Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verification of message size #579

Closed
treiher opened this issue Feb 22, 2021 · 2 comments · Fixed by #588
Closed

Verification of message size #579

treiher opened this issue Feb 22, 2021 · 2 comments · Fixed by #588
Assignees
@treiher
Labels
bug model Related to model package (e.g., model verification)
Projects
RecordFlux 0.5

Comments

@treiher
Copy link
Collaborator

treiher commented Feb 22, 2021
edited
Loading

In the generated SPARK code messages must be byte-aligned. This also applies to messages in sequences. The bit size of all messages (in a sequence) must be a multiple of eight.

The following specification should be rejected, as one instance of TLV::Message has a size of just 2 bit:

package TLV is

   type Tag is (Msg_Data => 1, Msg_Error => 3) with Size => 2;
   type Length is mod 2**14;

   type Message is
      message
         Tag    : Tag
            then Length
               if Tag = Msg_Data
            then null
               if Tag = Msg_Error;
         Length : Length
            then Value
               with Size => Length * 8;
         Value  : Opaque;
       end message;

   type Messages is array of Message;

end TLV;
@treiher treiher added bug model Related to model package (e.g., model verification) labels Feb 22, 2021
@treiher treiher added this to To do in RecordFlux 0.7 via automation Feb 22, 2021
@treiher
Copy link
Collaborator Author

treiher commented Feb 26, 2021

Allowing messages with a bit size which is not a multiple of eight complicates the generated SPARK code. Since I am not aware of any real-world example where this is the case, I would argue for a general prohibition of such message specifications. @senier Do you have any objections to that?

@treiher treiher removed this from To do in RecordFlux 0.7 Feb 26, 2021
@treiher treiher added this to To do in RecordFlux 0.5 via automation Feb 26, 2021
@treiher treiher moved this from To do to In progress in RecordFlux 0.5 Feb 26, 2021
@senier
Copy link
Member

senier commented Feb 26, 2021

We had a similar discussion for RecordFuzz lately. I'm not aware of such a protocol either (and, in all cases the underlying representation will be bytes anyways - what values will the last 1-7 bit have if the message size is not multiple of 8 bit). We should implement a model verification step that proofs that the size is multiple of 8 bit on all paths.

@treiher treiher changed the title Verification of size compatibility for sequences Verification of message size Feb 26, 2021
@treiher treiher moved this from In progress to Done in RecordFlux 0.5 Feb 26, 2021
treiher added a commit that referenced this issue Feb 26, 2021
@treiher
Ensure message size is multiple of 8 bit
0ff4efe 
Ref. #579
@treiher treiher mentioned this issue Feb 26, 2021
Merged
42 tasks
treiher added a commit that referenced this issue Mar 3, 2021
@treiher
Ensure message size is multiple of 8 bit
60efbe2 
Ref. #579
treiher added a commit that referenced this issue Mar 4, 2021
@treiher
Ensure message size is multiple of 8 bit
524c8e4 
Ref. #579
treiher added a commit that referenced this issue Mar 5, 2021
@treiher
Ensure message size is multiple of 8 bit
149052e 
Ref. #579
RecordFlux 0.5 automation moved this from Done to Merged Mar 5, 2021
treiher added a commit that referenced this issue Mar 5, 2021
@treiher
Ensure message size is multiple of 8 bit
6d4179e 
Ref. #579
@treiher treiher mentioned this issue Aug 4, 2021
Closed
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@treiher treiher

Labels
bug model Related to model package (e.g., model verification)
Projects
No open projects
RecordFlux 0.5
  
Merged
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Issue 579: Ensure message size is multiple of 8 bit AdaCore/RecordFlux
2 participants
@senier @treiher