Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Contracts & Harnesses for len, is_empty, is_aligned, and is_aligned_to #128

Merged
merged 12 commits into from
Nov 25, 2024
Merged

Contracts & Harnesses for len, is_empty, is_aligned, and is_aligned_to #128

merged 12 commits into from
Nov 25, 2024

Conversation

Jimmycreative
Copy link

@Jimmycreative Jimmycreative commented Oct 22, 2024
edited
Loading

Towards #53

Changes
added contract and harness for len, is_empty, is_aligned, and is_aligned_to in the non-null library.

Complete - 4 successfully verified harnesses, 0 failures, 4 total.

@Jimmycreative Jimmycreative requested a review from a team as a code owner October 22, 2024 05:09
celinval
celinval reviewed Oct 22, 2024
View reviewed changes
Copy link

@celinval celinval left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome! I just have a few high level comments:

  1. Can you please use safety::ensures and safety::requires instead of kani ones?
  2. Can you also check the tests with dangling pointers? For example, you could use PointerGenerator, or multiple harnesses.

library/core/src/ptr/non_null.rs Outdated Show resolved Hide resolved
library/core/src/ptr/non_null.rs Outdated Show resolved Hide resolved
library/core/src/ptr/non_null.rs Outdated Show resolved Hide resolved
library/core/src/ptr/non_null.rs Outdated Show resolved Hide resolved
@QinyuanWu
Copy link

Awesome! I just have a few high level comments:

  1. Can you please use safety::ensures and safety::requires instead of kani ones?
  2. Can you also check the tests with dangling pointers? For example, you could use PointerGenerator, or multiple harnesses.

@Jimmycreative See pointer generator documentation here: https://model-checking.github.io/kani/crates/doc/kani/struct.PointerGenerator.html

celinval
celinval reviewed Oct 31, 2024
View reviewed changes
library/core/src/ptr/non_null.rs Outdated Show resolved Hide resolved
library/core/src/ptr/non_null.rs Outdated Show resolved Hide resolved
celinval
celinval reviewed Nov 13, 2024
View reviewed changes
Copy link

@celinval celinval left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

library/core/src/ptr/non_null.rs Outdated Show resolved Hide resolved
library/core/src/ptr/non_null.rs Outdated Show resolved Hide resolved
library/core/src/ptr/non_null.rs Outdated Show resolved Hide resolved
library/core/src/ptr/non_null.rs Outdated Show resolved Hide resolved
library/core/src/ptr/non_null.rs Outdated Show resolved Hide resolved
library/core/src/ptr/non_null.rs Outdated Show resolved Hide resolved
library/core/src/ptr/non_null.rs Outdated Show resolved Hide resolved
library/core/src/ptr/non_null.rs Outdated Show resolved Hide resolved
library/core/src/ptr/non_null.rs Outdated Show resolved Hide resolved
library/core/src/ptr/non_null.rs Show resolved Hide resolved
@celinval celinval mentioned this pull request Nov 13, 2024
Merged
celinval
celinval reviewed Nov 19, 2024
View reviewed changes
Copy link

@celinval celinval left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks good. Can you please ensure that calling is_aligned_to with a invalid alignment value (not power of two) will not trigger UB. One way you could do that is to write a regular harness, i.e., a #[kani::proof] instead of #[kani::proof_for_contract(<func>)] so Kani does not assume the pre-condition. If the harness fails due to panic, you can add a #[kani::should_panic] to the harness.

library/core/src/ptr/non_null.rs Show resolved Hide resolved
celinval
celinval approved these changes Nov 20, 2024
View reviewed changes
Copy link

@celinval celinval left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! Thanks

carolynzech
carolynzech approved these changes Nov 22, 2024
View reviewed changes
Copy link

@carolynzech carolynzech left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice job! Once you fix the conflicts, please @ me so that I can trigger the merge workflow.

library/core/src/ptr/non_null.rs Outdated Show resolved Hide resolved
@Jimmycreative @carolynzech
Update library/core/src/ptr/non_null.rs
9e9d50e 
Co-authored-by: Carolyn Zech <cmzech@amazon.com>
@carolynzech carolynzech enabled auto-merge (squash) November 25, 2024 15:54
carolynzech
carolynzech reviewed Nov 25, 2024
View reviewed changes
Copy link

@carolynzech carolynzech left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

trigger merge workflow

@carolynzech carolynzech merged commit 5e44e6e into model-checking:main Nov 25, 2024
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@carolynzech carolynzech carolynzech approved these changes

@QinyuanWu QinyuanWu QinyuanWu left review comments

@zhassan-aws zhassan-aws Awaiting requested review from zhassan-aws

@celinval celinval Awaiting requested review from celinval

Assignees

@celinval celinval

@carolynzech carolynzech

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Jimmycreative @QinyuanWu @celinval @carolynzech @zhassan-aws