-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Verification of message size #579
Comments
Allowing messages with a bit size which is not a multiple of eight complicates the generated SPARK code. Since I am not aware of any real-world example where this is the case, I would argue for a general prohibition of such message specifications. @senier Do you have any objections to that? |
We had a similar discussion for RecordFuzz lately. I'm not aware of such a protocol either (and, in all cases the underlying representation will be bytes anyways - what values will the last 1-7 bit have if the message size is not multiple of 8 bit). We should implement a model verification step that proofs that the size is multiple of 8 bit on all paths. |
In the generated SPARK code messages must be byte-aligned. This also applies to messages in sequences. The bit size of all messages (in a sequence) must be a multiple of eight.
The following specification should be rejected, as one instance of
TLV::Message
has a size of just 2 bit:The text was updated successfully, but these errors were encountered: