Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verification of "path" package #9

Open
wants to merge 31 commits into
base: master
Choose a base branch
from
Open

Verification of "path" package #9

wants to merge 31 commits into from

Conversation

HSMF
Copy link
Collaborator

@HSMF HSMF commented Nov 24, 2024

In this PR, we verify the following functions of the path package:

  • path.Clean
  • path.Split

In order to verify this package, we switched out every occurrence of string with string_byte which is an alias for []byte. This is because Gobra does not yet support strings.

The main part of the work is on path.Clean, which is verified for safety and correctness. We verify that Clean adheres to the functional specification SpecClean

Open questions

In path_spec, there currently are two unverified functions ("axioms"), both marked as trusted and provided without body:

  • axiomStringByteAcc: An assumption that it is always fine to restore full permissions to the string. This is not the biggest problem since the original source uses immutable strings anyways but before finalizing this, we should try to get rid of this assumption.
  • axiomEqualGhostEqualPath: the assumption that for our Path struct, if a == b then a === b

@HSMF
Copy link
Collaborator Author

HSMF commented Nov 25, 2024

axiomStringByteAcc is no longer required: ca00895

@HSMF HSMF requested a review from jcp19 November 25, 2024 10:26
@jcp19
Copy link
Collaborator

jcp19 commented Nov 27, 2024

Is there any non-trivial dependency between this PR and PR #8? Otherwise, we might want to put in this PR only the changes that have to do with package path

@HSMF
Copy link
Collaborator Author

HSMF commented Nov 28, 2024

axiomEqualGhostEqualPath is no longer required: 54e3603

@HSMF
Copy link
Collaborator Author

HSMF commented Dec 3, 2024

Below is a table that summarizes the syntactical rewrites that we had to do to verify path. See comment on bytes.

rewrites (click to expand) Line comments are stripped in this table
before after
133 
return b.s[:b.w]
 
res = b.s[:b.w]
return res
142 
return string_byte(b.buf[:b.w])
 
res = string_byte(b.buf[:b.w])
return res
185 
if path == "" {
	return "."
}
 
if len(path) == 0 {
	res = string_byte{'.'}

	return res
}
286 
for /* @ ( unfolding Lazybuf(&out, R41) in @ */ out.w /* @)@ */ > dotdot && out.index( /* @ unfolding Lazybuf(&out, R41) in @ */ out.w) != '/' {
 
cond := /* @ ( unfolding Lazybuf(&out, R41) in @ */ out.w /* @)@ */ > dotdot && out.index( /* @ unfolding Lazybuf(&out, R41) in @ */ out.w) != '/'


for cond {
300 
}
 
	cond = /* @ ( unfolding Lazybuf(&out, R41) in @ */ out.w /* @)@ */ > dotdot && out.index( /* @ unfolding Lazybuf(&out, R41) in @ */ out.w) != '/'
}
372 
return "."
 
res = string_byte{'.'}
return res
381 
return out.string()
 
res = out.string()
return res
424 
return path[:i+1], path[i+1:]
 
dir = path[:i+1]
file = path[i+1:]
return dir, file
447 
if len(buf) > 0 || e != "" {
 
if len(buf) > 0 || len(e) != 0 {
485 
if path == "" {
	return "."
}
 
if len(path) == 0 {
	return string_byte{'.'}
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jcp19 jcp19 Awaiting requested review from jcp19

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@HSMF @jcp19