CCSDS Proximity-1 Space Link Protocol (211.0-B)
proximity1: add FrameLength >= 7 self_constraint, generate C test
The EverParse .3d subtraction (FrameLength - 7) requires an SMT proof
that the value won't underflow. Add ~self_constraint on FrameLength
so the .3d emits { (FrameLength >= 7) } and F* verification passes.
+944
-3
+243
c/EverParse.h
+243
c/EverParse.h
···
1
+
/*++
2
+
3
+
Copyright (c) Microsoft Corporation
4
+
5
+
Module Name:
6
+
7
+
EverParse.h
8
+
9
+
Abstract:
10
+
11
+
This is an EverParse-generated file that contains common auxiliary
12
+
functions for EverParse-generated verified data validators.
13
+
14
+
This file was generated by EverParse v2026.02.25
15
+
16
+
Authors:
17
+
18
+
nswamy, protz, taramana 5-Feb-2020
19
+
20
+
--*/
21
+
22
+
23
+
#ifndef EverParse_H
24
+
#define EverParse_H
25
+
26
+
#if defined(__cplusplus)
27
+
extern "C" {
28
+
#endif
29
+
30
+
#include "EverParseEndianness.h"
31
+
32
+
static inline uint8_t EverParseGetBitfield8(uint8_t Value, uint32_t BitsFrom, uint32_t BitsTo)
33
+
{
34
+
uint8_t op1 = (uint32_t)Value << (8U - BitsTo);
35
+
return (uint32_t)op1 >> (8U - BitsTo + BitsFrom);
36
+
}
37
+
38
+
static inline uint16_t
39
+
EverParseGetBitfield16(uint16_t Value, uint32_t BitsFrom, uint32_t BitsTo)
40
+
{
41
+
uint16_t bf = (uint32_t)Value << (16U - BitsTo);
42
+
return (uint32_t)bf >> (16U - BitsTo + BitsFrom);
43
+
}
44
+
45
+
static inline uint32_t
46
+
EverParseGetBitfield32(uint32_t Value, uint32_t BitsFrom, uint32_t BitsTo)
47
+
{
48
+
return Value << (32U - BitsTo) >> (32U - BitsTo + BitsFrom);
49
+
}
50
+
51
+
static inline uint64_t
52
+
EverParseGetBitfield64(uint64_t Value, uint32_t BitsFrom, uint32_t BitsTo)
53
+
{
54
+
return Value << (64U - BitsTo) >> (64U - BitsTo + BitsFrom);
55
+
}
56
+
57
+
static inline uint8_t
58
+
EverParseGetBitfield8MsbFirst(uint8_t Value, uint32_t BitsFrom, uint32_t BitsTo)
59
+
{
60
+
return EverParseGetBitfield8(Value, 8U - BitsTo, 8U - BitsFrom);
61
+
}
62
+
63
+
static inline uint16_t
64
+
EverParseGetBitfield16MsbFirst(uint16_t Value, uint32_t BitsFrom, uint32_t BitsTo)
65
+
{
66
+
return EverParseGetBitfield16(Value, 16U - BitsTo, 16U - BitsFrom);
67
+
}
68
+
69
+
static inline uint32_t
70
+
EverParseGetBitfield32MsbFirst(uint32_t Value, uint32_t BitsFrom, uint32_t BitsTo)
71
+
{
72
+
return EverParseGetBitfield32(Value, 32U - BitsTo, 32U - BitsFrom);
73
+
}
74
+
75
+
static inline uint64_t
76
+
EverParseGetBitfield64MsbFirst(uint64_t Value, uint32_t BitsFrom, uint32_t BitsTo)
77
+
{
78
+
return EverParseGetBitfield64(Value, 64U - BitsTo, 64U - BitsFrom);
79
+
}
80
+
81
+
#define EVERPARSE_VALIDATOR_MAX_LENGTH (1152921504606846975ULL)
82
+
83
+
static inline BOOLEAN EverParseIsError(uint64_t PositionOrError)
84
+
{
85
+
return PositionOrError > EVERPARSE_VALIDATOR_MAX_LENGTH;
86
+
}
87
+
88
+
static inline BOOLEAN EverParseIsSuccess(uint64_t PositionOrError)
89
+
{
90
+
return PositionOrError <= EVERPARSE_VALIDATOR_MAX_LENGTH;
91
+
}
92
+
93
+
static inline uint64_t EverParseSetValidatorErrorPos(uint64_t Error, uint64_t Position)
94
+
{
95
+
return (Error & 17293822569102704640ULL) | Position << 0U;
96
+
}
97
+
98
+
static inline uint64_t EverParseGetValidatorErrorPos(uint64_t X)
99
+
{
100
+
return (X & 1152921504606846975ULL) >> 0U;
101
+
}
102
+
103
+
static inline uint64_t EverParseSetValidatorErrorKind(uint64_t Error, uint64_t Code)
104
+
{
105
+
return (Error & 1152921504606846975ULL) | Code << 60U;
106
+
}
107
+
108
+
static inline uint64_t EverParseGetValidatorErrorKind(uint64_t Error)
109
+
{
110
+
return (Error & 17293822569102704640ULL) >> 60U;
111
+
}
112
+
113
+
#define EVERPARSE_VALIDATOR_ERROR_GENERIC (1152921504606846976ULL)
114
+
115
+
#define EVERPARSE_VALIDATOR_ERROR_NOT_ENOUGH_DATA (2305843009213693952ULL)
116
+
117
+
#define EVERPARSE_VALIDATOR_ERROR_IMPOSSIBLE (3458764513820540928ULL)
118
+
119
+
#define EVERPARSE_VALIDATOR_ERROR_LIST_SIZE_NOT_MULTIPLE (4611686018427387904ULL)
120
+
121
+
#define EVERPARSE_VALIDATOR_ERROR_ACTION_FAILED (5764607523034234880ULL)
122
+
123
+
#define EVERPARSE_VALIDATOR_ERROR_CONSTRAINT_FAILED (6917529027641081856ULL)
124
+
125
+
#define EVERPARSE_VALIDATOR_ERROR_UNEXPECTED_PADDING (8070450532247928832ULL)
126
+
127
+
#define EVERPARSE_VALIDATOR_ERROR_PROBE_FAILED (9223372036854775808ULL)
128
+
129
+
static inline PRIMS_STRING EverParseErrorReasonOfResult(uint64_t Code)
130
+
{
131
+
switch (EverParseGetValidatorErrorKind(Code))
132
+
{
133
+
case 1ULL:
134
+
{
135
+
return "generic error";
136
+
}
137
+
case 2ULL:
138
+
{
139
+
return "not enough data";
140
+
}
141
+
case 3ULL:
142
+
{
143
+
return "impossible";
144
+
}
145
+
case 4ULL:
146
+
{
147
+
return "list size not multiple of element size";
148
+
}
149
+
case 5ULL:
150
+
{
151
+
return "action failed";
152
+
}
153
+
case 6ULL:
154
+
{
155
+
return "constraint failed";
156
+
}
157
+
case 7ULL:
158
+
{
159
+
return "unexpected padding";
160
+
}
161
+
case 8ULL:
162
+
{
163
+
return "probe failed";
164
+
}
165
+
default:
166
+
{
167
+
return "unspecified";
168
+
}
169
+
}
170
+
}
171
+
172
+
static inline uint64_t EverParseCheckConstraintOk(BOOLEAN Ok, uint64_t Position)
173
+
{
174
+
if (Ok)
175
+
{
176
+
return Position;
177
+
}
178
+
return EverParseSetValidatorErrorPos(EVERPARSE_VALIDATOR_ERROR_CONSTRAINT_FAILED, Position);
179
+
}
180
+
181
+
static inline BOOLEAN EverParseIsRangeOkay(uint32_t Size, uint32_t Offset, uint32_t AccessSize)
182
+
{
183
+
return Size >= AccessSize && (Size - AccessSize) >= Offset;
184
+
}
185
+
186
+
typedef struct EVERPARSE_ERROR_FRAME_s
187
+
{
188
+
BOOLEAN filled;
189
+
uint64_t start_pos;
190
+
PRIMS_STRING typename_s;
191
+
PRIMS_STRING fieldname;
192
+
PRIMS_STRING reason;
193
+
uint64_t error_code;
194
+
}
195
+
EVERPARSE_ERROR_FRAME;
196
+
197
+
typedef uint8_t *EVERPARSE_INPUT_BUFFER;
198
+
199
+
typedef void *EVERPARSE__LIVE;
200
+
201
+
static inline void
202
+
EverParseDefaultErrorHandler(
203
+
PRIMS_STRING TypenameS,
204
+
PRIMS_STRING Fieldname,
205
+
PRIMS_STRING Reason,
206
+
uint64_t ErrorCode,
207
+
EVERPARSE_ERROR_FRAME *Context,
208
+
uint8_t *Input,
209
+
uint64_t StartPos
210
+
)
211
+
{
212
+
KRML_MAYBE_UNUSED_VAR(Input);
213
+
if (!(*Context).filled)
214
+
{
215
+
*Context =
216
+
(
217
+
(EVERPARSE_ERROR_FRAME){
218
+
.filled = TRUE,
219
+
.start_pos = StartPos,
220
+
.typename_s = TypenameS,
221
+
.fieldname = Fieldname,
222
+
.reason = Reason,
223
+
.error_code = ErrorCode
224
+
}
225
+
);
226
+
return;
227
+
}
228
+
}
229
+
230
+
extern uint8_t *EverParseStreamOf(EVERPARSE_COPY_BUFFER_T uu___);
231
+
232
+
extern uint64_t EverParseStreamLen(EVERPARSE_COPY_BUFFER_T c);
233
+
234
+
typedef void *EVERPARSE_INV;
235
+
236
+
typedef void *EVERPARSE_LIVENESS_PRESERVED;
237
+
238
+
#if defined(__cplusplus)
239
+
}
240
+
#endif
241
+
242
+
#define EverParse_H_DEFINED
243
+
#endif /* EverParse_H */
+205
c/EverParseEndianness.h
+205
c/EverParseEndianness.h
···
1
+
/*++
2
+
3
+
Copyright (c) Microsoft Corporation
4
+
5
+
Module Name:
6
+
7
+
EverParseEndianness.h
8
+
9
+
Abstract:
10
+
11
+
This is an EverParse-related file to read integer values from raw
12
+
bytes.
