Skip to content

Commit 70ea675

Browse files
jcp19jcp19
committed
resolve 2 TODOs
1 parent fa7e882 commit 70ea675

File tree

1 file changed

+7
-6
lines changed

1 file changed

+7
-6
lines changed

pkg/slayers/extn.go

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -105,7 +105,7 @@ func (o *tlvOption) serializeTo(data []byte, fixLengths bool) {
105105
// @ ensures err == nil ==> acc(res)
106106
// @ ensures (err == nil && res.OptType != OptTypePad1) ==> (
107107
// @ 2 <= res.ActualLength && res.ActualLength <= len(data) && res.OptData === data[2:res.ActualLength])
108-
// @ ensures err == nil ==> 0 < res.ActualLength
108+
// @ ensures err == nil ==> 0 < res.ActualLength && res.ActualLength <= 258
109109
// @ ensures err != nil ==> err.ErrorMem()
110110
// @ decreases
111111
func decodeTLVOption(data []byte) (res *tlvOption, err error) {
@@ -250,7 +250,8 @@ func (e *extnBase) serializeToWithTLVOptions(b gopacket.SerializeBuffer,
250250
// @ 2 <= len(data) &&
251251
// @ 0 <= res.ActualLen && res.ActualLen <= len(data) &&
252252
// @ res.BaseLayer.Contents === data[:res.ActualLen] &&
253-
// @ res.BaseLayer.Payload === data[res.ActualLen:])
253+
// @ res.BaseLayer.Payload === data[res.ActualLen:] &&
254+
// @ res.ActualLen <= MAX_INT - 258)
254255
// @ decreases
255256
func decodeExtnBase(data []byte, df gopacket.DecodeFeedback) (res extnBase, resErr error) {
256257
e := extnBase{}
@@ -368,8 +369,9 @@ func (h *HopByHopExtn) DecodeFromBytes(data []byte, df gopacket.DecodeFeedback)
368369

369370
// @ invariant 2 <= offset
370371
// @ invariant acc(h)
371-
// @ invariant 0 <= h.ActualLen && h.ActualLen <= len(data)
372+
// @ invariant 0 <= h.ActualLen && h.ActualLen <= len(data) && h.ActualLen <= MAX_INT - 258
372373
// @ invariant len(h.Options) == lenOptions
374+
// @ invariant lenOptions < offset
373375
// @ invariant forall i int :: { &h.Options[i] } 0 <= i && i < lenOptions ==>
374376
// @ (acc(&h.Options[i]) && h.Options[i].Mem(i))
375377
// @ invariant acc(sl.Bytes(data, 0, len(data)), R40)
@@ -385,7 +387,6 @@ func (h *HopByHopExtn) DecodeFromBytes(data []byte, df gopacket.DecodeFeedback)
385387
return err
386388
}
387389
// @ ghost tmp := (*HopByHopOption)(opt)
388-
// @ assume false // TODO: debug: can't prove proof obligation after overflow PR
389390
h.Options = append( /*@ perm(1/2), @*/ h.Options, (*HopByHopOption)(opt))
390391
offset += opt.ActualLength
391392
// @ assert h.Options[lenOptions] === tmp
@@ -501,8 +502,9 @@ func (e *EndToEndExtn) DecodeFromBytes(data []byte, df gopacket.DecodeFeedback)
501502

502503
// @ invariant 2 <= offset
503504
// @ invariant acc(e)
504-
// @ invariant 0 <= e.ActualLen && e.ActualLen <= len(data)
505+
// @ invariant 0 <= e.ActualLen && e.ActualLen <= len(data) && e.ActualLen <= MAX_INT - 258
505506
// @ invariant len(e.Options) == lenOptions
507+
// @ invariant lenOptions < offset
506508
// @ invariant forall i int :: { &e.Options[i] } 0 <= i && i < lenOptions ==>
507509
// @ (acc(&e.Options[i]) && e.Options[i].Mem(i))
508510
// @ invariant acc(sl.Bytes(data, 0, len(data)), R40)
@@ -518,7 +520,6 @@ func (e *EndToEndExtn) DecodeFromBytes(data []byte, df gopacket.DecodeFeedback)
518520
return err
519521
}
520522
// @ ghost tmp := (*EndToEndOption)(opt)
521-
// @ assume false // TODO: debug: can't prove proof obligation after overflow PR
522523
e.Options = append( /*@ perm(1/2), @*/ e.Options, (*EndToEndOption)(opt))
523524
offset += opt.ActualLength
524525
// @ assert e.Options[lenOptions] === tmp

0 commit comments

Comments
 (0)