Support for disabling automatically generated pointer checks to avoid reinstrumentation #3344
Conversation
I wonder what's a good way to test this: if there is a way to somehow retrieve the internal output of goto-instrument, we could check that the appropriate pragmas are added? Since this attribute is supposed to be internal, we would need to test it indirectly |
Could you elaborate a bit more about what will happen if we don't disable the pointer checks in the instrumentation code. Is there any test failed without this PR? If so, we can use them to test this PR indirectly. Directly testing checks being disabled requires extending |
No test will fail, but extra checks will be added to the instrumentation code itself, which negatively affects verification performance.
That could work, let me look into that |
IIRC the human-readable output of
For more complex behaviors we often recommend the |
|
@qinheping @adpaco-aws thanks for the pointers. I added a test that checks that automatic checks are not added in the module where we disable it. This feels clunky, but I can't think of a better way since the attribute is private |
tests/script-based-pre/mem-init-reinstrumentation/mem-init-reinstrumentation.expected
Outdated
Show resolved
Hide resolved
## 0.54.0 ### Major Changes * We added support for slices in the `#[kani::modifies(...)]` clauses when using function contracts. * We introduce an `#[safety_constraint(...)]` attribute helper for the `Arbitrary` and `Invariant` macros. * We enabled support for concrete playback for harness that contains stubs or function contracts. * We added support for log2*, log10*, powif*, fma*, and sqrt* intrisincs. ### Breaking Changes * The `-Z ptr-to-ref-cast-checks` option has been removed, and pointer validity checks when casting raw pointers to references are now run by default. ## What's Changed * Make Kani reject mutable pointer casts if padding is incompatible and memory initialization is checked by @artemagvanian in #3332 * Fix visibility of some Kani intrinsics by @artemagvanian in #3323 * Function Contracts: Modify Slices by @pi314mm in #3295 * Support for disabling automatically generated pointer checks to avoid reinstrumentation by @artemagvanian in #3344 * Add support for global transformations by @artemagvanian in #3348 * Enable an `#[safety_constraint(...)]` attribute helper for the `Arbitrary` and `Invariant` macros by @adpaco-aws in #3283 * Fix contract handling of promoted constants and constant static by @celinval in #3305 * Bump CBMC Viewer to 3.9 by @tautschnig in #3373 * Update to CBMC version 6.1.1 by @tautschnig in #2995 * Define a struct-level `#[safety_constraint(...)]` attribute by @adpaco-aws in #3270 * Enable concrete playback for contract and stubs by @celinval in #3389 * Add code scanner tool by @celinval in #3120 * Enable contracts in associated functions by @celinval in #3363 * Enable log2*, log10* intrinsics by @tautschnig in #3001 * Enable powif* intrinsics by @tautschnig in #2999 * Enable fma* intrinsics by @tautschnig in #3002 * Enable sqrt* intrinsics by @tautschnig in #3000 * Remove assigns clause for ZST pointers by @carolynzech in #3417 * Instrumentation for delayed UB stemming from uninitialized memory by @artemagvanian in #3374 * Unify kani library and kani core logic by @jaisnan in #3333 * Stabilize pointer-to-reference cast validity checks by @artemagvanian in #3426 * Rust toolchain upgraded to `nightly-2024-08-07` by @jaisnan @qinheping @tautschnig @feliperodri ## New Contributors * @carolynzech made their first contribution in #3387 **Full Changelog**: kani-0.53.0...kani-0.54.0 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses. Signed-off-by: Felipe R. Monteiro <felisous@amazon.com>
Recently added memory initialization checks (see #3300 for an overview) code suffers from re-instrumentation due to automatically added pointer checks to the instrumentation code.
This PR adds an internal
kanitool::disable_checksattribute to disable automatically generated CBMC checks inside internal instrumentation. This, in turn, relies on CBMC pragmas (https://www.cprover.org/cprover-manual/properties/#usinggotoinstrument).By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses.