameters, + pxTaskDefinition->uxPriority, + pxCreatedTask, pxNewTCB, + pxTaskDefinition->xRegions ); + + #if ( ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) ) + { + /* Set the task's affinity before scheduling it */ + pxNewTCB->uxCoreAffinityMask = uxCoreAffinityMask; + } + #endif + + prvAddNewTaskToReadyList( pxNewTCB ); + xReturn = pdPASS; + } + } + + return xReturn; + } + +#endif /* portUSING_MPU_WRAPPERS */ +/*-----------------------------------------------------------*/ + +#if ( configSUPPORT_DYNAMIC_ALLOCATION == 1 ) + + BaseType_t xTaskCreate( TaskFunction_t pxTaskCode, + const char * const pcName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + const configSTACK_DEPTH_TYPE usStackDepth, + void * const pvParameters, + UBaseType_t uxPriority, + TaskHandle_t * const pxCreatedTask ) + /*@ requires usStackDepth * sizeof( StackType_t ) < UINTPTR_MAX &*& + usStackDepth > 18 &*& + // We assume that macro `configMAX_TASK_NAME_LEN` evaluates to 16. + chars(pcName, 16, _) &*& + *pxCreatedTask |-> _ &*& + interruptState_p(?coreID, _); + @*/ + //@ ensures true; + #if ( ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) ) + { + return xTaskCreateAffinitySet(pxTaskCode, pcName, usStackDepth, pvParameters, uxPriority, tskNO_AFFINITY, pxCreatedTask); + } + + BaseType_t xTaskCreateAffinitySet( TaskFunction_t pxTaskCode, + const char * const pcName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + const configSTACK_DEPTH_TYPE usStackDepth, + void * const pvParameters, + UBaseType_t uxPriority, + UBaseType_t uxCoreAffinityMask, + TaskHandle_t * const pxCreatedTask ) + #endif /* ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) */ + { + // Proof boken by switch to nightly build Nov 14, 2022 + // TODO: Adapt proof + //@ assume(false); + // ------------------------------------------------------------ + + + TCB_t * pxNewTCB; + BaseType_t xReturn; + + /* If the stack grows down then allocate the stack then the TCB so the stack + * does not grow into the TCB. Likewise if the stack grows up then allocate + * the TCB then the stack. */ + #if ( portSTACK_GROWTH > 0 ) + { + /* Allocate space for the TCB. Where the memory comes from depends on + * the implementation of the port malloc function and whether or not static + * allocation is being used. */ + pxNewTCB = ( TCB_t * ) pvPortMalloc( sizeof( TCB_t ) ); + + if( pxNewTCB != NULL ) + { + /* Allocate space for the stack used by the task being created. + * The base of the stack memory stored in the TCB so the task can + * be deleted later if required. */ + pxNewTCB->pxStack = ( StackType_t * ) pvPortMallocStack( ( ( ( size_t ) usStackDepth ) * sizeof( StackType_t ) ) ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ + + if( pxNewTCB->pxStack == NULL ) + { + /* Could not allocate the stack. Delete the allocated TCB. */ + vPortFree( pxNewTCB ); + pxNewTCB = NULL; + } + } + } + #else /* portSTACK_GROWTH */ + { + StackType_t * pxStack; + + /* Allocate space for the stack used by the task being created. */ + pxStack = pvPortMallocStack( ( ( ( size_t ) usStackDepth ) * sizeof( StackType_t ) ) ); /*lint !e9079 All values returned by pvPortMalloc() have at least the alignment required by the MCU's stack and this allocation is the stack. */ + + if( pxStack != NULL ) + { + /* Allocate space for the TCB. */ + pxNewTCB = ( TCB_t * ) pvPortMalloc( sizeof( TCB_t ) ); /*lint !e9087 !e9079 All values returned by pvPortMalloc() have at least the alignment required by the MCU's stack, and the first member of TCB_t is always a pointer to the task's stack. */ + + if( pxNewTCB != NULL ) + { + /* Store the stack location in the TCB. */ + pxNewTCB->pxStack = pxStack; + //@ close xLIST_ITEM(&pxNewTCB->xStateListItem, _, _, _, _); + //@ close xLIST_ITEM(&pxNewTCB->xEventListItem, _, _, _, _); + //@ chars__limits((char*) pxNewTCB->pxStack); + //@ assert( pxNewTCB->pxStack + (size_t) usStackDepth <= (StackType_t*) UINTPTR_MAX ); + //@ close uninit_TCB_p(pxNewTCB, ((size_t) usStackDepth) * sizeof(StackType_t)); + } + else + { + /* The stack cannot be used as the TCB was not created. Free + * it again. */ + vPortFreeStack( pxStack ); + } + } + else + { + pxNewTCB = NULL; + } + } + #endif /* portSTACK_GROWTH */ + + if( pxNewTCB != NULL ) + { + #if ( tskSTATIC_AND_DYNAMIC_ALLOCATION_POSSIBLE != 0 ) /*lint !e9029 !e731 Macro has been consolidated for readability reasons. */ + { + /* Tasks can be created statically or dynamically, so note this + * task was created dynamically in case it is later deleted. */ + pxNewTCB->ucStaticallyAllocated = tskDYNAMICALLY_ALLOCATED_STACK_AND_TCB; + } + #endif /* tskSTATIC_AND_DYNAMIC_ALLOCATION_POSSIBLE */ + + prvInitialiseNewTask( pxTaskCode, pcName, ( uint32_t ) usStackDepth, pvParameters, uxPriority, pxCreatedTask, pxNewTCB, NULL ); + + #if ( ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) ) + { + /* Set the task's affinity before scheduling it */ + pxNewTCB->uxCoreAffinityMask = uxCoreAffinityMask; + } + #endif + + /* TODO: Continue proof + * For now we stop verification here and concentrate on new + * verification target. + */ + //@ assume(false); + + prvAddNewTaskToReadyList( pxNewTCB ); + xReturn = pdPASS; + } + else + { + xReturn = errCOULD_NOT_ALLOCATE_REQUIRED_MEMORY; + } + + //@ assume(false); + // TODO: Remove! + // Allows us to focus on verifying called functions. + return xReturn; + } + +#endif /* configSUPPORT_DYNAMIC_ALLOCATION */ +/*-----------------------------------------------------------*/ + +static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, + const char * const pcName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + const uint32_t ulStackDepth, + void * const pvParameters, + UBaseType_t uxPriority, + TaskHandle_t * const pxCreatedTask, + TCB_t * pxNewTCB, + const MemoryRegion_t * const xRegions ) +/*@ requires uninit_TCB_p(pxNewTCB, ?stackSize) &*& + stackSize == ulStackDepth * sizeof(StackType_t) &*& + stackSize <= UINTPTR_MAX &*& + ulStackDepth > 18 &*& + // We assume that macro `configMAX_TASK_NAME_LEN` evaluates to 16. + chars(pcName, 16, _) &*& + *pxCreatedTask |-> _; + @*/ +/*@ ensures TCB_p(pxNewTCB, ?freeBytes) &*& + chars(pcName, 16, _) &*& + *pxCreatedTask |-> _; + @*/ +{ + // Proof boken by switch to nightly build Nov 14, 2022 + // TODO: Adapt proof + //@ assume(false); + // ------------------------------------------------------------ + + + StackType_t * pxTopOfStack; + UBaseType_t x; + + #if ( portUSING_MPU_WRAPPERS == 1 ) + /* Should the task be created in privileged mode? */ + BaseType_t xRunPrivileged; + + if( ( uxPriority & portPRIVILEGE_BIT ) != 0U ) + { + xRunPrivileged = pdTRUE; + } + else + { + xRunPrivileged = pdFALSE; + } + uxPriority &= ~portPRIVILEGE_BIT; + #endif /* portUSING_MPU_WRAPPERS == 1 */ + + + //@ open uninit_TCB_p(_,_); + + /* Avoid dependency on memset() if it is not required. */ + #if ( tskSET_NEW_STACKS_TO_KNOWN_VALUE == 1 ) + { + /* Fill the stack with a known value to assist debugging. */ + #ifdef VERIFAST + /* Reason for rewrite: + * - VeriFast reports type mismatch because + * `( int ) tskSTACK_FILL_BYTE` is passed for a char argument. + * + * TODO: Is the type mismatch a real error? + */ + ( void ) memset( pxNewTCB->pxStack, ( char ) tskSTACK_FILL_BYTE, ( size_t ) ulStackDepth * sizeof( StackType_t ) ); + #else + ( void ) memset( pxNewTCB->pxStack, ( int ) tskSTACK_FILL_BYTE, ( size_t ) ulStackDepth * sizeof( StackType_t ) ); + #endif + } + #endif /* tskSET_NEW_STACKS_TO_KNOWN_VALUE */ + + /* Calculate the top of stack address. This depends on whether the stack + * grows from high memory to low (as per the 80x86) or vice versa. + * portSTACK_GROWTH is used to make the result positive or negative as required + * by the port. */ + #if ( portSTACK_GROWTH < 0 ) + { + pxTopOfStack = &( pxNewTCB->pxStack[ ulStackDepth - ( uint32_t ) 1 ] ); + //@ StackType_t* gOldTop = pxTopOfStack; + //@ char* gcStack = (char*) pxNewTCB->pxStack; + + /* Set the following flag to skip and expensive part of this proof: + * `VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT` + * + * For VeriFast bit vector proofs are very computation intensive. + * Hence, reasoning about the stack alignment below takes relatively + * long. + */ + #ifndef VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT + // Axiomatize that pointers on RP2040 are 32bit + //@ ptr_range(pxTopOfStack); + + /* Convert top and mask to VeriFast bitvectors and establish + * relation to C variables. + * Note that on RP2040: + * - `portPOINTER_SIZE_TYPE` == `uint32_t` + * - `portBYTE_ALIGNMENT_MASK` == `0x0007` + */ + //@ uint32_t gMask = 0x0007; + //@ Z gzTop = Z_of_uint32((int) pxTopOfStack); + //@ Z gzMask = Z_of_uint32((int) gMask); + //@ bitnot_def(gMask, gzMask); + //@ bitand_def((int) pxTopOfStack, gzTop, ~gMask, Z_not(gzMask)); + #else + /* Axiomatise that no over- or underflow occurs. + * We further assume that `portPOINTER_SIZE_TYPE` evaluates to + * `uint32_t`. + */ + //@ ptr_range(pxTopOfStack); + /*@ assume( ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) + & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ) + > 0 ); + @*/ + /*@ assume( ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) + & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ) + <= (StackType_t*) UINTPTR_MAX ); + @*/ + #endif /* VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT */ + + pxTopOfStack = ( StackType_t * ) ( ( ( portPOINTER_SIZE_TYPE ) pxTopOfStack ) & ( ~( ( portPOINTER_SIZE_TYPE ) portBYTE_ALIGNMENT_MASK ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception. Avoiding casts between pointers and integers is not practical. Size differences accounted for using portPOINTER_SIZE_TYPE type. Checked by assert(). */ + + #ifndef VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT + //@ uint32_t gUnalignedBytes = (char*) gOldTop - (char*) pxTopOfStack; + + // The following alignment assertions hold but take very long to verify. + ///@ assert( pxTopOfStack <= gOldTop ); + ///@ assert( gOldTop - 7 <= pxTopOfStack ); + + // Same as above but for aligned top pointer: + //@ Z gzAlignedTop = Z_of_uint32((int) pxTopOfStack); + //@ bitand_def((int) pxTopOfStack, gzAlignedTop, gMask, gzMask); + #else + /* Axiomatize that alignmet check succeeds. + * We further assume that `portPOINTER_SIZE_TYPE` evaluates to + * `uint32_t`*/ + //@ ptr_range(pxTopOfStack); + /*@ assume( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL ); + @*/ + #endif /* VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT */ + + /* Check the alignment of the calculated top of stack is correct. */ + configASSERT( ( ( ( portPOINTER_SIZE_TYPE ) pxTopOfStack & ( portPOINTER_SIZE_TYPE ) portBYTE_ALIGNMENT_MASK ) == 0UL ) ); + + #ifndef VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT + /* Remark: Moving this proof step in front of the above + * assertion increases proof checking time by a lot. + */ + /*@ + if( pxTopOfStack < gOldTop ) + { + chars_split_at(gcStack, (char*) pxTopOfStack + sizeof(StackType_t)); + } + @*/ + #else + /* Axiomatize that bit vector operations did not change stack + * pointer. + */ + /* TODO: Can we simplify the axiomatizations here and above + * by assuming that the top pointer was already aligned? + */ + //@ assume( pxTopOfStack == gOldTop ); + //@ int gUnalignedBytes = 0; + #endif /* VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT */ + + //@ assert( chars(gcStack, ?gFreeBytes, _) ); + //@ char* gUnalignedPtr = (char*) pxNewTCB->pxStack + gFreeBytes; + //@ close unalignedRestOfStack_p(gUnalignedPtr, gUnalignedBytes); + //@ close stack_p_2(pxNewTCB->pxStack, ulStackDepth, pxTopOfStack, gFreeBytes, 0, gUnalignedBytes); + + + #if ( configRECORD_STACK_HIGH_ADDRESS == 1 ) + { + /* Also record the stack's high address, which may assist + * debugging. */ + pxNewTCB->pxEndOfStack = pxTopOfStack; + } + #endif /* configRECORD_STACK_HIGH_ADDRESS */ + } + #else /* portSTACK_GROWTH */ + { + pxTopOfStack = pxNewTCB->pxStack; + + /* Check the alignment of the stack buffer is correct. */ + configASSERT( ( ( ( portPOINTER_SIZE_TYPE ) pxNewTCB->pxStack & ( portPOINTER_SIZE_TYPE ) portBYTE_ALIGNMENT_MASK ) == 0UL ) ); + + /* The other extreme of the stack space is required if stack checking is + * performed. */ + pxNewTCB->pxEndOfStack = pxNewTCB->pxStack + ( ulStackDepth - ( uint32_t ) 1 ); + } + #endif /* portSTACK_GROWTH */ + + /* Store the task name in the TCB. */ + if( pcName != NULL ) + { + for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) configMAX_TASK_NAME_LEN; x++ ) + /*@ invariant chars_(pxNewTCB->pcTaskName, 16, _) &*& + chars(pcName, 16, _); + @*/ + { + pxNewTCB->pcTaskName[ x ] = pcName[ x ]; + + /* Don't copy all configMAX_TASK_NAME_LEN if the string is shorter than + * configMAX_TASK_NAME_LEN characters just in case the memory after the + * string is not accessible (extremely unlikely). */ + if( pcName[ x ] == ( char ) 0x00 ) + { + break; + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + + /* Ensure the name string is terminated in the case that the string length + * was greater or equal to configMAX_TASK_NAME_LEN. */ + pxNewTCB->pcTaskName[ configMAX_TASK_NAME_LEN - 1 ] = '\0'; + } + else + { + /* The task has not been given a name, so just ensure there is a NULL + * terminator when it is read out. */ + pxNewTCB->pcTaskName[ 0 ] = 0x00; + } + + /* This is used as an array index so must ensure it's not too large. First + * remove the privilege bit if one is present. */ + if( uxPriority >= ( UBaseType_t ) configMAX_PRIORITIES ) + { + uxPriority = ( UBaseType_t ) configMAX_PRIORITIES - ( UBaseType_t ) 1U; + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + pxNewTCB->uxPriority = uxPriority; + #if ( configUSE_MUTEXES == 1 ) + { + pxNewTCB->uxBasePriority = uxPriority; + pxNewTCB->uxMutexesHeld = 0; + } + #endif /* configUSE_MUTEXES */ + + vListInitialiseItem( &( pxNewTCB->xStateListItem ) ); + vListInitialiseItem( &( pxNewTCB->xEventListItem ) ); + + + /* Set the pxNewTCB as a link back from the ListItem_t. This is so we can get + * back to the containing TCB from a generic item in a list. */ + listSET_LIST_ITEM_OWNER( &( pxNewTCB->xStateListItem ), pxNewTCB ); + + /* Event lists are always in priority order. */ + listSET_LIST_ITEM_VALUE( &( pxNewTCB->xEventListItem ), ( TickType_t ) configMAX_PRIORITIES - ( TickType_t ) uxPriority ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ + listSET_LIST_ITEM_OWNER( &( pxNewTCB->xEventListItem ), pxNewTCB ); + + // Closing predicates early simplifies the symbolic heap and proof debugging. + //@ close xLIST_ITEM(&pxNewTCB->xStateListItem, _, _, _, _); + //@ close xLIST_ITEM(&pxNewTCB->xEventListItem, _, _, _, _); + + #if ( portCRITICAL_NESTING_IN_TCB == 1 ) + { + pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U; + } + #endif /* portCRITICAL_NESTING_IN_TCB */ + + #if ( configUSE_APPLICATION_TASK_TAG == 1 ) + { + pxNewTCB->pxTaskTag = NULL; + } + #endif /* configUSE_APPLICATION_TASK_TAG */ + + #if ( configGENERATE_RUN_TIME_STATS == 1 ) + { + pxNewTCB->ulRunTimeCounter = 0UL; + } + #endif /* configGENERATE_RUN_TIME_STATS */ + + #if ( portUSING_MPU_WRAPPERS == 1 ) + { + vPortStoreTaskMPUSettings( &( pxNewTCB->xMPUSettings ), xRegions, pxNewTCB->pxStack, ulStackDepth ); + } + #else + { + /* Avoid compiler warning about unreferenced parameter. */ + ( void ) xRegions; + } + #endif + + #if ( configNUM_THREAD_LOCAL_STORAGE_POINTERS != 0 ) + { + //@ pointers__to_chars_(pxNewTCB->pvThreadLocalStoragePointers); + //@ assert(chars_((char*) pxNewTCB->pvThreadLocalStoragePointers, _, _)); + //@ assert(chars_(_, sizeof( pxNewTCB->pvThreadLocalStoragePointers ), _)); + memset( ( void * ) &( pxNewTCB->pvThreadLocalStoragePointers[ 0 ] ), 0x00, sizeof( pxNewTCB->pvThreadLocalStoragePointers ) ); + } + #endif + + #if ( configUSE_TASK_NOTIFICATIONS == 1 ) + { + ///@ assert( integers__(pxNewTCB->ulNotifiedValue, _, _, 1, _) ); + ///@ integers___to_integers_(pxNewTCB->ulNotifiedValue); + ///@ integers__to_chars(pxNewTCB->ulNotifiedValue); + //@integers___to_integers_(pxNewTCB->ulNotifiedValue); + //@ integers__to_chars(pxNewTCB->ulNotifiedValue); + memset( ( void * ) &( pxNewTCB->ulNotifiedValue[ 0 ] ), 0x00, sizeof( pxNewTCB->ulNotifiedValue ) ); + //@ uchars__to_chars_(pxNewTCB->ucNotifyState); + memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) ); + //@ chars_to_uchars(pxNewTCB->ucNotifyState); + } + #endif + + #if ( configUSE_NEWLIB_REENTRANT == 1 ) + { + /* Initialise this task's Newlib reent structure. + * See the third party link http://www.nadler.com/embedded/newlibAndFreeRTOS.html + * for additional information. */ + _REENT_INIT_PTR( ( &( pxNewTCB->xNewLib_reent ) ) ); + } + #endif + + #if ( INCLUDE_xTaskAbortDelay == 1 ) + { + #ifdef VERIFAST + /* Reason for rewrite: Assignment not type safe. */ + pxNewTCB->ucDelayAborted = pd_U_FALSE; + #else + pxNewTCB->ucDelayAborted = pdFALSE; + #endif + } + #endif + + #if ( configNUM_CORES > 1 ) + #if ( configUSE_CORE_AFFINITY == 1 ) + { + pxNewTCB->uxCoreAffinityMask = tskNO_AFFINITY; + } + #endif + #endif + #if ( configUSE_TASK_PREEMPTION_DISABLE == 1 ) + { + pxNewTCB->xPreemptionDisable = 0; + } + #endif + + /* Initialize the TCB stack to look as if the task was already running, + * but had been interrupted by the scheduler. The return address is set + * to the start of the task function. Once the stack has been initialised + * the top of stack variable is updated. */ + #if ( portUSING_MPU_WRAPPERS == 1 ) + { + /* If the port has capability to detect stack overflow, + * pass the stack end address to the stack initialization + * function as well. */ + #if ( portHAS_STACK_OVERFLOW_CHECKING == 1 ) + { + #if ( portSTACK_GROWTH < 0 ) + { + pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxNewTCB->pxStack, pxTaskCode, pvParameters, xRunPrivileged ); + } + #else /* portSTACK_GROWTH */ + { + pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxNewTCB->pxEndOfStack, pxTaskCode, pvParameters, xRunPrivileged ); + } + #endif /* portSTACK_GROWTH */ + } + #else /* portHAS_STACK_OVERFLOW_CHECKING */ + { + pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters, xRunPrivileged ); + } + #endif /* portHAS_STACK_OVERFLOW_CHECKING */ + } + #else /* portUSING_MPU_WRAPPERS */ + { + /* If the port has capability to detect stack overflow, + * pass the stack end address to the stack initialization + * function as well. */ + #if ( portHAS_STACK_OVERFLOW_CHECKING == 1 ) + { + #if ( portSTACK_GROWTH < 0 ) + { + pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxNewTCB->pxStack, pxTaskCode, pvParameters ); + } + #else /* portSTACK_GROWTH */ + { + pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxNewTCB->pxEndOfStack, pxTaskCode, pvParameters ); + } + #endif /* portSTACK_GROWTH */ + } + #else /* portHAS_STACK_OVERFLOW_CHECKING */ + { + pxNewTCB->pxTopOfStack = pxPortInitialiseStack( pxTopOfStack, pxTaskCode, pvParameters ); + } + #endif /* portHAS_STACK_OVERFLOW_CHECKING */ + } + #endif /* portUSING_MPU_WRAPPERS */ + + /* Initialize to not running */ + pxNewTCB->xTaskRunState = taskTASK_NOT_RUNNING; + + /* Is this an idle task? */ + if( pxTaskCode == prvIdleTask ) + { + pxNewTCB->xIsIdle = pdTRUE; + } + + #if ( configNUM_CORES > 1 ) + else if( pxTaskCode == prvMinimalIdleTask ) + { + pxNewTCB->xIsIdle = pdTRUE; + } + #endif + else + { + pxNewTCB->xIsIdle = pdFALSE; + } + + if( pxCreatedTask != NULL ) + { + /* Pass the handle out in an anonymous way. The handle can be used to + * change the created task's priority, delete the created task, etc.*/ + *pxCreatedTask = ( TaskHandle_t ) pxNewTCB; + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + //@ assert( stack_p_2(_, _, _, ?gFreeBytes, _, _) ); + //@ close TCB_p(pxNewTCB, gFreeBytes); +} +/*-----------------------------------------------------------*/ + +static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) +/*//@ requires interruptState_p(?coreID, _) &*& + unprotectedGlobalVars(); + @*/ +/*//@ ensures true; + @*/ +{ + /* Ensure interrupts don't access the task lists while the lists are being + * updated. */ + taskENTER_CRITICAL(); + { + uxCurrentNumberOfTasks++; + + if( xSchedulerRunning == pdFALSE ) + { + if( uxCurrentNumberOfTasks == ( UBaseType_t ) 1 ) + { + /* This is the first task to be created so do the preliminary + * initialisation required. We will not recover if this call + * fails, but we will report the failure. */ + prvInitialiseTaskLists(); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + if( pxNewTCB->xIsIdle != pdFALSE ) + { + BaseType_t xCoreID; + + /* Check if a core is free. */ + for( xCoreID = ( UBaseType_t ) 0; xCoreID < ( UBaseType_t ) configNUM_CORES; xCoreID++ ) + { + if( pxCurrentTCBs[ xCoreID ] == NULL ) + { + pxNewTCB->xTaskRunState = xCoreID; + pxCurrentTCBs[ xCoreID ] = pxNewTCB; + break; + } + } + } + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + uxTaskNumber++; + + #if ( configUSE_TRACE_FACILITY == 1 ) + { + /* Add a counter into the TCB for tracing only. */ + pxNewTCB->uxTCBNumber = uxTaskNumber; + } + #endif /* configUSE_TRACE_FACILITY */ + traceTASK_CREATE( pxNewTCB ); + + prvAddTaskToReadyList( pxNewTCB ); + + portSETUP_TCB( pxNewTCB ); + + if( xSchedulerRunning != pdFALSE ) + { + /* If the created task is of a higher priority than another + * currently running task and preemption is on then it should + * run now. */ + #if ( configUSE_PREEMPTION == 1 ) + prvYieldForTask( pxNewTCB, pdFALSE ); + #endif + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + taskEXIT_CRITICAL(); +} +/*-----------------------------------------------------------*/ + +#if ( INCLUDE_vTaskDelete == 1 ) + + void vTaskDelete( TaskHandle_t xTaskToDelete ) + { + TCB_t * pxTCB; + TaskRunning_t xTaskRunningOnCore; + + taskENTER_CRITICAL(); + { + /* If null is passed in here then it is the calling task that is + * being deleted. */ + pxTCB = prvGetTCBFromHandle( xTaskToDelete ); + + xTaskRunningOnCore = pxTCB->xTaskRunState; + + /* Remove task from the ready/delayed list. */ + if( uxListRemove( &( pxTCB->xStateListItem ) ) == ( UBaseType_t ) 0 ) + { + taskRESET_READY_PRIORITY( pxTCB->uxPriority ); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + /* Is the task waiting on an event also? */ + if( listLIST_ITEM_CONTAINER( &( pxTCB->xEventListItem ) ) != NULL ) + { + ( void ) uxListRemove( &( pxTCB->xEventListItem ) ); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + /* Increment the uxTaskNumber also so kernel aware debuggers can + * detect that the task lists need re-generating. This is done before + * portPRE_TASK_DELETE_HOOK() as in the Windows port that macro will + * not return. */ + uxTaskNumber++; + + /* If the task is running (or yielding), we must add it to the + * termination list so that an idle task can delete it when it is + * no longer running. */ + if( xTaskRunningOnCore != taskTASK_NOT_RUNNING ) + { + /* A running task is being deleted. This cannot complete within the + * task itself, as a context switch to another task is required. + * Place the task in the termination list. The idle task will + * check the termination list and free up any memory allocated by + * the scheduler for the TCB and stack of the deleted task. */ + vListInsertEnd( &xTasksWaitingTermination, &( pxTCB->xStateListItem ) ); + + /* Increment the ucTasksDeleted variable so the idle task knows + * there is a task that has been deleted and that it should therefore + * check the xTasksWaitingTermination list. */ + ++uxDeletedTasksWaitingCleanUp; + + /* Call the delete hook before portPRE_TASK_DELETE_HOOK() as + * portPRE_TASK_DELETE_HOOK() does not return in the Win32 port. */ + traceTASK_DELETE( pxTCB ); + + /* The pre-delete hook is primarily for the Windows simulator, + * in which Windows specific clean up operations are performed, + * after which it is not possible to yield away from this task - + * hence xYieldPending is used to latch that a context switch is + * required. */ + portPRE_TASK_DELETE_HOOK( pxTCB, &xYieldPendings[ pxTCB->xTaskRunState ] ); + } + else + { + --uxCurrentNumberOfTasks; + traceTASK_DELETE( pxTCB ); + prvDeleteTCB( pxTCB ); + + /* Reset the next expected unblock time in case it referred to + * the task that has just been deleted. */ + prvResetNextTaskUnblockTime(); + } + + /* Force a reschedule if the task that has just been deleted was running. */ + if( ( xSchedulerRunning != pdFALSE ) && ( taskTASK_IS_RUNNING( xTaskRunningOnCore ) ) ) + { + BaseType_t xCoreID; + + xCoreID = portGET_CORE_ID(); + + if( xTaskRunningOnCore == xCoreID ) + { + configASSERT( uxSchedulerSuspended == 0 ); + vTaskYieldWithinAPI(); + } + else + { + prvYieldCore( xTaskRunningOnCore ); + } + } + } + taskEXIT_CRITICAL(); + } + +#endif /* INCLUDE_vTaskDelete */ +/*-----------------------------------------------------------*/ + +#if ( INCLUDE_xTaskDelayUntil == 1 ) + + BaseType_t xTaskDelayUntil( TickType_t * const pxPreviousWakeTime, + const TickType_t xTimeIncrement ) + { + TickType_t xTimeToWake; + BaseType_t xAlreadyYielded, xShouldDelay = pdFALSE; + + configASSERT( pxPreviousWakeTime ); + configASSERT( ( xTimeIncrement > 0U ) ); + + vTaskSuspendAll(); + { + configASSERT( uxSchedulerSuspended == 1 ); + + /* Minor optimisation. The tick count cannot change in this + * block. */ + const TickType_t xConstTickCount = xTickCount; + + /* Generate the tick time at which the task wants to wake. */ + xTimeToWake = *pxPreviousWakeTime + xTimeIncrement; + + if( xConstTickCount < *pxPreviousWakeTime ) + { + /* The tick count has overflowed since this function was + * lasted called. In this case the only time we should ever + * actually delay is if the wake time has also overflowed, + * and the wake time is greater than the tick time. When this + * is the case it is as if neither time had overflowed. */ + if( ( xTimeToWake < *pxPreviousWakeTime ) && ( xTimeToWake > xConstTickCount ) ) + { + xShouldDelay = pdTRUE; + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + else + { + /* The tick time has not overflowed. In this case we will + * delay if either the wake time has overflowed, and/or the + * tick time is less than the wake time. */ + if( ( xTimeToWake < *pxPreviousWakeTime ) || ( xTimeToWake > xConstTickCount ) ) + { + xShouldDelay = pdTRUE; + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + + /* Update the wake time ready for the next call. */ + *pxPreviousWakeTime = xTimeToWake; + + if( xShouldDelay != pdFALSE ) + { + traceTASK_DELAY_UNTIL( xTimeToWake ); + + /* prvAddCurrentTaskToDelayedList() needs the block time, not + * the time to wake, so subtract the current tick count. */ + prvAddCurrentTaskToDelayedList( xTimeToWake - xConstTickCount, pdFALSE ); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + xAlreadyYielded = xTaskResumeAll(); + + /* Force a reschedule if xTaskResumeAll has not already done so, we may + * have put ourselves to sleep. */ + if( xAlreadyYielded == pdFALSE ) + { + vTaskYieldWithinAPI(); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + return xShouldDelay; + } + +#endif /* INCLUDE_xTaskDelayUntil */ +/*-----------------------------------------------------------*/ + +#if ( INCLUDE_vTaskDelay == 1 ) + + void vTaskDelay( const TickType_t xTicksToDelay ) + { + BaseType_t xAlreadyYielded = pdFALSE; + + /* A delay time of zero just forces a reschedule. */ + if( xTicksToDelay > ( TickType_t ) 0U ) + { + vTaskSuspendAll(); + { + configASSERT( uxSchedulerSuspended == 1 ); + traceTASK_DELAY(); + + /* A task that is removed from the event list while the + * scheduler is suspended will not get placed in the ready + * list or removed from the blocked list until the scheduler + * is resumed. + * + * This task cannot be in an event list as it is the currently + * executing task. */ + prvAddCurrentTaskToDelayedList( xTicksToDelay, pdFALSE ); + } + xAlreadyYielded = xTaskResumeAll(); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + /* Force a reschedule if xTaskResumeAll has not already done so, we may + * have put ourselves to sleep. */ + if( xAlreadyYielded == pdFALSE ) + { + vTaskYieldWithinAPI(); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + +#endif /* INCLUDE_vTaskDelay */ +/*-----------------------------------------------------------*/ + +#if ( ( INCLUDE_eTaskGetState == 1 ) || ( configUSE_TRACE_FACILITY == 1 ) || ( INCLUDE_xTaskAbortDelay == 1 ) ) + + eTaskState eTaskGetState( TaskHandle_t xTask ) + { + eTaskState eReturn; + #ifdef VERIFAST + /* Reason for rewrite: + * VeriFast does not support multiple pointer declarations to + * user-defined types in single statement (i.e., `A p1, p2;` is ok, + * `A *p1, *p2;` fails) + */ + List_t const * pxStateList; + List_t const * pxDelayedList; + List_t const * pxOverflowedDelayedList; + #else + List_t const * pxStateList, * pxDelayedList, * pxOverflowedDelayedList; + #endif /* VERIFAST */ + const TCB_t * const pxTCB = xTask; + + configASSERT( pxTCB ); + + taskENTER_CRITICAL(); + { + pxStateList = listLIST_ITEM_CONTAINER( &( pxTCB->xStateListItem ) ); + pxDelayedList = pxDelayedTaskList; + pxOverflowedDelayedList = pxOverflowDelayedTaskList; + } + taskEXIT_CRITICAL(); + + if( ( pxStateList == pxDelayedList ) || ( pxStateList == pxOverflowedDelayedList ) ) + { + /* The task being queried is referenced from one of the Blocked + * lists. */ + eReturn = eBlocked; + } + + #if ( INCLUDE_vTaskSuspend == 1 ) + else if( pxStateList == &xSuspendedTaskList ) + { + /* The task being queried is referenced from the suspended + * list. Is it genuinely suspended or is it blocked + * indefinitely? */ + if( listLIST_ITEM_CONTAINER( &( pxTCB->xEventListItem ) ) == NULL ) + { + #if ( configUSE_TASK_NOTIFICATIONS == 1 ) + { + BaseType_t x; + + /* The task does not appear on the event list item of + * and of the RTOS objects, but could still be in the + * blocked state if it is waiting on its notification + * rather than waiting on an object. If not, is + * suspended. */ + eReturn = eSuspended; + + for( x = 0; x < configTASK_NOTIFICATION_ARRAY_ENTRIES; x++ ) + { + if( pxTCB->ucNotifyState[ x ] == taskWAITING_NOTIFICATION ) + { + eReturn = eBlocked; + break; + } + } + } + #else /* if ( configUSE_TASK_NOTIFICATIONS == 1 ) */ + { + eReturn = eSuspended; + } + #endif /* if ( configUSE_TASK_NOTIFICATIONS == 1 ) */ + } + else + { + eReturn = eBlocked; + } + } + #endif /* if ( INCLUDE_vTaskSuspend == 1 ) */ + + #if ( INCLUDE_vTaskDelete == 1 ) + else if( ( pxStateList == &xTasksWaitingTermination ) || ( pxStateList == NULL ) ) + { + /* The task being queried is referenced from the deleted + * tasks list, or it is not referenced from any lists at + * all. */ + eReturn = eDeleted; + } + #endif + + else /*lint !e525 Negative indentation is intended to make use of pre-processor clearer. */ + { + /* If the task is not in any other state, it must be in the + * Ready (including pending ready) state. */ + if( taskTASK_IS_RUNNING( pxTCB->xTaskRunState ) ) + { + /* Is it actively running on a core? */ + eReturn = eRunning; + } + else + { + eReturn = eReady; + } + } + + return eReturn; + } /*lint !e818 xTask cannot be a pointer to const because it is a typedef. */ + +#endif /* INCLUDE_eTaskGetState */ +/*-----------------------------------------------------------*/ + +#if ( INCLUDE_uxTaskPriorityGet == 1 ) + + UBaseType_t uxTaskPriorityGet( const TaskHandle_t xTask ) + { + TCB_t const * pxTCB; + UBaseType_t uxReturn; + + taskENTER_CRITICAL(); + { + /* If null is passed in here then it is the priority of the task + * that called uxTaskPriorityGet() that is being queried. */ + pxTCB = prvGetTCBFromHandle( xTask ); + uxReturn = pxTCB->uxPriority; + } + taskEXIT_CRITICAL(); + + return uxReturn; + } + +#endif /* INCLUDE_uxTaskPriorityGet */ +/*-----------------------------------------------------------*/ + +#if ( INCLUDE_uxTaskPriorityGet == 1 ) + + UBaseType_t uxTaskPriorityGetFromISR( const TaskHandle_t xTask ) + { + TCB_t const * pxTCB; + UBaseType_t uxReturn, uxSavedInterruptState; + + /* RTOS ports that support interrupt nesting have the concept of a + * maximum system call (or maximum API call) interrupt priority. + * Interrupts that are above the maximum system call priority are keep + * permanently enabled, even when the RTOS kernel is in a critical section, + * but cannot make any calls to FreeRTOS API functions. If configASSERT() + * is defined in FreeRTOSConfig.h then + * portASSERT_IF_INTERRUPT_PRIORITY_INVALID() will result in an assertion + * failure if a FreeRTOS API function is called from an interrupt that has + * been assigned a priority above the configured maximum system call + * priority. Only FreeRTOS functions that end in FromISR can be called + * from interrupts that have been assigned a priority at or (logically) + * below the maximum system call interrupt priority. FreeRTOS maintains a + * separate interrupt safe API to ensure interrupt entry is as fast and as + * simple as possible. More information (albeit Cortex-M specific) is + * provided on the following link: + * https://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html */ + portASSERT_IF_INTERRUPT_PRIORITY_INVALID(); + + uxSavedInterruptState = portSET_INTERRUPT_MASK_FROM_ISR(); + { + /* If null is passed in here then it is the priority of the calling + * task that is being queried. */ + pxTCB = prvGetTCBFromHandle( xTask ); + uxReturn = pxTCB->uxPriority; + } + portCLEAR_INTERRUPT_MASK_FROM_ISR( uxSavedInterruptState ); + + return uxReturn; + } + +#endif /* INCLUDE_uxTaskPriorityGet */ +/*-----------------------------------------------------------*/ + +#if ( INCLUDE_vTaskPrioritySet == 1 ) + + void vTaskPrioritySet( TaskHandle_t xTask, + UBaseType_t uxNewPriority ) + { + TCB_t * pxTCB; + UBaseType_t uxCurrentBasePriority, uxPriorityUsedOnEntry; + BaseType_t xYieldRequired = pdFALSE; + BaseType_t xYieldForTask = pdFALSE; + BaseType_t xCoreID; + + configASSERT( ( uxNewPriority < configMAX_PRIORITIES ) ); + + /* Ensure the new priority is valid. */ + if( uxNewPriority >= ( UBaseType_t ) configMAX_PRIORITIES ) + { + uxNewPriority = ( UBaseType_t ) configMAX_PRIORITIES - ( UBaseType_t ) 1U; + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + taskENTER_CRITICAL(); + { + /* If null is passed in here then it is the priority of the calling + * task that is being changed. */ + pxTCB = prvGetTCBFromHandle( xTask ); + + traceTASK_PRIORITY_SET( pxTCB, uxNewPriority ); + + #if ( configUSE_MUTEXES == 1 ) + { + uxCurrentBasePriority = pxTCB->uxBasePriority; + } + #else + { + uxCurrentBasePriority = pxTCB->uxPriority; + } + #endif + + if( uxCurrentBasePriority != uxNewPriority ) + { + /* The priority change may have readied a task of higher + * priority than a running task. */ + if( uxNewPriority > uxCurrentBasePriority ) + { + /* The priority of a task is being raised so + * perform a yield for this task later. */ + xYieldForTask = pdTRUE; + } + else if( taskTASK_IS_RUNNING( pxTCB->xTaskRunState ) ) + { + /* Setting the priority of a running task down means + * there may now be another task of higher priority that + * is ready to execute. */ + #if ( configUSE_TASK_PREEMPTION_DISABLE == 1 ) + if( pxTCB->xPreemptionDisable == pdFALSE ) + #endif + { + xCoreID = ( BaseType_t ) pxTCB->xTaskRunState; + xYieldRequired = pdTRUE; + } + } + else + { + /* Setting the priority of any other task down does not + * require a yield as the running task must be above the + * new priority of the task being modified. */ + } + + /* Remember the ready list the task might be referenced from + * before its uxPriority member is changed so the + * taskRESET_READY_PRIORITY() macro can function correctly. */ + uxPriorityUsedOnEntry = pxTCB->uxPriority; + + #if ( configUSE_MUTEXES == 1 ) + { + /* Only change the priority being used if the task is not + * currently using an inherited priority. */ + if( pxTCB->uxBasePriority == pxTCB->uxPriority ) + { + pxTCB->uxPriority = uxNewPriority; + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + /* The base priority gets set whatever. */ + pxTCB->uxBasePriority = uxNewPriority; + } + #else /* if ( configUSE_MUTEXES == 1 ) */ + { + pxTCB->uxPriority = uxNewPriority; + } + #endif /* if ( configUSE_MUTEXES == 1 ) */ + + /* Only reset the event list item value if the value is not + * being used for anything else. */ + if( ( listGET_LIST_ITEM_VALUE( &( pxTCB->xEventListItem ) ) & taskEVENT_LIST_ITEM_VALUE_IN_USE ) == 0UL ) + { + listSET_LIST_ITEM_VALUE( &( pxTCB->xEventListItem ), ( ( TickType_t ) configMAX_PRIORITIES - ( TickType_t ) uxNewPriority ) ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + /* If the task is in the blocked or suspended list we need do + * nothing more than change its priority variable. However, if + * the task is in a ready list it needs to be removed and placed + * in the list appropriate to its new priority. */ + if( listIS_CONTAINED_WITHIN( &( pxReadyTasksLists[ uxPriorityUsedOnEntry ] ), &( pxTCB->xStateListItem ) ) != pdFALSE ) + { + /* The task is currently in its ready list - remove before + * adding it to its new ready list. As we are in a critical + * section we can do this even if the scheduler is suspended. */ + if( uxListRemove( &( pxTCB->xStateListItem ) ) == ( UBaseType_t ) 0 ) + { + /* It is known that the task is in its ready list so + * there is no need to check again and the port level + * reset macro can be called directly. */ + portRESET_READY_PRIORITY( uxPriorityUsedOnEntry, uxTopReadyPriority ); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + prvAddTaskToReadyList( pxTCB ); + } + else + { + /* It's possible that xYieldForTask was already set to pdTRUE because + * its priority is being raised. However, since it is not in a ready list + * we don't actually need to yield for it. */ + xYieldForTask = pdFALSE; + } + + #if ( configUSE_PREEMPTION == 1 ) + if( xYieldRequired != pdFALSE ) + { + prvYieldCore( xCoreID ); + } + else if( xYieldForTask != pdFALSE ) + { + prvYieldForTask( pxTCB, pdTRUE ); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + #endif /* if ( configUSE_PREEMPTION == 1 ) */ + + /* Remove compiler warning about unused variables when the port + * optimised task selection is not being used. */ + ( void ) uxPriorityUsedOnEntry; + } + } + taskEXIT_CRITICAL(); + } + +#endif /* INCLUDE_vTaskPrioritySet */ +/*-----------------------------------------------------------*/ + +#if ( configNUM_CORES > 1 ) + #if ( configUSE_CORE_AFFINITY == 1 ) + + void vTaskCoreAffinitySet( const TaskHandle_t xTask, + UBaseType_t uxCoreAffinityMask ) + { + TCB_t * pxTCB; + BaseType_t xCoreID; + + taskENTER_CRITICAL(); + { + pxTCB = prvGetTCBFromHandle( xTask ); + + pxTCB->uxCoreAffinityMask = uxCoreAffinityMask; + + if( xSchedulerRunning != pdFALSE ) + { + if( taskTASK_IS_RUNNING( pxTCB->xTaskRunState ) ) + { + xCoreID = ( BaseType_t ) pxTCB->xTaskRunState; + + if( ( uxCoreAffinityMask & ( 1 << xCoreID ) ) == 0 ) + { + prvYieldCore( xCoreID ); + } + } + } + } + taskEXIT_CRITICAL(); + } + + #endif /* configUSE_CORE_AFFINITY */ +#endif /* if ( configNUM_CORES > 1 ) */ +/*-----------------------------------------------------------*/ + +#if ( configNUM_CORES > 1 ) + #if ( configUSE_CORE_AFFINITY == 1 ) + + UBaseType_t vTaskCoreAffinityGet( const TaskHandle_t xTask ) + { + TCB_t * pxTCB; + UBaseType_t uxCoreAffinityMask; + + taskENTER_CRITICAL(); + { + pxTCB = prvGetTCBFromHandle( xTask ); + uxCoreAffinityMask = pxTCB->uxCoreAffinityMask; + } + taskEXIT_CRITICAL(); + + return uxCoreAffinityMask; + } + + #endif /* configUSE_CORE_AFFINITY */ +#endif /* if ( configNUM_CORES > 1 ) */ + +/*-----------------------------------------------------------*/ + +#if ( configUSE_TASK_PREEMPTION_DISABLE == 1 ) + + void vTaskPreemptionDisable( const TaskHandle_t xTask ) + { + TCB_t * pxTCB; + + taskENTER_CRITICAL(); + { + pxTCB = prvGetTCBFromHandle( xTask ); + + pxTCB->xPreemptionDisable = pdTRUE; + } + taskEXIT_CRITICAL(); + } + +#endif /* configUSE_TASK_PREEMPTION_DISABLE */ +/*-----------------------------------------------------------*/ + +#if ( configUSE_TASK_PREEMPTION_DISABLE == 1 ) + + void vTaskPreemptionEnable( const TaskHandle_t xTask ) + { + TCB_t * pxTCB; + BaseType_t xCoreID; + + taskENTER_CRITICAL(); + { + pxTCB = prvGetTCBFromHandle( xTask ); + + pxTCB->xPreemptionDisable = pdFALSE; + + if( xSchedulerRunning != pdFALSE ) + { + if( taskTASK_IS_RUNNING( pxTCB->xTaskRunState ) ) + { + xCoreID = ( BaseType_t ) pxTCB->xTaskRunState; + prvYieldCore( xCoreID ); + } + } + } + taskEXIT_CRITICAL(); + } + +#endif /* configUSE_TASK_PREEMPTION_DISABLE */ +/*-----------------------------------------------------------*/ + +#if ( INCLUDE_vTaskSuspend == 1 ) + + void vTaskSuspend( TaskHandle_t xTaskToSuspend ) + { + TCB_t * pxTCB; + TaskRunning_t xTaskRunningOnCore; + + taskENTER_CRITICAL(); + { + /* If null is passed in here then it is the running task that is + * being suspended. */ + pxTCB = prvGetTCBFromHandle( xTaskToSuspend ); + + traceTASK_SUSPEND( pxTCB ); + + xTaskRunningOnCore = pxTCB->xTaskRunState; + + /* Remove task from the ready/delayed list and place in the + * suspended list. */ + if( uxListRemove( &( pxTCB->xStateListItem ) ) == ( UBaseType_t ) 0 ) + { + taskRESET_READY_PRIORITY( pxTCB->uxPriority ); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + /* Is the task waiting on an event also? */ + if( listLIST_ITEM_CONTAINER( &( pxTCB->xEventListItem ) ) != NULL ) + { + ( void ) uxListRemove( &( pxTCB->xEventListItem ) ); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + vListInsertEnd( &xSuspendedTaskList, &( pxTCB->xStateListItem ) ); + + #if ( configUSE_TASK_NOTIFICATIONS == 1 ) + { + BaseType_t x; + + for( x = 0; x < configTASK_NOTIFICATION_ARRAY_ENTRIES; x++ ) + { + if( pxTCB->ucNotifyState[ x ] == taskWAITING_NOTIFICATION ) + { + /* The task was blocked to wait for a notification, but is + * now suspended, so no notification was received. */ + pxTCB->ucNotifyState[ x ] = taskNOT_WAITING_NOTIFICATION; + } + } + } + #endif /* if ( configUSE_TASK_NOTIFICATIONS == 1 ) */ + + if( xSchedulerRunning != pdFALSE ) + { + /* Reset the next expected unblock time in case it referred to the + * task that is now in the Suspended state. */ + prvResetNextTaskUnblockTime(); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + if( taskTASK_IS_RUNNING( xTaskRunningOnCore ) ) + { + if( xSchedulerRunning != pdFALSE ) + { + if( xTaskRunningOnCore == portGET_CORE_ID() ) + { + /* The current task has just been suspended. */ + configASSERT( uxSchedulerSuspended == 0 ); + vTaskYieldWithinAPI(); + } + else + { + prvYieldCore( xTaskRunningOnCore ); + } + + taskEXIT_CRITICAL(); + } + else + { + taskEXIT_CRITICAL(); + + configASSERT( pxTCB == pxCurrentTCBs[ xTaskRunningOnCore ] ); + + /* The scheduler is not running, but the task that was pointed + * to by pxCurrentTCB has just been suspended and pxCurrentTCB + * must be adjusted to point to a different task. */ + if( listCURRENT_LIST_LENGTH( &xSuspendedTaskList ) == uxCurrentNumberOfTasks ) /*lint !e931 Right has no side effect, just volatile. */ + { + /* No other tasks are ready, so set the core's TCB back to + * NULL so when the next task is created the core's TCB will + * be able to be set to point to it no matter what its relative + * priority is. */ + pxTCB->xTaskRunState = taskTASK_NOT_RUNNING; + pxCurrentTCBs[ xTaskRunningOnCore ] = NULL; + } + else + { + /* Attempt to switch in a new task. This could fail since the idle tasks + * haven't been created yet. If it does then set the core's TCB back to + * NULL. */ + if( prvSelectHighestPriorityTask( xTaskRunningOnCore ) == pdFALSE ) + { + pxTCB->xTaskRunState = taskTASK_NOT_RUNNING; + pxCurrentTCBs[ xTaskRunningOnCore ] = NULL; + } + } + } + } + else + { + taskEXIT_CRITICAL(); + } + } /* taskEXIT_CRITICAL() - already exited in one of three cases above */ + } + +#endif /* INCLUDE_vTaskSuspend */ +/*-----------------------------------------------------------*/ + +#if ( INCLUDE_vTaskSuspend == 1 ) + + static BaseType_t prvTaskIsTaskSuspended( const TaskHandle_t xTask ) + { + BaseType_t xReturn = pdFALSE; + const TCB_t * const pxTCB = xTask; + + /* Accesses xPendingReadyList so must be called from a critical section. */ + + /* It does not make sense to check if the calling task is suspended. */ + configASSERT( xTask ); + + /* Is the task being resumed actually in the suspended list? */ + if( listIS_CONTAINED_WITHIN( &xSuspendedTaskList, &( pxTCB->xStateListItem ) ) != pdFALSE ) + { + /* Has the task already been resumed from within an ISR? */ + if( listIS_CONTAINED_WITHIN( &xPendingReadyList, &( pxTCB->xEventListItem ) ) == pdFALSE ) + { + /* Is it in the suspended list because it is in the Suspended + * state, or because is is blocked with no timeout? */ + if( listIS_CONTAINED_WITHIN( NULL, &( pxTCB->xEventListItem ) ) != pdFALSE ) /*lint !e961. The cast is only redundant when NULL is used. */ + { + xReturn = pdTRUE; + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + return xReturn; + } /*lint !e818 xTask cannot be a pointer to const because it is a typedef. */ + +#endif /* INCLUDE_vTaskSuspend */ +/*-----------------------------------------------------------*/ + +#if ( INCLUDE_vTaskSuspend == 1 ) + + void vTaskResume( TaskHandle_t xTaskToResume ) + { + TCB_t * const pxTCB = xTaskToResume; + + /* It does not make sense to resume the calling task. */ + configASSERT( xTaskToResume ); + + /* The parameter cannot be NULL as it is impossible to resume the + * currently executing task. It is also impossible to resume a task + * that is actively running on another core but it is too dangerous + * to check their run state here. Safer to get into a critical section + * and check if it is actually suspended or not below. */ + if( pxTCB != NULL ) + { + taskENTER_CRITICAL(); + { + if( prvTaskIsTaskSuspended( pxTCB ) != pdFALSE ) + { + traceTASK_RESUME( pxTCB ); + + /* The ready list can be accessed even if the scheduler is + * suspended because this is inside a critical section. */ + ( void ) uxListRemove( &( pxTCB->xStateListItem ) ); + prvAddTaskToReadyList( pxTCB ); + + /* A higher priority task may have just been resumed. */ + #if ( configUSE_PREEMPTION == 1 ) + { + prvYieldForTask( pxTCB, pdTRUE ); + } + #endif + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + taskEXIT_CRITICAL(); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + +#endif /* INCLUDE_vTaskSuspend */ + +/*-----------------------------------------------------------*/ + +#if ( ( INCLUDE_xTaskResumeFromISR == 1 ) && ( INCLUDE_vTaskSuspend == 1 ) ) + + BaseType_t xTaskResumeFromISR( TaskHandle_t xTaskToResume ) + { + BaseType_t xYieldRequired = pdFALSE; + TCB_t * const pxTCB = xTaskToResume; + UBaseType_t uxSavedInterruptStatus; + + configASSERT( xTaskToResume ); + + /* RTOS ports that support interrupt nesting have the concept of a + * maximum system call (or maximum API call) interrupt priority. + * Interrupts that are above the maximum system call priority are keep + * permanently enabled, even when the RTOS kernel is in a critical section, + * but cannot make any calls to FreeRTOS API functions. If configASSERT() + * is defined in FreeRTOSConfig.h then + * portASSERT_IF_INTERRUPT_PRIORITY_INVALID() will result in an assertion + * failure if a FreeRTOS API function is called from an interrupt that has + * been assigned a priority above the configured maximum system call + * priority. Only FreeRTOS functions that end in FromISR can be called + * from interrupts that have been assigned a priority at or (logically) + * below the maximum system call interrupt priority. FreeRTOS maintains a + * separate interrupt safe API to ensure interrupt entry is as fast and as + * simple as possible. More information (albeit Cortex-M specific) is + * provided on the following link: + * https://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html */ + portASSERT_IF_INTERRUPT_PRIORITY_INVALID(); + + uxSavedInterruptStatus = portSET_INTERRUPT_MASK_FROM_ISR(); + { + if( prvTaskIsTaskSuspended( pxTCB ) != pdFALSE ) + { + traceTASK_RESUME_FROM_ISR( pxTCB ); + + /* Check the ready lists can be accessed. */ + if( uxSchedulerSuspended == ( UBaseType_t ) pdFALSE ) + { + /* Ready lists can be accessed so move the task from the + * suspended list to the ready list directly. */ + + ( void ) uxListRemove( &( pxTCB->xStateListItem ) ); + prvAddTaskToReadyList( pxTCB ); + } + else + { + /* The delayed or ready lists cannot be accessed so the task + * is held in the pending ready list until the scheduler is + * unsuspended. */ + vListInsertEnd( &( xPendingReadyList ), &( pxTCB->xEventListItem ) ); + } + + #if ( configUSE_PREEMPTION == 1 ) + prvYieldForTask( pxTCB, pdTRUE ); + + if( xYieldPendings[ portGET_CORE_ID() ] != pdFALSE ) + { + xYieldRequired = pdTRUE; + } + #endif + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + portCLEAR_INTERRUPT_MASK_FROM_ISR( uxSavedInterruptStatus ); + + return xYieldRequired; + } + +#endif /* ( ( INCLUDE_xTaskResumeFromISR == 1 ) && ( INCLUDE_vTaskSuspend == 1 ) ) */ +/*-----------------------------------------------------------*/ + +static BaseType_t prvCreateIdleTasks( void ) +{ + BaseType_t xReturn = pdPASS; + BaseType_t xCoreID; + char cIdleName[ configMAX_TASK_NAME_LEN ]; + + /* Add each idle task at the lowest priority. */ + for( xCoreID = ( BaseType_t ) 0; xCoreID < ( BaseType_t ) configNUM_CORES; xCoreID++ ) + { + BaseType_t x; + + if( xReturn == pdFAIL ) + { + break; + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + for( x = ( BaseType_t ) 0; x < ( BaseType_t ) configMAX_TASK_NAME_LEN; x++ ) + { + cIdleName[ x ] = configIDLE_TASK_NAME[ x ]; + + /* Don't copy all configMAX_TASK_NAME_LEN if the string is shorter than + * configMAX_TASK_NAME_LEN characters just in case the memory after the + * string is not accessible (extremely unlikely). */ + if( cIdleName[ x ] == ( char ) 0x00 ) + { + break; + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + + /* Append the idle task number to the end of the name if there is space */ + if( x < configMAX_TASK_NAME_LEN ) + { + cIdleName[ x++ ] = xCoreID + '0'; + + /* And append a null character if there is space */ + if( x < configMAX_TASK_NAME_LEN ) + { + cIdleName[ x ] = '\0'; + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + #if ( configSUPPORT_STATIC_ALLOCATION == 1 ) + { + if( xCoreID == 0 ) + { + StaticTask_t * pxIdleTaskTCBBuffer = NULL; + StackType_t * pxIdleTaskStackBuffer = NULL; + uint32_t ulIdleTaskStackSize; + + /* The Idle task is created using user provided RAM - obtain the + * address of the RAM then create the idle task. */ + vApplicationGetIdleTaskMemory( &pxIdleTaskTCBBuffer, &pxIdleTaskStackBuffer, &ulIdleTaskStackSize ); + xIdleTaskHandle[ xCoreID ] = xTaskCreateStatic( prvIdleTask, + cIdleName, + ulIdleTaskStackSize, + ( void * ) NULL, /*lint !e961. The cast is not redundant for all compilers. */ + portPRIVILEGE_BIT, /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */ + pxIdleTaskStackBuffer, + pxIdleTaskTCBBuffer ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */ + } + + #if ( configNUM_CORES > 1 ) + else + { + static StaticTask_t xIdleTCBBuffers[ configNUM_CORES - 1 ]; + static StackType_t xIdleTaskStackBuffers[ configNUM_CORES - 1 ][ configMINIMAL_STACK_SIZE ]; + + xIdleTaskHandle[ xCoreID ] = xTaskCreateStatic( prvMinimalIdleTask, + cIdleName, + configMINIMAL_STACK_SIZE, + ( void * ) NULL, /*lint !e961. The cast is not redundant for all compilers. */ + portPRIVILEGE_BIT, /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */ + xIdleTaskStackBuffers[ xCoreID - 1 ], + &xIdleTCBBuffers[ xCoreID - 1 ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */ + } + #endif /* if ( configNUM_CORES > 1 ) */ + + if( xIdleTaskHandle[ xCoreID ] != NULL ) + { + xReturn = pdPASS; + } + else + { + xReturn = pdFAIL; + } + } + #else /* if ( configSUPPORT_STATIC_ALLOCATION == 1 ) */ + { + if( xCoreID == 0 ) + { + /* The Idle task is being created using dynamically allocated RAM. */ + xReturn = xTaskCreate( prvIdleTask, + cIdleName, + configMINIMAL_STACK_SIZE, + ( void * ) NULL, + portPRIVILEGE_BIT, /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */ + &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */ + } + + #if ( configNUM_CORES > 1 ) + else + { + xReturn = xTaskCreate( prvMinimalIdleTask, + cIdleName, + configMINIMAL_STACK_SIZE, + ( void * ) NULL, + portPRIVILEGE_BIT, /* In effect ( tskIDLE_PRIORITY | portPRIVILEGE_BIT ), but tskIDLE_PRIORITY is zero. */ + &xIdleTaskHandle[ xCoreID ] ); /*lint !e961 MISRA exception, justified as it is not a redundant explicit cast to all supported compilers. */ + } + #endif + } + #endif /* configSUPPORT_STATIC_ALLOCATION */ + } + + return xReturn; +} + +void vTaskStartScheduler( void ) +{ + BaseType_t xReturn; + + #if ( configUSE_TIMERS == 1 ) + { + xReturn = xTimerCreateTimerTask(); + } + #endif /* configUSE_TIMERS */ + + xReturn = prvCreateIdleTasks(); + + if( xReturn == pdPASS ) + { + /* freertos_tasks_c_additions_init() should only be called if the user + * definable macro FREERTOS_TASKS_C_ADDITIONS_INIT() is defined, as that is + * the only macro called by the function. */ + #ifdef FREERTOS_TASKS_C_ADDITIONS_INIT + { + freertos_tasks_c_additions_init(); + } + #endif + + /* Interrupts are turned off here, to ensure a tick does not occur + * before or during the call to xPortStartScheduler(). The stacks of + * the created tasks contain a status word with interrupts switched on + * so interrupts will automatically get re-enabled when the first task + * starts to run. */ + portDISABLE_INTERRUPTS(); + + #if ( ( configUSE_NEWLIB_REENTRANT == 1 ) && ( configNEWLIB_REENTRANT_IS_DYNAMIC == 0 ) ) + { + /* Switch Newlib's _impure_ptr variable to point to the _reent + * structure specific to the task that will run first. + * See the third party link http://www.nadler.com/embedded/newlibAndFreeRTOS.html + * for additional information. + * + * Note: Updating the _impure_ptr is not required when Newlib is compiled with + * __DYNAMIC_REENT__ enabled. The port should provide __getreent() instead. */ + _impure_ptr = &( pxCurrentTCB->xNewLib_reent ); + } + #endif /* ( configUSE_NEWLIB_REENTRANT == 1 ) && ( configNEWLIB_REENTRANT_IS_DYNAMIC == 0 ) */ + + xNextTaskUnblockTime = portMAX_DELAY; + xSchedulerRunning = pdTRUE; + xTickCount = ( TickType_t ) configINITIAL_TICK_COUNT; + + /* If configGENERATE_RUN_TIME_STATS is defined then the following + * macro must be defined to configure the timer/counter used to generate + * the run time counter time base. NOTE: If configGENERATE_RUN_TIME_STATS + * is set to 0 and the following line fails to build then ensure you do not + * have portCONFIGURE_TIMER_FOR_RUN_TIME_STATS() defined in your + * FreeRTOSConfig.h file. */ + portCONFIGURE_TIMER_FOR_RUN_TIME_STATS(); + + traceTASK_SWITCHED_IN(); + + /* Setting up the timer tick is hardware specific and thus in the + * portable interface. */ + if( xPortStartScheduler() != pdFALSE ) + { + /* Should not reach here as if the scheduler is running the + * function will not return. */ + } + else + { + /* Should only reach here if a task calls xTaskEndScheduler(). */ + } + } + else + { + /* This line will only be reached if the kernel could not be started, + * because there was not enough FreeRTOS heap to create the idle task + * or the timer task. */ + configASSERT( xReturn != errCOULD_NOT_ALLOCATE_REQUIRED_MEMORY ); + } + + /* Prevent compiler warnings if INCLUDE_xTaskGetIdleTaskHandle is set to 0, + * meaning xIdleTaskHandle is not used anywhere else. */ + ( void ) xIdleTaskHandle; + + /* OpenOCD makes use of uxTopUsedPriority for thread debugging. Prevent uxTopUsedPriority + * from getting optimized out as it is no longer used by the kernel. */ + ( void ) uxTopUsedPriority; +} +/*-----------------------------------------------------------*/ + +void vTaskEndScheduler( void ) +{ + /* Stop the scheduler interrupts and call the portable scheduler end + * routine so the original ISRs can be restored if necessary. The port + * layer must ensure interrupts enable bit is left in the correct state. */ + portDISABLE_INTERRUPTS(); + xSchedulerRunning = pdFALSE; + vPortEndScheduler(); +} +/*----------------------------------------------------------*/ + +void vTaskSuspendAll( void ) +{ + UBaseType_t ulState; + + /* This must only be called from within a task */ + portASSERT_IF_IN_ISR(); + + if( xSchedulerRunning != pdFALSE ) + { + /* writes to uxSchedulerSuspended must be protected by both the task AND ISR locks. + * We must disable interrupts before we grab the locks in the event that this task is + * interrupted and switches context before incrementing uxSchedulerSuspended. + * It is safe to re-enable interrupts after releasing the ISR lock and incrementing + * uxSchedulerSuspended since that will prevent context switches. */ + ulState = portDISABLE_INTERRUPTS(); + + /* portSOFRWARE_BARRIER() is only implemented for emulated/simulated ports that + * do not otherwise exhibit real time behaviour. */ + portSOFTWARE_BARRIER(); + + portGET_TASK_LOCK(); + portGET_ISR_LOCK(); + + /* The scheduler is suspended if uxSchedulerSuspended is non-zero. An increment + * is used to allow calls to vTaskSuspendAll() to nest. */ + ++uxSchedulerSuspended; + portRELEASE_ISR_LOCK(); + + if( ( uxSchedulerSuspended == 1U ) && ( pxCurrentTCB->uxCriticalNesting == 0U ) ) + { + prvCheckForRunStateChange(); + } + + portRESTORE_INTERRUPTS( ulState ); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } +} +/*----------------------------------------------------------*/ + +#if ( configUSE_TICKLESS_IDLE != 0 ) + + static TickType_t prvGetExpectedIdleTime( void ) + { + TickType_t xReturn; + UBaseType_t uxHigherPriorityReadyTasks = pdFALSE; + + /* uxHigherPriorityReadyTasks takes care of the case where + * configUSE_PREEMPTION is 0, so there may be tasks above the idle priority + * task that are in the Ready state, even though the idle task is + * running. */ + #if ( configUSE_PORT_OPTIMISED_TASK_SELECTION == 0 ) + { + if( uxTopReadyPriority > tskIDLE_PRIORITY ) + { + uxHigherPriorityReadyTasks = pdTRUE; + } + } + #else + { + const UBaseType_t uxLeastSignificantBit = ( UBaseType_t ) 0x01; + + /* When port optimised task selection is used the uxTopReadyPriority + * variable is used as a bit map. If bits other than the least + * significant bit are set then there are tasks that have a priority + * above the idle priority that are in the Ready state. This takes + * care of the case where the co-operative scheduler is in use. */ + if( uxTopReadyPriority > uxLeastSignificantBit ) + { + uxHigherPriorityReadyTasks = pdTRUE; + } + } + #endif /* if ( configUSE_PORT_OPTIMISED_TASK_SELECTION == 0 ) */ + + if( pxCurrentTCB->uxPriority > tskIDLE_PRIORITY ) + { + xReturn = 0; + } + else if( listCURRENT_LIST_LENGTH( &( pxReadyTasksLists[ tskIDLE_PRIORITY ] ) ) > 1 ) + { + /* There are other idle priority tasks in the ready state. If + * time slicing is used then the very next tick interrupt must be + * processed. */ + xReturn = 0; + } + else if( uxHigherPriorityReadyTasks != pdFALSE ) + { + /* There are tasks in the Ready state that have a priority above the + * idle priority. This path can only be reached if + * configUSE_PREEMPTION is 0. */ + xReturn = 0; + } + else + { + xReturn = xNextTaskUnblockTime - xTickCount; + } + + return xReturn; + } + +#endif /* configUSE_TICKLESS_IDLE */ +/*----------------------------------------------------------*/ + +BaseType_t xTaskResumeAll( void ) +{ + TCB_t * pxTCB = NULL; + BaseType_t xAlreadyYielded = pdFALSE; + + if( xSchedulerRunning != pdFALSE ) + { + /* It is possible that an ISR caused a task to be removed from an event + * list while the scheduler was suspended. If this was the case then the + * removed task will have been added to the xPendingReadyList. Once the + * scheduler has been resumed it is safe to move all the pending ready + * tasks from this list into their appropriate ready list. */ + taskENTER_CRITICAL(); + { + BaseType_t xCoreID; + + xCoreID = portGET_CORE_ID(); + + /* If uxSchedulerSuspended is zero then this function does not match a + * previous call to vTaskSuspendAll(). */ + configASSERT( uxSchedulerSuspended ); + + --uxSchedulerSuspended; + portRELEASE_TASK_LOCK(); + + if( uxSchedulerSuspended == ( UBaseType_t ) pdFALSE ) + { + if( uxCurrentNumberOfTasks > ( UBaseType_t ) 0U ) + { + /* Move any readied tasks from the pending list into the + * appropriate ready list. */ + while( listLIST_IS_EMPTY( &xPendingReadyList ) == pdFALSE ) + { + pxTCB = listGET_OWNER_OF_HEAD_ENTRY( ( &xPendingReadyList ) ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ + ( void ) uxListRemove( &( pxTCB->xEventListItem ) ); + ( void ) uxListRemove( &( pxTCB->xStateListItem ) ); + prvAddTaskToReadyList( pxTCB ); + + /* All appropriate tasks yield at the moment a task is added to xPendingReadyList. + * If the current core yielded then vTaskSwitchContext() has already been called + * which sets xYieldPendings for the current core to pdTRUE. */ + } + + if( pxTCB != NULL ) + { + /* A task was unblocked while the scheduler was suspended, + * which may have prevented the next unblock time from being + * re-calculated, in which case re-calculate it now. Mainly + * important for low power tickless implementations, where + * this can prevent an unnecessary exit from low power + * state. */ + prvResetNextTaskUnblockTime(); + } + + /* If any ticks occurred while the scheduler was suspended then + * they should be processed now. This ensures the tick count does + * not slip, and that any delayed tasks are resumed at the correct + * time. + * + * It should be safe to call xTaskIncrementTick here from any core + * since we are in a critical section and xTaskIncrementTick itself + * protects itself within a critical section. Suspending the scheduler + * from any core causes xTaskIncrementTick to increment uxPendedCounts.*/ + { + TickType_t xPendedCounts = xPendedTicks; /* Non-volatile copy. */ + + if( xPendedCounts > ( TickType_t ) 0U ) + { + do + { + if( xTaskIncrementTick() != pdFALSE ) + { + /* other cores are interrupted from + * within xTaskIncrementTick(). */ + xYieldPendings[ xCoreID ] = pdTRUE; + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + --xPendedCounts; + } while( xPendedCounts > ( TickType_t ) 0U ); + + xPendedTicks = 0; + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + + if( xYieldPendings[ xCoreID ] != pdFALSE ) + { + /* If xYieldPendings is true then taskEXIT_CRITICAL() + * will yield, so make sure we return true to let the + * caller know a yield has already happened. */ + xAlreadyYielded = pdTRUE; + } + } + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + taskEXIT_CRITICAL(); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + return xAlreadyYielded; +} +/*-----------------------------------------------------------*/ + +TickType_t xTaskGetTickCount( void ) +{ + TickType_t xTicks; + + /* Critical section required if running on a 16 bit processor. */ + portTICK_TYPE_ENTER_CRITICAL(); + { + xTicks = xTickCount; + } + portTICK_TYPE_EXIT_CRITICAL(); + + return xTicks; +} +/*-----------------------------------------------------------*/ + +TickType_t xTaskGetTickCountFromISR( void ) +{ + TickType_t xReturn; + UBaseType_t uxSavedInterruptStatus; + + /* RTOS ports that support interrupt nesting have the concept of a maximum + * system call (or maximum API call) interrupt priority. Interrupts that are + * above the maximum system call priority are kept permanently enabled, even + * when the RTOS kernel is in a critical section, but cannot make any calls to + * FreeRTOS API functions. If configASSERT() is defined in FreeRTOSConfig.h + * then portASSERT_IF_INTERRUPT_PRIORITY_INVALID() will result in an assertion + * failure if a FreeRTOS API function is called from an interrupt that has been + * assigned a priority above the configured maximum system call priority. + * Only FreeRTOS functions that end in FromISR can be called from interrupts + * that have been assigned a priority at or (logically) below the maximum + * system call interrupt priority. FreeRTOS maintains a separate interrupt + * safe API to ensure interrupt entry is as fast and as simple as possible. + * More information (albeit Cortex-M specific) is provided on the following + * link: https://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html */ + portASSERT_IF_INTERRUPT_PRIORITY_INVALID(); + + uxSavedInterruptStatus = portTICK_TYPE_SET_INTERRUPT_MASK_FROM_ISR(); + { + xReturn = xTickCount; + } + portTICK_TYPE_CLEAR_INTERRUPT_MASK_FROM_ISR( uxSavedInterruptStatus ); + + return xReturn; +} +/*-----------------------------------------------------------*/ + +UBaseType_t uxTaskGetNumberOfTasks( void ) +{ + /* A critical section is not required because the variables are of type + * BaseType_t. */ + return uxCurrentNumberOfTasks; +} +/*-----------------------------------------------------------*/ + +char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ +{ + TCB_t * pxTCB; + + /* If null is passed in here then the name of the calling task is being + * queried. */ + pxTCB = prvGetTCBFromHandle( xTaskToQuery ); + configASSERT( pxTCB ); + return &( pxTCB->pcTaskName[ 0 ] ); +} +/*-----------------------------------------------------------*/ + +#if ( INCLUDE_xTaskGetHandle == 1 ) + + static TCB_t * prvSearchForNameWithinSingleList( List_t * pxList, + const char pcNameToQuery[] ) + { + #ifdef VERIFAST + /* Reason for rewrite: + * VeriFast does not support multiple pointer declarations to + * user-defined types in single statement + * (i.e., `A p1, p2;` is ok, `A *p1, *p2;` fails) + */ + TCB_t * pxNextTCB; + TCB_t * pxFirstTCB; + TCB_t * pxReturn = NULL; + #else + TCB_t * pxNextTCB, * pxFirstTCB, * pxReturn = NULL; + #endif /* VERIFAST */ + UBaseType_t x; + char cNextChar; + BaseType_t xBreakLoop; + + /* This function is called with the scheduler suspended. */ + + if( listCURRENT_LIST_LENGTH( pxList ) > ( UBaseType_t ) 0 ) + { + listGET_OWNER_OF_NEXT_ENTRY( pxFirstTCB, pxList ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ + + do + { + listGET_OWNER_OF_NEXT_ENTRY( pxNextTCB, pxList ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ + + /* Check each character in the name looking for a match or + * mismatch. */ + xBreakLoop = pdFALSE; + + for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) configMAX_TASK_NAME_LEN; x++ ) + { + cNextChar = pxNextTCB->pcTaskName[ x ]; + + if( cNextChar != pcNameToQuery[ x ] ) + { + /* Characters didn't match. */ + xBreakLoop = pdTRUE; + } + else if( cNextChar == ( char ) 0x00 ) + { + /* Both strings terminated, a match must have been + * found. */ + pxReturn = pxNextTCB; + xBreakLoop = pdTRUE; + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + if( xBreakLoop != pdFALSE ) + { + break; + } + } + + if( pxReturn != NULL ) + { + /* The handle has been found. */ + break; + } + } while( pxNextTCB != pxFirstTCB ); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + return pxReturn; + } + +#endif /* INCLUDE_xTaskGetHandle */ +/*-----------------------------------------------------------*/ + +#if ( INCLUDE_xTaskGetHandle == 1 ) + + TaskHandle_t xTaskGetHandle( const char * pcNameToQuery ) /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + { + UBaseType_t uxQueue = configMAX_PRIORITIES; + TCB_t * pxTCB; + + /* Task names will be truncated to configMAX_TASK_NAME_LEN - 1 bytes. */ + configASSERT( strlen( pcNameToQuery ) < configMAX_TASK_NAME_LEN ); + + vTaskSuspendAll(); + { + /* Search the ready lists. */ + do + { + uxQueue--; + pxTCB = prvSearchForNameWithinSingleList( ( List_t * ) &( pxReadyTasksLists[ uxQueue ] ), pcNameToQuery ); + + if( pxTCB != NULL ) + { + /* Found the handle. */ + break; + } + } while( uxQueue > ( UBaseType_t ) tskIDLE_PRIORITY ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ + + /* Search the delayed lists. */ + if( pxTCB == NULL ) + { + pxTCB = prvSearchForNameWithinSingleList( ( List_t * ) pxDelayedTaskList, pcNameToQuery ); + } + + if( pxTCB == NULL ) + { + pxTCB = prvSearchForNameWithinSingleList( ( List_t * ) pxOverflowDelayedTaskList, pcNameToQuery ); + } + + #if ( INCLUDE_vTaskSuspend == 1 ) + { + if( pxTCB == NULL ) + { + /* Search the suspended list. */ + pxTCB = prvSearchForNameWithinSingleList( &xSuspendedTaskList, pcNameToQuery ); + } + } + #endif + + #if ( INCLUDE_vTaskDelete == 1 ) + { + if( pxTCB == NULL ) + { + /* Search the deleted list. */ + pxTCB = prvSearchForNameWithinSingleList( &xTasksWaitingTermination, pcNameToQuery ); + } + } + #endif + } + ( void ) xTaskResumeAll(); + + return pxTCB; + } + +#endif /* INCLUDE_xTaskGetHandle */ +/*-----------------------------------------------------------*/ + +#if ( configUSE_TRACE_FACILITY == 1 ) + + UBaseType_t uxTaskGetSystemState( TaskStatus_t * const pxTaskStatusArray, + const UBaseType_t uxArraySize, + uint32_t * const pulTotalRunTime ) + { + UBaseType_t uxTask = 0, uxQueue = configMAX_PRIORITIES; + + vTaskSuspendAll(); + { + /* Is there a space in the array for each task in the system? */ + if( uxArraySize >= uxCurrentNumberOfTasks ) + { + /* Fill in an TaskStatus_t structure with information on each + * task in the Ready state. */ + do + { + uxQueue--; + uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &( pxReadyTasksLists[ uxQueue ] ), eReady ); + } while( uxQueue > ( UBaseType_t ) tskIDLE_PRIORITY ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ + + /* Fill in an TaskStatus_t structure with information on each + * task in the Blocked state. */ + uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), ( List_t * ) pxDelayedTaskList, eBlocked ); + uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), ( List_t * ) pxOverflowDelayedTaskList, eBlocked ); + + #if ( INCLUDE_vTaskDelete == 1 ) + { + /* Fill in an TaskStatus_t structure with information on + * each task that has been deleted but not yet cleaned up. */ + uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xTasksWaitingTermination, eDeleted ); + } + #endif + + #if ( INCLUDE_vTaskSuspend == 1 ) + { + /* Fill in an TaskStatus_t structure with information on + * each task in the Suspended state. */ + uxTask += prvListTasksWithinSingleList( &( pxTaskStatusArray[ uxTask ] ), &xSuspendedTaskList, eSuspended ); + } + #endif + + #if ( configGENERATE_RUN_TIME_STATS == 1 ) + { + if( pulTotalRunTime != NULL ) + { + #ifdef portALT_GET_RUN_TIME_COUNTER_VALUE + portALT_GET_RUN_TIME_COUNTER_VALUE( ( *pulTotalRunTime ) ); + #else + *pulTotalRunTime = portGET_RUN_TIME_COUNTER_VALUE(); + #endif + } + } + #else /* if ( configGENERATE_RUN_TIME_STATS == 1 ) */ + { + if( pulTotalRunTime != NULL ) + { + *pulTotalRunTime = 0; + } + } + #endif /* if ( configGENERATE_RUN_TIME_STATS == 1 ) */ + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + ( void ) xTaskResumeAll(); + + return uxTask; + } + +#endif /* configUSE_TRACE_FACILITY */ +/*----------------------------------------------------------*/ + +#if ( INCLUDE_xTaskGetIdleTaskHandle == 1 ) + + TaskHandle_t * xTaskGetIdleTaskHandle( void ) + { + /* If xTaskGetIdleTaskHandle() is called before the scheduler has been + * started, then xIdleTaskHandle will be NULL. */ + configASSERT( ( xIdleTaskHandle != NULL ) ); + return &( xIdleTaskHandle[ 0 ] ); + } + +#endif /* INCLUDE_xTaskGetIdleTaskHandle */ +/*----------------------------------------------------------*/ + +/* This conditional compilation should use inequality to 0, not equality to 1. + * This is to ensure vTaskStepTick() is available when user defined low power mode + * implementations require configUSE_TICKLESS_IDLE to be set to a value other than + * 1. */ +#if ( configUSE_TICKLESS_IDLE != 0 ) + + void vTaskStepTick( const TickType_t xTicksToJump ) + { + /* Correct the tick count value after a period during which the tick + * was suppressed. Note this does *not* call the tick hook function for + * each stepped tick. */ + configASSERT( ( xTickCount + xTicksToJump ) <= xNextTaskUnblockTime ); + xTickCount += xTicksToJump; + traceINCREASE_TICK_COUNT( xTicksToJump ); + } + +#endif /* configUSE_TICKLESS_IDLE */ +/*----------------------------------------------------------*/ + +BaseType_t xTaskCatchUpTicks( TickType_t xTicksToCatchUp ) +{ + BaseType_t xYieldOccurred; + + /* Must not be called with the scheduler suspended as the implementation + * relies on xPendedTicks being wound down to 0 in xTaskResumeAll(). */ + configASSERT( uxSchedulerSuspended == 0 ); + + /* Use xPendedTicks to mimic xTicksToCatchUp number of ticks occurring when + * the scheduler is suspended so the ticks are executed in xTaskResumeAll(). */ + vTaskSuspendAll(); + xPendedTicks += xTicksToCatchUp; + xYieldOccurred = xTaskResumeAll(); + + return xYieldOccurred; +} +/*----------------------------------------------------------*/ + +#if ( INCLUDE_xTaskAbortDelay == 1 ) + + BaseType_t xTaskAbortDelay( TaskHandle_t xTask ) + { + TCB_t * pxTCB = xTask; + BaseType_t xReturn; + + configASSERT( pxTCB ); + + vTaskSuspendAll(); + { + /* A task can only be prematurely removed from the Blocked state if + * it is actually in the Blocked state. */ + if( eTaskGetState( xTask ) == eBlocked ) + { + xReturn = pdPASS; + + /* Remove the reference to the task from the blocked list. An + * interrupt won't touch the xStateListItem because the + * scheduler is suspended. */ + ( void ) uxListRemove( &( pxTCB->xStateListItem ) ); + + /* Is the task waiting on an event also? If so remove it from + * the event list too. Interrupts can touch the event list item, + * even though the scheduler is suspended, so a critical section + * is used. */ + taskENTER_CRITICAL(); + { + if( listLIST_ITEM_CONTAINER( &( pxTCB->xEventListItem ) ) != NULL ) + { + ( void ) uxListRemove( &( pxTCB->xEventListItem ) ); + + /* This lets the task know it was forcibly removed from the + * blocked state so it should not re-evaluate its block time and + * then block again. */ + pxTCB->ucDelayAborted = pdTRUE; + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + taskEXIT_CRITICAL(); + + /* Place the unblocked task into the appropriate ready list. */ + prvAddTaskToReadyList( pxTCB ); + + /* A task being unblocked cannot cause an immediate context + * switch if preemption is turned off. */ + #if ( configUSE_PREEMPTION == 1 ) + { + taskENTER_CRITICAL(); + { + prvYieldForTask( pxTCB, pdFALSE ); + } + taskEXIT_CRITICAL(); + } + #endif /* configUSE_PREEMPTION */ + } + else + { + xReturn = pdFAIL; + } + } + ( void ) xTaskResumeAll(); + + return xReturn; + } + +#endif /* INCLUDE_xTaskAbortDelay */ +/*----------------------------------------------------------*/ + +BaseType_t xTaskIncrementTick( void ) +{ + TCB_t * pxTCB; + TickType_t xItemValue; + BaseType_t xSwitchRequired = pdFALSE; + + #if ( configUSE_PREEMPTION == 1 ) + UBaseType_t x; + BaseType_t xCoreYieldList[ configNUM_CORES ] = { pdFALSE }; + #endif /* configUSE_PREEMPTION */ + + taskENTER_CRITICAL(); + { + /* Called by the portable layer each time a tick interrupt occurs. + * Increments the tick then checks to see if the new tick value will cause any + * tasks to be unblocked. */ + traceTASK_INCREMENT_TICK( xTickCount ); + + /* Tick increment should occur on every kernel timer event. Core 0 has the + * responsibility to increment the tick, or increment the pended ticks if the + * scheduler is suspended. If pended ticks is greater than zero, the core that + * calls xTaskResumeAll has the responsibility to increment the tick. */ + if( uxSchedulerSuspended == ( UBaseType_t ) pdFALSE ) + { + /* Minor optimisation. The tick count cannot change in this + * block. */ + const TickType_t xConstTickCount = xTickCount + ( TickType_t ) 1; + + /* Increment the RTOS tick, switching the delayed and overflowed + * delayed lists if it wraps to 0. */ + xTickCount = xConstTickCount; + + if( xConstTickCount == ( TickType_t ) 0U ) /*lint !e774 'if' does not always evaluate to false as it is looking for an overflow. */ + { + taskSWITCH_DELAYED_LISTS(); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + /* See if this tick has made a timeout expire. Tasks are stored in + * the queue in the order of their wake time - meaning once one task + * has been found whose block time has not expired there is no need to + * look any further down the list. */ + if( xConstTickCount >= xNextTaskUnblockTime ) + { + for( ; ; ) + { + if( listLIST_IS_EMPTY( pxDelayedTaskList ) != pdFALSE ) + { + /* The delayed list is empty. Set xNextTaskUnblockTime + * to the maximum possible value so it is extremely + * unlikely that the + * if( xTickCount >= xNextTaskUnblockTime ) test will pass + * next time through. */ + xNextTaskUnblockTime = portMAX_DELAY; /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ + break; + } + else + { + /* The delayed list is not empty, get the value of the + * item at the head of the delayed list. This is the time + * at which the task at the head of the delayed list must + * be removed from the Blocked state. */ + pxTCB = listGET_OWNER_OF_HEAD_ENTRY( pxDelayedTaskList ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ + xItemValue = listGET_LIST_ITEM_VALUE( &( pxTCB->xStateListItem ) ); + + if( xConstTickCount < xItemValue ) + { + /* It is not time to unblock this item yet, but the + * item value is the time at which the task at the head + * of the blocked list must be removed from the Blocked + * state - so record the item value in + * xNextTaskUnblockTime. */ + xNextTaskUnblockTime = xItemValue; + break; /*lint !e9011 Code structure here is deemed easier to understand with multiple breaks. */ + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + /* It is time to remove the item from the Blocked state. */ + ( void ) uxListRemove( &( pxTCB->xStateListItem ) ); + + /* Is the task waiting on an event also? If so remove + * it from the event list. */ + if( listLIST_ITEM_CONTAINER( &( pxTCB->xEventListItem ) ) != NULL ) + { + ( void ) uxListRemove( &( pxTCB->xEventListItem ) ); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + /* Place the unblocked task into the appropriate ready + * list. */ + prvAddTaskToReadyList( pxTCB ); + + /* A task being unblocked cannot cause an immediate + * context switch if preemption is turned off. */ + #if ( configUSE_PREEMPTION == 1 ) + { + prvYieldForTask( pxTCB, pdTRUE ); + } + #endif /* configUSE_PREEMPTION */ + } + } + } + + /* Tasks of equal priority to the currently running task will share + * processing time (time slice) if preemption is on, and the application + * writer has not explicitly turned time slicing off. */ + #if ( ( configUSE_PREEMPTION == 1 ) && ( configUSE_TIME_SLICING == 1 ) ) + { + /* TODO: If there are fewer "non-IDLE" READY tasks than cores, do not + * force a context switch that would just shuffle tasks around cores */ + /* TODO: There are certainly better ways of doing this that would reduce + * the number of interrupts and also potentially help prevent tasks from + * moving between cores as often. This, however, works for now. */ + for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) configNUM_CORES; x++ ) + { + if( listCURRENT_LIST_LENGTH( &( pxReadyTasksLists[ pxCurrentTCBs[ x ]->uxPriority ] ) ) > ( UBaseType_t ) 1 ) + { + xCoreYieldList[ x ] = pdTRUE; + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + } + #endif /* ( ( configUSE_PREEMPTION == 1 ) && ( configUSE_TIME_SLICING == 1 ) ) */ + + #if ( configUSE_TICK_HOOK == 1 ) + { + /* Guard against the tick hook being called when the pended tick + * count is being unwound (when the scheduler is being unlocked). */ + if( xPendedTicks == ( TickType_t ) 0 ) + { + vApplicationTickHook(); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + #endif /* configUSE_TICK_HOOK */ + + #if ( configUSE_PREEMPTION == 1 ) + { + for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) configNUM_CORES; x++ ) + { + if( xYieldPendings[ x ] != pdFALSE ) + { + xCoreYieldList[ x ] = pdTRUE; + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + } + #endif /* configUSE_PREEMPTION */ + + #if ( configUSE_PREEMPTION == 1 ) + { + BaseType_t xCoreID; + + xCoreID = portGET_CORE_ID(); + + for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) configNUM_CORES; x++ ) + { + #if ( configUSE_TASK_PREEMPTION_DISABLE == 1 ) + if( pxCurrentTCBs[ x ]->xPreemptionDisable == pdFALSE ) + #endif + { + if( xCoreYieldList[ x ] != pdFALSE ) + { + if( x == xCoreID ) + { + xSwitchRequired = pdTRUE; + } + else + { + prvYieldCore( x ); + } + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + } + } + #endif /* configUSE_PREEMPTION */ + } + else + { + ++xPendedTicks; + + /* The tick hook gets called at regular intervals, even if the + * scheduler is locked. */ + #if ( configUSE_TICK_HOOK == 1 ) + { + vApplicationTickHook(); + } + #endif + } + } + taskEXIT_CRITICAL(); + + return xSwitchRequired; +} +/*-----------------------------------------------------------*/ + +#if ( configUSE_APPLICATION_TASK_TAG == 1 ) + + void vTaskSetApplicationTaskTag( TaskHandle_t xTask, + TaskHookFunction_t pxHookFunction ) + { + TCB_t * xTCB; + + /* If xTask is NULL then it is the task hook of the calling task that is + * getting set. */ + if( xTask == NULL ) + { + xTCB = ( TCB_t * ) pxCurrentTCB; + } + else + { + xTCB = xTask; + } + + /* Save the hook function in the TCB. A critical section is required as + * the value can be accessed from an interrupt. */ + taskENTER_CRITICAL(); + { + xTCB->pxTaskTag = pxHookFunction; + } + taskEXIT_CRITICAL(); + } + +#endif /* configUSE_APPLICATION_TASK_TAG */ +/*-----------------------------------------------------------*/ + +#if ( configUSE_APPLICATION_TASK_TAG == 1 ) + + TaskHookFunction_t xTaskGetApplicationTaskTag( TaskHandle_t xTask ) + { + TCB_t * pxTCB; + TaskHookFunction_t xReturn; + + /* If xTask is NULL then set the calling task's hook. */ + pxTCB = prvGetTCBFromHandle( xTask ); + + /* Save the hook function in the TCB. A critical section is required as + * the value can be accessed from an interrupt. */ + taskENTER_CRITICAL(); + { + xReturn = pxTCB->pxTaskTag; + } + taskEXIT_CRITICAL(); + + return xReturn; + } + +#endif /* configUSE_APPLICATION_TASK_TAG */ +/*-----------------------------------------------------------*/ + +#if ( configUSE_APPLICATION_TASK_TAG == 1 ) + + TaskHookFunction_t xTaskGetApplicationTaskTagFromISR( TaskHandle_t xTask ) + { + TCB_t * pxTCB; + TaskHookFunction_t xReturn; + UBaseType_t uxSavedInterruptStatus; + + /* If xTask is NULL then set the calling task's hook. */ + pxTCB = prvGetTCBFromHandle( xTask ); + + /* Save the hook function in the TCB. A critical section is required as + * the value can be accessed from an interrupt. */ + uxSavedInterruptStatus = portSET_INTERRUPT_MASK_FROM_ISR(); + { + xReturn = pxTCB->pxTaskTag; + } + portCLEAR_INTERRUPT_MASK_FROM_ISR( uxSavedInterruptStatus ); + + return xReturn; + } + +#endif /* configUSE_APPLICATION_TASK_TAG */ +/*-----------------------------------------------------------*/ + +#if ( configUSE_APPLICATION_TASK_TAG == 1 ) + + BaseType_t xTaskCallApplicationTaskHook( TaskHandle_t xTask, + void * pvParameter ) + { + TCB_t * xTCB; + BaseType_t xReturn; + + /* If xTask is NULL then we are calling our own task hook. */ + if( xTask == NULL ) + { + xTCB = pxCurrentTCB; + } + else + { + xTCB = xTask; + } + + if( xTCB->pxTaskTag != NULL ) + { + xReturn = xTCB->pxTaskTag( pvParameter ); + } + else + { + xReturn = pdFAIL; + } + + return xReturn; + } + +#endif /* configUSE_APPLICATION_TASK_TAG */ +/*-----------------------------------------------------------*/ + +void vTaskSwitchContext( BaseType_t xCoreID ) +/*@ requires 0 <= xCoreID &*& xCoreID < configNUM_CORES &*& + xCoreID == coreID_f() + &*& + // access to locks and disabled interrupts + locked_p(nil) &*& + [?f_ISR]isrLock_p() &*& + [?f_task]taskLock_p() &*& + interruptState_p(xCoreID, ?state) &*& + interruptsDisabled_f(state) == true + &*& + // opened predicate `coreLocalInterruptInv_p()` + pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB) &*& + integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) &*& + coreLocalSeg_TCB_p(gCurrentTCB, 0) + &*& + // read access to current task's stack pointer, etc + prvSeg_TCB_p(gCurrentTCB, ?ulFreeBytesOnStack); + +@*/ +/*@ ensures // all locks are released and interrupts remain disabled + locked_p(nil) &*& + [f_ISR]isrLock_p() &*& + [f_task]taskLock_p() &*& + interruptState_p(xCoreID, state) + &*& + // opened predicate `coreLocalInterruptInv_p()` + pointer(&pxCurrentTCBs[coreID_f], ?gNewCurrentTCB) &*& + integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) &*& + coreLocalSeg_TCB_p(gCurrentTCB, 0) + &*& + // read access to current task's stack pointer, etc + prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack); + // Remark: the part of the post condition relating to TCBs will have to change. +@*/ +{ + /* Acquire both locks: + * - The ISR lock protects the ready list from simultaneous access by + * both other ISRs and tasks. + * - We also take the task lock to pause here in case another core has + * suspended the scheduler. We don't want to simply set xYieldPending + * and move on if another core suspended the scheduler. We should only + * do that if the current core has suspended the scheduler. */ + + portGET_TASK_LOCK(); /* Must always acquire the task lock first */ + portGET_ISR_LOCK(); + //@ produce_taskISRLockInv(); + { + /* vTaskSwitchContext() must never be called from within a critical section. + * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */ + #ifdef VERIFAST + /* Reason for rewrite: VeriFast cannot handle non-pure assertions. */ + { + // PROBLEM: + // Line + // UBaseType_t nesting = pxCurrentTCB->uxCriticalNesting; + // leads to VF error + // "This potentially side-effecting expression is not supported in this position, because of C's unspecified evaluation order" + // + // TODO: Inspect reason. + TaskHandle_t currentHandle = pxCurrentTCB; + //@ assert( currentHandle == gCurrentTCB ); + //@ open coreLocalSeg_TCB_p(gCurrentTCB, 0); + UBaseType_t nesting = currentHandle->uxCriticalNesting; + configASSERT( nesting == 0 ); + //@ close coreLocalSeg_TCB_p(gCurrentTCB, 0); + } + #else + configASSERT( pxCurrentTCB->uxCriticalNesting == 0 ); + #endif /* VERIFAST */ + + //@ open taskISRLockInv_p(); + if( uxSchedulerSuspended != ( UBaseType_t ) pdFALSE ) + { + /* The scheduler is currently suspended - do not allow a context + * switch. */ + xYieldPendings[ xCoreID ] = pdTRUE; + //@ close taskISRLockInv_p(); + } + else + { + xYieldPendings[ xCoreID ] = pdFALSE; + traceTASK_SWITCHED_OUT(); + + #if ( configGENERATE_RUN_TIME_STATS == 1 ) + { + #ifdef portALT_GET_RUN_TIME_COUNTER_VALUE + portALT_GET_RUN_TIME_COUNTER_VALUE( ulTotalRunTime ); + #else + ulTotalRunTime = portGET_RUN_TIME_COUNTER_VALUE(); + #endif + + /* Add the amount of time the task has been running to the + * accumulated time so far. The time the task started running was + * stored in ulTaskSwitchedInTime. Note that there is no overflow + * protection here so count values are only valid until the timer + * overflows. The guard against negative values is to protect + * against suspect run time stat counter implementations - which + * are provided by the application, not the kernel. */ + if( ulTotalRunTime > ulTaskSwitchedInTime ) + { + pxCurrentTCB->ulRunTimeCounter += ( ulTotalRunTime - ulTaskSwitchedInTime ); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + ulTaskSwitchedInTime = ulTotalRunTime; + } + #endif /* configGENERATE_RUN_TIME_STATS */ + + /* Check for stack overflow, if configured. */ + taskCHECK_FOR_STACK_OVERFLOW(); + + /* Before the currently running task is switched out, save its errno. */ + #if ( configUSE_POSIX_ERRNO == 1 ) + { + pxCurrentTCB->iTaskErrno = FreeRTOS_errno; + } + #endif + + /* Select a new task to run using either the generic C or port + * optimised asm code. */ + //@ close taskISRLockInv_p(); + ( void ) prvSelectHighestPriorityTask( xCoreID ); + traceTASK_SWITCHED_IN(); + + /* After the new task is switched in, update the global errno. */ + #if ( configUSE_POSIX_ERRNO == 1 ) + { + FreeRTOS_errno = pxCurrentTCB->iTaskErrno; + } + #endif + + #if ( ( configUSE_NEWLIB_REENTRANT == 1 ) && ( configNEWLIB_REENTRANT_IS_DYNAMIC == 0 ) ) + { + /* Switch Newlib's _impure_ptr variable to point to the _reent + * structure specific to this task. + * See the third party link http://www.nadler.com/embedded/newlibAndFreeRTOS.html + * for additional information. + * + * Note: Updating the _impure_ptr is not required when Newlib is compiled with + * __DYNAMIC_REENT__ enabled. The the port should provide __getreent() instead. */ + _impure_ptr = &( pxCurrentTCB->xNewLib_reent ); + } + #endif /* ( configUSE_NEWLIB_REENTRANT == 1 ) && ( configNEWLIB_REENTRANT_IS_DYNAMIC == 0 ) */ + } + } + //@ consume_taskISRLockInv(); + portRELEASE_ISR_LOCK(); + portRELEASE_TASK_LOCK(); +} +/*-----------------------------------------------------------*/ + +void vTaskPlaceOnEventList( List_t * const pxEventList, + const TickType_t xTicksToWait ) +{ + configASSERT( pxEventList ); + + /* THIS FUNCTION MUST BE CALLED WITH EITHER INTERRUPTS DISABLED OR THE + * SCHEDULER SUSPENDED AND THE QUEUE BEING ACCESSED LOCKED. */ + + /* Place the event list item of the TCB in the appropriate event list. + * This is placed in the list in priority order so the highest priority task + * is the first to be woken by the event. The queue that contains the event + * list is locked, preventing simultaneous access from interrupts. */ + vListInsert( pxEventList, &( pxCurrentTCB->xEventListItem ) ); + + prvAddCurrentTaskToDelayedList( xTicksToWait, pdTRUE ); +} +/*-----------------------------------------------------------*/ + +void vTaskPlaceOnUnorderedEventList( List_t * pxEventList, + const TickType_t xItemValue, + const TickType_t xTicksToWait ) +{ + configASSERT( pxEventList ); + + /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED. It is used by + * the event groups implementation. */ + configASSERT( uxSchedulerSuspended != 0 ); + + /* Store the item value in the event list item. It is safe to access the + * event list item here as interrupts won't access the event list item of a + * task that is not in the Blocked state. */ + listSET_LIST_ITEM_VALUE( &( pxCurrentTCB->xEventListItem ), xItemValue | taskEVENT_LIST_ITEM_VALUE_IN_USE ); + + /* Place the event list item of the TCB at the end of the appropriate event + * list. It is safe to access the event list here because it is part of an + * event group implementation - and interrupts don't access event groups + * directly (instead they access them indirectly by pending function calls to + * the task level). */ + vListInsertEnd( pxEventList, &( pxCurrentTCB->xEventListItem ) ); + + prvAddCurrentTaskToDelayedList( xTicksToWait, pdTRUE ); +} +/*-----------------------------------------------------------*/ + +#if ( configUSE_TIMERS == 1 ) + + void vTaskPlaceOnEventListRestricted( List_t * const pxEventList, + TickType_t xTicksToWait, + const BaseType_t xWaitIndefinitely ) + { + configASSERT( pxEventList ); + + /* This function should not be called by application code hence the + * 'Restricted' in its name. It is not part of the public API. It is + * designed for use by kernel code, and has special calling requirements - + * it should be called with the scheduler suspended. */ + + + /* Place the event list item of the TCB in the appropriate event list. + * In this case it is assume that this is the only task that is going to + * be waiting on this event list, so the faster vListInsertEnd() function + * can be used in place of vListInsert. */ + vListInsertEnd( pxEventList, &( pxCurrentTCB->xEventListItem ) ); + + /* If the task should block indefinitely then set the block time to a + * value that will be recognised as an indefinite delay inside the + * prvAddCurrentTaskToDelayedList() function. */ + if( xWaitIndefinitely != pdFALSE ) + { + xTicksToWait = portMAX_DELAY; + } + + traceTASK_DELAY_UNTIL( ( xTickCount + xTicksToWait ) ); + prvAddCurrentTaskToDelayedList( xTicksToWait, xWaitIndefinitely ); + } + +#endif /* configUSE_TIMERS */ +/*-----------------------------------------------------------*/ + +BaseType_t xTaskRemoveFromEventList( const List_t * const pxEventList ) +{ + TCB_t * pxUnblockedTCB; + BaseType_t xReturn; + + /* THIS FUNCTION MUST BE CALLED FROM A CRITICAL SECTION. It can also be + * called from a critical section within an ISR. */ + + /* The event list is sorted in priority order, so the first in the list can + * be removed as it is known to be the highest priority. Remove the TCB from + * the delayed list, and add it to the ready list. + * + * If an event is for a queue that is locked then this function will never + * get called - the lock count on the queue will get modified instead. This + * means exclusive access to the event list is guaranteed here. + * + * This function assumes that a check has already been made to ensure that + * pxEventList is not empty. */ + pxUnblockedTCB = listGET_OWNER_OF_HEAD_ENTRY( pxEventList ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ + configASSERT( pxUnblockedTCB ); + ( void ) uxListRemove( &( pxUnblockedTCB->xEventListItem ) ); + + if( uxSchedulerSuspended == ( UBaseType_t ) pdFALSE ) + { + ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) ); + prvAddTaskToReadyList( pxUnblockedTCB ); + + #if ( configUSE_TICKLESS_IDLE != 0 ) + { + /* If a task is blocked on a kernel object then xNextTaskUnblockTime + * might be set to the blocked task's time out time. If the task is + * unblocked for a reason other than a timeout xNextTaskUnblockTime is + * normally left unchanged, because it is automatically reset to a new + * value when the tick count equals xNextTaskUnblockTime. However if + * tickless idling is used it might be more important to enter sleep mode + * at the earliest possible time - so reset xNextTaskUnblockTime here to + * ensure it is updated at the earliest possible time. */ + prvResetNextTaskUnblockTime(); + } + #endif + } + else + { + /* The delayed and ready lists cannot be accessed, so hold this task + * pending until the scheduler is resumed. */ + vListInsertEnd( &( xPendingReadyList ), &( pxUnblockedTCB->xEventListItem ) ); + } + + xReturn = pdFALSE; + #if ( configUSE_PREEMPTION == 1 ) + prvYieldForTask( pxUnblockedTCB, pdFALSE ); + + if( xYieldPendings[ portGET_CORE_ID() ] != pdFALSE ) + { + xReturn = pdTRUE; + } + #endif + + return xReturn; +} +/*-----------------------------------------------------------*/ + +void vTaskRemoveFromUnorderedEventList( ListItem_t * pxEventListItem, + const TickType_t xItemValue ) +{ + TCB_t * pxUnblockedTCB; + + /* THIS FUNCTION MUST BE CALLED WITH THE SCHEDULER SUSPENDED. It is used by + * the event flags implementation. */ + configASSERT( uxSchedulerSuspended != pdFALSE ); + + /* Store the new item value in the event list. */ + listSET_LIST_ITEM_VALUE( pxEventListItem, xItemValue | taskEVENT_LIST_ITEM_VALUE_IN_USE ); + + /* Remove the event list form the event flag. Interrupts do not access + * event flags. */ + pxUnblockedTCB = listGET_LIST_ITEM_OWNER( pxEventListItem ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ + configASSERT( pxUnblockedTCB ); + ( void ) uxListRemove( pxEventListItem ); + + #if ( configUSE_TICKLESS_IDLE != 0 ) + { + /* If a task is blocked on a kernel object then xNextTaskUnblockTime + * might be set to the blocked task's time out time. If the task is + * unblocked for a reason other than a timeout xNextTaskUnblockTime is + * normally left unchanged, because it is automatically reset to a new + * value when the tick count equals xNextTaskUnblockTime. However if + * tickless idling is used it might be more important to enter sleep mode + * at the earliest possible time - so reset xNextTaskUnblockTime here to + * ensure it is updated at the earliest possible time. */ + prvResetNextTaskUnblockTime(); + } + #endif + + /* Remove the task from the delayed list and add it to the ready list. The + * scheduler is suspended so interrupts will not be accessing the ready + * lists. */ + ( void ) uxListRemove( &( pxUnblockedTCB->xStateListItem ) ); + prvAddTaskToReadyList( pxUnblockedTCB ); + + #if ( configUSE_PREEMPTION == 1 ) + taskENTER_CRITICAL(); + { + prvYieldForTask( pxUnblockedTCB, pdFALSE ); + } + taskEXIT_CRITICAL(); + #endif +} +/*-----------------------------------------------------------*/ + +void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut ) +{ + configASSERT( pxTimeOut ); + taskENTER_CRITICAL(); + { + pxTimeOut->xOverflowCount = xNumOfOverflows; + pxTimeOut->xTimeOnEntering = xTickCount; + } + taskEXIT_CRITICAL(); +} +/*-----------------------------------------------------------*/ + +void vTaskInternalSetTimeOutState( TimeOut_t * const pxTimeOut ) +{ + /* For internal use only as it does not use a critical section. */ + pxTimeOut->xOverflowCount = xNumOfOverflows; + pxTimeOut->xTimeOnEntering = xTickCount; +} +/*-----------------------------------------------------------*/ + +BaseType_t xTaskCheckForTimeOut( TimeOut_t * const pxTimeOut, + TickType_t * const pxTicksToWait ) +{ + BaseType_t xReturn; + + configASSERT( pxTimeOut ); + configASSERT( pxTicksToWait ); + + taskENTER_CRITICAL(); + { + /* Minor optimisation. The tick count cannot change in this block. */ + const TickType_t xConstTickCount = xTickCount; + const TickType_t xElapsedTime = xConstTickCount - pxTimeOut->xTimeOnEntering; + + #if ( INCLUDE_xTaskAbortDelay == 1 ) + if( pxCurrentTCB->ucDelayAborted != ( uint8_t ) pdFALSE ) + { + /* The delay was aborted, which is not the same as a time out, + * but has the same result. */ + pxCurrentTCB->ucDelayAborted = pdFALSE; + xReturn = pdTRUE; + } + else + #endif + + #if ( INCLUDE_vTaskSuspend == 1 ) + if( *pxTicksToWait == portMAX_DELAY ) + { + /* If INCLUDE_vTaskSuspend is set to 1 and the block time + * specified is the maximum block time then the task should block + * indefinitely, and therefore never time out. */ + xReturn = pdFALSE; + } + else + #endif + + if( ( xNumOfOverflows != pxTimeOut->xOverflowCount ) && ( xConstTickCount >= pxTimeOut->xTimeOnEntering ) ) /*lint !e525 Indentation preferred as is to make code within pre-processor directives clearer. */ + { + /* The tick count is greater than the time at which + * vTaskSetTimeout() was called, but has also overflowed since + * vTaskSetTimeOut() was called. It must have wrapped all the way + * around and gone past again. This passed since vTaskSetTimeout() + * was called. */ + xReturn = pdTRUE; + *pxTicksToWait = ( TickType_t ) 0; + } + else if( xElapsedTime < *pxTicksToWait ) /*lint !e961 Explicit casting is only redundant with some compilers, whereas others require it to prevent integer conversion errors. */ + { + /* Not a genuine timeout. Adjust parameters for time remaining. */ + *pxTicksToWait -= xElapsedTime; + vTaskInternalSetTimeOutState( pxTimeOut ); + xReturn = pdFALSE; + } + else + { + *pxTicksToWait = ( TickType_t ) 0; + xReturn = pdTRUE; + } + } + taskEXIT_CRITICAL(); + + return xReturn; +} +/*-----------------------------------------------------------*/ + +void vTaskMissedYield( void ) +{ + /* Must be called from within a critical section */ + xYieldPendings[ portGET_CORE_ID() ] = pdTRUE; +} +/*-----------------------------------------------------------*/ + +#if ( configUSE_TRACE_FACILITY == 1 ) + + UBaseType_t uxTaskGetTaskNumber( TaskHandle_t xTask ) + { + UBaseType_t uxReturn; + TCB_t const * pxTCB; + + if( xTask != NULL ) + { + pxTCB = xTask; + uxReturn = pxTCB->uxTaskNumber; + } + else + { + uxReturn = 0U; + } + + return uxReturn; + } + +#endif /* configUSE_TRACE_FACILITY */ +/*-----------------------------------------------------------*/ + +#if ( configUSE_TRACE_FACILITY == 1 ) + + void vTaskSetTaskNumber( TaskHandle_t xTask, + const UBaseType_t uxHandle ) + { + TCB_t * pxTCB; + + if( xTask != NULL ) + { + pxTCB = xTask; + pxTCB->uxTaskNumber = uxHandle; + } + } + +#endif /* configUSE_TRACE_FACILITY */ + +/* + * ----------------------------------------------------------- + * The MinimalIdle task. + * ---------------------------------------------------------- + * + * The minimal idle task is used for all the additional Cores in a SMP system. + * There must be only 1 idle task and the rest are minimal idle tasks. + * + * @todo additional conditional compiles to remove this function. + */ + +#if ( configNUM_CORES > 1 ) + static portTASK_FUNCTION( prvMinimalIdleTask, pvParameters ) + { + taskYIELD(); + + for( ; ; ) + { + #if ( configUSE_PREEMPTION == 0 ) + { + /* If we are not using preemption we keep forcing a task switch to + * see if any other task has become available. If we are using + * preemption we don't need to do this as any task becoming available + * will automatically get the processor anyway. */ + taskYIELD(); + } + #endif /* configUSE_PREEMPTION */ + + #if ( ( configUSE_PREEMPTION == 1 ) && ( configIDLE_SHOULD_YIELD == 1 ) ) + { + /* When using preemption tasks of equal priority will be + * timesliced. If a task that is sharing the idle priority is ready + * to run then the idle task should yield before the end of the + * timeslice. + * + * A critical region is not required here as we are just reading from + * the list, and an occasional incorrect value will not matter. If + * the ready list at the idle priority contains one more task than the + * number of idle tasks, which is equal to the configured numbers of cores + * then a task other than the idle task is ready to execute. */ + if( listCURRENT_LIST_LENGTH( &( pxReadyTasksLists[ tskIDLE_PRIORITY ] ) ) > ( UBaseType_t ) configNUM_CORES ) + { + taskYIELD(); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + #endif /* ( ( configUSE_PREEMPTION == 1 ) && ( configIDLE_SHOULD_YIELD == 1 ) ) */ + + #if ( configUSE_MINIMAL_IDLE_HOOK == 1 ) + { + extern void vApplicationMinimalIdleHook( void ); + + /* Call the user defined function from within the idle task. This + * allows the application designer to add background functionality + * without the overhead of a separate task. + * + * This hook is intended to manage core activity such as disabling cores that go idle. + * + * NOTE: vApplicationMinimalIdleHook() MUST NOT, UNDER ANY CIRCUMSTANCES, + * CALL A FUNCTION THAT MIGHT BLOCK. */ + vApplicationMinimalIdleHook(); + } + #endif /* configUSE_MINIMAL_IDLE_HOOK */ + } + } +#endif /* if ( configNUM_CORES > 1 ) */ + +/* + * ----------------------------------------------------------- + * The Idle task. + * ---------------------------------------------------------- + * + * + */ +static portTASK_FUNCTION( prvIdleTask, pvParameters ) +{ + /* Stop warnings. */ + ( void ) pvParameters; + + /** THIS IS THE RTOS IDLE TASK - WHICH IS CREATED AUTOMATICALLY WHEN THE + * SCHEDULER IS STARTED. **/ + + /* In case a task that has a secure context deletes itself, in which case + * the idle task is responsible for deleting the task's secure context, if + * any. */ + portALLOCATE_SECURE_CONTEXT( configMINIMAL_SECURE_STACK_SIZE ); + + /* All cores start up in the idle task. This initial yield gets the application + * tasks started. */ + taskYIELD(); + + for( ; ; ) + { + /* See if any tasks have deleted themselves - if so then the idle task + * is responsible for freeing the deleted task's TCB and stack. */ + prvCheckTasksWaitingTermination(); + + #if ( configUSE_PREEMPTION == 0 ) + { + /* If we are not using preemption we keep forcing a task switch to + * see if any other task has become available. If we are using + * preemption we don't need to do this as any task becoming available + * will automatically get the processor anyway. */ + taskYIELD(); + } + #endif /* configUSE_PREEMPTION */ + + #if ( ( configUSE_PREEMPTION == 1 ) && ( configIDLE_SHOULD_YIELD == 1 ) ) + { + /* When using preemption tasks of equal priority will be + * timesliced. If a task that is sharing the idle priority is ready + * to run then the idle task should yield before the end of the + * timeslice. + * + * A critical region is not required here as we are just reading from + * the list, and an occasional incorrect value will not matter. If + * the ready list at the idle priority contains one more task than the + * number of idle tasks, which is equal to the configured numbers of cores + * then a task other than the idle task is ready to execute. */ + if( listCURRENT_LIST_LENGTH( &( pxReadyTasksLists[ tskIDLE_PRIORITY ] ) ) > ( UBaseType_t ) configNUM_CORES ) + { + taskYIELD(); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + #endif /* ( ( configUSE_PREEMPTION == 1 ) && ( configIDLE_SHOULD_YIELD == 1 ) ) */ + + #if ( configUSE_IDLE_HOOK == 1 ) + { + extern void vApplicationIdleHook( void ); + + /* Call the user defined function from within the idle task. This + * allows the application designer to add background functionality + * without the overhead of a separate task. + * + * NOTE: vApplicationIdleHook() MUST NOT, UNDER ANY CIRCUMSTANCES, + * CALL A FUNCTION THAT MIGHT BLOCK. */ + vApplicationIdleHook(); + } + #endif /* configUSE_IDLE_HOOK */ + + /* This conditional compilation should use inequality to 0, not equality + * to 1. This is to ensure portSUPPRESS_TICKS_AND_SLEEP() is called when + * user defined low power mode implementations require + * configUSE_TICKLESS_IDLE to be set to a value other than 1. */ + #if ( configUSE_TICKLESS_IDLE != 0 ) + { + TickType_t xExpectedIdleTime; + + /* It is not desirable to suspend then resume the scheduler on + * each iteration of the idle task. Therefore, a preliminary + * test of the expected idle time is performed without the + * scheduler suspended. The result here is not necessarily + * valid. */ + xExpectedIdleTime = prvGetExpectedIdleTime(); + + if( xExpectedIdleTime >= configEXPECTED_IDLE_TIME_BEFORE_SLEEP ) + { + vTaskSuspendAll(); + { + /* Now the scheduler is suspended, the expected idle + * time can be sampled again, and this time its value can + * be used. */ + configASSERT( xNextTaskUnblockTime >= xTickCount ); + xExpectedIdleTime = prvGetExpectedIdleTime(); + + /* Define the following macro to set xExpectedIdleTime to 0 + * if the application does not want + * portSUPPRESS_TICKS_AND_SLEEP() to be called. */ + configPRE_SUPPRESS_TICKS_AND_SLEEP_PROCESSING( xExpectedIdleTime ); + + if( xExpectedIdleTime >= configEXPECTED_IDLE_TIME_BEFORE_SLEEP ) + { + traceLOW_POWER_IDLE_BEGIN(); + portSUPPRESS_TICKS_AND_SLEEP( xExpectedIdleTime ); + traceLOW_POWER_IDLE_END(); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + ( void ) xTaskResumeAll(); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + #endif /* configUSE_TICKLESS_IDLE */ + + #if ( configUSE_MINIMAL_IDLE_HOOK == 1 ) + { + extern void vApplicationMinimalIdleHook( void ); + + /* Call the user defined function from within the idle task. This + * allows the application designer to add background functionality + * without the overhead of a separate task. + * + * This hook is intended to manage core activity such as disabling cores that go idle. + * + * NOTE: vApplicationMinimalIdleHook() MUST NOT, UNDER ANY CIRCUMSTANCES, + * CALL A FUNCTION THAT MIGHT BLOCK. */ + vApplicationMinimalIdleHook(); + } + #endif /* configUSE_MINIMAL_IDLE_HOOK */ + } +} +/*-----------------------------------------------------------*/ + +#if ( configUSE_TICKLESS_IDLE != 0 ) + + eSleepModeStatus eTaskConfirmSleepModeStatus( void ) + { + /* The idle task exists in addition to the application tasks. */ + const UBaseType_t uxNonApplicationTasks = 1; + eSleepModeStatus eReturn = eStandardSleep; + + /* This function must be called from a critical section. */ + + if( listCURRENT_LIST_LENGTH( &xPendingReadyList ) != 0 ) + { + /* A task was made ready while the scheduler was suspended. */ + eReturn = eAbortSleep; + } + else if( xYieldPending != pdFALSE ) + { + /* A yield was pended while the scheduler was suspended. */ + eReturn = eAbortSleep; + } + else if( xPendedTicks != 0 ) + { + /* A tick interrupt has already occurred but was held pending + * because the scheduler is suspended. */ + eReturn = eAbortSleep; + } + else + { + /* If all the tasks are in the suspended list (which might mean they + * have an infinite block time rather than actually being suspended) + * then it is safe to turn all clocks off and just wait for external + * interrupts. */ + if( listCURRENT_LIST_LENGTH( &xSuspendedTaskList ) == ( uxCurrentNumberOfTasks - uxNonApplicationTasks ) ) + { + eReturn = eNoTasksWaitingTimeout; + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + + return eReturn; + } + +#endif /* configUSE_TICKLESS_IDLE */ +/*-----------------------------------------------------------*/ + +#if ( configNUM_THREAD_LOCAL_STORAGE_POINTERS != 0 ) + + void vTaskSetThreadLocalStoragePointer( TaskHandle_t xTaskToSet, + BaseType_t xIndex, + void * pvValue ) + { + TCB_t * pxTCB; + + if( xIndex < configNUM_THREAD_LOCAL_STORAGE_POINTERS ) + { + pxTCB = prvGetTCBFromHandle( xTaskToSet ); + configASSERT( pxTCB != NULL ); + pxTCB->pvThreadLocalStoragePointers[ xIndex ] = pvValue; + } + } + +#endif /* configNUM_THREAD_LOCAL_STORAGE_POINTERS */ +/*-----------------------------------------------------------*/ + +#if ( configNUM_THREAD_LOCAL_STORAGE_POINTERS != 0 ) + + void * pvTaskGetThreadLocalStoragePointer( TaskHandle_t xTaskToQuery, + BaseType_t xIndex ) + { + void * pvReturn = NULL; + TCB_t * pxTCB; + + if( xIndex < configNUM_THREAD_LOCAL_STORAGE_POINTERS ) + { + pxTCB = prvGetTCBFromHandle( xTaskToQuery ); + pvReturn = pxTCB->pvThreadLocalStoragePointers[ xIndex ]; + } + else + { + pvReturn = NULL; + } + + return pvReturn; + } + +#endif /* configNUM_THREAD_LOCAL_STORAGE_POINTERS */ +/*-----------------------------------------------------------*/ + +#if ( portUSING_MPU_WRAPPERS == 1 ) + + void vTaskAllocateMPURegions( TaskHandle_t xTaskToModify, + const MemoryRegion_t * const xRegions ) + { + TCB_t * pxTCB; + + /* If null is passed in here then we are modifying the MPU settings of + * the calling task. */ + pxTCB = prvGetTCBFromHandle( xTaskToModify ); + + vPortStoreTaskMPUSettings( &( pxTCB->xMPUSettings ), xRegions, NULL, 0 ); + } + +#endif /* portUSING_MPU_WRAPPERS */ +/*-----------------------------------------------------------*/ + +static void prvInitialiseTaskLists( void ) +{ + UBaseType_t uxPriority; + + for( uxPriority = ( UBaseType_t ) 0U; uxPriority < ( UBaseType_t ) configMAX_PRIORITIES; uxPriority++ ) + { + vListInitialise( &( pxReadyTasksLists[ uxPriority ] ) ); + } + + vListInitialise( &xDelayedTaskList1 ); + vListInitialise( &xDelayedTaskList2 ); + vListInitialise( &xPendingReadyList ); + + #if ( INCLUDE_vTaskDelete == 1 ) + { + vListInitialise( &xTasksWaitingTermination ); + } + #endif /* INCLUDE_vTaskDelete */ + + #if ( INCLUDE_vTaskSuspend == 1 ) + { + vListInitialise( &xSuspendedTaskList ); + } + #endif /* INCLUDE_vTaskSuspend */ + + /* Start with pxDelayedTaskList using list1 and the pxOverflowDelayedTaskList + * using list2. */ + pxDelayedTaskList = &xDelayedTaskList1; + pxOverflowDelayedTaskList = &xDelayedTaskList2; +} +/*-----------------------------------------------------------*/ + +static void prvCheckTasksWaitingTermination( void ) +{ + /** THIS FUNCTION IS CALLED FROM THE RTOS IDLE TASK **/ + + #if ( INCLUDE_vTaskDelete == 1 ) + { + TCB_t * pxTCB; + + /* uxDeletedTasksWaitingCleanUp is used to prevent taskENTER_CRITICAL() + * being called too often in the idle task. */ + while( uxDeletedTasksWaitingCleanUp > ( UBaseType_t ) 0U ) + { + taskENTER_CRITICAL(); + { + /* Since we are SMP, multiple idles can be running simultaneously + * and we need to check that other idles did not cleanup while we were + * waiting to enter the critical section */ + if( uxDeletedTasksWaitingCleanUp > ( UBaseType_t ) 0U ) + { + pxTCB = listGET_OWNER_OF_HEAD_ENTRY( ( &xTasksWaitingTermination ) ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ + + if( pxTCB->xTaskRunState == taskTASK_NOT_RUNNING ) + { + ( void ) uxListRemove( &( pxTCB->xStateListItem ) ); + --uxCurrentNumberOfTasks; + --uxDeletedTasksWaitingCleanUp; + prvDeleteTCB( pxTCB ); + } + else + { + /* The TCB to be deleted still has not yet been switched out + * by the scheduler, so we will just exit this loop early and + * try again next time. */ + taskEXIT_CRITICAL(); + break; + } + } + } + taskEXIT_CRITICAL(); + } + } + #endif /* INCLUDE_vTaskDelete */ +} +/*-----------------------------------------------------------*/ + +#if ( configUSE_TRACE_FACILITY == 1 ) + + void vTaskGetInfo( TaskHandle_t xTask, + TaskStatus_t * pxTaskStatus, + BaseType_t xGetFreeStackSpace, + eTaskState eState ) + { + TCB_t * pxTCB; + + /* xTask is NULL then get the state of the calling task. */ + pxTCB = prvGetTCBFromHandle( xTask ); + + pxTaskStatus->xHandle = ( TaskHandle_t ) pxTCB; + pxTaskStatus->pcTaskName = ( const char * ) &( pxTCB->pcTaskName[ 0 ] ); + pxTaskStatus->uxCurrentPriority = pxTCB->uxPriority; + pxTaskStatus->pxStackBase = pxTCB->pxStack; + pxTaskStatus->xTaskNumber = pxTCB->uxTCBNumber; + + #if ( configUSE_MUTEXES == 1 ) + { + pxTaskStatus->uxBasePriority = pxTCB->uxBasePriority; + } + #else + { + pxTaskStatus->uxBasePriority = 0; + } + #endif + + #if ( configGENERATE_RUN_TIME_STATS == 1 ) + { + pxTaskStatus->ulRunTimeCounter = pxTCB->ulRunTimeCounter; + } + #else + { + pxTaskStatus->ulRunTimeCounter = 0; + } + #endif + + /* Obtaining the task state is a little fiddly, so is only done if the + * value of eState passed into this function is eInvalid - otherwise the + * state is just set to whatever is passed in. */ + if( eState != eInvalid ) + { + if( taskTASK_IS_RUNNING( pxTCB->xTaskRunState ) ) + { + pxTaskStatus->eCurrentState = eRunning; + } + else + { + pxTaskStatus->eCurrentState = eState; + + #if ( INCLUDE_vTaskSuspend == 1 ) + { + /* If the task is in the suspended list then there is a + * chance it is actually just blocked indefinitely - so really + * it should be reported as being in the Blocked state. */ + if( eState == eSuspended ) + { + vTaskSuspendAll(); + { + if( listLIST_ITEM_CONTAINER( &( pxTCB->xEventListItem ) ) != NULL ) + { + pxTaskStatus->eCurrentState = eBlocked; + } + } + ( void ) xTaskResumeAll(); + } + } + #endif /* INCLUDE_vTaskSuspend */ + } + } + else + { + pxTaskStatus->eCurrentState = eTaskGetState( pxTCB ); + } + + /* Obtaining the stack space takes some time, so the xGetFreeStackSpace + * parameter is provided to allow it to be skipped. */ + if( xGetFreeStackSpace != pdFALSE ) + { + #if ( portSTACK_GROWTH > 0 ) + { + pxTaskStatus->usStackHighWaterMark = prvTaskCheckFreeStackSpace( ( uint8_t * ) pxTCB->pxEndOfStack ); + } + #else + { + pxTaskStatus->usStackHighWaterMark = prvTaskCheckFreeStackSpace( ( uint8_t * ) pxTCB->pxStack ); + } + #endif + } + else + { + pxTaskStatus->usStackHighWaterMark = 0; + } + } + +#endif /* configUSE_TRACE_FACILITY */ +/*-----------------------------------------------------------*/ + +#if ( configUSE_TRACE_FACILITY == 1 ) + + static UBaseType_t prvListTasksWithinSingleList( TaskStatus_t * pxTaskStatusArray, + List_t * pxList, + eTaskState eState ) + { + #ifdef VERIFAST + /* Reason for rewrite: + * VeriFast does not support multiple pointer declarations to + * user-defined types in single statement + * (i.e., `A p1, p2;` is ok, `A *p1, *p2;` fails) + */ + configLIST_VOLATILE TCB_t * pxNextTCB; + configLIST_VOLATILE TCB_t * pxFirstTCB; + #else + configLIST_VOLATILE TCB_t * pxNextTCB, * pxFirstTCB; + #endif /* VERIFAST */ + UBaseType_t uxTask = 0; + + if( listCURRENT_LIST_LENGTH( pxList ) > ( UBaseType_t ) 0 ) + { + listGET_OWNER_OF_NEXT_ENTRY( pxFirstTCB, pxList ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ + + /* Populate an TaskStatus_t structure within the + * pxTaskStatusArray array for each task that is referenced from + * pxList. See the definition of TaskStatus_t in task.h for the + * meaning of each TaskStatus_t structure member. */ + do + { + listGET_OWNER_OF_NEXT_ENTRY( pxNextTCB, pxList ); /*lint !e9079 void * is used as this macro is used with timers and co-routines too. Alignment is known to be fine as the type of the pointer stored and retrieved is the same. */ + vTaskGetInfo( ( TaskHandle_t ) pxNextTCB, &( pxTaskStatusArray[ uxTask ] ), pdTRUE, eState ); + uxTask++; + } while( pxNextTCB != pxFirstTCB ); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + return uxTask; + } + +#endif /* configUSE_TRACE_FACILITY */ +/*-----------------------------------------------------------*/ + +#if ( ( configUSE_TRACE_FACILITY == 1 ) || ( INCLUDE_uxTaskGetStackHighWaterMark == 1 ) || ( INCLUDE_uxTaskGetStackHighWaterMark2 == 1 ) ) + + static configSTACK_DEPTH_TYPE prvTaskCheckFreeStackSpace( const uint8_t * pucStackByte ) + { + uint32_t ulCount = 0U; + + while( *pucStackByte == ( uint8_t ) tskSTACK_FILL_BYTE ) + { + pucStackByte -= portSTACK_GROWTH; + ulCount++; + } + + ulCount /= ( uint32_t ) sizeof( StackType_t ); /*lint !e961 Casting is not redundant on smaller architectures. */ + + return ( configSTACK_DEPTH_TYPE ) ulCount; + } + +#endif /* ( ( configUSE_TRACE_FACILITY == 1 ) || ( INCLUDE_uxTaskGetStackHighWaterMark == 1 ) || ( INCLUDE_uxTaskGetStackHighWaterMark2 == 1 ) ) */ +/*-----------------------------------------------------------*/ + +#if ( INCLUDE_uxTaskGetStackHighWaterMark2 == 1 ) + +/* uxTaskGetStackHighWaterMark() and uxTaskGetStackHighWaterMark2() are the + * same except for their return type. Using configSTACK_DEPTH_TYPE allows the + * user to determine the return type. It gets around the problem of the value + * overflowing on 8-bit types without breaking backward compatibility for + * applications that expect an 8-bit return type. */ + configSTACK_DEPTH_TYPE uxTaskGetStackHighWaterMark2( TaskHandle_t xTask ) + { + TCB_t * pxTCB; + uint8_t * pucEndOfStack; + configSTACK_DEPTH_TYPE uxReturn; + + /* uxTaskGetStackHighWaterMark() and uxTaskGetStackHighWaterMark2() are + * the same except for their return type. Using configSTACK_DEPTH_TYPE + * allows the user to determine the return type. It gets around the + * problem of the value overflowing on 8-bit types without breaking + * backward compatibility for applications that expect an 8-bit return + * type. */ + + pxTCB = prvGetTCBFromHandle( xTask ); + + #if portSTACK_GROWTH < 0 + { + pucEndOfStack = ( uint8_t * ) pxTCB->pxStack; + } + #else + { + pucEndOfStack = ( uint8_t * ) pxTCB->pxEndOfStack; + } + #endif + + uxReturn = prvTaskCheckFreeStackSpace( pucEndOfStack ); + + return uxReturn; + } + +#endif /* INCLUDE_uxTaskGetStackHighWaterMark2 */ +/*-----------------------------------------------------------*/ + +#if ( INCLUDE_uxTaskGetStackHighWaterMark == 1 ) + + UBaseType_t uxTaskGetStackHighWaterMark( TaskHandle_t xTask ) + { + TCB_t * pxTCB; + uint8_t * pucEndOfStack; + UBaseType_t uxReturn; + + pxTCB = prvGetTCBFromHandle( xTask ); + + #if portSTACK_GROWTH < 0 + { + pucEndOfStack = ( uint8_t * ) pxTCB->pxStack; + } + #else + { + pucEndOfStack = ( uint8_t * ) pxTCB->pxEndOfStack; + } + #endif + + uxReturn = ( UBaseType_t ) prvTaskCheckFreeStackSpace( pucEndOfStack ); + + return uxReturn; + } + +#endif /* INCLUDE_uxTaskGetStackHighWaterMark */ +/*-----------------------------------------------------------*/ + +#if ( INCLUDE_vTaskDelete == 1 ) + + static void prvDeleteTCB( TCB_t * pxTCB ) + { + /* This call is required specifically for the TriCore port. It must be + * above the vPortFree() calls. The call is also used by ports/demos that + * want to allocate and clean RAM statically. */ + portCLEAN_UP_TCB( pxTCB ); + + /* Free up the memory allocated by the scheduler for the task. It is up + * to the task to free any memory allocated at the application level. + * See the third party link http://www.nadler.com/embedded/newlibAndFreeRTOS.html + * for additional information. */ + #if ( configUSE_NEWLIB_REENTRANT == 1 ) + { + _reclaim_reent( &( pxTCB->xNewLib_reent ) ); + } + #endif /* configUSE_NEWLIB_REENTRANT */ + + #if ( ( configSUPPORT_DYNAMIC_ALLOCATION == 1 ) && ( configSUPPORT_STATIC_ALLOCATION == 0 ) && ( portUSING_MPU_WRAPPERS == 0 ) ) + { + /* The task can only have been allocated dynamically - free both + * the stack and TCB. */ + vPortFreeStack( pxTCB->pxStack ); + vPortFree( pxTCB ); + } + #elif ( tskSTATIC_AND_DYNAMIC_ALLOCATION_POSSIBLE != 0 ) /*lint !e731 !e9029 Macro has been consolidated for readability reasons. */ + { + /* The task could have been allocated statically or dynamically, so + * check what was statically allocated before trying to free the + * memory. */ + if( pxTCB->ucStaticallyAllocated == tskDYNAMICALLY_ALLOCATED_STACK_AND_TCB ) + { + /* Both the stack and TCB were allocated dynamically, so both + * must be freed. */ + vPortFreeStack( pxTCB->pxStack ); + vPortFree( pxTCB ); + } + else if( pxTCB->ucStaticallyAllocated == tskSTATICALLY_ALLOCATED_STACK_ONLY ) + { + /* Only the stack was statically allocated, so the TCB is the + * only memory that must be freed. */ + vPortFree( pxTCB ); + } + else + { + /* Neither the stack nor the TCB were allocated dynamically, so + * nothing needs to be freed. */ + configASSERT( pxTCB->ucStaticallyAllocated == tskSTATICALLY_ALLOCATED_STACK_AND_TCB ); + mtCOVERAGE_TEST_MARKER(); + } + } + #endif /* configSUPPORT_DYNAMIC_ALLOCATION */ + } + +#endif /* INCLUDE_vTaskDelete */ +/*-----------------------------------------------------------*/ + +static void prvResetNextTaskUnblockTime( void ) +{ + if( listLIST_IS_EMPTY( pxDelayedTaskList ) != pdFALSE ) + { + /* The new current delayed list is empty. Set xNextTaskUnblockTime to + * the maximum possible value so it is extremely unlikely that the + * if( xTickCount >= xNextTaskUnblockTime ) test will pass until + * there is an item in the delayed list. */ + xNextTaskUnblockTime = portMAX_DELAY; + } + else + { + /* The new current delayed list is not empty, get the value of + * the item at the head of the delayed list. This is the time at + * which the task at the head of the delayed list should be removed + * from the Blocked state. */ + xNextTaskUnblockTime = listGET_ITEM_VALUE_OF_HEAD_ENTRY( pxDelayedTaskList ); + } +} +/*-----------------------------------------------------------*/ + +#if ( ( INCLUDE_xTaskGetCurrentTaskHandle == 1 ) || ( configUSE_MUTEXES == 1 ) ) + + TaskHandle_t xTaskGetCurrentTaskHandle( void ) + /*@ requires interruptState_p(coreID_f(), ?state) &*& + pointer(&pxCurrentTCBs[coreID_f], ?taskHandle); + @*/ + /*@ ensures interruptState_p(coreID_f(), state) &*& + pointer(&pxCurrentTCBs[coreID_f], taskHandle) &*& + result == taskHandle; + @*/ + { + TaskHandle_t xReturn; + uint32_t ulState; + + ulState = portDISABLE_INTERRUPTS(); + xReturn = pxCurrentTCBs[ portGET_CORE_ID() ]; + portRESTORE_INTERRUPTS( ulState ); + + return xReturn; + } + + TaskHandle_t xTaskGetCurrentTaskHandleCPU( UBaseType_t xCoreID ) + { + TaskHandle_t xReturn = NULL; + + if( taskVALID_CORE_ID( xCoreID ) != pdFALSE ) + { + xReturn = pxCurrentTCBs[ xCoreID ]; + } + + return xReturn; + } + +#endif /* ( ( INCLUDE_xTaskGetCurrentTaskHandle == 1 ) || ( configUSE_MUTEXES == 1 ) ) */ +/*-----------------------------------------------------------*/ + +#if ( ( INCLUDE_xTaskGetSchedulerState == 1 ) || ( configUSE_TIMERS == 1 ) ) + + BaseType_t xTaskGetSchedulerState( void ) + { + BaseType_t xReturn; + + if( xSchedulerRunning == pdFALSE ) + { + xReturn = taskSCHEDULER_NOT_STARTED; + } + else + { + taskENTER_CRITICAL(); + { + if( uxSchedulerSuspended == ( UBaseType_t ) pdFALSE ) + { + xReturn = taskSCHEDULER_RUNNING; + } + else + { + xReturn = taskSCHEDULER_SUSPENDED; + } + } + taskEXIT_CRITICAL(); + } + + return xReturn; + } + +#endif /* ( ( INCLUDE_xTaskGetSchedulerState == 1 ) || ( configUSE_TIMERS == 1 ) ) */ +/*-----------------------------------------------------------*/ + +#if ( configUSE_MUTEXES == 1 ) + + BaseType_t xTaskPriorityInherit( TaskHandle_t const pxMutexHolder ) + { + TCB_t * const pxMutexHolderTCB = pxMutexHolder; + BaseType_t xReturn = pdFALSE; + + /* If the mutex was given back by an interrupt while the queue was + * locked then the mutex holder might now be NULL. _RB_ Is this still + * needed as interrupts can no longer use mutexes? */ + if( pxMutexHolder != NULL ) + { + /* If the holder of the mutex has a priority below the priority of + * the task attempting to obtain the mutex then it will temporarily + * inherit the priority of the task attempting to obtain the mutex. */ + if( pxMutexHolderTCB->uxPriority < pxCurrentTCB->uxPriority ) + { + /* Adjust the mutex holder state to account for its new + * priority. Only reset the event list item value if the value is + * not being used for anything else. */ + if( ( listGET_LIST_ITEM_VALUE( &( pxMutexHolderTCB->xEventListItem ) ) & taskEVENT_LIST_ITEM_VALUE_IN_USE ) == 0UL ) + { + listSET_LIST_ITEM_VALUE( &( pxMutexHolderTCB->xEventListItem ), ( TickType_t ) configMAX_PRIORITIES - ( TickType_t ) pxCurrentTCB->uxPriority ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + /* If the task being modified is in the ready state it will need + * to be moved into a new list. */ + if( listIS_CONTAINED_WITHIN( &( pxReadyTasksLists[ pxMutexHolderTCB->uxPriority ] ), &( pxMutexHolderTCB->xStateListItem ) ) != pdFALSE ) + { + if( uxListRemove( &( pxMutexHolderTCB->xStateListItem ) ) == ( UBaseType_t ) 0 ) + { + /* It is known that the task is in its ready list so + * there is no need to check again and the port level + * reset macro can be called directly. */ + portRESET_READY_PRIORITY( pxMutexHolderTCB->uxPriority, uxTopReadyPriority ); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + /* Inherit the priority before being moved into the new list. */ + pxMutexHolderTCB->uxPriority = pxCurrentTCB->uxPriority; + prvAddTaskToReadyList( pxMutexHolderTCB ); + } + else + { + /* Just inherit the priority. */ + pxMutexHolderTCB->uxPriority = pxCurrentTCB->uxPriority; + } + + traceTASK_PRIORITY_INHERIT( pxMutexHolderTCB, pxCurrentTCB->uxPriority ); + + /* Inheritance occurred. */ + xReturn = pdTRUE; + } + else + { + if( pxMutexHolderTCB->uxBasePriority < pxCurrentTCB->uxPriority ) + { + /* The base priority of the mutex holder is lower than the + * priority of the task attempting to take the mutex, but the + * current priority of the mutex holder is not lower than the + * priority of the task attempting to take the mutex. + * Therefore the mutex holder must have already inherited a + * priority, but inheritance would have occurred if that had + * not been the case. */ + xReturn = pdTRUE; + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + return xReturn; + } + +#endif /* configUSE_MUTEXES */ +/*-----------------------------------------------------------*/ + +#if ( configUSE_MUTEXES == 1 ) + + BaseType_t xTaskPriorityDisinherit( TaskHandle_t const pxMutexHolder ) + { + TCB_t * const pxTCB = pxMutexHolder; + BaseType_t xReturn = pdFALSE; + + if( pxMutexHolder != NULL ) + { + /* A task can only have an inherited priority if it holds the mutex. + * If the mutex is held by a task then it cannot be given from an + * interrupt, and if a mutex is given by the holding task then it must + * be the running state task. */ + configASSERT( pxTCB == pxCurrentTCB ); + configASSERT( pxTCB->uxMutexesHeld ); + ( pxTCB->uxMutexesHeld )--; + + /* Has the holder of the mutex inherited the priority of another + * task? */ + if( pxTCB->uxPriority != pxTCB->uxBasePriority ) + { + /* Only disinherit if no other mutexes are held. */ + if( pxTCB->uxMutexesHeld == ( UBaseType_t ) 0 ) + { + /* A task can only have an inherited priority if it holds + * the mutex. If the mutex is held by a task then it cannot be + * given from an interrupt, and if a mutex is given by the + * holding task then it must be the running state task. Remove + * the holding task from the ready list. */ + if( uxListRemove( &( pxTCB->xStateListItem ) ) == ( UBaseType_t ) 0 ) + { + portRESET_READY_PRIORITY( pxTCB->uxPriority, uxTopReadyPriority ); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + /* Disinherit the priority before adding the task into the + * new ready list. */ + traceTASK_PRIORITY_DISINHERIT( pxTCB, pxTCB->uxBasePriority ); + pxTCB->uxPriority = pxTCB->uxBasePriority; + + /* Reset the event list item value. It cannot be in use for + * any other purpose if this task is running, and it must be + * running to give back the mutex. */ + listSET_LIST_ITEM_VALUE( &( pxTCB->xEventListItem ), ( TickType_t ) configMAX_PRIORITIES - ( TickType_t ) pxTCB->uxPriority ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ + prvAddTaskToReadyList( pxTCB ); + + /* Return true to indicate that a context switch is required. + * This is only actually required in the corner case whereby + * multiple mutexes were held and the mutexes were given back + * in an order different to that in which they were taken. + * If a context switch did not occur when the first mutex was + * returned, even if a task was waiting on it, then a context + * switch should occur when the last mutex is returned whether + * a task is waiting on it or not. */ + xReturn = pdTRUE; + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + return xReturn; + } + +#endif /* configUSE_MUTEXES */ +/*-----------------------------------------------------------*/ + +#if ( configUSE_MUTEXES == 1 ) + + void vTaskPriorityDisinheritAfterTimeout( TaskHandle_t const pxMutexHolder, + UBaseType_t uxHighestPriorityWaitingTask ) + { + TCB_t * const pxTCB = pxMutexHolder; + UBaseType_t uxPriorityUsedOnEntry, uxPriorityToUse; + const UBaseType_t uxOnlyOneMutexHeld = ( UBaseType_t ) 1; + + if( pxMutexHolder != NULL ) + { + /* If pxMutexHolder is not NULL then the holder must hold at least + * one mutex. */ + configASSERT( pxTCB->uxMutexesHeld ); + + /* Determine the priority to which the priority of the task that + * holds the mutex should be set. This will be the greater of the + * holding task's base priority and the priority of the highest + * priority task that is waiting to obtain the mutex. */ + if( pxTCB->uxBasePriority < uxHighestPriorityWaitingTask ) + { + uxPriorityToUse = uxHighestPriorityWaitingTask; + } + else + { + uxPriorityToUse = pxTCB->uxBasePriority; + } + + /* Does the priority need to change? */ + if( pxTCB->uxPriority != uxPriorityToUse ) + { + /* Only disinherit if no other mutexes are held. This is a + * simplification in the priority inheritance implementation. If + * the task that holds the mutex is also holding other mutexes then + * the other mutexes may have caused the priority inheritance. */ + if( pxTCB->uxMutexesHeld == uxOnlyOneMutexHeld ) + { + /* If a task has timed out because it already holds the + * mutex it was trying to obtain then it cannot of inherited + * its own priority. */ + configASSERT( pxTCB != pxCurrentTCB ); + + /* Disinherit the priority, remembering the previous + * priority to facilitate determining the subject task's + * state. */ + traceTASK_PRIORITY_DISINHERIT( pxTCB, uxPriorityToUse ); + uxPriorityUsedOnEntry = pxTCB->uxPriority; + pxTCB->uxPriority = uxPriorityToUse; + + /* Only reset the event list item value if the value is not + * being used for anything else. */ + if( ( listGET_LIST_ITEM_VALUE( &( pxTCB->xEventListItem ) ) & taskEVENT_LIST_ITEM_VALUE_IN_USE ) == 0UL ) + { + listSET_LIST_ITEM_VALUE( &( pxTCB->xEventListItem ), ( TickType_t ) configMAX_PRIORITIES - ( TickType_t ) uxPriorityToUse ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + /* If the running task is not the task that holds the mutex + * then the task that holds the mutex could be in either the + * Ready, Blocked or Suspended states. Only remove the task + * from its current state list if it is in the Ready state as + * the task's priority is going to change and there is one + * Ready list per priority. */ + if( listIS_CONTAINED_WITHIN( &( pxReadyTasksLists[ uxPriorityUsedOnEntry ] ), &( pxTCB->xStateListItem ) ) != pdFALSE ) + { + if( uxListRemove( &( pxTCB->xStateListItem ) ) == ( UBaseType_t ) 0 ) + { + /* It is known that the task is in its ready list so + * there is no need to check again and the port level + * reset macro can be called directly. */ + portRESET_READY_PRIORITY( pxTCB->uxPriority, uxTopReadyPriority ); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + prvAddTaskToReadyList( pxTCB ); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + +#endif /* configUSE_MUTEXES */ +/*-----------------------------------------------------------*/ + +/* + * If not in a critical section then yield immediately. + * Otherwise set xYieldPending to true to wait to + * yield until exiting the critical section. + */ +void vTaskYieldWithinAPI( void ) +{ + if( pxCurrentTCB->uxCriticalNesting == 0U ) + { + portYIELD(); + } + else + { + xYieldPendings[ portGET_CORE_ID() ] = pdTRUE; + } +} +/*-----------------------------------------------------------*/ + +#if ( portCRITICAL_NESTING_IN_TCB == 1 ) + + void vTaskEnterCritical( void ) + ///@ requires interruptState_p(?coreID, _) &*& unprotectedGlobalVars(); + ///@ ensures false; + { + portDISABLE_INTERRUPTS(); + //@ open unprotectedGlobalVars(); + + if( xSchedulerRunning != pdFALSE ) + { + if( pxCurrentTCB->uxCriticalNesting == 0U ) + { + if( portCHECK_IF_IN_ISR() == pdFALSE ) + { + portGET_TASK_LOCK(); + } + + portGET_ISR_LOCK(); + } + + ( pxCurrentTCB->uxCriticalNesting )++; + + /* This should now be interrupt safe. The only time there would be + * a problem is if this is called before a context switch and + * vTaskExitCritical() is called after pxCurrentTCB changes. Therefore + * this should not be used within vTaskSwitchContext(). */ + + if( ( uxSchedulerSuspended == 0U ) && ( pxCurrentTCB->uxCriticalNesting == 1U ) ) + { + prvCheckForRunStateChange(); + } + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + +#endif /* portCRITICAL_NESTING_IN_TCB */ +/*-----------------------------------------------------------*/ + +#if ( portCRITICAL_NESTING_IN_TCB == 1 ) + + void vTaskExitCritical( void ) + { + if( xSchedulerRunning != pdFALSE ) + { + /* If pxCurrentTCB->uxCriticalNesting is zero then this function + * does not match a previous call to vTaskEnterCritical(). */ + configASSERT( pxCurrentTCB->uxCriticalNesting > 0U ); + + if( pxCurrentTCB->uxCriticalNesting > 0U ) + { + ( pxCurrentTCB->uxCriticalNesting )--; + + if( pxCurrentTCB->uxCriticalNesting == 0U ) + { + portRELEASE_ISR_LOCK(); + + if( portCHECK_IF_IN_ISR() == pdFALSE ) + { + portRELEASE_TASK_LOCK(); + portENABLE_INTERRUPTS(); + + /* When a task yields in a critical section it just sets + * xYieldPending to true. So now that we have exited the + * critical section check if xYieldPending is true, and + * if so yield. */ + if( xYieldPending != pdFALSE ) + { + portYIELD(); + } + } + else + { + /* In an ISR we don't hold the task lock and don't + * need to yield. Yield will happen if necessary when + * the application ISR calls portEND_SWITCHING_ISR() */ + mtCOVERAGE_TEST_MARKER(); + } + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + +#endif /* portCRITICAL_NESTING_IN_TCB */ +/*-----------------------------------------------------------*/ + +#if ( ( configUSE_TRACE_FACILITY == 1 ) && ( configUSE_STATS_FORMATTING_FUNCTIONS > 0 ) ) + + static char * prvWriteNameToBuffer( char * pcBuffer, + const char * pcTaskName ) + { + size_t x; + + /* Start by copying the entire string. */ + strcpy( pcBuffer, pcTaskName ); + + /* Pad the end of the string with spaces to ensure columns line up when + * printed out. */ + for( x = strlen( pcBuffer ); x < ( size_t ) ( configMAX_TASK_NAME_LEN - 1 ); x++ ) + { + pcBuffer[ x ] = ' '; + } + + /* Terminate. */ + pcBuffer[ x ] = ( char ) 0x00; + + /* Return the new end of string. */ + return &( pcBuffer[ x ] ); + } + +#endif /* ( configUSE_TRACE_FACILITY == 1 ) && ( configUSE_STATS_FORMATTING_FUNCTIONS > 0 ) */ +/*-----------------------------------------------------------*/ + +#if ( ( configUSE_TRACE_FACILITY == 1 ) && ( configUSE_STATS_FORMATTING_FUNCTIONS > 0 ) && ( configSUPPORT_DYNAMIC_ALLOCATION == 1 ) ) + + void vTaskList( char * pcWriteBuffer ) + { + TaskStatus_t * pxTaskStatusArray; + UBaseType_t uxArraySize, x; + char cStatus; + + /* + * PLEASE NOTE: + * + * This function is provided for convenience only, and is used by many + * of the demo applications. Do not consider it to be part of the + * scheduler. + * + * vTaskList() calls uxTaskGetSystemState(), then formats part of the + * uxTaskGetSystemState() output into a human readable table that + * displays task: names, states, priority, stack usage and task number. + * Stack usage specified as the number of unused StackType_t words stack can hold + * on top of stack - not the number of bytes. + * + * vTaskList() has a dependency on the sprintf() C library function that + * might bloat the code size, use a lot of stack, and provide different + * results on different platforms. An alternative, tiny, third party, + * and limited functionality implementation of sprintf() is provided in + * many of the FreeRTOS/Demo sub-directories in a file called + * printf-stdarg.c (note printf-stdarg.c does not provide a full + * snprintf() implementation!). + * + * It is recommended that production systems call uxTaskGetSystemState() + * directly to get access to raw stats data, rather than indirectly + * through a call to vTaskList(). + */ + + + /* Make sure the write buffer does not contain a string. */ + *pcWriteBuffer = ( char ) 0x00; + + /* Take a snapshot of the number of tasks in case it changes while this + * function is executing. */ + uxArraySize = uxCurrentNumberOfTasks; + + /* Allocate an array index for each task. NOTE! if + * configSUPPORT_DYNAMIC_ALLOCATION is set to 0 then pvPortMalloc() will + * equate to NULL. */ + pxTaskStatusArray = pvPortMalloc( uxCurrentNumberOfTasks * sizeof( TaskStatus_t ) ); /*lint !e9079 All values returned by pvPortMalloc() have at least the alignment required by the MCU's stack and this allocation allocates a struct that has the alignment requirements of a pointer. */ + + if( pxTaskStatusArray != NULL ) + { + /* Generate the (binary) data. */ + uxArraySize = uxTaskGetSystemState( pxTaskStatusArray, uxArraySize, NULL ); + + /* Create a human readable table from the binary data. */ + for( x = 0; x < uxArraySize; x++ ) + { + switch( pxTaskStatusArray[ x ].eCurrentState ) + { + case eRunning: + cStatus = tskRUNNING_CHAR; + break; + + case eReady: + cStatus = tskREADY_CHAR; + break; + + case eBlocked: + cStatus = tskBLOCKED_CHAR; + break; + + case eSuspended: + cStatus = tskSUSPENDED_CHAR; + break; + + case eDeleted: + cStatus = tskDELETED_CHAR; + break; + + case eInvalid: /* Fall through. */ + default: /* Should not get here, but it is included + * to prevent static checking errors. */ + cStatus = ( char ) 0x00; + break; + } + + /* Write the task name to the string, padding with spaces so it + * can be printed in tabular form more easily. */ + pcWriteBuffer = prvWriteNameToBuffer( pcWriteBuffer, pxTaskStatusArray[ x ].pcTaskName ); + + /* Write the rest of the string. */ + sprintf( pcWriteBuffer, "\t%c\t%u\t%u\t%u\r\n", cStatus, ( unsigned int ) pxTaskStatusArray[ x ].uxCurrentPriority, ( unsigned int ) pxTaskStatusArray[ x ].usStackHighWaterMark, ( unsigned int ) pxTaskStatusArray[ x ].xTaskNumber ); /*lint !e586 sprintf() allowed as this is compiled with many compilers and this is a utility function only - not part of the core kernel implementation. */ + pcWriteBuffer += strlen( pcWriteBuffer ); /*lint !e9016 Pointer arithmetic ok on char pointers especially as in this case where it best denotes the intent of the code. */ + } + + /* Free the array again. NOTE! If configSUPPORT_DYNAMIC_ALLOCATION + * is 0 then vPortFree() will be #defined to nothing. */ + vPortFree( pxTaskStatusArray ); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + +#endif /* ( ( configUSE_TRACE_FACILITY == 1 ) && ( configUSE_STATS_FORMATTING_FUNCTIONS > 0 ) && ( configSUPPORT_DYNAMIC_ALLOCATION == 1 ) ) */ +/*----------------------------------------------------------*/ + +#if ( ( configGENERATE_RUN_TIME_STATS == 1 ) && ( configUSE_STATS_FORMATTING_FUNCTIONS > 0 ) && ( configSUPPORT_DYNAMIC_ALLOCATION == 1 ) ) + + void vTaskGetRunTimeStats( char * pcWriteBuffer ) + { + TaskStatus_t * pxTaskStatusArray; + UBaseType_t uxArraySize, x; + uint32_t ulTotalTime, ulStatsAsPercentage; + + #if ( configUSE_TRACE_FACILITY != 1 ) + { + #error configUSE_TRACE_FACILITY must also be set to 1 in FreeRTOSConfig.h to use vTaskGetRunTimeStats(). + } + #endif + + /* + * PLEASE NOTE: + * + * This function is provided for convenience only, and is used by many + * of the demo applications. Do not consider it to be part of the + * scheduler. + * + * vTaskGetRunTimeStats() calls uxTaskGetSystemState(), then formats part + * of the uxTaskGetSystemState() output into a human readable table that + * displays the amount of time each task has spent in the Running state + * in both absolute and percentage terms. + * + * vTaskGetRunTimeStats() has a dependency on the sprintf() C library + * function that might bloat the code size, use a lot of stack, and + * provide different results on different platforms. An alternative, + * tiny, third party, and limited functionality implementation of + * sprintf() is provided in many of the FreeRTOS/Demo sub-directories in + * a file called printf-stdarg.c (note printf-stdarg.c does not provide + * a full snprintf() implementation!). + * + * It is recommended that production systems call uxTaskGetSystemState() + * directly to get access to raw stats data, rather than indirectly + * through a call to vTaskGetRunTimeStats(). + */ + + /* Make sure the write buffer does not contain a string. */ + *pcWriteBuffer = ( char ) 0x00; + + /* Take a snapshot of the number of tasks in case it changes while this + * function is executing. */ + uxArraySize = uxCurrentNumberOfTasks; + + /* Allocate an array index for each task. NOTE! If + * configSUPPORT_DYNAMIC_ALLOCATION is set to 0 then pvPortMalloc() will + * equate to NULL. */ + pxTaskStatusArray = pvPortMalloc( uxCurrentNumberOfTasks * sizeof( TaskStatus_t ) ); /*lint !e9079 All values returned by pvPortMalloc() have at least the alignment required by the MCU's stack and this allocation allocates a struct that has the alignment requirements of a pointer. */ + + if( pxTaskStatusArray != NULL ) + { + /* Generate the (binary) data. */ + uxArraySize = uxTaskGetSystemState( pxTaskStatusArray, uxArraySize, &ulTotalTime ); + + /* For percentage calculations. */ + ulTotalTime /= 100UL; + + /* Avoid divide by zero errors. */ + if( ulTotalTime > 0UL ) + { + /* Create a human readable table from the binary data. */ + for( x = 0; x < uxArraySize; x++ ) + { + /* What percentage of the total run time has the task used? + * This will always be rounded down to the nearest integer. + * ulTotalRunTimeDiv100 has already been divided by 100. */ + ulStatsAsPercentage = pxTaskStatusArray[ x ].ulRunTimeCounter / ulTotalTime; + + /* Write the task name to the string, padding with + * spaces so it can be printed in tabular form more + * easily. */ + pcWriteBuffer = prvWriteNameToBuffer( pcWriteBuffer, pxTaskStatusArray[ x ].pcTaskName ); + + if( ulStatsAsPercentage > 0UL ) + { + #ifdef portLU_PRINTF_SPECIFIER_REQUIRED + { + sprintf( pcWriteBuffer, "\t%lu\t\t%lu%%\r\n", pxTaskStatusArray[ x ].ulRunTimeCounter, ulStatsAsPercentage ); + } + #else + { + /* sizeof( int ) == sizeof( long ) so a smaller + * printf() library can be used. */ + sprintf( pcWriteBuffer, "\t%u\t\t%u%%\r\n", ( unsigned int ) pxTaskStatusArray[ x ].ulRunTimeCounter, ( unsigned int ) ulStatsAsPercentage ); /*lint !e586 sprintf() allowed as this is compiled with many compilers and this is a utility function only - not part of the core kernel implementation. */ + } + #endif + } + else + { + /* If the percentage is zero here then the task has + * consumed less than 1% of the total run time. */ + #ifdef portLU_PRINTF_SPECIFIER_REQUIRED + { + sprintf( pcWriteBuffer, "\t%lu\t\t<1%%\r\n", pxTaskStatusArray[ x ].ulRunTimeCounter ); + } + #else + { + /* sizeof( int ) == sizeof( long ) so a smaller + * printf() library can be used. */ + sprintf( pcWriteBuffer, "\t%u\t\t<1%%\r\n", ( unsigned int ) pxTaskStatusArray[ x ].ulRunTimeCounter ); /*lint !e586 sprintf() allowed as this is compiled with many compilers and this is a utility function only - not part of the core kernel implementation. */ + } + #endif + } + + pcWriteBuffer += strlen( pcWriteBuffer ); /*lint !e9016 Pointer arithmetic ok on char pointers especially as in this case where it best denotes the intent of the code. */ + } + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + /* Free the array again. NOTE! If configSUPPORT_DYNAMIC_ALLOCATION + * is 0 then vPortFree() will be #defined to nothing. */ + vPortFree( pxTaskStatusArray ); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + +#endif /* ( ( configGENERATE_RUN_TIME_STATS == 1 ) && ( configUSE_STATS_FORMATTING_FUNCTIONS > 0 ) && ( configSUPPORT_STATIC_ALLOCATION == 1 ) ) */ +/*-----------------------------------------------------------*/ + +TickType_t uxTaskResetEventItemValue( void ) +{ + TickType_t uxReturn; + + uxReturn = listGET_LIST_ITEM_VALUE( &( pxCurrentTCB->xEventListItem ) ); + + /* Reset the event list item to its normal value - so it can be used with + * queues and semaphores. */ + listSET_LIST_ITEM_VALUE( &( pxCurrentTCB->xEventListItem ), ( ( TickType_t ) configMAX_PRIORITIES - ( TickType_t ) pxCurrentTCB->uxPriority ) ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ + + return uxReturn; +} +/*-----------------------------------------------------------*/ + +#if ( configUSE_MUTEXES == 1 ) + + TaskHandle_t pvTaskIncrementMutexHeldCount( void ) + { + /* If xSemaphoreCreateMutex() is called before any tasks have been created + * then pxCurrentTCB will be NULL. */ + if( pxCurrentTCB != NULL ) + { + ( pxCurrentTCB->uxMutexesHeld )++; + } + + return pxCurrentTCB; + } + +#endif /* configUSE_MUTEXES */ +/*-----------------------------------------------------------*/ + +#if ( configUSE_TASK_NOTIFICATIONS == 1 ) + + uint32_t ulTaskGenericNotifyTake( UBaseType_t uxIndexToWait, + BaseType_t xClearCountOnExit, + TickType_t xTicksToWait ) + { + uint32_t ulReturn; + + configASSERT( uxIndexToWait < configTASK_NOTIFICATION_ARRAY_ENTRIES ); + + taskENTER_CRITICAL(); + { + /* Only block if the notification count is not already non-zero. */ + if( pxCurrentTCB->ulNotifiedValue[ uxIndexToWait ] == 0UL ) + { + /* Mark this task as waiting for a notification. */ + pxCurrentTCB->ucNotifyState[ uxIndexToWait ] = taskWAITING_NOTIFICATION; + + if( xTicksToWait > ( TickType_t ) 0 ) + { + prvAddCurrentTaskToDelayedList( xTicksToWait, pdTRUE ); + traceTASK_NOTIFY_TAKE_BLOCK( uxIndexToWait ); + + /* All ports are written to allow a yield in a critical + * section (some will yield immediately, others wait until the + * critical section exits) - but it is not something that + * application code should ever do. */ + vTaskYieldWithinAPI(); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + taskEXIT_CRITICAL(); + + taskENTER_CRITICAL(); + { + traceTASK_NOTIFY_TAKE( uxIndexToWait ); + ulReturn = pxCurrentTCB->ulNotifiedValue[ uxIndexToWait ]; + + if( ulReturn != 0UL ) + { + if( xClearCountOnExit != pdFALSE ) + { + pxCurrentTCB->ulNotifiedValue[ uxIndexToWait ] = 0UL; + } + else + { + pxCurrentTCB->ulNotifiedValue[ uxIndexToWait ] = ulReturn - ( uint32_t ) 1; + } + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + pxCurrentTCB->ucNotifyState[ uxIndexToWait ] = taskNOT_WAITING_NOTIFICATION; + } + taskEXIT_CRITICAL(); + + return ulReturn; + } + +#endif /* configUSE_TASK_NOTIFICATIONS */ +/*-----------------------------------------------------------*/ + +#if ( configUSE_TASK_NOTIFICATIONS == 1 ) + + BaseType_t xTaskGenericNotifyWait( UBaseType_t uxIndexToWait, + uint32_t ulBitsToClearOnEntry, + uint32_t ulBitsToClearOnExit, + uint32_t * pulNotificationValue, + TickType_t xTicksToWait ) + { + BaseType_t xReturn; + + configASSERT( uxIndexToWait < configTASK_NOTIFICATION_ARRAY_ENTRIES ); + + taskENTER_CRITICAL(); + { + /* Only block if a notification is not already pending. */ + if( pxCurrentTCB->ucNotifyState[ uxIndexToWait ] != taskNOTIFICATION_RECEIVED ) + { + /* Clear bits in the task's notification value as bits may get + * set by the notifying task or interrupt. This can be used to + * clear the value to zero. */ + pxCurrentTCB->ulNotifiedValue[ uxIndexToWait ] &= ~ulBitsToClearOnEntry; + + /* Mark this task as waiting for a notification. */ + pxCurrentTCB->ucNotifyState[ uxIndexToWait ] = taskWAITING_NOTIFICATION; + + if( xTicksToWait > ( TickType_t ) 0 ) + { + prvAddCurrentTaskToDelayedList( xTicksToWait, pdTRUE ); + traceTASK_NOTIFY_WAIT_BLOCK( uxIndexToWait ); + + /* All ports are written to allow a yield in a critical + * section (some will yield immediately, others wait until the + * critical section exits) - but it is not something that + * application code should ever do. */ + vTaskYieldWithinAPI(); + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + taskEXIT_CRITICAL(); + + taskENTER_CRITICAL(); + { + traceTASK_NOTIFY_WAIT( uxIndexToWait ); + + if( pulNotificationValue != NULL ) + { + /* Output the current notification value, which may or may not + * have changed. */ + *pulNotificationValue = pxCurrentTCB->ulNotifiedValue[ uxIndexToWait ]; + } + + /* If ucNotifyValue is set then either the task never entered the + * blocked state (because a notification was already pending) or the + * task unblocked because of a notification. Otherwise the task + * unblocked because of a timeout. */ + if( pxCurrentTCB->ucNotifyState[ uxIndexToWait ] != taskNOTIFICATION_RECEIVED ) + { + /* A notification was not received. */ + xReturn = pdFALSE; + } + else + { + /* A notification was already pending or a notification was + * received while the task was waiting. */ + pxCurrentTCB->ulNotifiedValue[ uxIndexToWait ] &= ~ulBitsToClearOnExit; + xReturn = pdTRUE; + } + + pxCurrentTCB->ucNotifyState[ uxIndexToWait ] = taskNOT_WAITING_NOTIFICATION; + } + taskEXIT_CRITICAL(); + + return xReturn; + } + +#endif /* configUSE_TASK_NOTIFICATIONS */ +/*-----------------------------------------------------------*/ + +#if ( configUSE_TASK_NOTIFICATIONS == 1 ) + + BaseType_t xTaskGenericNotify( TaskHandle_t xTaskToNotify, + UBaseType_t uxIndexToNotify, + uint32_t ulValue, + eNotifyAction eAction, + uint32_t * pulPreviousNotificationValue ) + { + TCB_t * pxTCB; + BaseType_t xReturn = pdPASS; + uint8_t ucOriginalNotifyState; + + configASSERT( uxIndexToNotify < configTASK_NOTIFICATION_ARRAY_ENTRIES ); + configASSERT( xTaskToNotify ); + pxTCB = xTaskToNotify; + + taskENTER_CRITICAL(); + { + if( pulPreviousNotificationValue != NULL ) + { + *pulPreviousNotificationValue = pxTCB->ulNotifiedValue[ uxIndexToNotify ]; + } + + ucOriginalNotifyState = pxTCB->ucNotifyState[ uxIndexToNotify ]; + + pxTCB->ucNotifyState[ uxIndexToNotify ] = taskNOTIFICATION_RECEIVED; + + switch( eAction ) + { + case eSetBits: + pxTCB->ulNotifiedValue[ uxIndexToNotify ] |= ulValue; + break; + + case eIncrement: + ( pxTCB->ulNotifiedValue[ uxIndexToNotify ] )++; + break; + + case eSetValueWithOverwrite: + pxTCB->ulNotifiedValue[ uxIndexToNotify ] = ulValue; + break; + + case eSetValueWithoutOverwrite: + + if( ucOriginalNotifyState != taskNOTIFICATION_RECEIVED ) + { + pxTCB->ulNotifiedValue[ uxIndexToNotify ] = ulValue; + } + else + { + /* The value could not be written to the task. */ + xReturn = pdFAIL; + } + + break; + + case eNoAction: + + /* The task is being notified without its notify value being + * updated. */ + break; + + default: + + /* Should not get here if all enums are handled. + * Artificially force an assert by testing a value the + * compiler can't assume is const. */ + configASSERT( xTickCount == ( TickType_t ) 0 ); + + break; + } + + traceTASK_NOTIFY( uxIndexToNotify ); + + /* If the task is in the blocked state specifically to wait for a + * notification then unblock it now. */ + if( ucOriginalNotifyState == taskWAITING_NOTIFICATION ) + { + ( void ) uxListRemove( &( pxTCB->xStateListItem ) ); + prvAddTaskToReadyList( pxTCB ); + + /* The task should not have been on an event list. */ + configASSERT( listLIST_ITEM_CONTAINER( &( pxTCB->xEventListItem ) ) == NULL ); + + #if ( configUSE_TICKLESS_IDLE != 0 ) + { + /* If a task is blocked waiting for a notification then + * xNextTaskUnblockTime might be set to the blocked task's time + * out time. If the task is unblocked for a reason other than + * a timeout xNextTaskUnblockTime is normally left unchanged, + * because it will automatically get reset to a new value when + * the tick count equals xNextTaskUnblockTime. However if + * tickless idling is used it might be more important to enter + * sleep mode at the earliest possible time - so reset + * xNextTaskUnblockTime here to ensure it is updated at the + * earliest possible time. */ + prvResetNextTaskUnblockTime(); + } + #endif + + #if ( configUSE_PREEMPTION == 1 ) + { + prvYieldForTask( pxTCB, pdFALSE ); + } + #endif + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + taskEXIT_CRITICAL(); + + return xReturn; + } + +#endif /* configUSE_TASK_NOTIFICATIONS */ +/*-----------------------------------------------------------*/ + +#if ( configUSE_TASK_NOTIFICATIONS == 1 ) + + BaseType_t xTaskGenericNotifyFromISR( TaskHandle_t xTaskToNotify, + UBaseType_t uxIndexToNotify, + uint32_t ulValue, + eNotifyAction eAction, + uint32_t * pulPreviousNotificationValue, + BaseType_t * pxHigherPriorityTaskWoken ) + { + TCB_t * pxTCB; + uint8_t ucOriginalNotifyState; + BaseType_t xReturn = pdPASS; + UBaseType_t uxSavedInterruptStatus; + + configASSERT( xTaskToNotify ); + configASSERT( uxIndexToNotify < configTASK_NOTIFICATION_ARRAY_ENTRIES ); + + /* RTOS ports that support interrupt nesting have the concept of a + * maximum system call (or maximum API call) interrupt priority. + * Interrupts that are above the maximum system call priority are keep + * permanently enabled, even when the RTOS kernel is in a critical section, + * but cannot make any calls to FreeRTOS API functions. If configASSERT() + * is defined in FreeRTOSConfig.h then + * portASSERT_IF_INTERRUPT_PRIORITY_INVALID() will result in an assertion + * failure if a FreeRTOS API function is called from an interrupt that has + * been assigned a priority above the configured maximum system call + * priority. Only FreeRTOS functions that end in FromISR can be called + * from interrupts that have been assigned a priority at or (logically) + * below the maximum system call interrupt priority. FreeRTOS maintains a + * separate interrupt safe API to ensure interrupt entry is as fast and as + * simple as possible. More information (albeit Cortex-M specific) is + * provided on the following link: + * https://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html */ + portASSERT_IF_INTERRUPT_PRIORITY_INVALID(); + + pxTCB = xTaskToNotify; + + uxSavedInterruptStatus = portSET_INTERRUPT_MASK_FROM_ISR(); + { + if( pulPreviousNotificationValue != NULL ) + { + *pulPreviousNotificationValue = pxTCB->ulNotifiedValue[ uxIndexToNotify ]; + } + + ucOriginalNotifyState = pxTCB->ucNotifyState[ uxIndexToNotify ]; + pxTCB->ucNotifyState[ uxIndexToNotify ] = taskNOTIFICATION_RECEIVED; + + switch( eAction ) + { + case eSetBits: + pxTCB->ulNotifiedValue[ uxIndexToNotify ] |= ulValue; + break; + + case eIncrement: + ( pxTCB->ulNotifiedValue[ uxIndexToNotify ] )++; + break; + + case eSetValueWithOverwrite: + pxTCB->ulNotifiedValue[ uxIndexToNotify ] = ulValue; + break; + + case eSetValueWithoutOverwrite: + + if( ucOriginalNotifyState != taskNOTIFICATION_RECEIVED ) + { + pxTCB->ulNotifiedValue[ uxIndexToNotify ] = ulValue; + } + else + { + /* The value could not be written to the task. */ + xReturn = pdFAIL; + } + + break; + + case eNoAction: + + /* The task is being notified without its notify value being + * updated. */ + break; + + default: + + /* Should not get here if all enums are handled. + * Artificially force an assert by testing a value the + * compiler can't assume is const. */ + configASSERT( xTickCount == ( TickType_t ) 0 ); + break; + } + + traceTASK_NOTIFY_FROM_ISR( uxIndexToNotify ); + + /* If the task is in the blocked state specifically to wait for a + * notification then unblock it now. */ + if( ucOriginalNotifyState == taskWAITING_NOTIFICATION ) + { + /* The task should not have been on an event list. */ + configASSERT( listLIST_ITEM_CONTAINER( &( pxTCB->xEventListItem ) ) == NULL ); + + if( uxSchedulerSuspended == ( UBaseType_t ) pdFALSE ) + { + ( void ) uxListRemove( &( pxTCB->xStateListItem ) ); + prvAddTaskToReadyList( pxTCB ); + } + else + { + /* The delayed and ready lists cannot be accessed, so hold + * this task pending until the scheduler is resumed. */ + vListInsertEnd( &( xPendingReadyList ), &( pxTCB->xEventListItem ) ); + } + + #if ( configUSE_PREEMPTION == 1 ) + prvYieldForTask( pxTCB, pdFALSE ); + + if( xYieldPendings[ portGET_CORE_ID() ] == pdTRUE ) + { + if( pxHigherPriorityTaskWoken != NULL ) + { + *pxHigherPriorityTaskWoken = pdTRUE; + } + } + #endif + } + } + portCLEAR_INTERRUPT_MASK_FROM_ISR( uxSavedInterruptStatus ); + + return xReturn; + } + +#endif /* configUSE_TASK_NOTIFICATIONS */ +/*-----------------------------------------------------------*/ + +#if ( configUSE_TASK_NOTIFICATIONS == 1 ) + + void vTaskGenericNotifyGiveFromISR( TaskHandle_t xTaskToNotify, + UBaseType_t uxIndexToNotify, + BaseType_t * pxHigherPriorityTaskWoken ) + { + TCB_t * pxTCB; + uint8_t ucOriginalNotifyState; + UBaseType_t uxSavedInterruptStatus; + + configASSERT( xTaskToNotify ); + configASSERT( uxIndexToNotify < configTASK_NOTIFICATION_ARRAY_ENTRIES ); + + /* RTOS ports that support interrupt nesting have the concept of a + * maximum system call (or maximum API call) interrupt priority. + * Interrupts that are above the maximum system call priority are keep + * permanently enabled, even when the RTOS kernel is in a critical section, + * but cannot make any calls to FreeRTOS API functions. If configASSERT() + * is defined in FreeRTOSConfig.h then + * portASSERT_IF_INTERRUPT_PRIORITY_INVALID() will result in an assertion + * failure if a FreeRTOS API function is called from an interrupt that has + * been assigned a priority above the configured maximum system call + * priority. Only FreeRTOS functions that end in FromISR can be called + * from interrupts that have been assigned a priority at or (logically) + * below the maximum system call interrupt priority. FreeRTOS maintains a + * separate interrupt safe API to ensure interrupt entry is as fast and as + * simple as possible. More information (albeit Cortex-M specific) is + * provided on the following link: + * https://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html */ + portASSERT_IF_INTERRUPT_PRIORITY_INVALID(); + + pxTCB = xTaskToNotify; + + uxSavedInterruptStatus = portSET_INTERRUPT_MASK_FROM_ISR(); + { + ucOriginalNotifyState = pxTCB->ucNotifyState[ uxIndexToNotify ]; + pxTCB->ucNotifyState[ uxIndexToNotify ] = taskNOTIFICATION_RECEIVED; + + /* 'Giving' is equivalent to incrementing a count in a counting + * semaphore. */ + ( pxTCB->ulNotifiedValue[ uxIndexToNotify ] )++; + + traceTASK_NOTIFY_GIVE_FROM_ISR( uxIndexToNotify ); + + /* If the task is in the blocked state specifically to wait for a + * notification then unblock it now. */ + if( ucOriginalNotifyState == taskWAITING_NOTIFICATION ) + { + /* The task should not have been on an event list. */ + configASSERT( listLIST_ITEM_CONTAINER( &( pxTCB->xEventListItem ) ) == NULL ); + + if( uxSchedulerSuspended == ( UBaseType_t ) pdFALSE ) + { + ( void ) uxListRemove( &( pxTCB->xStateListItem ) ); + prvAddTaskToReadyList( pxTCB ); + } + else + { + /* The delayed and ready lists cannot be accessed, so hold + * this task pending until the scheduler is resumed. */ + vListInsertEnd( &( xPendingReadyList ), &( pxTCB->xEventListItem ) ); + } + + #if ( configUSE_PREEMPTION == 1 ) + prvYieldForTask( pxTCB, pdFALSE ); + + if( xYieldPendings[ portGET_CORE_ID() ] == pdTRUE ) + { + if( pxHigherPriorityTaskWoken != NULL ) + { + *pxHigherPriorityTaskWoken = pdTRUE; + } + } + #endif + } + } + portCLEAR_INTERRUPT_MASK_FROM_ISR( uxSavedInterruptStatus ); + } + +#endif /* configUSE_TASK_NOTIFICATIONS */ +/*-----------------------------------------------------------*/ + +#if ( configUSE_TASK_NOTIFICATIONS == 1 ) + + BaseType_t xTaskGenericNotifyStateClear( TaskHandle_t xTask, + UBaseType_t uxIndexToClear ) + { + TCB_t * pxTCB; + BaseType_t xReturn; + + configASSERT( uxIndexToClear < configTASK_NOTIFICATION_ARRAY_ENTRIES ); + + /* If null is passed in here then it is the calling task that is having + * its notification state cleared. */ + pxTCB = prvGetTCBFromHandle( xTask ); + + taskENTER_CRITICAL(); + { + if( pxTCB->ucNotifyState[ uxIndexToClear ] == taskNOTIFICATION_RECEIVED ) + { + pxTCB->ucNotifyState[ uxIndexToClear ] = taskNOT_WAITING_NOTIFICATION; + xReturn = pdPASS; + } + else + { + xReturn = pdFAIL; + } + } + taskEXIT_CRITICAL(); + + return xReturn; + } + +#endif /* configUSE_TASK_NOTIFICATIONS */ +/*-----------------------------------------------------------*/ + +#if ( configUSE_TASK_NOTIFICATIONS == 1 ) + + uint32_t ulTaskGenericNotifyValueClear( TaskHandle_t xTask, + UBaseType_t uxIndexToClear, + uint32_t ulBitsToClear ) + { + TCB_t * pxTCB; + uint32_t ulReturn; + + /* If null is passed in here then it is the calling task that is having + * its notification state cleared. */ + pxTCB = prvGetTCBFromHandle( xTask ); + + taskENTER_CRITICAL(); + { + /* Return the notification as it was before the bits were cleared, + * then clear the bit mask. */ + ulReturn = pxTCB->ulNotifiedValue[ uxIndexToClear ]; + pxTCB->ulNotifiedValue[ uxIndexToClear ] &= ~ulBitsToClear; + } + taskEXIT_CRITICAL(); + + return ulReturn; + } + +#endif /* configUSE_TASK_NOTIFICATIONS */ +/*-----------------------------------------------------------*/ + +#if ( ( configGENERATE_RUN_TIME_STATS == 1 ) && ( INCLUDE_xTaskGetIdleTaskHandle == 1 ) ) + + uint32_t ulTaskGetIdleRunTimeCounter( void ) + { + uint32_t ulReturn = 0; + + for( BaseType_t i = 0; i < configNUM_CORES; i++ ) + { + ulReturn += xIdleTaskHandle[ i ]->ulRunTimeCounter; + } + + return ulReturn; + } + +#endif /* if ( ( configGENERATE_RUN_TIME_STATS == 1 ) && ( INCLUDE_xTaskGetIdleTaskHandle == 1 ) ) */ +/*-----------------------------------------------------------*/ + +static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait, + const BaseType_t xCanBlockIndefinitely ) +{ + TickType_t xTimeToWake; + const TickType_t xConstTickCount = xTickCount; + + #if ( INCLUDE_xTaskAbortDelay == 1 ) + { + /* About to enter a delayed list, so ensure the ucDelayAborted flag is + * reset to pdFALSE so it can be detected as having been set to pdTRUE + * when the task leaves the Blocked state. */ + pxCurrentTCB->ucDelayAborted = pdFALSE; + } + #endif + + /* Remove the task from the ready list before adding it to the blocked list + * as the same list item is used for both lists. */ + if( uxListRemove( &( pxCurrentTCB->xStateListItem ) ) == ( UBaseType_t ) 0 ) + { + /* The current task must be in a ready list, so there is no need to + * check, and the port reset macro can be called directly. */ + portRESET_READY_PRIORITY( pxCurrentTCB->uxPriority, uxTopReadyPriority ); /*lint !e931 pxCurrentTCB cannot change as it is the calling task. pxCurrentTCB->uxPriority and uxTopReadyPriority cannot change as called with scheduler suspended or in a critical section. */ + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + + #if ( INCLUDE_vTaskSuspend == 1 ) + { + if( ( xTicksToWait == portMAX_DELAY ) && ( xCanBlockIndefinitely != pdFALSE ) ) + { + /* Add the task to the suspended task list instead of a delayed task + * list to ensure it is not woken by a timing event. It will block + * indefinitely. */ + vListInsertEnd( &xSuspendedTaskList, &( pxCurrentTCB->xStateListItem ) ); + } + else + { + /* Calculate the time at which the task should be woken if the event + * does not occur. This may overflow but this doesn't matter, the + * kernel will manage it correctly. */ + xTimeToWake = xConstTickCount + xTicksToWait; + + /* The list item will be inserted in wake time order. */ + listSET_LIST_ITEM_VALUE( &( pxCurrentTCB->xStateListItem ), xTimeToWake ); + + if( xTimeToWake < xConstTickCount ) + { + /* Wake time has overflowed. Place this item in the overflow + * list. */ + vListInsert( pxOverflowDelayedTaskList, &( pxCurrentTCB->xStateListItem ) ); + } + else + { + /* The wake time has not overflowed, so the current block list + * is used. */ + vListInsert( pxDelayedTaskList, &( pxCurrentTCB->xStateListItem ) ); + + /* If the task entering the blocked state was placed at the + * head of the list of blocked tasks then xNextTaskUnblockTime + * needs to be updated too. */ + if( xTimeToWake < xNextTaskUnblockTime ) + { + xNextTaskUnblockTime = xTimeToWake; + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + } + } + #else /* INCLUDE_vTaskSuspend */ + { + /* Calculate the time at which the task should be woken if the event + * does not occur. This may overflow but this doesn't matter, the kernel + * will manage it correctly. */ + xTimeToWake = xConstTickCount + xTicksToWait; + + /* The list item will be inserted in wake time order. */ + listSET_LIST_ITEM_VALUE( &( pxCurrentTCB->xStateListItem ), xTimeToWake ); + + if( xTimeToWake < xConstTickCount ) + { + /* Wake time has overflowed. Place this item in the overflow list. */ + vListInsert( pxOverflowDelayedTaskList, &( pxCurrentTCB->xStateListItem ) ); + } + else + { + /* The wake time has not overflowed, so the current block list is used. */ + vListInsert( pxDelayedTaskList, &( pxCurrentTCB->xStateListItem ) ); + + /* If the task entering the blocked state was placed at the head of the + * list of blocked tasks then xNextTaskUnblockTime needs to be updated + * too. */ + if( xTimeToWake < xNextTaskUnblockTime ) + { + xNextTaskUnblockTime = xTimeToWake; + } + else + { + mtCOVERAGE_TEST_MARKER(); + } + } + + /* Avoid compiler warning when INCLUDE_vTaskSuspend is not 1. */ + ( void ) xCanBlockIndefinitely; + } + #endif /* INCLUDE_vTaskSuspend */ +} + +/* Code below here allows additional code to be inserted into this source file, + * especially where access to file scope functions and data is needed (for example + * when performing module tests). */ + +#ifdef FREERTOS_MODULE_TEST + #include "tasks_test_access_functions.h" +#endif + + +#if ( configINCLUDE_FREERTOS_TASK_C_ADDITIONS_H == 1 ) + + #include "freertos_tasks_c_additions.h" + + #ifdef FREERTOS_TASKS_C_ADDITIONS_INIT + static void freertos_tasks_c_additions_init( void ) + { + FREERTOS_TASKS_C_ADDITIONS_INIT(); + } + #endif + +#endif /* if ( configINCLUDE_FREERTOS_TASK_C_ADDITIONS_H == 1 ) */ \ No newline at end of file From dcbaf3863bd549573845c7f2d83487f4016ffc87 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 9 Dec 2022 10:35:20 -0500 Subject: [PATCH 202/289] Preprocessing script prefers modified files in proof subdirectory over files in main source and header dir. --- .../custom_build_scripts_RP2040/preprocess_tasks_c.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_tasks_c.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_tasks_c.sh index e2a9fefbcee..83102aec650 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_tasks_c.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_tasks_c.sh @@ -9,9 +9,10 @@ VF_DIR="$1" PP_SCRIPT_WD=`pwd` REPO_BASE_DIR=`cd ../../../../..; pwd` VF_PROOF_BASE_DIR=`cd ..; pwd` +VF_PROOF_MOD_SRC_DIR="$VF_PROOF_BASE_DIR/src" +VF_PROOF_MOD_HEADER_DIR="$VF_PROOF_BASE_DIR/include" - -TASKS_C="$REPO_BASE_DIR/tasks.c" +TASKS_C="$VF_PROOF_MOD_SRC_DIR/tasks.c" PROOF_SETUP_DIR="$VF_PROOF_BASE_DIR/proof_setup" PROOF_FILES_DIR="$VF_PROOF_BASE_DIR/proof" @@ -49,6 +50,8 @@ clang -E -C -DFREE_RTOS_KERNEL_SMP=1 -DLIB_FREERTOS_KERNEL=1 -DLIB_PICO_BIT_OPS -DVERIFAST \ -DVERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT \ -I"$VF_DIR/bin" \ +-I"$VF_PROOF_MOD_HEADER_DIR" \ +-I"$VF_PROOF_MOD_SRC_DIR" \ -I"$PROOF_SETUP_DIR" \ -I"$PROOF_FILES_DIR" \ -I"$SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore" \ From 1d3fcdfc1f0c3beea5491f3dc531ba5c2144ccb9 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 9 Dec 2022 10:37:50 -0500 Subject: [PATCH 203/289] Reverted modified source and header files to last commit before we started the VeriFast proofs. Files reset to commit 13f034eb7480f11c9fc43e7b51a1e55656985bf4 --- include/list.h | 38 +- include/portable.h | 31 +- include/stack_macros.h | 99 +---- include/task.h | 37 -- list.c | 910 +---------------------------------------- tasks.c | 794 +---------------------------------- 6 files changed, 59 insertions(+), 1850 deletions(-) diff --git a/include/list.h b/include/list.h index d1543dfed02..332f3f413ce 100644 --- a/include/list.h +++ b/include/list.h @@ -56,35 +56,10 @@ #ifndef LIST_H #define LIST_H - -#ifdef VERIFAST - /* Reason for rewrite: - * VeriFast bug: - * Both `#ifdef INC_FREERTOS_H` and its negation `#ifdef INC_FREERTOS_H` - * evaluate to true. See minimal example `define_name`. - */ - #define INC_FREERTOS_H - /* Remember that this header is included indirectly `tasks.c` after it - * includes `FreeRTOS.h`. - */ - // TODO: Remove this work-around once VF has been fixed. -#endif /* VERIFAST */ - #ifndef INC_FREERTOS_H #error "FreeRTOS.h must be included before list.h" #endif -#ifdef VERIFAST - /* Reason for rewrite: - * VeriFast's normal and context-free preprocessor consume different - * numbers of tokens when expanding `PRIVILEGED_FUNCTION` in this file. - */ - #define PRIVILEGED_FUNCTION - // TODO: Figure out why the preprocessors consume different amounts of - // of tokens. This most likely has to do with the path/context - // from which this header is included. -#endif /* VERIFAST */ - /* * The list structure members are modified from within interrupts, and therefore * by rights should be declared volatile. However, they are only modified in a @@ -193,15 +168,7 @@ typedef struct xLIST listFIRST_LIST_INTEGRITY_CHECK_VALUE /*< Set to a known value if configUSE_LIST_DATA_INTEGRITY_CHECK_BYTES is set to 1. */ volatile UBaseType_t uxNumberOfItems; ListItem_t * configLIST_VOLATILE pxIndex; /*< Used to walk through the list. Points to the last item returned by a call to listGET_OWNER_OF_NEXT_ENTRY (). */ - #ifdef VERIFAST - /* Reason for rewrite: - * This change allows us to reuse the existing single-core list proofs, - * for which an identical rewrite for assumed. - */ - ListItem_t xListEnd; - #else - MiniListItem_t xListEnd; /*< List item that contains the maximum possible item value meaning it is always at the end of the list and is therefore used as a marker. */ - #endif /* VERIFAST */ + MiniListItem_t xListEnd; /*< List item that contains the maximum possible item value meaning it is always at the end of the list and is therefore used as a marker. */ listSECOND_LIST_INTEGRITY_CHECK_VALUE /*< Set to a known value if configUSE_LIST_DATA_INTEGRITY_CHECK_BYTES is set to 1. */ } List_t; @@ -323,7 +290,6 @@ typedef struct xLIST } - /* * Access function to obtain the owner of the first entry in a list. Lists * are normally sorted in ascending item value order. @@ -390,8 +356,6 @@ void vListInitialise( List_t * const pxList ) PRIVILEGED_FUNCTION; * \ingroup LinkedList */ void vListInitialiseItem( ListItem_t * const pxItem ) PRIVILEGED_FUNCTION; -//@ requires pxItem->pxContainer |-> _; -//@ ensures pxItem->pxContainer |-> 0; /* * Insert a list item into a list. The item will be inserted into the list in diff --git a/include/portable.h b/include/portable.h index d9bb2e72089..6a3564547de 100644 --- a/include/portable.h +++ b/include/portable.h @@ -128,8 +128,6 @@ StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack, TaskFunction_t pxCode, void * pvParameters ) PRIVILEGED_FUNCTION; - ///@ requires true; - ///@ ensures true; #endif #endif /* if ( portUSING_MPU_WRAPPERS == 1 ) */ @@ -172,30 +170,11 @@ void vPortDefineHeapRegions( const HeapRegion_t * const pxHeapRegions ) PRIVILEG */ void vPortGetHeapStats( HeapStats_t * pxHeapStats ); -#ifdef VERIFAST - /* Reason for rewrite: - * VeriFast treats the `malloc` and `free` functions specially, - * in a particular built-in way that cannot be axiomatized within - * VeriFast's specification language. - * - * When `malloc( sizeof(struct S) )` is called for a user defined - * struct `S`, VeriFast instantiates the corresponding - * `malloc_block_S(...)` predicate as well as points-to chunks - * for its fields. - * Reversely, calling `free` cleans up all the predicates instantiated - * by `malloc`. - */ - #define pvPortMalloc malloc - #define vPortFree(ptr) free( (void*) ptr) -#else - /* - * Map to the memory management routines required for the port. - */ - void * pvPortMalloc( size_t xSize ) PRIVILEGED_FUNCTION; - void vPortFree( void * pv ) PRIVILEGED_FUNCTION; -#endif /* VERIFAST */ - - +/* + * Map to the memory management routines required for the port. + */ +void * pvPortMalloc( size_t xSize ) PRIVILEGED_FUNCTION; +void vPortFree( void * pv ) PRIVILEGED_FUNCTION; void vPortInitialiseBlocks( void ) PRIVILEGED_FUNCTION; size_t xPortGetFreeHeapSize( void ) PRIVILEGED_FUNCTION; size_t xPortGetMinimumEverFreeHeapSize( void ) PRIVILEGED_FUNCTION; diff --git a/include/stack_macros.h b/include/stack_macros.h index ea247e4064e..a80613712e8 100644 --- a/include/stack_macros.h +++ b/include/stack_macros.h @@ -84,92 +84,19 @@ #if ( ( configCHECK_FOR_STACK_OVERFLOW > 1 ) && ( portSTACK_GROWTH < 0 ) ) - /* TODO: Convert this macro into a function such that we can insert proof annotations. - */ - #ifdef VERIFAST - /* Reason for rewrite: - * VeriFast complains about unspecified evaluation order of - * - `pxCurrentTCB->pxStack` - * - `vApplicationStackOverflowHook( ( TaskHandle_t ) pxCurrentTCB, pxCurrentTCB->pcTaskName );` - * - */ - #define taskCHECK_FOR_STACK_OVERFLOW() VF__taskCHECK_FOR_STACK_OVERFLOW() - - void VF__taskCHECK_FOR_STACK_OVERFLOW() - /*@ requires prvSeg_TCB_p(?gCurrentTCB, ?ulFreeBytesOnStack) &*& - coreLocalSeg_TCB_p(gCurrentTCB, ?uxCriticalNesting) &*& - // chunks required by `pxCurrentTCB` aka `xTaskGetCurrentTaskHandle()` - interruptState_p(coreID_f(), ?state) &*& - interruptsDisabled_f(state) == true &*& - pointer(&pxCurrentTCBs[coreID_f], gCurrentTCB); - @*/ - /*@ ensures prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack) &*& - coreLocalSeg_TCB_p(gCurrentTCB, uxCriticalNesting) &*& - // chunks required by `pxCurrentTCB` aka `xTaskGetCurrentTaskHandle()` - interruptState_p(coreID_f(), state) &*& - interruptsDisabled_f(state) == true &*& - pointer(&pxCurrentTCBs[coreID_f], gCurrentTCB); \ - @*/ \ - { \ - /*@ open prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack); @*/ \ - /*@ assert( stack_p_2(?pxStack, ?ulStackDepth, ?pxTopOfStack, \ - ?ulFreeBytes, ?ulUsedCells, ?ulUnalignedBytes) ); \ - @*/ \ - /*@ open stack_p_2(_, _, _, _, _, _); @*/ \ - /* The detour below allows us to skip proving that `ulFreeBytes` \ - * is a multiple of `sizeof(StackType_t)`. \ - */ \ - /*@ integers__to_chars(pxTopOfStack+1); @*/ \ - /*@ chars_join((char*) pxStack); @*/ \ - /*@ chars_to_integers_(pxStack, sizeof(StackType_t), false, 4); @*/ \ - TCB_t* tcb0 = pxCurrentTCB; \ - const uint32_t * const pulStack = ( uint32_t * ) tcb0->pxStack; \ - const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; \ - \ - /*@ bool gOverflow = false; @*/ \ - if( ( pulStack[ 0 ] != ulCheckValue ) || \ - ( pulStack[ 1 ] != ulCheckValue ) || \ - ( pulStack[ 2 ] != ulCheckValue ) || \ - ( pulStack[ 3 ] != ulCheckValue ) ) \ - { \ - /*@ gOverflow = true; @*/ \ - /*@ integers__to_chars(pxStack); @*/ \ - /*@ chars_join((char*) pxStack); @*/ \ - /*@ chars_split((char*) pxStack, ulFreeBytesOnStack); @*/ \ - /*@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, \ - ulFreeBytes, ulUsedCells, ulUnalignedBytes); \ - @*/ \ - /*@ close prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack); @*/ \ - TCB_t* tcb1 = pxCurrentTCB; \ - TCB_t* tcb2 = pxCurrentTCB; \ - vApplicationStackOverflowHook( ( TaskHandle_t ) tcb1, tcb2->pcTaskName ); \ - } \ - /*@ \ - if(!gOverflow) { \ - integers__to_chars(pxStack); \ - chars_join((char*) pxStack); \ - chars_split((char*) pxStack, ulFreeBytesOnStack); \ - close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, \ - ulFreeBytes, ulUsedCells, ulUnalignedBytes); \ - close prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack); \ - } \ - @*/ \ - } - #else - #define taskCHECK_FOR_STACK_OVERFLOW() \ - { \ - const uint32_t * const pulStack = ( uint32_t * ) pxCurrentTCB->pxStack; \ - const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; \ - \ - if( ( pulStack[ 0 ] != ulCheckValue ) || \ - ( pulStack[ 1 ] != ulCheckValue ) || \ - ( pulStack[ 2 ] != ulCheckValue ) || \ - ( pulStack[ 3 ] != ulCheckValue ) ) \ - { \ - vApplicationStackOverflowHook( ( TaskHandle_t ) pxCurrentTCB, pxCurrentTCB->pcTaskName ); \ - } \ - } - #endif /* VERIFAST */ + #define taskCHECK_FOR_STACK_OVERFLOW() \ + { \ + const uint32_t * const pulStack = ( uint32_t * ) pxCurrentTCB->pxStack; \ + const uint32_t ulCheckValue = ( uint32_t ) 0xa5a5a5a5; \ + \ + if( ( pulStack[ 0 ] != ulCheckValue ) || \ + ( pulStack[ 1 ] != ulCheckValue ) || \ + ( pulStack[ 2 ] != ulCheckValue ) || \ + ( pulStack[ 3 ] != ulCheckValue ) ) \ + { \ + vApplicationStackOverflowHook( ( TaskHandle_t ) pxCurrentTCB, pxCurrentTCB->pcTaskName ); \ + } \ + } #endif /* #if( configCHECK_FOR_STACK_OVERFLOW > 1 ) */ /*-----------------------------------------------------------*/ diff --git a/include/task.h b/include/task.h index 56e054299c1..65cd86e8dd0 100644 --- a/include/task.h +++ b/include/task.h @@ -28,37 +28,6 @@ #ifndef INC_TASK_H #define INC_TASK_H -#ifdef VERIFAST - /* Reason for rewrite: - * VeriFast bug: - * Both `#ifdef INC_FREERTOS_H` and its negation `#ifdef INC_FREERTOS_H` - * evaluate to true. See minimal example `define_name`. - */ - #define INC_FREERTOS_H - /* Remember that this header is included by `tasks.c` after it includes - * `FreeRTOS.h`. - */ - // TODO: Remove this work-around once VF has been fixed. -#endif /* VERIFAST */ - - -/* Remark: - * Note that the following VF section renders the previous one obsolete. - * However, we keep the above as a reminder until the corresponding bug - * has been fixed. - */ -#ifdef VERIFAST - /* Reason for rewrite: - * Even though in the current verification setup, `FreeRTOS.h` is always - * included before this file is processed, VeriFast does not consider this - * context when processing this file. VeriFast forbids macro expansions to - * depend on a potentially variable context, e.g, `configSTACK_DEPTH_TYPE` - * which expands to 'uint16_t' if and only if `FreeRTOS.h` has been - * included. - */ - #include "FreeRTOS.h" -#endif /* VERIFAST */ - #ifndef INC_FREERTOS_H #error "include FreeRTOS.h must appear in source files before include task.h" #endif @@ -1863,12 +1832,6 @@ configSTACK_DEPTH_TYPE uxTaskGetStackHighWaterMark2( TaskHandle_t xTask ) PRIVIL */ void vApplicationStackOverflowHook( TaskHandle_t xTask, char * pcTaskName ); - /*@ requires prvSeg_TCB_p(xTask, ?ulFreeBytesOnStack) &*& - coreLocalSeg_TCB_p(xTask, ?uxCriticalNesting); - @*/ - /*@ ensures prvSeg_TCB_p(xTask, ulFreeBytesOnStack) &*& - coreLocalSeg_TCB_p(xTask, uxCriticalNesting); - @*/ #endif diff --git a/list.c b/list.c index 5532d8e59e6..c679709f738 100644 --- a/list.c +++ b/list.c @@ -71,8 +71,6 @@ void vListInitialise( List_t * const pxList ) /*-----------------------------------------------------------*/ void vListInitialiseItem( ListItem_t * const pxItem ) -//@ requires pxItem->pxContainer |-> _; -//@ ensures pxItem->pxContainer |-> 0; { /* Make sure the list item is not recorded as being on a list. */ pxItem->pxContainer = NULL; @@ -86,423 +84,32 @@ void vListInitialiseItem( ListItem_t * const pxItem ) void vListInsertEnd( List_t * const pxList, ListItem_t * const pxNewListItem ) -#ifndef VERIFAST_SINGLE_CORE - /* Reason for rewrite: - * Predicates `xLIST_ITEM`, `DLS` and `xLIST` have been extended to expose - * node owners. Proofs using these predicates must be adapted as well. - */ - - // TODO: Adapt contract and proof to new version of predicates. - - /*@requires xLIST(pxList, ?len, ?idx, ?end, ?cells, ?vals, ?owners) &*& - xLIST_ITEM(pxNewListItem, ?val, _, _, ?ow, _) &*& - len < INT_MAX;@*/ - /*@ensures xLIST(pxList, len+1, idx, end, ?new_cells, ?new_vals, ?new_owners) &*& - idx == end - ? (new_cells == append(cells, singleton(pxNewListItem)) &*& - new_vals == append(vals, singleton(val)) &*& - new_owners == append(owners, singleton(ow))) - : (new_cells == append(take(index_of(idx, cells), cells), append(singleton(pxNewListItem), drop(index_of(idx, cells), cells))) &*& - new_vals == append(take(index_of(idx, cells), vals), append(singleton(val), drop(index_of(idx, cells), vals))) &*& - new_owners == append(take(index_of(idx, cells), owners), append(singleton(ow), drop(index_of(idx, cells), owners))));@*/ - { - /*@xLIST_star_item(pxList, pxNewListItem);@*/ - /*@assert mem(pxNewListItem, cells) == false;@*/ - /*@open xLIST(pxList, len, idx, end, cells, vals, owners);@*/ - #ifdef VERIFAST /*< const pointer declaration */ - ListItem_t * pxIndex = pxList->pxIndex; - #else - ListItem_t * const pxIndex = pxList->pxIndex; - - /* Only effective when configASSERT() is also defined, these tests may catch - * the list data structures being overwritten in memory. They will not catch - * data errors caused by incorrect configuration or use of FreeRTOS. */ - listTEST_LIST_INTEGRITY( pxList ); - listTEST_LIST_ITEM_INTEGRITY( pxNewListItem ); - #endif - - /*@open xLIST_ITEM(pxNewListItem, _, _, _, _, _);@*/ - /*@assert DLS(end, ?endprev, end, _, cells, vals, owners, pxList);@*/ - /*@dls_first_mem(end, endprev, end, endprev, cells);@*/ - /*@dls_last_mem(end, endprev, end, endprev, cells);@*/ - /*@ - if (end == idx) - { - open DLS(end, endprev, end, endprev, cells, vals, owners, pxList); - open xLIST_ITEM(end, portMAX_DELAY, ?endnext, endprev, head(owners), pxList); - if (end == endprev) - { - // Case A (singleton): idx==end==endprev - } - else - { - assert DLS(endnext, end, end, endprev, tail(cells), tail(vals), tail(owners), pxList); - if (endnext == endprev) - { - // Case B (two): idx==end and endnext==endprev - open DLS(endnext, end, end, endnext, _, _, _, _); - open xLIST_ITEM(endnext, _, _, _, _, _); - } - else - { - // Case C: idx==end and DLS:endnext...endprev - split(endnext, end, end, endprev, tail(cells), tail(vals), endprev, index_of(endprev, tail(cells))); - open DLS(endprev, _, _, _, _, _, _, _); - open xLIST_ITEM(endprev, _, _, _, _, _); - } - } - } - else - { - int i = index_of(idx, cells); - split(end, endprev, end, endprev, cells, vals, idx, i); - assert DLS(end, endprev, idx, ?idxprev, take(i, cells), take(i, vals), take(i, owners), pxList); - assert DLS(idx, idxprev, end, endprev, drop(i, cells), drop(i, vals), drop(i, owners), pxList); - open DLS(idx, idxprev, end, endprev, _, _, _, _); - open xLIST_ITEM(idx, _, _, _, _, _); - if (end == idxprev) - { - // Case D: end==idxprev and DLS:idx...endprev - take_take(1, i, vals); - take_head(vals); - open DLS(end, endprev, idx, idxprev, take(i, cells), take(i, vals), take(i, owners), pxList); - open xLIST_ITEM(end, portMAX_DELAY, _, _, _, _); - assert length(take(i, cells)) == 1; - } - else - { - // Case E: DLS:end...idxprev and DLS:idx...endprev - dls_last_mem(end, endprev, idx, idxprev, take(i, cells)); - split(end, endprev, idx, idxprev, take(i, cells), take(i, vals), idxprev, index_of(idxprev, take(i, cells))); - open DLS(idxprev, _, _, idxprev, _, _, _, _); - length_take(i, cells); - drop_take_singleton(i, vals); - drop_take_singleton(i, owners); - open xLIST_ITEM(idxprev, nth(i-1, vals), _, _, _, _); - } - } - @*/ - - /* Insert a new list item into pxList, but rather than sort the list, - * makes the new list item the last item to be removed by a call to - * listGET_OWNER_OF_NEXT_ENTRY(). */ - pxNewListItem->pxNext = pxIndex; - pxNewListItem->pxPrevious = pxIndex->pxPrevious; - - /* Only used during decision coverage testing. */ - mtCOVERAGE_TEST_DELAY(); - - pxIndex->pxPrevious->pxNext = pxNewListItem; - pxIndex->pxPrevious = pxNewListItem; - - /* Remember which list the item is in. */ - pxNewListItem->pxContainer = pxList; - - ( pxList->uxNumberOfItems )++; - - /*@ - if (end == idx) - { - close xLIST_ITEM(pxNewListItem, val, end, endprev, ow, pxList); - close DLS(pxNewListItem, endprev, end, pxNewListItem, singleton(pxNewListItem), singleton(val), singleton(ow), pxList); - close xLIST_ITEM(end, portMAX_DELAY, ?endnext, pxNewListItem, head(owners), pxList); - if (end == endprev) - { - // Case A (singleton): idx==end==endprev - close DLS(end, pxNewListItem, endnext, end, cells, vals, owners, pxList); - join(end, pxNewListItem, endnext, end, cells, vals, - pxNewListItem, endprev, end, pxNewListItem, singleton(pxNewListItem), singleton(val)); - close xLIST(pxList, len+1, idx, end, append(cells, singleton(pxNewListItem)), append(vals, singleton(val)), append(owners, singleton(ow))); - } - else - { - close xLIST_ITEM(endprev, ?endprevval, pxNewListItem, ?endprevprev, ?endprevowner, _); - if (endnext == endprev) - { - // Case B (two): idx==end and endnext==endprev - close DLS(endprev, end, pxNewListItem, endprev, singleton(endprev), singleton(endprevval), singleton(endprevowner), pxList); - close DLS(end, pxNewListItem, pxNewListItem, endprev, cells, vals, owners, pxList); - join(end, pxNewListItem, pxNewListItem, endprev, cells, vals, - pxNewListItem, endprev, end, pxNewListItem, singleton(pxNewListItem), singleton(val)); - close xLIST(pxList, len+1, idx, end, append(cells, singleton(pxNewListItem)), append(vals, singleton(val)), append(owners, singleton(ow))); - } - else - { - // Case C: idx==end and DLS:endnext...endprev - close DLS(endprev, endprevprev, pxNewListItem, endprev, singleton(endprev), singleton(endprevval), singleton(endprevowner), pxList); - assert DLS(endnext, end, endprev, endprevprev, ?cells_endnext_to_endprevprev, ?vals_endnext_to_endprevprev, _, pxList); - join(endnext, end, endprev, endprevprev, cells_endnext_to_endprevprev, vals_endnext_to_endprevprev, - endprev, endprevprev, pxNewListItem, endprev, singleton(endprev), singleton(endprevval)); - close DLS(end, pxNewListItem, pxNewListItem, endprev, cells, vals, owners, pxList); - join(end, pxNewListItem, pxNewListItem, endprev, cells, vals, - pxNewListItem, endprev, end, pxNewListItem, singleton(pxNewListItem), singleton(val)); - close xLIST(pxList, len+1, idx, end, append(cells, singleton(pxNewListItem)), append(vals, singleton(val)), append(owners, singleton(ow))); - } - } - } - else - { - // Case D: end==idxprev and DLS:idx...endprev - // Case E: DLS:end...idxprev and DLS:idx...endprev - int i = index_of(idx, cells); - close xLIST_ITEM(pxNewListItem, val, idx, ?idxprev, ow, pxList); - close xLIST_ITEM(idx, ?idxval, ?idxnext, pxNewListItem, ?idxowner, pxList); - nth_drop2(vals, i); - assert idxval == nth(i, vals); - nth_drop2(owners, i); - assert idxowner == nth(i, owners); - close xLIST_ITEM(idxprev, ?idxprevval, pxNewListItem, ?idxprevprev, ?idxprevowner, pxList); - - if (end == idxprev) - { - close DLS(end, endprev, pxNewListItem, end, singleton(end), singleton(portMAX_DELAY), singleton(head(owners)), pxList); - } - else - { - length_take(i, cells); - take_take(i-1, i, vals); - take_singleton(i-1, vals); - take_singleton(i, vals); - take_take(i-1, i, owners); - take_singleton(i-1, owners); - take_singleton(i, owners); - assert DLS(end, endprev, idxprev, idxprevprev, ?cells_end_to_idxprevprev, take(i-1, vals), take(i-1, owners), pxList); - close DLS(idxprev, idxprevprev, pxNewListItem, idxprev, singleton(idxprev), singleton(idxprevval), singleton(idxprevowner), pxList); - join(end, endprev, idxprev, idxprevprev, cells_end_to_idxprevprev, take(i-1, vals), - idxprev, idxprevprev, pxNewListItem, idxprev, singleton(idxprev), singleton(idxprevval)); - } - - if (idx == endprev) - { - close DLS(idx, pxNewListItem, end, idx, singleton(idx), singleton(idxval), singleton(idxowner), pxList); - } - else - { - assert DLS(end, endprev, pxNewListItem, idxprev, ?cells_end_to_idxprev, ?vals_end_to_idxprev, _, pxList); - close DLS(idx, pxNewListItem, end, endprev, drop(i, cells), drop(i, vals), drop(i, owners), pxList); - } - - assert DLS(end, endprev, pxNewListItem, idxprev, take(i, cells), take(i, vals), take(i, owners), pxList); - assert DLS(idx, pxNewListItem, end, endprev, drop(i, cells), drop(i, vals), drop(i, owners), pxList); - assert xLIST_ITEM(pxNewListItem, val, idx, idxprev, ow, pxList); - dls_star_item(idx, endprev, pxNewListItem); - close DLS(pxNewListItem, idxprev, end, endprev, cons(pxNewListItem, drop(i, cells)), cons(val, drop(i, vals)), cons(ow, drop(i, owners)), pxList); - join(end, endprev, pxNewListItem, idxprev, take(i, cells), take(i, vals), - pxNewListItem, idxprev, end, endprev, cons(pxNewListItem, drop(i, cells)), cons(val, drop(i, vals))); - assert DLS(end, endprev, end, endprev, ?cells_new, ?vals_new, ?owners_new, pxList); - assert cells_new == append(take(i, cells), append(singleton(pxNewListItem), drop(i, cells))); - assert vals_new == append(take(i, vals) , append(singleton(val), drop(i, vals))); - assert owners_new == append(take(i, owners) , append(singleton(ow), drop(i, owners))); - head_append(take(i, cells), append(singleton(pxNewListItem), drop(i, cells))); - take_take(1, i, cells); - head_append(take(i, vals), append(singleton(val), drop(i, vals))); - take_take(1, i, vals); - close xLIST(pxList, len+1, idx, end, cells_new, vals_new, owners_new); - } - @*/ - } -#else - /* The contract and proof below have been wirtten by Aalok Thakkar and Nathan - * Chong in 2020 for the single-core setup. - */ - /*@requires xLIST(pxList, ?len, ?idx, ?end, ?cells, ?vals) &*& - xLIST_ITEM(pxNewListItem, ?val, _, _, _);@*/ - /*@ensures xLIST(pxList, len+1, idx, end, ?new_cells, ?new_vals) &*& - idx == end - ? (new_cells == append(cells, singleton(pxNewListItem)) &*& - new_vals == append(vals, singleton(val))) - : (new_cells == append(take(index_of(idx, cells), cells), append(singleton(pxNewListItem), drop(index_of(idx, cells), cells))) &*& - new_vals == append(take(index_of(idx, cells), vals), append(singleton(val), drop(index_of(idx, cells), vals))));@*/ - { - /*@xLIST_star_item(pxList, pxNewListItem);@*/ - /*@assert mem(pxNewListItem, cells) == false;@*/ - /*@open xLIST(pxList, len, idx, end, cells, vals);@*/ - #ifdef VERIFAST /*< const pointer declaration */ - ListItem_t * pxIndex = pxList->pxIndex; - #else - ListItem_t * const pxIndex = pxList->pxIndex; - - /* Only effective when configASSERT() is also defined, these tests may catch - * the list data structures being overwritten in memory. They will not catch - * data errors caused by incorrect configuration or use of FreeRTOS. */ - listTEST_LIST_INTEGRITY( pxList ); - listTEST_LIST_ITEM_INTEGRITY( pxNewListItem ); - #endif - - /*@open xLIST_ITEM(pxNewListItem, _, _, _, _);@*/ - /*@assert DLS(end, ?endprev, end, _, cells, vals, pxList);@*/ - /*@dls_first_mem(end, endprev, end, endprev, cells);@*/ - /*@dls_last_mem(end, endprev, end, endprev, cells);@*/ - /*@ - if (end == idx) - { - open DLS(end, endprev, end, endprev, cells, vals, pxList); - open xLIST_ITEM(end, portMAX_DELAY, ?endnext, endprev, pxList); - if (end == endprev) - { - // Case A (singleton): idx==end==endprev - } - else - { - assert DLS(endnext, end, end, endprev, tail(cells), tail(vals), pxList); - if (endnext == endprev) - { - // Case B (two): idx==end and endnext==endprev - open DLS(endnext, end, end, endnext, _, _, _); - open xLIST_ITEM(endnext, _, _, _, _); - } - else - { - // Case C: idx==end and DLS:endnext...endprev - split(endnext, end, end, endprev, tail(cells), tail(vals), endprev, index_of(endprev, tail(cells))); - open DLS(endprev, _, _, _, _, _, _); - open xLIST_ITEM(endprev, _, _, _, _); - } - } - } - else - { - int i = index_of(idx, cells); - split(end, endprev, end, endprev, cells, vals, idx, i); - assert DLS(end, endprev, idx, ?idxprev, take(i, cells), take(i, vals), pxList); - assert DLS(idx, idxprev, end, endprev, drop(i, cells), drop(i, vals), pxList); - open DLS(idx, idxprev, end, endprev, _, _, _); - open xLIST_ITEM(idx, _, _, _, _); - if (end == idxprev) - { - // Case D: end==idxprev and DLS:idx...endprev - take_take(1, i, vals); - take_head(vals); - open DLS(end, endprev, idx, idxprev, take(i, cells), take(i, vals), pxList); - open xLIST_ITEM(end, portMAX_DELAY, _, _, _); - assert length(take(i, cells)) == 1; - } - else - { - // Case E: DLS:end...idxprev and DLS:idx...endprev - dls_last_mem(end, endprev, idx, idxprev, take(i, cells)); - split(end, endprev, idx, idxprev, take(i, cells), take(i, vals), idxprev, index_of(idxprev, take(i, cells))); - open DLS(idxprev, _, _, idxprev, _, _, _); - length_take(i, cells); - drop_take_singleton(i, vals); - open xLIST_ITEM(idxprev, nth(i-1, vals), _, _, _); - } - } - @*/ - - /* Insert a new list item into pxList, but rather than sort the list, - * makes the new list item the last item to be removed by a call to - * listGET_OWNER_OF_NEXT_ENTRY(). */ - pxNewListItem->pxNext = pxIndex; - pxNewListItem->pxPrevious = pxIndex->pxPrevious; - - /* Only used during decision coverage testing. */ - mtCOVERAGE_TEST_DELAY(); - - pxIndex->pxPrevious->pxNext = pxNewListItem; - pxIndex->pxPrevious = pxNewListItem; +{ + ListItem_t * const pxIndex = pxList->pxIndex; - /* Remember which list the item is in. */ - pxNewListItem->pxContainer = pxList; + /* Only effective when configASSERT() is also defined, these tests may catch + * the list data structures being overwritten in memory. They will not catch + * data errors caused by incorrect configuration or use of FreeRTOS. */ + listTEST_LIST_INTEGRITY( pxList ); + listTEST_LIST_ITEM_INTEGRITY( pxNewListItem ); - ( pxList->uxNumberOfItems )++; + /* Insert a new list item into pxList, but rather than sort the list, + * makes the new list item the last item to be removed by a call to + * listGET_OWNER_OF_NEXT_ENTRY(). */ + pxNewListItem->pxNext = pxIndex; + pxNewListItem->pxPrevious = pxIndex->pxPrevious; - /*@ - if (end == idx) - { - close xLIST_ITEM(pxNewListItem, val, end, endprev, pxList); - close DLS(pxNewListItem, endprev, end, pxNewListItem, singleton(pxNewListItem), singleton(val), pxList); - close xLIST_ITEM(end, portMAX_DELAY, ?endnext, pxNewListItem, pxList); - if (end == endprev) - { - // Case A (singleton): idx==end==endprev - close DLS(end, pxNewListItem, endnext, end, cells, vals, pxList); - join(end, pxNewListItem, endnext, end, cells, vals, - pxNewListItem, endprev, end, pxNewListItem, singleton(pxNewListItem), singleton(val)); - close xLIST(pxList, len+1, idx, end, append(cells, singleton(pxNewListItem)), append(vals, singleton(val))); - } - else - { - close xLIST_ITEM(endprev, ?endprevval, pxNewListItem, ?endprevprev, _); - if (endnext == endprev) - { - // Case B (two): idx==end and endnext==endprev - close DLS(endprev, end, pxNewListItem, endprev, singleton(endprev), singleton(endprevval), pxList); - close DLS(end, pxNewListItem, pxNewListItem, endprev, cells, vals, pxList); - join(end, pxNewListItem, pxNewListItem, endprev, cells, vals, - pxNewListItem, endprev, end, pxNewListItem, singleton(pxNewListItem), singleton(val)); - close xLIST(pxList, len+1, idx, end, append(cells, singleton(pxNewListItem)), append(vals, singleton(val))); - } - else - { - // Case C: idx==end and DLS:endnext...endprev - close DLS(endprev, endprevprev, pxNewListItem, endprev, singleton(endprev), singleton(endprevval), pxList); - assert DLS(endnext, end, endprev, endprevprev, ?cells_endnext_to_endprevprev, ?vals_endnext_to_endprevprev, pxList); - join(endnext, end, endprev, endprevprev, cells_endnext_to_endprevprev, vals_endnext_to_endprevprev, - endprev, endprevprev, pxNewListItem, endprev, singleton(endprev), singleton(endprevval)); - close DLS(end, pxNewListItem, pxNewListItem, endprev, cells, vals, pxList); - join(end, pxNewListItem, pxNewListItem, endprev, cells, vals, - pxNewListItem, endprev, end, pxNewListItem, singleton(pxNewListItem), singleton(val)); - close xLIST(pxList, len+1, idx, end, append(cells, singleton(pxNewListItem)), append(vals, singleton(val))); - } - } - } - else - { - // Case D: end==idxprev and DLS:idx...endprev - // Case E: DLS:end...idxprev and DLS:idx...endprev - int i = index_of(idx, cells); - close xLIST_ITEM(pxNewListItem, val, idx, ?idxprev, pxList); - close xLIST_ITEM(idx, ?idxval, ?idxnext, pxNewListItem, pxList); - nth_drop2(vals, i); - assert idxval == nth(i, vals); - close xLIST_ITEM(idxprev, ?idxprevval, pxNewListItem, ?idxprevprev, pxList); + /* Only used during decision coverage testing. */ + mtCOVERAGE_TEST_DELAY(); - if (end == idxprev) - { - close DLS(end, endprev, pxNewListItem, end, singleton(end), singleton(portMAX_DELAY), pxList); - } - else - { - length_take(i, cells); - take_take(i-1, i, vals); - take_singleton(i-1, vals); - take_singleton(i, vals); - assert DLS(end, endprev, idxprev, idxprevprev, ?cells_end_to_idxprevprev, take(i-1, vals), pxList); - close DLS(idxprev, idxprevprev, pxNewListItem, idxprev, singleton(idxprev), singleton(idxprevval), pxList); - join(end, endprev, idxprev, idxprevprev, cells_end_to_idxprevprev, take(i-1, vals), - idxprev, idxprevprev, pxNewListItem, idxprev, singleton(idxprev), singleton(idxprevval)); - } + pxIndex->pxPrevious->pxNext = pxNewListItem; + pxIndex->pxPrevious = pxNewListItem; - if (idx == endprev) - { - close DLS(idx, pxNewListItem, end, idx, singleton(idx), singleton(idxval), pxList); - } - else - { - assert DLS(end, endprev, pxNewListItem, idxprev, ?cells_end_to_idxprev, ?vals_end_to_idxprev, pxList); - close DLS(idx, pxNewListItem, end, endprev, drop(i, cells), drop(i, vals), pxList); - } + /* Remember which list the item is in. */ + pxNewListItem->pxContainer = pxList; - assert DLS(end, endprev, pxNewListItem, idxprev, take(i, cells), take(i, vals), pxList); - assert DLS(idx, pxNewListItem, end, endprev, drop(i, cells), drop(i, vals), pxList); - assert xLIST_ITEM(pxNewListItem, val, idx, idxprev, pxList); - dls_star_item(idx, endprev, pxNewListItem); - close DLS(pxNewListItem, idxprev, end, endprev, cons(pxNewListItem, drop(i, cells)), cons(val, drop(i, vals)), pxList); - join(end, endprev, pxNewListItem, idxprev, take(i, cells), take(i, vals), - pxNewListItem, idxprev, end, endprev, cons(pxNewListItem, drop(i, cells)), cons(val, drop(i, vals))); - assert DLS(end, endprev, end, endprev, ?cells_new, ?vals_new, pxList); - assert cells_new == append(take(i, cells), append(singleton(pxNewListItem), drop(i, cells))); - assert vals_new == append(take(i, vals) , append(singleton(val), drop(i, vals))); - head_append(take(i, cells), append(singleton(pxNewListItem), drop(i, cells))); - take_take(1, i, cells); - head_append(take(i, vals), append(singleton(val), drop(i, vals))); - take_take(1, i, vals); - close xLIST(pxList, len+1, idx, end, cells_new, vals_new); - } - @*/ - } -#endif /* VERIFAST_SINGLE_CORE */ + ( pxList->uxNumberOfItems )++; +} /*-----------------------------------------------------------*/ void vListInsert( List_t * const pxList, @@ -577,154 +184,10 @@ void vListInsert( List_t * const pxList, /*-----------------------------------------------------------*/ UBaseType_t uxListRemove( ListItem_t * const pxItemToRemove ) -#ifndef VERIFAST_SINGLE_CORE - /* Reason for rewrite: - * Predicates `xLIST_ITEM`, `DLS` and `xLIST` have been extended to expose - * node owners. Proofs using these predicates must be adapted as well. - */ - - /*@requires - exists(?l) &*& - xLIST(l, ?len, ?idx, ?end, ?cells, ?vals, ?owners) &*& - end != pxItemToRemove &*& - mem(pxItemToRemove, cells) == true;@*/ - /*@ensures - result == len-1 &*& - xLIST_ITEM(pxItemToRemove, nth(index_of(pxItemToRemove, cells), vals), _, ?pxItemToRemovePrevious, nth(index_of(pxItemToRemove, cells), owners), NULL) &*& - pxItemToRemovePrevious == nth(index_of(pxItemToRemove, cells)-1, cells) &*& - xLIST(l, result, idx == pxItemToRemove ? pxItemToRemovePrevious : idx, end, remove(pxItemToRemove, cells), remove_nth(index_of(pxItemToRemove, cells), vals), remove_nth(index_of(pxItemToRemove, cells), owners)); - @*/ - { - /* For brevity we alias x to pxItemToRemove */ - /*@struct xLIST_ITEM *x = pxItemToRemove;@*/ - - /* Start by establishing that the list must be non-empty since x != end */ - /*@open xLIST(l, len, idx, end, cells, vals, owners);@*/ - /*@assert DLS(end, ?endprev, end, _, cells, vals, owners, l);@*/ - /*@assert vals == cons(portMAX_DELAY, _);@*/ - /*@dls_not_empty(end, endprev, cells, x);@*/ - - /* We know the xLIST is a DLS: end...endprev - Split this into DLS1:end...xprev and DLS2:x...endprev */ - /*@int i = index_of(x, cells);@*/ - /*@split(end, endprev, end, endprev, cells, vals, x, i);@*/ - /*@list ys = take(i, cells);@*/ - /*@list zs = drop(i, cells);@*/ - /*@list vs = take(i, vals);@*/ - /*@list ws = drop(i, vals);@*/ - /*@list ts = take(i, owners);@*/ - /*@list us = drop(i, owners);@*/ - /*@assert length(ys) == length(vs);@*/ - /*@assert length(zs) == length(ws);@*/ - /*@assert length(ts) == length(vs);@*/ - /*@assert length(us) == length(ws);@*/ - /*@assert DLS(end, endprev, x, ?xprev, ys, vs, ts, l);@*/ /*< DLS1 (ys, vs) */ - /*@assert DLS(x, xprev, end, endprev, zs, ws, us, l);@*/ /*< DLS2 (zs, ws) */ - - /* Now case split to open DLS1 and DLS2 appropriately */ - /*@ - if (end == xprev) - { - if (x == endprev) - { - //Case A - //DLS1: extract end=prev=next - open DLS(end, endprev, x, xprev, ys, vs, ts, l); - assert owners == cons(_, _); - open xLIST_ITEM(end, portMAX_DELAY, x, endprev, head(owners), l); - //DLS2: extract x - open DLS(x, xprev, end, endprev, zs, ws, us, l); - //Lengths - assert length(ys) == 1; - assert length(zs) == 1; - assert length(us) == 1; - } - else - { - //Case B - //DLS1: extract end=prev - open DLS(end, endprev, x, xprev, ys, vs, ts, l); - open xLIST_ITEM(end, portMAX_DELAY, x, endprev, head(owners), l); - //DLS2: extract next and x - open DLS(x, end, end, endprev, zs, ws, us, l); - assert DLS(?xnext, x, end, endprev, tail(zs), tail(ws), tail(us), l); - open DLS(xnext, x, end, endprev, tail(zs), tail(ws), tail(us), l); - open xLIST_ITEM(xnext, _, _, x, _, l); - //Lengths - assert length(ys) == 1; - } - } - else - { - if (x == endprev) - { - //Case C - //DLS1: extract end=next and prev - dls_last_mem(end, endprev, x, xprev, ys); - assert mem(xprev, ys) == true; - open DLS(end, endprev, x, xprev, ys, vs, ts, l); - open xLIST_ITEM(end, portMAX_DELAY, ?endnext, endprev, head(ts), l); - if (endnext == xprev) - { - open DLS(endnext, end, x, xprev, tail(ys), tail(vs), tail(ts), l); - open xLIST_ITEM(xprev, _, x, _, _, l); - } - else - { - assert DLS(endnext, end, x, xprev, tail(ys), tail(vs), tail(ts), l); - int k = index_of(xprev, tail(ys)); - dls_last_mem(endnext, end, x, xprev, tail(ys)); - split(endnext, end, x, xprev, tail(ys), tail(vs), xprev, k); - open DLS(xprev, _, x, xprev, _, _, _, l); - open xLIST_ITEM(xprev, _, x, _, _, l); - } - //DLS2: extract x - open DLS(x, xprev, end, endprev, zs, ws, us, l); - //Lengths - assert length(zs) == 1; - } - else - { - //Case D - //DLS1: extract prev - dls_last_mem(end, endprev, x, xprev, ys); - int j = index_of(xprev, ys); - open DLS(end, endprev, x, xprev, ys, vs, ts, l); - open xLIST_ITEM(end, portMAX_DELAY, ?endnext, endprev, head(ts), l); - if (endnext == xprev) - { - open DLS(endnext, end, x, xprev, tail(ys), tail(vs), tail(ts), l); - assert tail(ys) == singleton(xprev); - open xLIST_ITEM(xprev, _, x, _, _, l); - } - else - { - assert DLS(endnext, end, x, xprev, tail(ys), tail(vs), tail(ts), l); - int k = index_of(xprev, tail(ys)); - dls_last_mem(endnext, end, x, xprev, tail(ys)); - split(endnext, end, x, xprev, tail(ys), tail(vs), xprev, k); - open DLS(xprev, _, x, xprev, _, _, _, l); - open xLIST_ITEM(xprev, _, x, _, _, l); - } - //DLS2: extract next and x - open DLS(x, xprev, end, endprev, zs, ws, us, l); - assert xLIST_ITEM(x, _, ?xnext, _, _, l); - open DLS(xnext, x, end, endprev, tail(zs), tail(ws), tail(us), l); - open xLIST_ITEM(xnext, _, _, x, _, l); - } - } - @*/ - /*@drop_nth_index_of(vals, i);@*/ - /*@drop_nth_index_of(owners, i);@*/ - /*@open xLIST_ITEM(x, nth(i, vals), ?xnext, xprev, nth(i, owners), l);@*/ - +{ /* The list item knows which list it is in. Obtain the list from the list * item. */ -#ifdef VERIFAST /*< const pointer declaration */ - List_t * pxList = pxItemToRemove->pxContainer; -#else List_t * const pxList = pxItemToRemove->pxContainer; -#endif pxItemToRemove->pxNext->pxPrevious = pxItemToRemove->pxPrevious; pxItemToRemove->pxPrevious->pxNext = pxItemToRemove->pxNext; @@ -746,336 +209,5 @@ UBaseType_t uxListRemove( ListItem_t * const pxItemToRemove ) ( pxList->uxNumberOfItems )--; return pxList->uxNumberOfItems; - - /*@ - // Reassemble DLS1 and a modified DLS2, which no longer includes x - if (end == xprev) - { - if (x == endprev) - { - //Case A - close xLIST_ITEM(end, portMAX_DELAY, _, _, _, _); - close DLS(end, end, end, end, singleton(end), singleton(portMAX_DELAY), singleton(head(owners)), l); - } - else - { - //Case B - close xLIST_ITEM(xprev, _, xnext, endprev, head(owners), l); - close DLS(end, endprev, xnext, xprev, singleton(end), singleton(portMAX_DELAY), singleton(head(owners)), l); - close xLIST_ITEM(xnext, _, _, xprev, _, l); - close DLS(xnext, xprev, end, endprev, tail(zs), tail(ws), tail(us), l); - join(end, endprev, xnext, xprev, singleton(end), singleton(portMAX_DELAY), - xnext, xprev, end, endprev, tail(zs), tail(ws)); - } - } - else - { - if (x == endprev) - { - //Case C - close xLIST_ITEM(end, _, ?endnext, xprev, head(ts), l); - close xLIST_ITEM(xprev, ?xprev_val, end, _, ?xprev_owner, l); - if (endnext == xprev) - { - close DLS(xprev, end, end, xprev, singleton(xprev), singleton(xprev_val), singleton(xprev_owner), l); - close DLS(end, xprev, end, xprev, cons(end, singleton(xprev)), cons(portMAX_DELAY, singleton(xprev_val)), cons(head(ts), singleton(xprev_owner)), l); - } - else - { - close DLS(xprev, ?xprevprev, xnext, xprev, singleton(xprev), singleton(xprev_val), singleton(xprev_owner), l); - assert DLS(endnext, end, xprev, xprevprev, ?cells_endnext_to_xprevprev, ?vals_endnext_to_xprevprev, _, l); - join(endnext, end, xprev, xprevprev, cells_endnext_to_xprevprev, vals_endnext_to_xprevprev, - xprev, xprevprev, xnext, xprev, singleton(xprev), singleton(xprev_val)); - close DLS(end, xprev, end, xprev, ys, vs, ts, l); - } - } - else - { - //Case D - close xLIST_ITEM(xnext, _, ?xnextnext, xprev, ?xnext_owner, l); - close DLS(xnext, xprev, end, endprev, tail(zs), tail(ws), tail(us), l); - close xLIST_ITEM(end, _, ?endnext, endprev, head(ts), l); - close xLIST_ITEM(xprev, ?xprev_val, xnext, _, ?xprev_owner, l); - if (endnext == xprev) - { - close DLS(xprev, _, xnext, xprev, singleton(xprev), singleton(xprev_val), singleton(xprev_owner), l); - close DLS(end, endprev, xnext, xprev, ys, vs, ts, l); - join(end, endprev, xnext, xprev, ys, vs, - xnext, xprev, end, endprev, tail(zs), tail(ws)); - } - else - { - close DLS(xprev, ?xprevprev, xnext, xprev, singleton(xprev), singleton(xprev_val), singleton(xprev_owner), l); - assert DLS(endnext, end, xprev, xprevprev, ?cells_endnext_to_xprevprev, ?vals_endnext_to_xprevprev, _, l); - join(endnext, end, xprev, xprevprev, cells_endnext_to_xprevprev, vals_endnext_to_xprevprev, - xprev, xprevprev, xnext, xprev, singleton(xprev), singleton(xprev_val)); - close DLS(end, endprev, xnext, xprev, ys, vs, ts, l); - join(end, endprev, xnext, xprev, ys, vs, - xnext, xprev, end, endprev, tail(zs), tail(ws)); - } - } - } - @*/ - /*@remove_remove_nth(cells, x);@*/ - /*@ - if (idx == x) - { - close xLIST(l, len-1, xprev, end, append(ys, tail(zs)), append(vs, tail(ws)), append(ts, tail(us))); - } - else - { - idx_remains_in_list(cells, idx, x, i); - close xLIST(l, len-1, idx, end, append(ys, tail(zs)), append(vs, tail(ws)), append(ts, tail(us))); - } - @*/ - /*@close xLIST_ITEM(x, nth(i, vals), xnext, xprev, nth(i, owners), NULL);@*/ } -#else - // Contract and proof written by Aalok Thakkar and Nathan Chong for the - // single-core setup in 2020. - - /*@requires - exists(?l) &*& - xLIST(l, ?len, ?idx, ?end, ?cells, ?vals) &*& - end != pxItemToRemove &*& - mem(pxItemToRemove, cells) == true;@*/ - /*@ensures - result == len-1 &*& - xLIST_ITEM(pxItemToRemove, nth(index_of(pxItemToRemove, cells), vals), _, ?pxItemToRemovePrevious, NULL) &*& - pxItemToRemovePrevious == nth(index_of(pxItemToRemove, cells)-1, cells) &*& - xLIST(l, result, idx == pxItemToRemove ? pxItemToRemovePrevious : idx, end, remove(pxItemToRemove, cells), remove_nth(index_of(pxItemToRemove, cells), vals));@*/ - { - /* For brevity we alias x to pxItemToRemove */ - /*@struct xLIST_ITEM *x = pxItemToRemove;@*/ - - /* Start by establishing that the list must be non-empty since x != end */ - /*@open xLIST(l, len, idx, end, cells, vals);@*/ - /*@assert DLS(end, ?endprev, end, _, cells, vals, l);@*/ - /*@assert vals == cons(portMAX_DELAY, _);@*/ - /*@dls_not_empty(end, endprev, cells, x);@*/ - - /* We know the xLIST is a DLS: end...endprev - Split this into DLS1:end...xprev and DLS2:x...endprev */ - /*@int i = index_of(x, cells);@*/ - /*@split(end, endprev, end, endprev, cells, vals, x, i);@*/ - /*@list ys = take(i, cells);@*/ - /*@list zs = drop(i, cells);@*/ - /*@list vs = take(i, vals);@*/ - /*@list ws = drop(i, vals);@*/ - /*@assert length(ys) == length(vs);@*/ - /*@assert length(zs) == length(ws);@*/ - /*@assert DLS(end, endprev, x, ?xprev, ys, vs, l);@*/ /*< DLS1 (ys, vs) */ - /*@assert DLS(x, xprev, end, endprev, zs, ws, l);@*/ /*< DLS2 (zs, ws) */ - - /* Now case split to open DLS1 and DLS2 appropriately */ - /*@ - if (end == xprev) - { - if (x == endprev) - { - //Case A - //DLS1: extract end=prev=next - open DLS(end, endprev, x, xprev, ys, vs, l); - open xLIST_ITEM(end, portMAX_DELAY, x, endprev, l); - //DLS2: extract x - open DLS(x, xprev, end, endprev, zs, ws, l); - //Lengths - assert length(ys) == 1; - assert length(zs) == 1; - } - else - { - //Case B - //DLS1: extract end=prev - open DLS(end, endprev, x, xprev, ys, vs, l); - open xLIST_ITEM(end, portMAX_DELAY, x, endprev, l); - //DLS2: extract next and x - open DLS(x, end, end, endprev, zs, ws, l); - assert DLS(?xnext, x, end, endprev, tail(zs), tail(ws), l); - open DLS(xnext, x, end, endprev, tail(zs), tail(ws), l); - open xLIST_ITEM(xnext, _, _, x, l); - //Lengths - assert length(ys) == 1; - } - } - else - { - if (x == endprev) - { - //Case C - //DLS1: extract end=next and prev - dls_last_mem(end, endprev, x, xprev, ys); - assert mem(xprev, ys) == true; - open DLS(end, endprev, x, xprev, ys, vs, l); - open xLIST_ITEM(end, portMAX_DELAY, ?endnext, endprev, l); - if (endnext == xprev) - { - open DLS(endnext, end, x, xprev, tail(ys), tail(vs), l); - open xLIST_ITEM(xprev, _, x, _, l); - } - else - { - assert DLS(endnext, end, x, xprev, tail(ys), tail(vs), l); - int k = index_of(xprev, tail(ys)); - dls_last_mem(endnext, end, x, xprev, tail(ys)); - split(endnext, end, x, xprev, tail(ys), tail(vs), xprev, k); - open DLS(xprev, _, x, xprev, _, _, l); - open xLIST_ITEM(xprev, _, x, _, l); - } - //DLS2: extract x - open DLS(x, xprev, end, endprev, zs, ws, l); - //Lengths - assert length(zs) == 1; - } - else - { - //Case D - //DLS1: extract prev - dls_last_mem(end, endprev, x, xprev, ys); - int j = index_of(xprev, ys); - open DLS(end, endprev, x, xprev, ys, vs, l); - open xLIST_ITEM(end, portMAX_DELAY, ?endnext, endprev, l); - if (endnext == xprev) - { - open DLS(endnext, end, x, xprev, tail(ys), tail(vs), l); - assert tail(ys) == singleton(xprev); - open xLIST_ITEM(xprev, _, x, _, l); - } - else - { - assert DLS(endnext, end, x, xprev, tail(ys), tail(vs), l); - int k = index_of(xprev, tail(ys)); - dls_last_mem(endnext, end, x, xprev, tail(ys)); - split(endnext, end, x, xprev, tail(ys), tail(vs), xprev, k); - open DLS(xprev, _, x, xprev, _, _, l); - open xLIST_ITEM(xprev, _, x, _, l); - } - //DLS2: extract next and x - open DLS(x, xprev, end, endprev, zs, ws, l); - assert xLIST_ITEM(x, _, ?xnext, _, l); - open DLS(xnext, x, end, endprev, tail(zs), tail(ws), l); - open xLIST_ITEM(xnext, _, _, x, l); - } - } - @*/ - /*@drop_nth_index_of(vals, i);@*/ - /*@open xLIST_ITEM(x, nth(i, vals), ?xnext, xprev, l);@*/ - - /* The list item knows which list it is in. Obtain the list from the list - * item. */ - #ifdef VERIFAST /*< const pointer declaration */ - List_t * pxList = pxItemToRemove->pxContainer; - #else - List_t * const pxList = pxItemToRemove->pxContainer; - #endif - - pxItemToRemove->pxNext->pxPrevious = pxItemToRemove->pxPrevious; - pxItemToRemove->pxPrevious->pxNext = pxItemToRemove->pxNext; - - /* Only used during decision coverage testing. */ - mtCOVERAGE_TEST_DELAY(); - - /* Make sure the index is left pointing to a valid item. */ - if( pxList->pxIndex == pxItemToRemove ) - { - pxList->pxIndex = pxItemToRemove->pxPrevious; - } - else - { - mtCOVERAGE_TEST_MARKER(); - } - - pxItemToRemove->pxContainer = NULL; - ( pxList->uxNumberOfItems )--; - - return pxList->uxNumberOfItems; - - /*@ - // Reassemble DLS1 and a modified DLS2, which no longer includes x - if (end == xprev) - { - if (x == endprev) - { - //Case A - close xLIST_ITEM(end, portMAX_DELAY, _, _, _); - close DLS(end, end, end, end, singleton(end), singleton(portMAX_DELAY), l); - } - else - { - //Case B - close xLIST_ITEM(xprev, _, xnext, endprev, l); - close DLS(end, endprev, xnext, xprev, singleton(end), singleton(portMAX_DELAY), l); - close xLIST_ITEM(xnext, _, _, xprev, l); - close DLS(xnext, xprev, end, endprev, tail(zs), tail(ws), l); - join(end, endprev, xnext, xprev, singleton(end), singleton(portMAX_DELAY), - xnext, xprev, end, endprev, tail(zs), tail(ws)); - } - } - else - { - if (x == endprev) - { - //Case C - close xLIST_ITEM(end, _, ?endnext, xprev, l); - close xLIST_ITEM(xprev, ?xprev_val, end, _, l); - if (endnext == xprev) - { - close DLS(xprev, end, end, xprev, singleton(xprev), singleton(xprev_val), l); - close DLS(end, xprev, end, xprev, cons(end, singleton(xprev)), cons(portMAX_DELAY, singleton(xprev_val)), l); - } - else - { - close DLS(xprev, ?xprevprev, xnext, xprev, singleton(xprev), singleton(xprev_val), l); - assert DLS(endnext, end, xprev, xprevprev, ?cells_endnext_to_xprevprev, ?vals_endnext_to_xprevprev, l); - join(endnext, end, xprev, xprevprev, cells_endnext_to_xprevprev, vals_endnext_to_xprevprev, - xprev, xprevprev, xnext, xprev, singleton(xprev), singleton(xprev_val)); - close DLS(end, xprev, end, xprev, ys, vs, l); - } - } - else - { - //Case D - close xLIST_ITEM(xnext, _, ?xnextnext, xprev, l); - close DLS(xnext, xprev, end, endprev, tail(zs), tail(ws), l); - close xLIST_ITEM(end, _, ?endnext, endprev, l); - close xLIST_ITEM(xprev, ?xprev_val, xnext, _, l); - if (endnext == xprev) - { - close DLS(xprev, _, xnext, xprev, singleton(xprev), singleton(xprev_val), l); - close DLS(end, endprev, xnext, xprev, ys, vs, l); - join(end, endprev, xnext, xprev, ys, vs, - xnext, xprev, end, endprev, tail(zs), tail(ws)); - } - else - { - close DLS(xprev, ?xprevprev, xnext, xprev, singleton(xprev), singleton(xprev_val), l); - assert DLS(endnext, end, xprev, xprevprev, ?cells_endnext_to_xprevprev, ?vals_endnext_to_xprevprev, l); - join(endnext, end, xprev, xprevprev, cells_endnext_to_xprevprev, vals_endnext_to_xprevprev, - xprev, xprevprev, xnext, xprev, singleton(xprev), singleton(xprev_val)); - close DLS(end, endprev, xnext, xprev, ys, vs, l); - join(end, endprev, xnext, xprev, ys, vs, - xnext, xprev, end, endprev, tail(zs), tail(ws)); - } - } - } - @*/ - /*@remove_remove_nth(cells, x);@*/ - /*@ - if (idx == x) - { - close xLIST(l, len-1, xprev, end, append(ys, tail(zs)), append(vs, tail(ws))); - } - else - { - idx_remains_in_list(cells, idx, x, i); - close xLIST(l, len-1, idx, end, append(ys, tail(zs)), append(vs, tail(ws))); - } - @*/ - /*@close xLIST_ITEM(x, nth(i, vals), xnext, xprev, NULL);@*/ - } - - - -#endif /* VERIFAST_SINGLE_CORE */ - /*-----------------------------------------------------------*/ diff --git a/tasks.c b/tasks.c index 8f14ca88267..046aed9aace 100644 --- a/tasks.c +++ b/tasks.c @@ -24,26 +24,6 @@ * */ -#ifdef VERIFAST - /* Ghost header include must occur before any non-ghost includes or other - * non-ghost code. Otherwise VeriFast will report an unspecific parse error. - */ - - //@ #include - //@ #include "list.gh" - //@ #include - - /* The following includes will be visible to VeriFast in the preprocessed - * code. VeriFast requires includes to occur befor definitions. Hence, - * all includes visible to VeriFast must occur before the preprocessed - * ones. - */ - //VF_macro #include "FreeRTOSConfig.h" - - //VF_macro #define NULL 0 -#endif /* VERIFAST */ - - /* Standard includes. */ #include #include @@ -57,41 +37,7 @@ #include "FreeRTOS.h" #include "task.h" #include "timers.h" - -#ifndef VERIFAST - /* Reason for rewrite: - * The stack macros rely on macros defined later in this file, e.g., - * `pxCurrentTCB`. We need to delay this inclusion until the task macros - * have been defined. Otherwise, VeriFast will report unknown symbols when - * checking the stack macro proofs. - */ - #include "stack_macros.h" -#endif /* VERIFAST */ - -/* Verifast proof setup - * - * Note that redefinitions of macros must be included after - * original ones have been included. - */ -#ifdef VERIFAST - #include "verifast_proof_defs.h" - #include "stack_predicates.h" - #include "task_predicates.h" - #include "ready_list_predicates.h" - #include "verifast_RP2040_axioms.h" - #include "verifast_prelude_extended.h" - #include "verifast_bitops_extended.h" - #include "verifast_asm.h" - #include "verifast_port_contracts.h" - #include "verifast_lock_predicates.h" - #include "verifast_lists_extended.h" - #include "single_core_proofs/scp_list_predicates.h" - #include "single_core_proofs_extended/scp_list_predicates_extended.h" - - #include "snippets/rp2040_port_c_snippets.c" - - #include "list.c" -#endif +#include "stack_macros.h" /* Lint e9021, e961 and e750 are suppressed as a MISRA exception justified * because the MPU ports require MPU_WRAPPERS_INCLUDED_FROM_API_FILE to be defined @@ -394,18 +340,6 @@ PRIVILEGED_DATA static List_t * volatile pxDelayedTaskList; /*< Poi PRIVILEGED_DATA static List_t * volatile pxOverflowDelayedTaskList; /*< Points to the delayed task list currently being used to hold tasks that have overflowed the current tick count. */ PRIVILEGED_DATA static List_t xPendingReadyList; /*< Tasks that have been readied while the scheduler was suspended. They will be moved to the ready list when the scheduler is resumed. */ - -#ifdef VERIFAST - /* Reason for rewrite: - * The stack macros rely on some of the macros defined above, e.g., - * `pxCurrentTCB`. We need to delay this inclusion until the relevant task - * macros have been defined. Otherwise, VeriFast will report unknown symbols - * when checking the stack macro proofs. - */ - #include "stack_macros.h" -#endif /* VERIFAST */ - - #if ( INCLUDE_vTaskDelete == 1 ) PRIVILEGED_DATA static List_t xTasksWaitingTermination; /*< Tasks that have been deleted - but their memory not yet freed. */ @@ -663,31 +597,20 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) PRIVILEGED_FUNCTION; /*-----------------------------------------------------------*/ -#ifndef VERIFAST - /* Reason for rewrite: - * VeriFast cannot handle inline assembler and both `portDISABLE_INTERRUPTS` - * and `portRESTORE_INTERRUPTS` expand to inline assembler instructions. - */ - static BaseType_t prvGetCurrentYieldPending( void ) - { - BaseType_t xReturn; - UBaseType_t ulState; +static BaseType_t prvGetCurrentYieldPending( void ) +{ + BaseType_t xReturn; + UBaseType_t ulState; - ulState = portDISABLE_INTERRUPTS(); - xReturn = xYieldPendings[ portGET_CORE_ID() ]; - portRESTORE_INTERRUPTS( ulState ); + ulState = portDISABLE_INTERRUPTS(); + xReturn = xYieldPendings[ portGET_CORE_ID() ]; + portRESTORE_INTERRUPTS( ulState ); - return xReturn; - } -#endif /* VERIFAST */ + return xReturn; +} /*-----------------------------------------------------------*/ -#ifndef VERIFAST - /* Reason for rewrite: - * VeriFast cannot handle inline assembler and `portCHECK_IF_IN_ISR` - * expands to inline assembler. - */ static void prvCheckForRunStateChange( void ) { UBaseType_t uxPrevCriticalNesting; @@ -762,7 +685,6 @@ static void prvCheckForRunStateChange( void ) } } } -#endif /* VERIFAST */ /*-----------------------------------------------------------*/ @@ -898,46 +820,7 @@ static void prvYieldForTask( TCB_t * pxTCB, #if ( configUSE_PORT_OPTIMISED_TASK_SELECTION == 0 ) static BaseType_t prvSelectHighestPriorityTask( const BaseType_t xCoreID ) - /*@ requires 0 <= xCoreID &*& xCoreID < configNUM_CORES &*& - xCoreID == coreID_f() &*& - // interrupts are disabled and locks acquired - interruptState_p(xCoreID, ?state) &*& - interruptsDisabled_f(state) == true &*& - taskLockInv_p() &*& - isrLockInv_p() &*& - taskISRLockInv_p() - &*& - // opened predicate `coreLocalInterruptInv_p()` - [1/2]pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB0) &*& - integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) -// coreLocalSeg_TCB_p(gCurrentTCB0, 0) - &*& - // read access to current task's stack pointer, etc -// prvSeg_TCB_p(gCurrentTCB0, ?ulFreeBytesOnStack); - true; - @*/ - /*@ ensures 0 <= xCoreID &*& xCoreID < configNUM_CORES &*& - xCoreID == coreID_f() &*& - // interrupts are disabled and locks acquired - interruptState_p(xCoreID, state) &*& - interruptsDisabled_f(state) == true &*& - taskLockInv_p() &*& - isrLockInv_p() &*& - taskISRLockInv_p() - &*& - // opened predicate `coreLocalInterruptInv_p()` - [1/2]pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB) &*& - integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) -// coreLocalSeg_TCB_p(gCurrentTCB, 0) - &*& - // read access to current task's stack pointer, etc -// prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack); - true; - @*/ { - //@ open taskISRLockInv_p(); - //@ assert( integer_((void*) &uxTopReadyPriority, sizeof(UBaseType_t), false, ?gTopReadyPriority0) ); - //@ assert( gTopReadyPriority0 == uxTopReadyPriority); UBaseType_t uxCurrentPriority = uxTopReadyPriority; BaseType_t xTaskScheduled = pdFALSE; BaseType_t xDecrementTopPriority = pdTRUE; @@ -948,31 +831,8 @@ static void prvYieldForTask( TCB_t * pxTCB, #if ( ( configRUN_MULTIPLE_PRIORITIES == 0 ) && ( configNUM_CORES > 1 ) ) BaseType_t xPriorityDropped = pdFALSE; #endif - //@ close _taskISRLockInv_p(gTopReadyPriority0); while( xTaskScheduled == pdFALSE ) - /*@ invariant - // requires clause - 0 <= xCoreID &*& xCoreID < configNUM_CORES &*& - xCoreID == coreID_f() &*& - // interrupts are disabled and locks acquired - interruptState_p(xCoreID, state) &*& - interruptsDisabled_f(state) == true &*& - taskLockInv_p() &*& - isrLockInv_p() &*& - _taskISRLockInv_p(?gTopReadyPriority) - &*& - // opened predicate `coreLocalInterruptInv_p()` - [0.5]pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB) &*& - integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) - &*& - // additional knowledge - (xTaskScheduled == 0 - ? (0 <= uxCurrentPriority &*& uxCurrentPriority <= gTopReadyPriority &*& - gTopReadyPriority < configMAX_PRIORITIES - ) : true - ); - @*/ { #if ( ( configRUN_MULTIPLE_PRIORITIES == 0 ) && ( configNUM_CORES > 1 ) ) { @@ -986,150 +846,33 @@ static void prvYieldForTask( TCB_t * pxTCB, } #endif - //@ open _taskISRLockInv_p(gTopReadyPriority); - //@ assert( exists_in_taskISRLockInv_p(?gTasks, ?gStates0) ); - //@ assert( integer_((void*) &uxTopReadyPriority, sizeof(UBaseType_t), false, gTopReadyPriority) ); - //@ assert( gTopReadyPriority == uxTopReadyPriority); - - //@ open readyLists_p(?gCellLists, ?gOwnerLists); - //@ assert( List_array_p(&pxReadyTasksLists, configMAX_PRIORITIES, gCellLists, gOwnerLists) ); - //@ List_array_p_index_within_limits(&pxReadyTasksLists, uxCurrentPriority); - //@ List_array_split(pxReadyTasksLists, uxCurrentPriority); - //@ assert( List_array_p(&pxReadyTasksLists, uxCurrentPriority, ?gPrefCellLists, ?gPrefOwnerLists) ); - /*@ assert( List_array_p(&pxReadyTasksLists + uxCurrentPriority + 1, - configMAX_PRIORITIES-uxCurrentPriority-1, ?gSufCellLists, ?gSufOwnerLists) ); - @*/ - //@ List_t* gReadyList = &pxReadyTasksLists[uxCurrentPriority]; - - //@ assert( xLIST(gReadyList, ?gSize, ?gIndex, ?gEnd, ?gCells, ?gVals, ?gOwners) ); - //@ assert( mem(gOwners, gOwnerLists) == true ); - - //@ open xLIST(gReadyList, _, _, _, _, _, _); - //@ assert( length(gCells) == gReadyList->uxNumberOfItems + 1 ); if( listLIST_IS_EMPTY( &( pxReadyTasksLists[ uxCurrentPriority ] ) ) == pdFALSE ) { List_t * const pxReadyList = &( pxReadyTasksLists[ uxCurrentPriority ] ); - //@ assert( pxReadyList->pxIndex |-> gIndex ); - /*@ assert( DLS(gEnd, ?gEndPrev, gEnd, gEndPrev, - gCells, gVals, gOwners, gReadyList) ); - @*/ - - - //@ DLS_open_2(pxReadyList->pxIndex); - //@ assert( xLIST_ITEM(gIndex, _, ?gIndexNext, ?gIndexPrev, _, gReadyList) ); ListItem_t * pxLastTaskItem = pxReadyList->pxIndex->pxPrevious; ListItem_t * pxTaskItem = pxLastTaskItem; - //@ close xLIST_ITEM(gIndex, _, gIndexNext, gIndexPrev, _, gReadyList); - //@ DLS_close_2(pxReadyList->pxIndex, gCells, gVals, gOwners); - - //@ assert( mem(pxTaskItem, gCells) == true); - //@ open DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gOwners, gReadyList); - //@ assert( xLIST_ITEM(&pxReadyList->xListEnd, _, _, _, _, gReadyList) ); - //@ open xLIST_ITEM(&pxReadyList->xListEnd, _, _, _, _, gReadyList); - // opening required to prove validity of `&( pxReadyList->xListEnd )` - ///@ assert( pointer_within_limits( &pxReadyList->xListEnd ) == true ); - //@ close xLIST_ITEM(&pxReadyList->xListEnd, _, _, _, _, gReadyList); if( ( void * ) pxLastTaskItem == ( void * ) &( pxReadyList->xListEnd ) ) { - //@ assert( gVals == cons(?gV, ?gRest) ); - //@ assert( xLIST_ITEM(?gOldLastTaskItem, gV, ?gO, gEndPrev, _, gReadyList) ); pxLastTaskItem = pxLastTaskItem->pxPrevious; - //@ close xLIST_ITEM(gOldLastTaskItem, gV, gO, gEndPrev, _, gReadyList); } - //@ close DLS(gEnd, gEndPrev, gEnd, gEndPrev, gCells, gVals, gOwners, gReadyList); - //@ close xLIST(gReadyList, _, gIndex, gEnd, gCells, gVals, gOwners); /* The ready task list for uxCurrentPriority is not empty, so uxTopReadyPriority * must not be decremented any further */ xDecrementTopPriority = pdFALSE; - - //@ mem_nth(uxCurrentPriority, gCellLists); - //@ assert( mem(gCells, gCellLists) == true); - // Prove that `gTasks` contains all tasks in current ready - //@ forall_mem(gOwners, gOwnerLists, (superset)(gTasks)); - - //@ bool gInnerLoopBroken = false; do - /*@ invariant - 0 <= xCoreID &*& xCoreID < configNUM_CORES &*& - xCoreID == coreID_f() &*& - pointer(&pxCurrentTCBs[coreID_f], gCurrentTCB) &*& - mem(pxTaskItem, gCells) == true &*& - xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners) &*& - gSize > 0 &*& - exists_in_taskISRLockInv_p(gTasks, ?gStates) - &*& - // Read permissions for every task - foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStates)) - &*& - // Write permission for task scheduled on this core - [1/2]sharedSeg_TCB_p(gCurrentTCB, ?gCurrentTCB_state) &*& - (gCurrentTCB_state == coreID_f() || gCurrentTCB_state == taskTASK_YIELDING) &*& - nth(index_of(gCurrentTCB, gTasks), gStates) == gCurrentTCB_state - &*& - // Write permissions for unscheduled tasks - foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) - &*& - subset(gOwners, gTasks) == true &*& - List_array_p(&pxReadyTasksLists, uxCurrentPriority, gPrefCellLists, - gPrefOwnerLists) &*& - List_array_p(&pxReadyTasksLists + uxCurrentPriority + 1, - configMAX_PRIORITIES-uxCurrentPriority-1, gSufCellLists, - gSufOwnerLists) &*& - !gInnerLoopBroken; - - @*/ { TCB_t * pxTCB; - //@ open xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners); - //@ assert( DLS(gEnd, ?gEndPrev2, gEnd, gEndPrev2, gCells, gVals, gOwners, gReadyList) ); - - // Building an SSA for important variables helps us to - // refer to the right instances. - //@ struct xLIST_ITEM* gTaskItem_0 = pxTaskItem; - - //@ DLS_open_2(gTaskItem_0); pxTaskItem = pxTaskItem->pxNext; - //@ struct xLIST_ITEM* gTaskItem_1 = pxTaskItem; - - //@ close xLIST_ITEM(gTaskItem_0, _, _, _, _, gReadyList); - //@ DLS_close_2(gTaskItem_0, gCells, gVals, gOwners); if( ( void * ) pxTaskItem == ( void * ) &( pxReadyList->xListEnd ) ) { - // Prove that `gTaskItem_1->pxNext != gEnd` - //@ dls_distinct(gEnd, gEndPrev2, gEnd, gEndPrev2, gCells); - //@ open DLS(gEnd, gEndPrev2, gEnd, gEndPrev2, gCells, gVals, gOwners, gReadyList); - //@ open DLS(?gTaskItem_1_next, _, gEnd, gEndPrev2, _, _, _, gReadyList); - //@ assert( gTaskItem_1_next != gEnd ); - /*@ close DLS(gTaskItem_1_next, _, gEnd, gEndPrev2, - tail(gCells), tail(gVals), tail(gOwners), _); - @*/ - pxTaskItem = pxTaskItem->pxNext; - //@ struct xLIST_ITEM* gTaskItem_2 = pxTaskItem; - - //@ close xLIST_ITEM(gTaskItem_1, _, _, _, _, gReadyList); - //@ close DLS(gEnd, gEndPrev2, gEnd, gEndPrev2, gCells, gVals, gOwners, gReadyList); } - //@ struct xLIST_ITEM* gTaskItem_final = pxTaskItem; - //@ DLS_open_2(gTaskItem_final); pxTCB = pxTaskItem->pvOwner; - /*@ close xLIST_ITEM(gTaskItem_final, _, _, _, - pxTCB, gReadyList); - @*/ - //@ DLS_close_2(gTaskItem_final, gCells, gVals, gOwners); - - // Getting read access to fields of `pxTCB` - // aka first half of write permission - //@ assert( subset(gOwners, gTasks) == true ); - //@ mem_subset(pxTCB, gOwners, gTasks); - //@ foreach_remove(pxTCB, gTasks); - //@ assert( foreach(remove(pxTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */ @@ -1148,7 +891,6 @@ static void prvYieldForTask( TCB_t * pxTCB, } #endif /* if ( ( configRUN_MULTIPLE_PRIORITIES == 0 ) && ( configNUM_CORES > 1 ) ) */ - //@ bool gPxTCB_not_running = (pxTCB->xTaskRunState == taskTASK_NOT_RUNNING); if( pxTCB->xTaskRunState == taskTASK_NOT_RUNNING ) { #if ( configNUM_CORES > 1 ) @@ -1157,82 +899,14 @@ static void prvYieldForTask( TCB_t * pxTCB, #endif #endif { - //@ open exists_in_taskISRLockInv_p(gTasks, gStates); - //@ assert( nth(index_of(pxTCB, gTasks), gStates) == taskTASK_NOT_RUNNING); - //@ assert( foreach(remove(pxTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); - //@ assert( gCurrentTCB == pxCurrentTCBs[ xCoreID ] ); - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) ); - - /* We could reuse the read permission to `pxTCB` we extracted before the if statement. - * But putting permissions back as soon as we no longer need them simplifies the - * proof state and elimintates case-splits in the proof. - */ - - // Put read permission for `pxTCB` back - //@ close [1/2]sharedSeg_TCB_p(pxTCB, _); - //@ close readOnly_sharedSeg_TCB_p(gTasks, gStates)(pxTCB); - //@ foreach_unremove(pxTCB, gTasks); - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) ); - - // Get 2nd half of write permission for `gCurrentTCB` - //@ foreach_remove(gCurrentTCB, gTasks); - //@ assert( foreach(remove(gCurrentTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); - /* If the task is not being executed by any core swap it in */ pxCurrentTCBs[ xCoreID ]->xTaskRunState = taskTASK_NOT_RUNNING; - //@ assert( foreach(remove(gCurrentTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) ); - - // New states list reflects state update above. - //@ list gStates1 = def_state1(gTasks, gStates, gCurrentTCB, pxTCB); - //@ assert( nth(index_of(pxTCB, gTasks), gStates1) == taskTASK_NOT_RUNNING); - - /*@ close_updated_foreach_readOnly_sharedSeg_TCB(gCurrentTCB, gTasks, gStates, - gStates1, taskTASK_NOT_RUNNING); - @*/ - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStates1)) ); - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) ); - /*@ stopUpdate_foreach_readOnly_sharedSeg_TCB_IF_not_running - (gCurrentTCB, gTasks, gTasks, gStates, gStates1); - @*/ - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates1)) ); - - - // Get write permission for `pxTCB` - //@ foreach_remove(pxTCB, gTasks); - //@ foreach_remove(pxTCB, gTasks); - //@ open readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates1)(pxTCB); - #if ( ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) ) pxPreviousTCB = pxCurrentTCBs[ xCoreID ]; #endif pxTCB->xTaskRunState = ( TaskRunning_t ) xCoreID; - //@ assert( foreach(remove(pxTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates1)) ); - //@ assert( foreach(remove(pxTCB, gTasks), readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates1)) ); - /*@ list gStates2 = - def_state2(gTasks, gStates, gCurrentTCB, pxTCB, xCoreID); - @*/ - - /*@ close_updated_foreach_readOnly_sharedSeg_TCB(pxTCB, gTasks, gStates1, - gStates2, xCoreID); - @*/ - /*@ startUpdate_foreach_readOnly_sharedSeg_TCB_IF_not_running - (pxTCB, gTasks, gStates1, gStates2, xCoreID); - @*/ - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStates2)) ); - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates2)) ); - - pxCurrentTCBs[ xCoreID ] = pxTCB; xTaskScheduled = pdTRUE; - - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStates2)) ); - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates2)) ); - //@ close exists_in_taskISRLockInv_p(gTasks, gStates2); - - // Putting back first have of write permission to `pxTCB` - //@ close [1/2]sharedSeg_TCB_p(pxTCB, _); } } else if( pxTCB == pxCurrentTCBs[ xCoreID ] ) @@ -1244,137 +918,33 @@ static void prvYieldForTask( TCB_t * pxTCB, #endif #endif { - //@ assert( pxTCB->xTaskRunState != taskTASK_NOT_RUNNING ); - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) ); - //@ assert( nth(index_of(pxTCB, gTasks), gStates) != taskTASK_NOT_RUNNING); - //@ assert( foreach(remove(pxTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); - /* The task is already running on this core, mark it as scheduled */ pxTCB->xTaskRunState = ( TaskRunning_t ) xCoreID; xTaskScheduled = pdTRUE; - - /*@ list gEquivStates - = update(index_of(pxTCB, gTasks), xCoreID, gStates); - @*/ - //@ open exists_in_taskISRLockInv_p(gTasks, gStates); - /*@ scheduleRunning_in_foreach_readOnly_sharedSeg_TCB_IF_not_running - (pxTCB, gTasks, gStates, gEquivStates, xCoreID); - @*/ - - //@ distinct_mem_remove(pxTCB, gTasks); - //@ remove_result_subset(pxTCB, gTasks); - /*@ update_foreach_readOnly_sharedSeg_TCB - (pxTCB, gTasks, remove(pxTCB, gTasks), - gStates, gEquivStates, xCoreID); - @*/ - - //@ close exists_in_taskISRLockInv_p(gTasks, gEquivStates); - - // Put read permission for `pxTCB` back - //@ foreach_unremove(pxTCB, gTasks); - - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gEquivStates)) ); - //@ close [1/2]sharedSeg_TCB_p(pxTCB, _); } } - /*@ - if( !gPxTCB_not_running && pxTCB != gCurrentTCB ) { - assert( exists_in_taskISRLockInv_p(gTasks, gStates) ); - // Put read permission for `pxTCB` back - close [1/2]sharedSeg_TCB_p(pxTCB, _); - close readOnly_sharedSeg_TCB_p(gTasks, gStates)(pxTCB); - foreach_unremove(pxTCB, gTasks); - } - @*/ - - //@ close xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners); if( xTaskScheduled != pdFALSE ) { - //@ close exists(gReadyList); - - //@ assert( xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners) ); - /* Once a task has been selected to run on this core, * move it to the end of the ready task list. */ -#ifdef VERIFAST - /* Reasons for rewrite: - * - Linearization of subproof for performance reasons: - * The contracts of `uxListRemove` and `vListInserEnd` introduce case distinctions, i.e., - * branch splits in the proof tree. This increases the size of the proof tree exponentially - * and checking the proof with VeriFast takes very long. - * The contract of lemma `VF_reordeReadyList` does not expose these case distinctions. - * Hence, wrapping the function calls inside the lemma linearizes the subproof and - * improves the performance of VeriFast exponentially. - * - Reasoning about the function calls requires us introduce many temporary new facts - * about the cell and owner lists by calling list lemmas. Introducing such facts can - * easily lead to an infinite loop of auto lemmas calls. Encapsulating the subproof in a - * lemma allows us to ingore facts necessary for different parts of the proof. - * That is, makes it easier to ensure that we don't run into an infinite auto lemma call - * loop. - */ - /*@ close VF_reordeReadyList__ghost_args - (gTasks, gCellLists, gOwnerLists, uxCurrentPriority); - @*/ - VF_reordeReadyList( pxReadyList, pxTaskItem); -#else uxListRemove( pxTaskItem ); vListInsertEnd( pxReadyList, pxTaskItem ); -#endif /* VERIFAST */ - //@ assert( readyLists_p(?gReorderedCellLists, ?gReorderedOwnerLists) ); - //@ assert( forall(gReorderedOwnerLists, (superset)(gTasks)) == true ); - //@ gInnerLoopBroken = true; break; } - - //@ assert( exists_in_taskISRLockInv_p(gTasks, ?gStatesEnd) ); - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStatesEnd)) ); - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStatesEnd)) ); } while( pxTaskItem != pxLastTaskItem ); - - /* - If the loop above terminated via the break-branch, - * the heap already contains a `readyLists_p` predicate. - * - If the loop terminated normally, the heap matches - * the loop invariant (plus all chunks not touched by the - * loop). In this case, we still have to close the - * `readyLists_p` predicate. - */ - /*@ - if( !gInnerLoopBroken ) { - closeUnchanged_readyLists(gCellLists, gOwnerLists); - - assert( readyLists_p(gCellLists, gOwnerLists) ); - assert( forall(gOwnerLists, (superset)(gTasks)) == true ); - } - @*/ - - - //@ assert( readyLists_p(?gCellLists3, ?gOwnerLists3) ); - //@ assert( forall(gOwnerLists3, (superset)(gTasks)) == true ); } else { if( xDecrementTopPriority != pdFALSE ) { -#if VERIFAST - /* Reason for rewrite: Code not memory safe. - */ - if(uxTopReadyPriority > 0) { - uxTopReadyPriority--; - } -#else uxTopReadyPriority--; -#endif /* VERIFAST */ #if ( ( configRUN_MULTIPLE_PRIORITIES == 0 ) && ( configNUM_CORES > 1 ) ) { xPriorityDropped = pdTRUE; } #endif } - - //@ close xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners); - - //@ closeUnchanged_readyLists(gCellLists, gOwnerLists); } /* This function can get called by vTaskSuspend() before the scheduler is started. @@ -1382,61 +952,14 @@ static void prvYieldForTask( TCB_t * pxTCB, * won't find a new task to schedule. Return pdFALSE in this case. */ if( ( xSchedulerRunning == pdFALSE ) && ( uxCurrentPriority == tskIDLE_PRIORITY ) && ( xTaskScheduled == pdFALSE ) ) { - // @ assert( xLIST(gReadyList, ?gReadyListSize, _, _, gCells, gVals, gOwners) ); - // @ assert( gReadyListSize == gSize ); - // @ List_array_join(&pxReadyTasksLists); - // @ assert( List_array_p(&pxReadyTasksLists, ?gSize2, ?gCellLists2, ?gOwnerLists2) ); - // @ assert( gPrefCellLists == take(uxCurrentPriority, gCellLists) ); - // @ assert( gSufCellLists == drop(uxCurrentPriority + 1, gCellLists) ); - // @ assert( gCells == nth(uxCurrentPriority, gCellLists) ); - // @ assert( gCellLists2 == append(gPrefCellLists, cons(gCells, gSufCellLists)) ); - // @ append_take_nth_drop(uxCurrentPriority, gCellLists); - // @ append_take_nth_drop(uxCurrentPriority, gOwnerLists); - - // @ close readyLists_p(gCellLists2, gOwnerLists2); - //@ close taskISRLockInv_p(); return pdFALSE; } -#ifndef VERIFAST configASSERT( ( uxCurrentPriority > tskIDLE_PRIORITY ) || ( xTaskScheduled == pdTRUE ) ); -#endif /* VERIFAST */ - - -#if VERIFAST - /* Reason for rewrite: Code not memory safe. - */ - if(uxCurrentPriority > 0) { - uxCurrentPriority--; - } -#else uxCurrentPriority--; -#endif /* VERIFAST */ - - // @ close xLIST(gReadyList, gSize, gIndex, gEnd, gCells, gVals, gOwners); - // @ assert( xLIST(gReadyList, ?gReadyListSize, _, _, gCells, gVals, gOwners) ); - // @ assert( gReadyListSize == gSize ); - // @ List_array_join(&pxReadyTasksLists); - // @ assert( List_array_p(&pxReadyTasksLists, ?gSize2, ?gCellLists2, ?gOwnerLists2) ); - // @ assert( gPrefCellLists == take(uxCurrentPriority, gCellLists) ); - // @ assert( gSufCellLists == drop(uxCurrentPriority + 1, gCellLists) ); - // @ assert( gCells == nth(uxCurrentPriority, gCellLists) ); - // @ assert( gCellLists2 == append(gPrefCellLists, cons(gCells, gSufCellLists)) ); - // @ append_take_nth_drop(uxCurrentPriority, gCellLists); - // @ append_take_nth_drop(uxCurrentPriority, gOwnerLists); - - -// //@ assert( List_array_p(&pxReadyTasksLists, ?gSize2, ?gCellLists2, ?gOwnerLists2) ); - - - //@ assert( exists_in_taskISRLockInv_p(gTasks, ?gStates) ); - // //@ close readyLists_p(gCellLists2, gOwnerLists2); - //@ close _taskISRLockInv_p(uxTopReadyPriority); - } // outer loop end + } -#ifndef VERIFAST configASSERT( taskTASK_IS_RUNNING( pxCurrentTCBs[ xCoreID ]->xTaskRunState ) ); -#endif /* VERIFAST */ #if ( ( configRUN_MULTIPLE_PRIORITIES == 0 ) && ( configNUM_CORES > 1 ) ) if( xPriorityDropped != pdFALSE ) @@ -1512,8 +1035,6 @@ static void prvYieldForTask( TCB_t * pxTCB, #endif /* if ( configUSE_CORE_AFFINITY == 1 ) */ #endif /* if ( configNUM_CORES > 1 ) */ - //@ open _taskISRLockInv_p(_); - //@ close taskISRLockInv_p(); return pdTRUE; } @@ -1747,14 +1268,6 @@ static void prvYieldForTask( TCB_t * pxTCB, void * const pvParameters, UBaseType_t uxPriority, TaskHandle_t * const pxCreatedTask ) - /*@ requires usStackDepth * sizeof( StackType_t ) < UINTPTR_MAX &*& - usStackDepth > 18 &*& - // We assume that macro `configMAX_TASK_NAME_LEN` evaluates to 16. - chars(pcName, 16, _) &*& - *pxCreatedTask |-> _ &*& - interruptState_p(?coreID, _); - @*/ - //@ ensures true; #if ( ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) ) { return xTaskCreateAffinitySet(pxTaskCode, pcName, usStackDepth, pvParameters, uxPriority, tskNO_AFFINITY, pxCreatedTask); @@ -1769,12 +1282,6 @@ static void prvYieldForTask( TCB_t * pxTCB, TaskHandle_t * const pxCreatedTask ) #endif /* ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) */ { - // Proof boken by switch to nightly build Nov 14, 2022 - // TODO: Adapt proof - //@ assume(false); - // ------------------------------------------------------------ - - TCB_t * pxNewTCB; BaseType_t xReturn; @@ -1816,14 +1323,9 @@ static void prvYieldForTask( TCB_t * pxTCB, pxNewTCB = ( TCB_t * ) pvPortMalloc( sizeof( TCB_t ) ); /*lint !e9087 !e9079 All values returned by pvPortMalloc() have at least the alignment required by the MCU's stack, and the first member of TCB_t is always a pointer to the task's stack. */ if( pxNewTCB != NULL ) - { + { /* Store the stack location in the TCB. */ pxNewTCB->pxStack = pxStack; - //@ close xLIST_ITEM(&pxNewTCB->xStateListItem, _, _, _, _); - //@ close xLIST_ITEM(&pxNewTCB->xEventListItem, _, _, _, _); - //@ chars__limits((char*) pxNewTCB->pxStack); - //@ assert( pxNewTCB->pxStack + (size_t) usStackDepth <= (StackType_t*) UINTPTR_MAX ); - //@ close uninit_TCB_p(pxNewTCB, ((size_t) usStackDepth) * sizeof(StackType_t)); } else { @@ -1858,12 +1360,6 @@ static void prvYieldForTask( TCB_t * pxTCB, } #endif - /* TODO: Continue proof - * For now we stop verification here and concentrate on new - * verification target. - */ - //@ assume(false); - prvAddNewTaskToReadyList( pxNewTCB ); xReturn = pdPASS; } @@ -1872,9 +1368,6 @@ static void prvYieldForTask( TCB_t * pxTCB, xReturn = errCOULD_NOT_ALLOCATE_REQUIRED_MEMORY; } - //@ assume(false); - // TODO: Remove! - // Allows us to focus on verifying called functions. return xReturn; } @@ -1889,25 +1382,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, TaskHandle_t * const pxCreatedTask, TCB_t * pxNewTCB, const MemoryRegion_t * const xRegions ) -/*@ requires uninit_TCB_p(pxNewTCB, ?stackSize) &*& - stackSize == ulStackDepth * sizeof(StackType_t) &*& - stackSize <= UINTPTR_MAX &*& - ulStackDepth > 18 &*& - // We assume that macro `configMAX_TASK_NAME_LEN` evaluates to 16. - chars(pcName, 16, _) &*& - *pxCreatedTask |-> _; - @*/ -/*@ ensures TCB_p(pxNewTCB, ?freeBytes) &*& - chars(pcName, 16, _) &*& - *pxCreatedTask |-> _; - @*/ { - // Proof boken by switch to nightly build Nov 14, 2022 - // TODO: Adapt proof - //@ assume(false); - // ------------------------------------------------------------ - - StackType_t * pxTopOfStack; UBaseType_t x; @@ -1926,24 +1401,11 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, uxPriority &= ~portPRIVILEGE_BIT; #endif /* portUSING_MPU_WRAPPERS == 1 */ - - //@ open uninit_TCB_p(_,_); - /* Avoid dependency on memset() if it is not required. */ #if ( tskSET_NEW_STACKS_TO_KNOWN_VALUE == 1 ) { /* Fill the stack with a known value to assist debugging. */ - #ifdef VERIFAST - /* Reason for rewrite: - * - VeriFast reports type mismatch because - * `( int ) tskSTACK_FILL_BYTE` is passed for a char argument. - * - * TODO: Is the type mismatch a real error? - */ - ( void ) memset( pxNewTCB->pxStack, ( char ) tskSTACK_FILL_BYTE, ( size_t ) ulStackDepth * sizeof( StackType_t ) ); - #else - ( void ) memset( pxNewTCB->pxStack, ( int ) tskSTACK_FILL_BYTE, ( size_t ) ulStackDepth * sizeof( StackType_t ) ); - #endif + ( void ) memset( pxNewTCB->pxStack, ( int ) tskSTACK_FILL_BYTE, ( size_t ) ulStackDepth * sizeof( StackType_t ) ); } #endif /* tskSET_NEW_STACKS_TO_KNOWN_VALUE */ @@ -1954,97 +1416,10 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, #if ( portSTACK_GROWTH < 0 ) { pxTopOfStack = &( pxNewTCB->pxStack[ ulStackDepth - ( uint32_t ) 1 ] ); - //@ StackType_t* gOldTop = pxTopOfStack; - //@ char* gcStack = (char*) pxNewTCB->pxStack; - - /* Set the following flag to skip and expensive part of this proof: - * `VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT` - * - * For VeriFast bit vector proofs are very computation intensive. - * Hence, reasoning about the stack alignment below takes relatively - * long. - */ - #ifndef VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT - // Axiomatize that pointers on RP2040 are 32bit - //@ ptr_range(pxTopOfStack); - - /* Convert top and mask to VeriFast bitvectors and establish - * relation to C variables. - * Note that on RP2040: - * - `portPOINTER_SIZE_TYPE` == `uint32_t` - * - `portBYTE_ALIGNMENT_MASK` == `0x0007` - */ - //@ uint32_t gMask = 0x0007; - //@ Z gzTop = Z_of_uint32((int) pxTopOfStack); - //@ Z gzMask = Z_of_uint32((int) gMask); - //@ bitnot_def(gMask, gzMask); - //@ bitand_def((int) pxTopOfStack, gzTop, ~gMask, Z_not(gzMask)); - #else - /* Axiomatise that no over- or underflow occurs. - * We further assume that `portPOINTER_SIZE_TYPE` evaluates to - * `uint32_t`. - */ - //@ ptr_range(pxTopOfStack); - /*@ assume( ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) - & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ) - > 0 ); - @*/ - /*@ assume( ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) - & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ) - <= (StackType_t*) UINTPTR_MAX ); - @*/ - #endif /* VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT */ - pxTopOfStack = ( StackType_t * ) ( ( ( portPOINTER_SIZE_TYPE ) pxTopOfStack ) & ( ~( ( portPOINTER_SIZE_TYPE ) portBYTE_ALIGNMENT_MASK ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception. Avoiding casts between pointers and integers is not practical. Size differences accounted for using portPOINTER_SIZE_TYPE type. Checked by assert(). */ - - #ifndef VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT - //@ uint32_t gUnalignedBytes = (char*) gOldTop - (char*) pxTopOfStack; - - // The following alignment assertions hold but take very long to verify. - ///@ assert( pxTopOfStack <= gOldTop ); - ///@ assert( gOldTop - 7 <= pxTopOfStack ); - - // Same as above but for aligned top pointer: - //@ Z gzAlignedTop = Z_of_uint32((int) pxTopOfStack); - //@ bitand_def((int) pxTopOfStack, gzAlignedTop, gMask, gzMask); - #else - /* Axiomatize that alignmet check succeeds. - * We further assume that `portPOINTER_SIZE_TYPE` evaluates to - * `uint32_t`*/ - //@ ptr_range(pxTopOfStack); - /*@ assume( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL ); - @*/ - #endif /* VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT */ /* Check the alignment of the calculated top of stack is correct. */ - configASSERT( ( ( ( portPOINTER_SIZE_TYPE ) pxTopOfStack & ( portPOINTER_SIZE_TYPE ) portBYTE_ALIGNMENT_MASK ) == 0UL ) ); - - #ifndef VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT - /* Remark: Moving this proof step in front of the above - * assertion increases proof checking time by a lot. - */ - /*@ - if( pxTopOfStack < gOldTop ) - { - chars_split_at(gcStack, (char*) pxTopOfStack + sizeof(StackType_t)); - } - @*/ - #else - /* Axiomatize that bit vector operations did not change stack - * pointer. - */ - /* TODO: Can we simplify the axiomatizations here and above - * by assuming that the top pointer was already aligned? - */ - //@ assume( pxTopOfStack == gOldTop ); - //@ int gUnalignedBytes = 0; - #endif /* VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT */ - - //@ assert( chars(gcStack, ?gFreeBytes, _) ); - //@ char* gUnalignedPtr = (char*) pxNewTCB->pxStack + gFreeBytes; - //@ close unalignedRestOfStack_p(gUnalignedPtr, gUnalignedBytes); - //@ close stack_p_2(pxNewTCB->pxStack, ulStackDepth, pxTopOfStack, gFreeBytes, 0, gUnalignedBytes); - + configASSERT( ( ( ( portPOINTER_SIZE_TYPE ) pxTopOfStack & ( portPOINTER_SIZE_TYPE ) portBYTE_ALIGNMENT_MASK ) == 0UL ) ); #if ( configRECORD_STACK_HIGH_ADDRESS == 1 ) { @@ -2071,9 +1446,6 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, if( pcName != NULL ) { for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) configMAX_TASK_NAME_LEN; x++ ) - /*@ invariant chars_(pxNewTCB->pcTaskName, 16, _) &*& - chars(pcName, 16, _); - @*/ { pxNewTCB->pcTaskName[ x ] = pcName[ x ]; @@ -2123,7 +1495,6 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, vListInitialiseItem( &( pxNewTCB->xStateListItem ) ); vListInitialiseItem( &( pxNewTCB->xEventListItem ) ); - /* Set the pxNewTCB as a link back from the ListItem_t. This is so we can get * back to the containing TCB from a generic item in a list. */ listSET_LIST_ITEM_OWNER( &( pxNewTCB->xStateListItem ), pxNewTCB ); @@ -2132,10 +1503,6 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, listSET_LIST_ITEM_VALUE( &( pxNewTCB->xEventListItem ), ( TickType_t ) configMAX_PRIORITIES - ( TickType_t ) uxPriority ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ listSET_LIST_ITEM_OWNER( &( pxNewTCB->xEventListItem ), pxNewTCB ); - // Closing predicates early simplifies the symbolic heap and proof debugging. - //@ close xLIST_ITEM(&pxNewTCB->xStateListItem, _, _, _, _); - //@ close xLIST_ITEM(&pxNewTCB->xEventListItem, _, _, _, _); - #if ( portCRITICAL_NESTING_IN_TCB == 1 ) { pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U; @@ -2167,24 +1534,14 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, #if ( configNUM_THREAD_LOCAL_STORAGE_POINTERS != 0 ) { - //@ pointers__to_chars_(pxNewTCB->pvThreadLocalStoragePointers); - //@ assert(chars_((char*) pxNewTCB->pvThreadLocalStoragePointers, _, _)); - //@ assert(chars_(_, sizeof( pxNewTCB->pvThreadLocalStoragePointers ), _)); memset( ( void * ) &( pxNewTCB->pvThreadLocalStoragePointers[ 0 ] ), 0x00, sizeof( pxNewTCB->pvThreadLocalStoragePointers ) ); } #endif #if ( configUSE_TASK_NOTIFICATIONS == 1 ) { - ///@ assert( integers__(pxNewTCB->ulNotifiedValue, _, _, 1, _) ); - ///@ integers___to_integers_(pxNewTCB->ulNotifiedValue); - ///@ integers__to_chars(pxNewTCB->ulNotifiedValue); - //@integers___to_integers_(pxNewTCB->ulNotifiedValue); - //@ integers__to_chars(pxNewTCB->ulNotifiedValue); memset( ( void * ) &( pxNewTCB->ulNotifiedValue[ 0 ] ), 0x00, sizeof( pxNewTCB->ulNotifiedValue ) ); - //@ uchars__to_chars_(pxNewTCB->ucNotifyState); memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) ); - //@ chars_to_uchars(pxNewTCB->ucNotifyState); } #endif @@ -2199,12 +1556,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, #if ( INCLUDE_xTaskAbortDelay == 1 ) { - #ifdef VERIFAST - /* Reason for rewrite: Assignment not type safe. */ - pxNewTCB->ucDelayAborted = pd_U_FALSE; - #else - pxNewTCB->ucDelayAborted = pdFALSE; - #endif + pxNewTCB->ucDelayAborted = pdFALSE; } #endif @@ -2303,18 +1655,10 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, { mtCOVERAGE_TEST_MARKER(); } - - //@ assert( stack_p_2(_, _, _, ?gFreeBytes, _, _) ); - //@ close TCB_p(pxNewTCB, gFreeBytes); } /*-----------------------------------------------------------*/ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) -/*//@ requires interruptState_p(?coreID, _) &*& - unprotectedGlobalVars(); - @*/ -/*//@ ensures true; - @*/ { /* Ensure interrupts don't access the task lists while the lists are being * updated. */ @@ -2631,18 +1975,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) eTaskState eTaskGetState( TaskHandle_t xTask ) { eTaskState eReturn; - #ifdef VERIFAST - /* Reason for rewrite: - * VeriFast does not support multiple pointer declarations to - * user-defined types in single statement (i.e., `A p1, p2;` is ok, - * `A *p1, *p2;` fails) - */ - List_t const * pxStateList; - List_t const * pxDelayedList; - List_t const * pxOverflowedDelayedList; - #else - List_t const * pxStateList, * pxDelayedList, * pxOverflowedDelayedList; - #endif /* VERIFAST */ + List_t const * pxStateList, * pxDelayedList, * pxOverflowedDelayedList; const TCB_t * const pxTCB = xTask; configASSERT( pxTCB ); @@ -3884,18 +3217,7 @@ char * pcTaskGetName( TaskHandle_t xTaskToQuery ) /*lint !e971 Unqualified char static TCB_t * prvSearchForNameWithinSingleList( List_t * pxList, const char pcNameToQuery[] ) { - #ifdef VERIFAST - /* Reason for rewrite: - * VeriFast does not support multiple pointer declarations to - * user-defined types in single statement - * (i.e., `A p1, p2;` is ok, `A *p1, *p2;` fails) - */ - TCB_t * pxNextTCB; - TCB_t * pxFirstTCB; - TCB_t * pxReturn = NULL; - #else TCB_t * pxNextTCB, * pxFirstTCB, * pxReturn = NULL; - #endif /* VERIFAST */ UBaseType_t x; char cNextChar; BaseType_t xBreakLoop; @@ -4551,40 +3873,6 @@ BaseType_t xTaskIncrementTick( void ) /*-----------------------------------------------------------*/ void vTaskSwitchContext( BaseType_t xCoreID ) -/*@ requires 0 <= xCoreID &*& xCoreID < configNUM_CORES &*& - xCoreID == coreID_f() - &*& - // access to locks and disabled interrupts - locked_p(nil) &*& - [?f_ISR]isrLock_p() &*& - [?f_task]taskLock_p() &*& - interruptState_p(xCoreID, ?state) &*& - interruptsDisabled_f(state) == true - &*& - // opened predicate `coreLocalInterruptInv_p()` - pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB) &*& - integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) &*& - coreLocalSeg_TCB_p(gCurrentTCB, 0) - &*& - // read access to current task's stack pointer, etc - prvSeg_TCB_p(gCurrentTCB, ?ulFreeBytesOnStack); - -@*/ -/*@ ensures // all locks are released and interrupts remain disabled - locked_p(nil) &*& - [f_ISR]isrLock_p() &*& - [f_task]taskLock_p() &*& - interruptState_p(xCoreID, state) - &*& - // opened predicate `coreLocalInterruptInv_p()` - pointer(&pxCurrentTCBs[coreID_f], ?gNewCurrentTCB) &*& - integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) &*& - coreLocalSeg_TCB_p(gCurrentTCB, 0) - &*& - // read access to current task's stack pointer, etc - prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack); - // Remark: the part of the post condition relating to TCBs will have to change. -@*/ { /* Acquire both locks: * - The ISR lock protects the ready list from simultaneous access by @@ -4596,38 +3884,16 @@ void vTaskSwitchContext( BaseType_t xCoreID ) portGET_TASK_LOCK(); /* Must always acquire the task lock first */ portGET_ISR_LOCK(); - //@ produce_taskISRLockInv(); { /* vTaskSwitchContext() must never be called from within a critical section. * This is not necessarily true for vanilla FreeRTOS, but it is for this SMP port. */ - #ifdef VERIFAST - /* Reason for rewrite: VeriFast cannot handle non-pure assertions. */ - { - // PROBLEM: - // Line - // UBaseType_t nesting = pxCurrentTCB->uxCriticalNesting; - // leads to VF error - // "This potentially side-effecting expression is not supported in this position, because of C's unspecified evaluation order" - // - // TODO: Inspect reason. - TaskHandle_t currentHandle = pxCurrentTCB; - //@ assert( currentHandle == gCurrentTCB ); - //@ open coreLocalSeg_TCB_p(gCurrentTCB, 0); - UBaseType_t nesting = currentHandle->uxCriticalNesting; - configASSERT( nesting == 0 ); - //@ close coreLocalSeg_TCB_p(gCurrentTCB, 0); - } - #else - configASSERT( pxCurrentTCB->uxCriticalNesting == 0 ); - #endif /* VERIFAST */ + configASSERT( pxCurrentTCB->uxCriticalNesting == 0 ); - //@ open taskISRLockInv_p(); if( uxSchedulerSuspended != ( UBaseType_t ) pdFALSE ) { /* The scheduler is currently suspended - do not allow a context * switch. */ xYieldPendings[ xCoreID ] = pdTRUE; - //@ close taskISRLockInv_p(); } else { @@ -4674,7 +3940,6 @@ void vTaskSwitchContext( BaseType_t xCoreID ) /* Select a new task to run using either the generic C or port * optimised asm code. */ - //@ close taskISRLockInv_p(); ( void ) prvSelectHighestPriorityTask( xCoreID ); traceTASK_SWITCHED_IN(); @@ -4699,7 +3964,6 @@ void vTaskSwitchContext( BaseType_t xCoreID ) #endif /* ( configUSE_NEWLIB_REENTRANT == 1 ) && ( configNEWLIB_REENTRANT_IS_DYNAMIC == 0 ) */ } } - //@ consume_taskISRLockInv(); portRELEASE_ISR_LOCK(); portRELEASE_TASK_LOCK(); } @@ -5531,17 +4795,7 @@ static void prvCheckTasksWaitingTermination( void ) List_t * pxList, eTaskState eState ) { - #ifdef VERIFAST - /* Reason for rewrite: - * VeriFast does not support multiple pointer declarations to - * user-defined types in single statement - * (i.e., `A p1, p2;` is ok, `A *p1, *p2;` fails) - */ - configLIST_VOLATILE TCB_t * pxNextTCB; - configLIST_VOLATILE TCB_t * pxFirstTCB; - #else - configLIST_VOLATILE TCB_t * pxNextTCB, * pxFirstTCB; - #endif /* VERIFAST */ + configLIST_VOLATILE TCB_t * pxNextTCB, * pxFirstTCB; UBaseType_t uxTask = 0; if( listCURRENT_LIST_LENGTH( pxList ) > ( UBaseType_t ) 0 ) @@ -5740,13 +4994,6 @@ static void prvResetNextTaskUnblockTime( void ) #if ( ( INCLUDE_xTaskGetCurrentTaskHandle == 1 ) || ( configUSE_MUTEXES == 1 ) ) TaskHandle_t xTaskGetCurrentTaskHandle( void ) - /*@ requires interruptState_p(coreID_f(), ?state) &*& - pointer(&pxCurrentTCBs[coreID_f], ?taskHandle); - @*/ - /*@ ensures interruptState_p(coreID_f(), state) &*& - pointer(&pxCurrentTCBs[coreID_f], taskHandle) &*& - result == taskHandle; - @*/ { TaskHandle_t xReturn; uint32_t ulState; @@ -6102,11 +5349,8 @@ void vTaskYieldWithinAPI( void ) #if ( portCRITICAL_NESTING_IN_TCB == 1 ) void vTaskEnterCritical( void ) - ///@ requires interruptState_p(?coreID, _) &*& unprotectedGlobalVars(); - ///@ ensures false; { portDISABLE_INTERRUPTS(); - //@ open unprotectedGlobalVars(); if( xSchedulerRunning != pdFALSE ) { @@ -7192,4 +6436,4 @@ static void prvAddCurrentTaskToDelayedList( TickType_t xTicksToWait, } #endif -#endif /* if ( configINCLUDE_FREERTOS_TASK_C_ADDITIONS_H == 1 ) */ \ No newline at end of file +#endif /* if ( configINCLUDE_FREERTOS_TASK_C_ADDITIONS_H == 1 ) */ From 21992b6c34bbbd2059ca9013fcc71598535b5149 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 9 Dec 2022 14:51:00 -0500 Subject: [PATCH 204/289] Startup script expects paths to relevant directories as arguments instead of computing them itself. --- .../preprocess_file.sh | 0 .../preprocess_tasks_c.sh | 16 +++++++++++----- .../start-vfide--preprocessed.sh | 10 ++++++---- 3 files changed, 17 insertions(+), 9 deletions(-) create mode 100755 Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh new file mode 100755 index 00000000000..e69de29bb2d diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_tasks_c.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_tasks_c.sh index 83102aec650..5dc1720ae67 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_tasks_c.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_tasks_c.sh @@ -2,13 +2,15 @@ ps -o comm= -p $$ # This script expects the following command line arguments: -# $1 : Absolute path to the VeriFast directory +# $1 : Absolute path to the root dir of this repository +# $2 : Absolute path to the root of the directory containing the VeriFast proofs +# $3 : Absolute path to the VeriFast directory -VF_DIR="$1" +REPO_BASE_DIR="$1" +VF_PROOF_BASE_DIR="$2" +VF_DIR="$3" PP_SCRIPT_WD=`pwd` -REPO_BASE_DIR=`cd ../../../../..; pwd` -VF_PROOF_BASE_DIR=`cd ..; pwd` VF_PROOF_MOD_SRC_DIR="$VF_PROOF_BASE_DIR/src" VF_PROOF_MOD_HEADER_DIR="$VF_PROOF_BASE_DIR/include" @@ -47,6 +49,7 @@ mkdir $LOG_PP_OUT_DIR echo start preprocessor clang -E -C -DFREE_RTOS_KERNEL_SMP=1 -DLIB_FREERTOS_KERNEL=1 -DLIB_PICO_BIT_OPS=1 -DLIB_PICO_BIT_OPS_PICO=1 -DLIB_PICO_DIVIDER=1 -DLIB_PICO_DIVIDER_HARDWARE=1 -DLIB_PICO_DOUBLE=1 -DLIB_PICO_DOUBLE_PICO=1 -DLIB_PICO_FLOAT=1 -DLIB_PICO_FLOAT_PICO=1 -DLIB_PICO_INT64_OPS=1 -DLIB_PICO_INT64_OPS_PICO=1 -DLIB_PICO_MALLOC=1 -DLIB_PICO_MEM_OPS=1 -DLIB_PICO_MEM_OPS_PICO=1 -DLIB_PICO_MULTICORE=1 -DLIB_PICO_PLATFORM=1 -DLIB_PICO_PRINTF=1 -DLIB_PICO_PRINTF_PICO=1 -DLIB_PICO_RUNTIME=1 -DLIB_PICO_STANDARD_LINK=1 -DLIB_PICO_STDIO=1 -DLIB_PICO_STDIO_UART=1 -DLIB_PICO_STDLIB=1 -DLIB_PICO_SYNC=1 -DLIB_PICO_SYNC_CORE=1 -DLIB_PICO_SYNC_CRITICAL_SECTION=1 -DLIB_PICO_SYNC_MUTEX=1 -DLIB_PICO_SYNC_SEM=1 -DLIB_PICO_TIME=1 -DLIB_PICO_UTIL=1 -DPICO_BOARD=\"pico\" -DPICO_BUILD=1 -DPICO_CMAKE_BUILD_TYPE=\"Release\" -DPICO_COPY_TO_RAM=0 -DPICO_CXX_ENABLE_EXCEPTIONS=0 -DPICO_NO_FLASH=0 -DPICO_NO_HARDWARE=0 -DPICO_ON_DEVICE=1 -DPICO_STACK_SIZE=0x1000 -DPICO_TARGET_NAME=\"on_core_one\" -DPICO_USE_BLOCKED_RAM=0 -DmainRUN_FREE_RTOS_ON_CORE=1 \ +\ -DVERIFAST \ -DVERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT \ -I"$VF_DIR/bin" \ @@ -54,12 +57,15 @@ clang -E -C -DFREE_RTOS_KERNEL_SMP=1 -DLIB_FREERTOS_KERNEL=1 -DLIB_PICO_BIT_OPS -I"$VF_PROOF_MOD_SRC_DIR" \ -I"$PROOF_SETUP_DIR" \ -I"$PROOF_FILES_DIR" \ +\ -I"$SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore" \ +-I"$SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base" \ +\ -I"$REPO_BASE_DIR/portable/ThirdParty/GCC/RP2040/include" \ -I"$REPO_BASE_DIR/portable/ThirdParty/GCC/RP2040" \ -I"$REPO_BASE_DIR/include" \ +\ -I"$PICO_SDK_DIR/src/common/pico_base/include" \ --I"$SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base" \ -I"$PICO_SDK_DIR/src/boards/include" \ -I"$PICO_SDK_DIR/src/rp2_common/pico_platform/include" \ -I"$PICO_SDK_DIR/src/rp2040/hardware_regs/include" \ diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/start-vfide--preprocessed.sh b/Test/VeriFast/tasks/vTaskSwitchContext/start-vfide--preprocessed.sh index b288dc70ac5..6f506fc8f4a 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/start-vfide--preprocessed.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/start-vfide--preprocessed.sh @@ -5,7 +5,9 @@ # $1 : Absolute path to the VeriFast directory -VF_DIR="$1" +REPO_BASE_DIR="$1" +VF_PROOF_BASE_DIR="$2" +VF_DIR="$3" echo Path to vfide binary : "\'$VFIDE\'" START_WD=`pwd` @@ -14,9 +16,9 @@ PP_SCRIPT="./preprocess_tasks_c.sh" PP_TASK_C="$START_WD/preprocessed_files/tasks__pp.c" FONT_SIZE=17 -if [ "$2" != "" ] +if [ "$4" != "" ] then - FONT_SIZE="$2" + FONT_SIZE="$4" fi # Flags to SKIP expensive proofs: @@ -27,7 +29,7 @@ fi cd "$PP_SCRIPT_DIR" pwd ls -"$PP_SCRIPT" "$VF_DIR" +"$PP_SCRIPT" "$REPO_BASE_DIR" "$VF_PROOF_BASE_DIR" "$VF_DIR" cd "$START_WD" echo "\n\nPreprocessing script finished\n\n" From 60f1530d17b822fcadf10edbcdc033ad47b364cc Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 9 Dec 2022 14:52:35 -0500 Subject: [PATCH 205/289] Deleted deprecated files. --- .../vTaskSwitchContext/problems/README.md | 2 - .../bugs/define_name/defining_header.h | 10 --- .../problems/bugs/define_name/main.c | 20 ----- .../bugs/define_name/testing_header.h | 17 ---- .../start-vfide--original.sh | 90 ------------------- 5 files changed, 139 deletions(-) delete mode 100644 Test/VeriFast/tasks/vTaskSwitchContext/problems/README.md delete mode 100644 Test/VeriFast/tasks/vTaskSwitchContext/problems/bugs/define_name/defining_header.h delete mode 100644 Test/VeriFast/tasks/vTaskSwitchContext/problems/bugs/define_name/main.c delete mode 100644 Test/VeriFast/tasks/vTaskSwitchContext/problems/bugs/define_name/testing_header.h delete mode 100755 Test/VeriFast/tasks/vTaskSwitchContext/start-vfide--original.sh diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/problems/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/problems/README.md deleted file mode 100644 index 712ec28155b..00000000000 --- a/Test/VeriFast/tasks/vTaskSwitchContext/problems/README.md +++ /dev/null @@ -1,2 +0,0 @@ -This directory contains collection of problems encountered with VeriFast that -need to be fixed in order to verify the current code base as is. diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/problems/bugs/define_name/defining_header.h b/Test/VeriFast/tasks/vTaskSwitchContext/problems/bugs/define_name/defining_header.h deleted file mode 100644 index e63adcfa07b..00000000000 --- a/Test/VeriFast/tasks/vTaskSwitchContext/problems/bugs/define_name/defining_header.h +++ /dev/null @@ -1,10 +0,0 @@ -#define ABC - - -/* -#ifdef ABC // ok: evaluates to true - #error "ABC defined" -#else // ok: evaluates to false - #error "ABC not defined" -#endif -*/ diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/problems/bugs/define_name/main.c b/Test/VeriFast/tasks/vTaskSwitchContext/problems/bugs/define_name/main.c deleted file mode 100644 index c71f3ef2fb0..00000000000 --- a/Test/VeriFast/tasks/vTaskSwitchContext/problems/bugs/define_name/main.c +++ /dev/null @@ -1,20 +0,0 @@ -/* Bug: - * The header `defining_header.h` defines the constant `ABC` and - * the header `testing_header.h` checks whether `ABC` has been defined. - * In `testing_header.h` both checks `#ifdef ABC` and its negation - * `#ifndef ABC` evaluate to true. - */ - -#include "defining_header.h" - - -/* -#ifdef ABC // ok: evaluates to true - #error "ABC defined" -#else // ok: evaluates to false - #error "ABC not defined" -#endif -*/ - - -#include "testing_header.h" \ No newline at end of file diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/problems/bugs/define_name/testing_header.h b/Test/VeriFast/tasks/vTaskSwitchContext/problems/bugs/define_name/testing_header.h deleted file mode 100644 index 9add91a69ff..00000000000 --- a/Test/VeriFast/tasks/vTaskSwitchContext/problems/bugs/define_name/testing_header.h +++ /dev/null @@ -1,17 +0,0 @@ -// Problem: Both branches branch conditions evaluate to true. - -/* `main.c` included this header after including `defining_header.h`. - * Hence, `#ifdef ABC` should evaluate to true and `#ifndef ABC should - * evaluate to false. - */ - -/* -#ifdef ABC // ok: evaluates to true. - #error "ABC defined" -#endif -*/ - - -#ifndef ABC // bug: evaluates to true - #error "ABC defined" -#endif \ No newline at end of file diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/start-vfide--original.sh b/Test/VeriFast/tasks/vTaskSwitchContext/start-vfide--original.sh deleted file mode 100755 index 5e5c9bc2aba..00000000000 --- a/Test/VeriFast/tasks/vTaskSwitchContext/start-vfide--original.sh +++ /dev/null @@ -1,90 +0,0 @@ - -# This script must be run from the directory in which it resides, -# i.e., `FreeRTOS-Kernel/verification/verifast`. - - - - -VFIDE="$1" -echo Path to vfide binary : "\'$VFIDE\'" - - -SOURCE_DIR="../.." -HEADER_DIR="$SOURCE_DIR/include" - -TASK_H="$HEADER_DIR/task.h" -TASKS_C="$SOURCE_DIR/tasks.c" - -PROOF_SETUP_DIR="proof_setup" -GENERATED_HEADERS_DIR="$PROOF_SETUP_DIR/generated" - -RP2040_CONFIG_DIR="$SOURCE_DIR/portable/ThirdParty/GCC/RP2040/include" - -FREERTOS_SMP_DEMO_DIR="demos/FreeRTOS-SMP-Demos" - -PICO_SDK_DIR="sdks/pico-sdk" - - -# We replaced the following include paths: -# `$FREERTOS_SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base` -# -> -# `$GENERATED_HEADERS_DIR/pico_base` - - - -"$VFIDE" -I "$HEADER_DIR" \ --I $PROOF_SETUP_DIR -D VERIFAST "$TASKS_C" \ --I $RP2040_CONFIG_DIR \ --I $PICO_SDK_DIR/src/common/pico_base/include \ --I $GENERATED_HEADERS_DIR/pico_base \ --I $PICO_SDK_DIR/src/boards/include \ --I $PICO_SDK_DIR/src/rp2_common/cmsis/include \ --I $FREERTOS_SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore \ --I $PICO_SDK_DIR/src/rp2040/hardware_regs/include \ --I $PICO_SDK_DIR/src/rp2_common/hardware_base/include \ --I $PICO_SDK_DIR/src/rp2_common/hardware_clocks/include \ --I $PICO_SDK_DIR/src/rp2040/hardware_structs/include \ --I $PICO_SDK_DIR/src/rp2_common/hardware_claim/include \ --I $PICO_SDK_DIR/src/rp2_common/hardware_sync/include \ --I $PICO_SDK_DIR/src/rp2_common/hardware_gpio/include \ --I $PICO_SDK_DIR/src/rp2_common/hardware_irq/include \ --I $PICO_SDK_DIR/src/common/pico_sync/include \ --I $PICO_SDK_DIR/src/common/pico_time/include \ --I $PICO_SDK_DIR/src/rp2_common/hardware_timer/include \ --I $PICO_SDK_DIR/src/common/pico_util/include \ --I $PICO_SDK_DIR/src/rp2_common/hardware_resets/include \ --I $PICO_SDK_DIR/src/rp2_common/hardware_pll/include \ --I $PICO_SDK_DIR/src/rp2_common/hardware_vreg/include \ --I $PICO_SDK_DIR/src/rp2_common/hardware_watchdog/include \ --I $PICO_SDK_DIR/src/rp2_common/hardware_xosc/include \ --I $PICO_SDK_DIR/src/rp2_common/hardware_exception/include \ --I $PICO_SDK_DIR/src/rp2_common/pico_multicore/include \ --I $PICO_SDK_DIR/src/common/pico_stdlib/include \ --I $PICO_SDK_DIR/src/rp2_common/hardware_uart/include \ --I $PICO_SDK_DIR/src/rp2_common/hardware_divider/include \ --I $PICO_SDK_DIR/src/rp2_common/pico_runtime/include \ --I $PICO_SDK_DIR/src/rp2_common/pico_printf/include \ --I $PICO_SDK_DIR/src/rp2_common/pico_bootrom/include \ --I $PICO_SDK_DIR/src/common/pico_bit_ops/include \ --I $PICO_SDK_DIR/src/common/pico_divider/include \ --I $PICO_SDK_DIR/src/rp2_common/pico_double/include \ --I $PICO_SDK_DIR/src/rp2_common/pico_int64_ops/include \ --I $PICO_SDK_DIR/src/rp2_common/pico_float/include \ --I $PICO_SDK_DIR/src/rp2_common/pico_malloc/include \ --I $PICO_SDK_DIR/src/rp2_common/boot_stage2/include \ --I $PICO_SDK_DIR/src/common/pico_binary_info/include \ --I $PICO_SDK_DIR/src/rp2_common/pico_stdio/include \ --I $PICO_SDK_DIR/src/rp2_common/pico_stdio_uart/include \ --I $PICO_SDK_DIR/src/rp2_common/pico_stdio_usb/include \ --I $PICO_SDK_DIR/lib/tinyusb/src \ --I $PICO_SDK_DIR/lib/tinyusb/src/common \ --I $PICO_SDK_DIR/lib/tinyusb/hw \ --I $PICO_SDK_DIR/src/rp2_common/pico_fix/rp2040_usb_device_enumeration/include \ --I $PICO_SDK_DIR/src/rp2_common/pico_unique_id/include \ --I $PICO_SDK_DIR/src/rp2_common/hardware_flash/include \ --I $PICO_SDK_DIR/src/common/pico_usb_reset_interface/include \ --I $PICO_SDK_DIR/src/rp2_common/pico_platform/include/ - -# Defines used during the built of the FreeRTOS SMP Demo that might be relevant -# in the future: -# -D CFG_TUSB_DEBUG=0 -D CFG_TUSB_MCU=OPT_MCU_RP2040 -D CFG_TUSB_OS=OPT_OS_PICO -D FREE_RTOS_KERNEL_SMP=1 -D LIB_FREERTOS_KERNEL=1 -D LIB_PICO_BIT_OPS=1 -D LIB_PICO_BIT_OPS_PICO=1 -D LIB_PICO_DIVIDER=1 -D LIB_PICO_DIVIDER_HARDWARE=1 -D LIB_PICO_DOUBLE=1 -D LIB_PICO_DOUBLE_PICO=1 -D LIB_PICO_FIX_RP2040_USB_DEVICE_ENUMERATION=1 -D LIB_PICO_FLOAT=1 -D LIB_PICO_FLOAT_PICO=1 -D LIB_PICO_INT64_OPS=1 -D LIB_PICO_INT64_OPS_PICO=1 -D LIB_PICO_MALLOC=1 -D LIB_PICO_MEM_OPS=1 -D LIB_PICO_MEM_OPS_PICO=1 -D LIB_PICO_MULTICORE=1 -D LIB_PICO_PLATFORM=1 -D LIB_PICO_PRINTF=1 -D LIB_PICO_PRINTF_PICO=1 -D LIB_PICO_RUNTIME=1 -D LIB_PICO_STANDARD_LINK=1 -D LIB_PICO_STDIO=1 -D LIB_PICO_STDIO_UART=1 -D LIB_PICO_STDIO_USB=1 -D LIB_PICO_STDLIB=1 -D LIB_PICO_SYNC=1 -D LIB_PICO_SYNC_CORE=1 -D LIB_PICO_SYNC_CRITICAL_SECTION=1 -D LIB_PICO_SYNC_MUTEX=1 -D LIB_PICO_SYNC_SEM=1 -D LIB_PICO_TIME=1 -D LIB_PICO_UNIQUE_ID=1 -D LIB_PICO_UTIL=1 -D PICO_BOARD=\"pico\" -D PICO_BUILD=1 -D PICO_CMAKE_BUILD_TYPE=\"Release\" -D PICO_COPY_TO_RAM=0 -D PICO_CXX_ENABLE_EXCEPTIONS=0 -D PICO_NO_FLASH=0 -D PICO_NO_HARDWARE=0 -D PICO_ON_DEVICE=1 -D PICO_TARGET_NAME=\"on_core_zero\" -D PICO_USE_BLOCKED_RAM=0 \ From 4f71cead4a23b4c699e62564ecf4b054730cebd1 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 9 Dec 2022 15:13:47 -0500 Subject: [PATCH 206/289] Moved preprocessing step to separate shell script. --- .../preprocess_file.sh | 101 ++++++++++++++++++ .../preprocess_tasks_c.sh | 58 +--------- 2 files changed, 102 insertions(+), 57 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh index e69de29bb2d..e449107ae2b 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh @@ -0,0 +1,101 @@ +SRC_FILE="$1" +OUT_FILE="$2" +ERR_FILE="$3" +REPO_BASE_DIR="$4" +VF_PROOF_BASE_DIR="$5" +VF_DIR="$6" + +PP_SCRIPT_WD=`pwd` +VF_PROOF_MOD_SRC_DIR="$VF_PROOF_BASE_DIR/src" +VF_PROOF_MOD_HEADER_DIR="$VF_PROOF_BASE_DIR/include" + + +PROOF_SETUP_DIR="$VF_PROOF_BASE_DIR/proof_setup" +PROOF_FILES_DIR="$VF_PROOF_BASE_DIR/proof" +PICO_SDK_DIR="$VF_PROOF_BASE_DIR/sdks/pico-sdk" +SMP_DEMO_DIR="$VF_PROOF_BASE_DIR/demos/FreeRTOS-SMP-Demos" + + +#LOG_DIR="`pwd`/build_logs" +#BUILD_LOG="$LOG_DIR/build_log--`date +'%y_%m_%d--%H_%M'`.txt" +TIMESTAMP=`date +'%y_%m_%d--%H_%M'` +LOG_PP_OUT_DIR="$PP_SCRIPT_WD/log_preprocessed_files" +LOG_PP_TASK_C="$LOG_PP_OUT_DIR/tasks--pp--$TIMESTAMP.c" +LOG_PP_ERR="$LOG_PP_OUT_DIR/error--$TIMESTAMP.c" + +LOG_VF_RW_TASK_C="$LOG_PP_OUT_DIR/tasks--vf_rw--$TIMESTAMP.c" + +PP_OUT_DIR="$VF_PROOF_BASE_DIR/preprocessed_files" +PP_TASK_C="$PP_OUT_DIR/tasks__pp.c" + + +# Flags to SKIP expensive proofs: +# - VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT + + +pwd +mkdir $LOG_PP_OUT_DIR + +# Relevant clang flags: +# -E +# -C +# -P : surpresses line/file pragmas + +echo start preprocessor +clang -E -C -DFREE_RTOS_KERNEL_SMP=1 -DLIB_FREERTOS_KERNEL=1 -DLIB_PICO_BIT_OPS=1 -DLIB_PICO_BIT_OPS_PICO=1 -DLIB_PICO_DIVIDER=1 -DLIB_PICO_DIVIDER_HARDWARE=1 -DLIB_PICO_DOUBLE=1 -DLIB_PICO_DOUBLE_PICO=1 -DLIB_PICO_FLOAT=1 -DLIB_PICO_FLOAT_PICO=1 -DLIB_PICO_INT64_OPS=1 -DLIB_PICO_INT64_OPS_PICO=1 -DLIB_PICO_MALLOC=1 -DLIB_PICO_MEM_OPS=1 -DLIB_PICO_MEM_OPS_PICO=1 -DLIB_PICO_MULTICORE=1 -DLIB_PICO_PLATFORM=1 -DLIB_PICO_PRINTF=1 -DLIB_PICO_PRINTF_PICO=1 -DLIB_PICO_RUNTIME=1 -DLIB_PICO_STANDARD_LINK=1 -DLIB_PICO_STDIO=1 -DLIB_PICO_STDIO_UART=1 -DLIB_PICO_STDLIB=1 -DLIB_PICO_SYNC=1 -DLIB_PICO_SYNC_CORE=1 -DLIB_PICO_SYNC_CRITICAL_SECTION=1 -DLIB_PICO_SYNC_MUTEX=1 -DLIB_PICO_SYNC_SEM=1 -DLIB_PICO_TIME=1 -DLIB_PICO_UTIL=1 -DPICO_BOARD=\"pico\" -DPICO_BUILD=1 -DPICO_CMAKE_BUILD_TYPE=\"Release\" -DPICO_COPY_TO_RAM=0 -DPICO_CXX_ENABLE_EXCEPTIONS=0 -DPICO_NO_FLASH=0 -DPICO_NO_HARDWARE=0 -DPICO_ON_DEVICE=1 -DPICO_STACK_SIZE=0x1000 -DPICO_TARGET_NAME=\"on_core_one\" -DPICO_USE_BLOCKED_RAM=0 -DmainRUN_FREE_RTOS_ON_CORE=1 \ +\ +-DVERIFAST \ +-DVERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT \ +-I"$VF_DIR/bin" \ +-I"$VF_PROOF_MOD_HEADER_DIR" \ +-I"$VF_PROOF_MOD_SRC_DIR" \ +-I"$PROOF_SETUP_DIR" \ +-I"$PROOF_FILES_DIR" \ +\ +-I"$SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore" \ +-I"$SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base" \ +\ +-I"$REPO_BASE_DIR/portable/ThirdParty/GCC/RP2040/include" \ +-I"$REPO_BASE_DIR/portable/ThirdParty/GCC/RP2040" \ +-I"$REPO_BASE_DIR/include" \ +\ +-I"$PICO_SDK_DIR/src/common/pico_base/include" \ +-I"$PICO_SDK_DIR/src/boards/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/pico_platform/include" \ +-I"$PICO_SDK_DIR/src/rp2040/hardware_regs/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/hardware_base/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/hardware_clocks/include" \ +-I"$PICO_SDK_DIR/src/rp2040/hardware_structs/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/hardware_claim/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/hardware_sync/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/hardware_gpio/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/hardware_irq/include" \ +-I"$PICO_SDK_DIR/src/common/pico_sync/include" \ +-I"$PICO_SDK_DIR/src/common/pico_time/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/hardware_timer/include" \ +-I"$PICO_SDK_DIR/src/common/pico_util/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/hardware_resets/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/hardware_pll/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/hardware_vreg/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/hardware_watchdog/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/hardware_xosc/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/hardware_exception/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/pico_multicore/include" \ +-I"$PICO_SDK_DIR/src/common/pico_stdlib/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/hardware_uart/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/hardware_divider/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/pico_runtime/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/pico_printf/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/pico_bootrom/include" \ +-I"$PICO_SDK_DIR/src/common/pico_bit_ops/include" \ +-I"$PICO_SDK_DIR/src/common/pico_divider/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/pico_double/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/pico_int64_ops/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/pico_float/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/pico_malloc/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/boot_stage2/include" \ +-I"$PICO_SDK_DIR/src/common/pico_binary_info/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/pico_stdio/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/pico_stdio_uart/include" \ +-c "$SRC_FILE" \ +1>"$OUT_FILE" 2>"$ERR_FILE" \ No newline at end of file diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_tasks_c.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_tasks_c.sh index 5dc1720ae67..f7b9983a7b3 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_tasks_c.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_tasks_c.sh @@ -48,63 +48,7 @@ mkdir $LOG_PP_OUT_DIR # -P : surpresses line/file pragmas echo start preprocessor -clang -E -C -DFREE_RTOS_KERNEL_SMP=1 -DLIB_FREERTOS_KERNEL=1 -DLIB_PICO_BIT_OPS=1 -DLIB_PICO_BIT_OPS_PICO=1 -DLIB_PICO_DIVIDER=1 -DLIB_PICO_DIVIDER_HARDWARE=1 -DLIB_PICO_DOUBLE=1 -DLIB_PICO_DOUBLE_PICO=1 -DLIB_PICO_FLOAT=1 -DLIB_PICO_FLOAT_PICO=1 -DLIB_PICO_INT64_OPS=1 -DLIB_PICO_INT64_OPS_PICO=1 -DLIB_PICO_MALLOC=1 -DLIB_PICO_MEM_OPS=1 -DLIB_PICO_MEM_OPS_PICO=1 -DLIB_PICO_MULTICORE=1 -DLIB_PICO_PLATFORM=1 -DLIB_PICO_PRINTF=1 -DLIB_PICO_PRINTF_PICO=1 -DLIB_PICO_RUNTIME=1 -DLIB_PICO_STANDARD_LINK=1 -DLIB_PICO_STDIO=1 -DLIB_PICO_STDIO_UART=1 -DLIB_PICO_STDLIB=1 -DLIB_PICO_SYNC=1 -DLIB_PICO_SYNC_CORE=1 -DLIB_PICO_SYNC_CRITICAL_SECTION=1 -DLIB_PICO_SYNC_MUTEX=1 -DLIB_PICO_SYNC_SEM=1 -DLIB_PICO_TIME=1 -DLIB_PICO_UTIL=1 -DPICO_BOARD=\"pico\" -DPICO_BUILD=1 -DPICO_CMAKE_BUILD_TYPE=\"Release\" -DPICO_COPY_TO_RAM=0 -DPICO_CXX_ENABLE_EXCEPTIONS=0 -DPICO_NO_FLASH=0 -DPICO_NO_HARDWARE=0 -DPICO_ON_DEVICE=1 -DPICO_STACK_SIZE=0x1000 -DPICO_TARGET_NAME=\"on_core_one\" -DPICO_USE_BLOCKED_RAM=0 -DmainRUN_FREE_RTOS_ON_CORE=1 \ -\ --DVERIFAST \ --DVERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT \ --I"$VF_DIR/bin" \ --I"$VF_PROOF_MOD_HEADER_DIR" \ --I"$VF_PROOF_MOD_SRC_DIR" \ --I"$PROOF_SETUP_DIR" \ --I"$PROOF_FILES_DIR" \ -\ --I"$SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore" \ --I"$SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base" \ -\ --I"$REPO_BASE_DIR/portable/ThirdParty/GCC/RP2040/include" \ --I"$REPO_BASE_DIR/portable/ThirdParty/GCC/RP2040" \ --I"$REPO_BASE_DIR/include" \ -\ --I"$PICO_SDK_DIR/src/common/pico_base/include" \ --I"$PICO_SDK_DIR/src/boards/include" \ --I"$PICO_SDK_DIR/src/rp2_common/pico_platform/include" \ --I"$PICO_SDK_DIR/src/rp2040/hardware_regs/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_base/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_clocks/include" \ --I"$PICO_SDK_DIR/src/rp2040/hardware_structs/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_claim/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_sync/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_gpio/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_irq/include" \ --I"$PICO_SDK_DIR/src/common/pico_sync/include" \ --I"$PICO_SDK_DIR/src/common/pico_time/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_timer/include" \ --I"$PICO_SDK_DIR/src/common/pico_util/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_resets/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_pll/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_vreg/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_watchdog/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_xosc/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_exception/include" \ --I"$PICO_SDK_DIR/src/rp2_common/pico_multicore/include" \ --I"$PICO_SDK_DIR/src/common/pico_stdlib/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_uart/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_divider/include" \ --I"$PICO_SDK_DIR/src/rp2_common/pico_runtime/include" \ --I"$PICO_SDK_DIR/src/rp2_common/pico_printf/include" \ --I"$PICO_SDK_DIR/src/rp2_common/pico_bootrom/include" \ --I"$PICO_SDK_DIR/src/common/pico_bit_ops/include" \ --I"$PICO_SDK_DIR/src/common/pico_divider/include" \ --I"$PICO_SDK_DIR/src/rp2_common/pico_double/include" \ --I"$PICO_SDK_DIR/src/rp2_common/pico_int64_ops/include" \ --I"$PICO_SDK_DIR/src/rp2_common/pico_float/include" \ --I"$PICO_SDK_DIR/src/rp2_common/pico_malloc/include" \ --I"$PICO_SDK_DIR/src/rp2_common/boot_stage2/include" \ --I"$PICO_SDK_DIR/src/common/pico_binary_info/include" \ --I"$PICO_SDK_DIR/src/rp2_common/pico_stdio/include" \ --I"$PICO_SDK_DIR/src/rp2_common/pico_stdio_uart/include" \ --c "$TASKS_C" \ -1>"$LOG_PP_TASK_C" 2>"$LOG_PP_ERR" +./preprocess_file.sh $TASKS_C $LOG_PP_TASK_C $LOG_PP_ERR $REPO_BASE_DIR $VF_PROOF_BASE_DIR $VF_DIR echo "\n\nPreprocessed output with pragmas written to:" echo $LOG_PP_TASK_C From deee4a41416c4e9a5da18ee3b2c88e7c3929ede9 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 9 Dec 2022 15:18:52 -0500 Subject: [PATCH 207/289] Sorted include paths to make them easier readable. --- .../preprocess_file.sh | 45 ++++++++++--------- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh index e449107ae2b..e2ee1c98d9d 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh @@ -59,43 +59,44 @@ clang -E -C -DFREE_RTOS_KERNEL_SMP=1 -DLIB_FREERTOS_KERNEL=1 -DLIB_PICO_BIT_OPS -I"$REPO_BASE_DIR/portable/ThirdParty/GCC/RP2040" \ -I"$REPO_BASE_DIR/include" \ \ --I"$PICO_SDK_DIR/src/common/pico_base/include" \ -I"$PICO_SDK_DIR/src/boards/include" \ --I"$PICO_SDK_DIR/src/rp2_common/pico_platform/include" \ +-I"$PICO_SDK_DIR/src/common/pico_base/include" \ +-I"$PICO_SDK_DIR/src/common/pico_binary_info/include" \ +-I"$PICO_SDK_DIR/src/common/pico_bit_ops/include" \ +-I"$PICO_SDK_DIR/src/common/pico_divider/include" \ +-I"$PICO_SDK_DIR/src/common/pico_stdlib/include" \ +-I"$PICO_SDK_DIR/src/common/pico_sync/include" \ +-I"$PICO_SDK_DIR/src/common/pico_time/include" \ +-I"$PICO_SDK_DIR/src/common/pico_util/include" \ -I"$PICO_SDK_DIR/src/rp2040/hardware_regs/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_base/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_clocks/include" \ -I"$PICO_SDK_DIR/src/rp2040/hardware_structs/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/boot_stage2/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/hardware_base/include" \ -I"$PICO_SDK_DIR/src/rp2_common/hardware_claim/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_sync/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/hardware_clocks/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/hardware_divider/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/hardware_exception/include" \ -I"$PICO_SDK_DIR/src/rp2_common/hardware_gpio/include" \ -I"$PICO_SDK_DIR/src/rp2_common/hardware_irq/include" \ --I"$PICO_SDK_DIR/src/common/pico_sync/include" \ --I"$PICO_SDK_DIR/src/common/pico_time/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_timer/include" \ --I"$PICO_SDK_DIR/src/common/pico_util/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_resets/include" \ -I"$PICO_SDK_DIR/src/rp2_common/hardware_pll/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/hardware_resets/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/hardware_sync/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/hardware_timer/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/hardware_uart/include" \ -I"$PICO_SDK_DIR/src/rp2_common/hardware_vreg/include" \ -I"$PICO_SDK_DIR/src/rp2_common/hardware_watchdog/include" \ -I"$PICO_SDK_DIR/src/rp2_common/hardware_xosc/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_exception/include" \ --I"$PICO_SDK_DIR/src/rp2_common/pico_multicore/include" \ --I"$PICO_SDK_DIR/src/common/pico_stdlib/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_uart/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_divider/include" \ --I"$PICO_SDK_DIR/src/rp2_common/pico_runtime/include" \ --I"$PICO_SDK_DIR/src/rp2_common/pico_printf/include" \ -I"$PICO_SDK_DIR/src/rp2_common/pico_bootrom/include" \ --I"$PICO_SDK_DIR/src/common/pico_bit_ops/include" \ --I"$PICO_SDK_DIR/src/common/pico_divider/include" \ -I"$PICO_SDK_DIR/src/rp2_common/pico_double/include" \ --I"$PICO_SDK_DIR/src/rp2_common/pico_int64_ops/include" \ -I"$PICO_SDK_DIR/src/rp2_common/pico_float/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/pico_int64_ops/include" \ -I"$PICO_SDK_DIR/src/rp2_common/pico_malloc/include" \ --I"$PICO_SDK_DIR/src/rp2_common/boot_stage2/include" \ --I"$PICO_SDK_DIR/src/common/pico_binary_info/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/pico_multicore/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/pico_platform/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/pico_printf/include" \ +-I"$PICO_SDK_DIR/src/rp2_common/pico_runtime/include" \ -I"$PICO_SDK_DIR/src/rp2_common/pico_stdio/include" \ -I"$PICO_SDK_DIR/src/rp2_common/pico_stdio_uart/include" \ +\ -c "$SRC_FILE" \ 1>"$OUT_FILE" 2>"$ERR_FILE" \ No newline at end of file From d945764528d1aaf1ce9eb798bb703340be262091 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 9 Dec 2022 15:43:14 -0500 Subject: [PATCH 208/289] Grouped preprocessor flags to make preprocessing command easier to read. --- .../preprocess_file.sh | 173 ++++++++++++------ 1 file changed, 116 insertions(+), 57 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh index e2ee1c98d9d..2d3169bc9ee 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh @@ -1,3 +1,4 @@ +#!/bin/bash SRC_FILE="$1" OUT_FILE="$2" ERR_FILE="$3" @@ -32,71 +33,129 @@ PP_TASK_C="$PP_OUT_DIR/tasks__pp.c" # Flags to SKIP expensive proofs: # - VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT +declare -a BUILD_FLAGS +BUILD_FLAGS=( + -DFREE_RTOS_KERNEL_SMP=1 + -DLIB_FREERTOS_KERNEL=1 + -DLIB_PICO_BIT_OPS=1 + -DLIB_PICO_BIT_OPS_PICO=1 + -DLIB_PICO_DIVIDER=1 + -DLIB_PICO_DIVIDER_HARDWARE=1 + -DLIB_PICO_DOUBLE=1 + -DLIB_PICO_DOUBLE_PICO=1 + -DLIB_PICO_FLOAT=1 + -DLIB_PICO_FLOAT_PICO=1 + -DLIB_PICO_INT64_OPS=1 + -DLIB_PICO_INT64_OPS_PICO=1 + -DLIB_PICO_MALLOC=1 + -DLIB_PICO_MEM_OPS=1 + -DLIB_PICO_MEM_OPS_PICO=1 + -DLIB_PICO_MULTICORE=1 + -DLIB_PICO_PLATFORM=1 + -DLIB_PICO_PRINTF=1 + -DLIB_PICO_PRINTF_PICO=1 + -DLIB_PICO_RUNTIME=1 + -DLIB_PICO_STANDARD_LINK=1 + -DLIB_PICO_STDIO=1 + -DLIB_PICO_STDIO_UART=1 + -DLIB_PICO_STDLIB=1 + -DLIB_PICO_SYNC=1 + -DLIB_PICO_SYNC_CORE=1 + -DLIB_PICO_SYNC_CRITICAL_SECTION=1 + -DLIB_PICO_SYNC_MUTEX=1 + -DLIB_PICO_SYNC_SEM=1 + -DLIB_PICO_TIME=1 + -DLIB_PICO_UTIL=1 + -DPICO_BOARD=\"pico\" + -DPICO_BUILD=1 + -DPICO_CMAKE_BUILD_TYPE=\"Release\" + -DPICO_COPY_TO_RAM=0 + -DPICO_CXX_ENABLE_EXCEPTIONS=0 + -DPICO_NO_FLASH=0 + -DPICO_NO_HARDWARE=0 + -DPICO_ON_DEVICE=1 + -DPICO_STACK_SIZE=0x1000 + -DPICO_TARGET_NAME=\"on_core_one\" + -DPICO_USE_BLOCKED_RAM=0 + -DmainRUN_FREE_RTOS_ON_CORE=1 +) + +delcare -a PICO_INCLUDE_FLAGS +PICO_INCLUDE_FLAGS=( + -I"$PICO_SDK_DIR/src/boards/include" + -I"$PICO_SDK_DIR/src/common/pico_base/include" + -I"$PICO_SDK_DIR/src/common/pico_binary_info/include" + -I"$PICO_SDK_DIR/src/common/pico_bit_ops/include" + -I"$PICO_SDK_DIR/src/common/pico_divider/include" + -I"$PICO_SDK_DIR/src/common/pico_stdlib/include" + -I"$PICO_SDK_DIR/src/common/pico_sync/include" + -I"$PICO_SDK_DIR/src/common/pico_time/include" + -I"$PICO_SDK_DIR/src/common/pico_util/include" + -I"$PICO_SDK_DIR/src/rp2040/hardware_regs/include" + -I"$PICO_SDK_DIR/src/rp2040/hardware_structs/include" + -I"$PICO_SDK_DIR/src/rp2_common/boot_stage2/include" + -I"$PICO_SDK_DIR/src/rp2_common/hardware_base/include" + -I"$PICO_SDK_DIR/src/rp2_common/hardware_claim/include" + -I"$PICO_SDK_DIR/src/rp2_common/hardware_clocks/include" + -I"$PICO_SDK_DIR/src/rp2_common/hardware_divider/include" + -I"$PICO_SDK_DIR/src/rp2_common/hardware_exception/include" + -I"$PICO_SDK_DIR/src/rp2_common/hardware_gpio/include" + -I"$PICO_SDK_DIR/src/rp2_common/hardware_irq/include" + -I"$PICO_SDK_DIR/src/rp2_common/hardware_pll/include" + -I"$PICO_SDK_DIR/src/rp2_common/hardware_resets/include" + -I"$PICO_SDK_DIR/src/rp2_common/hardware_sync/include" + -I"$PICO_SDK_DIR/src/rp2_common/hardware_timer/include" + -I"$PICO_SDK_DIR/src/rp2_common/hardware_uart/include" + -I"$PICO_SDK_DIR/src/rp2_common/hardware_vreg/include" + -I"$PICO_SDK_DIR/src/rp2_common/hardware_watchdog/include" + -I"$PICO_SDK_DIR/src/rp2_common/hardware_xosc/include" + -I"$PICO_SDK_DIR/src/rp2_common/pico_bootrom/include" + -I"$PICO_SDK_DIR/src/rp2_common/pico_double/include" + -I"$PICO_SDK_DIR/src/rp2_common/pico_float/include" + -I"$PICO_SDK_DIR/src/rp2_common/pico_int64_ops/include" + -I"$PICO_SDK_DIR/src/rp2_common/pico_malloc/include" + -I"$PICO_SDK_DIR/src/rp2_common/pico_multicore/include" + -I"$PICO_SDK_DIR/src/rp2_common/pico_platform/include" + -I"$PICO_SDK_DIR/src/rp2_common/pico_printf/include" + -I"$PICO_SDK_DIR/src/rp2_common/pico_runtime/include" + -I"$PICO_SDK_DIR/src/rp2_common/pico_stdio/include" + -I"$PICO_SDK_DIR/src/rp2_common/pico_stdio_uart/include" +) + +declare -a RP2040_INCLUDE_FLAGS +RP2040_INLCUDE_FLAGS=( + -I"$SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore" + -I"$SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base" + -I"$REPO_BASE_DIR/portable/ThirdParty/GCC/RP2040/include" + -I"$REPO_BASE_DIR/portable/ThirdParty/GCC/RP2040" +) + +declare -a VERIFAST_FLAGS +VERIFAST_FLAGS=( + -DVERIFAST + -DVERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT + -I"$VF_DIR/bin" + -I"$VF_PROOF_MOD_HEADER_DIR" + -I"$VF_PROOF_MOD_SRC_DIR" + -I"$PROOF_SETUP_DIR" + -I"$PROOF_FILES_DIR" +) -pwd mkdir $LOG_PP_OUT_DIR # Relevant clang flags: -# -E -# -C -# -P : surpresses line/file pragmas +# -E : Run preprocessor +# -C : Include comments in output +# -P : Surpresses line/file pragmas echo start preprocessor -clang -E -C -DFREE_RTOS_KERNEL_SMP=1 -DLIB_FREERTOS_KERNEL=1 -DLIB_PICO_BIT_OPS=1 -DLIB_PICO_BIT_OPS_PICO=1 -DLIB_PICO_DIVIDER=1 -DLIB_PICO_DIVIDER_HARDWARE=1 -DLIB_PICO_DOUBLE=1 -DLIB_PICO_DOUBLE_PICO=1 -DLIB_PICO_FLOAT=1 -DLIB_PICO_FLOAT_PICO=1 -DLIB_PICO_INT64_OPS=1 -DLIB_PICO_INT64_OPS_PICO=1 -DLIB_PICO_MALLOC=1 -DLIB_PICO_MEM_OPS=1 -DLIB_PICO_MEM_OPS_PICO=1 -DLIB_PICO_MULTICORE=1 -DLIB_PICO_PLATFORM=1 -DLIB_PICO_PRINTF=1 -DLIB_PICO_PRINTF_PICO=1 -DLIB_PICO_RUNTIME=1 -DLIB_PICO_STANDARD_LINK=1 -DLIB_PICO_STDIO=1 -DLIB_PICO_STDIO_UART=1 -DLIB_PICO_STDLIB=1 -DLIB_PICO_SYNC=1 -DLIB_PICO_SYNC_CORE=1 -DLIB_PICO_SYNC_CRITICAL_SECTION=1 -DLIB_PICO_SYNC_MUTEX=1 -DLIB_PICO_SYNC_SEM=1 -DLIB_PICO_TIME=1 -DLIB_PICO_UTIL=1 -DPICO_BOARD=\"pico\" -DPICO_BUILD=1 -DPICO_CMAKE_BUILD_TYPE=\"Release\" -DPICO_COPY_TO_RAM=0 -DPICO_CXX_ENABLE_EXCEPTIONS=0 -DPICO_NO_FLASH=0 -DPICO_NO_HARDWARE=0 -DPICO_ON_DEVICE=1 -DPICO_STACK_SIZE=0x1000 -DPICO_TARGET_NAME=\"on_core_one\" -DPICO_USE_BLOCKED_RAM=0 -DmainRUN_FREE_RTOS_ON_CORE=1 \ +clang -E -C \ \ --DVERIFAST \ --DVERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT \ --I"$VF_DIR/bin" \ --I"$VF_PROOF_MOD_HEADER_DIR" \ --I"$VF_PROOF_MOD_SRC_DIR" \ --I"$PROOF_SETUP_DIR" \ --I"$PROOF_FILES_DIR" \ -\ --I"$SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore" \ --I"$SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base" \ -\ --I"$REPO_BASE_DIR/portable/ThirdParty/GCC/RP2040/include" \ --I"$REPO_BASE_DIR/portable/ThirdParty/GCC/RP2040" \ +${BUILD_FLAGS[@]} \ +${VERIFAST_FLAGS[@]} \ +${RP2040_INLCUDE_FLAGS[@]} \ +${PICO_INCLUDE_FLAGS[@]} \ -I"$REPO_BASE_DIR/include" \ \ --I"$PICO_SDK_DIR/src/boards/include" \ --I"$PICO_SDK_DIR/src/common/pico_base/include" \ --I"$PICO_SDK_DIR/src/common/pico_binary_info/include" \ --I"$PICO_SDK_DIR/src/common/pico_bit_ops/include" \ --I"$PICO_SDK_DIR/src/common/pico_divider/include" \ --I"$PICO_SDK_DIR/src/common/pico_stdlib/include" \ --I"$PICO_SDK_DIR/src/common/pico_sync/include" \ --I"$PICO_SDK_DIR/src/common/pico_time/include" \ --I"$PICO_SDK_DIR/src/common/pico_util/include" \ --I"$PICO_SDK_DIR/src/rp2040/hardware_regs/include" \ --I"$PICO_SDK_DIR/src/rp2040/hardware_structs/include" \ --I"$PICO_SDK_DIR/src/rp2_common/boot_stage2/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_base/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_claim/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_clocks/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_divider/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_exception/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_gpio/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_irq/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_pll/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_resets/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_sync/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_timer/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_uart/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_vreg/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_watchdog/include" \ --I"$PICO_SDK_DIR/src/rp2_common/hardware_xosc/include" \ --I"$PICO_SDK_DIR/src/rp2_common/pico_bootrom/include" \ --I"$PICO_SDK_DIR/src/rp2_common/pico_double/include" \ --I"$PICO_SDK_DIR/src/rp2_common/pico_float/include" \ --I"$PICO_SDK_DIR/src/rp2_common/pico_int64_ops/include" \ --I"$PICO_SDK_DIR/src/rp2_common/pico_malloc/include" \ --I"$PICO_SDK_DIR/src/rp2_common/pico_multicore/include" \ --I"$PICO_SDK_DIR/src/rp2_common/pico_platform/include" \ --I"$PICO_SDK_DIR/src/rp2_common/pico_printf/include" \ --I"$PICO_SDK_DIR/src/rp2_common/pico_runtime/include" \ --I"$PICO_SDK_DIR/src/rp2_common/pico_stdio/include" \ --I"$PICO_SDK_DIR/src/rp2_common/pico_stdio_uart/include" \ -\ -c "$SRC_FILE" \ 1>"$OUT_FILE" 2>"$ERR_FILE" \ No newline at end of file From c11a401b1bad8de19053d37b71a13ec640e23a3f Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sat, 10 Dec 2022 17:36:49 -0500 Subject: [PATCH 209/289] Startup and preprocessing scripts don't rely on the current working directory anymore. --- .../tasks/vTaskSwitchContext/.gitignore | 2 +- .../preprocess_file.sh | 26 ++-- .../preprocess_tasks_c.sh | 41 ++--- .../tasks/vTaskSwitchContext/paths.sh | 142 ++++++++++++++++++ .../start-vfide--preprocessed.sh | 26 ++-- 5 files changed, 189 insertions(+), 48 deletions(-) create mode 100755 Test/VeriFast/tasks/vTaskSwitchContext/paths.sh diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/.gitignore b/Test/VeriFast/tasks/vTaskSwitchContext/.gitignore index a1e1cfa0e02..502dc918a23 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/.gitignore +++ b/Test/VeriFast/tasks/vTaskSwitchContext/.gitignore @@ -1,5 +1,5 @@ # Ignore log files -custom_build_scripts_RP2040/log_preprocessed_files +pp_log # Ignore preprocessing output preprocessed_files/* diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh index 2d3169bc9ee..aa5e310f7e6 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh @@ -6,28 +6,21 @@ REPO_BASE_DIR="$4" VF_PROOF_BASE_DIR="$5" VF_DIR="$6" -PP_SCRIPT_WD=`pwd` -VF_PROOF_MOD_SRC_DIR="$VF_PROOF_BASE_DIR/src" -VF_PROOF_MOD_HEADER_DIR="$VF_PROOF_BASE_DIR/include" +# Load functions used to compute paths. +. "$VF_PROOF_BASE_DIR/paths.sh" -PROOF_SETUP_DIR="$VF_PROOF_BASE_DIR/proof_setup" -PROOF_FILES_DIR="$VF_PROOF_BASE_DIR/proof" -PICO_SDK_DIR="$VF_PROOF_BASE_DIR/sdks/pico-sdk" -SMP_DEMO_DIR="$VF_PROOF_BASE_DIR/demos/FreeRTOS-SMP-Demos" -#LOG_DIR="`pwd`/build_logs" -#BUILD_LOG="$LOG_DIR/build_log--`date +'%y_%m_%d--%H_%M'`.txt" -TIMESTAMP=`date +'%y_%m_%d--%H_%M'` -LOG_PP_OUT_DIR="$PP_SCRIPT_WD/log_preprocessed_files" -LOG_PP_TASK_C="$LOG_PP_OUT_DIR/tasks--pp--$TIMESTAMP.c" -LOG_PP_ERR="$LOG_PP_OUT_DIR/error--$TIMESTAMP.c" +VF_PROOF_MOD_SRC_DIR=`vf_proof_mod_src_dir $REPO_BASE_DIR` +VF_PROOF_MOD_HEADER_DIR=`vf_proof_mod_header_dir $REPO_BASE_DIR` -LOG_VF_RW_TASK_C="$LOG_PP_OUT_DIR/tasks--vf_rw--$TIMESTAMP.c" -PP_OUT_DIR="$VF_PROOF_BASE_DIR/preprocessed_files" -PP_TASK_C="$PP_OUT_DIR/tasks__pp.c" +PROOF_SETUP_DIR=`vf_proof_setup_dir $REPO_BASE_DIR` +PROOF_FILES_DIR=`vf_proof_dir $REPO_BASE_DIR` +PICO_SDK_DIR=`pico_sdk_dir $REPO_BASE_DIR` +SMP_DEMO_DIR=`smp_demo_dir $REPO_BASE_DIR` + # Flags to SKIP expensive proofs: @@ -141,7 +134,6 @@ VERIFAST_FLAGS=( -I"$PROOF_FILES_DIR" ) -mkdir $LOG_PP_OUT_DIR # Relevant clang flags: # -E : Run preprocessor diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_tasks_c.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_tasks_c.sh index f7b9983a7b3..aec1c178b74 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_tasks_c.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_tasks_c.sh @@ -10,37 +10,39 @@ REPO_BASE_DIR="$1" VF_PROOF_BASE_DIR="$2" VF_DIR="$3" -PP_SCRIPT_WD=`pwd` -VF_PROOF_MOD_SRC_DIR="$VF_PROOF_BASE_DIR/src" -VF_PROOF_MOD_HEADER_DIR="$VF_PROOF_BASE_DIR/include" +# Load functions used to compute paths. +. "$VF_PROOF_BASE_DIR/paths.sh" -TASKS_C="$VF_PROOF_MOD_SRC_DIR/tasks.c" -PROOF_SETUP_DIR="$VF_PROOF_BASE_DIR/proof_setup" -PROOF_FILES_DIR="$VF_PROOF_BASE_DIR/proof" -PICO_SDK_DIR="$VF_PROOF_BASE_DIR/sdks/pico-sdk" -SMP_DEMO_DIR="$VF_PROOF_BASE_DIR/demos/FreeRTOS-SMP-Demos" +VF_PROOF_MOD_SRC_DIR=`vf_proof_mod_src_dir $REPO_BASE_DIR` +VF_PROOF_MOD_HEADER_DIR=`vf_proof_mod_header_dir $REPO_BASE_DIR` +TASKS_C=`vf_annotated_tasks_c $REPO_BASE_DIR` -#LOG_DIR="`pwd`/build_logs" +PROOF_SETUP_DIR=`vf_proof_setup_dir $REPO_BASE_DIR` +PROOF_FILES_DIR=`vf_proof_dir $REPO_BASE_DIR` +PICO_SDK_DIR=`pico_sdk_dir $REPO_BASE_DIR` +SMP_DEMO_DIR=`smp_demo_dir $REPO_BASE_DIR` + + +PP_SCRIP_DIR=`pp_script_dir $REPO_BASE_DIR` #BUILD_LOG="$LOG_DIR/build_log--`date +'%y_%m_%d--%H_%M'`.txt" TIMESTAMP=`date +'%y_%m_%d--%H_%M'` -LOG_PP_OUT_DIR="$PP_SCRIPT_WD/log_preprocessed_files" -LOG_PP_TASK_C="$LOG_PP_OUT_DIR/tasks--pp--$TIMESTAMP.c" -LOG_PP_ERR="$LOG_PP_OUT_DIR/error--$TIMESTAMP.c" +PP_LOG_DIR=`pp_log_dir $REPO_BASE_DIR` +LOG_PP_TASK_C="$PP_LOG_DIR/tasks--pp--$TIMESTAMP.c" +LOG_PP_ERR="$PP_LOG_DIR/error--$TIMESTAMP.c" -LOG_VF_RW_TASK_C="$LOG_PP_OUT_DIR/tasks--vf_rw--$TIMESTAMP.c" +LOG_VF_RW_TASK_C="$PP_LOG_DIR/tasks--vf_rw--$TIMESTAMP.c" PP_OUT_DIR="$VF_PROOF_BASE_DIR/preprocessed_files" -PP_TASK_C="$PP_OUT_DIR/tasks__pp.c" +PP_TASK_C=`pp_vf_tasks_c $REPO_BASE_DIR` # Flags to SKIP expensive proofs: # - VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT -pwd -mkdir $LOG_PP_OUT_DIR +mkdir $PP_LOG_DIR # Relevant clang flags: # -E @@ -48,7 +50,7 @@ mkdir $LOG_PP_OUT_DIR # -P : surpresses line/file pragmas echo start preprocessor -./preprocess_file.sh $TASKS_C $LOG_PP_TASK_C $LOG_PP_ERR $REPO_BASE_DIR $VF_PROOF_BASE_DIR $VF_DIR +"$PP_SCRIP_DIR/preprocess_file.sh" $TASKS_C $LOG_PP_TASK_C $LOG_PP_ERR $REPO_BASE_DIR $VF_PROOF_BASE_DIR $VF_DIR echo "\n\nPreprocessed output with pragmas written to:" echo $LOG_PP_TASK_C @@ -57,11 +59,10 @@ echo $LOG_PP_TASK_C echo "\n\nApplying VeriFast rewrites. Result written to:" echo $LOG_VF_RW_TASK_C cp "$LOG_PP_TASK_C" "$LOG_VF_RW_TASK_C" -./vf_rewrite.sh "$LOG_VF_RW_TASK_C" +"$PP_SCRIP_DIR/vf_rewrite.sh" "$LOG_VF_RW_TASK_C" -pwd -mkdir "$PP_OUT_DIR" +mkdir `pp_out_dir $REPO_BASE_DIR` echo "\n\nCopying preprocessed tasks.c file with pragma comments and VF rewrites" echo "$LOG_VF_RW_TASK_C" echo to diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh b/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh new file mode 100755 index 00000000000..d869da04935 --- /dev/null +++ b/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh @@ -0,0 +1,142 @@ +# Returns the absolute path to the directory containing the VeriFast proofs +# concerning `vTaskSwitchContext` in `tasks.c`. +# +# Expected arguments: +# $1 : Absolute path to the repository's base directory. +function vf_proof_base_dir() { + REPO_BASE_DIR="$1" + echo "$REPO_BASE_DIR/Test/VeriFast/tasks/vTaskSwitchContext" +} + +# Returns the absolute path to the directory containing modified versions of +# FreeRTOS source files. The VeriFast proofs use these modified verions instead +# of the original files. +# +# Expected arguments: +# $1 : Absolute path to the repository's base +function vf_proof_mod_src_dir() { + REPO_BASE_DIR="$1" + VF_PROOF_DIR=`vf_proof_base_dir $REPO_BASE_DIR` + + echo "$VF_PROOF_DIR/src" +} + +# Returns the absolute path to the directory containing modified versions of +# FreeRTOS header files. The VeriFast proofs use these modified verions instead +# of the original files. +# +# Expected arguments: +# $1 : Absolute path to the repository's base +function vf_proof_mod_header_dir() { + REPO_BASE_DIR="$1" + VF_PROOF_DIR=`vf_proof_base_dir $REPO_BASE_DIR` + + echo "$VF_PROOF_DIR/include" +} + +# Returns the absolute path to the directory containing everything related to +# the setup of the VeriFast proofs. +# +# Expected arguments: +# $1 : Absolute path to the repository's base +function vf_proof_setup_dir() { + REPO_BASE_DIR="$1" + VF_PROOF_DIR=`vf_proof_base_dir $REPO_BASE_DIR` + + echo "$VF_PROOF_DIR/proof_setup" +} + +# Returns the absolute path to the directory containing all lemmas and +# definitions used written for the VeriFast proofs. +# +# Expected arguments: +# $1 : Absolute path to the repository's base +function vf_proof_dir() { + REPO_BASE_DIR="$1" + VF_PROOF_DIR=`vf_proof_base_dir $REPO_BASE_DIR` + + echo "$VF_PROOF_DIR/proof" +} + +# Returns the absolute path to the version of `tasks.c` containing the VeriFast +# proof annotations. +# +# Expected arguments: +# $1 : Absolute path to the repository's base +function vf_annotated_tasks_c() { + REPO_BASE_DIR="$1" + VF_MOD_SRC_DIR=`vf_proof_mod_src_dir $REPO_BASE_DIR` + + echo "$VF_MOD_SRC_DIR/tasks.c" +} + + +# Returns the absolute path to the directory containing the preprocessing scripts. +# +# Expected arguments: +# $1 : Absolute path to the repository's base +function pp_script_dir() { + REPO_BASE_DIR="$1" + VF_PROOF_DIR=`vf_proof_base_dir $REPO_BASE_DIR` + + echo "$VF_PROOF_DIR/custom_build_scripts_RP2040" +} + +# Returns the absolute path to the preprocesor's output direcotry. +# +# Expected arguments: +# $1 : Absolute path to the repository's base +function pp_out_dir() { + REPO_BASE_DIR="$1" + VF_PROOF_DIR=`vf_proof_base_dir $REPO_BASE_DIR` + + echo "$VF_PROOF_DIR/preprocessed_files" +} + +# Returns the absolute path to the preprocesor's log direcotry. +# +# Expected arguments: +# $1 : Absolute path to the repository's base +function pp_log_dir() { + REPO_BASE_DIR="$1" + VF_PROOF_DIR=`vf_proof_base_dir $REPO_BASE_DIR` + + echo "$VF_PROOF_DIR/pp_log" +} + +# Returns the absolute path to the preprocessed version of `tasks.c` containing +# the VeriFast proof annotations. This is the file that is processed by +# VeriFast. +# +# Expected arguments: +# $1 : Absolute path to the repository's base +function pp_vf_tasks_c() { + REPO_BASE_DIR="$1" + PP_OUT_DIR=`pp_out_dir $REPO_BASE_DIR` + + echo "$PP_OUT_DIR/tasks_vf_pp.c" +} + +# Returns the absolute path to the pico sdk. +# +# Expected arguments: +# $1 : Absolute path to the repository's base +function pico_sdk_dir() { + REPO_BASE_DIR="$1" + VF_PROOF_DIR=`vf_proof_base_dir $REPO_BASE_DIR` + + echo "$VF_PROOF_DIR/sdks/pico-sdk" +} + +# Returns the absolute path to the smp_demo_dir. +# +# Expected arguments: +# $1 : Absolute path to the repository's base +function smp_demo_dir() { + REPO_BASE_DIR="$1" + VF_PROOF_DIR=`vf_proof_base_dir $REPO_BASE_DIR` + + echo "$VF_PROOF_DIR/demos/FreeRTOS-SMP-Demos" +} + + diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/start-vfide--preprocessed.sh b/Test/VeriFast/tasks/vTaskSwitchContext/start-vfide--preprocessed.sh index 6f506fc8f4a..f626d75a708 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/start-vfide--preprocessed.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/start-vfide--preprocessed.sh @@ -5,15 +5,25 @@ # $1 : Absolute path to the VeriFast directory +# Relative or absolute path to the directory this script and `paths.sh` reside in. +PREFIX=`dirname $0` +# Absolute path to the base of this repository. REPO_BASE_DIR="$1" + +# Load functions used to compute paths. +. "$PREFIX/paths.sh" + + VF_PROOF_BASE_DIR="$2" VF_DIR="$3" echo Path to vfide binary : "\'$VFIDE\'" -START_WD=`pwd` -PP_SCRIPT_DIR="$START_WD/custom_build_scripts_RP2040" -PP_SCRIPT="./preprocess_tasks_c.sh" -PP_TASK_C="$START_WD/preprocessed_files/tasks__pp.c" +PP_SCRIPT_DIR=`pp_script_dir $REPO_BASE_DIR` +PP_SCRIPT="`pp_script_dir $REPO_BASE_DIR`/preprocess_tasks_c.sh" +PP_TASK_C=`pp_vf_tasks_c $REPO_BASE_DIR` + +PROOF_SETUP_DIR=`vf_proof_setup_dir $REPO_BASE_DIR` +PROOF_FILES_DIR=`vf_proof_dir $REPO_BASE_DIR` FONT_SIZE=17 if [ "$4" != "" ] @@ -26,11 +36,7 @@ fi # Currently, these flags are set manually in the preprocessing script. -cd "$PP_SCRIPT_DIR" -pwd -ls "$PP_SCRIPT" "$REPO_BASE_DIR" "$VF_PROOF_BASE_DIR" "$VF_DIR" -cd "$START_WD" echo "\n\nPreprocessing script finished\n\n" @@ -43,8 +49,8 @@ echo $PP_TASK_C # off. # - Need z3v4.5 to handle bitvector arithmetic "$VF_DIR/bin/vfide" "$PP_TASK_C" \ - -I proof_setup \ - -I proofs \ + -I $PROOF_SETUP_DIR \ + -I $PROOF_FILES_DIR \ -assume_no_provenance \ -disable_overflow_check \ "$PP_TASK_C" \ From d989b3441d21cf0c494aafb913e2eccb94b48dbf Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sat, 10 Dec 2022 17:41:37 -0500 Subject: [PATCH 210/289] Typo --- .../custom_build_scripts_RP2040/preprocess_file.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh index aa5e310f7e6..dd6d602b49a 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh @@ -73,7 +73,7 @@ BUILD_FLAGS=( -DmainRUN_FREE_RTOS_ON_CORE=1 ) -delcare -a PICO_INCLUDE_FLAGS +declare -a PICO_INCLUDE_FLAGS PICO_INCLUDE_FLAGS=( -I"$PICO_SDK_DIR/src/boards/include" -I"$PICO_SDK_DIR/src/common/pico_base/include" From 6ca13772853e40eb74645992d37431ae5ad1155d Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sat, 10 Dec 2022 18:01:44 -0500 Subject: [PATCH 211/289] Moved computation of preprocessor flags to separate shell script. --- .../custom_build_scripts_RP2040/pp_flags.sh | 126 ++++++++++++++++++ .../preprocess_file.sh | 111 +-------------- 2 files changed, 130 insertions(+), 107 deletions(-) create mode 100755 Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/pp_flags.sh diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/pp_flags.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/pp_flags.sh new file mode 100755 index 00000000000..f6093d757d9 --- /dev/null +++ b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/pp_flags.sh @@ -0,0 +1,126 @@ +#!/bin/bash + +REPO_BASE_DIR="$1" +VF_PROOF_BASE_DIR="$2" +VF_DIR="$3" + + +# Load functions used to compute paths. +. "$VF_PROOF_BASE_DIR/paths.sh" + +PICO_SDK_DIR=`pico_sdk_dir $REPO_BASE_DIR` +SMP_DEMO_DIR=`smp_demo_dir $REPO_BASE_DIR` +VF_PROOF_MOD_HEADER_DIR=`vf_proof_mod_header_dir $REPO_BASE_DIR` +VF_PROOF_MOD_SRC_DIR=`vf_proof_mod_src_dir $REPO_BASE_DIR` +PROOF_SETUP_DIR=`vf_proof_setup_dir $REPO_BASE_DIR` +PROOF_FILES_DIR=`vf_proof_dir $REPO_BASE_DIR` + + + +declare -a BUILD_FLAGS +BUILD_FLAGS=( + -DFREE_RTOS_KERNEL_SMP=1 + -DLIB_FREERTOS_KERNEL=1 + -DLIB_PICO_BIT_OPS=1 + -DLIB_PICO_BIT_OPS_PICO=1 + -DLIB_PICO_DIVIDER=1 + -DLIB_PICO_DIVIDER_HARDWARE=1 + -DLIB_PICO_DOUBLE=1 + -DLIB_PICO_DOUBLE_PICO=1 + -DLIB_PICO_FLOAT=1 + -DLIB_PICO_FLOAT_PICO=1 + -DLIB_PICO_INT64_OPS=1 + -DLIB_PICO_INT64_OPS_PICO=1 + -DLIB_PICO_MALLOC=1 + -DLIB_PICO_MEM_OPS=1 + -DLIB_PICO_MEM_OPS_PICO=1 + -DLIB_PICO_MULTICORE=1 + -DLIB_PICO_PLATFORM=1 + -DLIB_PICO_PRINTF=1 + -DLIB_PICO_PRINTF_PICO=1 + -DLIB_PICO_RUNTIME=1 + -DLIB_PICO_STANDARD_LINK=1 + -DLIB_PICO_STDIO=1 + -DLIB_PICO_STDIO_UART=1 + -DLIB_PICO_STDLIB=1 + -DLIB_PICO_SYNC=1 + -DLIB_PICO_SYNC_CORE=1 + -DLIB_PICO_SYNC_CRITICAL_SECTION=1 + -DLIB_PICO_SYNC_MUTEX=1 + -DLIB_PICO_SYNC_SEM=1 + -DLIB_PICO_TIME=1 + -DLIB_PICO_UTIL=1 + -DPICO_BOARD=\"pico\" + -DPICO_BUILD=1 + -DPICO_CMAKE_BUILD_TYPE=\"Release\" + -DPICO_COPY_TO_RAM=0 + -DPICO_CXX_ENABLE_EXCEPTIONS=0 + -DPICO_NO_FLASH=0 + -DPICO_NO_HARDWARE=0 + -DPICO_ON_DEVICE=1 + -DPICO_STACK_SIZE=0x1000 + -DPICO_TARGET_NAME=\"on_core_one\" + -DPICO_USE_BLOCKED_RAM=0 + -DmainRUN_FREE_RTOS_ON_CORE=1 +) + +declare -a PICO_INCLUDE_FLAGS +PICO_INCLUDE_FLAGS=( + -I"$PICO_SDK_DIR/src/boards/include" + -I"$PICO_SDK_DIR/src/common/pico_base/include" + -I"$PICO_SDK_DIR/src/common/pico_binary_info/include" + -I"$PICO_SDK_DIR/src/common/pico_bit_ops/include" + -I"$PICO_SDK_DIR/src/common/pico_divider/include" + -I"$PICO_SDK_DIR/src/common/pico_stdlib/include" + -I"$PICO_SDK_DIR/src/common/pico_sync/include" + -I"$PICO_SDK_DIR/src/common/pico_time/include" + -I"$PICO_SDK_DIR/src/common/pico_util/include" + -I"$PICO_SDK_DIR/src/rp2040/hardware_regs/include" + -I"$PICO_SDK_DIR/src/rp2040/hardware_structs/include" + -I"$PICO_SDK_DIR/src/rp2_common/boot_stage2/include" + -I"$PICO_SDK_DIR/src/rp2_common/hardware_base/include" + -I"$PICO_SDK_DIR/src/rp2_common/hardware_claim/include" + -I"$PICO_SDK_DIR/src/rp2_common/hardware_clocks/include" + -I"$PICO_SDK_DIR/src/rp2_common/hardware_divider/include" + -I"$PICO_SDK_DIR/src/rp2_common/hardware_exception/include" + -I"$PICO_SDK_DIR/src/rp2_common/hardware_gpio/include" + -I"$PICO_SDK_DIR/src/rp2_common/hardware_irq/include" + -I"$PICO_SDK_DIR/src/rp2_common/hardware_pll/include" + -I"$PICO_SDK_DIR/src/rp2_common/hardware_resets/include" + -I"$PICO_SDK_DIR/src/rp2_common/hardware_sync/include" + -I"$PICO_SDK_DIR/src/rp2_common/hardware_timer/include" + -I"$PICO_SDK_DIR/src/rp2_common/hardware_uart/include" + -I"$PICO_SDK_DIR/src/rp2_common/hardware_vreg/include" + -I"$PICO_SDK_DIR/src/rp2_common/hardware_watchdog/include" + -I"$PICO_SDK_DIR/src/rp2_common/hardware_xosc/include" + -I"$PICO_SDK_DIR/src/rp2_common/pico_bootrom/include" + -I"$PICO_SDK_DIR/src/rp2_common/pico_double/include" + -I"$PICO_SDK_DIR/src/rp2_common/pico_float/include" + -I"$PICO_SDK_DIR/src/rp2_common/pico_int64_ops/include" + -I"$PICO_SDK_DIR/src/rp2_common/pico_malloc/include" + -I"$PICO_SDK_DIR/src/rp2_common/pico_multicore/include" + -I"$PICO_SDK_DIR/src/rp2_common/pico_platform/include" + -I"$PICO_SDK_DIR/src/rp2_common/pico_printf/include" + -I"$PICO_SDK_DIR/src/rp2_common/pico_runtime/include" + -I"$PICO_SDK_DIR/src/rp2_common/pico_stdio/include" + -I"$PICO_SDK_DIR/src/rp2_common/pico_stdio_uart/include" +) + +declare -a RP2040_INCLUDE_FLAGS +RP2040_INLCUDE_FLAGS=( + -I"$SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore" + -I"$SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base" + -I"$REPO_BASE_DIR/portable/ThirdParty/GCC/RP2040/include" + -I"$REPO_BASE_DIR/portable/ThirdParty/GCC/RP2040" +) + +declare -a VERIFAST_FLAGS +VERIFAST_FLAGS=( + -DVERIFAST + -DVERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT + -I"$VF_DIR/bin" + -I"$VF_PROOF_MOD_HEADER_DIR" + -I"$VF_PROOF_MOD_SRC_DIR" + -I"$PROOF_SETUP_DIR" + -I"$PROOF_FILES_DIR" +) \ No newline at end of file diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh index dd6d602b49a..1ba26a2f9bd 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh @@ -10,6 +10,9 @@ VF_DIR="$6" # Load functions used to compute paths. . "$VF_PROOF_BASE_DIR/paths.sh" +# Load variables storing preprocessor flags. +. "`pp_script_dir $REPO_BASE_DIR`/pp_flags.sh" "$REPO_BASE_DIR" "$VF_PROOF_BASE_DIR" "$VF_DIR" + VF_PROOF_MOD_SRC_DIR=`vf_proof_mod_src_dir $REPO_BASE_DIR` @@ -26,113 +29,7 @@ SMP_DEMO_DIR=`smp_demo_dir $REPO_BASE_DIR` # Flags to SKIP expensive proofs: # - VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT -declare -a BUILD_FLAGS -BUILD_FLAGS=( - -DFREE_RTOS_KERNEL_SMP=1 - -DLIB_FREERTOS_KERNEL=1 - -DLIB_PICO_BIT_OPS=1 - -DLIB_PICO_BIT_OPS_PICO=1 - -DLIB_PICO_DIVIDER=1 - -DLIB_PICO_DIVIDER_HARDWARE=1 - -DLIB_PICO_DOUBLE=1 - -DLIB_PICO_DOUBLE_PICO=1 - -DLIB_PICO_FLOAT=1 - -DLIB_PICO_FLOAT_PICO=1 - -DLIB_PICO_INT64_OPS=1 - -DLIB_PICO_INT64_OPS_PICO=1 - -DLIB_PICO_MALLOC=1 - -DLIB_PICO_MEM_OPS=1 - -DLIB_PICO_MEM_OPS_PICO=1 - -DLIB_PICO_MULTICORE=1 - -DLIB_PICO_PLATFORM=1 - -DLIB_PICO_PRINTF=1 - -DLIB_PICO_PRINTF_PICO=1 - -DLIB_PICO_RUNTIME=1 - -DLIB_PICO_STANDARD_LINK=1 - -DLIB_PICO_STDIO=1 - -DLIB_PICO_STDIO_UART=1 - -DLIB_PICO_STDLIB=1 - -DLIB_PICO_SYNC=1 - -DLIB_PICO_SYNC_CORE=1 - -DLIB_PICO_SYNC_CRITICAL_SECTION=1 - -DLIB_PICO_SYNC_MUTEX=1 - -DLIB_PICO_SYNC_SEM=1 - -DLIB_PICO_TIME=1 - -DLIB_PICO_UTIL=1 - -DPICO_BOARD=\"pico\" - -DPICO_BUILD=1 - -DPICO_CMAKE_BUILD_TYPE=\"Release\" - -DPICO_COPY_TO_RAM=0 - -DPICO_CXX_ENABLE_EXCEPTIONS=0 - -DPICO_NO_FLASH=0 - -DPICO_NO_HARDWARE=0 - -DPICO_ON_DEVICE=1 - -DPICO_STACK_SIZE=0x1000 - -DPICO_TARGET_NAME=\"on_core_one\" - -DPICO_USE_BLOCKED_RAM=0 - -DmainRUN_FREE_RTOS_ON_CORE=1 -) - -declare -a PICO_INCLUDE_FLAGS -PICO_INCLUDE_FLAGS=( - -I"$PICO_SDK_DIR/src/boards/include" - -I"$PICO_SDK_DIR/src/common/pico_base/include" - -I"$PICO_SDK_DIR/src/common/pico_binary_info/include" - -I"$PICO_SDK_DIR/src/common/pico_bit_ops/include" - -I"$PICO_SDK_DIR/src/common/pico_divider/include" - -I"$PICO_SDK_DIR/src/common/pico_stdlib/include" - -I"$PICO_SDK_DIR/src/common/pico_sync/include" - -I"$PICO_SDK_DIR/src/common/pico_time/include" - -I"$PICO_SDK_DIR/src/common/pico_util/include" - -I"$PICO_SDK_DIR/src/rp2040/hardware_regs/include" - -I"$PICO_SDK_DIR/src/rp2040/hardware_structs/include" - -I"$PICO_SDK_DIR/src/rp2_common/boot_stage2/include" - -I"$PICO_SDK_DIR/src/rp2_common/hardware_base/include" - -I"$PICO_SDK_DIR/src/rp2_common/hardware_claim/include" - -I"$PICO_SDK_DIR/src/rp2_common/hardware_clocks/include" - -I"$PICO_SDK_DIR/src/rp2_common/hardware_divider/include" - -I"$PICO_SDK_DIR/src/rp2_common/hardware_exception/include" - -I"$PICO_SDK_DIR/src/rp2_common/hardware_gpio/include" - -I"$PICO_SDK_DIR/src/rp2_common/hardware_irq/include" - -I"$PICO_SDK_DIR/src/rp2_common/hardware_pll/include" - -I"$PICO_SDK_DIR/src/rp2_common/hardware_resets/include" - -I"$PICO_SDK_DIR/src/rp2_common/hardware_sync/include" - -I"$PICO_SDK_DIR/src/rp2_common/hardware_timer/include" - -I"$PICO_SDK_DIR/src/rp2_common/hardware_uart/include" - -I"$PICO_SDK_DIR/src/rp2_common/hardware_vreg/include" - -I"$PICO_SDK_DIR/src/rp2_common/hardware_watchdog/include" - -I"$PICO_SDK_DIR/src/rp2_common/hardware_xosc/include" - -I"$PICO_SDK_DIR/src/rp2_common/pico_bootrom/include" - -I"$PICO_SDK_DIR/src/rp2_common/pico_double/include" - -I"$PICO_SDK_DIR/src/rp2_common/pico_float/include" - -I"$PICO_SDK_DIR/src/rp2_common/pico_int64_ops/include" - -I"$PICO_SDK_DIR/src/rp2_common/pico_malloc/include" - -I"$PICO_SDK_DIR/src/rp2_common/pico_multicore/include" - -I"$PICO_SDK_DIR/src/rp2_common/pico_platform/include" - -I"$PICO_SDK_DIR/src/rp2_common/pico_printf/include" - -I"$PICO_SDK_DIR/src/rp2_common/pico_runtime/include" - -I"$PICO_SDK_DIR/src/rp2_common/pico_stdio/include" - -I"$PICO_SDK_DIR/src/rp2_common/pico_stdio_uart/include" -) - -declare -a RP2040_INCLUDE_FLAGS -RP2040_INLCUDE_FLAGS=( - -I"$SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore" - -I"$SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/build/generated/pico_base" - -I"$REPO_BASE_DIR/portable/ThirdParty/GCC/RP2040/include" - -I"$REPO_BASE_DIR/portable/ThirdParty/GCC/RP2040" -) - -declare -a VERIFAST_FLAGS -VERIFAST_FLAGS=( - -DVERIFAST - -DVERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT - -I"$VF_DIR/bin" - -I"$VF_PROOF_MOD_HEADER_DIR" - -I"$VF_PROOF_MOD_SRC_DIR" - -I"$PROOF_SETUP_DIR" - -I"$PROOF_FILES_DIR" -) + # Relevant clang flags: From d1a333b1861af2a8e9d56ba9f6a7457d569e17fe Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sat, 10 Dec 2022 18:03:34 -0500 Subject: [PATCH 212/289] Deleted deprecated variables. --- .../custom_build_scripts_RP2040/preprocess_file.sh | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh index 1ba26a2f9bd..8dadc0d6750 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh @@ -14,18 +14,6 @@ VF_DIR="$6" . "`pp_script_dir $REPO_BASE_DIR`/pp_flags.sh" "$REPO_BASE_DIR" "$VF_PROOF_BASE_DIR" "$VF_DIR" - -VF_PROOF_MOD_SRC_DIR=`vf_proof_mod_src_dir $REPO_BASE_DIR` -VF_PROOF_MOD_HEADER_DIR=`vf_proof_mod_header_dir $REPO_BASE_DIR` - - -PROOF_SETUP_DIR=`vf_proof_setup_dir $REPO_BASE_DIR` -PROOF_FILES_DIR=`vf_proof_dir $REPO_BASE_DIR` -PICO_SDK_DIR=`pico_sdk_dir $REPO_BASE_DIR` -SMP_DEMO_DIR=`smp_demo_dir $REPO_BASE_DIR` - - - # Flags to SKIP expensive proofs: # - VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT From 53293fe57ab6a23b42ce6610bed761476145fd57 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sat, 10 Dec 2022 18:07:47 -0500 Subject: [PATCH 213/289] Renamed pp shell script. --- .../{preprocess_file.sh => preprocess_file_for_verification.sh} | 0 .../custom_build_scripts_RP2040/preprocess_tasks_c.sh | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/{preprocess_file.sh => preprocess_file_for_verification.sh} (100%) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_verification.sh similarity index 100% rename from Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file.sh rename to Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_verification.sh diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_tasks_c.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_tasks_c.sh index aec1c178b74..d4ba7a963a2 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_tasks_c.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_tasks_c.sh @@ -50,7 +50,7 @@ mkdir $PP_LOG_DIR # -P : surpresses line/file pragmas echo start preprocessor -"$PP_SCRIP_DIR/preprocess_file.sh" $TASKS_C $LOG_PP_TASK_C $LOG_PP_ERR $REPO_BASE_DIR $VF_PROOF_BASE_DIR $VF_DIR +"$PP_SCRIP_DIR/preprocess_file_for_verification.sh" $TASKS_C $LOG_PP_TASK_C $LOG_PP_ERR $REPO_BASE_DIR $VF_PROOF_BASE_DIR $VF_DIR echo "\n\nPreprocessed output with pragmas written to:" echo $LOG_PP_TASK_C From 43f9afe277711ce41bc157dd03f962bde9c9d62a Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sat, 10 Dec 2022 18:42:14 -0500 Subject: [PATCH 214/289] Setup first draft of diff script. Need to fine tune preprocessor flags. --- .../preprocess_file_for_diff.sh | 51 ++++++++++++++++++ .../preprocess_file_for_verification.sh | 2 +- .../VeriFast/tasks/vTaskSwitchContext/diff.sh | 53 +++++++++++++++++++ .../tasks/vTaskSwitchContext/paths.sh | 43 +++++++++++++++ 4 files changed, 148 insertions(+), 1 deletion(-) create mode 100755 Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_diff.sh create mode 100755 Test/VeriFast/tasks/vTaskSwitchContext/diff.sh diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_diff.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_diff.sh new file mode 100755 index 00000000000..b3ca1456dca --- /dev/null +++ b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_diff.sh @@ -0,0 +1,51 @@ +#!/bin/bash +SRC_FILE="$1" +OUT_FILE="$2" +ERR_FILE="$3" +REPO_BASE_DIR="$4" +VF_PROOF_BASE_DIR="$5" +VF_DIR="$6" + + +echo SRC_FILE: +echo $SRC_FILE +echo OUT_FILE: +echo $OUT_FILE +echo ERR_FILE: +echo $ERR_FILE +echo REPO_BASE_DIR: +echo $REPO_BASE_DIR +echo VF_PROOF_BASE_DIR: +echo $VF_PROOF_BASE_DIR +echo VF_DIR: +echo $VF_DIR + +# Load functions used to compute paths. +. "$VF_PROOF_BASE_DIR/paths.sh" + +# Load variables storing preprocessor flags. +. "`pp_script_dir $REPO_BASE_DIR`/pp_flags.sh" "$REPO_BASE_DIR" "$VF_PROOF_BASE_DIR" "$VF_DIR" + + +# Flags to SKIP expensive proofs: +# - VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT + + + + +# Relevant clang flags: +# -E : Run preprocessor +# -C : Include comments in output +# -P : Surpresses line/file pragmas + +echo start preprocessor +clang -E -C \ +\ +${BUILD_FLAGS[@]} \ +${VERIFAST_FLAGS[@]} \ +${RP2040_INLCUDE_FLAGS[@]} \ +${PICO_INCLUDE_FLAGS[@]} \ +-I`prod_header_dir $REPO_BASE_DIR` \ +\ +-c "$SRC_FILE" \ +1>"$OUT_FILE" 2>"$ERR_FILE" \ No newline at end of file diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_verification.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_verification.sh index 8dadc0d6750..81cce3fe8c0 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_verification.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_verification.sh @@ -32,7 +32,7 @@ ${BUILD_FLAGS[@]} \ ${VERIFAST_FLAGS[@]} \ ${RP2040_INLCUDE_FLAGS[@]} \ ${PICO_INCLUDE_FLAGS[@]} \ --I"$REPO_BASE_DIR/include" \ +-I`prod_header_dir $REPO_BASE_DIR` \ \ -c "$SRC_FILE" \ 1>"$OUT_FILE" 2>"$ERR_FILE" \ No newline at end of file diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh b/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh new file mode 100755 index 00000000000..2afd3af953e --- /dev/null +++ b/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh @@ -0,0 +1,53 @@ +#!/bin/bash + + + +# Relative or absolute path to the directory this script and `paths.sh` reside in. +PREFIX=`dirname $0` +# Absolute path to the base of this repository. +REPO_BASE_DIR="$1" + +# Load functions used to compute paths. +. "$PREFIX/paths.sh" + +VF_PROOF_BASE_DIR=`vf_proof_base_dir $REPO_BASE_DIR` + + + +# Load functions used to compute paths. +. "$PREFIX/paths.sh" + +VF_PROOF_DIR=`vf_proof_base_dir $REPO_BASE_DIR` + +PP_SCRIPT_DIR=`pp_script_dir $REPO_BASE_DIR` + +echo preprocessing production version of 'tasks.c' +"$PP_SCRIPT_DIR/preprocess_file_for_diff.sh" \ + `prod_tasks_c $REPO_BASE_DIR` \ + `pp_prod_tasks_c $REPO_BASE_DIR` \ + "`pp_log_dir $REPO_BASE_DIR`/err1.txt" \ + $REPO_BASE_DIR \ + $VF_PROOF_BASE_DIR + +echo preprocessing verified version of 'tasks.c' +"$PP_SCRIPT_DIR/preprocess_file_for_diff.sh" \ + `vf_annotated_tasks_c $REPO_BASE_DIR` \ + `pp_vf_tasks_c $REPO_BASE_DIR` \ + "`pp_log_dir $REPO_BASE_DIR`/err2.txt" \ + $REPO_BASE_DIR \ + $VF_PROOF_BASE_DIR + +# pp script args +# SRC_FILE="$1" +# OUT_FILE="$2" +# ERR_FILE="$3" +# REPO_BASE_DIR="$4" +# VF_PROOF_BASE_DIR="$5" + + + +printf "\n\n\n" +echo Diff: +echo ----------------------------------------------------- +echo +git diff --no-index "`pp_log_dir $REPO_BASE_DIR`/err1.txt" `pp_vf_tasks_c $REPO_BASE_DIR` \ No newline at end of file diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh b/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh index d869da04935..21cd42f14fd 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh @@ -70,6 +70,38 @@ function vf_annotated_tasks_c() { echo "$VF_MOD_SRC_DIR/tasks.c" } +# Returns the absolute path to the directory the unmodified FreeRTOS headers. +# +# Expected arguments: +# $1 : Absolute path to the repository's base +function prod_header_dir() { + REPO_BASE_DIR="$1" + + echo "$REPO_BASE_DIR/include" +} + +# Returns the absolute path to the directory the unmodified FreeRTOS source +# files. +# +# Expected arguments: +# $1 : Absolute path to the repository's base +function prod_src_dir() { + REPO_BASE_DIR="$1" + + echo "$REPO_BASE_DIR" +} + +# Returns the absolute path to the unmodified version of `tasks.c`. +# +# Expected arguments: +# $1 : Absolute path to the repository's base +function prod_tasks_c() { + REPO_BASE_DIR="$1" + PROD_SRC_DIR=`prod_src_dir $REPO_BASE_DIR` + + echo "$PROD_SRC_DIR/tasks.c" +} + # Returns the absolute path to the directory containing the preprocessing scripts. # @@ -117,6 +149,17 @@ function pp_vf_tasks_c() { echo "$PP_OUT_DIR/tasks_vf_pp.c" } +# Returns the absolute path to the preprocessed unmodified version of `tasks.c`. +# +# Expected arguments: +# $1 : Absolute path to the repository's base +function pp_prod_tasks_c() { + REPO_BASE_DIR="$1" + PP_OUT_DIR=`pp_out_dir $REPO_BASE_DIR` + + echo "$PP_OUT_DIR/tasks_prod_pp.c" +} + # Returns the absolute path to the pico sdk. # # Expected arguments: From f56d20b543630135cedc3ea09d7160b552dccad9 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sat, 10 Dec 2022 18:45:12 -0500 Subject: [PATCH 215/289] Removed comments and pragmas from diffed preprocessor output. --- .../custom_build_scripts_RP2040/preprocess_file_for_diff.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_diff.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_diff.sh index b3ca1456dca..0e4d6400af9 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_diff.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_diff.sh @@ -39,10 +39,9 @@ echo $VF_DIR # -P : Surpresses line/file pragmas echo start preprocessor -clang -E -C \ +clang -E -P \ \ ${BUILD_FLAGS[@]} \ -${VERIFAST_FLAGS[@]} \ ${RP2040_INLCUDE_FLAGS[@]} \ ${PICO_INCLUDE_FLAGS[@]} \ -I`prod_header_dir $REPO_BASE_DIR` \ From 2ae20ff48d0962efabf5f0b1dcc451bec14c0dff Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Mon, 12 Dec 2022 08:26:42 -0500 Subject: [PATCH 216/289] Stored pp script args in diff script in variables to improve readability. --- .../VeriFast/tasks/vTaskSwitchContext/diff.sh | 34 +++++++++++-------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh b/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh index 2afd3af953e..292e049220f 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh @@ -18,24 +18,30 @@ VF_PROOF_BASE_DIR=`vf_proof_base_dir $REPO_BASE_DIR` . "$PREFIX/paths.sh" VF_PROOF_DIR=`vf_proof_base_dir $REPO_BASE_DIR` - PP_SCRIPT_DIR=`pp_script_dir $REPO_BASE_DIR` +PP="$PP_SCRIPT_DIR/preprocess_file_for_diff.sh" +LOG_DIR=`pp_log_dir $REPO_BASE_DIR` + +# Unpreprocessed verions of tasks.c +PROD_TASKS_C=`prod_tasks_c $REPO_BASE_DIR` +VF_TASKS_C=`vf_annotated_tasks_c $REPO_BASE_DIR` + +# Preprocessed versions of tasks.c +PP_PROD_TASKS_C=`pp_prod_tasks_c $REPO_BASE_DIR` +PP_VF_TASKS_C=`pp_vf_tasks_c $REPO_BASE_DIR` + +echo PP_SCRIPT_DIR: +echo $PP_SCRIPT_DIR echo preprocessing production version of 'tasks.c' -"$PP_SCRIPT_DIR/preprocess_file_for_diff.sh" \ - `prod_tasks_c $REPO_BASE_DIR` \ - `pp_prod_tasks_c $REPO_BASE_DIR` \ - "`pp_log_dir $REPO_BASE_DIR`/err1.txt" \ - $REPO_BASE_DIR \ - $VF_PROOF_BASE_DIR +$PP $PROD_TASKS_C $PP_PROD_TASKS_C \ + "$LOG_DIR/err1.txt" \ + $REPO_BASE_DIR $VF_PROOF_BASE_DIR echo preprocessing verified version of 'tasks.c' -"$PP_SCRIPT_DIR/preprocess_file_for_diff.sh" \ - `vf_annotated_tasks_c $REPO_BASE_DIR` \ - `pp_vf_tasks_c $REPO_BASE_DIR` \ - "`pp_log_dir $REPO_BASE_DIR`/err2.txt" \ - $REPO_BASE_DIR \ - $VF_PROOF_BASE_DIR +$PP $VF_TASKS_C $PP_VF_TASKS_C \ + "$LOG_DIR/err2.txt" \ + $REPO_BASE_DIR $VF_PROOF_BASE_DIR # pp script args # SRC_FILE="$1" @@ -50,4 +56,4 @@ printf "\n\n\n" echo Diff: echo ----------------------------------------------------- echo -git diff --no-index "`pp_log_dir $REPO_BASE_DIR`/err1.txt" `pp_vf_tasks_c $REPO_BASE_DIR` \ No newline at end of file +git diff --no-index --ignore-all-space $PP_PROD_TASKS_C $PP_VF_TASKS_C \ No newline at end of file From 8a01a7682f214bc878ce88ffe4e8e289b1e84c4f Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Mon, 12 Dec 2022 09:22:00 -0500 Subject: [PATCH 217/289] Deactivated assertion during the computation of the diff between the verified code and the production code. --- .../preprocess_file_for_diff.sh | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_diff.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_diff.sh index 0e4d6400af9..8c8a75abebb 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_diff.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_diff.sh @@ -26,25 +26,28 @@ echo $VF_DIR # Load variables storing preprocessor flags. . "`pp_script_dir $REPO_BASE_DIR`/pp_flags.sh" "$REPO_BASE_DIR" "$VF_PROOF_BASE_DIR" "$VF_DIR" - -# Flags to SKIP expensive proofs: -# - VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT - - +PROD_HEADER_DIR=`prod_header_dir $REPO_BASE_DIR` # Relevant clang flags: # -E : Run preprocessor # -C : Include comments in output # -P : Surpresses line/file pragmas +# -D NDEBUG : Deactivate assertions. + +# Note: +# The implementation of the `assert` macro is platform dependent and is defined +# in the system header `assert.h`. A preprocessed assertion might contain +# a reference to the location of the assertion in the source code (e.g. on OS X). +# This causes false positives when `diff`-ing preprocessed files. Hence, we +# deactivate assertions. echo start preprocessor -clang -E -P \ -\ +clang -E -P -D NDEBUG \ ${BUILD_FLAGS[@]} \ ${RP2040_INLCUDE_FLAGS[@]} \ ${PICO_INCLUDE_FLAGS[@]} \ --I`prod_header_dir $REPO_BASE_DIR` \ +-I "$PROD_HEADER_DIR"\ \ -c "$SRC_FILE" \ 1>"$OUT_FILE" 2>"$ERR_FILE" \ No newline at end of file From 114fd0fcf0e824a04f0152f2a10e6020be81aeef Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Mon, 12 Dec 2022 09:39:54 -0500 Subject: [PATCH 218/289] Added some print outs. --- .../preprocess_file_for_diff.sh | 22 ++++++++++--------- .../VeriFast/tasks/vTaskSwitchContext/diff.sh | 7 +++--- 2 files changed, 15 insertions(+), 14 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_diff.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_diff.sh index 8c8a75abebb..62cd49a1469 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_diff.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_diff.sh @@ -4,7 +4,6 @@ OUT_FILE="$2" ERR_FILE="$3" REPO_BASE_DIR="$4" VF_PROOF_BASE_DIR="$5" -VF_DIR="$6" echo SRC_FILE: @@ -17,16 +16,16 @@ echo REPO_BASE_DIR: echo $REPO_BASE_DIR echo VF_PROOF_BASE_DIR: echo $VF_PROOF_BASE_DIR -echo VF_DIR: -echo $VF_DIR # Load functions used to compute paths. . "$VF_PROOF_BASE_DIR/paths.sh" # Load variables storing preprocessor flags. -. "`pp_script_dir $REPO_BASE_DIR`/pp_flags.sh" "$REPO_BASE_DIR" "$VF_PROOF_BASE_DIR" "$VF_DIR" +. "`pp_script_dir $REPO_BASE_DIR`/pp_flags.sh" "$REPO_BASE_DIR" "$VF_PROOF_BASE_DIR" PROD_HEADER_DIR=`prod_header_dir $REPO_BASE_DIR` +ls PROD_HEADER_DIR +ls $PROD_HEADER_DIR # Relevant clang flags: @@ -42,12 +41,15 @@ PROD_HEADER_DIR=`prod_header_dir $REPO_BASE_DIR` # This causes false positives when `diff`-ing preprocessed files. Hence, we # deactivate assertions. -echo start preprocessor +echo Preprocessing file: +echo \"$SRC_FILE\" +echo Output will be written to: +echo \"$OUT_FILE\" +echo Errors will be reported in: +echo \"$ERR_FILE\" +echo clang -E -P -D NDEBUG \ -${BUILD_FLAGS[@]} \ -${RP2040_INLCUDE_FLAGS[@]} \ -${PICO_INCLUDE_FLAGS[@]} \ --I "$PROD_HEADER_DIR"\ -\ +${BUILD_FLAGS[@]} ${RP2040_INLCUDE_FLAGS[@]} ${PICO_INCLUDE_FLAGS[@]} \ +-I"$PROD_HEADER_DIR" \ -c "$SRC_FILE" \ 1>"$OUT_FILE" 2>"$ERR_FILE" \ No newline at end of file diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh b/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh index 292e049220f..33928cf0873 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh @@ -30,17 +30,16 @@ VF_TASKS_C=`vf_annotated_tasks_c $REPO_BASE_DIR` PP_PROD_TASKS_C=`pp_prod_tasks_c $REPO_BASE_DIR` PP_VF_TASKS_C=`pp_vf_tasks_c $REPO_BASE_DIR` -echo PP_SCRIPT_DIR: -echo $PP_SCRIPT_DIR +mkdir "$LOG_DIR" echo preprocessing production version of 'tasks.c' $PP $PROD_TASKS_C $PP_PROD_TASKS_C \ - "$LOG_DIR/err1.txt" \ + "$LOG_DIR/pp_prod_tasks_c_error_report.txt" \ $REPO_BASE_DIR $VF_PROOF_BASE_DIR echo preprocessing verified version of 'tasks.c' $PP $VF_TASKS_C $PP_VF_TASKS_C \ - "$LOG_DIR/err2.txt" \ + "$LOG_DIR/pp_vf_tasks_c_error_report.txt" \ $REPO_BASE_DIR $VF_PROOF_BASE_DIR # pp script args From c50e8bd5b335ab44828db2c2043bd1c3c604cc15 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Mon, 12 Dec 2022 10:01:53 -0500 Subject: [PATCH 219/289] Diff report is now written to file. --- .../preprocess_file_for_diff.sh | 2 -- .../VeriFast/tasks/vTaskSwitchContext/diff.sh | 25 ++++++++++++++----- .../tasks/vTaskSwitchContext/paths.sh | 24 ++++++++++++++++++ .../vTaskSwitchContext/stats/diff_report.txt | 0 4 files changed, 43 insertions(+), 8 deletions(-) create mode 100644 Test/VeriFast/tasks/vTaskSwitchContext/stats/diff_report.txt diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_diff.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_diff.sh index 62cd49a1469..a432bc1e3f5 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_diff.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_diff.sh @@ -24,8 +24,6 @@ echo $VF_PROOF_BASE_DIR . "`pp_script_dir $REPO_BASE_DIR`/pp_flags.sh" "$REPO_BASE_DIR" "$VF_PROOF_BASE_DIR" PROD_HEADER_DIR=`prod_header_dir $REPO_BASE_DIR` -ls PROD_HEADER_DIR -ls $PROD_HEADER_DIR # Relevant clang flags: diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh b/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh index 33928cf0873..85f0c083384 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh @@ -21,16 +21,29 @@ VF_PROOF_DIR=`vf_proof_base_dir $REPO_BASE_DIR` PP_SCRIPT_DIR=`pp_script_dir $REPO_BASE_DIR` PP="$PP_SCRIPT_DIR/preprocess_file_for_diff.sh" LOG_DIR=`pp_log_dir $REPO_BASE_DIR` +STATS_DIR=`stats_dir $REPO_BASE_DIR` # Unpreprocessed verions of tasks.c PROD_TASKS_C=`prod_tasks_c $REPO_BASE_DIR` VF_TASKS_C=`vf_annotated_tasks_c $REPO_BASE_DIR` # Preprocessed versions of tasks.c +PP_OUT_DIR=`pp_out_dir $REPO_BASE_DIR` PP_PROD_TASKS_C=`pp_prod_tasks_c $REPO_BASE_DIR` PP_VF_TASKS_C=`pp_vf_tasks_c $REPO_BASE_DIR` -mkdir "$LOG_DIR" +DIFF_REPORT=`diff_report $REPO_BASE_DIR` + +# Ensure that all output directories exist +if [ ! -d "$LOG_DIR" ]; then + mkdir "$LOG_DIR" +fi +if [ ! -d "$STATS_DIR" ]; then + mkdir "$STATS_DIR" +fi +if [ ! -d "$PP_OUT_DIR" ]; then + mkdir "$PP_OUT_DIR" +fi echo preprocessing production version of 'tasks.c' $PP $PROD_TASKS_C $PP_PROD_TASKS_C \ @@ -51,8 +64,8 @@ $PP $VF_TASKS_C $PP_VF_TASKS_C \ -printf "\n\n\n" -echo Diff: -echo ----------------------------------------------------- -echo -git diff --no-index --ignore-all-space $PP_PROD_TASKS_C $PP_VF_TASKS_C \ No newline at end of file +echo Computing diff. Output written to: +echo \"$DIFF_REPORT\" + +git diff --no-index --ignore-all-space $PP_PROD_TASKS_C $PP_VF_TASKS_C \ +> "$DIFF_REPORT" \ No newline at end of file diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh b/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh index 21cd42f14fd..2ba420c4637 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh @@ -183,3 +183,27 @@ function smp_demo_dir() { } +# Returns the absolute path to directory where the statistic reports are stored. +# +# Expected arguments: +# $1 : Absolute path to the repository's base +function stats_dir() { + REPO_BASE_DIR="$1" + VF_PROOF_DIR=`vf_proof_base_dir $REPO_BASE_DIR` + + echo "$VF_PROOF_DIR/stats" +} + +# Returns the absolute path to diff report. +# +# Expected arguments: +# $1 : Absolute path to the repository's base +function diff_report() { + REPO_BASE_DIR="$1" + STATS_DIR=`stats_dir $REPO_BASE_DIR` + + echo "$STATS_DIR/diff_report.txt" +} + + + diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/stats/diff_report.txt b/Test/VeriFast/tasks/vTaskSwitchContext/stats/diff_report.txt new file mode 100644 index 00000000000..e69de29bb2d From 92283262cf2c46086f38e50eb4382753fea81de0 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Mon, 12 Dec 2022 10:01:53 -0500 Subject: [PATCH 220/289] Diff report is now written to file. --- .../preprocess_file_for_diff.sh | 2 -- .../VeriFast/tasks/vTaskSwitchContext/diff.sh | 25 ++++++++++++++----- .../tasks/vTaskSwitchContext/paths.sh | 24 ++++++++++++++++++ 3 files changed, 43 insertions(+), 8 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_diff.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_diff.sh index 62cd49a1469..a432bc1e3f5 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_diff.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_diff.sh @@ -24,8 +24,6 @@ echo $VF_PROOF_BASE_DIR . "`pp_script_dir $REPO_BASE_DIR`/pp_flags.sh" "$REPO_BASE_DIR" "$VF_PROOF_BASE_DIR" PROD_HEADER_DIR=`prod_header_dir $REPO_BASE_DIR` -ls PROD_HEADER_DIR -ls $PROD_HEADER_DIR # Relevant clang flags: diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh b/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh index 33928cf0873..85f0c083384 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh @@ -21,16 +21,29 @@ VF_PROOF_DIR=`vf_proof_base_dir $REPO_BASE_DIR` PP_SCRIPT_DIR=`pp_script_dir $REPO_BASE_DIR` PP="$PP_SCRIPT_DIR/preprocess_file_for_diff.sh" LOG_DIR=`pp_log_dir $REPO_BASE_DIR` +STATS_DIR=`stats_dir $REPO_BASE_DIR` # Unpreprocessed verions of tasks.c PROD_TASKS_C=`prod_tasks_c $REPO_BASE_DIR` VF_TASKS_C=`vf_annotated_tasks_c $REPO_BASE_DIR` # Preprocessed versions of tasks.c +PP_OUT_DIR=`pp_out_dir $REPO_BASE_DIR` PP_PROD_TASKS_C=`pp_prod_tasks_c $REPO_BASE_DIR` PP_VF_TASKS_C=`pp_vf_tasks_c $REPO_BASE_DIR` -mkdir "$LOG_DIR" +DIFF_REPORT=`diff_report $REPO_BASE_DIR` + +# Ensure that all output directories exist +if [ ! -d "$LOG_DIR" ]; then + mkdir "$LOG_DIR" +fi +if [ ! -d "$STATS_DIR" ]; then + mkdir "$STATS_DIR" +fi +if [ ! -d "$PP_OUT_DIR" ]; then + mkdir "$PP_OUT_DIR" +fi echo preprocessing production version of 'tasks.c' $PP $PROD_TASKS_C $PP_PROD_TASKS_C \ @@ -51,8 +64,8 @@ $PP $VF_TASKS_C $PP_VF_TASKS_C \ -printf "\n\n\n" -echo Diff: -echo ----------------------------------------------------- -echo -git diff --no-index --ignore-all-space $PP_PROD_TASKS_C $PP_VF_TASKS_C \ No newline at end of file +echo Computing diff. Output written to: +echo \"$DIFF_REPORT\" + +git diff --no-index --ignore-all-space $PP_PROD_TASKS_C $PP_VF_TASKS_C \ +> "$DIFF_REPORT" \ No newline at end of file diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh b/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh index 21cd42f14fd..2ba420c4637 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh @@ -183,3 +183,27 @@ function smp_demo_dir() { } +# Returns the absolute path to directory where the statistic reports are stored. +# +# Expected arguments: +# $1 : Absolute path to the repository's base +function stats_dir() { + REPO_BASE_DIR="$1" + VF_PROOF_DIR=`vf_proof_base_dir $REPO_BASE_DIR` + + echo "$VF_PROOF_DIR/stats" +} + +# Returns the absolute path to diff report. +# +# Expected arguments: +# $1 : Absolute path to the repository's base +function diff_report() { + REPO_BASE_DIR="$1" + STATS_DIR=`stats_dir $REPO_BASE_DIR` + + echo "$STATS_DIR/diff_report.txt" +} + + + From dd85fd6a6700520a4706b4e198cf3e1349263ea6 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Mon, 12 Dec 2022 10:04:32 -0500 Subject: [PATCH 221/289] Ignore generated states. --- Test/VeriFast/tasks/vTaskSwitchContext/.gitignore | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/.gitignore b/Test/VeriFast/tasks/vTaskSwitchContext/.gitignore index 502dc918a23..79f5c6bfb19 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/.gitignore +++ b/Test/VeriFast/tasks/vTaskSwitchContext/.gitignore @@ -2,4 +2,7 @@ pp_log # Ignore preprocessing output -preprocessed_files/* +preprocessed_files + +# Ignore generated stats +stats \ No newline at end of file From 574cc7e42eaeca6789b2098e438b86253b232008 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Mon, 12 Dec 2022 10:05:45 -0500 Subject: [PATCH 222/289] Deleted generated diff report --- Test/VeriFast/tasks/vTaskSwitchContext/stats/diff_report.txt | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 Test/VeriFast/tasks/vTaskSwitchContext/stats/diff_report.txt diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/stats/diff_report.txt b/Test/VeriFast/tasks/vTaskSwitchContext/stats/diff_report.txt deleted file mode 100644 index e69de29bb2d..00000000000 From 5fcf51f0905407f59d5736f93934312f8105b8db Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Mon, 12 Dec 2022 10:21:29 -0500 Subject: [PATCH 223/289] Deleted deprecated files. --- .../custom_build_scripts_RP2040/build_full.sh | 22 ------------------- 1 file changed, 22 deletions(-) delete mode 100755 Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/build_full.sh diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/build_full.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/build_full.sh deleted file mode 100755 index 9a2723f107e..00000000000 --- a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/build_full.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/zsh -ps -o comm= -p $$ - -CURRENT_DIR=`pwd` -DEMO_DIR="../demos/FreeRTOS-SMP-Demos/FreeRTOS/Demo/CORTEX_M0+_RP2040" -LOG_DIR="`pwd`/build_logs" -BUILD_LOG="$LOG_DIR/build_log--`date +'%y_%m_%d--%H_%M'`.txt" - -export CC=/usr/bin/clang -export CQQ=/usr/bin/clang++ - -mkdir $LOG_DIR -cd $DEMO_DIR -rm -rf build -mkdir build -cd build -cmake .. &>$BUILD_LOG -echo "\ncmake finished\n" - -make VERBOSE=1 &>>$BUILD_LOG - -echo "\nmake finished\n" From 01e50bec0ac0d509fdc72f3a4322ab4e6ef48f76 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Mon, 12 Dec 2022 10:54:15 -0500 Subject: [PATCH 224/289] Documented scripts. --- .../custom_build_scripts_RP2040/pp_flags.sh | 8 +++++ .../preprocess_file_for_diff.sh | 26 ++++++++++------- .../preprocess_file_for_verification.sh | 23 +++++++++++---- .../VeriFast/tasks/vTaskSwitchContext/diff.sh | 29 +++++++++---------- .../start-vfide--preprocessed.sh | 7 +---- 5 files changed, 54 insertions(+), 39 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/pp_flags.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/pp_flags.sh index f6093d757d9..40b9015165f 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/pp_flags.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/pp_flags.sh @@ -1,5 +1,13 @@ #!/bin/bash +# This script defines common command line arguments for the preprocessor. + +# This script expects the following arguments: +# $1 : Absolute path to the base directory of this repository. +# $2 : Absolute path to the VeriFast proof directory. +# $3 : Absolute path to the VeriFast installation directory. + + REPO_BASE_DIR="$1" VF_PROOF_BASE_DIR="$2" VF_DIR="$3" diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_diff.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_diff.sh index a432bc1e3f5..4a04b087f27 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_diff.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_diff.sh @@ -1,4 +1,19 @@ #!/bin/bash + + +# This script preprocesses a given source file. Include paths are configured to +# fit 'tasks.c', but it might also be useful for other source files. +# The preprocessor is configured such that `diff`-ing results produced by this +# script (from different versions of the same file) yields useful results. +# +# This script expects the following arguments: +# $1 : Absolute path to the source file to be preprocessed. +# $2 : Absolute path of the preprocessor's output file. +# $3 : Absolute path to which the error report will be written. +# $4 : Absolute path to the base directory of this repository. +# $5 : Absolute path to the VeriFast proof directory. + + SRC_FILE="$1" OUT_FILE="$2" ERR_FILE="$3" @@ -6,17 +21,6 @@ REPO_BASE_DIR="$4" VF_PROOF_BASE_DIR="$5" -echo SRC_FILE: -echo $SRC_FILE -echo OUT_FILE: -echo $OUT_FILE -echo ERR_FILE: -echo $ERR_FILE -echo REPO_BASE_DIR: -echo $REPO_BASE_DIR -echo VF_PROOF_BASE_DIR: -echo $VF_PROOF_BASE_DIR - # Load functions used to compute paths. . "$VF_PROOF_BASE_DIR/paths.sh" diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_verification.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_verification.sh index 81cce3fe8c0..826c65dd5aa 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_verification.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_verification.sh @@ -1,4 +1,21 @@ #!/bin/bash + + +# This script preprocesses an given source file annotated with VeriFast proof +# steps. Include paths are configured to fit 'tasks.c', but it might also be +# useful for other source files. The preprocessor is configured to include the +# proper proof files from VeriFast's standard library and to also include +# source code guarded by 'VERIFAST' defines. +# +# This script expects the following arguments: +# $1 : Absolute path to the source file to be preprocessed. +# $2 : Absolute path of the preprocessor's output file. +# $3 : Absolute path to which the error report will be written. +# $4 : Absolute path to the base directory of this repository. +# $5 : Absolute path to the VeriFast proof directory. +# $6 : Absolute path to the VeriFast installation directory. + + SRC_FILE="$1" OUT_FILE="$2" ERR_FILE="$3" @@ -14,12 +31,6 @@ VF_DIR="$6" . "`pp_script_dir $REPO_BASE_DIR`/pp_flags.sh" "$REPO_BASE_DIR" "$VF_PROOF_BASE_DIR" "$VF_DIR" -# Flags to SKIP expensive proofs: -# - VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT - - - - # Relevant clang flags: # -E : Run preprocessor # -C : Include comments in output diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh b/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh index 85f0c083384..3ce32909ab8 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh @@ -1,23 +1,28 @@ #!/bin/bash +# This script produces a diff between two versions of 'tasks.c': +# (i) The production version of the source file and (ii) the verified version. +# The diff is computed from the preprocessed version of both files which include +# all code relevant to the proof. That is, that any change in a file required +# by the VeriFast proof will shot up in the diff. +# The diff report will be written to 'stats/diff_report.txt' directory. +# +# This script expects the following arguments: +# $1 : Absolute path to the base directory of this repository. + # Relative or absolute path to the directory this script and `paths.sh` reside in. PREFIX=`dirname $0` # Absolute path to the base of this repository. REPO_BASE_DIR="$1" -# Load functions used to compute paths. -. "$PREFIX/paths.sh" - -VF_PROOF_BASE_DIR=`vf_proof_base_dir $REPO_BASE_DIR` - - # Load functions used to compute paths. . "$PREFIX/paths.sh" -VF_PROOF_DIR=`vf_proof_base_dir $REPO_BASE_DIR` + +VF_PROOF_BASE_DIR=`vf_proof_base_dir $REPO_BASE_DIR` PP_SCRIPT_DIR=`pp_script_dir $REPO_BASE_DIR` PP="$PP_SCRIPT_DIR/preprocess_file_for_diff.sh" LOG_DIR=`pp_log_dir $REPO_BASE_DIR` @@ -55,16 +60,8 @@ $PP $VF_TASKS_C $PP_VF_TASKS_C \ "$LOG_DIR/pp_vf_tasks_c_error_report.txt" \ $REPO_BASE_DIR $VF_PROOF_BASE_DIR -# pp script args -# SRC_FILE="$1" -# OUT_FILE="$2" -# ERR_FILE="$3" -# REPO_BASE_DIR="$4" -# VF_PROOF_BASE_DIR="$5" - - -echo Computing diff. Output written to: +echo Computing diff. Report written to: echo \"$DIFF_REPORT\" git diff --no-index --ignore-all-space $PP_PROD_TASKS_C $PP_VF_TASKS_C \ diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/start-vfide--preprocessed.sh b/Test/VeriFast/tasks/vTaskSwitchContext/start-vfide--preprocessed.sh index f626d75a708..592cf53503a 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/start-vfide--preprocessed.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/start-vfide--preprocessed.sh @@ -1,9 +1,4 @@ -# This script must be run from the directory in which it resides, -# i.e., `FreeRTOS-Kernel/verification/verifast`. - -# This script expects the following command line arguments: -# $1 : Absolute path to the VeriFast directory - +#!/bin/bash # Relative or absolute path to the directory this script and `paths.sh` reside in. PREFIX=`dirname $0` From b0bfa1204dcf4ae28b2f3400329b22e6d73d2fc2 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 13 Dec 2022 08:29:24 -0500 Subject: [PATCH 225/289] Made preprocessing scripts more modular. --- .../prepare_file_for_VeriFast.sh | 72 +++++++++++++++++++ .../preprocess_file_for_verification.sh | 13 ++++ .../custom_build_scripts_RP2040/vf_rewrite.sh | 28 ++++---- .../tasks/vTaskSwitchContext/paths.sh | 11 +++ .../start-vfide--preprocessed.sh | 35 +++++---- 5 files changed, 127 insertions(+), 32 deletions(-) create mode 100755 Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/prepare_file_for_VeriFast.sh diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/prepare_file_for_VeriFast.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/prepare_file_for_VeriFast.sh new file mode 100755 index 00000000000..44d2bf84dd8 --- /dev/null +++ b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/prepare_file_for_VeriFast.sh @@ -0,0 +1,72 @@ +#!/bin/zsh +ps -o comm= -p $$ + +# This script expects the following command line arguments: +# $1 : Absolute path to the root dir of this repository +# $2 : Absolute path to the root of the directory containing the VeriFast proofs +# $3 : Absolute path to the VeriFast directory + +SRC_FILE="$1" +OUT_FILE="$2" +FILE_PP_ERR_LOG="$3" +REPO_BASE_DIR="$4" +VF_PROOF_BASE_DIR="$5" +VF_DIR="$6" + +echo SRC_FILE +echo "$1" +echo OUT_FILE +echo "$2" +echo FILE_PP_ERR_LOG +echo "$3" +echo REPO_BASE_DIR +echo "$4" +echo VF_PROOF_BASE_DIR +echo "$5" +echo VF_DIR +echo "$6" + +# Load functions used to compute paths. +. "$VF_PROOF_BASE_DIR/paths.sh" + + +VF_PROOF_MOD_SRC_DIR=`vf_proof_mod_src_dir $REPO_BASE_DIR` +VF_PROOF_MOD_HEADER_DIR=`vf_proof_mod_header_dir $REPO_BASE_DIR` +PROOF_SETUP_DIR=`vf_proof_setup_dir $REPO_BASE_DIR` +PROOF_FILES_DIR=`vf_proof_dir $REPO_BASE_DIR` +PICO_SDK_DIR=`pico_sdk_dir $REPO_BASE_DIR` +SMP_DEMO_DIR=`smp_demo_dir $REPO_BASE_DIR` + +TASKS_C=`vf_annotated_tasks_c $REPO_BASE_DIR` + + +PP_SCRIPT_DIR=`pp_script_dir $REPO_BASE_DIR` +#BUILD_LOG="$LOG_DIR/build_log--`date +'%y_%m_%d--%H_%M'`.txt" +TIMESTAMP=`date +'%y_%m_%d--%H_%M'` +PP_LOG_DIR=`pp_log_dir $REPO_BASE_DIR` +RW_LOG_DIR=`rw_log_dir $REPO_BASE_DIR` +LOG_PP_TASK_C="$PP_LOG_DIR/tasks--pp--$TIMESTAMP.c" +LOG_PP_ERR="$PP_LOG_DIR/error--$TIMESTAMP.c" + +LOG_VF_RW_TASK_C="$PP_LOG_DIR/tasks--vf_rw--$TIMESTAMP.c" + +PP_OUT_DIR="$VF_PROOF_BASE_DIR/preprocessed_files" +PP_TASK_C=`pp_vf_tasks_c $REPO_BASE_DIR` + + +FILE_PP_LOG="$PP_LOG_DIR/pp.c" +FILE_RW_LOG="$PP_LOG_DIR/rw.c" + + +mkdir $PP_LOG_DIR + +# Preprocessing the source file +# Output is written to '$FILE_PP_LOG' and error report is written to +# '$FILE_PP_ERR_LOG'. +"$PP_SCRIPT_DIR/preprocess_file_for_verification.sh" $SRC_FILE \ + $FILE_PP_LOG $FILE_PP_ERR_LOG \ + $REPO_BASE_DIR $VF_PROOF_BASE_DIR $VF_DIR + +cp "$FILE_PP_LOG" "$FILE_RW_LOG" +"$PP_SCRIPT_DIR/vf_rewrite.sh" "$FILE_RW_LOG" +cp "$FILE_RW_LOG" "$OUT_FILE" \ No newline at end of file diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_verification.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_verification.sh index 826c65dd5aa..86580feb166 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_verification.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_verification.sh @@ -23,6 +23,19 @@ REPO_BASE_DIR="$4" VF_PROOF_BASE_DIR="$5" VF_DIR="$6" +echo SRC_FILE +echo "$1" +echo OUT_FILE +echo "$2" +echo ERR_FILE +echo "$3" +echo REPO_BASE_DIR +echo "$4" +echo VF_PROOF_BASE_DIR +echo "$5" +echo VF_DIR +echo "$6" + # Load functions used to compute paths. . "$VF_PROOF_BASE_DIR/paths.sh" diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/vf_rewrite.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/vf_rewrite.sh index 7a1abe51666..81e3a5b41c2 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/vf_rewrite.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/vf_rewrite.sh @@ -1,8 +1,18 @@ ps -o comm= -p $$ -VF_RW_WD=`pwd` +# This script rewrites a given source in-pace such that the result can be +# processed by VeriFast. Each rewrite below concerns a specific construct +# VeriFast cannot handle. When VeriFast will be extended to handle a +# problematic construct we encountered, the corresponding rewirte below can be +# deleted. +# +# This scirpt expects the following arguments: +# $1 : The absolute path to the source file to be rewritten in place. +# +# Note: Callers are responsible to back up the rewritten source file beforehand. + + SOURCE_FILE="$1" -BACKUP_IDX=0 # IMPORTANT: @@ -14,13 +24,11 @@ rewrite() { FIND_REGEX=$1 REPLACE_REGEX=$2 - echo "VF RW: \"$FIND_REGEX\" -> \"$REPLACE_REGEX\"" - echo "backup : $VF_RW_WD/$SOURCE_FILE.backup-$BACKUP_IDX" - sed -i."backup-$BACKUP_IDX" "s|$FIND_REGEX|$REPLACE_REGEX|g" $SOURCE_FILE - ((BACKUP_IDX=BACKUP_IDX+1)) - echo "\n" + echo "\tRewrite pattern: \"$FIND_REGEX\" -> \"$REPLACE_REGEX\"" + sed -i "" "s|$FIND_REGEX|$REPLACE_REGEX|g" $SOURCE_FILE } + echo "Commenting out line/file pragmas" rewrite "^#" "// &" @@ -51,9 +59,3 @@ echo "Uncomment special includes to allow VeriFast proofs to refer to config mac rewrite "//VF_include #include" "#include" rewrite "//VF_macro #" "#" -#echo "VF RW: 'long unsigned int' -> 'unsinged long int'" -#echo "backup : $VF_RW_WD/$SOURCE_FILE.backup-$BACKUP_IDX" -#echo backup index $BACKUP_IDX -#sed -i."backup-$BACKUP_IDX" 's|long unsigned int|unsigned long int|g' $SOURCE_FILE -#((BACKUP_IDX=BACKUP_IDX+1)) -#echo backup index $BACKUP_IDX diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh b/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh index 2ba420c4637..0520825ca85 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh @@ -136,6 +136,17 @@ function pp_log_dir() { echo "$VF_PROOF_DIR/pp_log" } +# Returns the absolute path to the log direcotry for rewrites. +# +# Expected arguments: +# $1 : Absolute path to the repository's base +function rw_log_dir() { + REPO_BASE_DIR="$1" + PP_LOG_DIR=`pp_log_dir $REPO_BASE_DIR` + + echo "$PP_LOG_DIR/rw_log" +} + # Returns the absolute path to the preprocessed version of `tasks.c` containing # the VeriFast proof annotations. This is the file that is processed by # VeriFast. diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/start-vfide--preprocessed.sh b/Test/VeriFast/tasks/vTaskSwitchContext/start-vfide--preprocessed.sh index 592cf53503a..23e2c1a8ea8 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/start-vfide--preprocessed.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/start-vfide--preprocessed.sh @@ -4,45 +4,45 @@ PREFIX=`dirname $0` # Absolute path to the base of this repository. REPO_BASE_DIR="$1" +# Absolute path the VeriFast installation directory +VF_DIR="$2" # Load functions used to compute paths. . "$PREFIX/paths.sh" -VF_PROOF_BASE_DIR="$2" -VF_DIR="$3" -echo Path to vfide binary : "\'$VFIDE\'" +VF_PROOF_BASE_DIR=`vf_proof_base_dir $REPO_BASE_DIR` + PP_SCRIPT_DIR=`pp_script_dir $REPO_BASE_DIR` -PP_SCRIPT="`pp_script_dir $REPO_BASE_DIR`/preprocess_tasks_c.sh" +#PP_SCRIPT="`pp_script_dir $REPO_BASE_DIR`/prepare_file_for_VeriFast.sh" +PREP="$PP_SCRIPT_DIR/prepare_file_for_VeriFast.sh" +TASK_C=`vf_annotated_tasks_c $REPO_BASE_DIR` PP_TASK_C=`pp_vf_tasks_c $REPO_BASE_DIR` PROOF_SETUP_DIR=`vf_proof_setup_dir $REPO_BASE_DIR` PROOF_FILES_DIR=`vf_proof_dir $REPO_BASE_DIR` +PP_ERR_LOG="`pp_log_dir $REPO_BASE_DIR`/preprocessing_errors.txt" + FONT_SIZE=17 -if [ "$4" != "" ] +if [ "$3" != "" ] then - FONT_SIZE="$4" + FONT_SIZE="$3" fi -# Flags to SKIP expensive proofs: -# - VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT -# Currently, these flags are set manually in the preprocessing script. - -"$PP_SCRIPT" "$REPO_BASE_DIR" "$VF_PROOF_BASE_DIR" "$VF_DIR" +"$PREP" "$TASK_C" "$PP_TASK_C" "$PP_ERR_LOG" \ + "$REPO_BASE_DIR" "$VF_PROOF_BASE_DIR" "$VF_DIR" -echo "\n\nPreprocessing script finished\n\n" - -echo "File" -echo $PP_TASK_C +echo Load file into VF +echo "$PP_TASK_C" # Remarks: # - Recently, provenance checks have been added to VF that break old proofs # involving pointer comparisons. The flag `-assume_no_provenance` turns them # off. -# - Need z3v4.5 to handle bitvector arithmetic + "$VF_DIR/bin/vfide" "$PP_TASK_C" \ -I $PROOF_SETUP_DIR \ -I $PROOF_FILES_DIR \ @@ -50,6 +50,3 @@ echo $PP_TASK_C -disable_overflow_check \ "$PP_TASK_C" \ -codeFont "$FONT_SIZE" -traceFont "$FONT_SIZE" \ - # -prover z3v4.5 -# -target 32bit -prover z3v4.5 \ -# TODO: If we set the target to 32bit, VF create `uint` chunks instead of `char` chunks during malloc From 1a3870c71dcbe9769c6b9d52cc2277e9e9a2abf8 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 13 Dec 2022 08:35:40 -0500 Subject: [PATCH 226/289] Deleted deprecated script --- .../preprocess_tasks_c.sh | 70 ------------------- 1 file changed, 70 deletions(-) delete mode 100755 Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_tasks_c.sh diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_tasks_c.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_tasks_c.sh deleted file mode 100755 index d4ba7a963a2..00000000000 --- a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_tasks_c.sh +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/zsh -ps -o comm= -p $$ - -# This script expects the following command line arguments: -# $1 : Absolute path to the root dir of this repository -# $2 : Absolute path to the root of the directory containing the VeriFast proofs -# $3 : Absolute path to the VeriFast directory - -REPO_BASE_DIR="$1" -VF_PROOF_BASE_DIR="$2" -VF_DIR="$3" - -# Load functions used to compute paths. -. "$VF_PROOF_BASE_DIR/paths.sh" - - -VF_PROOF_MOD_SRC_DIR=`vf_proof_mod_src_dir $REPO_BASE_DIR` -VF_PROOF_MOD_HEADER_DIR=`vf_proof_mod_header_dir $REPO_BASE_DIR` - -TASKS_C=`vf_annotated_tasks_c $REPO_BASE_DIR` - -PROOF_SETUP_DIR=`vf_proof_setup_dir $REPO_BASE_DIR` -PROOF_FILES_DIR=`vf_proof_dir $REPO_BASE_DIR` -PICO_SDK_DIR=`pico_sdk_dir $REPO_BASE_DIR` -SMP_DEMO_DIR=`smp_demo_dir $REPO_BASE_DIR` - - -PP_SCRIP_DIR=`pp_script_dir $REPO_BASE_DIR` -#BUILD_LOG="$LOG_DIR/build_log--`date +'%y_%m_%d--%H_%M'`.txt" -TIMESTAMP=`date +'%y_%m_%d--%H_%M'` -PP_LOG_DIR=`pp_log_dir $REPO_BASE_DIR` -LOG_PP_TASK_C="$PP_LOG_DIR/tasks--pp--$TIMESTAMP.c" -LOG_PP_ERR="$PP_LOG_DIR/error--$TIMESTAMP.c" - -LOG_VF_RW_TASK_C="$PP_LOG_DIR/tasks--vf_rw--$TIMESTAMP.c" - -PP_OUT_DIR="$VF_PROOF_BASE_DIR/preprocessed_files" -PP_TASK_C=`pp_vf_tasks_c $REPO_BASE_DIR` - - -# Flags to SKIP expensive proofs: -# - VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT - - -mkdir $PP_LOG_DIR - -# Relevant clang flags: -# -E -# -C -# -P : surpresses line/file pragmas - -echo start preprocessor -"$PP_SCRIP_DIR/preprocess_file_for_verification.sh" $TASKS_C $LOG_PP_TASK_C $LOG_PP_ERR $REPO_BASE_DIR $VF_PROOF_BASE_DIR $VF_DIR - -echo "\n\nPreprocessed output with pragmas written to:" -echo $LOG_PP_TASK_C - - -echo "\n\nApplying VeriFast rewrites. Result written to:" -echo $LOG_VF_RW_TASK_C -cp "$LOG_PP_TASK_C" "$LOG_VF_RW_TASK_C" -"$PP_SCRIP_DIR/vf_rewrite.sh" "$LOG_VF_RW_TASK_C" - - -mkdir `pp_out_dir $REPO_BASE_DIR` -echo "\n\nCopying preprocessed tasks.c file with pragma comments and VF rewrites" -echo "$LOG_VF_RW_TASK_C" -echo to -echo "$PP_TASK_C" -cp "$LOG_VF_RW_TASK_C" "$PP_TASK_C" From 5e72a831448932551db790ed58ceef13e51c7cdc Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 13 Dec 2022 08:40:20 -0500 Subject: [PATCH 227/289] Deleted deprecated code. --- .../prepare_file_for_VeriFast.sh | 28 ++++--------------- .../tasks/vTaskSwitchContext/paths.sh | 11 -------- 2 files changed, 5 insertions(+), 34 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/prepare_file_for_VeriFast.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/prepare_file_for_VeriFast.sh index 44d2bf84dd8..b71310f0161 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/prepare_file_for_VeriFast.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/prepare_file_for_VeriFast.sh @@ -30,35 +30,17 @@ echo "$6" . "$VF_PROOF_BASE_DIR/paths.sh" -VF_PROOF_MOD_SRC_DIR=`vf_proof_mod_src_dir $REPO_BASE_DIR` -VF_PROOF_MOD_HEADER_DIR=`vf_proof_mod_header_dir $REPO_BASE_DIR` -PROOF_SETUP_DIR=`vf_proof_setup_dir $REPO_BASE_DIR` -PROOF_FILES_DIR=`vf_proof_dir $REPO_BASE_DIR` -PICO_SDK_DIR=`pico_sdk_dir $REPO_BASE_DIR` -SMP_DEMO_DIR=`smp_demo_dir $REPO_BASE_DIR` - -TASKS_C=`vf_annotated_tasks_c $REPO_BASE_DIR` - - PP_SCRIPT_DIR=`pp_script_dir $REPO_BASE_DIR` -#BUILD_LOG="$LOG_DIR/build_log--`date +'%y_%m_%d--%H_%M'`.txt" -TIMESTAMP=`date +'%y_%m_%d--%H_%M'` PP_LOG_DIR=`pp_log_dir $REPO_BASE_DIR` -RW_LOG_DIR=`rw_log_dir $REPO_BASE_DIR` -LOG_PP_TASK_C="$PP_LOG_DIR/tasks--pp--$TIMESTAMP.c" -LOG_PP_ERR="$PP_LOG_DIR/error--$TIMESTAMP.c" - -LOG_VF_RW_TASK_C="$PP_LOG_DIR/tasks--vf_rw--$TIMESTAMP.c" - -PP_OUT_DIR="$VF_PROOF_BASE_DIR/preprocessed_files" -PP_TASK_C=`pp_vf_tasks_c $REPO_BASE_DIR` - - FILE_PP_LOG="$PP_LOG_DIR/pp.c" FILE_RW_LOG="$PP_LOG_DIR/rw.c" -mkdir $PP_LOG_DIR +# Ensure that log directory exists +if [ ! -d "$PP_LOG_DIR" ]; then + mkdir "$PP_LOG_DIR" +fi + # Preprocessing the source file # Output is written to '$FILE_PP_LOG' and error report is written to diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh b/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh index 0520825ca85..2ba420c4637 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh @@ -136,17 +136,6 @@ function pp_log_dir() { echo "$VF_PROOF_DIR/pp_log" } -# Returns the absolute path to the log direcotry for rewrites. -# -# Expected arguments: -# $1 : Absolute path to the repository's base -function rw_log_dir() { - REPO_BASE_DIR="$1" - PP_LOG_DIR=`pp_log_dir $REPO_BASE_DIR` - - echo "$PP_LOG_DIR/rw_log" -} - # Returns the absolute path to the preprocessed version of `tasks.c` containing # the VeriFast proof annotations. This is the file that is processed by # VeriFast. From 2395267e6ae9691e8620eeff16969f88ea49b9af Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 13 Dec 2022 08:48:41 -0500 Subject: [PATCH 228/289] Renamed vfide startup script. --- .../{start-vfide--preprocessed.sh => start-vfide.sh} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename Test/VeriFast/tasks/vTaskSwitchContext/{start-vfide--preprocessed.sh => start-vfide.sh} (100%) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/start-vfide--preprocessed.sh b/Test/VeriFast/tasks/vTaskSwitchContext/start-vfide.sh similarity index 100% rename from Test/VeriFast/tasks/vTaskSwitchContext/start-vfide--preprocessed.sh rename to Test/VeriFast/tasks/vTaskSwitchContext/start-vfide.sh From 7ec3eabb71d09dac2039c42db6f50eba56f6af9c Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 13 Dec 2022 08:54:06 -0500 Subject: [PATCH 229/289] Added script to start the verifast command line tool. --- .../vTaskSwitchContext/start-verifast.sh | 45 +++++++++++++++++++ .../tasks/vTaskSwitchContext/start-vfide.sh | 3 -- 2 files changed, 45 insertions(+), 3 deletions(-) create mode 100755 Test/VeriFast/tasks/vTaskSwitchContext/start-verifast.sh diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/start-verifast.sh b/Test/VeriFast/tasks/vTaskSwitchContext/start-verifast.sh new file mode 100755 index 00000000000..8fd6f2afc22 --- /dev/null +++ b/Test/VeriFast/tasks/vTaskSwitchContext/start-verifast.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +# Relative or absolute path to the directory this script and `paths.sh` reside in. +PREFIX=`dirname $0` +# Absolute path to the base of this repository. +REPO_BASE_DIR="$1" +# Absolute path the VeriFast installation directory +VF_DIR="$2" + +# Load functions used to compute paths. +. "$PREFIX/paths.sh" + + +VF_PROOF_BASE_DIR=`vf_proof_base_dir $REPO_BASE_DIR` + + +PP_SCRIPT_DIR=`pp_script_dir $REPO_BASE_DIR` +#PP_SCRIPT="`pp_script_dir $REPO_BASE_DIR`/prepare_file_for_VeriFast.sh" +PREP="$PP_SCRIPT_DIR/prepare_file_for_VeriFast.sh" +TASK_C=`vf_annotated_tasks_c $REPO_BASE_DIR` +PP_TASK_C=`pp_vf_tasks_c $REPO_BASE_DIR` + +PROOF_SETUP_DIR=`vf_proof_setup_dir $REPO_BASE_DIR` +PROOF_FILES_DIR=`vf_proof_dir $REPO_BASE_DIR` + +PP_ERR_LOG="`pp_log_dir $REPO_BASE_DIR`/preprocessing_errors.txt" + + + +"$PREP" "$TASK_C" "$PP_TASK_C" "$PP_ERR_LOG" \ + "$REPO_BASE_DIR" "$VF_PROOF_BASE_DIR" "$VF_DIR" + +# Remarks: +# - Recently, provenance checks have been added to VF that break old proofs +# involving pointer comparisons. The flag `-assume_no_provenance` turns them +# off. + +"$VF_DIR/bin/verifast" \ + -I $PROOF_SETUP_DIR \ + -I $PROOF_FILES_DIR \ + -assume_no_provenance \ + -disable_overflow_check \ + -allow_dead_code \ + -c \ + "$PP_TASK_C" \ diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/start-vfide.sh b/Test/VeriFast/tasks/vTaskSwitchContext/start-vfide.sh index 23e2c1a8ea8..a1f06033fc0 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/start-vfide.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/start-vfide.sh @@ -35,9 +35,6 @@ fi "$PREP" "$TASK_C" "$PP_TASK_C" "$PP_ERR_LOG" \ "$REPO_BASE_DIR" "$VF_PROOF_BASE_DIR" "$VF_DIR" -echo Load file into VF -echo "$PP_TASK_C" - # Remarks: # - Recently, provenance checks have been added to VF that break old proofs # involving pointer comparisons. The flag `-assume_no_provenance` turns them From d49f7e369c2f882447fb6de0a0f2cb314c4d4b7e Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 13 Dec 2022 08:54:57 -0500 Subject: [PATCH 230/289] Renamed startup scripts. --- .../vTaskSwitchContext/{start-verifast.sh => run-verifast.sh} | 0 .../tasks/vTaskSwitchContext/{start-vfide.sh => run-vfide.sh} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename Test/VeriFast/tasks/vTaskSwitchContext/{start-verifast.sh => run-verifast.sh} (100%) rename Test/VeriFast/tasks/vTaskSwitchContext/{start-vfide.sh => run-vfide.sh} (100%) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/start-verifast.sh b/Test/VeriFast/tasks/vTaskSwitchContext/run-verifast.sh similarity index 100% rename from Test/VeriFast/tasks/vTaskSwitchContext/start-verifast.sh rename to Test/VeriFast/tasks/vTaskSwitchContext/run-verifast.sh diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/start-vfide.sh b/Test/VeriFast/tasks/vTaskSwitchContext/run-vfide.sh similarity index 100% rename from Test/VeriFast/tasks/vTaskSwitchContext/start-vfide.sh rename to Test/VeriFast/tasks/vTaskSwitchContext/run-vfide.sh From 5365223fe93989df38038ac1b56becbac306facf Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 13 Dec 2022 08:56:31 -0500 Subject: [PATCH 231/289] Deleted comments. --- Test/VeriFast/tasks/vTaskSwitchContext/run-verifast.sh | 1 - Test/VeriFast/tasks/vTaskSwitchContext/run-vfide.sh | 1 - 2 files changed, 2 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/run-verifast.sh b/Test/VeriFast/tasks/vTaskSwitchContext/run-verifast.sh index 8fd6f2afc22..60d333daa19 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/run-verifast.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/run-verifast.sh @@ -15,7 +15,6 @@ VF_PROOF_BASE_DIR=`vf_proof_base_dir $REPO_BASE_DIR` PP_SCRIPT_DIR=`pp_script_dir $REPO_BASE_DIR` -#PP_SCRIPT="`pp_script_dir $REPO_BASE_DIR`/prepare_file_for_VeriFast.sh" PREP="$PP_SCRIPT_DIR/prepare_file_for_VeriFast.sh" TASK_C=`vf_annotated_tasks_c $REPO_BASE_DIR` PP_TASK_C=`pp_vf_tasks_c $REPO_BASE_DIR` diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/run-vfide.sh b/Test/VeriFast/tasks/vTaskSwitchContext/run-vfide.sh index a1f06033fc0..eb8b2b3acf6 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/run-vfide.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/run-vfide.sh @@ -15,7 +15,6 @@ VF_PROOF_BASE_DIR=`vf_proof_base_dir $REPO_BASE_DIR` PP_SCRIPT_DIR=`pp_script_dir $REPO_BASE_DIR` -#PP_SCRIPT="`pp_script_dir $REPO_BASE_DIR`/prepare_file_for_VeriFast.sh" PREP="$PP_SCRIPT_DIR/prepare_file_for_VeriFast.sh" TASK_C=`vf_annotated_tasks_c $REPO_BASE_DIR` PP_TASK_C=`pp_vf_tasks_c $REPO_BASE_DIR` From 8b0048d48811968cfd8a63e06ddacd67c8fa512b Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 13 Dec 2022 10:05:22 -0500 Subject: [PATCH 232/289] Statup scripts ensure that output directories exist. --- .../VeriFast/tasks/vTaskSwitchContext/diff.sh | 11 +-------- .../tasks/vTaskSwitchContext/paths.sh | 23 +++++++++++++++++++ .../tasks/vTaskSwitchContext/run-verifast.sh | 1 + .../tasks/vTaskSwitchContext/run-vfide.sh | 2 ++ 4 files changed, 27 insertions(+), 10 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh b/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh index 3ce32909ab8..ac5c63c46b7 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh @@ -39,16 +39,7 @@ PP_VF_TASKS_C=`pp_vf_tasks_c $REPO_BASE_DIR` DIFF_REPORT=`diff_report $REPO_BASE_DIR` -# Ensure that all output directories exist -if [ ! -d "$LOG_DIR" ]; then - mkdir "$LOG_DIR" -fi -if [ ! -d "$STATS_DIR" ]; then - mkdir "$STATS_DIR" -fi -if [ ! -d "$PP_OUT_DIR" ]; then - mkdir "$PP_OUT_DIR" -fi +ensure_output_dirs_exist $REPO_BASE_DIR echo preprocessing production version of 'tasks.c' $PP $PROD_TASKS_C $PP_PROD_TASKS_C \ diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh b/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh index 2ba420c4637..42498376b7f 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh @@ -206,4 +206,27 @@ function diff_report() { } +# Ensures that all potentially relevant output direcories exist. +# +# Expected arguments: +# $1 : Absolute path to the repository's base +function ensure_output_dirs_exist() { + REPO_BASE_DIR="$1" + + PP_OUT_DIR=`pp_out_dir $REPO_BASE_DIR` + STATS_DIR=`stats_dir $REPO_BASE_DIR` + PP_LOG_DIR=`pp_log_dir $REPO_BASE_DIR` + + if [ ! -d "$PP_OUT_DIR" ]; then + mkdir "$PP_OUT_DIR" + fi + if [ ! -d "$STATS_DIR" ]; then + mkdir "$STATS_DIR" + fi + if [ ! -d "$PP_LOG_DIR" ]; then + mkdir "$PP_LOG_DIR" + fi +} + + diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/run-verifast.sh b/Test/VeriFast/tasks/vTaskSwitchContext/run-verifast.sh index 60d333daa19..17fd3543348 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/run-verifast.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/run-verifast.sh @@ -25,6 +25,7 @@ PROOF_FILES_DIR=`vf_proof_dir $REPO_BASE_DIR` PP_ERR_LOG="`pp_log_dir $REPO_BASE_DIR`/preprocessing_errors.txt" +ensure_output_dirs_exist $REPO_BASE_DIR "$PREP" "$TASK_C" "$PP_TASK_C" "$PP_ERR_LOG" \ "$REPO_BASE_DIR" "$VF_PROOF_BASE_DIR" "$VF_DIR" diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/run-vfide.sh b/Test/VeriFast/tasks/vTaskSwitchContext/run-vfide.sh index eb8b2b3acf6..128fd96902f 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/run-vfide.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/run-vfide.sh @@ -31,6 +31,8 @@ then fi +ensure_output_dirs_exist $REPO_BASE_DIR + "$PREP" "$TASK_C" "$PP_TASK_C" "$PP_ERR_LOG" \ "$REPO_BASE_DIR" "$VF_PROOF_BASE_DIR" "$VF_DIR" From 2fccb9a226e676e964c2b3fbc57881c8b1081a70 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 13 Dec 2022 10:12:23 -0500 Subject: [PATCH 233/289] Removed proof annotations in `xTaskCreate`. --- .../tasks/vTaskSwitchContext/src/tasks.c | 28 ------------------- 1 file changed, 28 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c b/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c index 8f14ca88267..5f5d1762b29 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c +++ b/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c @@ -1747,14 +1747,6 @@ static void prvYieldForTask( TCB_t * pxTCB, void * const pvParameters, UBaseType_t uxPriority, TaskHandle_t * const pxCreatedTask ) - /*@ requires usStackDepth * sizeof( StackType_t ) < UINTPTR_MAX &*& - usStackDepth > 18 &*& - // We assume that macro `configMAX_TASK_NAME_LEN` evaluates to 16. - chars(pcName, 16, _) &*& - *pxCreatedTask |-> _ &*& - interruptState_p(?coreID, _); - @*/ - //@ ensures true; #if ( ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) ) { return xTaskCreateAffinitySet(pxTaskCode, pcName, usStackDepth, pvParameters, uxPriority, tskNO_AFFINITY, pxCreatedTask); @@ -1769,12 +1761,6 @@ static void prvYieldForTask( TCB_t * pxTCB, TaskHandle_t * const pxCreatedTask ) #endif /* ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) */ { - // Proof boken by switch to nightly build Nov 14, 2022 - // TODO: Adapt proof - //@ assume(false); - // ------------------------------------------------------------ - - TCB_t * pxNewTCB; BaseType_t xReturn; @@ -1819,11 +1805,6 @@ static void prvYieldForTask( TCB_t * pxTCB, { /* Store the stack location in the TCB. */ pxNewTCB->pxStack = pxStack; - //@ close xLIST_ITEM(&pxNewTCB->xStateListItem, _, _, _, _); - //@ close xLIST_ITEM(&pxNewTCB->xEventListItem, _, _, _, _); - //@ chars__limits((char*) pxNewTCB->pxStack); - //@ assert( pxNewTCB->pxStack + (size_t) usStackDepth <= (StackType_t*) UINTPTR_MAX ); - //@ close uninit_TCB_p(pxNewTCB, ((size_t) usStackDepth) * sizeof(StackType_t)); } else { @@ -1858,12 +1839,6 @@ static void prvYieldForTask( TCB_t * pxTCB, } #endif - /* TODO: Continue proof - * For now we stop verification here and concentrate on new - * verification target. - */ - //@ assume(false); - prvAddNewTaskToReadyList( pxNewTCB ); xReturn = pdPASS; } @@ -1872,9 +1847,6 @@ static void prvYieldForTask( TCB_t * pxTCB, xReturn = errCOULD_NOT_ALLOCATE_REQUIRED_MEMORY; } - //@ assume(false); - // TODO: Remove! - // Allows us to focus on verifying called functions. return xReturn; } From 3e1ba55806dcf37b376ee339a00e2dbddc7e22f2 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 13 Dec 2022 10:16:07 -0500 Subject: [PATCH 234/289] Deleted proof annotations in `prvInitialiseNewTask`. --- .../tasks/vTaskSwitchContext/src/tasks.c | 104 +----------------- 1 file changed, 2 insertions(+), 102 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c b/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c index 5f5d1762b29..1bdf4f06852 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c +++ b/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c @@ -1861,25 +1861,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, TaskHandle_t * const pxCreatedTask, TCB_t * pxNewTCB, const MemoryRegion_t * const xRegions ) -/*@ requires uninit_TCB_p(pxNewTCB, ?stackSize) &*& - stackSize == ulStackDepth * sizeof(StackType_t) &*& - stackSize <= UINTPTR_MAX &*& - ulStackDepth > 18 &*& - // We assume that macro `configMAX_TASK_NAME_LEN` evaluates to 16. - chars(pcName, 16, _) &*& - *pxCreatedTask |-> _; - @*/ -/*@ ensures TCB_p(pxNewTCB, ?freeBytes) &*& - chars(pcName, 16, _) &*& - *pxCreatedTask |-> _; - @*/ -{ - // Proof boken by switch to nightly build Nov 14, 2022 - // TODO: Adapt proof - //@ assume(false); - // ------------------------------------------------------------ - - +{ StackType_t * pxTopOfStack; UBaseType_t x; @@ -1898,9 +1880,6 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, uxPriority &= ~portPRIVILEGE_BIT; #endif /* portUSING_MPU_WRAPPERS == 1 */ - - //@ open uninit_TCB_p(_,_); - /* Avoid dependency on memset() if it is not required. */ #if ( tskSET_NEW_STACKS_TO_KNOWN_VALUE == 1 ) { @@ -1926,67 +1905,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, #if ( portSTACK_GROWTH < 0 ) { pxTopOfStack = &( pxNewTCB->pxStack[ ulStackDepth - ( uint32_t ) 1 ] ); - //@ StackType_t* gOldTop = pxTopOfStack; - //@ char* gcStack = (char*) pxNewTCB->pxStack; - - /* Set the following flag to skip and expensive part of this proof: - * `VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT` - * - * For VeriFast bit vector proofs are very computation intensive. - * Hence, reasoning about the stack alignment below takes relatively - * long. - */ - #ifndef VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT - // Axiomatize that pointers on RP2040 are 32bit - //@ ptr_range(pxTopOfStack); - - /* Convert top and mask to VeriFast bitvectors and establish - * relation to C variables. - * Note that on RP2040: - * - `portPOINTER_SIZE_TYPE` == `uint32_t` - * - `portBYTE_ALIGNMENT_MASK` == `0x0007` - */ - //@ uint32_t gMask = 0x0007; - //@ Z gzTop = Z_of_uint32((int) pxTopOfStack); - //@ Z gzMask = Z_of_uint32((int) gMask); - //@ bitnot_def(gMask, gzMask); - //@ bitand_def((int) pxTopOfStack, gzTop, ~gMask, Z_not(gzMask)); - #else - /* Axiomatise that no over- or underflow occurs. - * We further assume that `portPOINTER_SIZE_TYPE` evaluates to - * `uint32_t`. - */ - //@ ptr_range(pxTopOfStack); - /*@ assume( ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) - & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ) - > 0 ); - @*/ - /*@ assume( ( StackType_t * ) ( ( ( uint32_t ) pxTopOfStack ) - & ( ~( ( uint32_t ) ( 0x0007 ) ) ) ) - <= (StackType_t*) UINTPTR_MAX ); - @*/ - #endif /* VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT */ - pxTopOfStack = ( StackType_t * ) ( ( ( portPOINTER_SIZE_TYPE ) pxTopOfStack ) & ( ~( ( portPOINTER_SIZE_TYPE ) portBYTE_ALIGNMENT_MASK ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception. Avoiding casts between pointers and integers is not practical. Size differences accounted for using portPOINTER_SIZE_TYPE type. Checked by assert(). */ - - #ifndef VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT - //@ uint32_t gUnalignedBytes = (char*) gOldTop - (char*) pxTopOfStack; - - // The following alignment assertions hold but take very long to verify. - ///@ assert( pxTopOfStack <= gOldTop ); - ///@ assert( gOldTop - 7 <= pxTopOfStack ); - - // Same as above but for aligned top pointer: - //@ Z gzAlignedTop = Z_of_uint32((int) pxTopOfStack); - //@ bitand_def((int) pxTopOfStack, gzAlignedTop, gMask, gzMask); - #else - /* Axiomatize that alignmet check succeeds. - * We further assume that `portPOINTER_SIZE_TYPE` evaluates to - * `uint32_t`*/ - //@ ptr_range(pxTopOfStack); - /*@ assume( ( ( uint32_t ) pxTopOfStack & ( uint32_t ) ( 0x0007 ) ) == 0UL ); - @*/ - #endif /* VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT */ /* Check the alignment of the calculated top of stack is correct. */ configASSERT( ( ( ( portPOINTER_SIZE_TYPE ) pxTopOfStack & ( portPOINTER_SIZE_TYPE ) portBYTE_ALIGNMENT_MASK ) == 0UL ) ); @@ -2010,12 +1929,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, */ //@ assume( pxTopOfStack == gOldTop ); //@ int gUnalignedBytes = 0; - #endif /* VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT */ - - //@ assert( chars(gcStack, ?gFreeBytes, _) ); - //@ char* gUnalignedPtr = (char*) pxNewTCB->pxStack + gFreeBytes; - //@ close unalignedRestOfStack_p(gUnalignedPtr, gUnalignedBytes); - //@ close stack_p_2(pxNewTCB->pxStack, ulStackDepth, pxTopOfStack, gFreeBytes, 0, gUnalignedBytes); + #endif /* VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT */ #if ( configRECORD_STACK_HIGH_ADDRESS == 1 ) @@ -2104,10 +2018,6 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, listSET_LIST_ITEM_VALUE( &( pxNewTCB->xEventListItem ), ( TickType_t ) configMAX_PRIORITIES - ( TickType_t ) uxPriority ); /*lint !e961 MISRA exception as the casts are only redundant for some ports. */ listSET_LIST_ITEM_OWNER( &( pxNewTCB->xEventListItem ), pxNewTCB ); - // Closing predicates early simplifies the symbolic heap and proof debugging. - //@ close xLIST_ITEM(&pxNewTCB->xStateListItem, _, _, _, _); - //@ close xLIST_ITEM(&pxNewTCB->xEventListItem, _, _, _, _); - #if ( portCRITICAL_NESTING_IN_TCB == 1 ) { pxNewTCB->uxCriticalNesting = ( UBaseType_t ) 0U; @@ -2139,24 +2049,14 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, #if ( configNUM_THREAD_LOCAL_STORAGE_POINTERS != 0 ) { - //@ pointers__to_chars_(pxNewTCB->pvThreadLocalStoragePointers); - //@ assert(chars_((char*) pxNewTCB->pvThreadLocalStoragePointers, _, _)); - //@ assert(chars_(_, sizeof( pxNewTCB->pvThreadLocalStoragePointers ), _)); memset( ( void * ) &( pxNewTCB->pvThreadLocalStoragePointers[ 0 ] ), 0x00, sizeof( pxNewTCB->pvThreadLocalStoragePointers ) ); } #endif #if ( configUSE_TASK_NOTIFICATIONS == 1 ) { - ///@ assert( integers__(pxNewTCB->ulNotifiedValue, _, _, 1, _) ); - ///@ integers___to_integers_(pxNewTCB->ulNotifiedValue); - ///@ integers__to_chars(pxNewTCB->ulNotifiedValue); - //@integers___to_integers_(pxNewTCB->ulNotifiedValue); - //@ integers__to_chars(pxNewTCB->ulNotifiedValue); memset( ( void * ) &( pxNewTCB->ulNotifiedValue[ 0 ] ), 0x00, sizeof( pxNewTCB->ulNotifiedValue ) ); - //@ uchars__to_chars_(pxNewTCB->ucNotifyState); memset( ( void * ) &( pxNewTCB->ucNotifyState[ 0 ] ), 0x00, sizeof( pxNewTCB->ucNotifyState ) ); - //@ chars_to_uchars(pxNewTCB->ucNotifyState); } #endif From 676e9fddad220ebc6afc65344dbd315435eb2a53 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 13 Dec 2022 10:22:57 -0500 Subject: [PATCH 235/289] Deleted proof annotations in `prvInitialiseNewTask`. --- .../tasks/vTaskSwitchContext/src/tasks.c | 49 ++----------------- 1 file changed, 3 insertions(+), 46 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c b/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c index 1bdf4f06852..ef12b6819c0 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c +++ b/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c @@ -1884,17 +1884,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, #if ( tskSET_NEW_STACKS_TO_KNOWN_VALUE == 1 ) { /* Fill the stack with a known value to assist debugging. */ - #ifdef VERIFAST - /* Reason for rewrite: - * - VeriFast reports type mismatch because - * `( int ) tskSTACK_FILL_BYTE` is passed for a char argument. - * - * TODO: Is the type mismatch a real error? - */ - ( void ) memset( pxNewTCB->pxStack, ( char ) tskSTACK_FILL_BYTE, ( size_t ) ulStackDepth * sizeof( StackType_t ) ); - #else - ( void ) memset( pxNewTCB->pxStack, ( int ) tskSTACK_FILL_BYTE, ( size_t ) ulStackDepth * sizeof( StackType_t ) ); - #endif + ( void ) memset( pxNewTCB->pxStack, ( int ) tskSTACK_FILL_BYTE, ( size_t ) ulStackDepth * sizeof( StackType_t ) ); } #endif /* tskSET_NEW_STACKS_TO_KNOWN_VALUE */ @@ -1908,29 +1898,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, pxTopOfStack = ( StackType_t * ) ( ( ( portPOINTER_SIZE_TYPE ) pxTopOfStack ) & ( ~( ( portPOINTER_SIZE_TYPE ) portBYTE_ALIGNMENT_MASK ) ) ); /*lint !e923 !e9033 !e9078 MISRA exception. Avoiding casts between pointers and integers is not practical. Size differences accounted for using portPOINTER_SIZE_TYPE type. Checked by assert(). */ /* Check the alignment of the calculated top of stack is correct. */ - configASSERT( ( ( ( portPOINTER_SIZE_TYPE ) pxTopOfStack & ( portPOINTER_SIZE_TYPE ) portBYTE_ALIGNMENT_MASK ) == 0UL ) ); - - #ifndef VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT - /* Remark: Moving this proof step in front of the above - * assertion increases proof checking time by a lot. - */ - /*@ - if( pxTopOfStack < gOldTop ) - { - chars_split_at(gcStack, (char*) pxTopOfStack + sizeof(StackType_t)); - } - @*/ - #else - /* Axiomatize that bit vector operations did not change stack - * pointer. - */ - /* TODO: Can we simplify the axiomatizations here and above - * by assuming that the top pointer was already aligned? - */ - //@ assume( pxTopOfStack == gOldTop ); - //@ int gUnalignedBytes = 0; - #endif /* VERIFAST_SKIP_BITVECTOR_PROOF__STACK_ALIGNMENT */ - + configASSERT( ( ( ( portPOINTER_SIZE_TYPE ) pxTopOfStack & ( portPOINTER_SIZE_TYPE ) portBYTE_ALIGNMENT_MASK ) == 0UL ) ); #if ( configRECORD_STACK_HIGH_ADDRESS == 1 ) { @@ -1957,9 +1925,6 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, if( pcName != NULL ) { for( x = ( UBaseType_t ) 0; x < ( UBaseType_t ) configMAX_TASK_NAME_LEN; x++ ) - /*@ invariant chars_(pxNewTCB->pcTaskName, 16, _) &*& - chars(pcName, 16, _); - @*/ { pxNewTCB->pcTaskName[ x ] = pcName[ x ]; @@ -2071,12 +2036,7 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, #if ( INCLUDE_xTaskAbortDelay == 1 ) { - #ifdef VERIFAST - /* Reason for rewrite: Assignment not type safe. */ - pxNewTCB->ucDelayAborted = pd_U_FALSE; - #else - pxNewTCB->ucDelayAborted = pdFALSE; - #endif + pxNewTCB->ucDelayAborted = pdFALSE; } #endif @@ -2175,9 +2135,6 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, { mtCOVERAGE_TEST_MARKER(); } - - //@ assert( stack_p_2(_, _, _, ?gFreeBytes, _, _) ); - //@ close TCB_p(pxNewTCB, gFreeBytes); } /*-----------------------------------------------------------*/ From de64106012032380e4bc6c3246fca4113aa91bcd Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 13 Dec 2022 10:24:21 -0500 Subject: [PATCH 236/289] Deleted proof annotations in `prvAddNewTaskToReadyList` --- Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c b/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c index ef12b6819c0..e5ff0b1b00a 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c +++ b/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c @@ -2139,11 +2139,6 @@ static void prvInitialiseNewTask( TaskFunction_t pxTaskCode, /*-----------------------------------------------------------*/ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB ) -/*//@ requires interruptState_p(?coreID, _) &*& - unprotectedGlobalVars(); - @*/ -/*//@ ensures true; - @*/ { /* Ensure interrupts don't access the task lists while the lists are being * updated. */ From 35cae904574680903f66f52dbfddbad256215492 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 13 Dec 2022 10:34:14 -0500 Subject: [PATCH 237/289] Deleted deprecated proofs. --- .../proof/snippets/rp2040_port_c_snippets.c | 242 ------------------ .../proof/verifast_bitops_extended.h | 11 - .../proof/verifast_prelude_extended.h | 107 -------- .../tasks/vTaskSwitchContext/src/tasks.c | 4 - 4 files changed, 364 deletions(-) delete mode 100644 Test/VeriFast/tasks/vTaskSwitchContext/proof/snippets/rp2040_port_c_snippets.c delete mode 100644 Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_bitops_extended.h delete mode 100644 Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_prelude_extended.h diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/snippets/rp2040_port_c_snippets.c b/Test/VeriFast/tasks/vTaskSwitchContext/proof/snippets/rp2040_port_c_snippets.c deleted file mode 100644 index d38993779ee..00000000000 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/snippets/rp2040_port_c_snippets.c +++ /dev/null @@ -1,242 +0,0 @@ -/* - * This file contains code snippets from: - * portable/ThirdParty/GCC/RP2040/port.c - */ - - - -// Note currently we support configNUM_CORES == 1 with SMP, thought it isn't 100% clear why you wouldn't -// just use the non SMP version; keeping around for now in case the code bases are merged. -#define portRUNNING_ON_BOTH_CORES (configNUM_CORES == portMAX_CORE_COUNT) - -/* Constants required to manipulate the NVIC. */ -#define portNVIC_SYSTICK_CTRL_REG ( *( ( volatile uint32_t * ) 0xe000e010 ) ) -#define portNVIC_SYSTICK_LOAD_REG ( *( ( volatile uint32_t * ) 0xe000e014 ) ) -#define portNVIC_SYSTICK_CURRENT_VALUE_REG ( *( ( volatile uint32_t * ) 0xe000e018 ) ) -#define portNVIC_INT_CTRL_REG ( *( ( volatile uint32_t * ) 0xe000ed04 ) ) -#define portNVIC_SHPR3_REG ( *( ( volatile uint32_t * ) 0xe000ed20 ) ) -#define portNVIC_SYSTICK_CLK_BIT ( 1UL << 2UL ) -#define portNVIC_SYSTICK_INT_BIT ( 1UL << 1UL ) -#define portNVIC_SYSTICK_ENABLE_BIT ( 1UL << 0UL ) -#define portNVIC_SYSTICK_COUNT_FLAG_BIT ( 1UL << 16UL ) -#define portNVIC_PENDSVSET_BIT ( 1UL << 28UL ) -#define portMIN_INTERRUPT_PRIORITY ( 255UL ) -#define portNVIC_PENDSV_PRI ( portMIN_INTERRUPT_PRIORITY << 16UL ) -#define portNVIC_SYSTICK_PRI ( portMIN_INTERRUPT_PRIORITY << 24UL ) - -/* Constants required to set up the initial stack. */ -#define portINITIAL_XPSR ( 0x01000000 ) - -/* The systick is a 24-bit counter. */ -#define portMAX_24_BIT_NUMBER ( 0xffffffUL ) - -/* A fiddle factor to estimate the number of SysTick counts that would have - * occurred while the SysTick counter is stopped during tickless idle - * calculations. */ -#ifndef portMISSED_COUNTS_FACTOR - #define portMISSED_COUNTS_FACTOR ( 45UL ) -#endif - -/* Let the user override the pre-loading of the initial LR with the address of - * prvTaskExitError() in case it messes up unwinding of the stack in the - * debugger. */ -#ifdef configTASK_RETURN_ADDRESS - #define portTASK_RETURN_ADDRESS configTASK_RETURN_ADDRESS -#else - #define portTASK_RETURN_ADDRESS prvTaskExitError -#endif - -/* - * Setup the timer to generate the tick interrupts. The implementation in this - * file is weak to allow application writers to change the timer used to - * generate the tick interrupt. - */ -void vPortSetupTimerInterrupt( void ); - -/* - * Exception handlers. - */ -void xPortPendSVHandler( void ) __attribute__( ( naked ) ); -void xPortSysTickHandler( void ); -void vPortSVCHandler( void ); - -/* - * Start first task is a separate function so it can be tested in isolation. - */ -static void vPortStartFirstTask( void ) __attribute__( ( naked ) ); - -/* - * Used to catch tasks that attempt to return from their implementing function. - */ -static void prvTaskExitError( void ); - - - - -// ------------------------------------------------- -// Validate stack predicate - -/* Simulates creation and initialisation of a stack that grows down as on RP2040. - */ -StackType_t* test_stack_pred(uint32_t depth) -/*@ requires depth * sizeof(StackType_t) <= UINTPTR_MAX &*& - depth <= UINT_MAX &*& - depth > 0; - @*/ -/*@ ensures result == 0 ? true : stack_p(result, depth, ?top, depth) &*& - malloc_block_chars((char*) result, depth * sizeof(StackType_t)); -@*/ -{ - // Proof boken by switch to nightly build Nov 14, 2022 - // TODO: Adapt proof - //@ assume(false); - // ------------------------------------------------------------ - StackType_t * stack; - - - /* Allocate space for the stack used by the task being created. */ - stack = (StackType_t*) malloc( ( ( ( size_t ) depth ) * sizeof( StackType_t ) ) ); - if(stack == 0) return 0; - - memset(stack, 0, (unsigned int ) depth * sizeof(StackType_t)); - - StackType_t* top = stack + depth -1; - - //@ chars_to_integers_(stack, sizeof(StackType_t), false, depth); - //@ close stack_p(stack, depth, top, depth); - // integers_(stack0, 4, false, depth, _) - return stack; -} -// ------------------------------------------------- - -/* - * See header file for description. - */ -StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack, - TaskFunction_t pxCode, - void * pvParameters ) -/*@ requires pxTopOfStack > 0 &*& - stack_p_2(?pxStack, ?ulStackDepth, pxTopOfStack, ?ulFreeBytes, - ?ulUsedCells, ?ulUnalignedBytes) &*& - ulFreeBytes > 17 * sizeof(StackType_t) &*& - pxStack > 0; - @*/ -/*@ ensures stack_p_2(pxStack, ulStackDepth, result, - ulFreeBytes - sizeof(StackType_t) * 16, - ulUsedCells + 16, - ulUnalignedBytes) &*& - result == pxTopOfStack - 16; -@*/ -{ - // Proof boken by switch to nightly build Nov 14, 2022 - // TODO: Adapt proof - //@ assume(false); - // ------------------------------------------------------------ - - //@ StackType_t* gOldTop = pxTopOfStack; - //@ char* gcStack = (char*) pxStack; - //@ open stack_p_2(_, _, _, _, _, _); - - //@ assert( (char*) pxTopOfStack == (char*) pxStack + ulFreeBytes - sizeof(StackType_t) ); - //@ assert( (char*) pxStack + ulFreeBytes == (char*) pxTopOfStack + sizeof(StackType_t) ); - - // skip stack cell #0 - //@ chars_split(gcStack, ulFreeBytes - sizeof(StackType_t)); - //@ chars_to_integers_(gOldTop, sizeof(StackType_t), false, 1); - //@ integers__join(gOldTop); - /* Simulate the stack frame as it would be created by a context switch - * interrupt. */ - pxTopOfStack--; /* Offset added to account for the way the MCU uses the stack on entry/exit of interrupts. */ - - // Ensure maintining stack invariant - //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 1, ulUsedCells + 1, ulUnalignedBytes); - //@ open stack_p_2(pxStack, _, _, _, _, _); - - //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 2) ); - //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 1) == (char*) pxTopOfStack + sizeof(StackType_t) ); - - // make stack cell #1 available - //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 2)); - //@ chars_to_integers_(gOldTop-1, sizeof(StackType_t), false, 1); - //@ integers__join(gOldTop-1); - *pxTopOfStack = ( 0x01000000 ); /* xPSR */ - //@ close integers_(gOldTop-1, sizeof(StackType_t), false, ulUsedCells+2, _); - pxTopOfStack--; - - // Ensure maintining stack invariant - //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 2, ulUsedCells + 2, ulUnalignedBytes); - //@ open stack_p_2(pxStack, _, _, _, _, _); - - //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 3) ); - //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 2) == (char*) pxTopOfStack + sizeof(StackType_t) ); - - // prevent overflow - //@ ptr_range(pxCode); - // make stack cell #2 available - //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 3)); - //@ chars_to_integers_(gOldTop-2, sizeof(StackType_t), false, 1); - //@ integers__join(gOldTop-2); - *pxTopOfStack = ( StackType_t ) pxCode; /* PC */ - //@ close integers_(gOldTop-2, sizeof(StackType_t), false, ulUsedCells+3, _); - pxTopOfStack--; - - // Ensure maintining stack invariant - //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 3, ulUsedCells + 3, ulUnalignedBytes); - //@ open stack_p_2(pxStack, _, _, _, _, _); - - //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 4) ); - //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 3) == (char*) pxTopOfStack + sizeof(StackType_t) ); - - // prevent underflow - //@ ptr_range(prvTaskExitError); - // make stack cell #3 available - //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 4)); - //@ chars_to_integers_(gOldTop-3, sizeof(StackType_t), false, 1); - //@ integers__join(gOldTop-3); - *pxTopOfStack = ( StackType_t ) prvTaskExitError; /* LR */ - //@ close integers_(gOldTop-3, sizeof(StackType_t), false, ulUsedCells+4, _); - - pxTopOfStack -= 5; /* R12, R3, R2 and R1. */ - - // jump to stack cell #7 - //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 8)); - //@ chars_to_integers_(gOldTop-7, sizeof(StackType_t), false, 4); - //@ integers__join(gOldTop-7); - - // Ensure maintining stack invariant - //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 8, ulUsedCells + 8, ulUnalignedBytes); - //@ open stack_p_2(pxStack, _, _, _, _, _); - - //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 9) ); - //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 8) == (char*) pxTopOfStack + sizeof(StackType_t) ); - - // prevent overflow - //@ ptr_range(pvParameters); - - // make stack cell #8 available - //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 9)); - //@ chars_to_integers_(gOldTop-8, sizeof(StackType_t), false, 1); - //@ integers__join(gOldTop-8); - *pxTopOfStack = ( StackType_t ) pvParameters; /* R0 */ - //@ close integers_(gOldTop-8, sizeof(StackType_t), false, ulUsedCells+9, _); - - // Ensure maintining stack invariant - //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack-1, ulFreeBytes - sizeof(StackType_t) * 9, ulUsedCells + 9, ulUnalignedBytes); - //@ open stack_p_2(pxStack, _, _, _, _, _); - - - // skip stack cells #9 - #15, leave #16 unused - //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 16)); - //@ chars_to_integers_(gOldTop-15, sizeof(StackType_t), false, 7); - //@ integers__join(gOldTop-15); - pxTopOfStack -= 8; /* R11..R4. */ - - // Ensure maintining stack invariant - //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 16, ulUsedCells + 16, ulUnalignedBytes); - //@ assert( stack_p_2(pxStack, ulStackDepth, gOldTop-16, ulFreeBytes - sizeof(StackType_t) * 16, ulUsedCells + 16, ulUnalignedBytes) ); - - //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 17) ); - //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 16) == (char*) pxTopOfStack + sizeof(StackType_t) ); - - return pxTopOfStack; -} \ No newline at end of file diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_bitops_extended.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_bitops_extended.h deleted file mode 100644 index 437ae410283..00000000000 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_bitops_extended.h +++ /dev/null @@ -1,11 +0,0 @@ -#ifndef VERIFAST_BITOPS_EXTENDED_H -#define VERIFAST_BITOPS_EXTENDED_H - -/*@ -// TODO: Can we remove this? -lemma void bitand_idempotent_right(int l, int r); -requires true; -ensures (l & r) == ((l & r) & r); -@*/ - -#endif /* VERIFAST_BITOPS_EXTENDED_H */ \ No newline at end of file diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_prelude_extended.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_prelude_extended.h deleted file mode 100644 index beb263831cf..00000000000 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_prelude_extended.h +++ /dev/null @@ -1,107 +0,0 @@ -#ifndef VERIFAST_PRELUDE_EXTENDED_H -#define VERIFAST_PRELUDE_EXTENDED_H - -/* This file contains axioms that would naturally fit into prelude.h - * but are missing. - */ - -/* Reminder: - -predicate chars_(char *array, int count; list > cs) = - count == 0 ? - cs == nil - : - char_(array, ?c) &*& chars_(array + 1, count - 1, ?cs0) &*& cs == cons(c, cs0); - -predicate chars(char *array, int count; list cs) = - count == 0 ? - cs == nil - : - character(array, ?c) &*& chars(array + 1, count - 1, ?cs0) &*& cs == cons(c, cs0); - - -lemma_auto void chars__to_chars(char *array); - requires [?f]chars_(array, ?count, ?cs) &*& cs == map(some, map(the, cs)); - ensures [f]chars(array, count, map(the, cs)); - - - -predicate integers__(void *p, int size, bool signed_, int count; list > vs) = - count == 0 ? - vs == nil - : - integer__(p, size, signed_, ?v0) &*& integers__(p + size, size, signed_, count - 1, ?vs0) &*& vs == cons(v0, vs0); - -predicate integers_(void *p, int size, bool signed_, int count; list vs) = - count == 0 ? - vs == nil - : - integer_(p, size, signed_, ?v0) &*& integers_(p + size, size, signed_, count - 1, ?vs0) &*& vs == cons(v0, vs0); - - - */ - - - - -/*@ -lemma_auto void integers___to_integers_(void *p); - requires [?f]integers__(p, ?size, ?signed_, ?count, _); - ensures [f]integers_(p, size, signed_, count, _); -@*/ - - -/*@ -lemma void chars_split_at(char* start_ptr, char* split_ptr) -requires chars(start_ptr, ?count, ?vs) &*& - start_ptr <= split_ptr &*& split_ptr < start_ptr + count; -ensures chars(start_ptr, ?c1, ?vs1) &*& - chars(split_ptr, ?c2, ?vs2) &*& - start_ptr + c1 == split_ptr &*& - c1 + c2 == count; -{ - if( start_ptr == split_ptr ) - { - close chars(start_ptr, 0, nil); - } else - { - assert( start_ptr < split_ptr ); // Will fail when pointer provenance checks are turned on - open chars(start_ptr, _, _); - chars_split_at(start_ptr+1, split_ptr); - assert( chars(start_ptr+1, ?c1, _) ); - close chars(start_ptr, c1+1, _); - } -} -@*/ - - -/*@ -lemma void division_remainder_def(int l, int r); -requires l >= 0 &*& r > 0 &*& r < l; -ensures l == (l % r) + (l / r) * r &*& -0 <= (l % r) &*& -(l % r) < r; -@*/ - -/*@ -lemma void chars_to_max_integers__suffix(char* startPtr, int intSize, bool signed_) -requires chars(startPtr, ?count, ?vs) &*& intSize > 0 &*& count > intSize; -ensures chars(startPtr, ?cc, _) &*& - integers_(?intStartPtr, intSize, signed_, ?ci, _) &*& - count == cc + ci * intSize &*& - intStartPtr == startPtr + cc &*& - cc < intSize &*& - ci == count / intSize; -{ - int rem = count % intSize; - int ci = count / intSize; - - division_remainder_def(count, intSize); - chars_split(startPtr, rem); - chars_to_integers_(startPtr + rem, intSize, signed_, ci); - -} -@*/ - - -#endif /* VERIFAST_PRELUDE_EXTENDED_H */ \ No newline at end of file diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c b/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c index e5ff0b1b00a..33a0f507ced 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c +++ b/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c @@ -79,8 +79,6 @@ #include "task_predicates.h" #include "ready_list_predicates.h" #include "verifast_RP2040_axioms.h" - #include "verifast_prelude_extended.h" - #include "verifast_bitops_extended.h" #include "verifast_asm.h" #include "verifast_port_contracts.h" #include "verifast_lock_predicates.h" @@ -88,8 +86,6 @@ #include "single_core_proofs/scp_list_predicates.h" #include "single_core_proofs_extended/scp_list_predicates_extended.h" - #include "snippets/rp2040_port_c_snippets.c" - #include "list.c" #endif From 541e671569de83e1450657a24c4a6266cb84ff64 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 13 Dec 2022 10:34:14 -0500 Subject: [PATCH 238/289] Deleted deprecated proofs. --- .../proof/ready_list_predicates.h | 2 - .../proof/snippets/rp2040_port_c_snippets.c | 242 ------------------ .../proof/verifast_bitops_extended.h | 11 - .../proof/verifast_prelude_extended.h | 107 -------- .../tasks/vTaskSwitchContext/src/tasks.c | 4 - 5 files changed, 366 deletions(-) delete mode 100644 Test/VeriFast/tasks/vTaskSwitchContext/proof/snippets/rp2040_port_c_snippets.c delete mode 100644 Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_bitops_extended.h delete mode 100644 Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_prelude_extended.h diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/ready_list_predicates.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/ready_list_predicates.h index ac971fe6254..41a04b484f2 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/ready_list_predicates.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof/ready_list_predicates.h @@ -8,8 +8,6 @@ /*@ -// TODO: We know that the list of priority 0 is never empty. -// It contains the idle task and nothing else. predicate readyLists_p(list > gCellLists, list > gOwnerLists) = configMAX_PRIORITIES == length(gCellLists) &*& diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/snippets/rp2040_port_c_snippets.c b/Test/VeriFast/tasks/vTaskSwitchContext/proof/snippets/rp2040_port_c_snippets.c deleted file mode 100644 index d38993779ee..00000000000 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/snippets/rp2040_port_c_snippets.c +++ /dev/null @@ -1,242 +0,0 @@ -/* - * This file contains code snippets from: - * portable/ThirdParty/GCC/RP2040/port.c - */ - - - -// Note currently we support configNUM_CORES == 1 with SMP, thought it isn't 100% clear why you wouldn't -// just use the non SMP version; keeping around for now in case the code bases are merged. -#define portRUNNING_ON_BOTH_CORES (configNUM_CORES == portMAX_CORE_COUNT) - -/* Constants required to manipulate the NVIC. */ -#define portNVIC_SYSTICK_CTRL_REG ( *( ( volatile uint32_t * ) 0xe000e010 ) ) -#define portNVIC_SYSTICK_LOAD_REG ( *( ( volatile uint32_t * ) 0xe000e014 ) ) -#define portNVIC_SYSTICK_CURRENT_VALUE_REG ( *( ( volatile uint32_t * ) 0xe000e018 ) ) -#define portNVIC_INT_CTRL_REG ( *( ( volatile uint32_t * ) 0xe000ed04 ) ) -#define portNVIC_SHPR3_REG ( *( ( volatile uint32_t * ) 0xe000ed20 ) ) -#define portNVIC_SYSTICK_CLK_BIT ( 1UL << 2UL ) -#define portNVIC_SYSTICK_INT_BIT ( 1UL << 1UL ) -#define portNVIC_SYSTICK_ENABLE_BIT ( 1UL << 0UL ) -#define portNVIC_SYSTICK_COUNT_FLAG_BIT ( 1UL << 16UL ) -#define portNVIC_PENDSVSET_BIT ( 1UL << 28UL ) -#define portMIN_INTERRUPT_PRIORITY ( 255UL ) -#define portNVIC_PENDSV_PRI ( portMIN_INTERRUPT_PRIORITY << 16UL ) -#define portNVIC_SYSTICK_PRI ( portMIN_INTERRUPT_PRIORITY << 24UL ) - -/* Constants required to set up the initial stack. */ -#define portINITIAL_XPSR ( 0x01000000 ) - -/* The systick is a 24-bit counter. */ -#define portMAX_24_BIT_NUMBER ( 0xffffffUL ) - -/* A fiddle factor to estimate the number of SysTick counts that would have - * occurred while the SysTick counter is stopped during tickless idle - * calculations. */ -#ifndef portMISSED_COUNTS_FACTOR - #define portMISSED_COUNTS_FACTOR ( 45UL ) -#endif - -/* Let the user override the pre-loading of the initial LR with the address of - * prvTaskExitError() in case it messes up unwinding of the stack in the - * debugger. */ -#ifdef configTASK_RETURN_ADDRESS - #define portTASK_RETURN_ADDRESS configTASK_RETURN_ADDRESS -#else - #define portTASK_RETURN_ADDRESS prvTaskExitError -#endif - -/* - * Setup the timer to generate the tick interrupts. The implementation in this - * file is weak to allow application writers to change the timer used to - * generate the tick interrupt. - */ -void vPortSetupTimerInterrupt( void ); - -/* - * Exception handlers. - */ -void xPortPendSVHandler( void ) __attribute__( ( naked ) ); -void xPortSysTickHandler( void ); -void vPortSVCHandler( void ); - -/* - * Start first task is a separate function so it can be tested in isolation. - */ -static void vPortStartFirstTask( void ) __attribute__( ( naked ) ); - -/* - * Used to catch tasks that attempt to return from their implementing function. - */ -static void prvTaskExitError( void ); - - - - -// ------------------------------------------------- -// Validate stack predicate - -/* Simulates creation and initialisation of a stack that grows down as on RP2040. - */ -StackType_t* test_stack_pred(uint32_t depth) -/*@ requires depth * sizeof(StackType_t) <= UINTPTR_MAX &*& - depth <= UINT_MAX &*& - depth > 0; - @*/ -/*@ ensures result == 0 ? true : stack_p(result, depth, ?top, depth) &*& - malloc_block_chars((char*) result, depth * sizeof(StackType_t)); -@*/ -{ - // Proof boken by switch to nightly build Nov 14, 2022 - // TODO: Adapt proof - //@ assume(false); - // ------------------------------------------------------------ - StackType_t * stack; - - - /* Allocate space for the stack used by the task being created. */ - stack = (StackType_t*) malloc( ( ( ( size_t ) depth ) * sizeof( StackType_t ) ) ); - if(stack == 0) return 0; - - memset(stack, 0, (unsigned int ) depth * sizeof(StackType_t)); - - StackType_t* top = stack + depth -1; - - //@ chars_to_integers_(stack, sizeof(StackType_t), false, depth); - //@ close stack_p(stack, depth, top, depth); - // integers_(stack0, 4, false, depth, _) - return stack; -} -// ------------------------------------------------- - -/* - * See header file for description. - */ -StackType_t * pxPortInitialiseStack( StackType_t * pxTopOfStack, - TaskFunction_t pxCode, - void * pvParameters ) -/*@ requires pxTopOfStack > 0 &*& - stack_p_2(?pxStack, ?ulStackDepth, pxTopOfStack, ?ulFreeBytes, - ?ulUsedCells, ?ulUnalignedBytes) &*& - ulFreeBytes > 17 * sizeof(StackType_t) &*& - pxStack > 0; - @*/ -/*@ ensures stack_p_2(pxStack, ulStackDepth, result, - ulFreeBytes - sizeof(StackType_t) * 16, - ulUsedCells + 16, - ulUnalignedBytes) &*& - result == pxTopOfStack - 16; -@*/ -{ - // Proof boken by switch to nightly build Nov 14, 2022 - // TODO: Adapt proof - //@ assume(false); - // ------------------------------------------------------------ - - //@ StackType_t* gOldTop = pxTopOfStack; - //@ char* gcStack = (char*) pxStack; - //@ open stack_p_2(_, _, _, _, _, _); - - //@ assert( (char*) pxTopOfStack == (char*) pxStack + ulFreeBytes - sizeof(StackType_t) ); - //@ assert( (char*) pxStack + ulFreeBytes == (char*) pxTopOfStack + sizeof(StackType_t) ); - - // skip stack cell #0 - //@ chars_split(gcStack, ulFreeBytes - sizeof(StackType_t)); - //@ chars_to_integers_(gOldTop, sizeof(StackType_t), false, 1); - //@ integers__join(gOldTop); - /* Simulate the stack frame as it would be created by a context switch - * interrupt. */ - pxTopOfStack--; /* Offset added to account for the way the MCU uses the stack on entry/exit of interrupts. */ - - // Ensure maintining stack invariant - //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 1, ulUsedCells + 1, ulUnalignedBytes); - //@ open stack_p_2(pxStack, _, _, _, _, _); - - //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 2) ); - //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 1) == (char*) pxTopOfStack + sizeof(StackType_t) ); - - // make stack cell #1 available - //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 2)); - //@ chars_to_integers_(gOldTop-1, sizeof(StackType_t), false, 1); - //@ integers__join(gOldTop-1); - *pxTopOfStack = ( 0x01000000 ); /* xPSR */ - //@ close integers_(gOldTop-1, sizeof(StackType_t), false, ulUsedCells+2, _); - pxTopOfStack--; - - // Ensure maintining stack invariant - //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 2, ulUsedCells + 2, ulUnalignedBytes); - //@ open stack_p_2(pxStack, _, _, _, _, _); - - //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 3) ); - //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 2) == (char*) pxTopOfStack + sizeof(StackType_t) ); - - // prevent overflow - //@ ptr_range(pxCode); - // make stack cell #2 available - //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 3)); - //@ chars_to_integers_(gOldTop-2, sizeof(StackType_t), false, 1); - //@ integers__join(gOldTop-2); - *pxTopOfStack = ( StackType_t ) pxCode; /* PC */ - //@ close integers_(gOldTop-2, sizeof(StackType_t), false, ulUsedCells+3, _); - pxTopOfStack--; - - // Ensure maintining stack invariant - //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 3, ulUsedCells + 3, ulUnalignedBytes); - //@ open stack_p_2(pxStack, _, _, _, _, _); - - //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 4) ); - //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 3) == (char*) pxTopOfStack + sizeof(StackType_t) ); - - // prevent underflow - //@ ptr_range(prvTaskExitError); - // make stack cell #3 available - //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 4)); - //@ chars_to_integers_(gOldTop-3, sizeof(StackType_t), false, 1); - //@ integers__join(gOldTop-3); - *pxTopOfStack = ( StackType_t ) prvTaskExitError; /* LR */ - //@ close integers_(gOldTop-3, sizeof(StackType_t), false, ulUsedCells+4, _); - - pxTopOfStack -= 5; /* R12, R3, R2 and R1. */ - - // jump to stack cell #7 - //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 8)); - //@ chars_to_integers_(gOldTop-7, sizeof(StackType_t), false, 4); - //@ integers__join(gOldTop-7); - - // Ensure maintining stack invariant - //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 8, ulUsedCells + 8, ulUnalignedBytes); - //@ open stack_p_2(pxStack, _, _, _, _, _); - - //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 9) ); - //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 8) == (char*) pxTopOfStack + sizeof(StackType_t) ); - - // prevent overflow - //@ ptr_range(pvParameters); - - // make stack cell #8 available - //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 9)); - //@ chars_to_integers_(gOldTop-8, sizeof(StackType_t), false, 1); - //@ integers__join(gOldTop-8); - *pxTopOfStack = ( StackType_t ) pvParameters; /* R0 */ - //@ close integers_(gOldTop-8, sizeof(StackType_t), false, ulUsedCells+9, _); - - // Ensure maintining stack invariant - //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack-1, ulFreeBytes - sizeof(StackType_t) * 9, ulUsedCells + 9, ulUnalignedBytes); - //@ open stack_p_2(pxStack, _, _, _, _, _); - - - // skip stack cells #9 - #15, leave #16 unused - //@ chars_split(gcStack, ulFreeBytes - (sizeof(StackType_t) * 16)); - //@ chars_to_integers_(gOldTop-15, sizeof(StackType_t), false, 7); - //@ integers__join(gOldTop-15); - pxTopOfStack -= 8; /* R11..R4. */ - - // Ensure maintining stack invariant - //@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, ulFreeBytes - sizeof(StackType_t) * 16, ulUsedCells + 16, ulUnalignedBytes); - //@ assert( stack_p_2(pxStack, ulStackDepth, gOldTop-16, ulFreeBytes - sizeof(StackType_t) * 16, ulUsedCells + 16, ulUnalignedBytes) ); - - //@ assert( (char*) pxTopOfStack == (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 17) ); - //@ assert( (char*) pxStack + (ulFreeBytes - sizeof(StackType_t) * 16) == (char*) pxTopOfStack + sizeof(StackType_t) ); - - return pxTopOfStack; -} \ No newline at end of file diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_bitops_extended.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_bitops_extended.h deleted file mode 100644 index 437ae410283..00000000000 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_bitops_extended.h +++ /dev/null @@ -1,11 +0,0 @@ -#ifndef VERIFAST_BITOPS_EXTENDED_H -#define VERIFAST_BITOPS_EXTENDED_H - -/*@ -// TODO: Can we remove this? -lemma void bitand_idempotent_right(int l, int r); -requires true; -ensures (l & r) == ((l & r) & r); -@*/ - -#endif /* VERIFAST_BITOPS_EXTENDED_H */ \ No newline at end of file diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_prelude_extended.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_prelude_extended.h deleted file mode 100644 index beb263831cf..00000000000 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_prelude_extended.h +++ /dev/null @@ -1,107 +0,0 @@ -#ifndef VERIFAST_PRELUDE_EXTENDED_H -#define VERIFAST_PRELUDE_EXTENDED_H - -/* This file contains axioms that would naturally fit into prelude.h - * but are missing. - */ - -/* Reminder: - -predicate chars_(char *array, int count; list > cs) = - count == 0 ? - cs == nil - : - char_(array, ?c) &*& chars_(array + 1, count - 1, ?cs0) &*& cs == cons(c, cs0); - -predicate chars(char *array, int count; list cs) = - count == 0 ? - cs == nil - : - character(array, ?c) &*& chars(array + 1, count - 1, ?cs0) &*& cs == cons(c, cs0); - - -lemma_auto void chars__to_chars(char *array); - requires [?f]chars_(array, ?count, ?cs) &*& cs == map(some, map(the, cs)); - ensures [f]chars(array, count, map(the, cs)); - - - -predicate integers__(void *p, int size, bool signed_, int count; list > vs) = - count == 0 ? - vs == nil - : - integer__(p, size, signed_, ?v0) &*& integers__(p + size, size, signed_, count - 1, ?vs0) &*& vs == cons(v0, vs0); - -predicate integers_(void *p, int size, bool signed_, int count; list vs) = - count == 0 ? - vs == nil - : - integer_(p, size, signed_, ?v0) &*& integers_(p + size, size, signed_, count - 1, ?vs0) &*& vs == cons(v0, vs0); - - - */ - - - - -/*@ -lemma_auto void integers___to_integers_(void *p); - requires [?f]integers__(p, ?size, ?signed_, ?count, _); - ensures [f]integers_(p, size, signed_, count, _); -@*/ - - -/*@ -lemma void chars_split_at(char* start_ptr, char* split_ptr) -requires chars(start_ptr, ?count, ?vs) &*& - start_ptr <= split_ptr &*& split_ptr < start_ptr + count; -ensures chars(start_ptr, ?c1, ?vs1) &*& - chars(split_ptr, ?c2, ?vs2) &*& - start_ptr + c1 == split_ptr &*& - c1 + c2 == count; -{ - if( start_ptr == split_ptr ) - { - close chars(start_ptr, 0, nil); - } else - { - assert( start_ptr < split_ptr ); // Will fail when pointer provenance checks are turned on - open chars(start_ptr, _, _); - chars_split_at(start_ptr+1, split_ptr); - assert( chars(start_ptr+1, ?c1, _) ); - close chars(start_ptr, c1+1, _); - } -} -@*/ - - -/*@ -lemma void division_remainder_def(int l, int r); -requires l >= 0 &*& r > 0 &*& r < l; -ensures l == (l % r) + (l / r) * r &*& -0 <= (l % r) &*& -(l % r) < r; -@*/ - -/*@ -lemma void chars_to_max_integers__suffix(char* startPtr, int intSize, bool signed_) -requires chars(startPtr, ?count, ?vs) &*& intSize > 0 &*& count > intSize; -ensures chars(startPtr, ?cc, _) &*& - integers_(?intStartPtr, intSize, signed_, ?ci, _) &*& - count == cc + ci * intSize &*& - intStartPtr == startPtr + cc &*& - cc < intSize &*& - ci == count / intSize; -{ - int rem = count % intSize; - int ci = count / intSize; - - division_remainder_def(count, intSize); - chars_split(startPtr, rem); - chars_to_integers_(startPtr + rem, intSize, signed_, ci); - -} -@*/ - - -#endif /* VERIFAST_PRELUDE_EXTENDED_H */ \ No newline at end of file diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c b/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c index e5ff0b1b00a..33a0f507ced 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c +++ b/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c @@ -79,8 +79,6 @@ #include "task_predicates.h" #include "ready_list_predicates.h" #include "verifast_RP2040_axioms.h" - #include "verifast_prelude_extended.h" - #include "verifast_bitops_extended.h" #include "verifast_asm.h" #include "verifast_port_contracts.h" #include "verifast_lock_predicates.h" @@ -88,8 +86,6 @@ #include "single_core_proofs/scp_list_predicates.h" #include "single_core_proofs_extended/scp_list_predicates_extended.h" - #include "snippets/rp2040_port_c_snippets.c" - #include "list.c" #endif From 1672d293ab758ea37cb7b413cb836e1ea68a6fc6 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 13 Dec 2022 10:42:38 -0500 Subject: [PATCH 239/289] Removed duplicate code in predicates. --- .../proof/verifast_lock_predicates.h | 41 +------------------ .../tasks/vTaskSwitchContext/src/tasks.c | 8 +++- 2 files changed, 7 insertions(+), 42 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_lock_predicates.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_lock_predicates.h index c4592b2d090..615c7451cf3 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_lock_predicates.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_lock_predicates.h @@ -85,46 +85,7 @@ predicate isrLockInv_p(); fixpoint int taskISRLockID_f(); predicate taskISRLockInv_p() = - // Access to global variables - [0.5]pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB) &*& - integer_((void*) &uxSchedulerSuspended, sizeof(UBaseType_t), false, _) &*& - integer_(&xSchedulerRunning, sizeof(BaseType_t), true, _) - &*& - // top ready priority must be in range - integer_((void*) &uxTopReadyPriority, sizeof(UBaseType_t), false, ?gTopReadyPriority) &*& - 0 <= gTopReadyPriority &*& gTopReadyPriority < configMAX_PRIORITIES - &*& - // tasks / TCBs - exists_in_taskISRLockInv_p(?gTasks, ?gStates) - &*& - // (RP-All) Read permissions for every task - // and recording of task states in state list - // (∀t ∈ gTasks. - // [1/2]sharedSeg_TCB_p(t, _)) - // ∧ - // ∀i. ∀t. gTasks[i] == t -> gStates[i] == t->xTaskRunState - foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStates)) - &*& - // (RP-Current) Read permission for task currently scheduled on this core - // (RP-All) + (RP-Current) => Write permission for scheduled task - [1/2]sharedSeg_TCB_p(gCurrentTCB, ?gCurrentTCB_state) &*& -// gCurrentTCB_state != taskTASK_NOT_RUNNING &*& - (gCurrentTCB_state == coreID_f() || gCurrentTCB_state == taskTASK_YIELDING) &*& - nth(index_of(gCurrentTCB, gTasks), gStates) == gCurrentTCB_state - &*& - // (RP-Unsched) Read permissions for unscheduled tasks - // (RP-All) + (RP-Unsched) => Write permissions for unscheduled tasks - // ∀t ∈ tasks. t->xTaskState == taskTASK_NOT_RUNNING - // -> [1/2]shared_TCB_p(t, taskTASK_NOT_RUNNING) - foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) - &*& - readyLists_p(?gCellLists, ?gOwnerLists) - &*& - // gTasks contains all relevant tasks - mem(gCurrentTCB, gTasks) == true - &*& - // ∀l ∈ gOwnerLists. l ⊆ gTasks - forall(gOwnerLists, (superset)(gTasks)) == true; + _taskISRLockInv_p(_); // Auxiliary predicate. Equal to the lock invariant above but exposes diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c b/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c index 33a0f507ced..c68514334b3 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c +++ b/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c @@ -932,7 +932,8 @@ static void prvYieldForTask( TCB_t * pxTCB, @*/ { //@ open taskISRLockInv_p(); - //@ assert( integer_((void*) &uxTopReadyPriority, sizeof(UBaseType_t), false, ?gTopReadyPriority0) ); + //@ open _taskISRLockInv_p(?gTopReadyPriority0); + //@ assert( integer_((void*) &uxTopReadyPriority, sizeof(UBaseType_t), false, gTopReadyPriority0) ); //@ assert( gTopReadyPriority0 == uxTopReadyPriority); UBaseType_t uxCurrentPriority = uxTopReadyPriority; BaseType_t xTaskScheduled = pdFALSE; @@ -1390,6 +1391,7 @@ static void prvYieldForTask( TCB_t * pxTCB, // @ append_take_nth_drop(uxCurrentPriority, gOwnerLists); // @ close readyLists_p(gCellLists2, gOwnerLists2); + //@ close _taskISRLockInv_p(_); //@ close taskISRLockInv_p(); return pdFALSE; } @@ -1508,7 +1510,6 @@ static void prvYieldForTask( TCB_t * pxTCB, #endif /* if ( configUSE_CORE_AFFINITY == 1 ) */ #endif /* if ( configNUM_CORES > 1 ) */ - //@ open _taskISRLockInv_p(_); //@ close taskISRLockInv_p(); return pdTRUE; } @@ -4442,11 +4443,13 @@ void vTaskSwitchContext( BaseType_t xCoreID ) #endif /* VERIFAST */ //@ open taskISRLockInv_p(); + //@ open _taskISRLockInv_p(_); if( uxSchedulerSuspended != ( UBaseType_t ) pdFALSE ) { /* The scheduler is currently suspended - do not allow a context * switch. */ xYieldPendings[ xCoreID ] = pdTRUE; + //@ close _taskISRLockInv_p(_); //@ close taskISRLockInv_p(); } else @@ -4494,6 +4497,7 @@ void vTaskSwitchContext( BaseType_t xCoreID ) /* Select a new task to run using either the generic C or port * optimised asm code. */ + //@ close _taskISRLockInv_p(_); //@ close taskISRLockInv_p(); ( void ) prvSelectHighestPriorityTask( xCoreID ); traceTASK_SWITCHED_IN(); From ff763690a45370515bbadfd6dac59fee2e9cd7f6 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 13 Dec 2022 10:46:51 -0500 Subject: [PATCH 240/289] Removed deprecated predicates and proofs. --- .../proof/stack_predicates.h | 49 ------------------- 1 file changed, 49 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/stack_predicates.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/stack_predicates.h index 00c295708e4..7bf3e41c972 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/stack_predicates.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof/stack_predicates.h @@ -34,55 +34,6 @@ predicate unalignedRestOfStack_p(char* p, uint32_t ulUnalignedBytes) = chars(p, ulUnalignedBytes, _); @*/ -/*@ -// Represents a stack that grows down (cf. RP2040 stack) -predicate stack_p(StackType_t * pxStack, uint32_t ulStackDepth, StackType_t * pxTopOfStack, uint32_t freeCells) = - integers_(pxStack, sizeof(StackType_t), false, ulStackDepth, _) &*& - ulStackDepth > 0 &*& - freeCells >= 0 &*& - pxTopOfStack == pxStack + freeCells -1 &*& - 0 <= freeCells &*& freeCells <= ulStackDepth; -// usedMem == pxStack - pxTopOfStack -// freeMem == ulStackDepth - usedMem - //freeCells * sizeof(StackType_t) == ulStackDepth * sizeof(StackType_t) - ((char*) pxStack - (char*) pxTopOfStack) &*& -// usedCells * sizeof(StackType_t) == ((char*) pxStack - (char*) pxTopOfStack); -@*/ - -/*/@ -lemma void split_stack(StackType_t * pxStack, int offset) -requires stack_p(pxStack,?ulStackDepth, ?pxTopOfStack, ?freeMem, _) &*& 0 <= offset &*& - offset * sizeof(StackType_t) < ulStackDepth; -ensures integers_(pxStack, sizeof(StackType_t), true, offset * sizeof(StackType_t), _) &*& - integers_(pxStack + offset * sizeof(StackType_t), sizeof(StackType_t), true, ulStackDepth - offset * sizeof(StackType_t), _) ; -{ - open stack_p(_, _, _, _); - integers__split(pxStack, offset * sizeof(StackType_t) ); -} -@*/ - -/*@ -// TODO: Do we need this lemma or is it usually cleaner to split stack manually? -lemma void getTopOfStack(StackType_t* pxStack, StackType_t* pxTopOfStack) -requires stack_p(pxStack,?ulStackDepth, pxTopOfStack, ?freeCells) &*& - freeCells > 0; -ensures // free cells minus top cell - integers_(pxStack, sizeof(StackType_t), false, freeCells-1, _) &*& - // top stack cell - integer_(pxStack + freeCells-1, sizeof(StackType_t), false, _) &*& - // used stack cells - integers_(pxStack + freeCells, sizeof(StackType_t), false, - ulStackDepth - freeCells, _) &*& - // stack contraints necessary to close `stack_p` again - ulStackDepth > 0 &*& - freeCells >= 0 &*& - pxTopOfStack == pxStack + freeCells -1 &*& - 0 <= freeCells &*& freeCells <= ulStackDepth; -{ - open stack_p(_, _, _, _); - integers__split(pxStack, freeCells-1); - open integers_(pxStack + (freeCells-1), _, _, _, _); -} -@*/ #endif /* STACK_PREDICATES */ \ No newline at end of file From 3675aa60119313a1a4ca9ca2fde5d6c09b9711d0 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 13 Dec 2022 10:55:57 -0500 Subject: [PATCH 241/289] Deleted deprecated predicates and wrote some documentation. --- .../proof/task_predicates.h | 58 ++++--------------- 1 file changed, 10 insertions(+), 48 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/task_predicates.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/task_predicates.h index ebd37d71cb6..d412714d4a8 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/task_predicates.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof/task_predicates.h @@ -5,53 +5,12 @@ #include "single_core_proofs/scp_list_predicates.h" -/*@ -// This predicate represents the memory corresponding to an -// uninitialised instance of type `TCB_t` aka `tskTaskControlBlock`. -predicate uninit_TCB_p(TCB_t * tcb, int stackSize) = - malloc_block_tskTaskControlBlock(tcb) &*& - tcb->pxTopOfStack |-> _ &*& - - xLIST_ITEM(&tcb->xStateListItem, _, _, _, _, _) &*& - struct_xLIST_ITEM_padding(&tcb->xStateListItem) &*& - xLIST_ITEM(&tcb->xEventListItem, _, _, _, _, _) &*& - struct_xLIST_ITEM_padding(&tcb->xEventListItem) &*& - - tcb->uxPriority |-> _ &*& - - tcb->pxStack |-> ?stackPtr &*& - stackPtr != 0 &*& - (char*) stackPtr + stackSize <= (char*) UINTPTR_MAX &*& - chars_((char*) stackPtr, stackSize, _) &*& - malloc_block_chars((char*) stackPtr, stackSize) &*& - - tcb->xTaskRunState |-> _ &*& - tcb->xIsIdle |-> _ &*& - - // Assumes macro `configMAX_TASK_NAME_LEN` evaluates to 16. - chars_(tcb->pcTaskName, 16, _) &*& - - tcb->uxCriticalNesting |-> _ &*& - tcb->uxTCBNumber |-> _ &*& - tcb->uxTaskNumber |-> _ &*& - tcb->uxBasePriority |-> _ &*& - tcb->uxMutexesHeld |-> _ &*& - - // void * pvThreadLocalStoragePointers[ 5 ]; - pointers_(tcb->pvThreadLocalStoragePointers, 5, _) &*& - - // We assume that the macro `configTASK_NOTIFICATION_ARRAY_ENTRIES` - // evaluates to 1. - integers__(tcb->ulNotifiedValue, 4, false, 1, _) &*& - uchars_((unsigned char*) tcb->ucNotifyState, 1, _) &*& - - tcb->ucDelayAborted |-> _; -@*/ - - /*@ // This predicate represents the memory corresponding to an // initialised instance of type `TCB_t` aka `tskTaskControlBlock`. +// The predicate itself is not used during the verification of +// `vTaskSwitchContext`. However, we keep it around to allow proof authors to +// validate that the predicates below indeed capture specific segments of a TCB. predicate TCB_p(TCB_t * tcb, uint32_t ulFreeBytesOnStack) = malloc_block_tskTaskControlBlock(tcb) &*& tcb->pxStack |-> ?stackPtr &*& @@ -87,10 +46,6 @@ predicate TCB_p(TCB_t * tcb, uint32_t ulFreeBytesOnStack) = uchars((unsigned char*) tcb->ucNotifyState, 1, _) &*& tcb->ucDelayAborted |-> _; - - -predicate absTCB_p(TCB_t* tcb) = - TCB_p(tcb, _); @*/ /*@ @@ -102,12 +57,19 @@ predicate absTCB_p(TCB_t* tcb) = // // The predicates below will be expanded iteratively. +// This predicate captures the private part of a TCB that should only be +// accessed by the TCB represents or under specific circumstances where +// we are certain that the task is not running. predicate prvSeg_TCB_p(TCB_t* tcb, uint32_t ulFreeBytesOnStack) = tcb->pxStack |-> ?stackPtr &*& tcb->pxTopOfStack |-> ?topPtr &*& stack_p_2(stackPtr, ?ulStackDepth, topPtr, ulFreeBytesOnStack, ?ulUsedCells, ?ulUnalignedBytes); +// This predicate represents a shared part of a TCB that can be accessed by +// anyone. Note that this predicate only contains the minimal access rights +// required by the `vTaskSwitchContext` proof. It can be extended in the future +// as needed. predicate sharedSeg_TCB_p(TCB_t* tcb, TaskRunning_t state;) = tcb->xTaskRunState |-> state; From 677ffa8cea5e9ec0276c4016f032154501679378 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 13 Dec 2022 10:57:41 -0500 Subject: [PATCH 242/289] Renamed predicate `stack_p_2` into `stack_p` --- .../tasks/vTaskSwitchContext/include/stack_macros.h | 8 ++++---- .../tasks/vTaskSwitchContext/proof/stack_predicates.h | 2 +- .../tasks/vTaskSwitchContext/proof/task_predicates.h | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/include/stack_macros.h b/Test/VeriFast/tasks/vTaskSwitchContext/include/stack_macros.h index ea247e4064e..539a22e8810 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/include/stack_macros.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/include/stack_macros.h @@ -112,10 +112,10 @@ @*/ \ { \ /*@ open prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack); @*/ \ - /*@ assert( stack_p_2(?pxStack, ?ulStackDepth, ?pxTopOfStack, \ + /*@ assert( stack_p(?pxStack, ?ulStackDepth, ?pxTopOfStack, \ ?ulFreeBytes, ?ulUsedCells, ?ulUnalignedBytes) ); \ @*/ \ - /*@ open stack_p_2(_, _, _, _, _, _); @*/ \ + /*@ open stack_p(_, _, _, _, _, _); @*/ \ /* The detour below allows us to skip proving that `ulFreeBytes` \ * is a multiple of `sizeof(StackType_t)`. \ */ \ @@ -136,7 +136,7 @@ /*@ integers__to_chars(pxStack); @*/ \ /*@ chars_join((char*) pxStack); @*/ \ /*@ chars_split((char*) pxStack, ulFreeBytesOnStack); @*/ \ - /*@ close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, \ + /*@ close stack_p(pxStack, ulStackDepth, pxTopOfStack, \ ulFreeBytes, ulUsedCells, ulUnalignedBytes); \ @*/ \ /*@ close prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack); @*/ \ @@ -149,7 +149,7 @@ integers__to_chars(pxStack); \ chars_join((char*) pxStack); \ chars_split((char*) pxStack, ulFreeBytesOnStack); \ - close stack_p_2(pxStack, ulStackDepth, pxTopOfStack, \ + close stack_p(pxStack, ulStackDepth, pxTopOfStack, \ ulFreeBytes, ulUsedCells, ulUnalignedBytes); \ close prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack); \ } \ diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/stack_predicates.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/stack_predicates.h index 7bf3e41c972..3941beec858 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/stack_predicates.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof/stack_predicates.h @@ -4,7 +4,7 @@ /*@ // Represents a stack that grows down (cf. RP2040 stack) -predicate stack_p_2(StackType_t * pxStack, +predicate stack_p(StackType_t * pxStack, uint32_t ulStackDepth, StackType_t * pxTopOfStack, uint32_t ulFreeBytes, diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/task_predicates.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/task_predicates.h index d412714d4a8..f34ed7a1dea 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/task_predicates.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof/task_predicates.h @@ -15,7 +15,7 @@ predicate TCB_p(TCB_t * tcb, uint32_t ulFreeBytesOnStack) = malloc_block_tskTaskControlBlock(tcb) &*& tcb->pxStack |-> ?stackPtr &*& tcb->pxTopOfStack |-> ?topPtr &*& - stack_p_2(stackPtr, ?ulStackDepth, topPtr, + stack_p(stackPtr, ?ulStackDepth, topPtr, ulFreeBytesOnStack, ?ulUsedCells, ?ulUnalignedBytes) &*& xLIST_ITEM(&tcb->xStateListItem, _, _, _, _, _) &*& @@ -63,7 +63,7 @@ predicate TCB_p(TCB_t * tcb, uint32_t ulFreeBytesOnStack) = predicate prvSeg_TCB_p(TCB_t* tcb, uint32_t ulFreeBytesOnStack) = tcb->pxStack |-> ?stackPtr &*& tcb->pxTopOfStack |-> ?topPtr &*& - stack_p_2(stackPtr, ?ulStackDepth, topPtr, + stack_p(stackPtr, ?ulStackDepth, topPtr, ulFreeBytesOnStack, ?ulUsedCells, ?ulUnalignedBytes); // This predicate represents a shared part of a TCB that can be accessed by From 0e90603fb5ddd82ab804bfb433a8d44218acb5cb Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 20 Dec 2022 12:26:33 -0500 Subject: [PATCH 243/289] Removed unneeded validation code. --- .../proof/verifast_lists_extended.h | 51 ++----------------- 1 file changed, 3 insertions(+), 48 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_lists_extended.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_lists_extended.h index 147e112ae31..43c6be5aa9b 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_lists_extended.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_lists_extended.h @@ -10,65 +10,20 @@ // TODO: Can we prove this in VeriFast or do we have to axiomatise? /*@ -lemma void head_drop_n_equals_nths(list xs, int n) +lemma void head_drop_n_equals_nths(list xs, int n); requires n >= 0; ensures head(drop(n, xs)) == nth(n, xs); -{ - // Will prove later. For now, we only validate with an example. - - list _xs = cons(1, cons(2, cons(3, cons(4, cons(5, cons(6, cons(7, nil))))))); - int _n = 4; - - list dn = drop(_n, _xs); - int hdn = head(dn); - int nthn = nth(_n, _xs); - - assert( hdn == head(drop(_n, _xs)) ); - assert( nthn == nth(_n, _xs )); - assert( head(drop(_n, _xs)) == nth(_n, _xs) ); - - - // ADMIT LEMMA, PROVE LATER - assume(false); -} // TODO: Can we prove this in VeriFast or do we have to axiomatise? -lemma void drop_index_equals_singleton_implies_last_element(list xs, t x) +lemma void drop_index_equals_singleton_implies_last_element(list xs, t x); requires drop(index_of(x, xs), xs) == cons(x, nil); ensures index_of(x, xs) == length(xs) - 1; -{ - // Will prove later. For now, we only validate with an example. - list _xs = cons(1, cons(2, cons(3, cons(4, cons(5, cons(6, cons(7, nil))))))); - int _x = 7; - - int i = index_of(_x, _xs); - list d = drop(index_of(x, xs), _xs); - - assert( index_of(_x, _xs) == length(_xs) - 1 ); - - // ADMIT LEMMA, PROVE LATER - assume(false); -} // TODO: Can we prove this in VeriFast or do we have to axiomatise? // Can we replace this by standard lemma `drop_n_plus_one`? -lemma void drop_cons(list xs, int n) +lemma void drop_cons(list xs, int n); requires n < length(xs); ensures drop(n, xs) == cons(nth(n, xs), drop(n+1, xs)); -{ - // Will prove later. For now, we only validate with an example. - list _xs = cons(1, cons(2, cons(3, cons(4, cons(5, cons(6, cons(7, nil))))))); - int _n = 3; - - list dn = drop(_n, _xs); - int nthn = nth(_n, _xs); - list dnp1 = drop(_n + 1, _xs); - - assert( drop(_n, _xs) == cons(nth(_n, _xs), drop(_n+1, _xs)) ); - - // ADMIT LEMMA, PROVE LATER - assume(false); -} // TODO: Can we prove this in VeriFast or do we have to axiomatise? lemma void nth_index(list xs, t x) From 3ca111bbbc7d0edcf07dacdb3c020c533d1db4ad Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 21 Dec 2022 15:04:52 -0500 Subject: [PATCH 244/289] Added statistics about the verified lines of code and the annotation overhead. --- .../tasks/vTaskSwitchContext/stats/stats.md | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 Test/VeriFast/tasks/vTaskSwitchContext/stats/stats.md diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/stats/stats.md b/Test/VeriFast/tasks/vTaskSwitchContext/stats/stats.md new file mode 100644 index 00000000000..f4bfbfe73db --- /dev/null +++ b/Test/VeriFast/tasks/vTaskSwitchContext/stats/stats.md @@ -0,0 +1,26 @@ +#lines of code verified +tasks.c: +vTaskSwitchContext: 22 +prvSelectHighestPriorityTask: 68 +xTaskGetCurrentTaskHandle: 9 +global definitions and variables: 103 + +stack_macros.h: +taskCHECK_FOR_STACK_OVERFLOW: 13 + +list.c: +vListInitialiseItem: 4 +vListInsertEnd: 11 +uxListRemove: 17 + +list.h: +global definitions: 23 + +FreeRTOSConfig.h: 65 + +total: 335 + + +#lines of annotation + +tasks_vf_pp.c: 2328 From 4a7c975cf85371bed96dad4b2d4d452f7bf74120 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 22 Dec 2022 09:25:24 -0500 Subject: [PATCH 245/289] Diff script now writes diff to stdout instead of file. Script returns error code if the diff is not empty. --- .../VeriFast/tasks/vTaskSwitchContext/diff.sh | 9 +-- .../tasks/vTaskSwitchContext/paths.sh | 58 +++++++------------ 2 files changed, 25 insertions(+), 42 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh b/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh index ac5c63c46b7..d80d3bf20dd 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh @@ -37,8 +37,6 @@ PP_OUT_DIR=`pp_out_dir $REPO_BASE_DIR` PP_PROD_TASKS_C=`pp_prod_tasks_c $REPO_BASE_DIR` PP_VF_TASKS_C=`pp_vf_tasks_c $REPO_BASE_DIR` -DIFF_REPORT=`diff_report $REPO_BASE_DIR` - ensure_output_dirs_exist $REPO_BASE_DIR echo preprocessing production version of 'tasks.c' @@ -52,8 +50,7 @@ $PP $VF_TASKS_C $PP_VF_TASKS_C \ $REPO_BASE_DIR $VF_PROOF_BASE_DIR -echo Computing diff. Report written to: -echo \"$DIFF_REPORT\" +echo Computing diff: +echo -git diff --no-index --ignore-all-space $PP_PROD_TASKS_C $PP_VF_TASKS_C \ -> "$DIFF_REPORT" \ No newline at end of file +git diff --no-index --ignore-all-space $PP_PROD_TASKS_C $PP_VF_TASKS_C diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh b/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh index 42498376b7f..45824ecf2db 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh @@ -13,7 +13,7 @@ function vf_proof_base_dir() { # of the original files. # # Expected arguments: -# $1 : Absolute path to the repository's base +# $1 : Absolute path to the repository's base function vf_proof_mod_src_dir() { REPO_BASE_DIR="$1" VF_PROOF_DIR=`vf_proof_base_dir $REPO_BASE_DIR` @@ -26,7 +26,7 @@ function vf_proof_mod_src_dir() { # of the original files. # # Expected arguments: -# $1 : Absolute path to the repository's base +# $1 : Absolute path to the repository's base function vf_proof_mod_header_dir() { REPO_BASE_DIR="$1" VF_PROOF_DIR=`vf_proof_base_dir $REPO_BASE_DIR` @@ -38,7 +38,7 @@ function vf_proof_mod_header_dir() { # the setup of the VeriFast proofs. # # Expected arguments: -# $1 : Absolute path to the repository's base +# $1 : Absolute path to the repository's base function vf_proof_setup_dir() { REPO_BASE_DIR="$1" VF_PROOF_DIR=`vf_proof_base_dir $REPO_BASE_DIR` @@ -46,11 +46,11 @@ function vf_proof_setup_dir() { echo "$VF_PROOF_DIR/proof_setup" } -# Returns the absolute path to the directory containing all lemmas and +# Returns the absolute path to the directory containing all lemmas and # definitions used written for the VeriFast proofs. # # Expected arguments: -# $1 : Absolute path to the repository's base +# $1 : Absolute path to the repository's base function vf_proof_dir() { REPO_BASE_DIR="$1" VF_PROOF_DIR=`vf_proof_base_dir $REPO_BASE_DIR` @@ -62,7 +62,7 @@ function vf_proof_dir() { # proof annotations. # # Expected arguments: -# $1 : Absolute path to the repository's base +# $1 : Absolute path to the repository's base function vf_annotated_tasks_c() { REPO_BASE_DIR="$1" VF_MOD_SRC_DIR=`vf_proof_mod_src_dir $REPO_BASE_DIR` @@ -73,18 +73,18 @@ function vf_annotated_tasks_c() { # Returns the absolute path to the directory the unmodified FreeRTOS headers. # # Expected arguments: -# $1 : Absolute path to the repository's base +# $1 : Absolute path to the repository's base function prod_header_dir() { REPO_BASE_DIR="$1" echo "$REPO_BASE_DIR/include" } -# Returns the absolute path to the directory the unmodified FreeRTOS source +# Returns the absolute path to the directory the unmodified FreeRTOS source # files. # # Expected arguments: -# $1 : Absolute path to the repository's base +# $1 : Absolute path to the repository's base function prod_src_dir() { REPO_BASE_DIR="$1" @@ -94,7 +94,7 @@ function prod_src_dir() { # Returns the absolute path to the unmodified version of `tasks.c`. # # Expected arguments: -# $1 : Absolute path to the repository's base +# $1 : Absolute path to the repository's base function prod_tasks_c() { REPO_BASE_DIR="$1" PROD_SRC_DIR=`prod_src_dir $REPO_BASE_DIR` @@ -106,7 +106,7 @@ function prod_tasks_c() { # Returns the absolute path to the directory containing the preprocessing scripts. # # Expected arguments: -# $1 : Absolute path to the repository's base +# $1 : Absolute path to the repository's base function pp_script_dir() { REPO_BASE_DIR="$1" VF_PROOF_DIR=`vf_proof_base_dir $REPO_BASE_DIR` @@ -117,7 +117,7 @@ function pp_script_dir() { # Returns the absolute path to the preprocesor's output direcotry. # # Expected arguments: -# $1 : Absolute path to the repository's base +# $1 : Absolute path to the repository's base function pp_out_dir() { REPO_BASE_DIR="$1" VF_PROOF_DIR=`vf_proof_base_dir $REPO_BASE_DIR` @@ -128,7 +128,7 @@ function pp_out_dir() { # Returns the absolute path to the preprocesor's log direcotry. # # Expected arguments: -# $1 : Absolute path to the repository's base +# $1 : Absolute path to the repository's base function pp_log_dir() { REPO_BASE_DIR="$1" VF_PROOF_DIR=`vf_proof_base_dir $REPO_BASE_DIR` @@ -136,12 +136,12 @@ function pp_log_dir() { echo "$VF_PROOF_DIR/pp_log" } -# Returns the absolute path to the preprocessed version of `tasks.c` containing -# the VeriFast proof annotations. This is the file that is processed by +# Returns the absolute path to the preprocessed version of `tasks.c` containing +# the VeriFast proof annotations. This is the file that is processed by # VeriFast. # # Expected arguments: -# $1 : Absolute path to the repository's base +# $1 : Absolute path to the repository's base function pp_vf_tasks_c() { REPO_BASE_DIR="$1" PP_OUT_DIR=`pp_out_dir $REPO_BASE_DIR` @@ -152,7 +152,7 @@ function pp_vf_tasks_c() { # Returns the absolute path to the preprocessed unmodified version of `tasks.c`. # # Expected arguments: -# $1 : Absolute path to the repository's base +# $1 : Absolute path to the repository's base function pp_prod_tasks_c() { REPO_BASE_DIR="$1" PP_OUT_DIR=`pp_out_dir $REPO_BASE_DIR` @@ -163,7 +163,7 @@ function pp_prod_tasks_c() { # Returns the absolute path to the pico sdk. # # Expected arguments: -# $1 : Absolute path to the repository's base +# $1 : Absolute path to the repository's base function pico_sdk_dir() { REPO_BASE_DIR="$1" VF_PROOF_DIR=`vf_proof_base_dir $REPO_BASE_DIR` @@ -174,7 +174,7 @@ function pico_sdk_dir() { # Returns the absolute path to the smp_demo_dir. # # Expected arguments: -# $1 : Absolute path to the repository's base +# $1 : Absolute path to the repository's base function smp_demo_dir() { REPO_BASE_DIR="$1" VF_PROOF_DIR=`vf_proof_base_dir $REPO_BASE_DIR` @@ -186,7 +186,7 @@ function smp_demo_dir() { # Returns the absolute path to directory where the statistic reports are stored. # # Expected arguments: -# $1 : Absolute path to the repository's base +# $1 : Absolute path to the repository's base function stats_dir() { REPO_BASE_DIR="$1" VF_PROOF_DIR=`vf_proof_base_dir $REPO_BASE_DIR` @@ -194,29 +194,18 @@ function stats_dir() { echo "$VF_PROOF_DIR/stats" } -# Returns the absolute path to diff report. -# -# Expected arguments: -# $1 : Absolute path to the repository's base -function diff_report() { - REPO_BASE_DIR="$1" - STATS_DIR=`stats_dir $REPO_BASE_DIR` - - echo "$STATS_DIR/diff_report.txt" -} - # Ensures that all potentially relevant output direcories exist. # # Expected arguments: -# $1 : Absolute path to the repository's base +# $1 : Absolute path to the repository's base function ensure_output_dirs_exist() { REPO_BASE_DIR="$1" PP_OUT_DIR=`pp_out_dir $REPO_BASE_DIR` STATS_DIR=`stats_dir $REPO_BASE_DIR` PP_LOG_DIR=`pp_log_dir $REPO_BASE_DIR` - + if [ ! -d "$PP_OUT_DIR" ]; then mkdir "$PP_OUT_DIR" fi @@ -227,6 +216,3 @@ function ensure_output_dirs_exist() { mkdir "$PP_LOG_DIR" fi } - - - From 63154a4add303d964b53bf1fe541c14b8b8a3d31 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 22 Dec 2022 09:44:00 -0500 Subject: [PATCH 246/289] Added github workflow that checks for proof divergence on every pull request. --- .github/workflows/verifast-proof-diff.yml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 .github/workflows/verifast-proof-diff.yml diff --git a/.github/workflows/verifast-proof-diff.yml b/.github/workflows/verifast-proof-diff.yml new file mode 100644 index 00000000000..c5ce62da2a3 --- /dev/null +++ b/.github/workflows/verifast-proof-diff.yml @@ -0,0 +1,8 @@ +name: verifast-proof-diff +on: [pull_request] +jobs: + proof_diff: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - run: Test/VeriFast/tasks/vTaskSwitchContext/diff.sh `pwd` From 6dc6c5dbbe8f355860161427d78b32a50aa48360 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 28 Dec 2022 09:51:40 -0500 Subject: [PATCH 247/289] Renamed TCB predicates to convey access rights expressed by each predicate. Updated lemmas accordinly. --- .../vTaskSwitchContext/include/stack_macros.h | 10 +- .../tasks/vTaskSwitchContext/include/task.h | 4 +- .../proof/task_predicates.h | 24 +--- .../proof/verifast_lock_predicates.h | 130 +++++++++--------- .../tasks/vTaskSwitchContext/src/tasks.c | 84 +++++------ 5 files changed, 121 insertions(+), 131 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/include/stack_macros.h b/Test/VeriFast/tasks/vTaskSwitchContext/include/stack_macros.h index 539a22e8810..e0162f57a73 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/include/stack_macros.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/include/stack_macros.h @@ -96,14 +96,14 @@ #define taskCHECK_FOR_STACK_OVERFLOW() VF__taskCHECK_FOR_STACK_OVERFLOW() void VF__taskCHECK_FOR_STACK_OVERFLOW() - /*@ requires prvSeg_TCB_p(?gCurrentTCB, ?ulFreeBytesOnStack) &*& + /*@ requires TCB_stack_p(?gCurrentTCB, ?ulFreeBytesOnStack) &*& coreLocalSeg_TCB_p(gCurrentTCB, ?uxCriticalNesting) &*& // chunks required by `pxCurrentTCB` aka `xTaskGetCurrentTaskHandle()` interruptState_p(coreID_f(), ?state) &*& interruptsDisabled_f(state) == true &*& pointer(&pxCurrentTCBs[coreID_f], gCurrentTCB); @*/ - /*@ ensures prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack) &*& + /*@ ensures TCB_stack_p(gCurrentTCB, ulFreeBytesOnStack) &*& coreLocalSeg_TCB_p(gCurrentTCB, uxCriticalNesting) &*& // chunks required by `pxCurrentTCB` aka `xTaskGetCurrentTaskHandle()` interruptState_p(coreID_f(), state) &*& @@ -111,7 +111,7 @@ pointer(&pxCurrentTCBs[coreID_f], gCurrentTCB); \ @*/ \ { \ - /*@ open prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack); @*/ \ + /*@ open TCB_stack_p(gCurrentTCB, ulFreeBytesOnStack); @*/ \ /*@ assert( stack_p(?pxStack, ?ulStackDepth, ?pxTopOfStack, \ ?ulFreeBytes, ?ulUsedCells, ?ulUnalignedBytes) ); \ @*/ \ @@ -139,7 +139,7 @@ /*@ close stack_p(pxStack, ulStackDepth, pxTopOfStack, \ ulFreeBytes, ulUsedCells, ulUnalignedBytes); \ @*/ \ - /*@ close prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack); @*/ \ + /*@ close TCB_stack_p(gCurrentTCB, ulFreeBytesOnStack); @*/ \ TCB_t* tcb1 = pxCurrentTCB; \ TCB_t* tcb2 = pxCurrentTCB; \ vApplicationStackOverflowHook( ( TaskHandle_t ) tcb1, tcb2->pcTaskName ); \ @@ -151,7 +151,7 @@ chars_split((char*) pxStack, ulFreeBytesOnStack); \ close stack_p(pxStack, ulStackDepth, pxTopOfStack, \ ulFreeBytes, ulUsedCells, ulUnalignedBytes); \ - close prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack); \ + close TCB_stack_p(gCurrentTCB, ulFreeBytesOnStack); \ } \ @*/ \ } diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/include/task.h b/Test/VeriFast/tasks/vTaskSwitchContext/include/task.h index 56e054299c1..0b48e3f58f7 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/include/task.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/include/task.h @@ -1863,10 +1863,10 @@ configSTACK_DEPTH_TYPE uxTaskGetStackHighWaterMark2( TaskHandle_t xTask ) PRIVIL */ void vApplicationStackOverflowHook( TaskHandle_t xTask, char * pcTaskName ); - /*@ requires prvSeg_TCB_p(xTask, ?ulFreeBytesOnStack) &*& + /*@ requires TCB_stack_p(xTask, ?ulFreeBytesOnStack) &*& coreLocalSeg_TCB_p(xTask, ?uxCriticalNesting); @*/ - /*@ ensures prvSeg_TCB_p(xTask, ulFreeBytesOnStack) &*& + /*@ ensures TCB_stack_p(xTask, ulFreeBytesOnStack) &*& coreLocalSeg_TCB_p(xTask, uxCriticalNesting); @*/ diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/task_predicates.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/task_predicates.h index f34ed7a1dea..5687a735f70 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/task_predicates.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof/task_predicates.h @@ -49,30 +49,20 @@ predicate TCB_p(TCB_t * tcb, uint32_t ulFreeBytesOnStack) = @*/ /*@ -// We have to segment TCBs into: -// (i) public parts that can be accessed by anyone after -// following the appropriote synchronization steps and -// (ii) private parts that may only be used by the task itself -// which the TCB represents -// -// The predicates below will be expanded iteratively. - -// This predicate captures the private part of a TCB that should only be -// accessed by the TCB represents or under specific circumstances where -// we are certain that the task is not running. -predicate prvSeg_TCB_p(TCB_t* tcb, uint32_t ulFreeBytesOnStack) = +// This predicate represents write access to a TCB's stack. +predicate TCB_stack_p(TCB_t* tcb, uint32_t ulFreeBytesOnStack) = tcb->pxStack |-> ?stackPtr &*& tcb->pxTopOfStack |-> ?topPtr &*& stack_p(stackPtr, ?ulStackDepth, topPtr, ulFreeBytesOnStack, ?ulUsedCells, ?ulUnalignedBytes); -// This predicate represents a shared part of a TCB that can be accessed by -// anyone. Note that this predicate only contains the minimal access rights -// required by the `vTaskSwitchContext` proof. It can be extended in the future -// as needed. -predicate sharedSeg_TCB_p(TCB_t* tcb, TaskRunning_t state;) = +// This predicate represents write access to the run state of a TCB. +predicate TCB_runState_p(TCB_t* tcb, TaskRunning_t state;) = tcb->xTaskRunState |-> state; +// This predicate represents write access to the nesting level of a TCB. +// Entering a critical section increases the nesting level. Leaving it, +// decreases it. predicate coreLocalSeg_TCB_p(TCB_t* tcb, UBaseType_t uxCriticalNesting) = tcb->uxCriticalNesting |-> uxCriticalNesting; @*/ diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_lock_predicates.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_lock_predicates.h index 615c7451cf3..3c9b50f08b3 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_lock_predicates.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_lock_predicates.h @@ -106,14 +106,14 @@ predicate _taskISRLockInv_p(UBaseType_t gTopReadyPriority) = // (RP-All) Read permissions for every task // and recording of task states in state list // (∀t ∈ gTasks. - // [1/2]sharedSeg_TCB_p(t, _)) + // [1/2]TCB_runState_p(t, _)) // ∧ // ∀i. ∀t. gTasks[i] == t -> gStates[i] == t->xTaskRunState - foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStates)) + foreach(gTasks, readOnly_TCB_runState_p(gTasks, gStates)) &*& // (RP-Current) Read permission for task currently scheduled on this core // (RP-All) + (RP-Current) => Write permission for scheduled task - [1/2]sharedSeg_TCB_p(gCurrentTCB, ?gCurrentTCB_state) &*& + [1/2]TCB_runState_p(gCurrentTCB, ?gCurrentTCB_state) &*& // gCurrentTCB_state != taskTASK_NOT_RUNNING &*& (gCurrentTCB_state == coreID_f() || gCurrentTCB_state == taskTASK_YIELDING) &*& nth(index_of(gCurrentTCB, gTasks), gStates) == gCurrentTCB_state @@ -122,7 +122,7 @@ predicate _taskISRLockInv_p(UBaseType_t gTopReadyPriority) = // (RP-All) + (RP-Unsched) => Write permissions for unscheduled tasks // ∀t ∈ tasks. t->xTaskState == taskTASK_NOT_RUNNING // -> [1/2]shared_TCB_p(t, taskTASK_NOT_RUNNING) - foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) + foreach(gTasks, readOnly_TCB_runState_IF_not_running_p(gTasks, gStates)) &*& readyLists_p(?gCellLists, ?gOwnerLists) &*& @@ -172,18 +172,18 @@ fixpoint bool mem_list_elem(list xs, t x) { // Auxiliary predicate to allow foreach-quantification about fraction // and reflection of `t->xTaskRunState` in state list. -predicate_ctor readOnly_sharedSeg_TCB_p +predicate_ctor readOnly_TCB_runState_p (list tasks, list states) (TCB_t* t;) = mem(t, tasks) == true &*& - [1/2]sharedSeg_TCB_p(t, nth(index_of(t, tasks), states)); + [1/2]TCB_runState_p(t, nth(index_of(t, tasks), states)); -predicate_ctor readOnly_sharedSeg_TCB_IF_not_running_p +predicate_ctor readOnly_TCB_runState_IF_not_running_p (list tasks, list states) (TCB_t* t;) = mem(t, tasks) == true &*& nth(index_of(t, tasks), states) == taskTASK_NOT_RUNNING - ? [1/2]sharedSeg_TCB_p(t, taskTASK_NOT_RUNNING) + ? [1/2]TCB_runState_p(t, taskTASK_NOT_RUNNING) : true; @*/ @@ -201,16 +201,16 @@ lemma void nonauto_nth_update(int i, int j, t y, list xs); // TODO: Move lemmas below to separate header file. /*@ -lemma void update_readOnly_sharedSeg_TCB(TCB_t* t, +lemma void update_readOnly_TCB_runState(TCB_t* t, list tasks, list states, int updatedIndex, TaskRunning_t s) -requires readOnly_sharedSeg_TCB_p(tasks, states)(t) &*& +requires readOnly_TCB_runState_p(tasks, states)(t) &*& updatedIndex != index_of(t, tasks) &*& mem(t, tasks) == true &*& length(tasks) == length(states); -ensures readOnly_sharedSeg_TCB_p(tasks, update(updatedIndex, s, states))(t); +ensures readOnly_TCB_runState_p(tasks, update(updatedIndex, s, states))(t); { list states2 = update(updatedIndex, s, states); int t_index = index_of(t, tasks); @@ -218,20 +218,20 @@ ensures readOnly_sharedSeg_TCB_p(tasks, update(updatedIndex, s, states))(t); if( updatedIndex < 0 || updatedIndex >= length(states) ) { update_out_of_bounds(updatedIndex, s, states); } else { - open readOnly_sharedSeg_TCB_p(tasks, states)(t); - open [1/2]sharedSeg_TCB_p(t, nth(t_index, states)); + open readOnly_TCB_runState_p(tasks, states)(t); + open [1/2]TCB_runState_p(t, nth(t_index, states)); mem_index_of(t, tasks); nth_update(t_index, updatedIndex, s, states); assert( nth(t_index, states) == nth(t_index, states2) ); - close [1/2]sharedSeg_TCB_p(t, nth(t_index, states2)); - close readOnly_sharedSeg_TCB_p(tasks, states2)(t); + close [1/2]TCB_runState_p(t, nth(t_index, states2)); + close readOnly_TCB_runState_p(tasks, states2)(t); } } -lemma void update_foreach_readOnly_sharedSeg_TCB(TCB_t* updatedTask, +lemma void update_foreach_readOnly_TCB_runState(TCB_t* updatedTask, list tasks, list subTasks, list states, @@ -240,37 +240,37 @@ lemma void update_foreach_readOnly_sharedSeg_TCB(TCB_t* updatedTask, requires mem(updatedTask, tasks) == true &*& length(tasks) == length(states) &*& - foreach(subTasks, readOnly_sharedSeg_TCB_p(tasks, states)) &*& + foreach(subTasks, readOnly_TCB_runState_p(tasks, states)) &*& states2 == update(index_of(updatedTask, tasks), s, states) &*& distinct(tasks) == true &*& mem(updatedTask, subTasks) == false &*& subset(subTasks, tasks) == true; ensures - foreach(subTasks, readOnly_sharedSeg_TCB_p(tasks, states2)); + foreach(subTasks, readOnly_TCB_runState_p(tasks, states2)); { switch(subTasks) { case nil: - open foreach(nil, readOnly_sharedSeg_TCB_p(tasks, states)); - close foreach(nil, readOnly_sharedSeg_TCB_p(tasks, states2)); + open foreach(nil, readOnly_TCB_runState_p(tasks, states)); + close foreach(nil, readOnly_TCB_runState_p(tasks, states2)); case cons(h, rest): int index = index_of(updatedTask, tasks); // distinct_mem_remove(t, tasks); // neq_mem_remove(h, t, tasks); // index_of_different(h, t, tasks); - open foreach(subTasks, readOnly_sharedSeg_TCB_p(tasks, states)); + open foreach(subTasks, readOnly_TCB_runState_p(tasks, states)); assert( updatedTask != h ); index_of_different(updatedTask, h, tasks); assert( index != index_of(h, tasks) ); - update_readOnly_sharedSeg_TCB(h, tasks, states, index, s); + update_readOnly_TCB_runState(h, tasks, states, index, s); assert( mem(updatedTask, rest) == false ); - update_foreach_readOnly_sharedSeg_TCB(updatedTask, tasks, rest, + update_foreach_readOnly_TCB_runState(updatedTask, tasks, rest, states, states2, s); - close foreach(subTasks, readOnly_sharedSeg_TCB_p(tasks, states2)); + close foreach(subTasks, readOnly_TCB_runState_p(tasks, states2)); } } -lemma void close_updated_foreach_readOnly_sharedSeg_TCB(TCB_t* updatedTask, +lemma void close_updated_foreach_readOnly_TCB_runState(TCB_t* updatedTask, list tasks, list states, list states2, @@ -279,45 +279,45 @@ requires mem(updatedTask, tasks) == true &*& length(states) == length(tasks) &*& distinct(tasks) == true &*& - foreach(remove(updatedTask, tasks), readOnly_sharedSeg_TCB_p(tasks, states)) &*& + foreach(remove(updatedTask, tasks), readOnly_TCB_runState_p(tasks, states)) &*& states2 == update(index_of(updatedTask, tasks), s, states) &*& - [1/2]sharedSeg_TCB_p(updatedTask, s); + [1/2]TCB_runState_p(updatedTask, s); ensures - foreach(tasks, readOnly_sharedSeg_TCB_p(tasks, states2)); + foreach(tasks, readOnly_TCB_runState_p(tasks, states2)); { distinct_mem_remove(updatedTask, tasks); remove_result_subset(updatedTask, tasks); - close readOnly_sharedSeg_TCB_p(tasks, states2)(updatedTask); - update_foreach_readOnly_sharedSeg_TCB(updatedTask, tasks, + close readOnly_TCB_runState_p(tasks, states2)(updatedTask); + update_foreach_readOnly_TCB_runState(updatedTask, tasks, remove(updatedTask, tasks), states, states2, s); foreach_unremove(updatedTask, tasks); } -lemma void stopUpdate_foreach_readOnly_sharedSeg_TCB_IF_not_running +lemma void stopUpdate_foreach_readOnly_TCB_runState_IF_not_running (TCB_t* stoppedTask, list tasks, list subTasks, list states, list states2) requires distinct(tasks) == true &*& distinct(subTasks) == true &*& length(tasks) == length(states) &*& - foreach(subTasks, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states)) &*& + foreach(subTasks, readOnly_TCB_runState_IF_not_running_p(tasks, states)) &*& states2 == update(index_of(stoppedTask, tasks), taskTASK_NOT_RUNNING, states) &*& nth(index_of(stoppedTask, tasks), states) != taskTASK_NOT_RUNNING &*& subset(subTasks, tasks) == true &*& mem(stoppedTask, tasks) == true &*& mem(stoppedTask, subTasks) - ? [1/2]sharedSeg_TCB_p(stoppedTask, taskTASK_NOT_RUNNING) + ? [1/2]TCB_runState_p(stoppedTask, taskTASK_NOT_RUNNING) : true; ensures - foreach(subTasks, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states2)); + foreach(subTasks, readOnly_TCB_runState_IF_not_running_p(tasks, states2)); { switch(subTasks) { case nil: - open foreach(nil, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states)); - close foreach(nil, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states2)); + open foreach(nil, readOnly_TCB_runState_IF_not_running_p(tasks, states)); + close foreach(nil, readOnly_TCB_runState_IF_not_running_p(tasks, states2)); case cons(h, t): if( h == stoppedTask ) { assert( remove(stoppedTask, subTasks) == t ); @@ -333,17 +333,17 @@ ensures } nth_update(index_of(stoppedTask, tasks), index_of(stoppedTask, tasks), taskTASK_NOT_RUNNING, states); - open foreach(subTasks, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states)); - open readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states)(h); + open foreach(subTasks, readOnly_TCB_runState_IF_not_running_p(tasks, states)); + open readOnly_TCB_runState_IF_not_running_p(tasks, states)(h); assert( nth(index_of(stoppedTask, tasks), states2) == taskTASK_NOT_RUNNING ); - close readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states2)(h); - stopUpdate_foreach_readOnly_sharedSeg_TCB_IF_not_running + close readOnly_TCB_runState_IF_not_running_p(tasks, states2)(h); + stopUpdate_foreach_readOnly_TCB_runState_IF_not_running (stoppedTask, tasks, t, states, states2); - close foreach(subTasks, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states2)); + close foreach(subTasks, readOnly_TCB_runState_IF_not_running_p(tasks, states2)); } } -lemma void updateUnaffectedStates_in_foreach_readOnly_sharedSeg_TCB_IF_not_running +lemma void updateUnaffectedStates_in_foreach_readOnly_TCB_runState_IF_not_running (TCB_t* updatedTask, list tasks, list subTasks, list states, list updatedStates, TaskRunning_t s) @@ -354,32 +354,32 @@ requires mem(updatedTask, tasks) == true &*& mem(updatedTask, subTasks) == false &*& subset(subTasks, tasks) == true &*& - foreach(subTasks, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states)) &*& + foreach(subTasks, readOnly_TCB_runState_IF_not_running_p(tasks, states)) &*& updatedStates == update(index_of(updatedTask, tasks), s, states); ensures - foreach(subTasks, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, updatedStates)); + foreach(subTasks, readOnly_TCB_runState_IF_not_running_p(tasks, updatedStates)); { switch(subTasks) { case nil: - open foreach(nil, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states)); - close foreach(nil, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, updatedStates)); + open foreach(nil, readOnly_TCB_runState_IF_not_running_p(tasks, states)); + close foreach(nil, readOnly_TCB_runState_IF_not_running_p(tasks, updatedStates)); case cons(h, t): - open foreach(subTasks, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states)); + open foreach(subTasks, readOnly_TCB_runState_IF_not_running_p(tasks, states)); // Prove that update preserves state of `h`. index_of_different(h, updatedTask, tasks); nth_update(index_of(h, tasks), index_of(updatedTask, tasks), s, states); assert( nth(index_of(h, tasks), states) == nth(index_of(h, tasks), updatedStates) ); - open readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states)(h); - close readOnly_sharedSeg_TCB_IF_not_running_p(tasks, updatedStates)(h); - updateUnaffectedStates_in_foreach_readOnly_sharedSeg_TCB_IF_not_running + open readOnly_TCB_runState_IF_not_running_p(tasks, states)(h); + close readOnly_TCB_runState_IF_not_running_p(tasks, updatedStates)(h); + updateUnaffectedStates_in_foreach_readOnly_TCB_runState_IF_not_running (updatedTask, tasks, t, states, updatedStates, s); - close foreach(subTasks, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, updatedStates)); + close foreach(subTasks, readOnly_TCB_runState_IF_not_running_p(tasks, updatedStates)); } } -lemma void startUpdate_foreach_readOnly_sharedSeg_TCB_IF_not_running +lemma void startUpdate_foreach_readOnly_TCB_runState_IF_not_running (TCB_t* startedTask, list tasks, list states, list updatedStates, int coreID) @@ -387,25 +387,25 @@ requires distinct(tasks) == true &*& length(tasks) == length(states) &*& mem(startedTask, tasks) == true &*& - foreach(remove(startedTask, tasks), readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states)) &*& + foreach(remove(startedTask, tasks), readOnly_TCB_runState_IF_not_running_p(tasks, states)) &*& updatedStates == update(index_of(startedTask, tasks), coreID, states) &*& 0 <= coreID &*& coreID < configNUM_CORES; ensures - foreach(tasks, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, updatedStates)); + foreach(tasks, readOnly_TCB_runState_IF_not_running_p(tasks, updatedStates)); { distinct_remove(startedTask, tasks); distinct_mem_remove(startedTask, tasks); remove_result_subset(startedTask, tasks); - updateUnaffectedStates_in_foreach_readOnly_sharedSeg_TCB_IF_not_running + updateUnaffectedStates_in_foreach_readOnly_TCB_runState_IF_not_running (startedTask, tasks, remove(startedTask, tasks), states, updatedStates, coreID); - assert( foreach(remove(startedTask, tasks), readOnly_sharedSeg_TCB_IF_not_running_p(tasks, updatedStates)) ); - close readOnly_sharedSeg_TCB_IF_not_running_p(tasks, updatedStates)(startedTask); + assert( foreach(remove(startedTask, tasks), readOnly_TCB_runState_IF_not_running_p(tasks, updatedStates)) ); + close readOnly_TCB_runState_IF_not_running_p(tasks, updatedStates)(startedTask); foreach_unremove(startedTask, tasks); } -lemma void scheduleRunning_in_foreach_readOnly_sharedSeg_TCB_IF_not_running +lemma void scheduleRunning_in_foreach_readOnly_TCB_runState_IF_not_running (TCB_t* runningTask, list tasks, list states, list updatedStates, int coreID) @@ -416,29 +416,29 @@ requires (nth(index_of(runningTask, tasks), states) == coreID || nth(index_of(runningTask, tasks), states) == taskTASK_YIELDING) &*& - foreach(tasks, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states)) &*& + foreach(tasks, readOnly_TCB_runState_IF_not_running_p(tasks, states)) &*& updatedStates == update(index_of(runningTask, tasks), coreID, states) &*& 0 <= coreID &*& coreID < configNUM_CORES; ensures - foreach(tasks, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, updatedStates)) &*& + foreach(tasks, readOnly_TCB_runState_IF_not_running_p(tasks, updatedStates)) &*& nth(index_of(runningTask, tasks), updatedStates) == coreID; { switch(tasks) { case nil: - open foreach(nil, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states)); - close foreach(nil, readOnly_sharedSeg_TCB_IF_not_running_p(tasks, updatedStates)); + open foreach(nil, readOnly_TCB_runState_IF_not_running_p(tasks, states)); + close foreach(nil, readOnly_TCB_runState_IF_not_running_p(tasks, updatedStates)); case cons(h, t): foreach_remove(runningTask, tasks); distinct_remove(runningTask, tasks); distinct_mem_remove(runningTask, tasks); remove_result_subset(runningTask, tasks); - updateUnaffectedStates_in_foreach_readOnly_sharedSeg_TCB_IF_not_running + updateUnaffectedStates_in_foreach_readOnly_TCB_runState_IF_not_running (runningTask, tasks, remove(runningTask, tasks), states, updatedStates, coreID); - open readOnly_sharedSeg_TCB_IF_not_running_p(tasks, states)(runningTask); - close readOnly_sharedSeg_TCB_IF_not_running_p(tasks, updatedStates)(runningTask); + open readOnly_TCB_runState_IF_not_running_p(tasks, states)(runningTask); + close readOnly_TCB_runState_IF_not_running_p(tasks, updatedStates)(runningTask); foreach_unremove(runningTask, tasks); } diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c b/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c index c68514334b3..c92cc7cfce4 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c +++ b/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c @@ -909,7 +909,7 @@ static void prvYieldForTask( TCB_t * pxTCB, // coreLocalSeg_TCB_p(gCurrentTCB0, 0) &*& // read access to current task's stack pointer, etc -// prvSeg_TCB_p(gCurrentTCB0, ?ulFreeBytesOnStack); +// TCB_stack_p(gCurrentTCB0, ?ulFreeBytesOnStack); true; @*/ /*@ ensures 0 <= xCoreID &*& xCoreID < configNUM_CORES &*& @@ -927,7 +927,7 @@ static void prvYieldForTask( TCB_t * pxTCB, // coreLocalSeg_TCB_p(gCurrentTCB, 0) &*& // read access to current task's stack pointer, etc -// prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack); +// TCB_stack_p(gCurrentTCB, ulFreeBytesOnStack); true; @*/ { @@ -1059,15 +1059,15 @@ static void prvYieldForTask( TCB_t * pxTCB, exists_in_taskISRLockInv_p(gTasks, ?gStates) &*& // Read permissions for every task - foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStates)) + foreach(gTasks, readOnly_TCB_runState_p(gTasks, gStates)) &*& // Write permission for task scheduled on this core - [1/2]sharedSeg_TCB_p(gCurrentTCB, ?gCurrentTCB_state) &*& + [1/2]TCB_runState_p(gCurrentTCB, ?gCurrentTCB_state) &*& (gCurrentTCB_state == coreID_f() || gCurrentTCB_state == taskTASK_YIELDING) &*& nth(index_of(gCurrentTCB, gTasks), gStates) == gCurrentTCB_state &*& // Write permissions for unscheduled tasks - foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) + foreach(gTasks, readOnly_TCB_runState_IF_not_running_p(gTasks, gStates)) &*& subset(gOwners, gTasks) == true &*& List_array_p(&pxReadyTasksLists, uxCurrentPriority, gPrefCellLists, @@ -1126,7 +1126,7 @@ static void prvYieldForTask( TCB_t * pxTCB, //@ assert( subset(gOwners, gTasks) == true ); //@ mem_subset(pxTCB, gOwners, gTasks); //@ foreach_remove(pxTCB, gTasks); - //@ assert( foreach(remove(pxTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); + //@ assert( foreach(remove(pxTCB, gTasks), readOnly_TCB_runState_p(gTasks, gStates)) ); /*debug_printf("Attempting to schedule %s on core %d\n", pxTCB->pcTaskName, portGET_CORE_ID() ); */ @@ -1156,9 +1156,9 @@ static void prvYieldForTask( TCB_t * pxTCB, { //@ open exists_in_taskISRLockInv_p(gTasks, gStates); //@ assert( nth(index_of(pxTCB, gTasks), gStates) == taskTASK_NOT_RUNNING); - //@ assert( foreach(remove(pxTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); + //@ assert( foreach(remove(pxTCB, gTasks), readOnly_TCB_runState_p(gTasks, gStates)) ); //@ assert( gCurrentTCB == pxCurrentTCBs[ xCoreID ] ); - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) ); + //@ assert( foreach(gTasks, readOnly_TCB_runState_IF_not_running_p(gTasks, gStates)) ); /* We could reuse the read permission to `pxTCB` we extracted before the if statement. * But putting permissions back as soon as we no longer need them simplifies the @@ -1166,70 +1166,70 @@ static void prvYieldForTask( TCB_t * pxTCB, */ // Put read permission for `pxTCB` back - //@ close [1/2]sharedSeg_TCB_p(pxTCB, _); - //@ close readOnly_sharedSeg_TCB_p(gTasks, gStates)(pxTCB); + //@ close [1/2]TCB_runState_p(pxTCB, _); + //@ close readOnly_TCB_runState_p(gTasks, gStates)(pxTCB); //@ foreach_unremove(pxTCB, gTasks); - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) ); + //@ assert( foreach(gTasks, readOnly_TCB_runState_p(gTasks, gStates)) ); + //@ assert( foreach(gTasks, readOnly_TCB_runState_IF_not_running_p(gTasks, gStates)) ); // Get 2nd half of write permission for `gCurrentTCB` //@ foreach_remove(gCurrentTCB, gTasks); - //@ assert( foreach(remove(gCurrentTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); + //@ assert( foreach(remove(gCurrentTCB, gTasks), readOnly_TCB_runState_p(gTasks, gStates)) ); /* If the task is not being executed by any core swap it in */ pxCurrentTCBs[ xCoreID ]->xTaskRunState = taskTASK_NOT_RUNNING; - //@ assert( foreach(remove(gCurrentTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) ); + //@ assert( foreach(remove(gCurrentTCB, gTasks), readOnly_TCB_runState_p(gTasks, gStates)) ); + //@ assert( foreach(gTasks, readOnly_TCB_runState_IF_not_running_p(gTasks, gStates)) ); // New states list reflects state update above. //@ list gStates1 = def_state1(gTasks, gStates, gCurrentTCB, pxTCB); //@ assert( nth(index_of(pxTCB, gTasks), gStates1) == taskTASK_NOT_RUNNING); - /*@ close_updated_foreach_readOnly_sharedSeg_TCB(gCurrentTCB, gTasks, gStates, + /*@ close_updated_foreach_readOnly_TCB_runState(gCurrentTCB, gTasks, gStates, gStates1, taskTASK_NOT_RUNNING); @*/ - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStates1)) ); - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) ); - /*@ stopUpdate_foreach_readOnly_sharedSeg_TCB_IF_not_running + //@ assert( foreach(gTasks, readOnly_TCB_runState_p(gTasks, gStates1)) ); + //@ assert( foreach(gTasks, readOnly_TCB_runState_IF_not_running_p(gTasks, gStates)) ); + /*@ stopUpdate_foreach_readOnly_TCB_runState_IF_not_running (gCurrentTCB, gTasks, gTasks, gStates, gStates1); @*/ - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates1)) ); + //@ assert( foreach(gTasks, readOnly_TCB_runState_IF_not_running_p(gTasks, gStates1)) ); // Get write permission for `pxTCB` //@ foreach_remove(pxTCB, gTasks); //@ foreach_remove(pxTCB, gTasks); - //@ open readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates1)(pxTCB); + //@ open readOnly_TCB_runState_IF_not_running_p(gTasks, gStates1)(pxTCB); #if ( ( configNUM_CORES > 1 ) && ( configUSE_CORE_AFFINITY == 1 ) ) pxPreviousTCB = pxCurrentTCBs[ xCoreID ]; #endif pxTCB->xTaskRunState = ( TaskRunning_t ) xCoreID; - //@ assert( foreach(remove(pxTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates1)) ); - //@ assert( foreach(remove(pxTCB, gTasks), readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates1)) ); + //@ assert( foreach(remove(pxTCB, gTasks), readOnly_TCB_runState_p(gTasks, gStates1)) ); + //@ assert( foreach(remove(pxTCB, gTasks), readOnly_TCB_runState_IF_not_running_p(gTasks, gStates1)) ); /*@ list gStates2 = def_state2(gTasks, gStates, gCurrentTCB, pxTCB, xCoreID); @*/ - /*@ close_updated_foreach_readOnly_sharedSeg_TCB(pxTCB, gTasks, gStates1, + /*@ close_updated_foreach_readOnly_TCB_runState(pxTCB, gTasks, gStates1, gStates2, xCoreID); @*/ - /*@ startUpdate_foreach_readOnly_sharedSeg_TCB_IF_not_running + /*@ startUpdate_foreach_readOnly_TCB_runState_IF_not_running (pxTCB, gTasks, gStates1, gStates2, xCoreID); @*/ - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStates2)) ); - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates2)) ); + //@ assert( foreach(gTasks, readOnly_TCB_runState_p(gTasks, gStates2)) ); + //@ assert( foreach(gTasks, readOnly_TCB_runState_IF_not_running_p(gTasks, gStates2)) ); pxCurrentTCBs[ xCoreID ] = pxTCB; xTaskScheduled = pdTRUE; - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStates2)) ); - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates2)) ); + //@ assert( foreach(gTasks, readOnly_TCB_runState_p(gTasks, gStates2)) ); + //@ assert( foreach(gTasks, readOnly_TCB_runState_IF_not_running_p(gTasks, gStates2)) ); //@ close exists_in_taskISRLockInv_p(gTasks, gStates2); // Putting back first have of write permission to `pxTCB` - //@ close [1/2]sharedSeg_TCB_p(pxTCB, _); + //@ close [1/2]TCB_runState_p(pxTCB, _); } } else if( pxTCB == pxCurrentTCBs[ xCoreID ] ) @@ -1242,9 +1242,9 @@ static void prvYieldForTask( TCB_t * pxTCB, #endif { //@ assert( pxTCB->xTaskRunState != taskTASK_NOT_RUNNING ); - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStates)) ); + //@ assert( foreach(gTasks, readOnly_TCB_runState_IF_not_running_p(gTasks, gStates)) ); //@ assert( nth(index_of(pxTCB, gTasks), gStates) != taskTASK_NOT_RUNNING); - //@ assert( foreach(remove(pxTCB, gTasks), readOnly_sharedSeg_TCB_p(gTasks, gStates)) ); + //@ assert( foreach(remove(pxTCB, gTasks), readOnly_TCB_runState_p(gTasks, gStates)) ); /* The task is already running on this core, mark it as scheduled */ pxTCB->xTaskRunState = ( TaskRunning_t ) xCoreID; @@ -1254,13 +1254,13 @@ static void prvYieldForTask( TCB_t * pxTCB, = update(index_of(pxTCB, gTasks), xCoreID, gStates); @*/ //@ open exists_in_taskISRLockInv_p(gTasks, gStates); - /*@ scheduleRunning_in_foreach_readOnly_sharedSeg_TCB_IF_not_running + /*@ scheduleRunning_in_foreach_readOnly_TCB_runState_IF_not_running (pxTCB, gTasks, gStates, gEquivStates, xCoreID); @*/ //@ distinct_mem_remove(pxTCB, gTasks); //@ remove_result_subset(pxTCB, gTasks); - /*@ update_foreach_readOnly_sharedSeg_TCB + /*@ update_foreach_readOnly_TCB_runState (pxTCB, gTasks, remove(pxTCB, gTasks), gStates, gEquivStates, xCoreID); @*/ @@ -1270,16 +1270,16 @@ static void prvYieldForTask( TCB_t * pxTCB, // Put read permission for `pxTCB` back //@ foreach_unremove(pxTCB, gTasks); - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gEquivStates)) ); - //@ close [1/2]sharedSeg_TCB_p(pxTCB, _); + //@ assert( foreach(gTasks, readOnly_TCB_runState_p(gTasks, gEquivStates)) ); + //@ close [1/2]TCB_runState_p(pxTCB, _); } } /*@ if( !gPxTCB_not_running && pxTCB != gCurrentTCB ) { assert( exists_in_taskISRLockInv_p(gTasks, gStates) ); // Put read permission for `pxTCB` back - close [1/2]sharedSeg_TCB_p(pxTCB, _); - close readOnly_sharedSeg_TCB_p(gTasks, gStates)(pxTCB); + close [1/2]TCB_runState_p(pxTCB, _); + close readOnly_TCB_runState_p(gTasks, gStates)(pxTCB); foreach_unremove(pxTCB, gTasks); } @*/ @@ -1325,8 +1325,8 @@ static void prvYieldForTask( TCB_t * pxTCB, } //@ assert( exists_in_taskISRLockInv_p(gTasks, ?gStatesEnd) ); - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_p(gTasks, gStatesEnd)) ); - //@ assert( foreach(gTasks, readOnly_sharedSeg_TCB_IF_not_running_p(gTasks, gStatesEnd)) ); + //@ assert( foreach(gTasks, readOnly_TCB_runState_p(gTasks, gStatesEnd)) ); + //@ assert( foreach(gTasks, readOnly_TCB_runState_IF_not_running_p(gTasks, gStatesEnd)) ); } while( pxTaskItem != pxLastTaskItem ); /* - If the loop above terminated via the break-branch, @@ -4388,7 +4388,7 @@ void vTaskSwitchContext( BaseType_t xCoreID ) coreLocalSeg_TCB_p(gCurrentTCB, 0) &*& // read access to current task's stack pointer, etc - prvSeg_TCB_p(gCurrentTCB, ?ulFreeBytesOnStack); + TCB_stack_p(gCurrentTCB, ?ulFreeBytesOnStack); @*/ /*@ ensures // all locks are released and interrupts remain disabled @@ -4403,7 +4403,7 @@ void vTaskSwitchContext( BaseType_t xCoreID ) coreLocalSeg_TCB_p(gCurrentTCB, 0) &*& // read access to current task's stack pointer, etc - prvSeg_TCB_p(gCurrentTCB, ulFreeBytesOnStack); + TCB_stack_p(gCurrentTCB, ulFreeBytesOnStack); // Remark: the part of the post condition relating to TCBs will have to change. @*/ { From 04ab514f310cd1ae4b92d6e5fae2ae8fb7e66845 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 28 Dec 2022 10:06:23 -0500 Subject: [PATCH 248/289] Renamed proof headers. Removed "verifast" prefix where unnecessary. --- .../proof/lock_predicates.h | 512 ++++++++++++++++++ ...fast_port_contracts.h => port_contracts.h} | 6 +- ...running_states.h => task_running_states.h} | 6 +- .../proof/verifast_lock_predicates.h | 8 +- .../proof_setup/{verifast_asm.h => asm.h} | 6 +- .../{verifast_proof_defs.h => proof_defs.h} | 4 +- .../proof_setup/sys/cdefs.h | 2 +- .../tasks/vTaskSwitchContext/src/tasks.c | 8 +- 8 files changed, 532 insertions(+), 20 deletions(-) create mode 100644 Test/VeriFast/tasks/vTaskSwitchContext/proof/lock_predicates.h rename Test/VeriFast/tasks/vTaskSwitchContext/proof/{verifast_port_contracts.h => port_contracts.h} (95%) rename Test/VeriFast/tasks/vTaskSwitchContext/proof/{verifast_task_running_states.h => task_running_states.h} (91%) rename Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/{verifast_asm.h => asm.h} (93%) rename Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/{verifast_proof_defs.h => proof_defs.h} (93%) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/lock_predicates.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/lock_predicates.h new file mode 100644 index 00000000000..9a185ee7f07 --- /dev/null +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof/lock_predicates.h @@ -0,0 +1,512 @@ +#ifndef LOCK_PREDICATES_H +#define LOCK_PREDICATES_H + +#include "task_running_states.h" + + +/* We follow a minimalistic approach during the definition of the + * lock predicates. So far, the only encapsulate the resources and + * invariants required to verify `vTaskSwitchContext`. + * We are going to extend and refine them when we proceed to verify + * other parts of FRTOS. + */ + +#include "verifast_lists_extended.h" + + + +/* ---------------------------------------------------------------------- + * Core local data and access restrictions. + * Some data in FreeRTOS such as the pointer to TCB of the task running + * on core `C` may only be accessed from core `C`. Such core-local data + * protected by deactivating interrupts. + */ + +/*@ +predicate interruptState_p(uint32_t coreID, uint32_t state); + +fixpoint bool interruptsDisabled_f(uint32_t); + +predicate coreLocalInterruptInv_p() = + [0.5]pointer(&pxCurrentTCBs[coreID_f], ?currentTCB) &*& + //pubTCB_p(currentTCB, 0) &*& + integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) &*& + coreLocalSeg_TCB_p(currentTCB, ?gCriticalNesting); +@*/ + + +/* ---------------------------------------------------------------------- + * Predicates relevant for all locks + */ + +/*@ +predicate locked_p(list< pair > lockHistory); +@*/ + + + +/* ---------------------------------------------------------------------- + * Task lock and associated global variables from `tasks.c` + */ + +/*@ +fixpoint int taskLockID_f(); + +// Represents an acquired task lock. +predicate taskLock_p(); + +// Represents the invariant associated with the the task lock, i.e., +// access permissions to the resources protected by the lock. +predicate taskLockInv_p(); +@*/ + +/* ---------------------------------------------------------------------- + * ISR lock and associated global variables from `tasks.c` + */ + +/*@ +fixpoint int isrLockID_f(); + +// Represents an unacquired ISR lock. +predicate isrLock_p(); + +// Represents the invariant associated with the the ISR lock, i.e., +// access permissions to the resources protected by the lock. +predicate isrLockInv_p(); +@*/ + + +/* ---------------------------------------------------------------------- + * Resources protected by both locks. + * Note that the task lock may never be acquired after the ISR lock. + */ + +/*@ +fixpoint int taskISRLockID_f(); + +predicate taskISRLockInv_p() = + _taskISRLockInv_p(_); + + +// Auxiliary predicate. Equal to the lock invariant above but exposes +// some details. +predicate _taskISRLockInv_p(UBaseType_t gTopReadyPriority) = + // Access to global variables + [0.5]pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB) &*& + integer_((void*) &uxSchedulerSuspended, sizeof(UBaseType_t), false, _) &*& + integer_(&xSchedulerRunning, sizeof(BaseType_t), true, _) + &*& + // top ready priority must be in range + integer_((void*) &uxTopReadyPriority, sizeof(UBaseType_t), false, gTopReadyPriority) &*& + 0 <= gTopReadyPriority &*& gTopReadyPriority < configMAX_PRIORITIES + &*& + // tasks / TCBs + exists_in_taskISRLockInv_p(?gTasks, ?gStates) + &*& + // (RP-All) Read permissions for every task + // and recording of task states in state list + // (∀t ∈ gTasks. + // [1/2]TCB_runState_p(t, _)) + // ∧ + // ∀i. ∀t. gTasks[i] == t -> gStates[i] == t->xTaskRunState + foreach(gTasks, readOnly_TCB_runState_p(gTasks, gStates)) + &*& + // (RP-Current) Read permission for task currently scheduled on this core + // (RP-All) + (RP-Current) => Write permission for scheduled task + [1/2]TCB_runState_p(gCurrentTCB, ?gCurrentTCB_state) &*& +// gCurrentTCB_state != taskTASK_NOT_RUNNING &*& + (gCurrentTCB_state == coreID_f() || gCurrentTCB_state == taskTASK_YIELDING) &*& + nth(index_of(gCurrentTCB, gTasks), gStates) == gCurrentTCB_state + &*& + // (RP-Unsched) Read permissions for unscheduled tasks + // (RP-All) + (RP-Unsched) => Write permissions for unscheduled tasks + // ∀t ∈ tasks. t->xTaskState == taskTASK_NOT_RUNNING + // -> [1/2]shared_TCB_p(t, taskTASK_NOT_RUNNING) + foreach(gTasks, readOnly_TCB_runState_IF_not_running_p(gTasks, gStates)) + &*& + readyLists_p(?gCellLists, ?gOwnerLists) + &*& + // gTasks contains all relevant tasks + mem(gCurrentTCB, gTasks) == true + &*& + // ∀l ∈ gOwnerLists. l ⊆ gTasks + forall(gOwnerLists, (superset)(gTasks)) == true; + + +lemma void produce_taskISRLockInv(); +requires locked_p(?heldLocks) &*& + heldLocks == cons(?i, cons(?t, nil)) &*& + i == pair(?f_isr, isrLockID_f()) &*& + t == pair(?f_task, taskLockID_f()); +ensures locked_p( cons( pair(_, taskISRLockID_f()), heldLocks) ) &*& + taskISRLockInv_p(); + + +lemma void consume_taskISRLockInv(); +requires locked_p( cons( pair(_, taskISRLockID_f()), ?otherLocks) ) &*& + taskISRLockInv_p(); +ensures locked_p(otherLocks); + + + +// Auxiliary predicate to assing names to existentially quantified variables. +// Having multiple `exists` chunks on the heap makes matching against their +// arguments ambiguous in most cases. +predicate exists_in_taskISRLockInv_p(list gTasks, + list gStates) = + exists(gTasks) &*& + exists(gStates) &*& + length(gTasks) == length(gStates) &*& + distinct(gTasks) == true; + +// Auxiliary function that allows us to partially apply the list argument. +// +// Notes: +// - Partial application of fixpoint functions in VeriFast is not documented. +// The syntax for partially application is `()()` +// - VeriFast only supports partially applying the first argument, e.g., +// `(mem)(0)` is allowed but `(mem)(_)(nil)` is not. +fixpoint bool mem_list_elem(list xs, t x) { + return mem(x, xs); +} + +// Auxiliary predicate to allow foreach-quantification about fraction +// and reflection of `t->xTaskRunState` in state list. +predicate_ctor readOnly_TCB_runState_p + (list tasks, list states) + (TCB_t* t;) = + mem(t, tasks) == true &*& + [1/2]TCB_runState_p(t, nth(index_of(t, tasks), states)); + +predicate_ctor readOnly_TCB_runState_IF_not_running_p + (list tasks, list states) + (TCB_t* t;) = + mem(t, tasks) == true &*& + nth(index_of(t, tasks), states) == taskTASK_NOT_RUNNING + ? [1/2]TCB_runState_p(t, taskTASK_NOT_RUNNING) + : true; +@*/ + + + +/*@ +lemma void nonauto_nth_update(int i, int j, t y, list xs); + requires 0 <= i && i < length(xs) && 0 <= j && j < length(xs); + ensures nth(i, update(j, y, xs)) == (i == j ? y : nth(i, xs)); +@*/ + + + +// ----------------------------------------------------------------------- +// TODO: Move lemmas below to separate header file. + +/*@ +lemma void update_readOnly_TCB_runState(TCB_t* t, + list tasks, + list states, + int updatedIndex, + TaskRunning_t s) +requires readOnly_TCB_runState_p(tasks, states)(t) &*& + updatedIndex != index_of(t, tasks) &*& + mem(t, tasks) == true &*& + length(tasks) == length(states); +ensures readOnly_TCB_runState_p(tasks, update(updatedIndex, s, states))(t); +{ + list states2 = update(updatedIndex, s, states); + int t_index = index_of(t, tasks); + + if( updatedIndex < 0 || updatedIndex >= length(states) ) { + update_out_of_bounds(updatedIndex, s, states); + } else { + open readOnly_TCB_runState_p(tasks, states)(t); + open [1/2]TCB_runState_p(t, nth(t_index, states)); + + mem_index_of(t, tasks); + nth_update(t_index, updatedIndex, s, states); + assert( nth(t_index, states) == nth(t_index, states2) ); + + close [1/2]TCB_runState_p(t, nth(t_index, states2)); + close readOnly_TCB_runState_p(tasks, states2)(t); + } +} + + +lemma void update_foreach_readOnly_TCB_runState(TCB_t* updatedTask, + list tasks, + list subTasks, + list states, + list states2, + TaskRunning_t s) +requires + mem(updatedTask, tasks) == true &*& + length(tasks) == length(states) &*& + foreach(subTasks, readOnly_TCB_runState_p(tasks, states)) &*& + states2 == update(index_of(updatedTask, tasks), s, states) &*& + distinct(tasks) == true &*& + mem(updatedTask, subTasks) == false &*& + subset(subTasks, tasks) == true; +ensures + foreach(subTasks, readOnly_TCB_runState_p(tasks, states2)); +{ + switch(subTasks) { + case nil: + open foreach(nil, readOnly_TCB_runState_p(tasks, states)); + close foreach(nil, readOnly_TCB_runState_p(tasks, states2)); + case cons(h, rest): + int index = index_of(updatedTask, tasks); +// distinct_mem_remove(t, tasks); +// neq_mem_remove(h, t, tasks); +// index_of_different(h, t, tasks); + open foreach(subTasks, readOnly_TCB_runState_p(tasks, states)); + assert( updatedTask != h ); + index_of_different(updatedTask, h, tasks); + assert( index != index_of(h, tasks) ); + update_readOnly_TCB_runState(h, tasks, states, index, s); + assert( mem(updatedTask, rest) == false ); + update_foreach_readOnly_TCB_runState(updatedTask, tasks, rest, + states, states2, s); + close foreach(subTasks, readOnly_TCB_runState_p(tasks, states2)); + } +} + + +lemma void close_updated_foreach_readOnly_TCB_runState(TCB_t* updatedTask, + list tasks, + list states, + list states2, + TaskRunning_t s) +requires + mem(updatedTask, tasks) == true &*& + length(states) == length(tasks) &*& + distinct(tasks) == true &*& + foreach(remove(updatedTask, tasks), readOnly_TCB_runState_p(tasks, states)) &*& + states2 == update(index_of(updatedTask, tasks), s, states) &*& + [1/2]TCB_runState_p(updatedTask, s); +ensures + foreach(tasks, readOnly_TCB_runState_p(tasks, states2)); +{ + distinct_mem_remove(updatedTask, tasks); + remove_result_subset(updatedTask, tasks); + + close readOnly_TCB_runState_p(tasks, states2)(updatedTask); + update_foreach_readOnly_TCB_runState(updatedTask, tasks, + remove(updatedTask, tasks), + states, states2, s); + foreach_unremove(updatedTask, tasks); +} + + +lemma void stopUpdate_foreach_readOnly_TCB_runState_IF_not_running + (TCB_t* stoppedTask, list tasks, list subTasks, + list states, list states2) +requires + distinct(tasks) == true &*& + distinct(subTasks) == true &*& + length(tasks) == length(states) &*& + foreach(subTasks, readOnly_TCB_runState_IF_not_running_p(tasks, states)) &*& + states2 == update(index_of(stoppedTask, tasks), taskTASK_NOT_RUNNING, states) &*& + nth(index_of(stoppedTask, tasks), states) != taskTASK_NOT_RUNNING &*& + subset(subTasks, tasks) == true &*& + mem(stoppedTask, tasks) == true &*& + mem(stoppedTask, subTasks) + ? [1/2]TCB_runState_p(stoppedTask, taskTASK_NOT_RUNNING) + : true; +ensures + foreach(subTasks, readOnly_TCB_runState_IF_not_running_p(tasks, states2)); +{ + switch(subTasks) { + case nil: + open foreach(nil, readOnly_TCB_runState_IF_not_running_p(tasks, states)); + close foreach(nil, readOnly_TCB_runState_IF_not_running_p(tasks, states2)); + case cons(h, t): + if( h == stoppedTask ) { + assert( remove(stoppedTask, subTasks) == t ); + distinct_mem_remove(stoppedTask, subTasks); + assert( mem(stoppedTask, t) == false ); + mem_index_of(stoppedTask, tasks); + } else { + mem_index_of(stoppedTask, tasks); + nth_update(index_of(h, tasks), index_of(stoppedTask, tasks), taskTASK_NOT_RUNNING, states); + index_of_different(h, stoppedTask, tasks); + assert( index_of(h, tasks) != index_of(stoppedTask, tasks) ); + assert( nth(index_of(h, tasks), states) == nth(index_of(h, tasks), states2) ); + } + + nth_update(index_of(stoppedTask, tasks), index_of(stoppedTask, tasks), taskTASK_NOT_RUNNING, states); + open foreach(subTasks, readOnly_TCB_runState_IF_not_running_p(tasks, states)); + open readOnly_TCB_runState_IF_not_running_p(tasks, states)(h); + assert( nth(index_of(stoppedTask, tasks), states2) == taskTASK_NOT_RUNNING ); + close readOnly_TCB_runState_IF_not_running_p(tasks, states2)(h); + stopUpdate_foreach_readOnly_TCB_runState_IF_not_running + (stoppedTask, tasks, t, states, states2); + close foreach(subTasks, readOnly_TCB_runState_IF_not_running_p(tasks, states2)); + } +} + +lemma void updateUnaffectedStates_in_foreach_readOnly_TCB_runState_IF_not_running + (TCB_t* updatedTask, list tasks, list subTasks, + list states, list updatedStates, + TaskRunning_t s) +requires + distinct(tasks) == true &*& + distinct(subTasks) == true &*& + length(tasks) == length(states) &*& + mem(updatedTask, tasks) == true &*& + mem(updatedTask, subTasks) == false &*& + subset(subTasks, tasks) == true &*& + foreach(subTasks, readOnly_TCB_runState_IF_not_running_p(tasks, states)) &*& + updatedStates == update(index_of(updatedTask, tasks), s, states); +ensures + foreach(subTasks, readOnly_TCB_runState_IF_not_running_p(tasks, updatedStates)); +{ + switch(subTasks) { + case nil: + open foreach(nil, readOnly_TCB_runState_IF_not_running_p(tasks, states)); + close foreach(nil, readOnly_TCB_runState_IF_not_running_p(tasks, updatedStates)); + case cons(h, t): + open foreach(subTasks, readOnly_TCB_runState_IF_not_running_p(tasks, states)); + + // Prove that update preserves state of `h`. + index_of_different(h, updatedTask, tasks); + nth_update(index_of(h, tasks), index_of(updatedTask, tasks), s, states); + assert( nth(index_of(h, tasks), states) == nth(index_of(h, tasks), updatedStates) ); + + open readOnly_TCB_runState_IF_not_running_p(tasks, states)(h); + close readOnly_TCB_runState_IF_not_running_p(tasks, updatedStates)(h); + updateUnaffectedStates_in_foreach_readOnly_TCB_runState_IF_not_running + (updatedTask, tasks, t, states, updatedStates, s); + close foreach(subTasks, readOnly_TCB_runState_IF_not_running_p(tasks, updatedStates)); + } +} + +lemma void startUpdate_foreach_readOnly_TCB_runState_IF_not_running + (TCB_t* startedTask, list tasks, + list states, list updatedStates, + int coreID) +requires + distinct(tasks) == true &*& + length(tasks) == length(states) &*& + mem(startedTask, tasks) == true &*& + foreach(remove(startedTask, tasks), readOnly_TCB_runState_IF_not_running_p(tasks, states)) &*& + updatedStates == update(index_of(startedTask, tasks), coreID, states) &*& + 0 <= coreID &*& coreID < configNUM_CORES; +ensures + foreach(tasks, readOnly_TCB_runState_IF_not_running_p(tasks, updatedStates)); +{ + distinct_remove(startedTask, tasks); + distinct_mem_remove(startedTask, tasks); + remove_result_subset(startedTask, tasks); + updateUnaffectedStates_in_foreach_readOnly_TCB_runState_IF_not_running + (startedTask, tasks, remove(startedTask, tasks), states, updatedStates, + coreID); + + assert( foreach(remove(startedTask, tasks), readOnly_TCB_runState_IF_not_running_p(tasks, updatedStates)) ); + close readOnly_TCB_runState_IF_not_running_p(tasks, updatedStates)(startedTask); + foreach_unremove(startedTask, tasks); +} + +lemma void scheduleRunning_in_foreach_readOnly_TCB_runState_IF_not_running + (TCB_t* runningTask, list tasks, + list states, list updatedStates, + int coreID) +requires + distinct(tasks) == true &*& + length(tasks) == length(states) &*& + mem(runningTask, tasks) == true &*& + (nth(index_of(runningTask, tasks), states) == coreID + || nth(index_of(runningTask, tasks), states) == taskTASK_YIELDING) + &*& + foreach(tasks, readOnly_TCB_runState_IF_not_running_p(tasks, states)) &*& + updatedStates == update(index_of(runningTask, tasks), coreID, states) &*& + 0 <= coreID &*& coreID < configNUM_CORES; +ensures + foreach(tasks, readOnly_TCB_runState_IF_not_running_p(tasks, updatedStates)) &*& + nth(index_of(runningTask, tasks), updatedStates) == coreID; +{ + switch(tasks) { + case nil: + open foreach(nil, readOnly_TCB_runState_IF_not_running_p(tasks, states)); + close foreach(nil, readOnly_TCB_runState_IF_not_running_p(tasks, updatedStates)); + case cons(h, t): + foreach_remove(runningTask, tasks); + + distinct_remove(runningTask, tasks); + distinct_mem_remove(runningTask, tasks); + remove_result_subset(runningTask, tasks); + updateUnaffectedStates_in_foreach_readOnly_TCB_runState_IF_not_running + (runningTask, tasks, remove(runningTask, tasks), + states, updatedStates, coreID); + + open readOnly_TCB_runState_IF_not_running_p(tasks, states)(runningTask); + close readOnly_TCB_runState_IF_not_running_p(tasks, updatedStates)(runningTask); + + foreach_unremove(runningTask, tasks); + } +} +@*/ + + +/*@ +lemma list def_state1(list tasks, + list states, + TCB_t* currentTask, + TCB_t* readyTask) +requires + distinct(tasks) == true &*& + length(tasks) == length(states) &*& + currentTask != readyTask &*& + mem(currentTask, tasks) == true &*& + mem(readyTask, tasks) == true &*& + nth(index_of(readyTask, tasks), states) == taskTASK_NOT_RUNNING; +ensures + result == update(index_of(currentTask, tasks), taskTASK_NOT_RUNNING, states) &*& + nth(index_of(readyTask, tasks), result) == taskTASK_NOT_RUNNING &*& + nth(index_of(currentTask, tasks), result) == taskTASK_NOT_RUNNING; +{ + list states1 = + update(index_of(currentTask, tasks), taskTASK_NOT_RUNNING, states); + + mem_index_of(currentTask, tasks); + mem_index_of(readyTask, tasks); + nth_update(index_of(readyTask, tasks), index_of(currentTask, tasks), taskTASK_NOT_RUNNING, states); + + return states1; +} + +lemma list def_state2(list tasks, + list states, + TCB_t* currentTask, + TCB_t* readyTask, + int coreID) +requires + distinct(tasks) == true &*& + length(tasks) == length(states) &*& + currentTask != readyTask &*& + mem(currentTask, tasks) == true &*& + mem(readyTask, tasks) == true &*& + nth(index_of(readyTask, tasks), states) == taskTASK_NOT_RUNNING &*& + nth(index_of(currentTask, tasks), states) != taskTASK_NOT_RUNNING &*& + 0 <= coreID &*& coreID < configNUM_CORES; +ensures + result == + update(index_of(readyTask, tasks), coreID, + update(index_of(currentTask, tasks), taskTASK_NOT_RUNNING, states)) + &*& + nth(index_of(readyTask, tasks), result) == coreID &*& + nth(index_of(currentTask, tasks), result) == taskTASK_NOT_RUNNING; +{ + list states1 = def_state1(tasks, states, currentTask, readyTask); + + list states2 = + update(index_of(readyTask, tasks), coreID, states1); + + return states2; +} +@*/ + + + + + + +#endif /* LOCK_PREDICATES_H */ \ No newline at end of file diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_port_contracts.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/port_contracts.h similarity index 95% rename from Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_port_contracts.h rename to Test/VeriFast/tasks/vTaskSwitchContext/proof/port_contracts.h index 620e82b75e2..eedbca87f00 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_port_contracts.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof/port_contracts.h @@ -1,5 +1,5 @@ -#ifndef VERIFAST_PORT_CONTRACTS_H -#define VERIFAST_PORT_CONTRACTS_H +#ifndef PORT_CONTRACTS_H +#define PORT_CONTRACTS_H // We want our proofs to hold for an arbitrary number of cores. @@ -76,4 +76,4 @@ void VF__portRELEASE_ISR_LOCK(); //@ ensures [f]isrLock_p() &*& locked_p(heldLocks); -#endif /* VERIFAST_PORT_CONTRACTS_H */ \ No newline at end of file +#endif /* PORT_CONTRACTS_H */ \ No newline at end of file diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_task_running_states.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/task_running_states.h similarity index 91% rename from Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_task_running_states.h rename to Test/VeriFast/tasks/vTaskSwitchContext/proof/task_running_states.h index dcfaa9d6920..80d8c7a5775 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_task_running_states.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof/task_running_states.h @@ -1,5 +1,5 @@ -#ifndef VERIFAST_TASK_RUNNING_STATES_H -#define VERIFAST_TASK_RUNNING_STATES_H +#ifndef TASK_RUNNING_STATES_H +#define TASK_RUNNING_STATES_H /* The source file `tasks.c` defines macros to denote the running states of * tasks: @@ -43,4 +43,4 @@ void validate_taskTASK_YIELDING_value() //@ assert( gVal == val ); } -#endif /* VERIFAST_TASK_RUNNING_STATES_H */ \ No newline at end of file +#endif /* TASK_RUNNING_STATES_H */ \ No newline at end of file diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_lock_predicates.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_lock_predicates.h index 3c9b50f08b3..9a185ee7f07 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_lock_predicates.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_lock_predicates.h @@ -1,7 +1,7 @@ -#ifndef VERIFAST_LOCK_PREDICATES_H -#define VERIFAST_LOCK_PREDICATES_H +#ifndef LOCK_PREDICATES_H +#define LOCK_PREDICATES_H -#include "verifast_task_running_states.h" +#include "task_running_states.h" /* We follow a minimalistic approach during the definition of the @@ -509,4 +509,4 @@ ensures -#endif /* VERIFAST_LOCK_PREDICATES_H */ \ No newline at end of file +#endif /* LOCK_PREDICATES_H */ \ No newline at end of file diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/verifast_asm.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/asm.h similarity index 93% rename from Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/verifast_asm.h rename to Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/asm.h index faf7690678f..83da579c183 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/verifast_asm.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/asm.h @@ -1,5 +1,5 @@ -#ifndef VERIFAST_ASM_H -#define VERIFAST_ASM_H +#ifndef ASM_H +#define ASM_H /* VeriFast does not support inline assembler. * The following definitions replace macros that would normally evaluate to @@ -32,4 +32,4 @@ bool assert_fct(bool b, const char*) //#undef portDISABLE_INTERRUPTS //#define portDISABLE_INTERRUPTS() assert_fct(false, "portDISABLE_INTERRUPTS") -#endif /* VERIFAST_ASM_H */ \ No newline at end of file +#endif /* ASM_H */ \ No newline at end of file diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/verifast_proof_defs.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/proof_defs.h similarity index 93% rename from Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/verifast_proof_defs.h rename to Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/proof_defs.h index b1e288e2c29..25fefd3bb63 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/verifast_proof_defs.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/proof_defs.h @@ -4,7 +4,7 @@ */ -#ifndef VERIFAST_DEFS_H +#ifndef PROOF_DEFS_H // Delete keywords VeriFast canot parse (in some contexts) #define inline #define __always_inline @@ -24,4 +24,4 @@ #undef assert #undef configASSERT #define configASSERT(x) assert(x) -#endif /* VERIFAST_DEFS_H */ +#endif /* PROOF_DEFS_H */ diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/sys/cdefs.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/sys/cdefs.h index 0940dd63346..9a05dfb24b6 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/sys/cdefs.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/sys/cdefs.h @@ -76,7 +76,7 @@ * e.g., `tasks.c`. But it seems like the contained defines are not propagated * to this file. */ - #include "verifast_proof_defs.h" + #include "proof_defs.h" #endif #if defined(__cplusplus) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c b/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c index c92cc7cfce4..91796086393 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c +++ b/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c @@ -74,14 +74,14 @@ * original ones have been included. */ #ifdef VERIFAST - #include "verifast_proof_defs.h" + #include "proof_defs.h" #include "stack_predicates.h" #include "task_predicates.h" #include "ready_list_predicates.h" #include "verifast_RP2040_axioms.h" - #include "verifast_asm.h" - #include "verifast_port_contracts.h" - #include "verifast_lock_predicates.h" + #include "asm.h" + #include "port_contracts.h" + #include "lock_predicates.h" #include "verifast_lists_extended.h" #include "single_core_proofs/scp_list_predicates.h" #include "single_core_proofs_extended/scp_list_predicates_extended.h" From 11ab1a02b722a8f4a1c63b074c4c90a371a37225 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 28 Dec 2022 10:13:20 -0500 Subject: [PATCH 249/289] Deleted deprecated proof header. --- .../proof_setup/verifast_RP2040_axioms.h | 19 ------------------- .../tasks/vTaskSwitchContext/src/tasks.c | 1 - 2 files changed, 20 deletions(-) delete mode 100644 Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/verifast_RP2040_axioms.h diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/verifast_RP2040_axioms.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/verifast_RP2040_axioms.h deleted file mode 100644 index b6dbda41f97..00000000000 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/verifast_RP2040_axioms.h +++ /dev/null @@ -1,19 +0,0 @@ -#ifndef VERIFAST_RP2040_AXIOMS_H -#define VERIFAST_RP2040_AXIOMS_H - -#include "stdint.h" - -/* - * The lemmas in this file axiomatize that the RP2040 architecture uses - * 32bit pointers. - */ - -/*@ -// Axiomatizes that: 0 <= ptr <= 2^32 - 1 -lemma void ptr_range(void* ptr); -requires true; -ensures (void*) 0 <= ptr &*& ptr <= (void*) 4294967295; -@*/ - - -#endif \ No newline at end of file diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c b/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c index 91796086393..045f0c034f7 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c +++ b/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c @@ -78,7 +78,6 @@ #include "stack_predicates.h" #include "task_predicates.h" #include "ready_list_predicates.h" - #include "verifast_RP2040_axioms.h" #include "asm.h" #include "port_contracts.h" #include "lock_predicates.h" From 75111c247c16ab49286562654f1e7cb5c8b1ddc5 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 28 Dec 2022 10:14:27 -0500 Subject: [PATCH 250/289] Deleted deprecated proof headers. --- .../proof/verifast_lock_predicates.h | 512 ------------------ 1 file changed, 512 deletions(-) delete mode 100644 Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_lock_predicates.h diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_lock_predicates.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_lock_predicates.h deleted file mode 100644 index 9a185ee7f07..00000000000 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_lock_predicates.h +++ /dev/null @@ -1,512 +0,0 @@ -#ifndef LOCK_PREDICATES_H -#define LOCK_PREDICATES_H - -#include "task_running_states.h" - - -/* We follow a minimalistic approach during the definition of the - * lock predicates. So far, the only encapsulate the resources and - * invariants required to verify `vTaskSwitchContext`. - * We are going to extend and refine them when we proceed to verify - * other parts of FRTOS. - */ - -#include "verifast_lists_extended.h" - - - -/* ---------------------------------------------------------------------- - * Core local data and access restrictions. - * Some data in FreeRTOS such as the pointer to TCB of the task running - * on core `C` may only be accessed from core `C`. Such core-local data - * protected by deactivating interrupts. - */ - -/*@ -predicate interruptState_p(uint32_t coreID, uint32_t state); - -fixpoint bool interruptsDisabled_f(uint32_t); - -predicate coreLocalInterruptInv_p() = - [0.5]pointer(&pxCurrentTCBs[coreID_f], ?currentTCB) &*& - //pubTCB_p(currentTCB, 0) &*& - integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) &*& - coreLocalSeg_TCB_p(currentTCB, ?gCriticalNesting); -@*/ - - -/* ---------------------------------------------------------------------- - * Predicates relevant for all locks - */ - -/*@ -predicate locked_p(list< pair > lockHistory); -@*/ - - - -/* ---------------------------------------------------------------------- - * Task lock and associated global variables from `tasks.c` - */ - -/*@ -fixpoint int taskLockID_f(); - -// Represents an acquired task lock. -predicate taskLock_p(); - -// Represents the invariant associated with the the task lock, i.e., -// access permissions to the resources protected by the lock. -predicate taskLockInv_p(); -@*/ - -/* ---------------------------------------------------------------------- - * ISR lock and associated global variables from `tasks.c` - */ - -/*@ -fixpoint int isrLockID_f(); - -// Represents an unacquired ISR lock. -predicate isrLock_p(); - -// Represents the invariant associated with the the ISR lock, i.e., -// access permissions to the resources protected by the lock. -predicate isrLockInv_p(); -@*/ - - -/* ---------------------------------------------------------------------- - * Resources protected by both locks. - * Note that the task lock may never be acquired after the ISR lock. - */ - -/*@ -fixpoint int taskISRLockID_f(); - -predicate taskISRLockInv_p() = - _taskISRLockInv_p(_); - - -// Auxiliary predicate. Equal to the lock invariant above but exposes -// some details. -predicate _taskISRLockInv_p(UBaseType_t gTopReadyPriority) = - // Access to global variables - [0.5]pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB) &*& - integer_((void*) &uxSchedulerSuspended, sizeof(UBaseType_t), false, _) &*& - integer_(&xSchedulerRunning, sizeof(BaseType_t), true, _) - &*& - // top ready priority must be in range - integer_((void*) &uxTopReadyPriority, sizeof(UBaseType_t), false, gTopReadyPriority) &*& - 0 <= gTopReadyPriority &*& gTopReadyPriority < configMAX_PRIORITIES - &*& - // tasks / TCBs - exists_in_taskISRLockInv_p(?gTasks, ?gStates) - &*& - // (RP-All) Read permissions for every task - // and recording of task states in state list - // (∀t ∈ gTasks. - // [1/2]TCB_runState_p(t, _)) - // ∧ - // ∀i. ∀t. gTasks[i] == t -> gStates[i] == t->xTaskRunState - foreach(gTasks, readOnly_TCB_runState_p(gTasks, gStates)) - &*& - // (RP-Current) Read permission for task currently scheduled on this core - // (RP-All) + (RP-Current) => Write permission for scheduled task - [1/2]TCB_runState_p(gCurrentTCB, ?gCurrentTCB_state) &*& -// gCurrentTCB_state != taskTASK_NOT_RUNNING &*& - (gCurrentTCB_state == coreID_f() || gCurrentTCB_state == taskTASK_YIELDING) &*& - nth(index_of(gCurrentTCB, gTasks), gStates) == gCurrentTCB_state - &*& - // (RP-Unsched) Read permissions for unscheduled tasks - // (RP-All) + (RP-Unsched) => Write permissions for unscheduled tasks - // ∀t ∈ tasks. t->xTaskState == taskTASK_NOT_RUNNING - // -> [1/2]shared_TCB_p(t, taskTASK_NOT_RUNNING) - foreach(gTasks, readOnly_TCB_runState_IF_not_running_p(gTasks, gStates)) - &*& - readyLists_p(?gCellLists, ?gOwnerLists) - &*& - // gTasks contains all relevant tasks - mem(gCurrentTCB, gTasks) == true - &*& - // ∀l ∈ gOwnerLists. l ⊆ gTasks - forall(gOwnerLists, (superset)(gTasks)) == true; - - -lemma void produce_taskISRLockInv(); -requires locked_p(?heldLocks) &*& - heldLocks == cons(?i, cons(?t, nil)) &*& - i == pair(?f_isr, isrLockID_f()) &*& - t == pair(?f_task, taskLockID_f()); -ensures locked_p( cons( pair(_, taskISRLockID_f()), heldLocks) ) &*& - taskISRLockInv_p(); - - -lemma void consume_taskISRLockInv(); -requires locked_p( cons( pair(_, taskISRLockID_f()), ?otherLocks) ) &*& - taskISRLockInv_p(); -ensures locked_p(otherLocks); - - - -// Auxiliary predicate to assing names to existentially quantified variables. -// Having multiple `exists` chunks on the heap makes matching against their -// arguments ambiguous in most cases. -predicate exists_in_taskISRLockInv_p(list gTasks, - list gStates) = - exists(gTasks) &*& - exists(gStates) &*& - length(gTasks) == length(gStates) &*& - distinct(gTasks) == true; - -// Auxiliary function that allows us to partially apply the list argument. -// -// Notes: -// - Partial application of fixpoint functions in VeriFast is not documented. -// The syntax for partially application is `()()` -// - VeriFast only supports partially applying the first argument, e.g., -// `(mem)(0)` is allowed but `(mem)(_)(nil)` is not. -fixpoint bool mem_list_elem(list xs, t x) { - return mem(x, xs); -} - -// Auxiliary predicate to allow foreach-quantification about fraction -// and reflection of `t->xTaskRunState` in state list. -predicate_ctor readOnly_TCB_runState_p - (list tasks, list states) - (TCB_t* t;) = - mem(t, tasks) == true &*& - [1/2]TCB_runState_p(t, nth(index_of(t, tasks), states)); - -predicate_ctor readOnly_TCB_runState_IF_not_running_p - (list tasks, list states) - (TCB_t* t;) = - mem(t, tasks) == true &*& - nth(index_of(t, tasks), states) == taskTASK_NOT_RUNNING - ? [1/2]TCB_runState_p(t, taskTASK_NOT_RUNNING) - : true; -@*/ - - - -/*@ -lemma void nonauto_nth_update(int i, int j, t y, list xs); - requires 0 <= i && i < length(xs) && 0 <= j && j < length(xs); - ensures nth(i, update(j, y, xs)) == (i == j ? y : nth(i, xs)); -@*/ - - - -// ----------------------------------------------------------------------- -// TODO: Move lemmas below to separate header file. - -/*@ -lemma void update_readOnly_TCB_runState(TCB_t* t, - list tasks, - list states, - int updatedIndex, - TaskRunning_t s) -requires readOnly_TCB_runState_p(tasks, states)(t) &*& - updatedIndex != index_of(t, tasks) &*& - mem(t, tasks) == true &*& - length(tasks) == length(states); -ensures readOnly_TCB_runState_p(tasks, update(updatedIndex, s, states))(t); -{ - list states2 = update(updatedIndex, s, states); - int t_index = index_of(t, tasks); - - if( updatedIndex < 0 || updatedIndex >= length(states) ) { - update_out_of_bounds(updatedIndex, s, states); - } else { - open readOnly_TCB_runState_p(tasks, states)(t); - open [1/2]TCB_runState_p(t, nth(t_index, states)); - - mem_index_of(t, tasks); - nth_update(t_index, updatedIndex, s, states); - assert( nth(t_index, states) == nth(t_index, states2) ); - - close [1/2]TCB_runState_p(t, nth(t_index, states2)); - close readOnly_TCB_runState_p(tasks, states2)(t); - } -} - - -lemma void update_foreach_readOnly_TCB_runState(TCB_t* updatedTask, - list tasks, - list subTasks, - list states, - list states2, - TaskRunning_t s) -requires - mem(updatedTask, tasks) == true &*& - length(tasks) == length(states) &*& - foreach(subTasks, readOnly_TCB_runState_p(tasks, states)) &*& - states2 == update(index_of(updatedTask, tasks), s, states) &*& - distinct(tasks) == true &*& - mem(updatedTask, subTasks) == false &*& - subset(subTasks, tasks) == true; -ensures - foreach(subTasks, readOnly_TCB_runState_p(tasks, states2)); -{ - switch(subTasks) { - case nil: - open foreach(nil, readOnly_TCB_runState_p(tasks, states)); - close foreach(nil, readOnly_TCB_runState_p(tasks, states2)); - case cons(h, rest): - int index = index_of(updatedTask, tasks); -// distinct_mem_remove(t, tasks); -// neq_mem_remove(h, t, tasks); -// index_of_different(h, t, tasks); - open foreach(subTasks, readOnly_TCB_runState_p(tasks, states)); - assert( updatedTask != h ); - index_of_different(updatedTask, h, tasks); - assert( index != index_of(h, tasks) ); - update_readOnly_TCB_runState(h, tasks, states, index, s); - assert( mem(updatedTask, rest) == false ); - update_foreach_readOnly_TCB_runState(updatedTask, tasks, rest, - states, states2, s); - close foreach(subTasks, readOnly_TCB_runState_p(tasks, states2)); - } -} - - -lemma void close_updated_foreach_readOnly_TCB_runState(TCB_t* updatedTask, - list tasks, - list states, - list states2, - TaskRunning_t s) -requires - mem(updatedTask, tasks) == true &*& - length(states) == length(tasks) &*& - distinct(tasks) == true &*& - foreach(remove(updatedTask, tasks), readOnly_TCB_runState_p(tasks, states)) &*& - states2 == update(index_of(updatedTask, tasks), s, states) &*& - [1/2]TCB_runState_p(updatedTask, s); -ensures - foreach(tasks, readOnly_TCB_runState_p(tasks, states2)); -{ - distinct_mem_remove(updatedTask, tasks); - remove_result_subset(updatedTask, tasks); - - close readOnly_TCB_runState_p(tasks, states2)(updatedTask); - update_foreach_readOnly_TCB_runState(updatedTask, tasks, - remove(updatedTask, tasks), - states, states2, s); - foreach_unremove(updatedTask, tasks); -} - - -lemma void stopUpdate_foreach_readOnly_TCB_runState_IF_not_running - (TCB_t* stoppedTask, list tasks, list subTasks, - list states, list states2) -requires - distinct(tasks) == true &*& - distinct(subTasks) == true &*& - length(tasks) == length(states) &*& - foreach(subTasks, readOnly_TCB_runState_IF_not_running_p(tasks, states)) &*& - states2 == update(index_of(stoppedTask, tasks), taskTASK_NOT_RUNNING, states) &*& - nth(index_of(stoppedTask, tasks), states) != taskTASK_NOT_RUNNING &*& - subset(subTasks, tasks) == true &*& - mem(stoppedTask, tasks) == true &*& - mem(stoppedTask, subTasks) - ? [1/2]TCB_runState_p(stoppedTask, taskTASK_NOT_RUNNING) - : true; -ensures - foreach(subTasks, readOnly_TCB_runState_IF_not_running_p(tasks, states2)); -{ - switch(subTasks) { - case nil: - open foreach(nil, readOnly_TCB_runState_IF_not_running_p(tasks, states)); - close foreach(nil, readOnly_TCB_runState_IF_not_running_p(tasks, states2)); - case cons(h, t): - if( h == stoppedTask ) { - assert( remove(stoppedTask, subTasks) == t ); - distinct_mem_remove(stoppedTask, subTasks); - assert( mem(stoppedTask, t) == false ); - mem_index_of(stoppedTask, tasks); - } else { - mem_index_of(stoppedTask, tasks); - nth_update(index_of(h, tasks), index_of(stoppedTask, tasks), taskTASK_NOT_RUNNING, states); - index_of_different(h, stoppedTask, tasks); - assert( index_of(h, tasks) != index_of(stoppedTask, tasks) ); - assert( nth(index_of(h, tasks), states) == nth(index_of(h, tasks), states2) ); - } - - nth_update(index_of(stoppedTask, tasks), index_of(stoppedTask, tasks), taskTASK_NOT_RUNNING, states); - open foreach(subTasks, readOnly_TCB_runState_IF_not_running_p(tasks, states)); - open readOnly_TCB_runState_IF_not_running_p(tasks, states)(h); - assert( nth(index_of(stoppedTask, tasks), states2) == taskTASK_NOT_RUNNING ); - close readOnly_TCB_runState_IF_not_running_p(tasks, states2)(h); - stopUpdate_foreach_readOnly_TCB_runState_IF_not_running - (stoppedTask, tasks, t, states, states2); - close foreach(subTasks, readOnly_TCB_runState_IF_not_running_p(tasks, states2)); - } -} - -lemma void updateUnaffectedStates_in_foreach_readOnly_TCB_runState_IF_not_running - (TCB_t* updatedTask, list tasks, list subTasks, - list states, list updatedStates, - TaskRunning_t s) -requires - distinct(tasks) == true &*& - distinct(subTasks) == true &*& - length(tasks) == length(states) &*& - mem(updatedTask, tasks) == true &*& - mem(updatedTask, subTasks) == false &*& - subset(subTasks, tasks) == true &*& - foreach(subTasks, readOnly_TCB_runState_IF_not_running_p(tasks, states)) &*& - updatedStates == update(index_of(updatedTask, tasks), s, states); -ensures - foreach(subTasks, readOnly_TCB_runState_IF_not_running_p(tasks, updatedStates)); -{ - switch(subTasks) { - case nil: - open foreach(nil, readOnly_TCB_runState_IF_not_running_p(tasks, states)); - close foreach(nil, readOnly_TCB_runState_IF_not_running_p(tasks, updatedStates)); - case cons(h, t): - open foreach(subTasks, readOnly_TCB_runState_IF_not_running_p(tasks, states)); - - // Prove that update preserves state of `h`. - index_of_different(h, updatedTask, tasks); - nth_update(index_of(h, tasks), index_of(updatedTask, tasks), s, states); - assert( nth(index_of(h, tasks), states) == nth(index_of(h, tasks), updatedStates) ); - - open readOnly_TCB_runState_IF_not_running_p(tasks, states)(h); - close readOnly_TCB_runState_IF_not_running_p(tasks, updatedStates)(h); - updateUnaffectedStates_in_foreach_readOnly_TCB_runState_IF_not_running - (updatedTask, tasks, t, states, updatedStates, s); - close foreach(subTasks, readOnly_TCB_runState_IF_not_running_p(tasks, updatedStates)); - } -} - -lemma void startUpdate_foreach_readOnly_TCB_runState_IF_not_running - (TCB_t* startedTask, list tasks, - list states, list updatedStates, - int coreID) -requires - distinct(tasks) == true &*& - length(tasks) == length(states) &*& - mem(startedTask, tasks) == true &*& - foreach(remove(startedTask, tasks), readOnly_TCB_runState_IF_not_running_p(tasks, states)) &*& - updatedStates == update(index_of(startedTask, tasks), coreID, states) &*& - 0 <= coreID &*& coreID < configNUM_CORES; -ensures - foreach(tasks, readOnly_TCB_runState_IF_not_running_p(tasks, updatedStates)); -{ - distinct_remove(startedTask, tasks); - distinct_mem_remove(startedTask, tasks); - remove_result_subset(startedTask, tasks); - updateUnaffectedStates_in_foreach_readOnly_TCB_runState_IF_not_running - (startedTask, tasks, remove(startedTask, tasks), states, updatedStates, - coreID); - - assert( foreach(remove(startedTask, tasks), readOnly_TCB_runState_IF_not_running_p(tasks, updatedStates)) ); - close readOnly_TCB_runState_IF_not_running_p(tasks, updatedStates)(startedTask); - foreach_unremove(startedTask, tasks); -} - -lemma void scheduleRunning_in_foreach_readOnly_TCB_runState_IF_not_running - (TCB_t* runningTask, list tasks, - list states, list updatedStates, - int coreID) -requires - distinct(tasks) == true &*& - length(tasks) == length(states) &*& - mem(runningTask, tasks) == true &*& - (nth(index_of(runningTask, tasks), states) == coreID - || nth(index_of(runningTask, tasks), states) == taskTASK_YIELDING) - &*& - foreach(tasks, readOnly_TCB_runState_IF_not_running_p(tasks, states)) &*& - updatedStates == update(index_of(runningTask, tasks), coreID, states) &*& - 0 <= coreID &*& coreID < configNUM_CORES; -ensures - foreach(tasks, readOnly_TCB_runState_IF_not_running_p(tasks, updatedStates)) &*& - nth(index_of(runningTask, tasks), updatedStates) == coreID; -{ - switch(tasks) { - case nil: - open foreach(nil, readOnly_TCB_runState_IF_not_running_p(tasks, states)); - close foreach(nil, readOnly_TCB_runState_IF_not_running_p(tasks, updatedStates)); - case cons(h, t): - foreach_remove(runningTask, tasks); - - distinct_remove(runningTask, tasks); - distinct_mem_remove(runningTask, tasks); - remove_result_subset(runningTask, tasks); - updateUnaffectedStates_in_foreach_readOnly_TCB_runState_IF_not_running - (runningTask, tasks, remove(runningTask, tasks), - states, updatedStates, coreID); - - open readOnly_TCB_runState_IF_not_running_p(tasks, states)(runningTask); - close readOnly_TCB_runState_IF_not_running_p(tasks, updatedStates)(runningTask); - - foreach_unremove(runningTask, tasks); - } -} -@*/ - - -/*@ -lemma list def_state1(list tasks, - list states, - TCB_t* currentTask, - TCB_t* readyTask) -requires - distinct(tasks) == true &*& - length(tasks) == length(states) &*& - currentTask != readyTask &*& - mem(currentTask, tasks) == true &*& - mem(readyTask, tasks) == true &*& - nth(index_of(readyTask, tasks), states) == taskTASK_NOT_RUNNING; -ensures - result == update(index_of(currentTask, tasks), taskTASK_NOT_RUNNING, states) &*& - nth(index_of(readyTask, tasks), result) == taskTASK_NOT_RUNNING &*& - nth(index_of(currentTask, tasks), result) == taskTASK_NOT_RUNNING; -{ - list states1 = - update(index_of(currentTask, tasks), taskTASK_NOT_RUNNING, states); - - mem_index_of(currentTask, tasks); - mem_index_of(readyTask, tasks); - nth_update(index_of(readyTask, tasks), index_of(currentTask, tasks), taskTASK_NOT_RUNNING, states); - - return states1; -} - -lemma list def_state2(list tasks, - list states, - TCB_t* currentTask, - TCB_t* readyTask, - int coreID) -requires - distinct(tasks) == true &*& - length(tasks) == length(states) &*& - currentTask != readyTask &*& - mem(currentTask, tasks) == true &*& - mem(readyTask, tasks) == true &*& - nth(index_of(readyTask, tasks), states) == taskTASK_NOT_RUNNING &*& - nth(index_of(currentTask, tasks), states) != taskTASK_NOT_RUNNING &*& - 0 <= coreID &*& coreID < configNUM_CORES; -ensures - result == - update(index_of(readyTask, tasks), coreID, - update(index_of(currentTask, tasks), taskTASK_NOT_RUNNING, states)) - &*& - nth(index_of(readyTask, tasks), result) == coreID &*& - nth(index_of(currentTask, tasks), result) == taskTASK_NOT_RUNNING; -{ - list states1 = def_state1(tasks, states, currentTask, readyTask); - - list states2 = - update(index_of(readyTask, tasks), coreID, states1); - - return states2; -} -@*/ - - - - - - -#endif /* LOCK_PREDICATES_H */ \ No newline at end of file From f15540ceccfe979289f802fecefbb40628523675 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 28 Dec 2022 10:36:17 -0500 Subject: [PATCH 251/289] Handled minor TODOs in proof headers. --- .../custom_build_scripts_RP2040/vf_rewrite.sh | 3 +- .../tasks/vTaskSwitchContext/include/list.h | 3 - .../vTaskSwitchContext/include/stack_macros.h | 2 - .../vTaskSwitchContext/proof/port_contracts.h | 3 - .../proof/ready_list_predicates.h | 2 +- .../scp_list_predicates_extended.h | 4 +- .../proof/verifast_lists_extended.h | 65 +------------------ 7 files changed, 6 insertions(+), 76 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/vf_rewrite.sh b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/vf_rewrite.sh index 81e3a5b41c2..8408ab8b136 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/vf_rewrite.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/vf_rewrite.sh @@ -39,9 +39,8 @@ echo "Delete fixed-sized array typedefs" rewrite "typedef .*\[[0-9]*\];" "" echo "Delete attributes" -#rewrite "\_\_attribute\_\_\(\(\_\_[a-z\_]*\_\_\)\)" "" rewrite "__attribute__(([_a-z]*))" "" -# TODO: Why does matching `\s` or `:space:` not work on MacOs? +# Note: `\s` or `:space:` not work on MacOs. rewrite "__attribute__( ( [_a-z]* ) )" "" echo "Delete void casts (used to suppress compiler warnings)" diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/include/list.h b/Test/VeriFast/tasks/vTaskSwitchContext/include/list.h index d1543dfed02..5a19ba019ef 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/include/list.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/include/list.h @@ -80,9 +80,6 @@ * numbers of tokens when expanding `PRIVILEGED_FUNCTION` in this file. */ #define PRIVILEGED_FUNCTION - // TODO: Figure out why the preprocessors consume different amounts of - // of tokens. This most likely has to do with the path/context - // from which this header is included. #endif /* VERIFAST */ /* diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/include/stack_macros.h b/Test/VeriFast/tasks/vTaskSwitchContext/include/stack_macros.h index e0162f57a73..51af7925b07 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/include/stack_macros.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/include/stack_macros.h @@ -84,8 +84,6 @@ #if ( ( configCHECK_FOR_STACK_OVERFLOW > 1 ) && ( portSTACK_GROWTH < 0 ) ) - /* TODO: Convert this macro into a function such that we can insert proof annotations. - */ #ifdef VERIFAST /* Reason for rewrite: * VeriFast complains about unspecified evaluation order of diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/port_contracts.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/port_contracts.h index eedbca87f00..a72b5759788 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/port_contracts.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof/port_contracts.h @@ -3,9 +3,6 @@ // We want our proofs to hold for an arbitrary number of cores. -/* TODO: Can we use the original function `get_core_num` instead without - * adding the contract inside the pico sdk file (platform.h)? - */ #undef portGET_CORE_ID #define portGET_CORE_ID() VF__get_core_num() diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/ready_list_predicates.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/ready_list_predicates.h index 41a04b484f2..bb22ab5d027 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/ready_list_predicates.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof/ready_list_predicates.h @@ -320,7 +320,7 @@ void VF_reordeReadyList(List_t* pxReadyList, ListItem_t * pxTaskItem) //@ assert( forall(gOwners, (mem_list_elem)(gTasks)) == true ); //@ forall_remove_nth(index_of(pxTaskItem, gCells), gOwners, (mem_list_elem)(gTasks)); //@ assert( forall(gOwners2, (mem_list_elem)(gTasks)) == true ); - //@ forall_mem_implies_subset(gOwners2, gTasks); + //@ forall_mem_implies_superset(gTasks, gOwners2); //@ assert( subset(gOwners2, gTasks) == true ); vListInsertEnd( pxReadyList, pxTaskItem ); diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/single_core_proofs_extended/scp_list_predicates_extended.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/single_core_proofs_extended/scp_list_predicates_extended.h index 48e9afb0fa2..950c5475a3e 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/single_core_proofs_extended/scp_list_predicates_extended.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof/single_core_proofs_extended/scp_list_predicates_extended.h @@ -239,8 +239,8 @@ ensures assert( gValsRes == append(gValsPrefix, cons(gItemVal, nil)) ); - drop_cons(gCells, index_of(pxItem, gCells)); - drop_cons(gVals, index_of(pxItem, gCells)); + drop_n_plus_one(gCells, index_of(pxItem, gCells)); + drop_n_plus_one(gVals, index_of(pxItem, gCells)); nth_index(gCells, pxItem); assert( gCellsRes == gCells ); diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_lists_extended.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_lists_extended.h index 43c6be5aa9b..62f8e4e9ab5 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_lists_extended.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_lists_extended.h @@ -5,55 +5,30 @@ * of VeriFast's standard library. */ +// Most of the following lemmas are axioms. - -// TODO: Can we prove this in VeriFast or do we have to axiomatise? /*@ lemma void head_drop_n_equals_nths(list xs, int n); requires n >= 0; ensures head(drop(n, xs)) == nth(n, xs); -// TODO: Can we prove this in VeriFast or do we have to axiomatise? lemma void drop_index_equals_singleton_implies_last_element(list xs, t x); requires drop(index_of(x, xs), xs) == cons(x, nil); ensures index_of(x, xs) == length(xs) - 1; -// TODO: Can we prove this in VeriFast or do we have to axiomatise? -// Can we replace this by standard lemma `drop_n_plus_one`? -lemma void drop_cons(list xs, int n); -requires n < length(xs); -ensures drop(n, xs) == cons(nth(n, xs), drop(n+1, xs)); - -// TODO: Can we prove this in VeriFast or do we have to axiomatise? -lemma void nth_index(list xs, t x) +lemma void nth_index(list xs, t x); requires mem(x, xs) == true; ensures nth(index_of(x, xs), xs) == x; -{ - // Will prove later. For now, we only validate with an example. - list _xs = cons(1, cons(2, cons(3, cons(4, cons(5, cons(6, cons(7, nil))))))); - int _x = 4; - - int i = index_of(_x, _xs); - int nthi = nth(index_of(_x, _xs), _xs); - - assert( nth(index_of(_x, _xs), _xs) == _x ); - // ADMIT LEMMA, PROVE LATER - assume(false); -} - -// TODO: Can we prove this in VeriFast or do we have to axiomatise? lemma void mem_prefix_implies_mem(t x, list xs, int n); requires mem(x, take(n, xs)) == true; ensures mem(x, xs) == true; -// TODO: Can we prove this in VeriFast or do we have to axiomatise? lemma void mem_suffix_implies_mem(t x, list xs, int n); requires mem(x, drop(n, xs)) == true; ensures mem(x, xs) == true; -// TODO: Can we prove this in VeriFast or do we have to axiomatise? lemma void drop_n_plus_m(list xs, int n, int m); requires true; ensures drop(n, drop(m, xs)) == drop(n + m, xs); @@ -78,7 +53,6 @@ fixpoint bool superset(list super, list sub) { } -// TODO: Can we prove this in VeriFast or do we have to axiomatise? lemma void update_out_of_bounds(int index, t x, list xs) requires (index < 0 || index >= length(xs)); ensures update(index, x, xs) == xs; @@ -91,7 +65,6 @@ ensures update(index, x, xs) == xs; } } - lemma void index_of_different(t x1, t x2, list xs) requires x1 != x2 &*& mem(x1, xs) == true &*& mem(x2, xs) == true; ensures index_of(x1, xs) != index_of(x2, xs); @@ -105,91 +78,57 @@ ensures index_of(x1, xs) != index_of(x2, xs); } } -// TODO: Can we prove this in VeriFast or do we have to axiomatise? lemma void subset_cons_tail(list xs); requires xs == cons(?h, ?t); ensures subset(t, xs) == true; -// TODO: Can we prove this in VeriFast or do we have to axiomatise? lemma void remove_result_subset(t x, list xs); requires true; ensures subset(remove(x, xs), xs) == true; -// TODO: Revisit this lemma -// { -// switch(xs) { -// case nil: -// case cons(h, t): -// remove_result_subset(x, t); -// if(h == x) { -// assert( remove(x, xs) == t ); -// subset_cons_tail(xs); -// assert( subset(t, cons(x, t) ) == true ); -// } else { -// ; -// } -// } -// } -// TODO: Can we prove this in VeriFast or do we have to axiomatise? // Special case of `nth_update` from `listex.gh`. lemma void update_preserves_rest(int i, int u, t v, list xs); requires 0 <= i && i < length(xs) && 0 <= u && u < length(xs) && i != u; ensures nth(i, update(u, v, xs)) == nth(i, xs); -// TODO: Can we prove this in VeriFast or do we have to axiomatise? lemma void append_take_nth_drop(int n, list xs); requires 0 <= n &*& n < length(xs); ensures xs == append( take(n, xs), cons(nth(n, xs), drop(n+1, xs)) ); -// TODO: Can we prove this in VeriFast or do we have to axiomatise? // Note: `listex.gh` contains lemma `forall_drop` but no corresponding // `forall_take`. lemma void forall_take(list xs, fixpoint(t, bool) p, int i); requires forall(xs, p) == true; ensures forall(take(i, xs), p) == true; -// TODO: Can we prove this in VeriFast or do we have to axiomatise? lemma void forall_mem_implies_superset(list super, list sub); requires forall(sub, (mem_list_elem)(super)) == true; ensures superset(super, sub) == true; -// TODO: Can we prove this in VeriFast or do we have to axiomatise? -// TODO: Rename into "forall_mem_implies_superset" -lemma void forall_mem_implies_subset(list sub, list super); -requires forall(sub, (mem_list_elem)(super)) == true; -ensures superset(super, sub) == true; - -// TODO: Can we prove this in VeriFast or do we have to axiomatise? lemma void subset_implies_forall_mem(list sub, list super); requires subset(sub, super) == true; ensures forall(sub, (mem_list_elem)(super)) == true; -// TODO: Can we prove this in VeriFast or do we have to axiomatise? lemma void forall_remove(t x, list xs, fixpoint(t, bool) p); requires forall(xs, p) == true; ensures forall(remove(x, xs), p) == true; -// TODO: Can we prove this in VeriFast or do we have to axiomatise? lemma void forall_remove_nth(int n, list xs, fixpoint(t, bool) p); requires forall(xs, p) == true; ensures forall(remove_nth(n, xs), p) == true; -// TODO: Can we prove this in VeriFast or do we have to axiomatise? lemma void nth_implies_mem(int n, list xs); requires 0 <= n &*& n < length(xs); ensures mem(nth(n, xs), xs) == true; -// TODO: Can we prove this in VeriFast or do we have to axiomatise? lemma void subset_append(list sub1, list sub2, list super); requires subset(sub1, super) == true &*& subset(sub2, super) == true; ensures subset(append(sub1, sub2), super) == true; -// TODO: Can we prove this in VeriFast or do we have to axiomatise? lemma void subset_take(int i, list xs); requires true; ensures subset(take(i, xs), xs) == true; -// TODO: Can we prove this in VeriFast or do we have to axiomatise? lemma void subset_drop(int i, list xs); requires true; ensures subset(drop(i, xs), xs) == true; From 9bbe885603be2b455ddd5c7a5cc85a41f60984e7 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 28 Dec 2022 10:47:33 -0500 Subject: [PATCH 252/289] Deleted unnecessary list axioms. --- .../proof/verifast_lists_extended.h | 25 +------------------ 1 file changed, 1 insertion(+), 24 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_lists_extended.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_lists_extended.h index 62f8e4e9ab5..448a020c376 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_lists_extended.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof/verifast_lists_extended.h @@ -34,20 +34,6 @@ requires true; ensures drop(n, drop(m, xs)) == drop(n + m, xs); -// Can use `forall_mem` from `listex.gh` instead -// TODO: Can we prove this in VeriFast or do we have to axiomatise? -lemma void forall_instantiate(t x, list xs, fixpoint(t, bool) f); -requires forall(xs, f) == true &*& mem(x, xs) == true; -ensures forall(xs, f) == true &*& f(x) == true; - - -// Can use `neq_mem_remove` from `listex.gh` instead -// TODO: Can we prove this in VeriFast or do we have to axiomatise? -lemma void mem_after_remove(t x, list xs, t r); -requires true; -ensures mem(x, remove(r, xs)) == (mem(x, xs) && x != r); - - fixpoint bool superset(list super, list sub) { return subset(sub, super); } @@ -78,25 +64,16 @@ ensures index_of(x1, xs) != index_of(x2, xs); } } -lemma void subset_cons_tail(list xs); -requires xs == cons(?h, ?t); -ensures subset(t, xs) == true; - lemma void remove_result_subset(t x, list xs); requires true; ensures subset(remove(x, xs), xs) == true; -// Special case of `nth_update` from `listex.gh`. -lemma void update_preserves_rest(int i, int u, t v, list xs); -requires 0 <= i && i < length(xs) && 0 <= u && u < length(xs) && i != u; -ensures nth(i, update(u, v, xs)) == nth(i, xs); - lemma void append_take_nth_drop(int n, list xs); requires 0 <= n &*& n < length(xs); ensures xs == append( take(n, xs), cons(nth(n, xs), drop(n+1, xs)) ); // Note: `listex.gh` contains lemma `forall_drop` but no corresponding -// `forall_take`. +// `forall_take`. lemma void forall_take(list xs, fixpoint(t, bool) p, int i); requires forall(xs, p) == true; ensures forall(take(i, xs), p) == true; From d85e9cb2f3bdf625a6d5e6a2eb86cede94796525 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 28 Dec 2022 10:53:15 -0500 Subject: [PATCH 253/289] Renamed directory for preprocessor scripts. --- Test/VeriFast/tasks/vTaskSwitchContext/README.md | 2 +- Test/VeriFast/tasks/vTaskSwitchContext/paths.sh | 2 +- .../pp_flags.sh | 0 .../prepare_file_for_VeriFast.sh | 0 .../preprocess_file_for_diff.sh | 0 .../preprocess_file_for_verification.sh | 0 .../vf_rewrite.sh | 0 7 files changed, 2 insertions(+), 2 deletions(-) rename Test/VeriFast/tasks/vTaskSwitchContext/{custom_build_scripts_RP2040 => preprocessing_scripts}/pp_flags.sh (100%) rename Test/VeriFast/tasks/vTaskSwitchContext/{custom_build_scripts_RP2040 => preprocessing_scripts}/prepare_file_for_VeriFast.sh (100%) rename Test/VeriFast/tasks/vTaskSwitchContext/{custom_build_scripts_RP2040 => preprocessing_scripts}/preprocess_file_for_diff.sh (100%) rename Test/VeriFast/tasks/vTaskSwitchContext/{custom_build_scripts_RP2040 => preprocessing_scripts}/preprocess_file_for_verification.sh (100%) rename Test/VeriFast/tasks/vTaskSwitchContext/{custom_build_scripts_RP2040 => preprocessing_scripts}/vf_rewrite.sh (100%) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/README.md index d9e1768b47a..8611a510ebf 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/README.md +++ b/Test/VeriFast/tasks/vTaskSwitchContext/README.md @@ -36,7 +36,7 @@ FreeRTOS-Kernel │ └── verification └── verifast - ├── custom_build_scripts_RP2040 + ├── preprocessing_scripts │ Contains scripts to preprocess and rewrite the source code. │ ├── demos diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh b/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh index 45824ecf2db..d9e8f2cc825 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/paths.sh @@ -111,7 +111,7 @@ function pp_script_dir() { REPO_BASE_DIR="$1" VF_PROOF_DIR=`vf_proof_base_dir $REPO_BASE_DIR` - echo "$VF_PROOF_DIR/custom_build_scripts_RP2040" + echo "$VF_PROOF_DIR/preprocessing_scripts" } # Returns the absolute path to the preprocesor's output direcotry. diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/pp_flags.sh b/Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/pp_flags.sh similarity index 100% rename from Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/pp_flags.sh rename to Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/pp_flags.sh diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/prepare_file_for_VeriFast.sh b/Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/prepare_file_for_VeriFast.sh similarity index 100% rename from Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/prepare_file_for_VeriFast.sh rename to Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/prepare_file_for_VeriFast.sh diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_diff.sh b/Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/preprocess_file_for_diff.sh similarity index 100% rename from Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_diff.sh rename to Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/preprocess_file_for_diff.sh diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_verification.sh b/Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/preprocess_file_for_verification.sh similarity index 100% rename from Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/preprocess_file_for_verification.sh rename to Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/preprocess_file_for_verification.sh diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/vf_rewrite.sh b/Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/vf_rewrite.sh similarity index 100% rename from Test/VeriFast/tasks/vTaskSwitchContext/custom_build_scripts_RP2040/vf_rewrite.sh rename to Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/vf_rewrite.sh From 9b070924287a080bb407b0d80b1c8121abad846b Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 28 Dec 2022 11:41:42 -0500 Subject: [PATCH 254/289] Added help text to diff and startup scripts. --- .../VeriFast/tasks/vTaskSwitchContext/diff.sh | 24 ++++++++ .../tasks/vTaskSwitchContext/run-verifast.sh | 40 +++++++++++++ .../tasks/vTaskSwitchContext/run-vfide.sh | 59 +++++++++++++++++-- 3 files changed, 118 insertions(+), 5 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh b/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh index d80d3bf20dd..bb00188cf31 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/diff.sh @@ -12,6 +12,30 @@ # $1 : Absolute path to the base directory of this repository. +# Checking validity of command line arguments. +HELP="false" +if [ $1 == "-h" ] || [ $1 == "--help" ]; then + HELP="true" +else + if [ $# != 1 ] ; then + echo Wrong number of arguments. Found $#, expected 1. + HELP="true" + fi + + if [ ! -d "$1" ]; then + echo Directory "$1" does not exist. + HELP="true" + fi +fi + +if [ "$HELP" != "false" ]; then + echo Expected call of the form + echo "diff.sh " + echo "where is the absolute path to the base directory of this repository." + exit +fi + + # Relative or absolute path to the directory this script and `paths.sh` reside in. PREFIX=`dirname $0` # Absolute path to the base of this repository. diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/run-verifast.sh b/Test/VeriFast/tasks/vTaskSwitchContext/run-verifast.sh index 17fd3543348..b24fd91ed22 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/run-verifast.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/run-verifast.sh @@ -1,5 +1,45 @@ #!/bin/bash +# This script runs the preprocesses the annotated 'tasks.c' file +# and checks the resulting proof file with VeriFast. +# +# This script expects the following arguments: +# $1 : Absolute path to the base directory of this repository. +# $2 : Absolute path to the VeriFast installation directory. + + +# Checking validity of command line arguments. +HELP="false" +if [ $1 == "-h" ] || [ $1 == "--help" ]; then + HELP="true" +else + if [ $# != 2 ] ; then + echo Wrong number of arguments. Found $#, expected 2. + HELP="true" + fi + + if [ ! -d "$1" ]; then + echo "Directory (\$1) '$1' does not exist." + HELP="true" + fi + + if [ ! -d "$2" ]; then + echo "Directory (\$2) '$2' does not exist." + HELP="true" + fi +fi + +if [ "$HELP" != "false" ]; then + echo Expected call of the form + echo "run-verifast.sh " + echo "where" + echo " is the absolute path to the base directory of this repository and" + echo " is the absolute path to the VeriFast installation directory." + exit +fi + + + # Relative or absolute path to the directory this script and `paths.sh` reside in. PREFIX=`dirname $0` # Absolute path to the base of this repository. diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/run-vfide.sh b/Test/VeriFast/tasks/vTaskSwitchContext/run-vfide.sh index 128fd96902f..cd57e7be673 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/run-vfide.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/run-vfide.sh @@ -1,5 +1,52 @@ #!/bin/bash +# This script runs the preprocesses the annotated 'tasks.c' file +# and loads the result into the VeriFast IDE. +# +# This script expects the following arguments: +# $1 : Absolute path to the base directory of this repository. +# $2 : Absolute path to the VeriFast installation directory. +# $3 (Optional) : Font size + + + +# Checking validity of command line arguments. +HELP="false" +if [ $1 == "-h" ] || [ $1 == "--help" ]; then + HELP="true" +else + if [[ $# < 2 || $# > 3 ]] ; then + echo Wrong number of arguments. Found $#, expected 2 or 3. + HELP="true" + fi + + if [ ! -d "$1" ]; then + echo "Directory (\$1) '$1' does not exist." + HELP="true" + fi + + if [ ! -d "$2" ]; then + echo "Directory (\$2) '$2' does not exist." + HELP="true" + fi + + if ! [[ "$3" =~ ^[1-9]*$ ]] ; then + echo "Argument (\$3) '$3' is not a number." + HELP="true" + fi +fi + +if [ "$HELP" != "false" ]; then + echo Expected call of the form + echo "run-vfide.sh []" + echo "where:" + echo "- is the absolute path to the base directory of this repository" + echo "- is the absolute path to the VeriFast installation directory" + echo "- is an optional argument specifying the font size" + exit +fi + + # Relative or absolute path to the directory this script and `paths.sh` reside in. PREFIX=`dirname $0` # Absolute path to the base of this repository. @@ -7,6 +54,12 @@ REPO_BASE_DIR="$1" # Absolute path the VeriFast installation directory VF_DIR="$2" +FONT_SIZE=17 +if [ "$3" != "" ] +then + FONT_SIZE="$3" +fi + # Load functions used to compute paths. . "$PREFIX/paths.sh" @@ -24,11 +77,7 @@ PROOF_FILES_DIR=`vf_proof_dir $REPO_BASE_DIR` PP_ERR_LOG="`pp_log_dir $REPO_BASE_DIR`/preprocessing_errors.txt" -FONT_SIZE=17 -if [ "$3" != "" ] -then - FONT_SIZE="$3" -fi + ensure_output_dirs_exist $REPO_BASE_DIR From c0f5acec60672316aecc2a25e99031c759c138ce Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 28 Dec 2022 11:59:21 -0500 Subject: [PATCH 255/289] Updated repository structure in README --- .../tasks/vTaskSwitchContext/README.md | 101 +++++++++++------- 1 file changed, 64 insertions(+), 37 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/README.md index 8611a510ebf..08dc61810d6 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/README.md +++ b/Test/VeriFast/tasks/vTaskSwitchContext/README.md @@ -1,9 +1,9 @@ # FreeROTS VeriFast Proofs -This directory contains an unbounded proof memory safety and thread safety proof +This directory contains an unbounded memory safety and thread safety proof for the core of the task scheduler: `vTaskSwitchContext` The proof ensures that no call to `vTaskSwitchContext` that complies with the specified precondition results in unsafe memory accesses. It also ensures that -concurrent instances of `vTaskSwitchContext` running on diffierent cores are +concurrent instances of `vTaskSwitchContext` running on different cores are mutually thread safe. @@ -34,43 +34,70 @@ FreeRTOS-Kernel │ Contains the Raspberry Pi Pico setup. │ │ -└── verification - └── verifast - ├── preprocessing_scripts - │ Contains scripts to preprocess and rewrite the source code. - │ - ├── demos - │ Contains the FreeRTOS SMP demo. Our proofs use some of its - │ configuartion files. - │ - ├── proof - │ Contains the VeriFast proof files. - │ │ - │ ├── *.h files - │ │ Headers containing VeriFast formalizations and proofs. - │ │ - │ ├── README.md - │ │ Contains more details about the proof. - │ │ - │ ├── single_core_proofs - │ │ Contains the old list formalization and proofs written by - │ │ Aalok Thakkar and Nathan Chong in 2020 for the single-core - │ │ setup. - │ │ - │ └── single_core_proofs_extended - │ Contains new proofs extending the single-core list - │ formalization. - │ - ├── proof_setup - │ Contains config files for the proof. The proof assumes a setup for - │ RP2040. - │ - └── sdks - Contains SDKs referenced by the proof setup. - Some files are annotated with VeriFast contracts. +└── Test/VeriFast/tasks/vTaskSwitchContext + │ + ├── run-verifast.sh + │ Shell script to run check the proof with VeriFast. + │ + ├── run-vfide.sh + │ Shell script to load the proof into the VeriFast IDE. + │ + ├── diff.sh + │ Shell script to compute flag changes in the production code that + │ potentially break the validity of the VeriFast proof. An empty diff + │ means that the proof and the production code remain in sync. + │ + ├── preprocessing_scripts + │ Contains scripts to preprocess and rewrite the source code. + │ + ├── demos + │ Contains the FreeRTOS SMP demo. Our proofs use some of its + │ configuartion files. + │ + ├── include + │ Contains annotated copies of header files residing in + │ 'FreeRTOS-Kernel/include'. These files are annotated with VeriFast + | predicates, lemmas and proof steps. + │ + │ + ├── proof + │ Contains the VeriFast proof files. + │ │ + │ ├── *.h files + │ │ Headers containing VeriFast formalizations and proofs. + │ │ + │ ├── README.md + │ │ Contains more details about the proof. + │ │ + │ ├── single_core_proofs + │ │ Contains the old list formalization and proofs written by + │ │ Aalok Thakkar and Nathan Chong in 2020 for the single-core + │ │ setup. + │ │ + │ └── single_core_proofs_extended + │ Contains new proofs extending the single-core list + │ formalization. + │ + │ + ├── proof_setup + │ Contains config files for the proof. The proof assumes a setup for + │ RP2040. + │ + ├── sdks + │ Contains SDKs referenced by the proof setup. + │ Some files are annotated with VeriFast contracts. + │ + ├── src + │ Contains annotated copies of source files residing in the repository's + │ base directory 'FreeRTOS-Kernel'. The files are annotated with VeriFast + │ predicates, lemmas and proof steps. + │ + └── stats + Contains some statistics about the VeriFast proof. ``` # Proof Setup -The VeriFast proofs assume a setup for the Raspberry Pi Pico, i.e., RP2040. \ No newline at end of file +The VeriFast proofs assume a setup for the Raspberry Pi Pico, i.e., RP2040. + From 6dc3c428e2a2790968d4aa82c82df732d2b12c9e Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 28 Dec 2022 12:25:20 -0500 Subject: [PATCH 256/289] Explained how to check the proof in the REAMDE. --- .../tasks/vTaskSwitchContext/README.md | 43 ++++++++++++++++--- 1 file changed, 37 insertions(+), 6 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/README.md index 08dc61810d6..5ad5031d9dc 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/README.md +++ b/Test/VeriFast/tasks/vTaskSwitchContext/README.md @@ -18,7 +18,7 @@ FreeRTOS-Kernel │ The base directory contains the source files, in particular `tasks.c`. │ `tasks.c` has been annotated with the VeriFast proof steps necessary to │ prove memory safety and thread safety of `vTaskSwitchContext`. -│ The proof uses many specifications and lemmas residing in +│ The proof uses many specifications and lemmas residing in │ `verification/verifast/proof_setup` and `verifcation/verifast/proofs`. │ │ @@ -43,7 +43,7 @@ FreeRTOS-Kernel │ Shell script to load the proof into the VeriFast IDE. │ ├── diff.sh - │ Shell script to compute flag changes in the production code that + │ Shell script to compute flag changes in the production code that │ potentially break the validity of the VeriFast proof. An empty diff │ means that the proof and the production code remain in sync. │ @@ -51,11 +51,11 @@ FreeRTOS-Kernel │ Contains scripts to preprocess and rewrite the source code. │ ├── demos - │ Contains the FreeRTOS SMP demo. Our proofs use some of its + │ Contains the FreeRTOS SMP demo. Our proofs use some of its │ configuartion files. │ ├── include - │ Contains annotated copies of header files residing in + │ Contains annotated copies of header files residing in │ 'FreeRTOS-Kernel/include'. These files are annotated with VeriFast | predicates, lemmas and proof steps. │ @@ -71,7 +71,7 @@ FreeRTOS-Kernel │ │ │ ├── single_core_proofs │ │ Contains the old list formalization and proofs written by - │ │ Aalok Thakkar and Nathan Chong in 2020 for the single-core + │ │ Aalok Thakkar and Nathan Chong in 2020 for the single-core │ │ setup. │ │ │ └── single_core_proofs_extended @@ -98,6 +98,37 @@ FreeRTOS-Kernel +# Checking the Proof +The proof can be checked by running one of the scripts 'run-verifast.sh' and +'run-vfide.sh' residing in this directory (see repo structure above). +Both scripts preprocess the annotated code with Clang and rewrite syntax +VeriFast does not understand into something equivalent. +The result is written to a temporary file ('preprocessed_files/tasks_vf_pp.c') +before it is processed by VeriFast. +This file contains a copy of all the code and annotations required to check the +proof. +Both scripts expect the command line arguments explained below. +In the following we use the following variables + +- #### run-verifast.sh: + Preprocesses the code and proof files and uses the + command-line version of VeriFast to check the resulting proof file. + A call must have the form: + #### run-verifast.sh \ \ + where + - \ is the absolute path to this repository's base directory, + i.e., 'FreeRTOS-Kernel' in the repo structure depicted above. + - \ is the absolute path to the VeriFast installation + directory. + +- #### run-vfide.sh: + Preprocesses the code and proof files and loads the resulting proof file into + the VeriFast IDE. + A call must have the form: + #### run-vfide.sh \ \ \[\\] + where + - \ \ are as explained above + - \ is an optional argument specifying the IDE's font size. + # Proof Setup The VeriFast proofs assume a setup for the Raspberry Pi Pico, i.e., RP2040. - From 286ba50222783b3702771e7d49c4676b749bf188 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 28 Dec 2022 12:29:50 -0500 Subject: [PATCH 257/289] Added disclaimer to README. --- Test/VeriFast/tasks/vTaskSwitchContext/README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/README.md index 5ad5031d9dc..58faf1e93ed 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/README.md +++ b/Test/VeriFast/tasks/vTaskSwitchContext/README.md @@ -130,5 +130,8 @@ In the following we use the following variables - \ \ are as explained above - \ is an optional argument specifying the IDE's font size. +# Disclaimer +All scripts and proofs have been tested under OS X 12.6.1 and with the VeriFast nightly build from Dec 12th 2022. + # Proof Setup The VeriFast proofs assume a setup for the Raspberry Pi Pico, i.e., RP2040. From 944cc51b94b1dc974ab3a6adb62d1132590de3ef Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 28 Dec 2022 12:33:02 -0500 Subject: [PATCH 258/289] Removed deprecated TODOs. --- .../vTaskSwitchContext/proof/single_core_proofs/scp_common.h | 2 -- .../proof/single_core_proofs/scp_list_predicates.h | 3 --- 2 files changed, 5 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/single_core_proofs/scp_common.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/single_core_proofs/scp_common.h index 1c3f72ec93f..5923b6d89da 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/single_core_proofs/scp_common.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof/single_core_proofs/scp_common.h @@ -14,8 +14,6 @@ * All changes to the proofs, predicates, etc. * are guarded by a check that `VERIFAST_SINGLE_CORE` is * NOT defined. - * - * Temporary removals are guarded by `VERIFAST_TODO`. */ diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/single_core_proofs/scp_list_predicates.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/single_core_proofs/scp_list_predicates.h index 57c3c7fbf62..43bb5142f97 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/single_core_proofs/scp_list_predicates.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof/single_core_proofs/scp_list_predicates.h @@ -12,8 +12,6 @@ * All changes to the proofs, predicates, etc. * are guarded by a check that `VERIFAST_SINGLE_CORE` is * NOT defined. - * - * Temporary removals are guarded by `VERIFAST_TODO`. */ @@ -736,7 +734,6 @@ lemma void remove_append(t x, list l1, list l2) } @*/ -#endif /* VERIFAST_TODO */ #endif /* SCP_LIST_PREDICATES_H */ From 3057a186c231ec74b91d1194d08ebafec1aa9290 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 28 Dec 2022 12:37:48 -0500 Subject: [PATCH 259/289] Updated proof documentation. --- .../vTaskSwitchContext/proof/lock_predicates.h | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/lock_predicates.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/lock_predicates.h index 9a185ee7f07..96a44d0c710 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/lock_predicates.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof/lock_predicates.h @@ -4,13 +4,6 @@ #include "task_running_states.h" -/* We follow a minimalistic approach during the definition of the - * lock predicates. So far, the only encapsulate the resources and - * invariants required to verify `vTaskSwitchContext`. - * We are going to extend and refine them when we proceed to verify - * other parts of FRTOS. - */ - #include "verifast_lists_extended.h" @@ -189,16 +182,11 @@ predicate_ctor readOnly_TCB_runState_IF_not_running_p -/*@ -lemma void nonauto_nth_update(int i, int j, t y, list xs); - requires 0 <= i && i < length(xs) && 0 <= j && j < length(xs); - ensures nth(i, update(j, y, xs)) == (i == j ? y : nth(i, xs)); -@*/ - // ----------------------------------------------------------------------- -// TODO: Move lemmas below to separate header file. +// The following lemmas are necessary to prove that state updates preserve +// the lock invariant. /*@ lemma void update_readOnly_TCB_runState(TCB_t* t, From 4033b092101358dacd3984510d36faf059d4430b Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 28 Dec 2022 13:11:55 -0500 Subject: [PATCH 260/289] Added documentation of the locking discipline and renamed some predicates. --- .../vTaskSwitchContext/include/stack_macros.h | 4 +- .../tasks/vTaskSwitchContext/include/task.h | 4 +- .../proof/lock_predicates.h | 51 +++++++++++++++++-- .../proof/task_predicates.h | 2 +- .../tasks/vTaskSwitchContext/src/tasks.c | 15 +++--- 5 files changed, 58 insertions(+), 18 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/include/stack_macros.h b/Test/VeriFast/tasks/vTaskSwitchContext/include/stack_macros.h index 51af7925b07..853aef44062 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/include/stack_macros.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/include/stack_macros.h @@ -95,14 +95,14 @@ void VF__taskCHECK_FOR_STACK_OVERFLOW() /*@ requires TCB_stack_p(?gCurrentTCB, ?ulFreeBytesOnStack) &*& - coreLocalSeg_TCB_p(gCurrentTCB, ?uxCriticalNesting) &*& + TCB_criticalNesting_p(gCurrentTCB, ?uxCriticalNesting) &*& // chunks required by `pxCurrentTCB` aka `xTaskGetCurrentTaskHandle()` interruptState_p(coreID_f(), ?state) &*& interruptsDisabled_f(state) == true &*& pointer(&pxCurrentTCBs[coreID_f], gCurrentTCB); @*/ /*@ ensures TCB_stack_p(gCurrentTCB, ulFreeBytesOnStack) &*& - coreLocalSeg_TCB_p(gCurrentTCB, uxCriticalNesting) &*& + TCB_criticalNesting_p(gCurrentTCB, uxCriticalNesting) &*& // chunks required by `pxCurrentTCB` aka `xTaskGetCurrentTaskHandle()` interruptState_p(coreID_f(), state) &*& interruptsDisabled_f(state) == true &*& diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/include/task.h b/Test/VeriFast/tasks/vTaskSwitchContext/include/task.h index 0b48e3f58f7..87ac87e1307 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/include/task.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/include/task.h @@ -1864,10 +1864,10 @@ configSTACK_DEPTH_TYPE uxTaskGetStackHighWaterMark2( TaskHandle_t xTask ) PRIVIL void vApplicationStackOverflowHook( TaskHandle_t xTask, char * pcTaskName ); /*@ requires TCB_stack_p(xTask, ?ulFreeBytesOnStack) &*& - coreLocalSeg_TCB_p(xTask, ?uxCriticalNesting); + TCB_criticalNesting_p(xTask, ?uxCriticalNesting); @*/ /*@ ensures TCB_stack_p(xTask, ulFreeBytesOnStack) &*& - coreLocalSeg_TCB_p(xTask, uxCriticalNesting); + TCB_criticalNesting_p(xTask, uxCriticalNesting); @*/ #endif diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/lock_predicates.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/lock_predicates.h index 96a44d0c710..b32016cdad0 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/lock_predicates.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof/lock_predicates.h @@ -7,6 +7,50 @@ #include "verifast_lists_extended.h" +/* ---------------------------------------------------------------------- + * Locking discipline explained: + * FreeRTOS uses the following synchronization mechanisms: + * - Deactivating interrupts: + * Some data is only meant to be accessed on a specific core C. Such data + * may only be accessed after interrupts on core C have been deactivated. + * For instance the global array `pxCurrentTCBs` in `tasks.c` has an entry for + * every core. `pxCurrentTCBs[C]` stores a pointer to the TCB of the task + * running on core C. Core C is always allowed to read `pxCurrentTCBs[C]`. + * However, writing requires the interrupts on core C to be deactivated. + * + * The resources protected by disabling interrupts are represented by the + * predicate `coreLocalInterruptInv_p` defined below. + * + * - task lock: + * The task lock is used to protect ciritical sections and resources from + * being accessed by multiple tasks simultaneously. The resources protected + * by the task lock are represented by the abstract predicate `taskLockInv_p` + * defined below. This proof does not deal with resources or code segments + * only protected by the task lock. Hence, we leave the predicate abstract. + * + * - ISR lock: + * The ISR/ interrupt lock is used to protect critical sections and resources + * from being accessed by multiple interrupts simultaneously. The resources + * protected by the ISR lock are represented by the abstract predicate + * `isrLockInv_p` defined below. This proof does not deal with resources or + * code segments only protected by the ISR lock. Hence, we leave the predicate + * abstract. + * + * - task lock + ISR lock: + * Access to certain resources and ciritical sections are protected by both + * the task lock and the ISR lock. For these, it is crucial that we first + * acquire the task lock and then the ISR lock. Likewise, we must release them + * in opposite order. Failure to comply with this order may lead to deadlocks. + * The resources protected by both locks are the main resources this proof + * deals with. These include the ready lists and the certain access rights + * to the tasks' run states. The access rights protected by both locks are + * represented by the predicate `taskISRLockInv_p` defined below. + * Once both locks have been acquired in the right order, this lock invariant + * can be produced by calling the lemma `produce_taskISRLockInv`. Before the + * locks can be released, the invariant must be consumed by calling + * `consume_taskISRLockInv`. Both lemmas are defined below. +*/ + /* ---------------------------------------------------------------------- * Core local data and access restrictions. @@ -22,9 +66,8 @@ fixpoint bool interruptsDisabled_f(uint32_t); predicate coreLocalInterruptInv_p() = [0.5]pointer(&pxCurrentTCBs[coreID_f], ?currentTCB) &*& - //pubTCB_p(currentTCB, 0) &*& integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) &*& - coreLocalSeg_TCB_p(currentTCB, ?gCriticalNesting); + TCB_criticalNesting_p(currentTCB, ?gCriticalNesting); @*/ @@ -39,7 +82,7 @@ predicate locked_p(list< pair > lockHistory); /* ---------------------------------------------------------------------- - * Task lock and associated global variables from `tasks.c` + * Task lock */ /*@ @@ -54,7 +97,7 @@ predicate taskLockInv_p(); @*/ /* ---------------------------------------------------------------------- - * ISR lock and associated global variables from `tasks.c` + * ISR lock */ /*@ diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/task_predicates.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/task_predicates.h index 5687a735f70..7d63cbffb1f 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/task_predicates.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof/task_predicates.h @@ -63,7 +63,7 @@ predicate TCB_runState_p(TCB_t* tcb, TaskRunning_t state;) = // This predicate represents write access to the nesting level of a TCB. // Entering a critical section increases the nesting level. Leaving it, // decreases it. -predicate coreLocalSeg_TCB_p(TCB_t* tcb, UBaseType_t uxCriticalNesting) = +predicate TCB_criticalNesting_p(TCB_t* tcb, UBaseType_t uxCriticalNesting) = tcb->uxCriticalNesting |-> uxCriticalNesting; @*/ diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c b/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c index 045f0c034f7..3f600c320a6 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c +++ b/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c @@ -905,7 +905,7 @@ static void prvYieldForTask( TCB_t * pxTCB, // opened predicate `coreLocalInterruptInv_p()` [1/2]pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB0) &*& integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) -// coreLocalSeg_TCB_p(gCurrentTCB0, 0) +// TCB_criticalNesting_p(gCurrentTCB0, 0) &*& // read access to current task's stack pointer, etc // TCB_stack_p(gCurrentTCB0, ?ulFreeBytesOnStack); @@ -923,7 +923,7 @@ static void prvYieldForTask( TCB_t * pxTCB, // opened predicate `coreLocalInterruptInv_p()` [1/2]pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB) &*& integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) -// coreLocalSeg_TCB_p(gCurrentTCB, 0) +// TCB_criticalNesting_p(gCurrentTCB, 0) &*& // read access to current task's stack pointer, etc // TCB_stack_p(gCurrentTCB, ulFreeBytesOnStack); @@ -4384,7 +4384,7 @@ void vTaskSwitchContext( BaseType_t xCoreID ) // opened predicate `coreLocalInterruptInv_p()` pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB) &*& integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) &*& - coreLocalSeg_TCB_p(gCurrentTCB, 0) + TCB_criticalNesting_p(gCurrentTCB, 0) &*& // read access to current task's stack pointer, etc TCB_stack_p(gCurrentTCB, ?ulFreeBytesOnStack); @@ -4399,7 +4399,7 @@ void vTaskSwitchContext( BaseType_t xCoreID ) // opened predicate `coreLocalInterruptInv_p()` pointer(&pxCurrentTCBs[coreID_f], ?gNewCurrentTCB) &*& integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) &*& - coreLocalSeg_TCB_p(gCurrentTCB, 0) + TCB_criticalNesting_p(gCurrentTCB, 0) &*& // read access to current task's stack pointer, etc TCB_stack_p(gCurrentTCB, ulFreeBytesOnStack); @@ -4432,10 +4432,10 @@ void vTaskSwitchContext( BaseType_t xCoreID ) // TODO: Inspect reason. TaskHandle_t currentHandle = pxCurrentTCB; //@ assert( currentHandle == gCurrentTCB ); - //@ open coreLocalSeg_TCB_p(gCurrentTCB, 0); + //@ open TCB_criticalNesting_p(gCurrentTCB, 0); UBaseType_t nesting = currentHandle->uxCriticalNesting; configASSERT( nesting == 0 ); - //@ close coreLocalSeg_TCB_p(gCurrentTCB, 0); + //@ close TCB_criticalNesting_p(gCurrentTCB, 0); } #else configASSERT( pxCurrentTCB->uxCriticalNesting == 0 ); @@ -5925,11 +5925,8 @@ void vTaskYieldWithinAPI( void ) #if ( portCRITICAL_NESTING_IN_TCB == 1 ) void vTaskEnterCritical( void ) - ///@ requires interruptState_p(?coreID, _) &*& unprotectedGlobalVars(); - ///@ ensures false; { portDISABLE_INTERRUPTS(); - //@ open unprotectedGlobalVars(); if( xSchedulerRunning != pdFALSE ) { From 03b93e4c262ffc0c73b7e1748e9518d2f2bb6b16 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 28 Dec 2022 13:12:42 -0500 Subject: [PATCH 261/289] Removed comments. --- Test/VeriFast/tasks/vTaskSwitchContext/proof/lock_predicates.h | 3 --- 1 file changed, 3 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/lock_predicates.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/lock_predicates.h index b32016cdad0..5941621d52b 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/lock_predicates.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof/lock_predicates.h @@ -285,9 +285,6 @@ ensures close foreach(nil, readOnly_TCB_runState_p(tasks, states2)); case cons(h, rest): int index = index_of(updatedTask, tasks); -// distinct_mem_remove(t, tasks); -// neq_mem_remove(h, t, tasks); -// index_of_different(h, t, tasks); open foreach(subTasks, readOnly_TCB_runState_p(tasks, states)); assert( updatedTask != h ); index_of_different(updatedTask, h, tasks); From 7298a32ef252f117df57725dfa10630777476f0f Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 28 Dec 2022 20:32:37 -0500 Subject: [PATCH 262/289] Documented proof result and proof assumptions. --- .../tasks/vTaskSwitchContext/README.md | 101 ++++++++++++++++-- 1 file changed, 94 insertions(+), 7 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/README.md index 58faf1e93ed..0eef4c72ba5 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/README.md +++ b/Test/VeriFast/tasks/vTaskSwitchContext/README.md @@ -1,10 +1,32 @@ -# FreeROTS VeriFast Proofs +# FreeRTOS VeriFast Proofs This directory contains an unbounded memory safety and thread safety proof for the core of the task scheduler: `vTaskSwitchContext` -The proof ensures that no call to `vTaskSwitchContext` that complies with the -specified precondition results in unsafe memory accesses. It also ensures that -concurrent instances of `vTaskSwitchContext` running on different cores are -mutually thread safe. + +Informally, the proof guarantees the following: +``` +Proof Assumptions: + - Data structure specification + - Locking discipline + - Contracts abstracting assembly + - FreeRTOS config + - Function contract of `vTaskSwitchContext` + +==> + +Unbounded memory & thread safety guarantees: + ∀ #tasks. ∀ task interleavings. ∀ interrupt schedules. ∀ data sizes. ∀ cores C1, …, Cn. + vTaskSwitchContext(C1) || … || vTaskSwitchContext(Cn) + => (no memory error ∧ no race condition) +``` + +We have to model certain aspects of the system and our proof assumes that these models are correct (cf. `Proof Assumptions` below for a detailed explanation). +In particular, this modeling step includes writing a precondition for `vTaskSwitchContext` that specifies the context in which the function may be called. + +Our proof considers any number of running tasks, any possible task interleavings and any interrupts that might occur during execution. +In particular, it considers any possible size for the involved data structures, since it is an unbounded proof. + +The proof ensures that every concurrent execution of `vTaskSwitchContext` on any cores is memory safe and mutually thread safe. +That is, when we execute multiple instances of the function on different cores, we won't get any memory errors or data races, no matter how these instances interleave or when interrupts occur. # Proof Directory Structure @@ -133,5 +155,70 @@ In the following we use the following variables # Disclaimer All scripts and proofs have been tested under OS X 12.6.1 and with the VeriFast nightly build from Dec 12th 2022. -# Proof Setup -The VeriFast proofs assume a setup for the Raspberry Pi Pico, i.e., RP2040. +# Proof Assumptions +We have to model certain aspects of the system in order to reason about the task scheduler. +The proof treats these models as assumptions. +Therefore, the proof's correctness relies on the correctness of our models. + +- ### FreeRTOS Configuration + The VeriFast proofs assume a setup for the Raspberry Pi Pico, i.e., RP2040, cf. directory `proof_setup`. + We use the config files from the official FreeRTOS SMP demo for the RP2040 and from official RP2040 port. + The most important properties of this configuration are: + - It supports running multiple priorities in parallel on different cores. + - Core affinity is deactivated, i.e., all tasks may be scheduled on any core. + + The Raspberry Pi Pico only has two cores and we want to ensure that our proof does not accidentally rely on the properties that come with this binary setup. + Hence, we changed the number of cores to an arbitrary large number. + +- ### Contracts Abstracting Assembly + The port layer of FreeRTOS contains assembly code that is essential for our proof. + In particular, code to mask interrupts and code to acquire and release locks. + VeriFast is a program verifier for C and not designed to handle any kind of assembly. + The port-specific assembly is called via macros with a port-specific definition. + We redefined these macros to call dummy function prototypes instead. + We equipped these prototypes with VeriFast contracts that capture the semantics of the original assembly code, cf. `proof/port_contracts.h`. + This way, VeriFast refers to the contracts to reason about the macro calls and does not have to deal with the assembly code. + +- ### Data structure specification + VeriFast expects us to specify the memory layout of the data structures accessed by the task scheduler. + In a proof, these specifications tell us what a well-formed instance of a data structure looks like and how me may manipulate it to preserve well-formedness. + + Most notably, the scheduler searches the so called "ready lists", a global array of cyclic doubly linked lists storing tasks of specific priorities that are ready to be scheduled. + Reasoning about this data structure is challenging because it requires heavy reasoning about its complex internals. + + Previously, Aalok Thakkar and Nathan Chong used VeriFast to prove functional correctness of the stand-alone list data structure for a single-core setup, c.f. [FreeRTOS Pull Request 836: Update VeriFast proofs](https://github.com/FreeRTOS/FreeRTOS/pull/836). + We reused their formalization and proofs as much as possible. + However, we had to heavily adapt both to tailor them to the needs of the scheduler proof, cf. `Reusing List Proofs` below. + + The reused specification resides in `proofs/single_core_proofs/`. + The full ready list array is specified in `proofs/ready_list_predicates.h`. + + +- ### Function Contract of `vTaskSwitchContext` + VeriFast expects every function that it verifies to have a so called "function contract". + These contracts consist of a precondition, also called the "requires clause" and a postcondition, also called the "ensures clause". + The precondition characterizes the context in which the function may be called. + This determines the state in which our proof starts. + The postcondition characterizes the state we want to be in when the function terminates. + + Starting from the precondition, VeriFast symbolically executes the function's code and our annotated proof steps. + The proof succeeds if every step succeeds and if the proof ends in a state that complies with the specified postcondition. + + Hence, the function contract determines *WHAT* we prove. + `vTaskSwitchContext` is called by an interrupt defined in the port layer on some core `C`. + This interrupt masks interrupts on this core and acquires the locks protecting the ready lists. + Therefore, the precondition of `vTaskSwitchContext` states that: + - the function is executed on an arbitrary core `C` + - interrupts on core `C` are deactivated + - the locks protecting the ready lists have been acquired + - that all the relevant global data structures are well-formed + + The postcondition states that all these properties are preserved, which is what the interrupt calling into the scheduler expects. + + + +- ### Locking discipline + + + +# Reusing List Proofs From 38790b241d782b547d7f77601eb63631dd01c0f1 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 28 Dec 2022 20:52:48 -0500 Subject: [PATCH 263/289] Added explanation of verifast. --- .../tasks/vTaskSwitchContext/README.md | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/README.md index 0eef4c72ba5..0d73b8198bd 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/README.md +++ b/Test/VeriFast/tasks/vTaskSwitchContext/README.md @@ -2,6 +2,28 @@ This directory contains an unbounded memory safety and thread safety proof for the core of the task scheduler: `vTaskSwitchContext` +## VeriFast +[VeriFast](https://github.com/verifast/verifast) +is a deductive program verifier for C based on separation logic. +It supports verifying concurrent code and reasoning about complex data structures. + +VeriFast proofs are *unbounded*. +That is, until explicitly specified, it does not assume any bound on the size of the involved data structures. +Hence, proofs give us unbounded guarantees. +In our case, this means that our proof holds for any number of tasks and any size of the involved data structures. + +Reasoning about concurrent code can be tricky because of all the interleavings that can occur. +VeriFast does not assume anything about the occuring interleavings. +Therefore, the proven guarantees hold for every possible interleaving that might occur during runtime. + +Being a deductive verifier, VeriFast requires us to manually write a proof. +In particular, we have to specify what well-formed data structures look like and to annotate the code with proof steps. +It then symbolically executes the annotated code and queries an SMT solver to check the validity of proof steps. + +This directory contains all the specifications and proof steps necessary to check that the scheduler is memory and thread safe. + + +## Key Result Informally, the proof guarantees the following: ``` Proof Assumptions: From 67a3bcb7323bf1fb72d815f7b550e260d27461b6 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 29 Dec 2022 10:11:04 -0500 Subject: [PATCH 264/289] Explained locking discipline and lock invariants in README. --- .../tasks/vTaskSwitchContext/README.md | 62 ++++++++++++++++++- 1 file changed, 60 insertions(+), 2 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/README.md index 0d73b8198bd..d5854cfd185 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/README.md +++ b/Test/VeriFast/tasks/vTaskSwitchContext/README.md @@ -2,6 +2,8 @@ This directory contains an unbounded memory safety and thread safety proof for the core of the task scheduler: `vTaskSwitchContext` + + ## VeriFast [VeriFast](https://github.com/verifast/verifast) is a deductive program verifier for C based on separation logic. @@ -23,6 +25,7 @@ It then symbolically executes the annotated code and queries an SMT solver to ch This directory contains all the specifications and proof steps necessary to check that the scheduler is memory and thread safe. + ## Key Result Informally, the proof guarantees the following: ``` @@ -51,8 +54,8 @@ The proof ensures that every concurrent execution of `vTaskSwitchContext` on any That is, when we execute multiple instances of the function on different cores, we won't get any memory errors or data races, no matter how these instances interleave or when interrupts occur. -# Proof Directory Structure +# Proof Directory Structure ``` FreeRTOS-Kernel │ @@ -174,14 +177,20 @@ In the following we use the following variables - \ \ are as explained above - \ is an optional argument specifying the IDE's font size. + + # Disclaimer All scripts and proofs have been tested under OS X 12.6.1 and with the VeriFast nightly build from Dec 12th 2022. + + # Proof Assumptions We have to model certain aspects of the system in order to reason about the task scheduler. The proof treats these models as assumptions. Therefore, the proof's correctness relies on the correctness of our models. + + - ### FreeRTOS Configuration The VeriFast proofs assume a setup for the Raspberry Pi Pico, i.e., RP2040, cf. directory `proof_setup`. We use the config files from the official FreeRTOS SMP demo for the RP2040 and from official RP2040 port. @@ -192,6 +201,8 @@ Therefore, the proof's correctness relies on the correctness of our models. The Raspberry Pi Pico only has two cores and we want to ensure that our proof does not accidentally rely on the properties that come with this binary setup. Hence, we changed the number of cores to an arbitrary large number. + + - ### Contracts Abstracting Assembly The port layer of FreeRTOS contains assembly code that is essential for our proof. In particular, code to mask interrupts and code to acquire and release locks. @@ -201,6 +212,8 @@ Therefore, the proof's correctness relies on the correctness of our models. We equipped these prototypes with VeriFast contracts that capture the semantics of the original assembly code, cf. `proof/port_contracts.h`. This way, VeriFast refers to the contracts to reason about the macro calls and does not have to deal with the assembly code. + + - ### Data structure specification VeriFast expects us to specify the memory layout of the data structures accessed by the task scheduler. In a proof, these specifications tell us what a well-formed instance of a data structure looks like and how me may manipulate it to preserve well-formedness. @@ -239,7 +252,52 @@ Therefore, the proof's correctness relies on the correctness of our models. -- ### Locking discipline +- ### Locking discipline and lock invariants +FreeRTOS' SMP implementation uses the following synchronization mechanisms: + - Deactivating interrupts: + + Some data is only meant to be accessed on a specific core C. + Such data may only be accessed after interrupts on core C have been deactivated. + For instance the global array `pxCurrentTCBs` in `tasks.c` has an entry for + every core. + `pxCurrentTCBs[C]` stores a pointer to the task control block (TCB) of the task running on core C. + Core C is always allowed to read `pxCurrentTCBs[C]`. + However, writing requires the interrupts on core C to be deactivated. + + - task lock: + The task lock is used to protect ciritical sections and resources from being accessed by multiple tasks simultaneously. + + - ISR lock: + The ISR/ interrupt lock is used to protect critical sections and resources from being accessed by multiple interrupts simultaneously. + + - task lock + ISR lock: + Access to certain resources and ciritical sections are protected by both the task lock and the ISR lock. + For these, it is crucial that we first acquire the task lock and then the ISR lock. + Likewise, we must release them in opposite order. + Failure to comply with this order may lead to deadlocks. + The resources protected by both locks are the main resources this proof deals with. + These include the ready lists and the certain access rights to the tasks' run states. + + #### Lock Invariants + Every synchronization mechanism protects specific data structures and sections of code. + For our proof, we associate every synchronization mechanism `L` with permissions to access the resources it protects. + We do this by defining a so called "lock invariant" `I`. + Besides pure access permissions the invariant can also specify more specifc properties, such as that a data structure must be well-formed. + (We call it "lock invariant" even though we also use the same technique to model the masking of interrupts.) + When we acquire lock `L` (or deactivate the interrupts) we produce the lock invariant `I`. + That means, we get the access permissions `I` expresses. + When we release the lock `L` (or reactivate the interrupts), we consume the invariant `I`. + That means that we lose the access permissions granted by `I`. + While we hold the lock, we are free to manipulate the resources it protects (according to the permissions granted by `I`). + However, we have to prove that whatever we do with these resources preserves any guarantees given by the invariant. + For instance, if `I` says a data structure is well-formed then we must prove that our actions preserve well-formedness. + Otherwise, consuming `I` during the release step will fail and consequently the entire proof will fail. + + FreeRTOS uses macros with port-specifc definitions to acquire and release locks and to mask and unmask interrupts. + We abstracted these with VeriFast contracts defined in `proof/port_contracts.h`. + The contracts ensure that invoking any synchronization mechanism produces or consumes the corresponding invariant. + The invariants are defined in `proof/lock_predicates.h` + From 3e473edb5efa502c23a77aa81bf5ab0c96728153 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 29 Dec 2022 11:16:57 -0500 Subject: [PATCH 265/289] Added section on proof maintenance in README. --- .../tasks/vTaskSwitchContext/README.md | 32 +++++++++++++++++-- 1 file changed, 29 insertions(+), 3 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/README.md index d5854cfd185..3f98d322343 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/README.md +++ b/Test/VeriFast/tasks/vTaskSwitchContext/README.md @@ -81,6 +81,12 @@ FreeRTOS-Kernel │ Contains the Raspberry Pi Pico setup. │ │ +├── .github/workflows +│ └── verifast-proof-diff.yml +│ This workflow is triggered on every pull request and checks for +│ potential divergences between the production code and the proof. +│ +│ └── Test/VeriFast/tasks/vTaskSwitchContext │ ├── run-verifast.sh @@ -146,11 +152,11 @@ FreeRTOS-Kernel # Checking the Proof -The proof can be checked by running one of the scripts 'run-verifast.sh' and -'run-vfide.sh' residing in this directory (see repo structure above). +The proof can be checked by running one of the scripts `run-verifast.sh` and +`run-vfide.sh` residing in this directory (see repo structure above). Both scripts preprocess the annotated code with Clang and rewrite syntax VeriFast does not understand into something equivalent. -The result is written to a temporary file ('preprocessed_files/tasks_vf_pp.c') +The result is written to a temporary file (`preprocessed_files/tasks_vf_pp.c`) before it is processed by VeriFast. This file contains a copy of all the code and annotations required to check the proof. @@ -178,6 +184,26 @@ In the following we use the following variables - \ is an optional argument specifying the IDE's font size. +# Maintaining the Proof +This directory contains annotated copies of FreeRTOS source and header files. +The annotations in these files tell VeriFast which functions it should verify and what the proof looks like. +Including these annotations in the production code would lead to a huge visual burden for developers. +The downside of including them in a separate copy of the code is that the proof and the production code may get out of sync without anyone noticing. + +Therefore, we provide a GitHub workflow to check for potential divergences, cf. +`FreeRTOS-Kernel/.github/workflows/verifast-proof-diff.yml`. +The workflow is triggered on every pull request. +It aggregates and preprocesses the parts of the production code relevant to our proof as well as the annotated copies in this directory. +Afterwards, it computes a diff between both versions and fails if the result is not empty, in which case the diff result will be logged in the GitHub actions log. +An empty diff means that the pull request did not change anything that can affect our proof and the proof remains valid. +A non-empty diff shows which changes in the pull request potentially impact our proof. +In this case, the changes should also be applied to the annotated copies and the proof should be checked again. +If the diff was not a false positive and indeed impacted the proof, the proof will likely require manual repair. + +The diff can also be manually checked by running the command +`diff.sh `, where the argument is the absolute path to the repository's base directory. + + # Disclaimer All scripts and proofs have been tested under OS X 12.6.1 and with the VeriFast nightly build from Dec 12th 2022. From 51d3da36e57399e1ea9082677241a25bd92b5ec3 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 29 Dec 2022 12:35:05 -0500 Subject: [PATCH 266/289] Added first draft of section on reusing list proofs to README. --- .../tasks/vTaskSwitchContext/README.md | 190 +++++++++++++++++- 1 file changed, 189 insertions(+), 1 deletion(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/README.md index 3f98d322343..32294fb3449 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/README.md +++ b/Test/VeriFast/tasks/vTaskSwitchContext/README.md @@ -327,4 +327,192 @@ FreeRTOS' SMP implementation uses the following synchronization mechanisms: -# Reusing List Proofs +# Proof Details + +## Context Switches and Ready Lists +Our proof ensures that the context switches performed by `vTaskSwitchContext` are memory and thread safe. +The most difficult part of a context switch is to find a new task that we can schedule. +For that, `vTaskSwitchContext` calls `prvSelectHighestPriorityTask` which searches for the task with the highest priority that can be scheduled. +FreeRTOS maintains a global data structure called the "ready lists". +It is an array `pxReadyTasksLists` with an entry for every priority level that a task might have. +For every such priority level `p`, `pxReadyTasksLists[p]` stores a cyclic doubly linked list containing all tasks of priority level `p` that are ready to be scheduled, including currently running ones. +`prvSelectHighestPriorityTask` searches through the these lists in descending order. +That is, in order to verify `vTaskSwitchContext`, we have to reason about the ready lists. + + + +## Reusing the Single-Core List Formalization and Proofs +In 2020 Aalok Thakkar and Nathan Chong verified the functional correctness of the FreeRTOS list API for a single-core setup, cf. [FreeRTOS Pull Request 836: Update VeriFast proofs](https://github.com/FreeRTOS/FreeRTOS/pull/836). +The list API has not been changed during the port of FreeRTOS to SMP. +Ready lists are fully protected by the task and ISR locks, which allows FreeRTOS to continue using the single-core implementation of the list API. + +We reuse the single-core list formalization to model the ready list for each priority level. +However, due to challenges that arise in the scheduler, we had to extend and adapt the existing formalization. + +The single-core list formalization and lemmas that we reuse are located in `proofs/single_core_proofs/scp_list_predicates.h`. +The list API is defined in `include/list.h` and `src/list.c`. +The latter also contains the API proofs. + + + +## Comparing the Original List Proofs and Our Adaptation +As mentioned, we had to heavily adapt the list formalization and proofs to reuse them for the scheduler verification. +Therefore, both `scp_list_predicates.h` and `scp_list_predicates.h` contain an updated version of the formalization and proofs used by our context-switch proof and the original version by Aalok Thakkar and Nathan Chong. +The latter is guarded by a preprocessor define `VERIFAST_SINGLE_CORE`. +We can compare both versions by preprocessing both files twice: Once with the define `VERIFAST_SINGLE_CORE`, which yields the original version, and once without which gives us the version used by our proofs. +Afterwards, a diff will show all the adaptations we had to apply. + + + +## List Predicates + +The single-core list formalization defines two main predicates: +- ``` + predicate xLIST_ITEM(struct xLIST_ITEM *n, + TickType_t xItemValue, + struct xLIST_ITEM *pxNext, + struct xLIST_ITEM *pxPrevious, + struct xLIST *pxContainer;) + ``` + Represents a list item of type `xLIST_ITEM`. + The arguments have the following semantics: + - `n`: A pointer to the node whose memory the predicate represents. + - `xItemValue`: The value stored in node `n`. + - `pxNext`: The node's "next" pointer, i.e., `n->pxNext`. + - `pxPrevious`: The node's "previous" pointer, i.e., `n->pxPrevious`. + - `pxContainer`: The doubly linked list containing this node. +- ``` + predicate DLS(struct xLIST_ITEM *n, + struct xLIST_ITEM *nprev, + struct xLIST_ITEM *mnext, + struct xLIST_ITEM *m, + list cells, + list vals, + struct xLIST *pxContainer) + ``` + Represents a non-empty doubly linked list segment. + The semantics of the arguments are as follows: + - `n`: The left-most node in the segment. + - `nPrev`: The left-most node's "previous" pointer, i.e., `n->pxPrevious`. + - `mNext`: The right-most node's "next" pointer, i.e., `m->pxNext`. + - `m`: The right-most node. + - `cells`: A VeriFast list storing pointers to all nodes the list contains. + - `vals`: A VeriFast list storing the list nodes' values. + - `pxContainer`: A pointer to list struct. + + The single-core formalization also uses `DLS` not just to represent list segments but also to express unsegmented cyclic linked lists. + In FreeRTOS lists start with a sentinel, called "end". + Using the `DLS` predicate, a cyclic list has the form: + `DLS(end, endPrev, end, endPrev, cells, vals, list)` + + + + +# Issue 1: List Predicates Do Not Expose Tasks +Each node in a ready list points to task control block (TCB) representing a task that is ready to run. +The TCB a node points to is called its "owner". +`prvSelectHighestPriorityTask` iterates through the ready lists and looks at each TCB it finds to determine which task to schedule next. +Hence, it is crucial that we reason about these TCBs. +However, the list predicates depicted above do not expose this information. +Hence, we have to extend the predicate signatures to: +``` + predicate xLIST_ITEM(struct xLIST_ITEM *n, + TickType_t xItemValue, + struct xLIST_ITEM *pxNext, + struct xLIST_ITEM *pxPrevious, + void* pxOwner, + struct xLIST *pxContainer;) +``` +where `pxOwner` is the TCB pointer stored in the represented node +and +``` +predicate DLS(struct xLIST_ITEM *n, + struct xLIST_ITEM *nprev, + struct xLIST_ITEM *mnext, + struct xLIST_ITEM *m, + list cells, + list vals, + list owners, + struct xLIST *pxContainer) +``` +where `owners` is a list of all the TCBs pointed to by the list nodes. + +While this change seems simple on a first glance, it forced us to adapt all the list proofs we reuse. + + + +# Iterating through a DLS + +The function `prvSelectHighestPriorityTask` iterates through the ready lists. +Hence, reasoning about it requires us to reason about iteration through memory described as a `DLS` predicate instance. Consider the following scenario: +We have a `DLS` predicate representing our cyclic ready list and a task item pointer `pxTaskItem` which points to an element of this list. + +- `DLS(end, endPrev, end, endPrev, cells, vals, owners, readyList)` +- `mem(pxTaskItem, cells) == true` + +Suppose we want to move the task pointer forward + +- `pxTaskItem2 = pxTaskItem->pxNext` + +In order to verify this line we have to do two things: + +1. Justify the heap access to `pxTaskItem->pxNext` +2. Prove that `pxTaskItem2` points to an element of the list. This is + necessary to reason about any code that uses `pxTaskItem2`. + +We can do this by opening the recursive predicate at the nodes for `pxTaskItem` and `pxTaskItem->next`, for which we can reuse the existing list proof lemmas. +When the right parts of the predicate are exposed, we can prove (1) and (2). +Afterwards, we have to close the predicate again. + + + + + +# Issue 1: DLS iteration proofs are hard because of many case splits + +Proving (1) and (2) forces us to consider many different cases, which leads to complicated proofs. +The position of `pxTaskItem` in the list determines how we should open the `DLS` (either by using the existing `split` lemma or with VeriFast’s `open` command) and also how we have to close it at the end of the proof. +Accessing `pxTaskItem->pxNext` introduces more case splits that complicate the proof. +Again, closing the predicate has to account for all the introduced cases. + +Note that proofs for forward iteration cannot be reused for backwards iteration but requires separate proofs. + + + + + +# Issue 2: Checking DLS iteration proofs has bad performance + +As explained above, reasoning about about a single statement that moves the item pointer forward or backward introduces many case splits. `prvSelectHighestPriorityTask` contains multiple statements that manipulate the item pointer. +From VeriFast’s perspective, each consecutive proof of such an iteration statement splits up the proof tree further. +This is the case even though this part of the code we reason about is linear. + +Introducing lemmas for opening and closing shortens the consecutive iteration proofs significantly, but does not eliminate the case splits. +The reason for this is that the `DLS` predicate cannot express empty segments and depending of the current proof path, the number of predicate on the symbolic heap after opening the `DLS` changes. + +Hence, we cannot unify the representation of the proof state as long as we stick to the `DLS` predicate. +Instead the opening lemma’s postcondition and the closing lemma’s precondition must reflect the case split. +Consequently, applying the lemmas in a proof introduces the case splits anyway and consecutive iteration statements/ lemma applications increase the number of proof paths exponentially. +VeriFast requires ~20 min to reason about 4 iteration statements. + + + + + +# Solution: Introduce new representation for opened DLS + + +The only way to eliminate the case splits in `prvSelectHighestPriorityTask` is to unify the proof state of an opened `DLS` across all proof paths. +We introduce two new predicates that express potentially empty prefixes and suffixes of opened cyclic `DLS`. +With that, we can formalize an opened list in a unified way as + +- `DLS_prefix(....) &*& xLIST_ITEM(pxTaskItem, ...) &*& DLS_suffix(...)` + +Additionally, we write opening and closing lemmas that transform the a DLS predicate instance into our new representation and back. +The proof state we get after opening the list does not force VeriFast to consider any case splits. + +Eliminating these case splits reduces verification time from ~20min to ~1min 10s. + +The old opening and closing lemmas required Z3, because they required heavier reasoning about applications of `list` fixpoint functions and the shape of the inductive `list` datatype. VeriFast offers limited capabilities to reason about fixpoint functions (apart from axiomatizing) and the standard SMT solver often has problems reasoning about the shape of results, e.g., assertions of the form `drop(i, vals) == cons(_, _)`. The new lemma proofs don’t require Z3. Hence, we can switch back to VeriFast’s standard SMT solver. This reduces verification time further to an instant. + +Note that the lemmas still have to consider every possible case internally. That is, the opening and closing lemmas remain complicated. From a7938efe46eee7788529706bce562df8f46036e4 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 29 Dec 2022 14:29:00 -0500 Subject: [PATCH 267/289] Elaborated on reusing list proofs. --- .../tasks/vTaskSwitchContext/README.md | 67 ++++++++++++++----- 1 file changed, 52 insertions(+), 15 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/README.md index 32294fb3449..4dc1852557d 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/README.md +++ b/Test/VeriFast/tasks/vTaskSwitchContext/README.md @@ -408,7 +408,7 @@ The single-core list formalization defines two main predicates: -# Issue 1: List Predicates Do Not Expose Tasks +## Issue 1: List Predicates Do Not Expose Tasks Each node in a ready list points to task control block (TCB) representing a task that is ready to run. The TCB a node points to is called its "owner". `prvSelectHighestPriorityTask` iterates through the ready lists and looks at each TCB it finds to determine which task to schedule next. @@ -441,7 +441,19 @@ While this change seems simple on a first glance, it forced us to adapt all the -# Iterating through a DLS +## Issue 2: Model-induced Complexity + +The formalization of doubly linked segments induces heavy complexity. +The problem lies in the fact that `DLS` cannot express empty list segments. +This leads to complex case distinctions whenever we access list nodes. +Consequently, our proof becomes very complex and every list access leads to an exponential blow-up of the proof tree. +This in turn leads to very bad performance of checking the proof. +We solved this problem by introducing a new representation of a cyclic doubly-linked list as a potentially empty prefix, the node we want to access and a potentially empty suffix: `DLS_prefix(....) &*& xLIST_ITEM(node, ...) &*& DLS_suffix(...)` +We added lemmas that allow us to freely convert between a `DLS` predicate and our new representation. +Thereby, the proof became a lot simpler and it reduced the time needed to check the proof from ~20 minutes to about 12.5 seconds. +The following sections explain the details of the problem and our solution. + +### Iterating through a DLS The function `prvSelectHighestPriorityTask` iterates through the ready lists. Hence, reasoning about it requires us to reason about iteration through memory described as a `DLS` predicate instance. Consider the following scenario: @@ -468,38 +480,55 @@ Afterwards, we have to close the predicate again. -# Issue 1: DLS iteration proofs are hard because of many case splits +### Proofs Are Hard Proving (1) and (2) forces us to consider many different cases, which leads to complicated proofs. The position of `pxTaskItem` in the list determines how we should open the `DLS` (either by using the existing `split` lemma or with VeriFast’s `open` command) and also how we have to close it at the end of the proof. Accessing `pxTaskItem->pxNext` introduces more case splits that complicate the proof. Again, closing the predicate has to account for all the introduced cases. -Note that proofs for forward iteration cannot be reused for backwards iteration but requires separate proofs. - +Introducing lemmas to open and close the predicate helps us to hide this complexity inside the lemmas. +Thereby, the main proof using these lemmas gets shorter. +However, the next section explain why this approach does not eliminate the complexity. +Note that proofs for forward iteration cannot be reused for backwards iteration but requires separate proofs. -# Issue 2: Checking DLS iteration proofs has bad performance +### Bad Performance -As explained above, reasoning about about a single statement that moves the item pointer forward or backward introduces many case splits. `prvSelectHighestPriorityTask` contains multiple statements that manipulate the item pointer. +As explained above, reasoning about a single statement that moves the item pointer forward or backward introduces many case splits. `prvSelectHighestPriorityTask` contains multiple statements that manipulate the item pointer. From VeriFast’s perspective, each consecutive proof of such an iteration statement splits up the proof tree further. +In other words: Every iteration statement leads to an exponential blow-up of the sub-proof-tree rooted at this statement. This is the case even though this part of the code we reason about is linear. Introducing lemmas for opening and closing shortens the consecutive iteration proofs significantly, but does not eliminate the case splits. -The reason for this is that the `DLS` predicate cannot express empty segments and depending of the current proof path, the number of predicate on the symbolic heap after opening the `DLS` changes. +The reason for this is that the `DLS` predicate cannot express empty segments and depending on the current proof path, the shape of the heap changes. +Our proof has to account for the following possibilities: +- non-empty prefix and no suffix: + ``` + DLS(...) &*& xLIST_ITEM(node, ...) + ``` +- non-empty prefix and non-empty suffix: + ``` + DLS(...) &*& xLIST_ITEM(node, ...) &*& DLS(...) + ``` +- no prefix and non-empty suffix: + ``` + xLIST_ITEM(node, ...) &*& DLS(...) + ``` + +In our proof we know that the ready list we travers always contains the sentinel and an additional node. +So, we can eliminate the case where both the prefix and the suffix are empty. -Hence, we cannot unify the representation of the proof state as long as we stick to the `DLS` predicate. +We cannot unify the representation of the proof state as long as we stick to the `DLS` predicate. Instead the opening lemma’s postcondition and the closing lemma’s precondition must reflect the case split. Consequently, applying the lemmas in a proof introduces the case splits anyway and consecutive iteration statements/ lemma applications increase the number of proof paths exponentially. VeriFast requires ~20 min to reason about 4 iteration statements. - - -# Solution: Introduce new representation for opened DLS +### Solution: Introduce new representation for opened DLS The only way to eliminate the case splits in `prvSelectHighestPriorityTask` is to unify the proof state of an opened `DLS` across all proof paths. @@ -508,11 +537,19 @@ With that, we can formalize an opened list in a unified way as - `DLS_prefix(....) &*& xLIST_ITEM(pxTaskItem, ...) &*& DLS_suffix(...)` -Additionally, we write opening and closing lemmas that transform the a DLS predicate instance into our new representation and back. +Additionally, we write opening and closing lemmas that transform the a `DLS` predicate instance into our new representation and back. The proof state we get after opening the list does not force VeriFast to consider any case splits. +This finally eliminates the complexity induced by the non-empty list model. + +Eliminating these case splits reduces verification time from ~20min to ~12.5s -Eliminating these case splits reduces verification time from ~20min to ~1min 10s. +Before we introduced this new list representation, we wrote opening and closing lemmas that used the `DLS` formulation. +It turns out that switching to the new representation does not only simplify the proof state we get after opening, but it also simplifies the opening and closing lemmas, though they remain very complicated. -The old opening and closing lemmas required Z3, because they required heavier reasoning about applications of `list` fixpoint functions and the shape of the inductive `list` datatype. VeriFast offers limited capabilities to reason about fixpoint functions (apart from axiomatizing) and the standard SMT solver often has problems reasoning about the shape of results, e.g., assertions of the form `drop(i, vals) == cons(_, _)`. The new lemma proofs don’t require Z3. Hence, we can switch back to VeriFast’s standard SMT solver. This reduces verification time further to an instant. +The old opening and closing lemmas required switching the SMT solver to Z3, which is much slower than VeriFast's standard SMT solver. +The lemmas required heavy reasoning about applications of `list` fixpoint functions and the shape of the inductive `list` datatype. +VeriFast offers limited capabilities to reason about fixpoint functions (apart from axiomatizing) and the standard SMT solver often has problems reasoning about the shape of results, e.g., assertions of the form `drop(i, vals) == cons(_, _)`. +The new lemmas' proofs don’t require Z3. +This allowed us to switch back to VeriFast’s standard SMT solver. Note that the lemmas still have to consider every possible case internally. That is, the opening and closing lemmas remain complicated. From 17004fbf1bb08c0cf4585517a50c3ff2f84d40f6 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 29 Dec 2022 14:30:13 -0500 Subject: [PATCH 268/289] Deleted the old explanation of reusing list proofs. --- .../tasks/vTaskSwitchContext/proof/README.md | 131 +----------------- 1 file changed, 1 insertion(+), 130 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/proof/README.md index 00dfdeccd91..96c79166416 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/README.md +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof/README.md @@ -14,7 +14,7 @@ This directory contains the bulk of VeriFast formalizations and proofs. │ ├── single_core_proofs │ Contains the old list formalization and proofs written by -│ Aalok Thakkar and Nathan Chong in 2020 for the single-core +│ Aalok Thakkar and Nathan Chong in 2020 for the single-core │ setup. │ │ │ ├── scp_common.h @@ -27,132 +27,3 @@ This directory contains the bulk of VeriFast formalizations and proofs. Contains new proofs extending the single-core list formalization. ``` - - - - - -# Reusing the Single-Core List Formalization and Proofs -We reuse the list formalization and proofs written by Aalok Thakkar and Nathan -Chong in 2020. However, due to new challenges that arise in the code we verify, -we have to extend and adapt the existing formalization. -The single-core list formalization defines two main predicates: -- ``` - predicate xLIST_ITEM(struct xLIST_ITEM *n, - TickType_t xItemValue, - struct xLIST_ITEM *pxNext, - struct xLIST_ITEM *pxPrevious, - struct xLIST *pxContainer;) - ``` - Represents a list item of type `xLIST_ITEM`. The arguments have the following - semantics: - - `n`: A pointer to the node whose memory the predicate represents. - - `xItemValue`: The value stored in node `n`. - - `pxNext`: The node's "next" pointer, i.e., `n->pxNext`. - - `pxPrevious`: The node's "previous" pointer, i.e., `n->pxPrevious`. - - `pxContainer`: The doubly linked list containing this node. -- ``` - predicate DLS(struct xLIST_ITEM *n, - struct xLIST_ITEM *nprev, - struct xLIST_ITEM *mnext, - struct xLIST_ITEM *m, - list cells, - list vals, - struct xLIST *pxContainer) - ``` - Represents a non-empty doubly linked list segment. The semantics of the - arguments are as follows: - - `n`: The left-most node in the segment. - - `nPrev`: The left-most node's "previous" pointer, i.e., `n->pxPrevious`. - - `mNext`: The right-most node's "next" pointer, i.e., `m->pxNext`. - - `m`: The right-most node. - - `cells`: A VeriFast list storing pointers to all nodes the list contains. - - `vals`: A VeriFast list storing the list nodes' values. - - `pxContainer`: A pointer to list struct. - - The single-core formalization also uses `DLS` not just to represent list - segments but also to express unsegmented cyclic linked lists. In FreeRTOS - lists start with a sentinel, called "end". Using the `DLS` predicate, a - cyclic list has the form: - `DLS(end, endPrev, end, endPrev, cells, vals, list)` - - - - - -# Iterating through a DLS - -We verify `vTaskSwitchContext` which internally calls -`prvSelectHighestPriorityTask` to select the task that will be scheduled next. -The function `prvSelectHighestPriorityTask` iterates through the ready lists. -Hence, reasoning about it requires us to reason about iteration through memory -described as a DLS predicate instance. Consider the following scenario: -We have a DLS predicate representing our cyclic ready list and a task item -pointer `pxTaskItem` which points to an element of this list. - -- `DLS(end, endPrev, end, endPrev, cells, vals, readyList)` -- `mem(pxTaskItem, cells) == true` - -Suppose we want to move the task pointer forward - -- `pxTaskItem2 = pxTaskItem->pxNext` - -In order to verify this line we have to do two things: - -1. Justify the heap access to `pxTaskItem->pxNext` -2. Prove that `pxTaskItem2` points to an element of the list. This is - necessary to reason about any code that uses `pxTaskItem2`. - -We can do this by opening the recursive predicate at the nodes for `pxTaskItem` -and `pxTaskItem->next`, for which we can reuse the existing list proof lemmas. -When the right parts of the predicate are exposed, we can prove (1) and (2). -Afterwards, we have to close the predicate again. - - - - - -# Issue 1: DLS iteration proofs are hard because of many case splits - -Proving (1) and (2) forces us to consider many different cases, which leads to -complicated proofs. -The position of `pxTaskItem` in the list determines how we should open the `DLS` -(either by using the existing `split` lemma or with VeriFast’s `open` command) -and also how we have to close it at the end of the proof. -Accessing `pxTaskItem->pxNext` introduces more case splits that complicate the -proof. -Again, closing the predicate has to account for all the introduced cases. - -Note that proofs for forward iteration cannot be reused for backwards iteration -but requires separate proofs. - - - - - -# Issue 2: Checking DLS iteration proofs has bad performance - -As explained above, reasoning about about a single statement that moves the item pointer forward or backward introduces many case splits. `prvSelectHighestPriorityTask` contains multiple statements that manipulate the item pointer. From VeriFast’s perspective, each consecutive proof of such an iteration statement splits up the proof tree further. This is the case even though this part of the code we reason about is linear. - -Introducing lemmas for opening and closing shortens the consecutive iteration proofs significantly, but does not eliminate the case splits. The reason for this is that the `DLS` predicate cannot express empty segments and depending of the current proof path, the number of predicate on the symbolic heap after opening the `DLS` changes. - -Hence, we cannot unify the proof state representation of the proof state as long as we stick to the `DLS` predicate. Instead the opening lemma’s postcondition and the closing lemma’s precondition must reflect the case split. Consequently, applying the lemmas in a proof introduces the case splits anyway and consecutive iteration statements/ lemma applications increase the number of proof paths exponentially. VeriFast requires ~20 min to reason about 4 iteration statements. - - - - - -# Solution: Introduce new representation for opened DLS - - -The only way to eliminate the case splits in `prvSelectHighestPriorityTask` is to unify the proof state of an opened `DLS` accross all proof paths. We introduce two new predicates that express potentially empty prefixes and suffixes of opened cyclic `DLS`. With that, we can formalize an opened list in a unified way as - -- `DLS_prefix(....) &*& xLIST_ITEM(pxTaskItem, ...) &*& DLS_suffix(...)` - -Additionally, we write opening and closing lemmas that transform the a DLS predicate instance into our new representation and back. The proof state we get after opening the list does not force VeriFast to consider any case splits. - -Eliminating these case splits reduces verification time from ~20min to ~1min 10s. - -The old opening and closing lemmas required Z3, because they required heavier reasoning about applications of `list` fixpoint functions and the shape of the inductive `list` datatype. VeriFast offers limited capabilities to reason about fixpoint functions (apart from axiomatizing) and the standard SMT solver often has problems reasoning about the shape of results, e.g., assertions of the form `drop(i, vals) == cons(_, _)`. The new lemma proofs don’t require Z3. Hence, we can switch back to VeriFast’s standard SMT solver. This reduces verification time further to an instant. - -Note that the lemmas still have to consider every possible case internally. That is, the opening and closing lemmas remain complicated. From b0e2d1e3f0eb3b9fa1f6f08be83496bc1b524c18 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 29 Dec 2022 14:46:13 -0500 Subject: [PATCH 269/289] Updated proof directory content listing in README. --- .../tasks/vTaskSwitchContext/proof/README.md | 35 +++++++++++++++++-- 1 file changed, 32 insertions(+), 3 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/proof/README.md index 96c79166416..8d08e1e47c7 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/README.md +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof/README.md @@ -6,11 +6,40 @@ This directory contains the bulk of VeriFast formalizations and proofs. # Directory Structure ``` -├── *.h files -│ Headers containing VeriFast formalizations and proofs. +├── lock_predicates.h +│ Contains the formalization of the lock invariants, i.e., the invariants +│ associated with: Masking interrupts, the task lock and the ISR lock. +│ This file also contains the lemmas to prove that the task state updates +│ in `prvSelectHighestPriorityTask` preserve the lock invariants. │ +├── port_contracts.h +│ Contains VeriFast function contracts for macros with port-specific +│ definitions, e.g., the macros to mask interrupts and to acquire AND +│ release locks. These port-specific definitions often contain contain +│ inline assembly VeriFast cannot reason about. The contracts allow us +│ to abstract the semantics of the assembly. +│ +├── ready_list_predicates.h +│ Contains the predicates describing the ready lists as well as lemmas to +│ reason about ready lists. +│ +├── stack_predicates.h +│ Contains the formalization of the stack layout used in the RP2040 port. +│ +├── task_predicates.h +│ Contains predicates describing task control blocks. +│ +├── task_running_states.h +│ `tasks.c` defines macros that are used to denote task run states. +│ The proof headers in this directory cannot refer to these macros. +│ This header contains auxiliary definitions used to expose the run state +│ macros to the proof headers. +│ +├── verifast_lists_extended.h +│ Contains list axioms and lemmas that would naturally fit into VeriFast's +│ standard list library `listex.gh`. +│ ├── README.md -│ Contains more details about the proof. │ ├── single_core_proofs │ Contains the old list formalization and proofs written by From 5cbf66ca639c23b3b3123cec4b14a5b486bdfe44 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 29 Dec 2022 14:49:59 -0500 Subject: [PATCH 270/289] Deleted deprecated README file. --- Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/README.md | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/README.md diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/README.md deleted file mode 100644 index fba9881513a..00000000000 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof_setup/README.md +++ /dev/null @@ -1,2 +0,0 @@ -The current proof setup uses the preconfigured setup from -`$FREERTOS_SMP_DEMO_DIR/FreeRTOS/Demo/CORTEX_M0+_RP2040/OnEitherCore` From 53d3062e2ca8054d8042433d8eda9f167d3cce8a Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Thu, 29 Dec 2022 15:00:42 -0500 Subject: [PATCH 271/289] Deleted comments. --- .../tasks/vTaskSwitchContext/proof/README.md | 3 --- .../proof/lock_predicates.h | 1 - .../proof/ready_list_predicates.h | 4 ++++ .../tasks/vTaskSwitchContext/src/tasks.c | 20 ++----------------- 4 files changed, 6 insertions(+), 22 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/proof/README.md index 8d08e1e47c7..37d503b6dcf 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/README.md +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof/README.md @@ -1,9 +1,6 @@ This directory contains the bulk of VeriFast formalizations and proofs. - - - # Directory Structure ``` ├── lock_predicates.h diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/lock_predicates.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/lock_predicates.h index 5941621d52b..e146e9f8335 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/lock_predicates.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof/lock_predicates.h @@ -150,7 +150,6 @@ predicate _taskISRLockInv_p(UBaseType_t gTopReadyPriority) = // (RP-Current) Read permission for task currently scheduled on this core // (RP-All) + (RP-Current) => Write permission for scheduled task [1/2]TCB_runState_p(gCurrentTCB, ?gCurrentTCB_state) &*& -// gCurrentTCB_state != taskTASK_NOT_RUNNING &*& (gCurrentTCB_state == coreID_f() || gCurrentTCB_state == taskTASK_YIELDING) &*& nth(index_of(gCurrentTCB, gTasks), gStates) == gCurrentTCB_state &*& diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/ready_list_predicates.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/ready_list_predicates.h index bb22ab5d027..3e74d976fa4 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/ready_list_predicates.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof/ready_list_predicates.h @@ -8,6 +8,10 @@ /*@ +// This predicate represents the global ready lists, i.e., the global array +// `pxReadyTasksLists` in `tasks.c`. +// Each index `p` stores a cyclic doubly linked list containing all tasks +// of priority `p` that are ready to run. predicate readyLists_p(list > gCellLists, list > gOwnerLists) = configMAX_PRIORITIES == length(gCellLists) &*& diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c b/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c index 3f600c320a6..78901121fa0 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c +++ b/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c @@ -904,12 +904,7 @@ static void prvYieldForTask( TCB_t * pxTCB, &*& // opened predicate `coreLocalInterruptInv_p()` [1/2]pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB0) &*& - integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) -// TCB_criticalNesting_p(gCurrentTCB0, 0) - &*& - // read access to current task's stack pointer, etc -// TCB_stack_p(gCurrentTCB0, ?ulFreeBytesOnStack); - true; + integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _); @*/ /*@ ensures 0 <= xCoreID &*& xCoreID < configNUM_CORES &*& xCoreID == coreID_f() &*& @@ -922,12 +917,7 @@ static void prvYieldForTask( TCB_t * pxTCB, &*& // opened predicate `coreLocalInterruptInv_p()` [1/2]pointer(&pxCurrentTCBs[coreID_f], ?gCurrentTCB) &*& - integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) -// TCB_criticalNesting_p(gCurrentTCB, 0) - &*& - // read access to current task's stack pointer, etc -// TCB_stack_p(gCurrentTCB, ulFreeBytesOnStack); - true; + integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _); @*/ { //@ open taskISRLockInv_p(); @@ -1422,12 +1412,7 @@ static void prvYieldForTask( TCB_t * pxTCB, // @ append_take_nth_drop(uxCurrentPriority, gCellLists); // @ append_take_nth_drop(uxCurrentPriority, gOwnerLists); - -// //@ assert( List_array_p(&pxReadyTasksLists, ?gSize2, ?gCellLists2, ?gOwnerLists2) ); - - //@ assert( exists_in_taskISRLockInv_p(gTasks, ?gStates) ); - // //@ close readyLists_p(gCellLists2, gOwnerLists2); //@ close _taskISRLockInv_p(uxTopReadyPriority); } // outer loop end @@ -4403,7 +4388,6 @@ void vTaskSwitchContext( BaseType_t xCoreID ) &*& // read access to current task's stack pointer, etc TCB_stack_p(gCurrentTCB, ulFreeBytesOnStack); - // Remark: the part of the post condition relating to TCBs will have to change. @*/ { /* Acquire both locks: From e644877f7f08773f1b9f1700d5020c04ffbe8d9f Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 30 Dec 2022 14:45:42 -0500 Subject: [PATCH 272/289] Explained found bug in README. --- .../tasks/vTaskSwitchContext/README.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/README.md index 4dc1852557d..f5004f4e480 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/README.md +++ b/Test/VeriFast/tasks/vTaskSwitchContext/README.md @@ -54,6 +54,24 @@ The proof ensures that every concurrent execution of `vTaskSwitchContext` on any That is, when we execute multiple instances of the function on different cores, we won't get any memory errors or data races, no matter how these instances interleave or when interrupts occur. +# Found Buffer Underflow +During the verification of `vTaskSwitchContext` we found a buffer underflow, fixed it and verified that our fix works. +The guarantees stated in the section above concern the fixed-up code. +We submitted the fix as a pull request: [Fixed buffer underflow in prvSelectHighestPriorityTask. #607](https://github.com/FreeRTOS/FreeRTOS-Kernel/pull/607) + +Our verification target `vTaskSwitchContext` calls the auxiliary function `prvSelectHighestPriorityTask` to choose the task that will be scheduled next. +This works as long as the idle tasks have already been created. +The idle tasks are tasks whose only purpose is to run and do nothing in case there is no other task that can be scheduled. + +However, `prvSelectHighestPriorityTask` can also be called before the idle tasks have been created. +When that happens, the function decrements the global variable `uxTopReadyPriority` to -1. +This variable is supposed to store the highest priority for which we know that there is a ready task. +Priorities start at 0, so -1 is an invalid value. + +During the next regular context switch, `vTaskSwitchContext` calls `prvSelectHighestPriorityTask`. +The latter looks at `uxTopReadyPriority` to detect at which priority level it should start its search. +Hence, it accesses the global ready list array at index -1, i.e., `pxReadyTasksLists[ uxCurrentPriority ]`. +This causes a memory error. # Proof Directory Structure ``` From 1b0869dac0dc4ae8d1514fe8cc7af61cb487bf50 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Fri, 30 Dec 2022 14:49:00 -0500 Subject: [PATCH 273/289] Fixed invalid characters in formula. --- Test/VeriFast/tasks/vTaskSwitchContext/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/README.md index f5004f4e480..30d5213de6e 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/README.md +++ b/Test/VeriFast/tasks/vTaskSwitchContext/README.md @@ -39,8 +39,8 @@ Proof Assumptions: ==> Unbounded memory & thread safety guarantees: - ∀ #tasks. ∀ task interleavings. ∀ interrupt schedules. ∀ data sizes. ∀ cores C1, …, Cn. - vTaskSwitchContext(C1) || … || vTaskSwitchContext(Cn) + ∀ #tasks. ∀ task interleavings. ∀ interrupt schedules. ∀ data sizes. ∀ cores C1, …, Cn. + vTaskSwitchContext(C1) || … || vTaskSwitchContext(Cn) => (no memory error ∧ no race condition) ``` From 9df86117b8bae081d9903ce08d3b97ef3f0f2bc5 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sat, 31 Dec 2022 09:55:39 -0500 Subject: [PATCH 274/289] Updated documentation of preprocessing scripts and deleted comments. --- .../prepare_file_for_VeriFast.sh | 27 +++++++------------ .../preprocess_file_for_verification.sh | 18 +++---------- .../preprocessing_scripts/vf_rewrite.sh | 9 +++++-- 3 files changed, 19 insertions(+), 35 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/prepare_file_for_VeriFast.sh b/Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/prepare_file_for_VeriFast.sh index b71310f0161..397d3f8e0e0 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/prepare_file_for_VeriFast.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/prepare_file_for_VeriFast.sh @@ -2,9 +2,12 @@ ps -o comm= -p $$ # This script expects the following command line arguments: -# $1 : Absolute path to the root dir of this repository -# $2 : Absolute path to the root of the directory containing the VeriFast proofs -# $3 : Absolute path to the VeriFast directory +# $1 : Absolute path to the source file that should be prepared for VeriFast. +# $2 : Absolute path to which the result shall be written. +# $3 : Absolute path under which preprocessor error shall be logged. +# $4 : Absolute path to the root dir of this repository +# $5 : Absolute path to the root of the directory containing the VeriFast proofs +# $6 : Absolute path to the VeriFast directory SRC_FILE="$1" OUT_FILE="$2" @@ -13,18 +16,6 @@ REPO_BASE_DIR="$4" VF_PROOF_BASE_DIR="$5" VF_DIR="$6" -echo SRC_FILE -echo "$1" -echo OUT_FILE -echo "$2" -echo FILE_PP_ERR_LOG -echo "$3" -echo REPO_BASE_DIR -echo "$4" -echo VF_PROOF_BASE_DIR -echo "$5" -echo VF_DIR -echo "$6" # Load functions used to compute paths. . "$VF_PROOF_BASE_DIR/paths.sh" @@ -43,12 +34,12 @@ fi # Preprocessing the source file -# Output is written to '$FILE_PP_LOG' and error report is written to +# Output is written to '$FILE_PP_LOG' and error report is written to # '$FILE_PP_ERR_LOG'. "$PP_SCRIPT_DIR/preprocess_file_for_verification.sh" $SRC_FILE \ $FILE_PP_LOG $FILE_PP_ERR_LOG \ - $REPO_BASE_DIR $VF_PROOF_BASE_DIR $VF_DIR + $REPO_BASE_DIR $VF_PROOF_BASE_DIR $VF_DIR cp "$FILE_PP_LOG" "$FILE_RW_LOG" "$PP_SCRIPT_DIR/vf_rewrite.sh" "$FILE_RW_LOG" -cp "$FILE_RW_LOG" "$OUT_FILE" \ No newline at end of file +cp "$FILE_RW_LOG" "$OUT_FILE" diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/preprocess_file_for_verification.sh b/Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/preprocess_file_for_verification.sh index 86580feb166..a056731f565 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/preprocess_file_for_verification.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/preprocess_file_for_verification.sh @@ -1,8 +1,8 @@ #!/bin/bash -# This script preprocesses an given source file annotated with VeriFast proof -# steps. Include paths are configured to fit 'tasks.c', but it might also be +# This script preprocesses a given source file annotated with VeriFast proof +# steps. Include paths are configured to fit 'tasks.c', but it might also be # useful for other source files. The preprocessor is configured to include the # proper proof files from VeriFast's standard library and to also include # source code guarded by 'VERIFAST' defines. @@ -23,18 +23,6 @@ REPO_BASE_DIR="$4" VF_PROOF_BASE_DIR="$5" VF_DIR="$6" -echo SRC_FILE -echo "$1" -echo OUT_FILE -echo "$2" -echo ERR_FILE -echo "$3" -echo REPO_BASE_DIR -echo "$4" -echo VF_PROOF_BASE_DIR -echo "$5" -echo VF_DIR -echo "$6" # Load functions used to compute paths. @@ -59,4 +47,4 @@ ${PICO_INCLUDE_FLAGS[@]} \ -I`prod_header_dir $REPO_BASE_DIR` \ \ -c "$SRC_FILE" \ -1>"$OUT_FILE" 2>"$ERR_FILE" \ No newline at end of file +1>"$OUT_FILE" 2>"$ERR_FILE" diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/vf_rewrite.sh b/Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/vf_rewrite.sh index 8408ab8b136..40ee596c0de 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/vf_rewrite.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/vf_rewrite.sh @@ -2,7 +2,7 @@ ps -o comm= -p $$ # This script rewrites a given source in-pace such that the result can be # processed by VeriFast. Each rewrite below concerns a specific construct -# VeriFast cannot handle. When VeriFast will be extended to handle a +# VeriFast cannot handle. When VeriFast will be extended to handle a # problematic construct we encountered, the corresponding rewirte below can be # deleted. # @@ -33,12 +33,18 @@ echo "Commenting out line/file pragmas" rewrite "^#" "// &" echo "Fixing order of 'long', 'unsigned'" +echo "Reported issue 338:" +echo "https://github.com/verifast/verifast/issues/338" rewrite "long unsigned int" "unsigned long int" echo "Delete fixed-sized array typedefs" +echo "Reported issue 339:" +echo "https://github.com/verifast/verifast/issues/339" rewrite "typedef .*\[[0-9]*\];" "" echo "Delete attributes" +echo "Reported issue 340:" +echo "https://github.com/verifast/verifast/issues/340" rewrite "__attribute__(([_a-z]*))" "" # Note: `\s` or `:space:` not work on MacOs. rewrite "__attribute__( ( [_a-z]* ) )" "" @@ -57,4 +63,3 @@ rewrite "const [*]" "*" echo "Uncomment special includes to allow VeriFast proofs to refer to config macros" rewrite "//VF_include #include" "#include" rewrite "//VF_macro #" "#" - From 4386c13fb1a7f75592f23033d7a303926fcc11e7 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sat, 31 Dec 2022 10:04:58 -0500 Subject: [PATCH 275/289] Minor adjustment of shebang lines in preprocessing scripts. --- .../preprocessing_scripts/prepare_file_for_VeriFast.sh | 3 +-- .../vTaskSwitchContext/preprocessing_scripts/vf_rewrite.sh | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/prepare_file_for_VeriFast.sh b/Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/prepare_file_for_VeriFast.sh index 397d3f8e0e0..8cb4394ff0b 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/prepare_file_for_VeriFast.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/prepare_file_for_VeriFast.sh @@ -1,5 +1,4 @@ -#!/bin/zsh -ps -o comm= -p $$ +#!/bin/bash # This script expects the following command line arguments: # $1 : Absolute path to the source file that should be prepared for VeriFast. diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/vf_rewrite.sh b/Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/vf_rewrite.sh index 40ee596c0de..5c6191f6f29 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/vf_rewrite.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/vf_rewrite.sh @@ -1,4 +1,4 @@ -ps -o comm= -p $$ +#!/bin/bash # This script rewrites a given source in-pace such that the result can be # processed by VeriFast. Each rewrite below concerns a specific construct From 259fb147af8d4e9cc0bba7cc23c726dc1f84618e Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sat, 31 Dec 2022 10:06:35 -0500 Subject: [PATCH 276/289] Improved readability of printouts in rewrite script. --- .../vTaskSwitchContext/preprocessing_scripts/vf_rewrite.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/vf_rewrite.sh b/Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/vf_rewrite.sh index 5c6191f6f29..2898a831227 100755 --- a/Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/vf_rewrite.sh +++ b/Test/VeriFast/tasks/vTaskSwitchContext/preprocessing_scripts/vf_rewrite.sh @@ -24,8 +24,9 @@ rewrite() { FIND_REGEX=$1 REPLACE_REGEX=$2 - echo "\tRewrite pattern: \"$FIND_REGEX\" -> \"$REPLACE_REGEX\"" + echo "Rewrite pattern: \"$FIND_REGEX\" -> \"$REPLACE_REGEX\"" sed -i "" "s|$FIND_REGEX|$REPLACE_REGEX|g" $SOURCE_FILE + echo } From c6b76cade9e8a313cd597eec3d894192282b6a58 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sat, 31 Dec 2022 10:07:38 -0500 Subject: [PATCH 277/289] Updated version of tested VeriFast build --- Test/VeriFast/tasks/vTaskSwitchContext/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/README.md index 30d5213de6e..63e40e741b4 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/README.md +++ b/Test/VeriFast/tasks/vTaskSwitchContext/README.md @@ -224,7 +224,7 @@ The diff can also be manually checked by running the command # Disclaimer -All scripts and proofs have been tested under OS X 12.6.1 and with the VeriFast nightly build from Dec 12th 2022. +All scripts and proofs have been tested under OS X 12.6.1 and with the VeriFast nightly build from Dec 31, 2022 (corresponds to commit [9e32b122b54152a2ac75a811aa422d638b56c6ab](https://github.com/verifast/verifast/commit/9e32b122b54152a2ac75a811aa422d638b56c6ab)). From ea989ae2366d8f65fc359b4aa9d2cbbef8d5170e Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sat, 31 Dec 2022 15:34:51 -0500 Subject: [PATCH 278/289] Minor correction in README. --- Test/VeriFast/tasks/vTaskSwitchContext/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/README.md index 63e40e741b4..f6004f5d3a5 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/README.md +++ b/Test/VeriFast/tasks/vTaskSwitchContext/README.md @@ -38,7 +38,7 @@ Proof Assumptions: ==> -Unbounded memory & thread safety guarantees: +Unbounded memory & thread safety guarantees for `vTaskSwitchContext`: ∀ #tasks. ∀ task interleavings. ∀ interrupt schedules. ∀ data sizes. ∀ cores C1, …, Cn. vTaskSwitchContext(C1) || … || vTaskSwitchContext(Cn) => (no memory error ∧ no race condition) From 0adb318dd9cb0abff9f709f6d67d6accff63c36f Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sat, 31 Dec 2022 16:16:52 -0500 Subject: [PATCH 279/289] Updated directory structure depicted in README. --- Test/VeriFast/tasks/vTaskSwitchContext/README.md | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/README.md index f6004f5d3a5..ebde7b2d530 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/README.md +++ b/Test/VeriFast/tasks/vTaskSwitchContext/README.md @@ -79,17 +79,14 @@ FreeRTOS-Kernel │ │ │ -├── tasks.c files -│ The base directory contains the source files, in particular `tasks.c`. -│ `tasks.c` has been annotated with the VeriFast proof steps necessary to -│ prove memory safety and thread safety of `vTaskSwitchContext`. -│ The proof uses many specifications and lemmas residing in -│ `verification/verifast/proof_setup` and `verifcation/verifast/proofs`. +├── *.c files +│ The base directory contains the source files. Note that our proof uses +│ annotated copies of these files located in the proof directory. │ │ ├── include -│ Contains the header files. Some of the header files have been annotated with -│ VeriFast contracts and proofs. +│ Contains the header files. Note that our proof uses annotated copies of +│ these files located in the proof directory. │ │ ├── portable From 3ed8cbb69b6d7d1ca21ff64e5fe59b6f3e15f099 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sat, 31 Dec 2022 16:17:38 -0500 Subject: [PATCH 280/289] Minor corrections in README. --- .../tasks/vTaskSwitchContext/README.md | 21 +++++++++---------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/README.md index ebde7b2d530..0e82fe6db1b 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/README.md +++ b/Test/VeriFast/tasks/vTaskSwitchContext/README.md @@ -105,22 +105,22 @@ FreeRTOS-Kernel └── Test/VeriFast/tasks/vTaskSwitchContext │ ├── run-verifast.sh - │ Shell script to run check the proof with VeriFast. + │ Shell script to check the proof with VeriFast. │ ├── run-vfide.sh │ Shell script to load the proof into the VeriFast IDE. │ ├── diff.sh - │ Shell script to compute flag changes in the production code that - │ potentially break the validity of the VeriFast proof. An empty diff - │ means that the proof and the production code remain in sync. + │ Shell script to flag changes in the production code that potentially + │ break the validity of the VeriFast proof. An empty diff means that the + │ proof and the production code remain in sync. │ ├── preprocessing_scripts │ Contains scripts to preprocess and rewrite the source code. │ ├── demos │ Contains the FreeRTOS SMP demo. Our proofs use some of its - │ configuartion files. + │ configuration files. │ ├── include │ Contains annotated copies of header files residing in @@ -135,7 +135,7 @@ FreeRTOS-Kernel │ │ Headers containing VeriFast formalizations and proofs. │ │ │ ├── README.md - │ │ Contains more details about the proof. + │ │ Contains overview about proof files. │ │ │ ├── single_core_proofs │ │ Contains the old list formalization and proofs written by @@ -176,7 +176,6 @@ before it is processed by VeriFast. This file contains a copy of all the code and annotations required to check the proof. Both scripts expect the command line arguments explained below. -In the following we use the following variables - #### run-verifast.sh: Preprocesses the code and proof files and uses the @@ -185,7 +184,7 @@ In the following we use the following variables #### run-verifast.sh \ \ where - \ is the absolute path to this repository's base directory, - i.e., 'FreeRTOS-Kernel' in the repo structure depicted above. + i.e., `FreeRTOS-Kernel` in the repo structure depicted above. - \ is the absolute path to the VeriFast installation directory. @@ -213,7 +212,7 @@ Afterwards, it computes a diff between both versions and fails if the result is An empty diff means that the pull request did not change anything that can affect our proof and the proof remains valid. A non-empty diff shows which changes in the pull request potentially impact our proof. In this case, the changes should also be applied to the annotated copies and the proof should be checked again. -If the diff was not a false positive and indeed impacted the proof, the proof will likely require manual repair. +If the detected divergence was not a false positive and indeed impacted the proof, the proof will likely require manual repair. The diff can also be manually checked by running the command `diff.sh `, where the argument is the absolute path to the repository's base directory. @@ -264,7 +263,7 @@ Therefore, the proof's correctness relies on the correctness of our models. Previously, Aalok Thakkar and Nathan Chong used VeriFast to prove functional correctness of the stand-alone list data structure for a single-core setup, c.f. [FreeRTOS Pull Request 836: Update VeriFast proofs](https://github.com/FreeRTOS/FreeRTOS/pull/836). We reused their formalization and proofs as much as possible. - However, we had to heavily adapt both to tailor them to the needs of the scheduler proof, cf. `Reusing List Proofs` below. + However, we had to heavily adapt both to tailor them to the needs of the scheduler proof, cf. `Proof Details` below. The reused specification resides in `proofs/single_core_proofs/`. The full ready list array is specified in `proofs/ready_list_predicates.h`. @@ -294,7 +293,7 @@ Therefore, the proof's correctness relies on the correctness of our models. - ### Locking discipline and lock invariants -FreeRTOS' SMP implementation uses the following synchronization mechanisms: + FreeRTOS' SMP implementation uses the following synchronization mechanisms: - Deactivating interrupts: Some data is only meant to be accessed on a specific core C. From 4cc5b7dcdddcdd43499f7e930371e2c786f70d0c Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sat, 31 Dec 2022 16:17:38 -0500 Subject: [PATCH 281/289] Minor corrections in README. --- .../tasks/vTaskSwitchContext/README.md | 23 +++++++++---------- 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/README.md index ebde7b2d530..3d177c193c2 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/README.md +++ b/Test/VeriFast/tasks/vTaskSwitchContext/README.md @@ -105,22 +105,22 @@ FreeRTOS-Kernel └── Test/VeriFast/tasks/vTaskSwitchContext │ ├── run-verifast.sh - │ Shell script to run check the proof with VeriFast. + │ Shell script to check the proof with VeriFast. │ ├── run-vfide.sh │ Shell script to load the proof into the VeriFast IDE. │ ├── diff.sh - │ Shell script to compute flag changes in the production code that - │ potentially break the validity of the VeriFast proof. An empty diff - │ means that the proof and the production code remain in sync. + │ Shell script to flag changes in the production code that potentially + │ break the validity of the VeriFast proof. An empty diff means that the + │ proof and the production code remain in sync. │ ├── preprocessing_scripts │ Contains scripts to preprocess and rewrite the source code. │ ├── demos │ Contains the FreeRTOS SMP demo. Our proofs use some of its - │ configuartion files. + │ configuration files. │ ├── include │ Contains annotated copies of header files residing in @@ -135,7 +135,7 @@ FreeRTOS-Kernel │ │ Headers containing VeriFast formalizations and proofs. │ │ │ ├── README.md - │ │ Contains more details about the proof. + │ │ Contains overview about proof files. │ │ │ ├── single_core_proofs │ │ Contains the old list formalization and proofs written by @@ -176,7 +176,6 @@ before it is processed by VeriFast. This file contains a copy of all the code and annotations required to check the proof. Both scripts expect the command line arguments explained below. -In the following we use the following variables - #### run-verifast.sh: Preprocesses the code and proof files and uses the @@ -185,7 +184,7 @@ In the following we use the following variables #### run-verifast.sh \ \ where - \ is the absolute path to this repository's base directory, - i.e., 'FreeRTOS-Kernel' in the repo structure depicted above. + i.e., `FreeRTOS-Kernel` in the repo structure depicted above. - \ is the absolute path to the VeriFast installation directory. @@ -213,7 +212,7 @@ Afterwards, it computes a diff between both versions and fails if the result is An empty diff means that the pull request did not change anything that can affect our proof and the proof remains valid. A non-empty diff shows which changes in the pull request potentially impact our proof. In this case, the changes should also be applied to the annotated copies and the proof should be checked again. -If the diff was not a false positive and indeed impacted the proof, the proof will likely require manual repair. +If the detected divergence was not a false positive and indeed impacted the proof, the proof will likely require manual repair. The diff can also be manually checked by running the command `diff.sh `, where the argument is the absolute path to the repository's base directory. @@ -264,7 +263,7 @@ Therefore, the proof's correctness relies on the correctness of our models. Previously, Aalok Thakkar and Nathan Chong used VeriFast to prove functional correctness of the stand-alone list data structure for a single-core setup, c.f. [FreeRTOS Pull Request 836: Update VeriFast proofs](https://github.com/FreeRTOS/FreeRTOS/pull/836). We reused their formalization and proofs as much as possible. - However, we had to heavily adapt both to tailor them to the needs of the scheduler proof, cf. `Reusing List Proofs` below. + However, we had to heavily adapt both to tailor them to the needs of the scheduler proof, cf. `Proof Details` below. The reused specification resides in `proofs/single_core_proofs/`. The full ready list array is specified in `proofs/ready_list_predicates.h`. @@ -294,8 +293,8 @@ Therefore, the proof's correctness relies on the correctness of our models. - ### Locking discipline and lock invariants -FreeRTOS' SMP implementation uses the following synchronization mechanisms: - - Deactivating interrupts: + FreeRTOS' SMP implementation uses the following synchronization mechanisms: + - Deactivating interrupts: Some data is only meant to be accessed on a specific core C. Such data may only be accessed after interrupts on core C have been deactivated. From 4f80a727d9b9c3dc7fd3acef4b76209a1b10b4e4 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sat, 31 Dec 2022 16:43:10 -0500 Subject: [PATCH 282/289] Minor layout corrections in README. --- .../tasks/vTaskSwitchContext/README.md | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/README.md index 46c7481d3be..8a6463a9685 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/README.md +++ b/Test/VeriFast/tasks/vTaskSwitchContext/README.md @@ -303,19 +303,19 @@ Therefore, the proof's correctness relies on the correctness of our models. Core C is always allowed to read `pxCurrentTCBs[C]`. However, writing requires the interrupts on core C to be deactivated. - - task lock: - The task lock is used to protect ciritical sections and resources from being accessed by multiple tasks simultaneously. - - - ISR lock: - The ISR/ interrupt lock is used to protect critical sections and resources from being accessed by multiple interrupts simultaneously. - - - task lock + ISR lock: - Access to certain resources and ciritical sections are protected by both the task lock and the ISR lock. - For these, it is crucial that we first acquire the task lock and then the ISR lock. - Likewise, we must release them in opposite order. - Failure to comply with this order may lead to deadlocks. - The resources protected by both locks are the main resources this proof deals with. - These include the ready lists and the certain access rights to the tasks' run states. + - task lock: + The task lock is used to protect ciritical sections and resources from being accessed by multiple tasks simultaneously. + + - ISR lock: + The ISR/ interrupt lock is used to protect critical sections and resources from being accessed by multiple interrupts simultaneously. + + - task lock + ISR lock: + Access to certain resources and ciritical sections are protected by both the task lock and the ISR lock. + For these, it is crucial that we first acquire the task lock and then the ISR lock. + Likewise, we must release them in opposite order. + Failure to comply with this order may lead to deadlocks. + The resources protected by both locks are the main resources this proof deals with. + These include the ready lists and the certain access rights to the tasks' run states. #### Lock Invariants Every synchronization mechanism protects specific data structures and sections of code. From f2744eb4886f0950dbabb1c8dfc3283a10311199 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sat, 31 Dec 2022 16:48:46 -0500 Subject: [PATCH 283/289] Corrected typo in REAME. --- Test/VeriFast/tasks/vTaskSwitchContext/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/README.md index 8a6463a9685..4b06be29ddc 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/README.md +++ b/Test/VeriFast/tasks/vTaskSwitchContext/README.md @@ -349,7 +349,7 @@ For that, `vTaskSwitchContext` calls `prvSelectHighestPriorityTask` which search FreeRTOS maintains a global data structure called the "ready lists". It is an array `pxReadyTasksLists` with an entry for every priority level that a task might have. For every such priority level `p`, `pxReadyTasksLists[p]` stores a cyclic doubly linked list containing all tasks of priority level `p` that are ready to be scheduled, including currently running ones. -`prvSelectHighestPriorityTask` searches through the these lists in descending order. +`prvSelectHighestPriorityTask` searches through these lists in descending order. That is, in order to verify `vTaskSwitchContext`, we have to reason about the ready lists. @@ -370,7 +370,7 @@ The latter also contains the API proofs. ## Comparing the Original List Proofs and Our Adaptation As mentioned, we had to heavily adapt the list formalization and proofs to reuse them for the scheduler verification. -Therefore, both `scp_list_predicates.h` and `scp_list_predicates.h` contain an updated version of the formalization and proofs used by our context-switch proof and the original version by Aalok Thakkar and Nathan Chong. +Therefore, both `scp_list_predicates.h` and `list.c` contain an updated version of the formalization and proofs used by our context-switch proof and the original version by Aalok Thakkar and Nathan Chong. The latter is guarded by a preprocessor define `VERIFAST_SINGLE_CORE`. We can compare both versions by preprocessing both files twice: Once with the define `VERIFAST_SINGLE_CORE`, which yields the original version, and once without which gives us the version used by our proofs. Afterwards, a diff will show all the adaptations we had to apply. @@ -456,7 +456,7 @@ While this change seems simple on a first glance, it forced us to adapt all the ## Issue 2: Model-induced Complexity -The formalization of doubly linked segments induces heavy complexity. +The formalization of doubly linked list segments induces heavy complexity. The problem lies in the fact that `DLS` cannot express empty list segments. This leads to complex case distinctions whenever we access list nodes. Consequently, our proof becomes very complex and every list access leads to an exponential blow-up of the proof tree. From 72ab40f2516ee02e64005bd12a5ea78f414002c5 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sat, 31 Dec 2022 16:48:46 -0500 Subject: [PATCH 284/289] Corrected typo in REAME. --- Test/VeriFast/tasks/vTaskSwitchContext/README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/README.md index 8a6463a9685..99b7c3313b4 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/README.md +++ b/Test/VeriFast/tasks/vTaskSwitchContext/README.md @@ -349,7 +349,7 @@ For that, `vTaskSwitchContext` calls `prvSelectHighestPriorityTask` which search FreeRTOS maintains a global data structure called the "ready lists". It is an array `pxReadyTasksLists` with an entry for every priority level that a task might have. For every such priority level `p`, `pxReadyTasksLists[p]` stores a cyclic doubly linked list containing all tasks of priority level `p` that are ready to be scheduled, including currently running ones. -`prvSelectHighestPriorityTask` searches through the these lists in descending order. +`prvSelectHighestPriorityTask` searches through these lists in descending order. That is, in order to verify `vTaskSwitchContext`, we have to reason about the ready lists. @@ -370,7 +370,7 @@ The latter also contains the API proofs. ## Comparing the Original List Proofs and Our Adaptation As mentioned, we had to heavily adapt the list formalization and proofs to reuse them for the scheduler verification. -Therefore, both `scp_list_predicates.h` and `scp_list_predicates.h` contain an updated version of the formalization and proofs used by our context-switch proof and the original version by Aalok Thakkar and Nathan Chong. +Therefore, both `scp_list_predicates.h` and `list.c` contain an updated version of the formalization and proofs used by our context-switch proof and the original version by Aalok Thakkar and Nathan Chong. The latter is guarded by a preprocessor define `VERIFAST_SINGLE_CORE`. We can compare both versions by preprocessing both files twice: Once with the define `VERIFAST_SINGLE_CORE`, which yields the original version, and once without which gives us the version used by our proofs. Afterwards, a diff will show all the adaptations we had to apply. @@ -456,11 +456,11 @@ While this change seems simple on a first glance, it forced us to adapt all the ## Issue 2: Model-induced Complexity -The formalization of doubly linked segments induces heavy complexity. +The formalization of doubly linked list segments induces heavy complexity. The problem lies in the fact that `DLS` cannot express empty list segments. This leads to complex case distinctions whenever we access list nodes. Consequently, our proof becomes very complex and every list access leads to an exponential blow-up of the proof tree. -This in turn leads to very bad performance of checking the proof. +This in turn leads to very bad performance when checking the proof. We solved this problem by introducing a new representation of a cyclic doubly-linked list as a potentially empty prefix, the node we want to access and a potentially empty suffix: `DLS_prefix(....) &*& xLIST_ITEM(node, ...) &*& DLS_suffix(...)` We added lemmas that allow us to freely convert between a `DLS` predicate and our new representation. Thereby, the proof became a lot simpler and it reduced the time needed to check the proof from ~20 minutes to about 12.5 seconds. From 7bb871c017bec4be28b5ccaa5a5fc07083384ab6 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sat, 31 Dec 2022 17:03:40 -0500 Subject: [PATCH 285/289] Corrected typo in README. --- Test/VeriFast/tasks/vTaskSwitchContext/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/README.md index 99b7c3313b4..629d6edc7b8 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/README.md +++ b/Test/VeriFast/tasks/vTaskSwitchContext/README.md @@ -456,7 +456,7 @@ While this change seems simple on a first glance, it forced us to adapt all the ## Issue 2: Model-induced Complexity -The formalization of doubly linked list segments induces heavy complexity. +The formalization of doubly-linked list segments induces heavy complexity. The problem lies in the fact that `DLS` cannot express empty list segments. This leads to complex case distinctions whenever we access list nodes. Consequently, our proof becomes very complex and every list access leads to an exponential blow-up of the proof tree. @@ -469,7 +469,7 @@ The following sections explain the details of the problem and our solution. ### Iterating through a DLS The function `prvSelectHighestPriorityTask` iterates through the ready lists. -Hence, reasoning about it requires us to reason about iteration through memory described as a `DLS` predicate instance. Consider the following scenario: +Hence, reasoning about it requires us to reason about iteration through memory described by a `DLS` predicate instance. Consider the following scenario: We have a `DLS` predicate representing our cyclic ready list and a task item pointer `pxTaskItem` which points to an element of this list. - `DLS(end, endPrev, end, endPrev, cells, vals, owners, readyList)` @@ -502,7 +502,7 @@ Again, closing the predicate has to account for all the introduced cases. Introducing lemmas to open and close the predicate helps us to hide this complexity inside the lemmas. Thereby, the main proof using these lemmas gets shorter. -However, the next section explain why this approach does not eliminate the complexity. +However, the next section explains why this approach does not eliminate the complexity. Note that proofs for forward iteration cannot be reused for backwards iteration but requires separate proofs. From 48290b9641cb210c57e0eda7a54311ae519dce23 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Sat, 31 Dec 2022 17:10:35 -0500 Subject: [PATCH 286/289] Minor corrections in README. --- Test/VeriFast/tasks/vTaskSwitchContext/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/README.md index 629d6edc7b8..1c57d885d3b 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/README.md +++ b/Test/VeriFast/tasks/vTaskSwitchContext/README.md @@ -504,7 +504,8 @@ Introducing lemmas to open and close the predicate helps us to hide this complex Thereby, the main proof using these lemmas gets shorter. However, the next section explains why this approach does not eliminate the complexity. -Note that proofs for forward iteration cannot be reused for backwards iteration but requires separate proofs. +Note that proofs for forward iteration cannot be reused for backwards iteration. +Instead the latter requires separate proofs. From 1eb83cdb468ab9adbb4bfc88623bdbf5bd633821 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Tue, 3 Jan 2023 17:26:12 -0500 Subject: [PATCH 287/289] Wrote more documentation. --- .../tasks/vTaskSwitchContext/README.md | 4 +- .../tasks/vTaskSwitchContext/proof/README.md | 8 +- .../proof/lock_predicates.h | 72 +++++++- .../vTaskSwitchContext/proof/port_contracts.h | 76 --------- .../proof/port_locking_contracts.h | 159 ++++++++++++++++++ .../tasks/vTaskSwitchContext/src/tasks.c | 2 +- 6 files changed, 232 insertions(+), 89 deletions(-) delete mode 100644 Test/VeriFast/tasks/vTaskSwitchContext/proof/port_contracts.h create mode 100644 Test/VeriFast/tasks/vTaskSwitchContext/proof/port_locking_contracts.h diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/README.md index 1c57d885d3b..561603fd659 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/README.md +++ b/Test/VeriFast/tasks/vTaskSwitchContext/README.md @@ -249,7 +249,7 @@ Therefore, the proof's correctness relies on the correctness of our models. VeriFast is a program verifier for C and not designed to handle any kind of assembly. The port-specific assembly is called via macros with a port-specific definition. We redefined these macros to call dummy function prototypes instead. - We equipped these prototypes with VeriFast contracts that capture the semantics of the original assembly code, cf. `proof/port_contracts.h`. + We equipped these prototypes with VeriFast contracts that capture the semantics of the original assembly code, cf. `proof/port_locking_contracts.h`. This way, VeriFast refers to the contracts to reason about the macro calls and does not have to deal with the assembly code. @@ -333,7 +333,7 @@ Therefore, the proof's correctness relies on the correctness of our models. Otherwise, consuming `I` during the release step will fail and consequently the entire proof will fail. FreeRTOS uses macros with port-specifc definitions to acquire and release locks and to mask and unmask interrupts. - We abstracted these with VeriFast contracts defined in `proof/port_contracts.h`. + We abstracted these with VeriFast contracts defined in `proof/port_locking_contracts.h`. The contracts ensure that invoking any synchronization mechanism produces or consumes the corresponding invariant. The invariants are defined in `proof/lock_predicates.h` diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/proof/README.md index 37d503b6dcf..f01ef2d94f4 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/README.md +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof/README.md @@ -9,11 +9,11 @@ This directory contains the bulk of VeriFast formalizations and proofs. │ This file also contains the lemmas to prove that the task state updates │ in `prvSelectHighestPriorityTask` preserve the lock invariants. │ -├── port_contracts.h +├── port_locking_contracts.h │ Contains VeriFast function contracts for macros with port-specific -│ definitions, e.g., the macros to mask interrupts and to acquire AND -│ release locks. These port-specific definitions often contain contain -│ inline assembly VeriFast cannot reason about. The contracts allow us +│ definitions used to invoke synchronization mechanisms, e.g., masking +│ interrupts and acquiring locks. These port-specific definitions often +│ contain inline assembly VeriFast cannot reason about. The contracts allow us │ to abstract the semantics of the assembly. │ ├── ready_list_predicates.h diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/lock_predicates.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/lock_predicates.h index e146e9f8335..868d0ef90ec 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/lock_predicates.h +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof/lock_predicates.h @@ -55,18 +55,37 @@ /* ---------------------------------------------------------------------- * Core local data and access restrictions. * Some data in FreeRTOS such as the pointer to TCB of the task running - * on core `C` may only be accessed from core `C`. Such core-local data + * on core `C` may only be accessed from core `C`. Such core-local data is * protected by deactivating interrupts. */ /*@ +// Represents the state of interrupts (i.e. activated or deactivated) on a +// specific core. The state corresponds to the value of the special register +// used for interrupt masking. predicate interruptState_p(uint32_t coreID, uint32_t state); +// Given an interrupt state (i.e. the value of the special register used to +// control interrupt masking), this function returns whether the state expresses +// that interrupts are deactivated. fixpoint bool interruptsDisabled_f(uint32_t); + +// This predicate expresses that the core we are currently reasoning about +// (expressed by constant `coreID_f`) is allowed to access the core-local data +// protected by interrupt masking. predicate coreLocalInterruptInv_p() = - [0.5]pointer(&pxCurrentTCBs[coreID_f], ?currentTCB) &*& - integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) &*& + // Read permission to the entry of `pxCurrentTCBs` that stores a pointer + // to the task currenlty running on this core + [0.5]pointer(&pxCurrentTCBs[coreID_f], ?currentTCB) + &*& + // Write permission to the entry of `xYieldPendings` for the current core + integer_(&xYieldPendings[coreID_f], sizeof(BaseType_t), true, _) + &*& + // Write permission to the "critical nesting" field of the task + // currently scheduled on this core. The field allows us to check whether + // the task is currently in a critical section. Necessary to check whether, + // we are allowed to context switch. TCB_criticalNesting_p(currentTCB, ?gCriticalNesting); @*/ @@ -76,6 +95,13 @@ predicate coreLocalInterruptInv_p() = */ /*@ +// This predicate is used to remember which locks we're currently holding. Each +// Each constists of a pair `(f,id)`. `f` is the fraction of the lock we held +// before acquiring. Remembering the fraction is important to ensure that we +// reproduce the right fraction of the lock predicate when we release the lock. +// Otherwise, we can run into inconsistencies. +// `id` is the ID of the acquired lock, i.e., either `taskLockID_f` or +// `isrLockID_f`. predicate locked_p(list< pair > lockHistory); @*/ @@ -88,11 +114,13 @@ predicate locked_p(list< pair > lockHistory); /*@ fixpoint int taskLockID_f(); -// Represents an acquired task lock. +// Represents an unacquired task lock. predicate taskLock_p(); // Represents the invariant associated with the the task lock, i.e., -// access permissions to the resources protected by the lock. +// access permissions to the resources and code regions protected by the lock. +// These are not relevant to the context-switch proof. Therefore, we leave the +// predicate abstract. predicate taskLockInv_p(); @*/ @@ -107,7 +135,9 @@ fixpoint int isrLockID_f(); predicate isrLock_p(); // Represents the invariant associated with the the ISR lock, i.e., -// access permissions to the resources protected by the lock. +// access permissions to the resources and code regions protected by the lock. +// These are not relevant to the context-switch proof. Therefore, we leave the +// predicate abstract. predicate isrLockInv_p(); @*/ @@ -120,6 +150,36 @@ predicate isrLockInv_p(); /*@ fixpoint int taskISRLockID_f(); +// Represents the access rights protected by both the task and the ISR lock. +// Note that FreeRTOS' locking discipline demands the the task lock must be +// acquired before the ISR lock. Once, both locks have been acquired in the +// right order, ths invariant can be produced by invoking the lemma +// `produce_taskISRLockInv` and it can be consumed by invoking +// `consume_taskISRLockInv`. The lemmas ensure that we follow the locking +// discipline. +// +// This invariant expresses fine grained access rights to the following: +// - some global variables: +// + Read permission to the entry of `pxCurrentTCBs` that stores a pointer +// to the task currenly running on the core `coreID_f` our proof currently +// considers. Together with the read permission from +// `coreLocalInterruptInv_p` we get write access to this entry once +// interrupts have been deactivated and both locks have been acquired. +// + Write permission to `uxSchedulerSuspended`. +// + Write permission to `xSchedulerRunning`. +// + Write permission to `uxTopReadyPriority`. This variable stores to top +// priority for which there is a task that is ready to be scheduled. +// - Write access to the ready lists. +// - Fine-grained access permissions for task run states: +// + (RP-All) Read permission for every task. +// + (RP-Current) Read permission for task currently scheduled on this core. +// Together, (RP-All) and (RP-Current) give us a write permission for +// task scheduled on this core. +// + (RP-Unsched) Read permissions for unscheduled tasks. +// Together, (RP-All) and (RP-Unsched) give us write permissions for all +// unscheduled tasks. +// Note that these permissions do not allow us to change the run state of any +// task that is currently scheduled on another core. predicate taskISRLockInv_p() = _taskISRLockInv_p(_); diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/port_contracts.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/port_contracts.h deleted file mode 100644 index a72b5759788..00000000000 --- a/Test/VeriFast/tasks/vTaskSwitchContext/proof/port_contracts.h +++ /dev/null @@ -1,76 +0,0 @@ -#ifndef PORT_CONTRACTS_H -#define PORT_CONTRACTS_H - - -// We want our proofs to hold for an arbitrary number of cores. -#undef portGET_CORE_ID -#define portGET_CORE_ID() VF__get_core_num() - -/* FreeRTOS core id is always zero based.*/ -static uint VF__get_core_num(void); -//@ requires true; -/*@ ensures 0 <= result &*& result < configNUM_CORES &*& - result == coreID_f(); -@*/ - -/*@ -// Allow reference to core id in proofs. -fixpoint uint coreID_f(); - -lemma void coreID_f_range(); -requires true; -ensures 0 <= coreID_f() &*& coreID_f() < configNUM_CORES; -@*/ - - - - -#undef portDISABLE_INTERRUPTS -#define portDISABLE_INTERRUPTS VF__portDISABLE_INTERRUPTS -uint32_t VF__portDISABLE_INTERRUPTS(); -//@ requires interruptState_p(?coreID, ?state); -/*@ ensures result == state &*& - interruptState_p(coreID, ?newState) &*& - interruptsDisabled_f(newState) == true &*& - interruptsDisabled_f(state) == true - ? newState == state - : coreLocalInterruptInv_p(); -@*/ - -#undef portRESTORE_INTERRUPTS -#define portRESTORE_INTERRUPTS(ulState) VF__portRESTORE_INTERRUPTS(ulState) -void VF__portRESTORE_INTERRUPTS(uint32_t ulState); -/*@ requires interruptState_p(?coreID, ?tmpState) &*& - (interruptsDisabled_f(tmpState) == true && interruptsDisabled_f(ulState) == false) - ? coreLocalInterruptInv_p() - : true; - @*/ -/*@ ensures interruptState_p(coreID, ulState); -@*/ - -#undef portGET_TASK_LOCK -#define portGET_TASK_LOCK VF__portGET_TASK_LOCK -void VF__portGET_TASK_LOCK(); -//@ requires [?f]taskLock_p() &*& locked_p(nil); -//@ ensures taskLockInv_p() &*& locked_p( cons( pair(f, taskLockID_f()), nil) ); - -#undef portRELEASE_TASK_LOCK -#define portRELEASE_TASK_LOCK VF__portRELEASE_TASK_LOCK -void VF__portRELEASE_TASK_LOCK(); -//@ requires taskLockInv_p() &*& locked_p( cons( pair(?f, taskLockID_f()), nil) ); -//@ ensures [f]taskLock_p() &*& locked_p(nil); - -#undef portGET_ISR_LOCK -#define portGET_ISR_LOCK VF__portGET_ISR_LOCK -void VF__portGET_ISR_LOCK(); -//@ requires [?f]isrLock_p() &*& locked_p(?heldLocks); -//@ ensures isrLockInv_p() &*& locked_p( cons( pair(f, isrLockID_f()), heldLocks) ); - -#undef portRELEASE_ISR_LOCK -#define portRELEASE_ISR_LOCK VF__portRELEASE_ISR_LOCK -void VF__portRELEASE_ISR_LOCK(); -//@ requires isrLockInv_p() &*& locked_p( cons( pair(?f, isrLockID_f()), ?heldLocks) ); -//@ ensures [f]isrLock_p() &*& locked_p(heldLocks); - - -#endif /* PORT_CONTRACTS_H */ \ No newline at end of file diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/proof/port_locking_contracts.h b/Test/VeriFast/tasks/vTaskSwitchContext/proof/port_locking_contracts.h new file mode 100644 index 00000000000..a7dc6fe7987 --- /dev/null +++ b/Test/VeriFast/tasks/vTaskSwitchContext/proof/port_locking_contracts.h @@ -0,0 +1,159 @@ +#ifndef PORT_CONTRACTS_H +#define PORT_CONTRACTS_H + +/* This file defines function contracts for the macros used to invoke + * synchronization mechanisms, e.g., masking interrupts and acquiring locks. + * The definitions of these macros are port-specific and involve inline + * assembly. VeriFast cannot reason about assembly. Hence, we have to + * abstract the assembly's semantics with these contracts. + * + * Note that we cannot verify that the contracts' correctness. We have to treat + * their correctness as a proof assumption. + * + * Moreover, together with the invariants defined in the proof header + * `lock_predicates.h`, the below contracts define the locking discipline that + * our proof relies on. The file `lock_predicates.h` contains a more detailed + * explanation of the locking discipline. + * + * In short: + * - Data that is only meant to be accessed by the a specific core is protected + * by deactivating interrupts on this core. Access permissions are expressed + * by `coreLocalInterruptInv_p`. + * - The task lock and the ISR lock (i.e. interrupt lock) themselves protect + * data and code regions irrelevant to the switch-context proof. Hence, + * the respective invariants are left abstract, cf. `taskLockInv_p` and + * `isrLockInv_p`. + * - FreeRTOS' locking discipline demands that the task lock is acquired before + * and released after the ISR lock. The contracts defined below ensure that + * we follow this locking discipline. + * - The ready lists and the task run states (i.e. the data most important to + * the context-switch proof) is protected by a combination of the task lock + * and the ISR lock. That is, this data must only be accessed when both + * locks have been acquired in the right order. The invariant + * `taskISRLockInv_p` expresses these access rights. `lock_predicates.h` + * defines lemmas to produce and consume this invariant. The lemmas ensure + * that we only produce the invariant when both locks have been acquired in + * the right order. + */ + +// We want our proofs to hold for an arbitrary number of cores. +#undef portGET_CORE_ID +#define portGET_CORE_ID() VF__get_core_num() + +/* FreeRTOS core id is always zero based.*/ +static uint VF__get_core_num(void); +//@ requires true; +/*@ ensures 0 <= result &*& result < configNUM_CORES &*& + result == coreID_f(); +@*/ + +/*@ +// This contant allows proofs to talk about the ID of the core that the +// function we verify is running on. The verified function's contract must +// ensure that this constant holds the value of the current core. +fixpoint uint coreID_f(); + +lemma void coreID_f_range(); +requires true; +ensures 0 <= coreID_f() &*& coreID_f() < configNUM_CORES; +@*/ + + + + +/* In FreeRTOS interrupts are masked to protect core-local data. + * The invariant `coreLocalInterruptInv_p` expresses what data the masking + * of interrupts protects on a specific core, cf., `lock_predicates.h`. + * + * Deactivating the interrupts on the current core produces the invariant + * `coreLocalInterruptInv_p()` and thereby gives us the permission to access + * the protected data. + */ +#undef portDISABLE_INTERRUPTS +#define portDISABLE_INTERRUPTS VF__portDISABLE_INTERRUPTS +uint32_t VF__portDISABLE_INTERRUPTS(); +//@ requires interruptState_p(?coreID, ?state); +/*@ ensures result == state &*& + interruptState_p(coreID, ?newState) &*& + interruptsDisabled_f(newState) == true &*& + interruptsDisabled_f(state) == true + ? newState == state + : coreLocalInterruptInv_p(); +@*/ + + +/* This macro is used to restore the interrupt state (activated or deactivated) + * to a specific value. When an invokation sets the state from deactivated to + * activated, the invariant `coreLocalInterruptInv_p()` is consumed. + * Thereby, we lose the permission to access the core-local data protected + * by the deactivation of interrupts on this core. + */ +#undef portRESTORE_INTERRUPTS +#define portRESTORE_INTERRUPTS(ulState) VF__portRESTORE_INTERRUPTS(ulState) +void VF__portRESTORE_INTERRUPTS(uint32_t ulState); +/*@ requires interruptState_p(?coreID, ?tmpState) &*& + (interruptsDisabled_f(tmpState) == true && interruptsDisabled_f(ulState) == false) + ? coreLocalInterruptInv_p() + : true; + @*/ +/*@ ensures interruptState_p(coreID, ulState); +@*/ + + +/* This macro is used to acquire the task lock. The task lock on its own + * protects data and core regions that are not relevant to the context-switch + * proof. Hence, an invocation produces an abstract invariant `taskLockInv_p()` + * and updates the locking history `locked_p(...)` to log that the task log + * has been acquired. + * + * FreeRTOS' locking discipline requires that the task lock must be acquired + * before the ISR lock. The precondition `locked_p(nil)` only allows + * invocations of this macro when no lock has been acquired, yet. + */ +#undef portGET_TASK_LOCK +#define portGET_TASK_LOCK VF__portGET_TASK_LOCK +void VF__portGET_TASK_LOCK(); +//@ requires [?f]taskLock_p() &*& locked_p(nil); +//@ ensures taskLockInv_p() &*& locked_p( cons( pair(f, taskLockID_f()), nil) ); + + +/* This macro is used to release the task lock. An invocation consumes the + * task lock invariant `taskLockInv_p` and updates the locking history + * `locked_p(...)` to reflect the release. + * + * FreeRTOS' locking discipline demands that the task lock must be acquired + * before and released after the ISR lock. The precondition + * `locked_p( cons( pair(?f, taskLockID_f()), nil) )` only allows calls to this + * macro when we can prove that we only hold the task lock. + * */ +#undef portRELEASE_TASK_LOCK +#define portRELEASE_TASK_LOCK VF__portRELEASE_TASK_LOCK +void VF__portRELEASE_TASK_LOCK(); +//@ requires taskLockInv_p() &*& locked_p( cons( pair(?f, taskLockID_f()), nil) ); +//@ ensures [f]taskLock_p() &*& locked_p(nil); + + +/* This macro is used to acquire the ISR lock (i.e. interrupt lock). An + * invocation produces the abstract ISR lock invariant `isrLock_p` and + * updates the locking history `locked_p(...)` to reflect that the lock has + * been acquired. + */ +#undef portGET_ISR_LOCK +#define portGET_ISR_LOCK VF__portGET_ISR_LOCK +void VF__portGET_ISR_LOCK(); +//@ requires [?f]isrLock_p() &*& locked_p(?heldLocks); +//@ ensures isrLockInv_p() &*& locked_p( cons( pair(f, isrLockID_f()), heldLocks) ); + + +/* This macro is used to release the ISR lock (i.e. interrupt lock). A call + * consumes the ISR lock invariant and updates the locking history + * `locked_p(...)` to reflect the release. + */ +#undef portRELEASE_ISR_LOCK +#define portRELEASE_ISR_LOCK VF__portRELEASE_ISR_LOCK +void VF__portRELEASE_ISR_LOCK(); +//@ requires isrLockInv_p() &*& locked_p( cons( pair(?f, isrLockID_f()), ?heldLocks) ); +//@ ensures [f]isrLock_p() &*& locked_p(heldLocks); + + +#endif /* PORT_CONTRACTS_H */ \ No newline at end of file diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c b/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c index 78901121fa0..1506b11cea3 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c +++ b/Test/VeriFast/tasks/vTaskSwitchContext/src/tasks.c @@ -79,7 +79,7 @@ #include "task_predicates.h" #include "ready_list_predicates.h" #include "asm.h" - #include "port_contracts.h" + #include "port_locking_contracts.h" #include "lock_predicates.h" #include "verifast_lists_extended.h" #include "single_core_proofs/scp_list_predicates.h" From c57b62a3dc7031fb80044b802f632c4fb98061e4 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 4 Jan 2023 12:32:28 -0500 Subject: [PATCH 288/289] Added some guidance on how to read the proof. --- Test/VeriFast/tasks/vTaskSwitchContext/README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/README.md index 561603fd659..630c8a79539 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/README.md +++ b/Test/VeriFast/tasks/vTaskSwitchContext/README.md @@ -198,6 +198,17 @@ Both scripts expect the command line arguments explained below. - \ is an optional argument specifying the IDE's font size. +# Reading the Proof +The most important aspects that we have to understand in order to understand the proof are the following, in this order: + - The locking discipline, cf. `proof/port_locking_contracts.h` + - The lock invariants, cf. `proof/lock_predicates.h`. The invariants use the ready list and task predicates defined in `proof/ready_list_predicates.h` and `task_predicates.h`. + - The contracts for the functions we verified, i.e., `vTaskSwitchContext` and `prvSelectHighestPriorityTask`, cf. `src/tasks.c`. + +We propose to first skim the above mentioned files -- in the given order -- and the documentation they provide to get an overview of how the proof is structured. + + + + # Maintaining the Proof This directory contains annotated copies of FreeRTOS source and header files. The annotations in these files tell VeriFast which functions it should verify and what the proof looks like. From 2af93b5bd1d1da158ac8bbbe4573834304d683c1 Mon Sep 17 00:00:00 2001 From: Tobias Reinhard <16916681+tobireinhard@users.noreply.github.com> Date: Wed, 4 Jan 2023 14:16:24 -0500 Subject: [PATCH 289/289] Expanded section in README on how to read the proof. --- .../tasks/vTaskSwitchContext/README.md | 31 ++++++++++++++++--- 1 file changed, 26 insertions(+), 5 deletions(-) diff --git a/Test/VeriFast/tasks/vTaskSwitchContext/README.md b/Test/VeriFast/tasks/vTaskSwitchContext/README.md index 630c8a79539..aac8223fe62 100644 --- a/Test/VeriFast/tasks/vTaskSwitchContext/README.md +++ b/Test/VeriFast/tasks/vTaskSwitchContext/README.md @@ -199,12 +199,33 @@ Both scripts expect the command line arguments explained below. # Reading the Proof -The most important aspects that we have to understand in order to understand the proof are the following, in this order: - - The locking discipline, cf. `proof/port_locking_contracts.h` - - The lock invariants, cf. `proof/lock_predicates.h`. The invariants use the ready list and task predicates defined in `proof/ready_list_predicates.h` and `task_predicates.h`. - - The contracts for the functions we verified, i.e., `vTaskSwitchContext` and `prvSelectHighestPriorityTask`, cf. `src/tasks.c`. +The most important aspects any reader has to know about before they can understand the proof are the locking discipline and the lock invariants. +We suggest to read the proof in a top-down approach. +That is, the reader should start by reading the documentation and definitions of the most important concepts. +Afterwards, we suggest to continue by reading the most important parts of the verified functions: +The contracts and the loop invariants. +Only once these are understood, we suggest to read the low-level proof annotations in the verified functions (e.g. open/close statements, lemma calls). + +We propose the following order: + 1. The locking discipline, formalized and documented in `proof/port_locking_contracts.h`. + + FreeRTOS uses macros to invoke synchronization mechanisms (activating/deactivating interrupts and acquiring/releasing locks). + The definitions of these macros are port-specific. + The file `proof/port_locking_contracts.h` contains contracts abstracting the port-specific definitions and formalizing the synchronization mechanisms and the locking discipline, e.g., the order in which locks have to be acquired. + + 2. The lock invariants, formalized and documented in `proof/lock_predicates.h`. + + The invariants express which resources the locks and the masking of interrupts protect. + When we acquire a lock or deactivate interrupts, the invariants determine which level of access permissions (i.e. read or write access) we get for the protected resources. + Since the locks protect the ready lists and task control blocks, the invariants reference the ready list and task predicates defined in `proof/ready_list_predicates.h` and `task_predicates.h`. + + 3. The contracts for the functions we verified, i.e., `vTaskSwitchContext` and `prvSelectHighestPriorityTask`, cf. `src/tasks.c`. + + 4. The loop invariants in `prvSelectHighestPriorityTask`. + + 5. The low-level proof annotations in `vTaskSwitchContext` and `prvSelectHighestPriorityTask`, e.g., open/close statements and lemma calls. + -We propose to first skim the above mentioned files -- in the given order -- and the documentation they provide to get an overview of how the proof is structured.