Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Spurious failure when calling vec! with a size of zero #90

Open
adpaco-aws opened this issue Apr 20, 2021 · 3 comments
Open

Spurious failure when calling vec! with a size of zero #90

adpaco-aws opened this issue Apr 20, 2021 · 3 comments
Assignees
@zhassan-aws
Labels
[C] Bug This is a bug. Something isn't working. [F] Spurious Failure Issues that cause Kani verification to fail despite the code being correct.
Milestone
RMC regression ru...

Comments

@adpaco-aws
Copy link
Contributor

#79 added a new test in rust-tests/cbmc-reg/NondetVectors/fixme_main.rs where a Vector is initialized with a nondet. value, but this is not supported at the moment.
@adpaco-aws adpaco-aws added this to the RMC regression runs clean milestone Apr 20, 2021
@chinmaydd chinmaydd removed their assignment Sep 13, 2021
@zhassan-aws zhassan-aws added [C] Bug This is a bug. Something isn't working. MLP - Need Triage labels Mar 15, 2022
@zhassan-aws
Copy link
Contributor

The spurious failure only happens when calling vec! with a length of 0 for i8 or u8. Here's a minimal reproducer:

#[kani::proof]
fn main() {
    let v: Vec<i8> = vec![kani::any(); 0];
}

This produces:


SUMMARY:
 ** 1 of 112 failed (5 unreachable)
Failed Checks: memset destination region writeable
 File: "/home/ubuntu/.rustup/toolchains/nightly-2022-11-20-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/intrinsics.rs", line 2590, in std::intrinsics::write_bytes::<i8>

VERIFICATION:- FAILED

If I change i8 to i16/u16 or i32/u32, the failure disappears. For example, this is the result with i16:


SUMMARY:
 ** 0 of 349 failed (8 unreachable)

VERIFICATION:- SUCCESSFUL

@zhassan-aws zhassan-aws changed the title Support for nondet. initialization of Vectors Spurious failure when calling vec! with a size of zero Jan 20, 2023
@zhassan-aws zhassan-aws added [F] Spurious Failure Issues that cause Kani verification to fail despite the code being correct. and removed T-MLP May Have labels Jan 20, 2023
@zhassan-aws
Copy link
Contributor

Actually, I get the spurious failure even without using kani::any() at all:

#[kani::proof]
fn main() {
    let v: Vec<i8> = vec![5; 0];
}

I suspect this might be to the dangling pointer issue that we've seen previously with vectors of size 0.

@zhassan-aws zhassan-aws mentioned this issue Mar 19, 2024
Closed
@tautschnig
Copy link
Member

codegen_write_bytes needs to make a count of 0 a special case and not invoke memset, just like we already do for calls of memcmp.

@celinval celinval mentioned this issue Dec 6, 2024
Merged
celinval added a commit to model-checking/verify-rust-std that referenced this issue Dec 7, 2024
@celinval @tautschnig
Add a few intrinsics contracts (#37)
d92a7ea 
Here are a few limitations:
 1. Harness for`write_bytes` was disabled due to:
     - Issue model-checking/kani#90.
 2. The harnesses explicitly disable cases where a pointer is dangling.
- Kani cannot make assumptions on pointer allocation for dead or
dangling pointers (model-checking/kani#2300).
3. Actual intrinsics are very hard to verify with Kani. The cases we can
verify are those that have wrappers around the actual intrinsic.
     - Issue model-checking/kani#3345

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 and MIT licenses.

---------

Co-authored-by: Michael Tautschnig <mt@debian.org>
Co-authored-by: Michael Tautschnig <tautschn@amazon.com>
@celinval celinval mentioned this issue Dec 7, 2024
Open
@zhassan-aws zhassan-aws mentioned this issue Dec 11, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zhassan-aws zhassan-aws

Labels
[C] Bug This is a bug. Something isn't working. [F] Spurious Failure Issues that cause Kani verification to fail despite the code being correct.
Projects
None yet
Milestone
RMC regression runs clean
Development

No branches or pull requests
6 participants
@tautschnig @danielsn @chinmaydd @celinval @adpaco-aws @zhassan-aws