mirror of
https://github.com/FreeRTOS/coreMQTT
synced 2025-07-04 18:47:43 +08:00
3d1ba3bb59
CBMC proofs for: MQTT_SerializeAck() MQTT_SerializeDisconnect() MQTT_SerializePingreq() MQTT_SerializePublish() MQTT_SerializePublishHeader MQTT_SerializeSubscribe() MQTT_SerializeUnsubscribe()
202 lines
6.5 KiB
C
202 lines
6.5 KiB
C
/*
|
|
* Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
|
*
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy of
|
|
* this software and associated documentation files (the "Software"), to deal in
|
|
* the Software without restriction, including without limitation the rights to
|
|
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
|
* the Software, and to permit persons to whom the Software is furnished to do so,
|
|
* subject to the following conditions:
|
|
*
|
|
* The above copyright notice and this permission notice shall be included in all
|
|
* copies or substantial portions of the Software.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
|
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
|
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
|
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
|
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
*/
|
|
#include <stdint.h>
|
|
#include <stdlib.h>
|
|
#include "mqtt_cbmc_state.h"
|
|
|
|
/* A default bound on the subscription count. Iterating over possibly SIZE_MAX
|
|
* number of subscriptions does not add any value to the proofs. An application
|
|
* can allocate memory for as many subscriptions as their system can handle.
|
|
* The proofs verify that the code can handle the maximum topicFilterLength in
|
|
* each subscription. */
|
|
#ifndef SUBSCRIPTION_COUNT_MAX
|
|
#define SUBSCRIPTION_COUNT_MAX 1U
|
|
#endif
|
|
|
|
void * mallocCanFail( size_t size )
|
|
{
|
|
__CPROVER_assert( size < CBMC_MAX_OBJECT_SIZE, "mallocCanFail size is too big" );
|
|
return nondet_bool() ? NULL : malloc( size );
|
|
}
|
|
|
|
MQTTPacketInfo_t * allocateMqttPacketInfo( MQTTPacketInfo_t * pPacketInfo )
|
|
{
|
|
if( pPacketInfo == NULL )
|
|
{
|
|
pPacketInfo = mallocCanFail( sizeof( MQTTPacketInfo_t ) );
|
|
}
|
|
|
|
if( pPacketInfo != NULL )
|
|
{
|
|
__CPROVER_assume( pPacketInfo->remainingLength < CBMC_MAX_OBJECT_SIZE );
|
|
pPacketInfo->pRemainingData = mallocCanFail( pPacketInfo->remainingLength );
|
|
}
|
|
|
|
return pPacketInfo;
|
|
}
|
|
|
|
bool isValidMqttPacketInfo( const MQTTPacketInfo_t * pPacketInfo )
|
|
{
|
|
bool isValid = true;
|
|
|
|
if( pPacketInfo != NULL )
|
|
{
|
|
isValid = pPacketInfo->remainingLength < CBMC_MAX_OBJECT_SIZE;
|
|
}
|
|
|
|
return isValid;
|
|
}
|
|
|
|
MQTTPublishInfo_t * allocateMqttPublishInfo( MQTTPublishInfo_t * pPublishInfo )
|
|
{
|
|
if( pPublishInfo == NULL )
|
|
{
|
|
pPublishInfo = mallocCanFail( sizeof( MQTTPublishInfo_t ) );
|
|
}
|
|
|
|
if( pPublishInfo != NULL )
|
|
{
|
|
__CPROVER_assume( pPublishInfo->topicNameLength < CBMC_MAX_OBJECT_SIZE );
|
|
pPublishInfo->pTopicName = mallocCanFail( pPublishInfo->topicNameLength );
|
|
__CPROVER_assume( pPublishInfo->payloadLength < CBMC_MAX_OBJECT_SIZE );
|
|
pPublishInfo->pPayload = mallocCanFail( pPublishInfo->payloadLength );
|
|
}
|
|
|
|
return pPublishInfo;
|
|
}
|
|
|
|
bool isValidMqttPublishInfo( const MQTTPublishInfo_t * pPublishInfo )
|
|
{
|
|
bool isValid = true;
|
|
|
|
if( pPublishInfo != NULL )
