Giter VIP home page Giter VIP logo

Comments (3)

pi314mm avatar pi314mm commented on July 17, 2024

It seems as though deleting

fn visit_receiver(&mut self, _: &'ast syn::Receiver) {
    self.0.insert(Ident::new("self", proc_macro2::Span::call_site()));
}

From the initialize.rs file has no impact on the current tests. This means we are not properly testing consuming the self parameter in a function properly.

This is related to this change as self falls into the same category of arguments that need to be unsafely copied, but adds a layer of complication as self is a reserved keyword and cannot be reassigned.

from kani.

pi314mm avatar pi314mm commented on July 17, 2024

The following two test cases seem to fail kani's checks. Copy is derived in both situations, so it would make sense for the struct to be available in the ensures statement. However, since we are doing an untracked dereference, I suspect that rust memory checker thinks that the memory is no longer needed after the function and frees it, so self_renamed and x_renamed no longer point at valid pieces of data after the function.

// Copyright Kani Contributors
// SPDX-License-Identifier: Apache-2.0 OR MIT
// kani-flags: -Zfunction-contracts

#[derive(Clone,Copy)]
struct DestructSelf;

impl DestructSelf {
    #[kani::requires(self.five()==5)]
    #[kani::ensures(|_| self.five()==5)]
    fn eat(self : DestructSelf){
    }
    fn five(self : &DestructSelf) -> u32{
        5
    }
}

#[kani::proof_for_contract(DestructSelf::eat)]
fn eat_harness() {
    let x = DestructSelf;
    x.eat()
}
// Copyright Kani Contributors
// SPDX-License-Identifier: Apache-2.0 OR MIT
// kani-flags: -Zfunction-contracts

#[derive(Clone,Copy)]
struct Five;

impl Five {
    fn five(self : &Five) -> u32{
        5
    }
}

#[kani::ensures(|result : &Five| x.five() == result.five())]
fn id(x : Five) -> Five {
    x
}

#[kani::proof_for_contract(id)]
fn eat_harness() {
    let x = Five;
    id(x);
}

from kani.

pi314mm avatar pi314mm commented on July 17, 2024

Changed the variable that the old implementation was using so that it uses the variable tracked by rust and not the one that is untracked. This means this is still an issue for the ensures statement as seen in the past two test cases, but no longer for old statements.

from kani.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.