model-checking · tautschnig · Dec 11, 2024 · Oct 5, 2024 · Oct 7, 2024 · Oct 7, 2024
diff --git a/library/core/src/num/mod.rs b/library/core/src/num/mod.rs
@@ -1585,7 +1585,6 @@ from_str_radix_size_impl! { i16 isize, u16 usize }
 from_str_radix_size_impl! { i32 isize, u32 usize }
 #[cfg(target_pointer_width = "64")]
 from_str_radix_size_impl! { i64 isize, u64 usize }
-
 #[cfg(kani)]
 #[unstable(feature = "kani", issue = "none")]
 mod verify {

@@ -1,5 +1,6 @@
 use crate::cmp::Ordering;
 use crate::marker::Unsize;
+//use crate::num::NonZeroUsize;
 use crate::mem::{MaybeUninit, SizedTypeProperties};
 use crate::num::NonZero;
 use crate::ops::{CoerceUnsized, DispatchFromDyn};
@@ -476,6 +477,12 @@ impl<T: ?Sized> NonNull<T> {
     #[must_use = "returns a new pointer rather than modifying its argument"]
     #[stable(feature = "non_null_convenience", since = "1.80.0")]
     #[rustc_const_stable(feature = "non_null_convenience", since = "1.80.0")]
+    // Requires that the input pointer is not null
+    #[kani::requires(!self.as_ptr().is_null())]
+    // Requires that multiplying count by the size of T doesn't overflow isize
+    #[kani::requires(count.checked_mul(core::mem::size_of::<T>() as isize).is_some())]
+    //Two conditions for postconditions: 1.Resulting pointer is not null 2.Safe operation of pointer arithmetic
+    #[kani::ensures(|result: &NonNull<T>|  !result.as_ptr().is_null() && (result.as_ptr() as isize) == (self.as_ptr() as isize).wrapping_add(count.wrapping_mul(core::mem::size_of::<T>() as isize)))]
     pub const unsafe fn offset(self, count: isize) -> Self
     where
         T: Sized,
@@ -663,6 +670,12 @@ impl<T: ?Sized> NonNull<T> {
     #[rustc_allow_const_fn_unstable(set_ptr_value)]
     #[stable(feature = "non_null_convenience", since = "1.80.0")]
     #[rustc_const_stable(feature = "non_null_convenience", since = "1.80.0")]
+    //Requires that the input pointer is not null
+    #[kani::requires(!self.as_ptr().is_null())]
+    // Requires that count doesnt exceed Max
+    #[kani::requires(count <= isize::MAX as usize)] 
+    //Ensures that result is not null
+    #[kani::ensures(|result: &NonNull<T>| !result.as_ptr().is_null())] 
     pub const unsafe fn byte_sub(self, count: usize) -> Self {
         // SAFETY: the caller must uphold the safety contract for `sub` and `byte_sub` has the same
         // safety contract.
@@ -1803,4 +1816,44 @@ mod verify {
         let maybe_null_ptr =  if kani::any() { xptr as *mut i32 } else { null_mut() };
         let _ = NonNull::new(maybe_null_ptr);
     }
+   #[kani::proof_for_contract(NonNull::byte_sub)]
+    pub fn non_null_check_byte_sub() {
+    // Initializing array of size 10000
+    const ARR_SIZE: usize = 100000;
+    let arr: [i32; ARR_SIZE] = kani::any();
+    //Randomizing start pointer within array
+    let offset = kani::any_where(|x| *x <= ARR_SIZE);
+    // Create a NonNull pointer to the end of the array
+    let raw_ptr: *mut i32 = unsafe { arr.as_ptr().add(offset) as *mut i32 };
+    let ptr = unsafe { NonNull::new(raw_ptr).unwrap() };
+    // Choose an arbitrary count to subtract
+    let count: usize = kani::any();
+    // Ensure that the subtraction doesnt go out of bounds of array
+     kani::assume(count < ARR_SIZE - offset);
+  unsafe {
+     // Perform the byte_sub operation
+     let result = ptr.byte_sub(count);
+  }}
+
+  #[kani::proof_for_contract(NonNull::offset)]
+   pub fn non_null_check_offset(){
+        //Initializing array of size 10000
+        const ARR_SIZE: usize = 10000;
+        let arr: [i32; ARR_SIZE] = kani::any(); 
+         // Randomizing start pointer within array
+        let start_offset = kani::any_where(|x| *x < ARR_SIZE);
+        // Creating a NonNull pointer to a random position within the array
+        let ptr = unsafe { NonNull::new(arr.as_ptr().add(start_offset) as *mut i32).unwrap() };
+        // Choose an arbitrary count to offset
+        let count: isize = kani::any();
+        // Constraining the count to ensure it doesn't go out of bounds
+        kani::assume(
+            (count >= 0 && (count as usize) < ARR_SIZE - start_offset) ||
+            (count < 0 && count.unsigned_abs() <= start_offset)
+        );
+        unsafe {
+            // Perform the offset operation
+            let result = ptr.offset(count);
+        }
+    }
 }
diff --git a/library/core/src/ptr/target/kani_verify_std/Cargo.toml b/library/core/src/ptr/target/kani_verify_std/Cargo.toml
@@ -0,0 +1,6 @@
+[package]
+name = "kani_verify_std"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]
diff --git a/library/core/src/ptr/target/kani_verify_std/src/lib.rs b/library/core/src/ptr/target/kani_verify_std/src/lib.rs
@@ -0,0 +1,14 @@
+pub fn add(left: u64, right: u64) -> u64 {
+    left + right
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn it_works() {
+        let result = add(2, 2);
+        assert_eq!(result, 4);
+    }
+}
diff --git a/library/target/.rustc_info.json b/library/target/.rustc_info.json
@@ -0,0 +1 @@
+{"rustc_fingerprint":16687169700156757383,"outputs":{"10106512464066337823":{"success":true,"status":"","code":0,"stdout":"___\nlib___.rlib\nlib___.dylib\nlib___.dylib\nlib___.a\nlib___.dylib\n/Users/dhvanikapadia/.rustup/toolchains/nightly-2024-09-03-x86_64-apple-darwin\noff\npacked\nunpacked\n___\ndebug_assertions\nfmt_debug=\"full\"\nkani_host\noverflow_checks\npanic=\"unwind\"\nproc_macro\nrelocation_model=\"pic\"\ntarget_abi=\"\"\ntarget_arch=\"x86_64\"\ntarget_endian=\"little\"\ntarget_env=\"\"\ntarget_family=\"unix\"\ntarget_feature=\"cmpxchg16b\"\ntarget_feature=\"fxsr\"\ntarget_feature=\"lahfsahf\"\ntarget_feature=\"sse\"\ntarget_feature=\"sse2\"\ntarget_feature=\"sse3\"\ntarget_feature=\"sse4.1\"\ntarget_feature=\"ssse3\"\ntarget_has_atomic\ntarget_has_atomic=\"128\"\ntarget_has_atomic=\"16\"\ntarget_has_atomic=\"32\"\ntarget_has_atomic=\"64\"\ntarget_has_atomic=\"8\"\ntarget_has_atomic=\"ptr\"\ntarget_has_atomic_equal_alignment=\"128\"\ntarget_has_atomic_equal_alignment=\"16\"\ntarget_has_atomic_equal_alignment=\"32\"\ntarget_has_atomic_equal_alignment=\"64\"\ntarget_has_atomic_equal_alignment=\"8\"\ntarget_has_atomic_equal_alignment=\"ptr\"\ntarget_has_atomic_load_store\ntarget_has_atomic_load_store=\"128\"\ntarget_has_atomic_load_store=\"16\"\ntarget_has_atomic_load_store=\"32\"\ntarget_has_atomic_load_store=\"64\"\ntarget_has_atomic_load_store=\"8\"\ntarget_has_atomic_load_store=\"ptr\"\ntarget_os=\"macos\"\ntarget_pointer_width=\"64\"\ntarget_thread_local\ntarget_vendor=\"apple\"\nub_checks\nunix\n","stderr":""},"3303698679050187852":{"success":true,"status":"","code":0,"stdout":"___\nlib___.rlib\nlib___.dylib\nlib___.dylib\nlib___.a\nlib___.dylib\n/Users/dhvanikapadia/.rustup/toolchains/nightly-2024-09-03-x86_64-apple-darwin\noff\npacked\nunpacked\n___\ndebug_assertions\nfmt_debug=\"full\"\nkani\noverflow_checks\npanic=\"abort\"\nproc_macro\nrelocation_model=\"pic\"\ntarget_abi=\"\"\ntarget_arch=\"x86_64\"\ntarget_endian=\"little\"\ntarget_env=\"\"\ntarget_family=\"unix\"\ntarget_has_atomic\ntarget_has_atomic=\"128\"\ntarget_has_atomic=\"16\"\ntarget_has_atomic=\"32\"\ntarget_has_atomic=\"64\"\ntarget_has_atomic=\"8\"\ntarget_has_atomic=\"ptr\"\ntarget_has_atomic_equal_alignment=\"128\"\ntarget_has_atomic_equal_alignment=\"16\"\ntarget_has_atomic_equal_alignment=\"32\"\ntarget_has_atomic_equal_alignment=\"64\"\ntarget_has_atomic_equal_alignment=\"8\"\ntarget_has_atomic_equal_alignment=\"ptr\"\ntarget_has_atomic_load_store\ntarget_has_atomic_load_store=\"128\"\ntarget_has_atomic_load_store=\"16\"\ntarget_has_atomic_load_store=\"32\"\ntarget_has_atomic_load_store=\"64\"\ntarget_has_atomic_load_store=\"8\"\ntarget_has_atomic_load_store=\"ptr\"\ntarget_os=\"macos\"\ntarget_pointer_width=\"64\"\ntarget_thread_local\ntarget_vendor=\"apple\"\nub_checks\nunix\n","stderr":""},"4614504638168534921":{"success":true,"status":"","code":0,"stdout":"rustc 1.83.0-nightly (bd53aa3bf 2024-09-02)\nbinary: rustc\ncommit-hash: bd53aa3bf7a24a70d763182303bd75e5fc51a9af\ncommit-date: 2024-09-02\nhost: x86_64-apple-darwin\nrelease: 1.83.0-nightly\nLLVM version: 19.1.0\n","stderr":""}},"successes":{}}
diff --git a/library/target/kani_verify_std/Cargo.toml b/library/target/kani_verify_std/Cargo.toml
@@ -0,0 +1,6 @@
+[package]
+name = "kani_verify_std"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]
diff --git a/library/target/kani_verify_std/src/lib.rs b/library/target/kani_verify_std/src/lib.rs
@@ -0,0 +1,14 @@
+pub fn add(left: u64, right: u64) -> u64 {
+    left + right
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn it_works() {
+        let result = add(2, 2);
+        assert_eq!(result, 4);
+    }
+}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		{"rustc_fingerprint":16687169700156757383,"outputs":{"10106512464066337823":{"success":true,"status":"","code":0,"stdout":"___\nlib___.rlib\nlib___.dylib\nlib___.dylib\nlib___.a\nlib___.dylib\n/Users/dhvanikapadia/.rustup/toolchains/nightly-2024-09-03-x86_64-apple-darwin\noff\npacked\nunpacked\n___\ndebug_assertions\nfmt_debug=\"full\"\nkani_host\noverflow_checks\npanic=\"unwind\"\nproc_macro\nrelocation_model=\"pic\"\ntarget_abi=\"\"\ntarget_arch=\"x86_64\"\ntarget_endian=\"little\"\ntarget_env=\"\"\ntarget_family=\"unix\"\ntarget_feature=\"cmpxchg16b\"\ntarget_feature=\"fxsr\"\ntarget_feature=\"lahfsahf\"\ntarget_feature=\"sse\"\ntarget_feature=\"sse2\"\ntarget_feature=\"sse3\"\ntarget_feature=\"sse4.1\"\ntarget_feature=\"ssse3\"\ntarget_has_atomic\ntarget_has_atomic=\"128\"\ntarget_has_atomic=\"16\"\ntarget_has_atomic=\"32\"\ntarget_has_atomic=\"64\"\ntarget_has_atomic=\"8\"\ntarget_has_atomic=\"ptr\"\ntarget_has_atomic_equal_alignment=\"128\"\ntarget_has_atomic_equal_alignment=\"16\"\ntarget_has_atomic_equal_alignment=\"32\"\ntarget_has_atomic_equal_alignment=\"64\"\ntarget_has_atomic_equal_alignment=\"8\"\ntarget_has_atomic_equal_alignment=\"ptr\"\ntarget_has_atomic_load_store\ntarget_has_atomic_load_store=\"128\"\ntarget_has_atomic_load_store=\"16\"\ntarget_has_atomic_load_store=\"32\"\ntarget_has_atomic_load_store=\"64\"\ntarget_has_atomic_load_store=\"8\"\ntarget_has_atomic_load_store=\"ptr\"\ntarget_os=\"macos\"\ntarget_pointer_width=\"64\"\ntarget_thread_local\ntarget_vendor=\"apple\"\nub_checks\nunix\n","stderr":""},"3303698679050187852":{"success":true,"status":"","code":0,"stdout":"___\nlib___.rlib\nlib___.dylib\nlib___.dylib\nlib___.a\nlib___.dylib\n/Users/dhvanikapadia/.rustup/toolchains/nightly-2024-09-03-x86_64-apple-darwin\noff\npacked\nunpacked\n___\ndebug_assertions\nfmt_debug=\"full\"\nkani\noverflow_checks\npanic=\"abort\"\nproc_macro\nrelocation_model=\"pic\"\ntarget_abi=\"\"\ntarget_arch=\"x86_64\"\ntarget_endian=\"little\"\ntarget_env=\"\"\ntarget_family=\"unix\"\ntarget_has_atomic\ntarget_has_atomic=\"128\"\ntarget_has_atomic=\"16\"\ntarget_has_atomic=\"32\"\ntarget_has_atomic=\"64\"\ntarget_has_atomic=\"8\"\ntarget_has_atomic=\"ptr\"\ntarget_has_atomic_equal_alignment=\"128\"\ntarget_has_atomic_equal_alignment=\"16\"\ntarget_has_atomic_equal_alignment=\"32\"\ntarget_has_atomic_equal_alignment=\"64\"\ntarget_has_atomic_equal_alignment=\"8\"\ntarget_has_atomic_equal_alignment=\"ptr\"\ntarget_has_atomic_load_store\ntarget_has_atomic_load_store=\"128\"\ntarget_has_atomic_load_store=\"16\"\ntarget_has_atomic_load_store=\"32\"\ntarget_has_atomic_load_store=\"64\"\ntarget_has_atomic_load_store=\"8\"\ntarget_has_atomic_load_store=\"ptr\"\ntarget_os=\"macos\"\ntarget_pointer_width=\"64\"\ntarget_thread_local\ntarget_vendor=\"apple\"\nub_checks\nunix\n","stderr":""},"4614504638168534921":{"success":true,"status":"","code":0,"stdout":"rustc 1.83.0-nightly (bd53aa3bf 2024-09-02)\nbinary: rustc\ncommit-hash: bd53aa3bf7a24a70d763182303bd75e5fc51a9af\ncommit-date: 2024-09-02\nhost: x86_64-apple-darwin\nrelease: 1.83.0-nightly\nLLVM version: 19.1.0\n","stderr":""}},"successes":{}}