-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Challenge 12: Safety of NonZero
#71
Comments
NonZero
NonZero
We are Team 1 and currently working on this challenge. PM: Shivani |
Team, We are currently trying to test an initial harness but are having some issues. We confirmed it has a unique name and qualified name, it is under mod verify, and follows the similar syntax of AsciiChar. Appreciate any feedback. Commands: verify-rust-std/library$ kani verify-std -Z unstable-options "." -Z function-contracts -Z mem-predicates --harness nonzero_check_new_unchecked and received: error: no harnesses matched the harness filter: `nonzero_check_new_unchecked` We also tested: kani verify-std -Z unstable-options "." -Z function-contracts -Z mem-predicates --harness core::num::nonzero::nonzero_check_new_unchecked and received: error: no harnesses matched the harness filter: `core::num::nonzero::nonzero_check_new_unchecked` Our current contract function: #[requires(n != T::zero())]
#[ensures(|result: Self| result.get() == n)]
pub const unsafe fn new_unchecked(n: T) -> Self {
match Self::new(n) {
Some(n) => n,
None => {
// SAFETY: The caller guarantees that `n` is non-zero, so this is unreachable.
unsafe {
ub_checks::assert_unsafe_precondition!(
check_language_ub,
"NonZero::new_unchecked requires the argument to be non-zero",
() => false,
);
intrinsics::unreachable()
}
}
}
} Proof for contract: #[unstable(feature="kani", issue="none")]
#[cfg(kani)]
mod verify {
use core::num::NonZeroI32; // Use core::num instead of std::num
// pub const unsafe fn newunchecked(n: T) -> Self
#[kani::proof_for_contract(NonZero::new_unchecked)]
pub fn nonzero_check_new_unchecked() {
let x: i32 = kani::any(); // Generates a symbolic value of type i32
// Only proceed if x is not zero, because passing zero would violate the precondition
kani::assume(x != 0);
unsafe {
let _ = NonZeroI32::new_unchecked(x); // Calls NonZero::new_unchecked
}
}
} |
@aa-luna try |
Thanks, @QinyuanWu, but still did not find. I'm guessing it's a placement issue. We will keep looking around to resolve this. |
@aa-luna I cloned your repository, and when I do the following:
I get some compilation errors about your contracts:
These compilation errors would happen earlier in the pipeline than a harness location issue. I would make sure that you're following the steps above so that rustc is compiling the version of your code with contracts attached. Once you fix these compilation errors, you should be able to run the command in step 3 to run your harness. |
Issue resolved. Thank you. |
Working on #71 (Safety of NonZero) We are looking for feedback on our proof_for_contract. We have implemented it for all the data types. By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses. --------- Co-authored-by: aaluna <aaluna@andrew.cmu.edu> Co-authored-by: aaluna <166172412+MooniniteErr@users.noreply.github.com> Co-authored-by: Carolyn Zech <cmzech@amazon.com> Co-authored-by: Zyad Hassan <88045115+zhassan-aws@users.noreply.github.com>
Challenge link: https://model-checking.github.io/verify-rust-std/challenges/0012-nonzero.html
The text was updated successfully, but these errors were encountered: