Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NonZero (new_unchecked) Proof for Contract (Init) #109

Merged
merged 15 commits into from
Nov 11, 2024
Merged

NonZero (new_unchecked) Proof for Contract (Init) #109

Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
dffe30b
Initial proof/contract/harness for nonzero:
aa-luna Sep 20, 2024
daf1576
Bytewise comparision (new_unchecked contract)
SahithiMV Oct 6, 2024
21ae29e
Removed kani assumes removed from proof_for_contract
aa-luna Oct 8, 2024
4241687
Macros for data types
SahithiMV Oct 13, 2024
801f9a4
Adding i32 and isize
SahithiMV Oct 13, 2024
eafef0b
Pull Request fixes
aa-luna Oct 20, 2024
3015feb
Pull Request fixes
aa-luna Oct 21, 2024
ce918f8
Update library/core/src/num/nonzero.rs
MooniniteErr Oct 27, 2024
2304fad
Update library/core/src/num/nonzero.rs
MooniniteErr Oct 27, 2024
14a50e2
Update library/core/src/num/nonzero.rs
aa-luna Oct 27, 2024
acef65a
Update library/core/src/num/nonzero.rs
aa-luna Oct 27, 2024
4d3efd1
Update library/core/src/num/nonzero.rs
aa-luna Oct 27, 2024
7bc64eb
doc: add explanations for const function attribute
aa-luna Nov 3, 2024
82ff59c
Merge branch 'main' into main
aa-luna Nov 8, 2024
4ce34b5
Merge branch 'main' into main
aa-luna Nov 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 57 additions & 1 deletion library/core/src/num/nonzero.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,9 @@ use crate::ops::{BitOr, BitOrAssign, Div, DivAssign, Neg, Rem, RemAssign};
use crate::panic::{RefUnwindSafe, UnwindSafe};
use crate::str::FromStr;
use crate::{fmt, intrinsics, ptr, ub_checks};

use safety::{ensures, requires};
#[cfg(kani)]
use crate::kani;
/// A marker trait for primitive types which can be zero.
///
/// This is an implementation detail for <code>[NonZero]\<T></code> which may disappear or be replaced at any time.
Expand Down Expand Up @@ -364,6 +366,27 @@ where
#[rustc_const_stable(feature = "nonzero", since = "1.28.0")]
#[must_use]
#[inline]
// #[rustc_allow_const_fn_unstable(const_refs_to_cell)] enables byte-level
// comparisons within const functions. This is needed here to validate the
// contents of `T` by converting a pointer to a `u8` slice for our `requires`
// and `ensures` checks.
#[rustc_allow_const_fn_unstable(const_refs_to_cell)]
SahithiMV marked this conversation as resolved.
Show resolved Hide resolved
#[requires({
let size = core::mem::size_of::<T>();
let ptr = &n as *const T as *const u8;
let slice = unsafe { core::slice::from_raw_parts(ptr, size) };
!slice.iter().all(|&byte| byte == 0)
})]
#[ensures(|result: &Self|{
let size = core::mem::size_of::<T>();
let n_ptr: *const T = &n;
let result_inner: T = result.get();
let result_ptr: *const T = &result_inner;
let n_slice = unsafe { core::slice::from_raw_parts(n_ptr as *const u8, size) };
let result_slice = unsafe { core::slice::from_raw_parts(result_ptr as *const u8, size) };

n_slice == result_slice
})]
pub const unsafe fn new_unchecked(n: T) -> Self {
match Self::new(n) {
Some(n) => n,
Expand Down Expand Up @@ -2159,3 +2182,36 @@ nonzero_integer! {
swapped = "0x5634129078563412",
reversed = "0x6a2c48091e6a2c48",
}

#[unstable(feature="kani", issue="none")]
#[cfg(kani)]
mod verify {
use super::*;

macro_rules! nonzero_check {
($t:ty, $nonzero_type:ty, $nonzero_check_new_unchecked_for:ident) => {
#[kani::proof_for_contract(NonZero::new_unchecked)]
pub fn $nonzero_check_new_unchecked_for() {
let x: $t = kani::any(); // Generates a symbolic value of the provided type

unsafe {
<$nonzero_type>::new_unchecked(x); // Calls NonZero::new_unchecked for the specified NonZero type
}
}
};
}

// Use the macro to generate different versions of the function for multiple types
nonzero_check!(i8, core::num::NonZeroI8, nonzero_check_new_unchecked_for_i8);
nonzero_check!(i16, core::num::NonZeroI16, nonzero_check_new_unchecked_for_16);
nonzero_check!(i32, core::num::NonZeroI32, nonzero_check_new_unchecked_for_32);
nonzero_check!(i64, core::num::NonZeroI64, nonzero_check_new_unchecked_for_64);
nonzero_check!(i128, core::num::NonZeroI128, nonzero_check_new_unchecked_for_128);
nonzero_check!(isize, core::num::NonZeroIsize, nonzero_check_new_unchecked_for_isize);
nonzero_check!(u8, core::num::NonZeroU8, nonzero_check_new_unchecked_for_u8);
nonzero_check!(u16, core::num::NonZeroU16, nonzero_check_new_unchecked_for_u16);
nonzero_check!(u32, core::num::NonZeroU32, nonzero_check_new_unchecked_for_u32);
nonzero_check!(u64, core::num::NonZeroU64, nonzero_check_new_unchecked_for_u64);
nonzero_check!(u128, core::num::NonZeroU128, nonzero_check_new_unchecked_for_u128);
nonzero_check!(usize, core::num::NonZeroUsize, nonzero_check_new_unchecked_for_usize);
}
Loading