Merge branch 'main' into toolchain-2024-09-04

model-checking · Sep 4, 2024 · cb05be8 · cb05be8
2 parents 0c9349c + 603f9bf
commit cb05be8
Show file tree

Hide file tree

Showing 26 changed files with 508 additions and 32 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,28 @@ This file contains notable changes (e.g. breaking changes, major changes, etc.)
 
 This file was introduced starting Kani 0.23.0, so it only contains changes from version 0.23.0 onwards.
 
+## [0.55.0]
+
+### Major/Breaking Changes
+* Coverage reporting in Kani is now source-based instead of line-based.
+Consequently, the unstable `-Zline-coverage` flag has been replaced with a `-Zsource-coverage` one.
+Check the [Source-Coverage RFC](https://model-checking.github.io/kani/rfc/rfcs/0011-source-coverage.html) for more details.
+* Several improvements were made to the memory initialization checks. The current state is summarized in https://github.com/model-checking/kani/issues/3300. We welcome your feedback!
+
+### What's Changed
+* Update CBMC build instructions for Amazon Linux 2 by @tautschnig in https://github.com/model-checking/kani/pull/3431
+* Implement memory initialization state copy functionality by @artemagvanian in https://github.com/model-checking/kani/pull/3350
+* Make points-to analysis handle all intrinsics explicitly by @artemagvanian in https://github.com/model-checking/kani/pull/3452
+* Avoid corner-cases by grouping instrumentation into basic blocks and using backward iteration by @artemagvanian in https://github.com/model-checking/kani/pull/3438
+* Fix ICE due to mishandling of Aggregate rvalue for raw pointers to `str` by @celinval in https://github.com/model-checking/kani/pull/3448
+* Basic support for memory initialization checks for unions by @artemagvanian in https://github.com/model-checking/kani/pull/3444
+* Adopt Rust's source-based code coverage instrumentation by @adpaco-aws in https://github.com/model-checking/kani/pull/3119
+* Extra tests and bug fixes to the delayed UB instrumentation by @artemagvanian in https://github.com/model-checking/kani/pull/3419
+* Partially integrate uninit memory checks into `verify_std` by @artemagvanian in https://github.com/model-checking/kani/pull/3470
+* Rust toolchain upgraded to `nightly-2024-09-03` by @jaisnan @carolynzech 
+
+**Full Changelog**: https://github.com/model-checking/kani/compare/kani-0.54.0...kani-0.55.0
+
 ## [0.54.0]
 
 ### Major Changes

diff --git a/Cargo.lock b/Cargo.lock
@@ -93,7 +93,7 @@ checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de"
 
 [[package]]
 name = "build-kani"
-version = "0.54.0"
+version = "0.55.0"
 dependencies = [
  "anyhow",
  "cargo_metadata",
@@ -235,7 +235,7 @@ dependencies = [
 
 [[package]]
 name = "cprover_bindings"
-version = "0.54.0"
+version = "0.55.0"
 dependencies = [
  "lazy_static",
  "linear-map",
@@ -459,15 +459,15 @@ checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b"
 
 [[package]]
 name = "kani"
-version = "0.54.0"
+version = "0.55.0"
 dependencies = [
  "kani_core",
  "kani_macros",
 ]
 
 [[package]]
 name = "kani-compiler"
-version = "0.54.0"
+version = "0.55.0"
 dependencies = [
  "clap",
  "cprover_bindings",
@@ -491,7 +491,7 @@ dependencies = [
 
 [[package]]
 name = "kani-driver"
-version = "0.54.0"
+version = "0.55.0"
 dependencies = [
  "anyhow",
  "cargo_metadata",
@@ -520,7 +520,7 @@ dependencies = [
 
 [[package]]
 name = "kani-verifier"
-version = "0.54.0"
+version = "0.55.0"
 dependencies = [
  "anyhow",
  "home",
@@ -529,14 +529,14 @@ dependencies = [
 
 [[package]]
 name = "kani_core"
-version = "0.54.0"
+version = "0.55.0"
 dependencies = [
  "kani_macros",
 ]
 
 [[package]]
 name = "kani_macros"
-version = "0.54.0"
+version = "0.55.0"
 dependencies = [
  "proc-macro-error",
  "proc-macro2",
@@ -546,7 +546,7 @@ dependencies = [
 
 [[package]]
 name = "kani_metadata"
-version = "0.54.0"
+version = "0.55.0"
 dependencies = [
  "clap",
  "cprover_bindings",
@@ -1098,7 +1098,7 @@ checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67"
 
 [[package]]
 name = "std"
-version = "0.54.0"
+version = "0.55.0"
 dependencies = [
  "kani",
 ]

diff --git a/Cargo.toml b/Cargo.toml
@@ -3,7 +3,7 @@
 
 [package]
 name = "kani-verifier"
-version = "0.54.0"
+version = "0.55.0"
 edition = "2021"
 description = "A bit-precise model checker for Rust."
 readme = "README.md"

diff --git a/cprover_bindings/Cargo.toml b/cprover_bindings/Cargo.toml
@@ -3,7 +3,7 @@
 
 [package]
 name = "cprover_bindings"
-version = "0.54.0"
+version = "0.55.0"
 edition = "2021"
 license = "MIT OR Apache-2.0"
 publish = false

diff --git a/kani-compiler/Cargo.toml b/kani-compiler/Cargo.toml
@@ -3,7 +3,7 @@
 
 [package]
 name = "kani-compiler"
-version = "0.54.0"
+version = "0.55.0"
 edition = "2021"
 license = "MIT OR Apache-2.0"
 publish = false

diff --git a/kani-driver/Cargo.toml b/kani-driver/Cargo.toml
@@ -3,7 +3,7 @@
 
 [package]
 name = "kani-driver"
-version = "0.54.0"
+version = "0.55.0"
 edition = "2021"
 description = "Build a project with Kani and run all proof harnesses"
 license = "MIT OR Apache-2.0"

diff --git a/kani_metadata/Cargo.toml b/kani_metadata/Cargo.toml
@@ -3,7 +3,7 @@
 
 [package]
 name = "kani_metadata"
-version = "0.54.0"
+version = "0.55.0"
 edition = "2021"
 license = "MIT OR Apache-2.0"
 publish = false

diff --git a/library/kani/Cargo.toml b/library/kani/Cargo.toml
@@ -3,7 +3,7 @@
 
 [package]
 name = "kani"
-version = "0.54.0"
+version = "0.55.0"
 edition = "2021"
 license = "MIT OR Apache-2.0"
 publish = false

diff --git a/library/kani_core/Cargo.toml b/library/kani_core/Cargo.toml
@@ -3,7 +3,7 @@
 
 [package]
 name = "kani_core"
-version = "0.54.0"
+version = "0.55.0"
 edition = "2021"
 license = "MIT OR Apache-2.0"
 publish = false

diff --git a/library/kani_macros/Cargo.toml b/library/kani_macros/Cargo.toml
@@ -3,7 +3,7 @@
 
 [package]
 name = "kani_macros"
-version = "0.54.0"
+version = "0.55.0"
 edition = "2021"
 license = "MIT OR Apache-2.0"
 publish = false

diff --git a/library/kani_macros/src/sysroot/contracts/check.rs b/library/kani_macros/src/sysroot/contracts/check.rs
@@ -9,8 +9,8 @@ use std::mem;
 use syn::{parse_quote, Block, Expr, FnArg, Local, LocalInit, Pat, PatIdent, ReturnType, Stmt};
 
 use super::{
- helpers::*, shared::build_ensures, ContractConditionsData, ContractConditionsHandler,
- INTERNAL_RESULT_IDENT,
+ helpers::*, shared::build_ensures, ClosureType, ContractConditionsData,
+ ContractConditionsHandler, INTERNAL_RESULT_IDENT,
 };
 
 const WRAPPER_ARG: &str = "_wrapper_arg";
@@ -38,9 +38,14 @@ impl<'a> ContractConditionsHandler<'a> {
  );
 
  let return_expr = body_stmts.pop();
+
+ let (assumes, rest_of_body) =
+ split_for_remembers(&body_stmts[..], ClosureType::Check);
+
  quote!({
+ #(#assumes)*
  #remembers
- #(#body_stmts)*
+ #(#rest_of_body)*
  #exec_postconditions
  #return_expr
  })

diff --git a/library/kani_macros/src/sysroot/contracts/helpers.rs b/library/kani_macros/src/sysroot/contracts/helpers.rs
@@ -4,10 +4,14 @@
 //! Functions that operate third party data structures with no logic that is
 //! specific to Kani and contracts.
 
+use crate::attr_impl::contracts::ClosureType;
 use proc_macro2::{Ident, Span};
 use std::borrow::Cow;
 use syn::spanned::Spanned;
-use syn::{parse_quote, Attribute, Expr, ExprBlock, Local, LocalInit, PatIdent, Stmt};
+use syn::{
+ parse_quote, Attribute, Expr, ExprBlock, ExprCall, ExprPath, Local, LocalInit, PatIdent, Path,
+ Stmt,
+};
 
 /// If an explicit return type was provided it is returned, otherwise `()`.
 pub fn return_type_to_type(return_type: &syn::ReturnType) -> Cow<syn::Type> {
@@ -169,6 +173,53 @@ pub fn chunks_by<'a, T, C: Default + Extend<T>>(
  })
 }
 
+/// Splits `stmts` into (preconditions, rest).
+/// For example, ClosureType::Check assumes preconditions, so given this sequence of statements:
+/// ```ignore
+/// kani::assume(.. precondition_1);
+/// kani::assume(.. precondition_2);
+/// let _wrapper_arg = (ptr as * const _,);
+/// ...
+/// ```
+/// This function would return the two kani::assume statements in the former slice
+/// and the remaining statements in the latter.
+/// The flow for ClosureType::Replace is the same, except preconditions are asserted rather than assumed.
+///
+/// The caller can use the returned tuple to insert remembers statements after `preconditions` and before `rest`.
+/// Inserting the remembers statements after `preconditions` ensures that they are bound by the preconditions.
+/// To understand why this is important, take the following example:
+/// ```ignore
+/// #[kani::requires(x < u32::MAX)]
+/// #[kani::ensures(|result| old(x + 1) == *result)]
+/// fn add_one(x: u32) -> u32 {...}
+/// ```
+/// If the `old(x + 1)` statement didn't respect the precondition's upper bound on `x`, Kani would encounter an integer overflow.
+///
+/// Inserting the remembers statements before `rest` ensures that they are declared before the original function executes,
+/// so that they will store historical, pre-computation values as intended.
+pub fn split_for_remembers(stmts: &[Stmt], closure_type: ClosureType) -> (&[Stmt], &[Stmt]) {
+ let mut pos = 0;
+
+ let check_str = match closure_type {
+ ClosureType::Check => "assume",
+ ClosureType::Replace => "assert",
+ };
+
+ for stmt in stmts {
+ if let Stmt::Expr(Expr::Call(ExprCall { func, .. }), _) = stmt {
+ if let Expr::Path(ExprPath { path: Path { segments, .. }, .. }) = func.as_ref() {
+ let first_two_idents =
+ segments.iter().take(2).map(|sgmt| sgmt.ident.to_string()).collect::<Vec<_>>();
+
+ if first_two_idents == vec!["kani", check_str] {
+ pos += 1;
+ }
+ }
+ }
+ }
+ stmts.split_at(pos)
+}
+
 macro_rules! assert_spanned_err {
  ($condition:expr, $span_source:expr, $msg:expr, $($args:expr),+) => {
  if !$condition {

diff --git a/library/kani_macros/src/sysroot/contracts/mod.rs b/library/kani_macros/src/sysroot/contracts/mod.rs
@@ -514,6 +514,13 @@ enum ContractConditionsData {
  },
 }
 
+/// Which function are we currently generating?
+#[derive(Copy, Clone, Eq, PartialEq)]
+enum ClosureType {
+ Check,
+ Replace,
+}
+
 impl<'a> ContractConditionsHandler<'a> {
  /// Handle the contract state and return the generated code
  fn dispatch_on(mut self, state: ContractFunctionState) -> TokenStream2 {

diff --git a/library/kani_macros/src/sysroot/contracts/replace.rs b/library/kani_macros/src/sysroot/contracts/replace.rs
@@ -11,7 +11,7 @@ use syn::Stmt;
 use super::{
  helpers::*,
  shared::{build_ensures, try_as_result_assign},
- ContractConditionsData, ContractConditionsHandler, INTERNAL_RESULT_IDENT,
+ ClosureType, ContractConditionsData, ContractConditionsHandler, INTERNAL_RESULT_IDENT,
 };
 
 impl<'a> ContractConditionsHandler<'a> {
@@ -84,9 +84,13 @@ impl<'a> ContractConditionsHandler<'a> {
  ContractConditionsData::Ensures { attr } => {
  let (remembers, ensures_clause) = build_ensures(attr);
  let result = Ident::new(INTERNAL_RESULT_IDENT, Span::call_site());
+
+ let (asserts, rest_of_before) = split_for_remembers(before, ClosureType::Replace);
+
  quote!({
+ #(#asserts)*
  #remembers
- #(#before)*
+ #(#rest_of_before)*
  #(#after)*
  kani::assume(#ensures_clause);
  #result

diff --git a/library/std/Cargo.toml b/library/std/Cargo.toml
@@ -5,7 +5,7 @@
 # Note: this package is intentionally named std to make sure the names of
 # standard library symbols are preserved
 name = "std"
-version = "0.54.0"
+version = "0.55.0"
 edition = "2021"
 license = "MIT OR Apache-2.0"
 publish = false

diff --git a/papers/vstte2024/README.md b/papers/vstte2024/README.md
@@ -0,0 +1 @@
+This contains the contents for a short paper at VSTTE2024. In order to build this, please download the LLNCS style file available at https://resource-cms.springernature.com/springer-cms/rest/v1/content/19238648/data/v8, unpack the resulting llncs.zip, and use standard LaTeX tools to build the paper.