Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Contracts & Harnesses for non_null::new and non_null::new_unchecked #88

Merged
merged 13 commits into from
Sep 27, 2024
Merged

Contracts & Harnesses for non_null::new and non_null::new_unchecked #88

Changes from 7 commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
410afd2
added contract and proof for new_unchecked
Sep 12, 2024
83e7dea
add use safety
Sep 12, 2024
ceb381d
verification result
Sep 12, 2024
9f96cf5
make harness function name unique
QinyuanWu Sep 13, 2024
de1088c
add new_unchcked result and remove the old one
QinyuanWu Sep 14, 2024
5a4eaae
contract and harness for new
QinyuanWu Sep 18, 2024
5b94831
remove outdated kani log
QinyuanWu Sep 18, 2024
774a5df
code clean up and format
QinyuanWu Sep 20, 2024
a0b1007
remove example.rs
QinyuanWu Sep 20, 2024
d623d96
move use statement to verify module
QinyuanWu Sep 20, 2024
e43483e
Merge branch 'main' into new-unchecked
zhassan-aws Sep 20, 2024
10f824c
pass in all possible value of a raw pointer to new_unchecked
QinyuanWu Sep 25, 2024
2cb3469
Merge branch 'model-checking:main' into new-unchecked
QinyuanWu Sep 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 36 additions & 0 deletions library/core/src/ptr/non_null.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
use super::*;
QinyuanWu marked this conversation as resolved.
Show resolved Hide resolved
use crate::cmp::Ordering;
use crate::marker::Unsize;
use crate::mem::{MaybeUninit, SizedTypeProperties};
Expand All @@ -8,6 +9,10 @@ use crate::ptr::Unique;
use crate::slice::{self, SliceIndex};
use crate::ub_checks::assert_unsafe_precondition;
use crate::{fmt, hash, intrinsics, ptr};
use safety::{ensures, requires};

#[cfg(kani)]
use crate::kani;

/// `*mut T` but non-zero and [covariant].
///
Expand Down Expand Up @@ -192,6 +197,8 @@ impl<T: ?Sized> NonNull<T> {
#[stable(feature = "nonnull", since = "1.25.0")]
#[rustc_const_stable(feature = "const_nonnull_new_unchecked", since = "1.25.0")]
#[inline]
#[requires(!ptr.is_null())]
#[ensures(|result| result.as_ptr() == ptr)]
pub const unsafe fn new_unchecked(ptr: *mut T) -> Self {
// SAFETY: the caller must guarantee that `ptr` is non-null.
unsafe {
Expand Down Expand Up @@ -221,6 +228,8 @@ impl<T: ?Sized> NonNull<T> {
#[stable(feature = "nonnull", since = "1.25.0")]
#[rustc_const_unstable(feature = "const_nonnull_new", issue = "93235")]
#[inline]
#[ensures(|result| result.is_some() == !ptr.is_null())]
#[ensures(|result| result.is_none() || result.expect("ptr is null!").as_ptr() == ptr)]
pub const fn new(ptr: *mut T) -> Option<Self> {
if !ptr.is_null() {
// SAFETY: The pointer is already checked and is not null
Expand Down Expand Up @@ -1770,3 +1779,30 @@ impl<T: ?Sized> From<&T> for NonNull<T> {
unsafe { NonNull { pointer: reference as *const T } }
}
}

//#[unstable(feature="kani", issue="none")]
QinyuanWu marked this conversation as resolved.
Show resolved Hide resolved
mod verify {
use super::*;

// pub const unsafe fn new_unchecked(ptr: *mut T) -> Self
#[kani::proof_for_contract(NonNull::new_unchecked)]
pub fn non_null_check_new_unchecked() {
let mut x : i32 = kani::any();
QinyuanWu marked this conversation as resolved.
Show resolved Hide resolved
let xptr = &mut x;
unsafe {
let _ = NonNull::new_unchecked(xptr as *mut i32);
QinyuanWu marked this conversation as resolved.
Show resolved Hide resolved
}
}

// pub const unsafe fn new(ptr: *mut T) -> Option<Self>
#[kani::proof_for_contract(NonNull::new)]
pub fn non_null_check_new() {
let mut x : i32 = kani::any();
let xptr = &mut x;
unsafe {
QinyuanWu marked this conversation as resolved.
Show resolved Hide resolved
let nonnull_ptr = NonNull::new(xptr as *mut i32);
let null_ptr = NonNull::<u32>::new(null_mut());
QinyuanWu marked this conversation as resolved.
Show resolved Hide resolved
assert!(null_ptr.is_none());
}
}
}
QinyuanWu marked this conversation as resolved.
Show resolved Hide resolved
Loading