13
+
14
+
Authors:
15
+
16
+
nswamy, protz, taramana 5-Feb-2020
17
+
18
+
--*/
19
+
/* This is a hand-written header that selectively includes relevant bits from
20
+
* krmllib.h -- it has to be updated manually to track upstream changes. */
21
+
22
+
#ifndef __EverParseEndianness_H
23
+
#define __EverParseEndianness_H
24
+
25
+
#if defined(__cplusplus)
26
+
extern "C" {
27
+
#endif
28
+
29
+
/*****************************************************************************
30
+
********* Implementation of LowStar.Endianness (selected bits) **************
31
+
*****************************************************************************/
32
+
33
+
#if defined(_MSC_VER)
34
+
# include <windows.h>
35
+
#endif
36
+
37
+
#include <string.h>
38
+
#include <stdint.h>
39
+
40
+
typedef const char * EVERPARSE_STRING;
41
+
typedef EVERPARSE_STRING PRIMS_STRING;
42
+
typedef void* EVERPARSE_COPY_BUFFER_T;
43
+
44
+
#ifndef KRML_MAYBE_UNUSED_VAR
45
+
# define KRML_MAYBE_UNUSED_VAR(x) (void)(x)
46
+
#endif
47
+
48
+
#ifndef KRML_HOST_IGNORE
49
+
# define KRML_HOST_IGNORE(x) (void)(x)
50
+
#endif
51
+
52
+
#ifndef KRML_HOST_PRINTF
53
+
# include <stdio.h>
54
+
# define KRML_HOST_PRINTF printf
55
+
#endif
56
+
57
+
#ifndef KRML_HOST_EXIT
58
+
# include <stdlib.h>
59
+
# define KRML_HOST_EXIT exit
60
+
#endif
61
+
62
+
#define KRML_CHECK_SIZE(size_elt, sz) \
63
+
do { \
64
+
if (((size_t)(sz)) > ((size_t)(SIZE_MAX / (size_elt)))) { \
65
+
KRML_HOST_PRINTF( \
66
+
"Maximum allocatable size exceeded, aborting before overflow at " \
67
+
"%s:%d\n", \
68
+
__FILE__, __LINE__); \
69
+
KRML_HOST_EXIT(253); \
70
+
} \
71
+
} while (0)
72
+
73
+
/* ... for Windows (MSVC)... not targeting XBOX 360! */
74
+
#if defined(_MSC_VER)
75
+
76
+
# include <stdlib.h>
77
+
78
+
# define htobe16(x) _byteswap_ushort(x)
79
+
# define htole16(x) (x)
80
+
# define be16toh(x) _byteswap_ushort(x)
81
+
# define le16toh(x) (x)
82
+
83
+
# define htobe32(x) _byteswap_ulong(x)
84
+
# define htole32(x) (x)
85
+
# define be32toh(x) _byteswap_ulong(x)
86
+
# define le32toh(x) (x)
87
+
88
+
# define htobe64(x) _byteswap_uint64(x)
89
+
# define htole64(x) (x)
90
+
# define be64toh(x) _byteswap_uint64(x)
91
+
# define le64toh(x) (x)
92
+
93
+
#else
94
+
95
+
typedef uint8_t BOOLEAN;
96
+
#define FALSE 0
97
+
#define TRUE 1
98
+
99
+
/* ... for Linux */
100
+
#if defined(__linux__) || defined(__CYGWIN__) || defined (__USE_SYSTEM_ENDIAN_H__)
101
+
# include <endian.h>
102
+
103
+
104
+
/* ... for OSX */
105
+
#elif defined(__APPLE__)
106
+
# include <libkern/OSByteOrder.h>
107
+
# define htole64(x) OSSwapHostToLittleInt64(x)
108
+
# define le64toh(x) OSSwapLittleToHostInt64(x)
109
+
# define htobe64(x) OSSwapHostToBigInt64(x)
110
+
# define be64toh(x) OSSwapBigToHostInt64(x)
111
+
112
+
# define htole16(x) OSSwapHostToLittleInt16(x)
113
+
# define le16toh(x) OSSwapLittleToHostInt16(x)
114
+
# define htobe16(x) OSSwapHostToBigInt16(x)
115
+
# define be16toh(x) OSSwapBigToHostInt16(x)
116
+
117
+
# define htole32(x) OSSwapHostToLittleInt32(x)
118
+
# define le32toh(x) OSSwapLittleToHostInt32(x)
119
+
# define htobe32(x) OSSwapHostToBigInt32(x)
120
+
# define be32toh(x) OSSwapBigToHostInt32(x)
121
+
122
+
/* ... for other BSDs */
123
+
#elif defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__)
124
+
# include <sys/endian.h>
125
+
#elif defined(__OpenBSD__)
126
+
# include <endian.h>
127
+
128
+
/* ... for Windows (GCC-like, e.g. mingw or clang) */
129
+
#elif (defined(_WIN32) || defined(_WIN64)) && \
130
+
(defined(__GNUC__) || defined(__clang__))
131
+
132
+
# define htobe16(x) __builtin_bswap16(x)
133
+
# define htole16(x) (x)
134
+
# define be16toh(x) __builtin_bswap16(x)
135
+
# define le16toh(x) (x)
136
+
137
+
# define htobe32(x) __builtin_bswap32(x)
138
+
# define htole32(x) (x)
139
+
# define be32toh(x) __builtin_bswap32(x)
140
+
# define le32toh(x) (x)
141
+
142
+
# define htobe64(x) __builtin_bswap64(x)
143
+
# define htole64(x) (x)
144
+
# define be64toh(x) __builtin_bswap64(x)
145
+
# define le64toh(x) (x)
146
+
147
+
#else
148
+
149
+
#error "Unsupported platform"
150
+
151
+
#endif
152
+
153
+
#endif
154
+
155
+
inline static uint16_t Load16(uint8_t *b) {
156
+
uint16_t x;
157
+
memcpy(&x, b, 2);
158
+
return x;
159
+
}
160
+
161
+
inline static uint32_t Load32(uint8_t *b) {
162
+
uint32_t x;
163
+
memcpy(&x, b, 4);
164
+
return x;
165
+
}
166
+
167
+
inline static uint64_t Load64(uint8_t *b) {
168
+
uint64_t x;
169
+
memcpy(&x, b, 8);
170
+
return x;
171
+
}
172
+
173
+
inline static void Store16(uint8_t *b, uint16_t i) {
174
+
memcpy(b, &i, 2);
175
+
}
176
+
177
+
inline static void Store32(uint8_t *b, uint32_t i) {
178
+
memcpy(b, &i, 4);
179
+
}
180
+
181
+
inline static void Store64(uint8_t *b, uint64_t i) {
182
+
memcpy(b, &i, 8);
183
+
}
184
+
185
+
#define Load16Le(b) (le16toh(Load16(b)))
186
+
#define Store16Le(b, i) (Store16(b, htole16(i)))
187
+
#define Load16Be(b) (be16toh(Load16(b)))
188
+
#define Store16Be(b, i) (Store16(b, htobe16(i)))
189
+
190
+
#define Load32Le(b) (le32toh(Load32(b)))
191
+
#define Store32Le(b, i) (Store32(b, htole32(i)))
192
+
#define Load32Be(b) (be32toh(Load32(b)))
193
+
#define Store32Be(b, i) (Store32(b, htobe32(i)))
194
+
195
+
#define Load64Le(b) (le64toh(Load64(b)))
196
+
#define Store64Le(b, i) (Store64(b, htole64(i)))
197
+
#define Load64Be(b) (be64toh(Load64(b)))
198
+
#define Store64Be(b, i) (Store64(b, htobe64(i)))
199
+
200
+
201
+
#if defined(__cplusplus)
202
+
}
203
+
#endif
204
+
205
+
#endif
+1
-1
c/Proximity1.3d
+1
-1
c/Proximity1.3d
···
15
15
UINT16BE Reserved : 2 {:act Proximity1SetU16BE(ctx, (UINT32) 3, Reserved); };
16
16
UINT8 SeqHi {:on-success Proximity1SetU8(ctx, (UINT32) 4, SeqHi); return true; };
17
17
UINT16BE SeqLo {:on-success Proximity1SetU16BE(ctx, (UINT32) 5, SeqLo); return true; };
18
-
UINT16BE FrameLength {:on-success Proximity1SetU16BE(ctx, (UINT32) 6, FrameLength); return true; };
18
+
UINT16BE FrameLength { (FrameLength >= 7) } {:on-success Proximity1SetU16BE(ctx, (UINT32) 6, FrameLength); return true; };
19
19
UINT8 Data[:byte-size (FrameLength - 7)] {:on-success Proximity1SetBytes(ctx, (UINT32) 7, (UINT32) 13); return true; };
20
20
} Proximity1;
21
21
+276
c/Proximity1.c
+276
c/Proximity1.c
···
1
+
2
+
3
+
#include "Proximity1.h"
4
+
5
+
#include "Proximity1_ExternalAPI.h"
6
+
7
+
uint64_t
8
+
Proximity1ValidateProximity1(
9
+
WIRECTX *Ctx,
10
+
uint8_t *Ctxt,
11
+
void
12
+
(*ErrorHandlerFn)(
13
+
EVERPARSE_STRING x0,
14
+
EVERPARSE_STRING x1,
15
+
EVERPARSE_STRING x2,
16
+
uint64_t x3,
17
+
uint8_t *x4,
18
+
uint8_t *x5,
19
+
uint64_t x6
20
+
),
21
+
uint8_t *Input,
22
+
uint64_t InputLength,
23
+
uint64_t StartPosition
24
+
)
25
+
{
26
+
/* Validating field __bitfield_0 */
27
+
/* Checking that we have enough space for a UINT16BE, i.e., 2 bytes */
28
+
BOOLEAN hasBytes0 = 2ULL <= (InputLength - StartPosition);
29
+
uint64_t positionAfterBitfield0;
30
+
if (hasBytes0)
31
+
{
32
+
positionAfterBitfield0 = StartPosition + 2ULL;
33
+
}
34
+
else
35
+
{
36
+
positionAfterBitfield0 =
37
+
EverParseSetValidatorErrorPos(EVERPARSE_VALIDATOR_ERROR_NOT_ENOUGH_DATA,
38
+
StartPosition);
39
+
}
40
+
uint64_t positionAfterProximity1;
41
+
if (EverParseIsError(positionAfterBitfield0))
42
+
{
43
+
positionAfterProximity1 = positionAfterBitfield0;
44
+
}
45
+
else
46
+
{
47
+
uint16_t bitfield0 = Load16Be(Input + (uint32_t)StartPosition);
48
+
Proximity1setU16be(Ctx, (uint32_t)0U, EverParseGetBitfield16MsbFirst(bitfield0, 0U, 3U));
49
+
Proximity1setU16be(Ctx, (uint32_t)1U, EverParseGetBitfield16MsbFirst(bitfield0, 3U, 11U));
50
+
Proximity1setU16be(Ctx, (uint32_t)2U, EverParseGetBitfield16MsbFirst(bitfield0, 11U, 14U));
51
+
Proximity1setU16be(Ctx, (uint32_t)3U, EverParseGetBitfield16MsbFirst(bitfield0, 14U, 16U));
52
+
BOOLEAN actionResult = TRUE;
53
+
KRML_MAYBE_UNUSED_VAR(actionResult);
54
+
positionAfterProximity1 = positionAfterBitfield0;
55
+
}
56
+
uint64_t positionAfterBitfield00;
57
+
if (EverParseIsSuccess(positionAfterProximity1))
58
+
{
59
+
positionAfterBitfield00 = positionAfterProximity1;
60
+
}
61
+
else
62
+
{
63
+
ErrorHandlerFn("_Proximity1",
64
+
"__bitfield_0",
65
+
EverParseErrorReasonOfResult(positionAfterProximity1),
66
+
EverParseGetValidatorErrorKind(positionAfterProximity1),
67
+
Ctxt,
68
+
Input,
69
+
StartPosition);
70
+
positionAfterBitfield00 = positionAfterProximity1;
71
+
}
72
+
if (EverParseIsError(positionAfterBitfield00))
73
+
{
74
+
return positionAfterBitfield00;
75
+
}
76
+
/* Validating field SeqHi */
77
+
/* Checking that we have enough space for a UINT8, i.e., 1 byte */
78
+
BOOLEAN hasBytes1 = 1ULL <= (InputLength - positionAfterBitfield00);
79
+
uint64_t positionAfterSeqHi0;
80
+
if (hasBytes1)
81
+
{
82
+
positionAfterSeqHi0 = positionAfterBitfield00 + 1ULL;
83
+
}
84
+
else
85
+
{
86
+
positionAfterSeqHi0 =
87
+
EverParseSetValidatorErrorPos(EVERPARSE_VALIDATOR_ERROR_NOT_ENOUGH_DATA,
88
+
positionAfterBitfield00);
89
+
}
90
+
uint64_t positionAfterProximity10;
91
+
if (EverParseIsError(positionAfterSeqHi0))
92
+
{
93
+
positionAfterProximity10 = positionAfterSeqHi0;
94
+
}
95
+
else
96
+
{
97
+
uint8_t seqHi = Input[(uint32_t)positionAfterBitfield00];
98
+
Proximity1setU8(Ctx, (uint32_t)4U, seqHi);
99
+
BOOLEAN actionResult = TRUE;
100
+
KRML_MAYBE_UNUSED_VAR(actionResult);
101
+
positionAfterProximity10 = positionAfterSeqHi0;
102
+
}
103
+
uint64_t positionAfterSeqHi;
104
+
if (EverParseIsSuccess(positionAfterProximity10))
105
+
{
106
+
positionAfterSeqHi = positionAfterProximity10;
107
+
}
108
+
else
109
+
{
110
+
ErrorHandlerFn("_Proximity1",
111
+
"SeqHi",
112
+
EverParseErrorReasonOfResult(positionAfterProximity10),
113
+
EverParseGetValidatorErrorKind(positionAfterProximity10),
114
+
Ctxt,
115
+
Input,
116
+
positionAfterBitfield00);
117
+
positionAfterSeqHi = positionAfterProximity10;
118
+
}
119
+
if (EverParseIsError(positionAfterSeqHi))
120
+
{
121
+
return positionAfterSeqHi;
122
+
}
123
+
/* Validating field SeqLo */
124
+
/* Checking that we have enough space for a UINT16BE, i.e., 2 bytes */
125
+
BOOLEAN hasBytes2 = 2ULL <= (InputLength - positionAfterSeqHi);
126
+
uint64_t positionAfterSeqLo0;
127
+
if (hasBytes2)
128
+
{
129
+
positionAfterSeqLo0 = positionAfterSeqHi + 2ULL;
130
+
}
131
+
else
132
+
{
133
+
positionAfterSeqLo0 =
134
+
EverParseSetValidatorErrorPos(EVERPARSE_VALIDATOR_ERROR_NOT_ENOUGH_DATA,
135
+
positionAfterSeqHi);
136
+
}
137
+
uint64_t positionAfterProximity11;
138
+
if (EverParseIsError(positionAfterSeqLo0))
139
+
{
140
+
positionAfterProximity11 = positionAfterSeqLo0;
141
+
}
142
+
else
143
+
{
144
+
uint16_t seqLo = Load16Be(Input + (uint32_t)positionAfterSeqHi);
145
+
Proximity1setU16be(Ctx, (uint32_t)5U, seqLo);
146
+
BOOLEAN actionResult = TRUE;
147
+
KRML_MAYBE_UNUSED_VAR(actionResult);
148
+
positionAfterProximity11 = positionAfterSeqLo0;
149
+
}
150
+
uint64_t positionAfterSeqLo;
151
+
if (EverParseIsSuccess(positionAfterProximity11))
152
+
{
153
+
positionAfterSeqLo = positionAfterProximity11;
154
+
}
155
+
else
156
+
{
157
+
ErrorHandlerFn("_Proximity1",
158
+
"SeqLo",
159
+
EverParseErrorReasonOfResult(positionAfterProximity11),
160
+
EverParseGetValidatorErrorKind(positionAfterProximity11),
161
+
Ctxt,
162
+
Input,
163
+
positionAfterSeqHi);
164
+
positionAfterSeqLo = positionAfterProximity11;
165
+
}
166
+
if (EverParseIsError(positionAfterSeqLo))
167
+
{
168
+
return positionAfterSeqLo;
169
+
}
170
+
/* Checking that we have enough space for a UINT16BE, i.e., 2 bytes */
171
+
BOOLEAN hasBytes = 2ULL <= (InputLength - positionAfterSeqLo);
172
+
uint64_t positionAfterProximity12;
173
+
if (hasBytes)
174
+
{
175
+
positionAfterProximity12 = positionAfterSeqLo + 2ULL;
176
+
}
177
+
else
178
+
{
179
+
positionAfterProximity12 =
180
+
EverParseSetValidatorErrorPos(EVERPARSE_VALIDATOR_ERROR_NOT_ENOUGH_DATA,
181
+
positionAfterSeqLo);
182
+
}
183
+
uint64_t positionAfterFrameLength;
184
+
if (EverParseIsSuccess(positionAfterProximity12))
185
+
{
186
+
positionAfterFrameLength = positionAfterProximity12;
187
+
}
188
+
else
189
+
{
190
+
ErrorHandlerFn("_Proximity1",
191
+
"FrameLength",
192
+
EverParseErrorReasonOfResult(positionAfterProximity12),
193
+
EverParseGetValidatorErrorKind(positionAfterProximity12),
194
+
Ctxt,
195
+
Input,
196
+
positionAfterSeqLo);
197
+
positionAfterFrameLength = positionAfterProximity12;
198
+
}
199
+
if (EverParseIsError(positionAfterFrameLength))
200
+
{
201
+
return positionAfterFrameLength;
202
+
}
203
+
uint16_t frameLength = Load16Be(Input + (uint32_t)positionAfterSeqLo);
204
+
BOOLEAN frameLengthConstraintIsOk = frameLength >= (uint16_t)7U;
205
+
uint64_t
206
+
positionAfterFrameLength1 =
207
+
EverParseCheckConstraintOk(frameLengthConstraintIsOk,
208
+
positionAfterFrameLength);
209
+
if (EverParseIsError(positionAfterFrameLength1))
210
+
{
211
+
return positionAfterFrameLength1;
212
+
}
213
+
Proximity1setU16be(Ctx, (uint32_t)6U, frameLength);
214
+
BOOLEAN actionResult = TRUE;
215
+
KRML_MAYBE_UNUSED_VAR(actionResult);
216
+
/* Validating field Data */
217
+
BOOLEAN
218
+
hasBytes3 =
219
+
(uint64_t)(uint32_t)((uint32_t)frameLength - (uint32_t)(uint16_t)7U) <=
220
+
(InputLength - positionAfterFrameLength1);
221
+
uint64_t res;
222
+
if (hasBytes3)
223
+
{
224
+
res =
225
+
positionAfterFrameLength1 +
226
+
(uint64_t)(uint32_t)((uint32_t)frameLength - (uint32_t)(uint16_t)7U);
227
+
}
228
+
else
229
+
{
230
+
res =
231
+
EverParseSetValidatorErrorPos(EVERPARSE_VALIDATOR_ERROR_NOT_ENOUGH_DATA,
232
+
positionAfterFrameLength1);
233
+
}
234
+
uint64_t positionAfterProximity13 = res;
235
+
uint64_t positionAfterData;
236
+
if (EverParseIsSuccess(positionAfterProximity13))
237
+
{
238
+
positionAfterData = positionAfterProximity13;
239
+
}
240
+
else
241
+
{
242
+
ErrorHandlerFn("_Proximity1",
243
+
"Data.base",
244
+
EverParseErrorReasonOfResult(positionAfterProximity13),
245
+
EverParseGetValidatorErrorKind(positionAfterProximity13),
246
+
Ctxt,
247
+
Input,
248
+
positionAfterFrameLength1);
249
+
positionAfterData = positionAfterProximity13;
250
+
}
251
+
uint64_t positionAfterProximity14;
252
+
if (EverParseIsSuccess(positionAfterData))
253
+
{
254
+
Proximity1setBytes(Ctx, (uint32_t)7U, (uint32_t)13U);
255
+
BOOLEAN actionSuccessData = TRUE;
256
+
KRML_MAYBE_UNUSED_VAR(actionSuccessData);
257
+
positionAfterProximity14 = positionAfterData;
258
+
}
259
+
else
260
+
{
261
+
positionAfterProximity14 = positionAfterData;
262
+
}
263
+
if (EverParseIsSuccess(positionAfterProximity14))
264
+
{
265
+
return positionAfterProximity14;
266
+
}
267
+
ErrorHandlerFn("_Proximity1",
268
+
"Data",
269
+
EverParseErrorReasonOfResult(positionAfterProximity14),
270
+
EverParseGetValidatorErrorKind(positionAfterProximity14),
271
+
Ctxt,
272
+
Input,
273
+
positionAfterFrameLength1);
274
+
return positionAfterProximity14;
275
+
}
276
+
+37
c/Proximity1.h
+37
c/Proximity1.h
···
1
+
2
+
3
+
#ifndef Proximity1_H
4
+
#define Proximity1_H
5
+
6
+
#if defined(__cplusplus)
7
+
extern "C" {
8
+
#endif
9
+
10
+
#include "EverParse.h"
11
+
#include "Proximity1_ExternalTypedefs.h"
12
+
13
+
uint64_t
14
+
Proximity1ValidateProximity1(
15
+
WIRECTX *Ctx,
16
+
uint8_t *Ctxt,
17
+
void
18
+
(*ErrorHandlerFn)(
19
+
EVERPARSE_STRING x0,
20
+
EVERPARSE_STRING x1,
21
+
EVERPARSE_STRING x2,
22
+
uint64_t x3,
23
+
uint8_t *x4,
24
+
uint8_t *x5,
25
+
uint64_t x6
26
+
),
27
+
uint8_t *Input,
28
+
uint64_t InputLength,
29
+
uint64_t StartPosition
30
+
);
31
+
32
+
#if defined(__cplusplus)
33
+
}
34
+
#endif
35
+
36
+
#define Proximity1_H_DEFINED
37
+
#endif /* Proximity1_H */
+41
c/Proximity1Wrapper.c
+41
c/Proximity1Wrapper.c
···
1
+
#include "Proximity1Wrapper.h"
2
+
#include "EverParse.h"
3
+
#include "Proximity1.h"
4
+
void Proximity1EverParseError(const char *StructName, const char *FieldName, const char *Reason);
5
+
6
+
static
7
+
void DefaultErrorHandler(
8
+
const char *typename_s,
9
+
const char *fieldname,
10
+
const char *reason,
11
+
uint64_t error_code,
12
+
uint8_t *context,
13
+
EVERPARSE_INPUT_BUFFER input,
14
+
uint64_t start_pos)
15
+
{
16
+
EVERPARSE_ERROR_FRAME *frame = (EVERPARSE_ERROR_FRAME*)context;
17
+
EverParseDefaultErrorHandler(
18
+
typename_s,
19
+
fieldname,
20
+
reason,
21
+
error_code,
22
+
frame,
23
+
input,
24
+
start_pos
25
+
);
26
+
}
27
+
28
+
BOOLEAN Proximity1CheckProximity1(WIRECTX* ctx, uint8_t *base, uint32_t len) {
29
+
EVERPARSE_ERROR_FRAME frame;
30
+
frame.filled = FALSE;
31
+
uint64_t result = Proximity1ValidateProximity1(ctx, (uint8_t*)&frame, &DefaultErrorHandler, base, len, 0);
32
+
if (EverParseIsError(result))
33
+
{
34
+
if (frame.filled)
35
+
{
36
+
Proximity1EverParseError(frame.typename_s, frame.fieldname, frame.reason);
37
+
}
38
+
return FALSE;
39
+
}
40
+
return TRUE;
41
+
}
+26
c/Proximity1Wrapper.h
+26
c/Proximity1Wrapper.h
···
1
+
#include "EverParseEndianness.h"
2
+
#define EVERPARSE_SUCCESS 0ul
3
+
#define EVERPARSE_ERROR_GENERIC 1uL
4
+
#define EVERPARSE_ERROR_NOT_ENOUGH_DATA 2uL
5
+
#define EVERPARSE_ERROR_IMPOSSIBLE 3uL
6
+
#define EVERPARSE_ERROR_LIST_SIZE_NOT_MULTIPLE 4uL
7
+
#define EVERPARSE_ERROR_ACTION_FAILED 5uL
8
+
#define EVERPARSE_ERROR_CONSTRAINT_FAILED 6uL
9
+
#define EVERPARSE_ERROR_UNEXPECTED_PADDING 7uL
10
+
// Probe wrapper error codes
11
+
#define EVERPARSE_PROBE_FAILURE_INCORRECT_SIZE 256uL
12
+
#define EVERPARSE_PROBE_FAILURE_INIT 257uL
13
+
#define EVERPARSE_PROBE_FAILURE_PROBE 258uL
14
+
#define EVERPARSE_PROBE_FAILURE_VALIDATION 259uL
15
+
16
+
17
+
#include "Proximity1_ExternalTypedefs.h"
18
+
19
+
20
+
#ifdef __cplusplus
21
+
extern "C" {
22
+
#endif
23
+
BOOLEAN Proximity1CheckProximity1(WIRECTX* ctx, uint8_t *base, uint32_t len);
24
+
#ifdef __cplusplus
25
+
}
26
+
#endif
+24
c/Proximity1_ExternalAPI.h
+24
c/Proximity1_ExternalAPI.h
···
1
+
2
+
3
+
#ifndef Proximity1_ExternalAPI_H
4
+
#define Proximity1_ExternalAPI_H
5
+
6
+
#if defined(__cplusplus)
7
+
extern "C" {
8
+
#endif
9
+
10
+
#include "EverParse.h"
11
+
#include "Proximity1_ExternalTypedefs.h"
12
+
13
+
extern void Proximity1setU16be(WIRECTX *ctx, uint32_t idx, uint16_t v);
14
+
15
+
extern void Proximity1setU8(WIRECTX *ctx, uint32_t idx, uint8_t v);
16
+
17
+
extern void Proximity1setBytes(WIRECTX *ctx, uint32_t idx, uint32_t v);
18
+
19
+
#if defined(__cplusplus)
20
+
}
21
+
#endif
22
+
23
+
#define Proximity1_ExternalAPI_H_DEFINED
24
+
#endif /* Proximity1_ExternalAPI_H */
+4
c/Proximity1_ExternalTypedefs.h
+4
c/Proximity1_ExternalTypedefs.h
+34
c/Proximity1_Fields.c
+34
c/Proximity1_Fields.c
···
1
+
#include <stdint.h>
2
+
#include "Proximity1_Fields.h"
3
+
#include "Proximity1_ExternalTypedefs.h"
4
+
#include "Proximity1_ExternalAPI.h"
5
+
6
+
void Proximity1setU16be(WIRECTX *ctx, uint32_t idx, uint16_t v) {
7
+
Proximity1Fields *f = (Proximity1Fields *) ctx;
8
+
switch (idx) {
9
+
case 0: f->Version = (uint16_t) v; break;
10
+
case 1: f->SCID = (uint16_t) v; break;
11
+
case 2: f->FrameType = (uint16_t) v; break;
12
+
case 3: f->Reserved = (uint16_t) v; break;
13
+
case 5: f->SeqLo = (uint16_t) v; break;
14
+
case 6: f->FrameLength = (uint16_t) v; break;
15
+
default: (void) f; (void) v; break;
16
+
}
17
+
}
18
+
19
+
void Proximity1setU8(WIRECTX *ctx, uint32_t idx, uint8_t v) {
20
+
Proximity1Fields *f = (Proximity1Fields *) ctx;
21
+
switch (idx) {
22
+
case 4: f->SeqHi = (uint8_t) v; break;
23
+
default: (void) f; (void) v; break;
24
+
}
25
+
}
26
+
27
+
void Proximity1setBytes(WIRECTX *ctx, uint32_t idx, uint32_t v) {
28
+
Proximity1Fields *f = (Proximity1Fields *) ctx;
29
+
switch (idx) {
30
+
case 7: f->Data = (uint32_t) v; break;
31
+
default: (void) f; (void) v; break;
32
+
}
33
+
}
34
+
+28
c/Proximity1_Fields.h
+28
c/Proximity1_Fields.h
···
1
+
#ifndef PROXIMITY1_FIELDS_H
2
+
#define PROXIMITY1_FIELDS_H
3
+
#include <stdint.h>
4
+
5
+
/* Field indices -- use with the schema's WireSet* callbacks in a
6
+
custom [WIRECTX] if you only want to capture a subset. */
7
+
#define PROXIMITY1_IDX_VERSION 0
8
+
#define PROXIMITY1_IDX_SCID 1
9
+
#define PROXIMITY1_IDX_FRAMETYPE 2
10
+
#define PROXIMITY1_IDX_RESERVED 3
11
+
#define PROXIMITY1_IDX_SEQHI 4
12
+
#define PROXIMITY1_IDX_SEQLO 5
13
+
#define PROXIMITY1_IDX_FRAMELENGTH 6
14
+
#define PROXIMITY1_IDX_DATA 7
15
+
16
+
/* Default plug: one typed member per named field. Pass a pointer to
17
+
[Proximity1Fields] as [WIRECTX *] when you want every field populated. */
18
+
typedef struct Proximity1Fields {
19
+
uint16_t Version;
20
+
uint16_t SCID;
21
+
uint16_t FrameType;
22
+
uint16_t Reserved;
23
+
uint8_t SeqHi;
24
+
uint16_t SeqLo;
25
+
uint16_t FrameLength;
26
+
uint32_t Data;
27
+
} Proximity1Fields;
28
+
#endif
+19
c/test.c
+19
c/test.c
···
1
+
#include <stdio.h>
2
+
#include <stdlib.h>
3
+
#include <stdint.h>
4
+
#include <string.h>
5
+
#include "EverParse.h"
6
+
#define CHECK(msg, cond) do { \
7
+
if (cond) { pass++; } \
8
+
else { fail++; fprintf(stderr, " FAIL: %s\n", msg); } \
9
+
} while(0)
10
+
11
+
int main(void) {
12
+
int failures = 0;
13
+
14
+
if (failures == 0)
15
+
printf("All tests passed.\n");
16
+
else
17
+
printf("%d test(s) failed.\n", failures);
18
+
return failures ? 1 : 0;
19
+
}
+6
-2
lib/proximity1.ml
+6
-2
lib/proximity1.ml
···
75
75
let f_seq_lo = Wire.Field.v "SeqLo" Wire.uint16be
76
76
77
77
(* Frame length (total frame length in bytes) *)
78
-
let f_frame_length = Wire.Field.v "FrameLength" Wire.uint16be
78
+
let header_size = 7
79
+
80
+
let f_frame_length =
81
+
Wire.Field.v "FrameLength"
82
+
~self_constraint:(fun self -> Wire.Expr.(self >= Wire.int header_size))
83
+
Wire.uint16be
79
84
80
85
(* Data field: variable length, determined by frame_length - header_size *)
81
-
let header_size = 7
82
86
83
87
let f_data =
84
88
Wire.Field.v "Data"