Merge branch 'main' into region-cov-basic

.github/workflows/cbmc-update.yml

@@ -30,7 +30,7 @@ jobs:
  env:
  GH_TOKEN: ${{ github.token }}
  run: |
- grep ^CBMC_VERSION kani-dependencies >> $GITHUB_ENV
+ grep ^CBMC_VERSION kani-dependencies | sed 's/"//g' >> $GITHUB_ENV
  CBMC_LATEST=$(gh -R diffblue/cbmc release list | grep Latest | awk '{print $1}' | cut -f2 -d-)
  echo "CBMC_LATEST=$CBMC_LATEST" >> $GITHUB_ENV
  # check whether the version has changed at all
@@ -47,8 +47,8 @@ jobs:
  elif ! git ls-remote --exit-code origin cbmc-$CBMC_LATEST ; then
  CBMC_LATEST_MAJOR=$(echo $CBMC_LATEST | cut -f1 -d.)
  CBMC_LATEST_MINOR=$(echo $CBMC_LATEST | cut -f2 -d.)
- sed -i "s/^CBMC_MAJOR=.*/CBMC_MAJOR=\"$CBMC_MAJOR\"/" kani-dependencies
- sed -i "s/^CBMC_MINOR=.*/CBMC_MINOR=\"$CBMC_MINOR\"/" kani-dependencies
+ sed -i "s/^CBMC_MAJOR=.*/CBMC_MAJOR=\"$CBMC_LATEST_MAJOR\"/" kani-dependencies
+ sed -i "s/^CBMC_MINOR=.*/CBMC_MINOR=\"$CBMC_LATEST_MINOR\"/" kani-dependencies
  sed -i "s/^CBMC_VERSION=.*/CBMC_VERSION=\"$CBMC_LATEST\"/" kani-dependencies
  git diff
  if ! ./scripts/kani-regression.sh ; then

.github/workflows/kani.yml

@@ -17,7 +17,7 @@ jobs:
  runs-on: ${{ matrix.os }}
  strategy:
  matrix:
- os: [macos-13, ubuntu-20.04, ubuntu-22.04]
+ os: [macos-13, ubuntu-20.04, ubuntu-22.04, macos-14]
  steps:
  - name: Checkout Kani
  uses: actions/checkout@v4

.github/workflows/release.yml

@@ -16,6 +16,7 @@ on:
 
 env:
  RUST_BACKTRACE: 1
+ ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
 
 jobs:
  build_bundle_macos:
@@ -44,6 +45,32 @@ jobs:
  os: macos-13
  arch: x86_64-apple-darwin
 
+ build_bundle_macos_aarch64:
+ name: BuildBundle-MacOs-ARM
+ runs-on: macos-14
+ permissions:
+ contents: write
+ outputs:
+ version: ${{ steps.bundle.outputs.version }}
+ bundle: ${{ steps.bundle.outputs.bundle }}
+ package: ${{ steps.bundle.outputs.package }}
+ crate_version: ${{ steps.bundle.outputs.crate_version }}
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v4
+
+ - name: Setup Kani Dependencies
+ uses: ./.github/actions/setup
+ with:
+ os: macos-14
+
+ - name: Build bundle
+ id: bundle
+ uses: ./.github/actions/build-bundle
+ with:
+ os: macos-14
+ arch: aarch64-apple-darwin
+
  build_bundle_linux:
  name: BuildBundle-Linux
  runs-on: ubuntu-20.04
@@ -77,12 +104,16 @@ jobs:
  apt-get install -y software-properties-common apt-utils
  add-apt-repository ppa:git-core/ppa
  add-apt-repository ppa:deadsnakes/ppa
+ add-apt-repository ppa:ubuntu-toolchain-r/test
  apt-get update
  apt-get install -y \
- build-essential bash-completion curl lsb-release sudo g++ gcc flex \
+ build-essential bash-completion curl lsb-release sudo g++-9 gcc-9 flex \
  bison make patch git python3.7 python3.7-dev python3.7-distutils
+ update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-9 110 \
+ --slave /usr/bin/g++ g++ /usr/bin/g++-9
+ ln -sf cpp-9 /usr/bin/cpp
  update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.7 1
- curl -s https://bootstrap.pypa.io/get-pip.py -o get-pip.py
+ curl -s https://bootstrap.pypa.io/pip/3.7/get-pip.py -o get-pip.py
  python3 get-pip.py --force-reinstall
  rm get-pip.py
 
@@ -180,7 +211,7 @@ jobs:
 
  - name: Run cargo-kani tests after moving
  run: |
- for dir in function multiple-harnesses verbose; do
+ for dir in supported-lib-types/rlib multiple-harnesses verbose; do
  >&2 echo "Running test $dir"
  pushd ${{ github.workspace }}/../post-setup-tests/cargo-ui/$dir
  cargo kani
@@ -296,7 +327,7 @@ jobs:
  if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/kani-') }}
  name: Release
  runs-on: ubuntu-20.04
- needs: [build_bundle_macos, build_bundle_linux, test_bundle, test_alt_platform]
+ needs: [build_bundle_macos, build_bundle_macos_aarch64, build_bundle_linux, test_bundle, test_alt_platform]
  permissions:
  contents: write
  outputs:
@@ -328,6 +359,11 @@ jobs:
  with:
  name: ${{ needs.build_bundle_macos.outputs.bundle }}
 
+ - name: Download MacOS ARM bundle
+ uses: actions/download-artifact@v3
+ with:
+ name: ${{ needs.build_bundle_macos_aarch64.outputs.bundle }}
+
  - name: Download Linux bundle
  uses: actions/download-artifact@v3
  with:
@@ -341,7 +377,7 @@ jobs:
  with:
  name: kani-${{ env.TAG_VERSION }}
  tag: kani-${{ env.TAG_VERSION }}
- artifacts: "${{ needs.build_bundle_linux.outputs.bundle }},${{ needs.build_bundle_macos.outputs.bundle }}"
+ artifacts: "${{ needs.build_bundle_linux.outputs.bundle }},${{ needs.build_bundle_macos.outputs.bundle }},${{ needs.build_bundle_macos_aarch64.outputs.bundle }}"
  body: |
  Kani Rust verifier release bundle version ${{ env.TAG_VERSION }}.
  draft: true
@@ -384,7 +420,7 @@ jobs:
  OWNER: '${{ github.repository_owner }}'
 
  - name: Build and push
- uses: docker/build-push-action@v5
+ uses: docker/build-push-action@v6
  with:
  context: .
  file: scripts/ci/Dockerfile.bundle-release-20-04

.github/workflows/verify-std-check.yml

@@ -0,0 +1,86 @@
+# Copyright Kani Contributors
+# SPDX-License-Identifier: Apache-2.0 OR MIT
+#
+# This workflow will try to build and run the `verify-rust-std` repository.
+#
+# This check should be optional, but it has been added to help provide
+# visibility to when a PR may break the `verify-rust-std` repository.
+#
+# We expect toolchain updates to potentially break this workflow in cases where
+# the version tracked in the `verify-rust-std` is not compatible with newer
+# versions of the Rust toolchain.
+#
+# Changes unrelated to the toolchain should match the current status of main.
+
+name: Check Std Verification
+on:
+ pull_request:
+ workflow_call:
+
+env:
+ RUST_BACKTRACE: 1
+
+jobs:
+ verify-std:
+ runs-on: ${{ matrix.os }}
+ strategy:
+ matrix:
+ # Kani does not support windows.
+ os: [ ubuntu-22.04, macos-14 ]
+ steps:
+ - name: Checkout Library
+ uses: actions/checkout@v4
+ with:
+ repository: model-checking/verify-rust-std
+ path: verify-rust-std
+ submodules: true
+
+ - name: Checkout `Kani`
+ uses: actions/checkout@v4
+ with:
+ path: kani
+
+ - name: Setup Kani Dependencies
+ uses: ./kani/.github/actions/setup
+ with:
+ os: ${{ matrix.os }}
+ kani_dir: kani
+
+ - name: Build Kani
+ working-directory: kani
+ run: |
+ cargo build-dev
+ echo "$(pwd)/scripts" >> $GITHUB_PATH
+
+ - name: Run verification with HEAD
+ id: check-head
+ working-directory: verify-rust-std
+ continue-on-error: true
+ run: |
+ kani verify-std -Z unstable-options ./library --target-dir ${{ runner.temp }} -Z function-contracts \
+ -Z mem-predicates -Z ptr-to-ref-cast-checks
+
+ # If the head failed, check if it's a new failure.
+ - name: Checkout base
+ working-directory: kani
+ if: steps.check-head.outcome != 'success' && github.event_name == 'pull_request'
+ run: |
+ BASE_REF=${{ github.event.pull_request.base.sha }}
+ git checkout ${BASE_REF}
+ cargo build-dev
+
+ - name: Run verification with BASE
+ id: check-base
+ if: steps.check-head.outcome != 'success' && github.event_name == 'pull_request'
+ working-directory: verify-rust-std
+ continue-on-error: true
+ run: |
+ kani verify-std -Z unstable-options ./library --target-dir ${{ runner.temp }} -Z function-contracts \
+ -Z mem-predicates -Z ptr-to-ref-cast-checks
+
+ - name: Compare PR results
+ if: steps.check-head.outcome != 'success' && steps.check-head.output != github.check-base.output
+ run: |
+ echo "New failure introduced by this change"
+ exit 1
+

.github/workflows/verify-std-update.yml

@@ -0,0 +1,35 @@
+# Copyright Kani Contributors
+# SPDX-License-Identifier: Apache-2.0 OR MIT
+#
+# This workflow will try to update the verify std branch.
+
+name: Update "features/verify-rust-std"
+on:
+ schedule:
+ - cron: "30 3 * * *" # Run this every day at 03:30 UTC
+ workflow_dispatch: # Allow manual dispatching.
+
+env:
+ RUST_BACKTRACE: 1
+
+jobs:
+ # First ensure the HEAD is compatible with the `verify-rust-std` repository.
+ verify-std:
+ name: Verify Std
+ permissions: { }
+ uses: ./.github/workflows/verify-std-check.yml
+
+ # Push changes to the features branch.
+ update-branch:
+ needs: verify-std
+ permissions:
+ contents: write
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout Kani
+ uses: actions/checkout@v4
+
+ - name: Update feature branch
+ run: |
+ git push origin HEAD:features/verify-rust-std
+

CHANGELOG.md

@@ -4,6 +4,68 @@ This file contains notable changes (e.g. breaking changes, major changes, etc.)
 
 This file was introduced starting Kani 0.23.0, so it only contains changes from version 0.23.0 onwards.
 
+## [0.53.0]
+
+### Major Changes
+* The `--visualize` option is being deprecated and will be removed in a future release. Consider using the `--concrete-playback` option instead.
+* The `-Z ptr-to-ref-cast-checks` option is being introduced to check pointer validity when casting raw pointers to references. The feature is currently behind an unstable flag but is expected to be stabilized in a future release once remaining performance issues have been resolved.
+* The `-Z uninit-checks` option is being introduced to check memory initialization. The feature is currently behind an unstable flag and also requires the `-Z ghost-state` option.
+
+### Breaking Changes
+* Remove support for the unstable argument `--function` by @celinval in https://github.com/model-checking/kani/pull/3278
+* Remove deprecated `--enable-stubbing` by @celinval in https://github.com/model-checking/kani/pull/3309
+
+### What's Changed
+
+* Change ensures into closures by @pi314mm in https://github.com/model-checking/kani/pull/3207
+* (Re)introduce `Invariant` trait by @adpaco-aws in https://github.com/model-checking/kani/pull/3190
+* Remove empty box creation from contracts impl by @celinval in https://github.com/model-checking/kani/pull/3233
+* Add a new verify-std subcommand to Kani by @celinval in https://github.com/model-checking/kani/pull/3231
+* Inject pointer validity check when casting raw pointers to references by @artemagvanian in https://github.com/model-checking/kani/pull/3221
+* Do not turn trivially diverging loops into assume(false) by @tautschnig in https://github.com/model-checking/kani/pull/3223
+* Fix "unused mut" warnings created by generated code. by @jsalzbergedu in https://github.com/model-checking/kani/pull/3247
+* Refactor stubbing so Kani compiler only invoke rustc once per crate by @celinval in https://github.com/model-checking/kani/pull/3245
+* Use cfg=kani_host for host crates by @tautschnig in https://github.com/model-checking/kani/pull/3244
+* Add intrinsics and Arbitrary support for no_core by @jaisnan in https://github.com/model-checking/kani/pull/3230
+* Contracts: Avoid attribute duplication and `const` function generation for constant function by @celinval in https://github.com/model-checking/kani/pull/3255
+* Fix contract of constant fn with effect feature by @celinval in https://github.com/model-checking/kani/pull/3259
+* Fix typed_swap for ZSTs by @tautschnig in https://github.com/model-checking/kani/pull/3256
+* Add a `#[derive(Invariant)]` macro by @adpaco-aws in https://github.com/model-checking/kani/pull/3250
+* Contracts: History Expressions via "old" monad by @pi314mm in https://github.com/model-checking/kani/pull/3232
+* Function Contracts: remove instances of _renamed by @pi314mm in https://github.com/model-checking/kani/pull/3274
+* Deprecate `--visualize` in favor of concrete playback by @celinval in https://github.com/model-checking/kani/pull/3281
+* Fix operand in fat pointer comparison by @pi314mm in https://github.com/model-checking/kani/pull/3297
+* Function Contracts: Closure Type Inference by @pi314mm in https://github.com/model-checking/kani/pull/3307
+* Add support for f16 and f128 for toolchain upgrade to 6/28 by @jaisnan in https://github.com/model-checking/kani/pull/3306
+* Towards Proving Memory Initialization by @artemagvanian in https://github.com/model-checking/kani/pull/3264
+* Rust toolchain upgraded to `nightly-2024-07-01` by @tautschnig @celinval @jaisnan @adpaco-aws
+
+**Full Changelog**: https://github.com/model-checking/kani/compare/kani-0.52.0...kani-0.53.0
+
+## [0.52.0]
+
+## What's Changed
+* New section about linter configuraton checking in the doc by @remi-delmas-3000 in https://github.com/model-checking/kani/pull/3198
+* Fix `{,e}println!()` by @GrigorenkoPV in https://github.com/model-checking/kani/pull/3209
+* Contracts for a few core functions by @celinval in https://github.com/model-checking/kani/pull/3107
+* Add simple API for shadow memory by @zhassan-aws in https://github.com/model-checking/kani/pull/3200
+* Upgrade Rust toolchain to 2024-05-28 by @zhassan-aws @remi-delmas-3000 @qinheping
+
+**Full Changelog**: https://github.com/model-checking/kani/compare/kani-0.51.0...kani-0.52.0
+
+## [0.51.0]
+
+### What's Changed
+
+* Do not assume that ZST-typed symbols refer to unique objects by @tautschnig in https://github.com/model-checking/kani/pull/3134
+* Remove `kani::Arbitrary` from the `modifies` contract instrumentation by @feliperodri in https://github.com/model-checking/kani/pull/3169
+* Emit source locations whenever possible to ease debugging and coverage reporting by @tautschnig in https://github.com/model-checking/kani/pull/3173
+* Rust toolchain upgraded to `nightly-2024-04-21` by @celinval
+
+
+**Full Changelog**: https://github.com/model-checking/kani/compare/kani-0.50.0...kani-0.51.0
+
+
 ## [0.50.0]
 
 ### Major Changes