-
Notifications
You must be signed in to change notification settings - Fork 92
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for requires and ensures clauses #2555
Support for requires and ensures clauses #2555
Conversation
Can you please make sure the PR only include changes relevant to contract? |
Yeah that was because the target branch was out of date. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's great progress! As talked offline, the focus at this point is the CBMC integration. Here is a few notes:
- I think the bindings code look quite ready. :)
- Is there any reason why there is no tests for
requires
? - For future PRs, I think it would be better if we make the compiler code more modular. We should also figure out what the user flow will be for contracts, so we can design the communication between each component.
So they are actually related. I didn't add a test case for And wrt. flow we've discussed that in person already but for the benefit of the log: The flow is in the design phase and will be added after history variables and quantifiers. |
91ee87b
to
1ebba9e
Compare
I need to mention here that this does a small change to the testing infrastructure as well. In particular a directory can now contain multiple "expected" tests. The setup is analogous to regular So this change is fully backwards compatible but also cuts down on potential directory spam for the "expected" tests and makes the behavior more intuitive wrt the documentation where it mentions |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For the feature branch, I think this is in a fairly good shape.
For the comments that reflect code quality / organization, for this PR, I think it's OK if you create an issue to capture the work and add a TODO
statement with a description and a link to the new issue.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
@celinval any idea why Cargo Audit is failing here? |
I think you just need to include the commit from #2581 in the source branch. |
Adds pre- and postconditions
Co-authored-by: Celina G. Val <celinval@amazon.com>
Co-authored-by: Celina G. Val <celinval@amazon.com>
Added `requires` test case Made tests `expected` tests Changes `requires_ensures` macro to function
Co-authored-by: Celina G. Val <celinval@amazon.com>
bb0a38b
to
26b1b97
Compare
I did another rebase to try and address the audit issue. Tbh I should have merged instead but oh well. I am going to squash the commits before merging anyway at least that's the plan. |
I'll bump the base branch next so the PR doesn't include the unrelated commits |
I'm having trouble with this regression stuff now. The numbering for checks seems to be platform dependent and makes the test fail as a result? When I run on my machine the |
We don't include the check indices in the expected files to avoid those issues. Even if they're consistent across platforms, they may change with changes to the compiler or new CBMC versions. Note that compiletest checks for a substring and not an exact match for the line. |
Does it require ordering? Because one thing I now worry about is that the expected success/failure may not be the one with the description I am looking for. E.g. if i expected one property to succeed and another to fail what guarantees me that "Status: FAILURE" actually belongs to my "Description: fail this" test and not my "Description: succeed this"? |
Generally, no: the compiletest tool checks if each line in the
If a line in the |
Changed tesdt runner to not leave trailing checks and to ignore whitespace around expected lines
I've fixed up the test cases but unfortunately benchcomp is still failing. Is that a problem? |
There are some interesting founds in the Benchcomp CI.
The Benchcomp is comparing this PR with the old version after #2553 merged. So the performance regression accumulats from #2553 to now. |
After comparing the Benchomp runs of these two commits https://github.com/model-checking/kani/actions/runs/5405839079/job/14637506427 and https://github.com/model-checking/kani/actions/runs/5459160729/job/14779199972. Update: the regression of fmt_i8 was noticed and tracked in this issue #2576. |
Description of changes:
Adds basic support for
requires
andensures
function contract macros.Testing:
Some simple test cases have been added
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses.