-
Notifications
You must be signed in to change notification settings - Fork 97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve performance and language support of memory initialization checks #3313
Improve performance and language support of memory initialization checks #3313
Conversation
97f1cbe
to
0723510
Compare
Seems like |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it would be much simpler if you
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice!
What happens if there are two accesses to distinct uninitialized memory in a row? Will the first violation block the reporting of the second?
Good question: I tested this simple case and all of the violations were reported. use std::ptr::addr_of;
#[repr(C)]
struct S(u32, u8);
/// Checks that Kani catches an attempt to access padding of a struct using raw pointers.
#[kani::proof]
fn check_uninit_padding() {
let s = S(0, 0);
let ptr: *const u8 = addr_of!(s) as *const u8;
let padding = unsafe { *(ptr.add(5)) }; // ~ERROR: padding bytes are uninitialized, so reading them is UB.
let padding_next = unsafe { *(ptr.add(6)) }; // ~ERROR: padding bytes are uninitialized, so reading them is UB.
inner_fn(ptr);
}
fn inner_fn(ptr: *const u8) {
let padding_inner = unsafe { *(ptr.add(7)) }; // ~ERROR: padding bytes are uninitialized, so reading them is UB.
} |
Cool, thanks for checking. |
Co-authored-by: Zyad Hassan <88045115+zhassan-aws@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
This is a follow-up PR for #3264, a part of the larger work towards #3300.
This PR introduces:
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses.