Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix contract handling of promoted constants and constant static #3305

Merged
merged 10 commits into from
Jul 23, 2024
Merged

Fix contract handling of promoted constants and constant static #3305

merged 10 commits into from
Jul 23, 2024

Conversation

celinval
Copy link
Contributor

When verifying contracts, CBMC initializes all static variables to non-deterministic values, except for those with constant types or with types / values annotated with ID_C_no_nondet_initialization.

Kani compiler never set these flags, which caused spurious failures when verification depended on promoted constants or constant static variables. This fix changes that.

First, I did a bit of refactoring since we may need to set this Symbol property at a later time for static variables.
I also got rid of the initialization function, since the allocation initialization can be done directly from an expression.

Then, I added the new property to the Symbol type. In CBMC, this is a property of the type or expression. However, I decided to add it to Symbol to avoid having to add this attribute to all variants of Type and Expr.

Resolves #3228

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses.

@celinval
Refactor static handling for things with a body
e763bde 
In preparation for the major change.

Note: Need to add expected files to new tests.
@celinval
Fix contract handling of promoted constants
3c4e851
@celinval celinval requested a review from a team as a code owner June 28, 2024 16:01
@celinval
Copy link
Contributor Author

@remi-delmas-3000 do you mind taking a look?

@github-actions github-actions bot added the Z-BenchCI Tag a PR to run benchmark CI label Jun 28, 2024
@feliperodri feliperodri added this to the Function Contracts milestone Jun 28, 2024
remi-delmas-3000
remi-delmas-3000 reviewed Jul 5, 2024
View reviewed changes
Copy link
Contributor

@remi-delmas-3000 remi-delmas-3000 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

seems like filling up undefined bytes with false in Allocation initialisers may be underapproximating.

@celinval
Copy link
Contributor Author

celinval commented Jul 5, 2024

seems like filling up undefined bytes with false in Allocation initialisers may be underapproximating.

Reading undefined bytes is UB. Any analysis that read uninitialized bytes is unsound, hence the value doesn't matter.

@celinval
Copy link
Contributor Author

Sorry, I accidentally rebased the branch. :(

@celinval celinval enabled auto-merge (squash) July 23, 2024 20:27
@celinval celinval merged commit dfd05f7 into model-checking:main Jul 23, 2024
24 of 25 checks passed
tautschnig added a commit to tautschnig/kani that referenced this pull request Aug 5, 2024
@tautschnig
Update toolchain to 2024-08-05
80cd280 
* Remove `gen_function_local_variable` and `initializer_fn_name`, the
  last uses of both of which were removed in model-checking#3305.
* Remove `arg_count`, which was introduced in model-checking#3363, but not actually
  used.
* Remove `insert_bb`, which was introduced in model-checking#3382, but not actually
  used.

The toolchain upgrade to 2024-08-04 includes several bugfixes to
dead-code analysis in rustc, explaining why we the recent PRs as listed
above weren't flagged before for introducing dead code.

Resolves: model-checking#3411
@tautschnig tautschnig mentioned this pull request Aug 5, 2024
Merged
github-merge-queue bot pushed a commit that referenced this pull request Aug 5, 2024
@tautschnig
Update toolchain to 2024-08-05 (#3416)
520cb3e 
* Remove `gen_function_local_variable` and `initializer_fn_name`, the
last uses of both of which were removed in #3305.
* Mark `arg_count`, which was introduced in #3363, as `allow(dead_code)`
as it will soon be used.
* Mark `insert_bb`, which was introduced in #3382, as `allow(dead_code)`
as it will soon be used.

The toolchain upgrade to 2024-08-04 includes several bugfixes to
dead-code analysis in rustc, explaining why we the recent PRs as listed
above weren't flagged before for introducing dead code.

Resolves: #3411

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 and MIT licenses.
@feliperodri feliperodri mentioned this pull request Aug 8, 2024
Merged
github-merge-queue bot pushed a commit that referenced this pull request Aug 9, 2024
@feliperodri
Bump Kani version to 0.54.0 (#3430)
7a6f1a4 
## 0.54.0

### Major Changes
* We added support for slices in the `#[kani::modifies(...)]` clauses
when using function contracts.
* We introduce an `#[safety_constraint(...)]` attribute helper for the
`Arbitrary` and `Invariant` macros.
* We enabled support for concrete playback for harness that contains
stubs or function contracts.
* We added support for log2*, log10*, powif*, fma*, and sqrt*
intrisincs.

### Breaking Changes
* The `-Z ptr-to-ref-cast-checks` option has been removed, and pointer
validity checks when casting raw pointers to references are now run by
default.

## What's Changed
* Make Kani reject mutable pointer casts if padding is incompatible and
memory initialization is checked by @artemagvanian in
#3332
* Fix visibility of some Kani intrinsics by @artemagvanian in
#3323
* Function Contracts: Modify Slices by @pi314mm in
#3295
* Support for disabling automatically generated pointer checks to avoid
reinstrumentation by @artemagvanian in
#3344
* Add support for global transformations by @artemagvanian in
#3348
* Enable an `#[safety_constraint(...)]` attribute helper for the
`Arbitrary` and `Invariant` macros by @adpaco-aws in
#3283
* Fix contract handling of promoted constants and constant static by
@celinval in #3305
* Bump CBMC Viewer to 3.9 by @tautschnig in
#3373
* Update to CBMC version 6.1.1 by @tautschnig in
#2995
* Define a struct-level `#[safety_constraint(...)]` attribute by
@adpaco-aws in #3270
* Enable concrete playback for contract and stubs by @celinval in
#3389
* Add code scanner tool by @celinval in
#3120
* Enable contracts in associated functions by @celinval in
#3363
* Enable log2*, log10* intrinsics by @tautschnig in
#3001
* Enable powif* intrinsics by @tautschnig in
#2999
* Enable fma* intrinsics by @tautschnig in
#3002
* Enable sqrt* intrinsics by @tautschnig in
#3000
* Remove assigns clause for ZST pointers by @carolynzech in
#3417
* Instrumentation for delayed UB stemming from uninitialized memory by
@artemagvanian in #3374
* Unify kani library and kani core logic by @jaisnan in
#3333
* Stabilize pointer-to-reference cast validity checks by @artemagvanian
in #3426
* Rust toolchain upgraded to `nightly-2024-08-07` by @jaisnan @qinheping
@tautschnig @feliperodri

## New Contributors
* @carolynzech made their first contribution in
#3387

**Full Changelog**:
kani-0.53.0...kani-0.54.0

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 and MIT licenses.

Signed-off-by: Felipe R. Monteiro <felisous@amazon.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@artemagvanian artemagvanian artemagvanian left review comments

@remi-delmas-3000 remi-delmas-3000 remi-delmas-3000 approved these changes

Assignees
No one assigned
Labels
Z-BenchCI Tag a PR to run benchmark CI
Projects
None yet
Milestone
Function Contracts
Development

Successfully merging this pull request may close these issues.

Contract fails due to promoted constants being havocked
4 participants
@celinval @remi-delmas-3000 @artemagvanian @feliperodri