Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve performance and language support of memory initialization checks #3313

Merged
merged 31 commits into from
Jul 12, 2024
Merged

Improve performance and language support of memory initialization checks #3313

merged 31 commits into from
Jul 12, 2024

Conversation

artemagvanian
Copy link
Contributor

@artemagvanian artemagvanian commented Jul 1, 2024
edited
Loading

This is a follow-up PR for #3264, a part of the larger work towards #3300.

This PR introduces:

  • Use of demonic non-determinism (prophecy variables) to improve memory initialization checks performance;
    • Instead of keeping track of memory initialization of each possibly uninitialized byte pointed to by some pointer, one is chosen non-deterministically;
  • Tests for proper memory initialization checks injection for compiler intrinsics;
  • Separate functions for checking memory initialization of slice chunks.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses.

@artemagvanian artemagvanian self-assigned this Jul 1, 2024
@github-actions github-actions bot added the Z-BenchCI Tag a PR to run benchmark CI label Jul 1, 2024
@artemagvanian artemagvanian marked this pull request as ready for review July 3, 2024 20:34
@artemagvanian artemagvanian requested a review from a team as a code owner July 3, 2024 20:34
@artemagvanian
Copy link
Contributor Author

Seems like Release Bundle / BuildBundle-Linux (pull_request) is failing because of actions/checkout#1809

celinval
celinval reviewed Jul 4, 2024
View reviewed changes
Copy link
Contributor

@celinval celinval left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would be much simpler if you

library/kani/src/mem.rs Show resolved Hide resolved
tests/std-checks/core/mem.expected Outdated Show resolved Hide resolved
library/kani/src/mem_init.rs Outdated Show resolved Hide resolved
zhassan-aws
zhassan-aws reviewed Jul 5, 2024
View reviewed changes
Copy link
Contributor

@zhassan-aws zhassan-aws left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

What happens if there are two accesses to distinct uninitialized memory in a row? Will the first violation block the reporting of the second?

kani-compiler/src/kani_middle/transform/check_uninit/mod.rs Show resolved Hide resolved
library/kani_core/src/mem.rs Outdated Show resolved Hide resolved
kani-compiler/src/kani_middle/transform/check_uninit/mod.rs Outdated Show resolved Hide resolved
kani-compiler/src/kani_middle/transform/check_uninit/mod.rs Outdated Show resolved Hide resolved
@artemagvanian
Copy link
Contributor Author

What happens if there are two accesses to distinct uninitialized memory in a row? Will the first violation block the reporting of the second?

Good question: I tested this simple case and all of the violations were reported.

use std::ptr::addr_of;

#[repr(C)]
struct S(u32, u8);

/// Checks that Kani catches an attempt to access padding of a struct using raw pointers.
#[kani::proof]
fn check_uninit_padding() {
    let s = S(0, 0);
    let ptr: *const u8 = addr_of!(s) as *const u8;
    let padding = unsafe { *(ptr.add(5)) }; // ~ERROR: padding bytes are uninitialized, so reading them is UB.
    let padding_next = unsafe { *(ptr.add(6)) }; // ~ERROR: padding bytes are uninitialized, so reading them is UB.
    inner_fn(ptr);
}

fn inner_fn(ptr: *const u8) {
    let padding_inner = unsafe { *(ptr.add(7)) }; // ~ERROR: padding bytes are uninitialized, so reading them is UB.
}

@zhassan-aws
Copy link
Contributor

Good question: I tested this simple case and all of the violations were reported.

Cool, thanks for checking.

zhassan-aws
zhassan-aws reviewed Jul 10, 2024
View reviewed changes
library/kani/src/mem.rs Outdated Show resolved Hide resolved
library/kani_core/src/mem.rs Outdated Show resolved Hide resolved
zhassan-aws
zhassan-aws approved these changes Jul 12, 2024
View reviewed changes
Copy link
Contributor

@zhassan-aws zhassan-aws left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

kani-compiler/src/codegen_cprover_gotoc/overrides/hooks.rs Outdated Show resolved Hide resolved
@artemagvanian artemagvanian merged commit 068f63c into model-checking:main Jul 12, 2024
25 checks passed
@artemagvanian artemagvanian deleted the nondet-meminit branch July 12, 2024 16:07
@artemagvanian artemagvanian mentioned this pull request Jul 12, 2024
Open
14 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@celinval celinval celinval left review comments

@zhassan-aws zhassan-aws zhassan-aws approved these changes

Assignees

@artemagvanian artemagvanian

Labels
Z-BenchCI Tag a PR to run benchmark CI
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@artemagvanian @zhassan-aws @celinval