Refine challenges #247
Refine challenges #247
Conversation
| @@ -1,6 +1,6 @@ | |||
| # Challenge 6: Safety of NonNull | |||
|
|
|||
| - **Status:** Open | |||
| - **Status:** Resolved | |||
There was a problem hiding this comment.
Are we sure this is done? I haven't checked, but IIRC there hasn't been work on it since the CMU students left, and I'd be surprised if they finished it and didn't mark it as resolved themselves.
There was a problem hiding this comment.
I checked and added the contracts and harnesses for the 3 remaining functions. I believe is is considered resolved now. The code of the harnesses is a little bit messy but it is not hard to be cleaned up later.
| @@ -1,6 +1,6 @@ | |||
| # Challenge 14: Safety of Primitive Conversions | |||
|
|
|||
| - **Status:** Open | |||
| - **Status:** Resolved | |||
There was a problem hiding this comment.
As a high-level comment (applies to all three), we like to give credit to those who contributed to the solution (see https://github.com/model-checking/verify-rust-std/pull/224/files) and close the challenge issues as well.
There was a problem hiding this comment.
Now that this is done, you should update the PR description to resolve the corresponding challenge issue.
library/Cargo.lock
Outdated
doc/src/challenges/0006-nonnull.md
Outdated
| - **Tracking Issue:** [#53](https://github.com/model-checking/verify-rust-std/issues/53) | ||
| - **Start date:** *2024/08/16* | ||
| - **End date:** *2025/04/10* | ||
| - **Reward:** *N/A* | ||
|
|
||
| - **Contributors**: [Quinyuan Wu](https://github.com/QinyuanWu), [Daniel Tu](https://github.com/danielhumanmod), Dhvani Kapadia(https://github.com/Dhvani-Kapadia) and JY(https://github.com/Jimmycreative) |
There was a problem hiding this comment.
You can give yourself credit too if you wrote some harnesses :) but up to you.
There was a problem hiding this comment.
Also, let's use full names (Jiun Chi Yang) instead of JY.
| @@ -1,6 +1,6 @@ | |||
| # Challenge 14: Safety of Primitive Conversions | |||
|
|
|||
| - **Status:** Open | |||
| - **Status:** Resolved | |||
There was a problem hiding this comment.
Now that this is done, you should update the PR description to resolve the corresponding challenge issue.
library/core/src/ptr/non_null.rs
Outdated
| count <= isize::MAX as usize && | ||
| (count as isize).checked_mul(core::mem::size_of::<T>() as isize).is_some() && | ||
| (self.as_ptr() as isize).checked_add((count as isize).wrapping_mul(core::mem::size_of::<T>() as isize)).is_some() && | ||
| //(count == 0 || ub_checks::same_allocation(self.as_ptr() as *const (), self.as_ptr().wrapping_offset(count as isize) as *const ())) && |
There was a problem hiding this comment.
We shouldn't merge commented out code.
| #[ensures(|_| | ||
| ub_checks::can_dereference(crate::ptr::slice_from_raw_parts(self.as_ptr() as *const u8, count * size_of::<T>())))] |
There was a problem hiding this comment.
Not sure about this ensures clause... what's the rationale?
library/core/src/ptr/non_null.rs
Outdated
| (count as isize).checked_mul(core::mem::size_of::<T>() as isize).is_some() && | ||
| (self.as_ptr() as isize).checked_add((count as isize).wrapping_mul(core::mem::size_of::<T>() as isize)).is_some() && | ||
| //(count == 0 || ub_checks::same_allocation(self.as_ptr() as *const (), self.as_ptr().wrapping_offset(count as isize) as *const ())) && | ||
| ub_checks::can_write(core::ptr::slice_from_raw_parts_mut(self.as_ptr(), count)) && |
There was a problem hiding this comment.
The documentation says:
Behavior is undefined if any of the following conditions are violated:
dst must be valid for writes of count * size_of::() bytes.
dst must be properly aligned.
so this validity check should go for count * size_of::<T>() bytes instead of just count.
BTW, I recommend using is_some_and to chain some of your logic together to make it more readable.
There was a problem hiding this comment.
Same comment as above about alignment and the can_write predicate.
library/core/src/ptr/non_null.rs
Outdated
| #[cfg_attr(kani, kani::modifies(self.as_ptr()))] | ||
| #[requires( | ||
| ub_checks::can_write(self.as_ptr()) && | ||
| self.as_ptr().is_aligned() |
There was a problem hiding this comment.
can_write already implies that the pointer is aligned:
verify-rust-std/library/core/src/ub_checks.rs
Lines 191 to 198 in dcae9fe
library/core/src/ptr/non_null.rs
Outdated
| @@ -1217,6 +1234,8 @@ impl<T: ?Sized> NonNull<T> { | |||
| #[cfg_attr(miri, track_caller)] // even without panics, this helps for Miri backtraces | |||
| #[stable(feature = "non_null_convenience", since = "1.80.0")] | |||
| #[rustc_const_stable(feature = "const_ptr_write", since = "1.83.0")] | |||
| #[cfg_attr(kani, kani::modifies(self.as_ptr()))] | |||
| #[requires(ub_checks::can_write(self.as_ptr()))] | |||
There was a problem hiding this comment.
You want can_write_unaligned:
verify-rust-std/library/core/src/ub_checks.rs
Lines 208 to 213 in dcae9fe
In this PR, I refined the existing challenges by:
I don't add more functions to existing challenge to keep each challenge under manageable size. I will create other challenges for functions inside the same modules as the existing ones.
Resolves #ISSUE-NUMBER
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses.