Unexpected kani panic: assign statement with unequal types #3631

QinyuanWu · 2024-10-22T17:28:25Z

This issue is related to the NonNull module verification.

This is a POC:

#![feature(ptr_metadata)]

use std::ptr::NonNull;

trait SampleTrait {
    fn get_value(&self) -> i32;
}

struct SampleStruct {
    value: i32,
}

impl SampleTrait for SampleStruct {
    fn get_value(&self) -> i32 {
        self.value
    }
}

#[cfg(kani)]
#[kani::proof]
fn main() {

    // Create a SampleTrait object from SampleStruct
    let sample_struct = SampleStruct { value: kani::any() };
    let trait_object: &dyn SampleTrait = &sample_struct;

    // Get the raw data pointer and metadata for the trait object
    let trait_ptr = NonNull::new(trait_object as *const dyn SampleTrait as *mut ()).unwrap();
    let metadata = std::ptr::metadata(trait_object);

    // Create NonNull<dyn SampleTrait> from the data pointer and metadata
    let nonnull_trait_object: NonNull<dyn SampleTrait> = NonNull::from_raw_parts(trait_ptr, metadata);

    unsafe {
        // Ensure trait method and member is preserved
        kani::assert( trait_object.get_value() == nonnull_trait_object.as_ref().get_value(), "trait method and member must correctly preserve");
    }
}

using the following command line invocation:

cargo kani

with Kani version: 0.56.0
Platform: MacOS M2

I expected to see verification results but received the following compilation error:

error: Failed to compile `kani_bugs` due to an internal compiler error.: error: internal compiler error: Kani unexpectedly panicked at panicked at cprover_bindings/src/goto_program/stmt.rs:172:9:
                                assertion `left == right` failed: Error: assign statement with unequal types lhs StructTag("tag-_80076268767659083946749461790619121878::FatPtr") rhs Pointer { typ: TypeDef { name: "_80076268767659083946749461790619121878Inner", typ: StructTag("tag-Unit") } }
                                  left: StructTag("tag-_80076268767659083946749461790619121878::FatPtr")
                                 right: Pointer { typ: TypeDef { name: "_80076268767659083946749461790619121878Inner", typ: StructTag("tag-Unit") } }.

This issue still persists with assigning sample_struct with a concrete value such as:

let sample_struct = SampleStruct { value: 5 };

@zhassan-aws

The text was updated successfully, but these errors were encountered:

…ait objects (#3636) Add a match arm for the `AggregateKind::RawPtr(TyKind::RigidTy(RigidTy::Dynamic(..)))` case. Pointers to trait objects [are fat](https://github.com/rust-lang/rust/blob/master/library/core/src/ptr/metadata.rs#L20-#L27), so generate a fat pointer for the rvalue. Resolves #3631 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses.

QinyuanWu added the [C] Bug This is a bug. Something isn't working. label Oct 22, 2024

celinval added the T-User Tag user issues / requests label Oct 22, 2024

zhassan-aws assigned carolynzech Oct 22, 2024

carolynzech mentioned this issue Oct 23, 2024

Fix ICE due to mishandling of Aggregate rvalue for raw pointers to trait objects #3636

Merged

carolynzech closed this as completed in #3636 Oct 23, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Unexpected kani panic: assign statement with unequal types #3631

Unexpected kani panic: assign statement with unequal types #3631

QinyuanWu commented Oct 22, 2024 •

edited

Loading

Unexpected kani panic: assign statement with unequal types #3631

Unexpected kani panic: assign statement with unequal types #3631

Comments

QinyuanWu commented Oct 22, 2024 • edited Loading

QinyuanWu commented Oct 22, 2024 •

edited

Loading