|
|
{
|
|
bool validQos = ( ( pPublishInfo->qos >= MQTTQoS0 ) &&
|
|
( pPublishInfo->qos <= MQTTQoS2 ) );
|
|
|
|
bool validTopicNameLength = pPublishInfo->topicNameLength < CBMC_MAX_OBJECT_SIZE;
|
|
bool validPayloadLength = pPublishInfo->payloadLength < CBMC_MAX_OBJECT_SIZE;
|
|
|
|
isValid = validQos && validTopicNameLength && validPayloadLength;
|
|
}
|
|
|
|
return isValid;
|
|
}
|
|
|
|
MQTTConnectInfo_t * allocateMqttConnectInfo( MQTTConnectInfo_t * pConnectInfo )
|
|
{
|
|
if( pConnectInfo == NULL )
|
|
{
|
|
pConnectInfo = mallocCanFail( sizeof( MQTTConnectInfo_t ) );
|
|
}
|
|
|
|
if( pConnectInfo != NULL )
|
|
{
|
|
__CPROVER_assume( pConnectInfo->clientIdentifierLength < CBMC_MAX_OBJECT_SIZE );
|
|
pConnectInfo->pClientIdentifier = mallocCanFail( pConnectInfo->clientIdentifierLength );
|
|
__CPROVER_assume( pConnectInfo->userNameLength < CBMC_MAX_OBJECT_SIZE );
|
|
pConnectInfo->pUserName = mallocCanFail( pConnectInfo->userNameLength );
|
|
__CPROVER_assume( pConnectInfo->passwordLength < CBMC_MAX_OBJECT_SIZE );
|
|
pConnectInfo->pPassword = mallocCanFail( pConnectInfo->passwordLength );
|
|
}
|
|
|
|
return pConnectInfo;
|
|
}
|
|
|
|
bool isValidMqttConnectInfo( const MQTTConnectInfo_t * pConnectInfo )
|
|
{
|
|
bool isValid = true;
|
|
|
|
if( pConnectInfo != NULL )
|
|
{
|
|
isValid = isValid && ( pConnectInfo->clientIdentifierLength < CBMC_MAX_OBJECT_SIZE );
|
|
isValid = isValid && ( pConnectInfo->userNameLength < CBMC_MAX_OBJECT_SIZE );
|
|
isValid = isValid && ( pConnectInfo->passwordLength < CBMC_MAX_OBJECT_SIZE );
|
|
}
|
|
|
|
return isValid;
|
|
}
|
|
|
|
MQTTFixedBuffer_t * allocateMqttFixedBuffer( MQTTFixedBuffer_t * pFixedBuffer )
|
|
{
|
|
if( pFixedBuffer == NULL )
|
|
{
|
|
pFixedBuffer = mallocCanFail( sizeof( MQTTFixedBuffer_t ) );
|
|
}
|
|
|
|
if( pFixedBuffer != NULL )
|
|
{
|
|
__CPROVER_assume( pFixedBuffer->size < CBMC_MAX_OBJECT_SIZE );
|
|
pFixedBuffer->pBuffer = mallocCanFail( pFixedBuffer->size );
|
|
}
|
|
|
|
return pFixedBuffer;
|
|
}
|
|
|
|
bool isValidMqttFixedBuffer( const MQTTFixedBuffer_t * pFixedBuffer )
|
|
{
|
|
bool isValid = true;
|
|
|
|
if( pFixedBuffer != NULL )
|
|
{
|
|
isValid = pFixedBuffer->size < CBMC_MAX_OBJECT_SIZE;
|
|
}
|
|
|
|
return isValid;
|
|
}
|
|
|
|
MQTTSubscribeInfo_t * allocateMqttSubscriptionList( MQTTSubscribeInfo_t * pSubscriptionList,
|
|
size_t subscriptionCount )
|
|
{
|
|
if( pSubscriptionList == NULL )
|
|
{
|
|
__CPROVER_assume( sizeof( MQTTSubscribeInfo_t ) * subscriptionCount < CBMC_MAX_OBJECT_SIZE );
|
|
pSubscriptionList = mallocCanFail( sizeof( MQTTSubscribeInfo_t ) * subscriptionCount );
|
|
}
|
|
|
|
if( pSubscriptionList != NULL )
|
|
{
|
|
for( int i = 0; i < subscriptionCount; i++ )
|
|
{
|
|
__CPROVER_assume( pSubscriptionList[ i ].topicFilterLength < CBMC_MAX_OBJECT_SIZE );
|
|
pSubscriptionList[ i ].pTopicFilter = mallocCanFail( pSubscriptionList[ i ].topicFilterLength );
|
|
}
|
|
}
|
|
|
|
return pSubscriptionList;
|
|
}
|
|
|
|
bool isValidMqttSubscriptionList( MQTTSubscribeInfo_t * pSubscriptionList,
|
|
size_t subscriptionCount )
|
|
{
|
|
bool isValid = true;
|
|
|
|
if( pSubscriptionList != NULL )
|
|
{
|
|
for( int i = 0; i < subscriptionCount; i++ )
|
|
{
|
|
isValid = isValid && ( pSubscriptionList[ i ].topicFilterLength < CBMC_MAX_OBJECT_SIZE );
|
|
}
|
|
}
|
|
|
|
return isValid;
|
|
}
|