Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add proof for Result method check_unwrap_unchecked #35

Closed
wants to merge 4 commits into from
Closed

Add proof for Result method check_unwrap_unchecked #35

wants to merge 4 commits into from

Conversation

jaisnan
Copy link

@jaisnan jaisnan commented Jul 10, 2024

Adds a simple contract that checks for memory safety in check_unwrap_unchecked.
Also useful for my secret agenda of testing the PR workflow in production.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses.

@jaisnan jaisnan requested a review from a team as a code owner July 10, 2024 21:36
js96test-dev

This comment was marked as duplicate.

Sign in to view

@jaisnan
Copy link
Author

jaisnan commented Jul 10, 2024

As shown by the CI run here, this proof fails verification with the following property failure

Check 158: panicking::assert_failed_inner.assertion.2
	 - Status: FAILURE
	 - Description: "This is a placeholder message; Kani doesn't support message formatted at runtime"
	 - Location: library/core/src/panicking.rs:408:17 in function panicking::assert_failed_inner

jaisnan
jaisnan commented Jul 10, 2024
View reviewed changes
Copy link
Author

@jaisnan jaisnan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Additionally, both Result<u32, u64> and Result<(), ()> trigger the same failure.

celinval
celinval requested changes Jul 11, 2024
View reviewed changes
Copy link

@celinval celinval left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @jaisnan, let's investigate why this is failing.

carolynzech
carolynzech reviewed Aug 28, 2024
View reviewed changes
library/core/src/result.rs
let val: Result<u32, u64> = kani::any();
let ok_variant: Result<u32, u64> = Ok(0);
let copy = unsafe { ok_variant.unwrap_unchecked() };
assert_eq!(val, Result::Ok(copy));
Copy link

@carolynzech carolynzech Aug 28, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since val is a nondeterministic Result, it's not necessary equal to Result::Ok(0) (it could also be Result::Err, or Result::Ok(12), etc.).
Instead, I'd write:

pub fn check_unwrap_unchecked() {
        let val: u32= kani::any();
        let ok_variant: Result<u32, u64> = Ok(val);
        let copy = unsafe { ok_variant.unwrap_unchecked() };
        assert_eq!(val, copy);
    }

which passes verification for me locally.

(I'd also add harnesses for other types besides u32 and for unwrap_err_unchecked, but I assume you were planning on that).

@jaisnan jaisnan closed this Sep 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@carolynzech carolynzech carolynzech left review comments

@celinval celinval celinval requested changes

@js96test-dev js96test-dev js96test-dev approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jaisnan @celinval @carolynzech @js96test-dev @tautschnig