Contracts & Harnesses for add, addr, and align_offset

[QinyuanWu]

Towards #53

Changes

Three function contracts & four harnesses:

• added contract and harness for non_null::add
• added contract and harness for non_null::addr
• added contract and harnesses for non_null::align_offset, including both positive and negative harness that triggers panic. The ensures clause for align_offset is referenced from align_offset in library/core/src/ptr/mod.rs.

Revalidation

To revalidate the verification results, run kani verify-std -Z unstable-options "path/to/library" -Z function-contracts -Z mem-predicates --harness ptr::non_null::verify. This will run all six harnesses in the module. All default checks should pass:

SUMMARY:
 ** 0 of 1556 failed

VERIFICATION:- SUCCESSFUL
Verification Time: 0.28004378s

Complete - 6 successfully verified harnesses, 0 failures, 6 total.

❗ Warning

Running the above command with the default installed cargo kani will result in compilation error due to the latest merged from PR#91. Detailed errors are commented under that PR. This issue is waiting to be resolved.

TODO:

• Use Layout to create dynamically sized arrays in place of fixed size array in harnesses. This approach currently has errors and is documented in discussion.
• Verify multiple data types: these will be added in future PR.
• Add requires clause in contract to constrain count to be within object memory size: there is a current issue with using ub_checks::can_write to get the object size. A workaround is implemented in the harness.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses.

[zhassan-aws]

First round of comments.

[QinyuanWu]

Update: resolved previous comments and successfully used same_allocation to the NonNull add contract and removed the workaround assume clause in the harness. All verification checks pass:

...
SUMMARY:
 ** 0 of 141 failed

VERIFICATION:- SUCCESSFUL
Verification Time: 0.17524096s

Complete - 6 successfully verified harnesses, 0 failures, 6 total.

[zhassan-aws]

You probably need to update the Kani version you're using. There's now a script that automates this process (https://github.com/model-checking/verify-rust-std/blob/main/scripts/run-kani.sh). If you run it, it should pull the correct Kani version.

[QinyuanWu]

You probably need to update the Kani version you're using. There's now a script that automates this process (https://github.com/model-checking/verify-rust-std/blob/main/scripts/run-kani.sh). If you run it, it should pull the correct Kani version.
@zhassan-aws When I run the script I got the following error:

Using TOML file: tool_config/kani-version.toml
Using repository URL: https://github.com/model-checking/kani.git
Error: TOML file not found: tool_config/kani-version.toml

I'm using kani built from source and also pulled the most recent changes from the kani repo and the error persisted.

[zhassan-aws]

Did you run it from the root directory of the verify-rust-std repo? If not, can you try that?

[QinyuanWu]

Did you run it from the root directory of the verify-rust-std repo? If not, can you try that?

@zhassan-aws The first time I ran I got

Error: Could not symlink include/cprover/api.h
Target /opt/homebrew/include/cprover/api.h
is a symlink belonging to [email protected]. You can unlink it:
  brew unlink [email protected]

So I entered the unlink command and re-ran the script but got:

ERROR: Could not find kani-driver binary.
Looked for: '/Users/owo/Desktop/verify-rust-std/kani_build/target/kani/bin/kani-driver'
Was Kani successfully built first?

My kani is built in ~/Desktop/kani.

[carolynzech]

ERROR: Could not find kani-driver binary.
Looked for: '/Users/owo/Desktop/verify-rust-std/kani_build/target/kani/bin/kani-driver'
Was Kani successfully built first?

My kani is built in ~/Desktop/kani.

@QinyuanWu Try deleting the kani_build directory and re-running (see these instructions).

[QinyuanWu]

ERROR: Could not find kani-driver binary.
Looked for: '/Users/owo/Desktop/verify-rust-std/kani_build/target/kani/bin/kani-driver'
Was Kani successfully built first?

My kani is built in ~/Desktop/kani.

@QinyuanWu Try deleting the kani_build directory and re-running (see these instructions).

@carolynzech Debugged live with @zhassan-aws and resolved by manually re-building kani from the source. The run-kani script is having issue due to outdated cbmc-viewer installation that's still in the setup script of the kani repo and should be removed. Thanks!

[QinyuanWu]

Addressed previous PR comments and re-ran kani with successful verification:

SUMMARY:
 ** 0 of 141 failed

VERIFICATION:- SUCCESSFUL
Verification Time: 0.17998616s

Complete - 6 successfully verified harnesses, 0 failures, 6 total.

[zhassan-aws]

Looks good!

It seems that the stdarch directory was accidentally updated. Can you revert the changes to it?

[QinyuanWu]

Looks good!

It seems that the stdarch directory was accidentally updated. Can you revert the changes to it?

@zhassan-aws Done! Waiting for review from another team member.

[celinval]

Thank you. I added a few suggestions but not blockers

[QinyuanWu]

@zhassan-aws I just started to experience kani compiler error without any modification to the previous code:

Kani Rust Verifier 0.56.0 (standalone)
error: attributes starting with `rustc` are reserved for use by the `rustc` compiler
    --> /Users/owo/Desktop/verify-rust-std/library/core/src/intrinsics.rs:2723:7
     |
2723 |     #[rustc_safe_intrinsic]
     |       ^^^^^^^^^^^^^^^^^^^^

error: attributes starting with `rustc` are reserved for use by the `rustc` compiler
    --> /Users/owo/Desktop/verify-rust-std/library/core/src/intrinsics.rs:2614:7
     |
2614 |     #[rustc_safe_intrinsic]
     |       ^^^^^^^^^^^^^^^^^^^^

Not sure if this is the same issue with PR #127

[zhassan-aws]

@zhassan-aws I just started to experience kani compiler error without any modification to the previous code:

Kani Rust Verifier 0.56.0 (standalone)
error: attributes starting with `rustc` are reserved for use by the `rustc` compiler
    --> /Users/owo/Desktop/verify-rust-std/library/core/src/intrinsics.rs:2723:7
     |
2723 |     #[rustc_safe_intrinsic]
     |       ^^^^^^^^^^^^^^^^^^^^

error: attributes starting with `rustc` are reserved for use by the `rustc` compiler
    --> /Users/owo/Desktop/verify-rust-std/library/core/src/intrinsics.rs:2614:7
     |
2614 |     #[rustc_safe_intrinsic]
     |       ^^^^^^^^^^^^^^^^^^^^

Not sure if this is the same issue with PR #127

Can you try running using ./scripts/run_kani.sh? We removed CBMC viewer from the installation steps, so it should hopefully work now.

[QinyuanWu]

@zhassan-aws I just started to experience kani compiler error without any modification to the previous code:

Kani Rust Verifier 0.56.0 (standalone)
error: attributes starting with `rustc` are reserved for use by the `rustc` compiler
    --> /Users/owo/Desktop/verify-rust-std/library/core/src/intrinsics.rs:2723:7
     |
2723 |     #[rustc_safe_intrinsic]
     |       ^^^^^^^^^^^^^^^^^^^^

error: attributes starting with `rustc` are reserved for use by the `rustc` compiler
    --> /Users/owo/Desktop/verify-rust-std/library/core/src/intrinsics.rs:2614:7
     |
2614 |     #[rustc_safe_intrinsic]
     |       ^^^^^^^^^^^^^^^^^^^^

Not sure if this is the same issue with PR #127

Can you try running using ./scripts/run_kani.sh? We removed CBMC viewer from the installation steps, so it should hopefully work now.

I resolved these errors by building kani from the features/verify-rust-std branch, but the errors in #127 still persists.
For the script, I pulled the latest changes from main and it seems like cbmc-viewer is still being installed/upgraded:

==> Upgrading aws/tap/cbmc-viewer
  3.9 -> 3.10 
Error: Your Command Line Tools are too outdated.
Update them from Software Update in System Settings.

@zhassan-aws @celinval Waiting approval to start the merge workflow.

[carolynzech]

trigger approval workflow