Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CONTRACTS: optimize is_fresh separation checks, add ptr predicate uniqueness checks #8573

Closed
wants to merge 2 commits into from
Closed

CONTRACTS: optimize is_fresh separation checks, add ptr predicate uniqueness checks #8573

wants to merge 2 commits into from

Conversation

remi-delmas-3000
Copy link
Collaborator

@remi-delmas-3000 remi-delmas-3000 commented Jan 22, 2025
edited
Loading

  • Replaces a bool array indexed by object ID by a nondet demonic variable to
    track the set of fresh objects and implement separation checks.
  • Ensures requires or ensures clause assume/assert at most one predicate
    per pointer by tracking locations where these pointers are stored and adding
    separation checks on them as well. This is necessary to catch and reject occurences like
    __CPROVER_is_fresh(p, size) && __CPROVER_is_fresh(p, size) that would pass in assume
    contexts by allocating twice but fail in assert contexts.
  • Adds a new type __CPROVER_contracts_ptr_pred_ctx_t in cprover_contracts.c
    to store all contextual information needed to evaluate all pointer predicates.
  • Propagate changes to dfcc_libraryt and dfcc_wrapper_programt.
  • Add new tests for pointer assumption uniqueness checks.
  • Fix failing tests that used is_fresh under negation in ensures.
  • Update dev doc
  • Each commit message has a non-empty body, explaining why the change was made.
  • Methods or procedures I have added are documented, following the guidelines provided in CODING_STANDARD.md.
  • The feature or user visible behaviour I have added or modified has been documented in the User Guide in doc/cprover-manual/
  • Regression or unit tests are included, or existing tests cover the modified code (in this case I have detailed which ones those are in the commit message).
  • My commit message includes data points confirming performance improvements (if claimed).
  • My PR is restricted to a single feature or bugfix.
  • White-space or formatting changes outside the feature-related changed lines are in commits of their own.

@remi-delmas-3000 remi-delmas-3000 marked this pull request as draft January 22, 2025 17:10
@remi-delmas-3000 remi-delmas-3000 force-pushed the contracts-obj-set--demonic branch 2 times, most recently from da879dc to 0e93b07 Compare January 22, 2025 18:53
@feliperodri feliperodri added the Code Contracts Function and loop contracts label Jan 22, 2025
@remi-delmas-3000 remi-delmas-3000 force-pushed the contracts-obj-set--demonic branch from 0e93b07 to e9b20d8 Compare January 24, 2025 15:59
@remi-delmas-3000 remi-delmas-3000 changed the title CONTRACTS: demonic encoding for is_fresh separation checks and uniqueness of pointer requires/ensures CONTRACTS: optimize is_fresh separation checks, add ptr predicate uniqueness checks Jan 24, 2025
@remi-delmas-3000 remi-delmas-3000 marked this pull request as ready for review January 24, 2025 16:02
CONTRACTS: optimize is_fresh separation checks, add ptr predicate uni…
ab4853d 
…queness checks

- Replaces a bool array indexed by object ID by a nondet demonic variable to
track the set of fresh objects and implement separation checks.
- Ensures requires or ensures clause assume/assert at most one predicate
per pointer by tracking locations where these pointers are stored and adding
separation checks on them as well. This is necessary to catch occurences like
`__CPROVER_is_fresh(p, size) && __CPROVER_is_fresh(p, size)` in assume contexts.
- Adds a new type `__CPROVER_contracts_ptr_pred_ctx_t` in `cprover_contracts.c`
to store all contextual information needed to evaluate all pointer predicates.
- Propagate changes to `dfcc_libraryt` and `dfcc_wrapper_programt`.
- Add new tests for pointer assumption uniqueness checks.
- Fix failing tests that used is_fresh under negation in ensures.
- Update dev doc
@remi-delmas-3000 remi-delmas-3000 force-pushed the contracts-obj-set--demonic branch from e9b20d8 to ab4853d Compare January 24, 2025 16:06
@codecov Codecov
Copy link

codecov bot commented Jan 24, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 82.05128% with 7 lines in your changes missing coverage. Please review.

Project coverage is 78.85%. Comparing base (3d79560) to head (d7d0aec).

Files with missing lines Patch % Lines
.../contracts/dynamic-frames/dfcc_wrapper_program.cpp 70.00% 6 Missing ⚠️
...strument/contracts/dynamic-frames/dfcc_library.cpp 93.75% 1 Missing ⚠️
Additional details and impacted files 
@@             Coverage Diff             @@
##           develop    #8573      +/-   ##
===========================================
- Coverage    78.92%   78.85%   -0.07%     
===========================================
  Files         1732     1732              
  Lines       198953   199119     +166     
  Branches     18560    18560              
===========================================
+ Hits        157021   157023       +2     
- Misses       41932    42096     +164

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@remi-delmas-3000
Copy link
Collaborator Author

remi-delmas-3000 commented Jan 25, 2025
edited
Loading

@tautschnig I see some perf regressions on the AWS-commons library but the patch includes additional checks anyways. I'll iterate once more on this.

hanno-becker added a commit to pq-code-package/mlkem-native that referenced this pull request Jan 25, 2025
@hanno-becker
Update CBMC to diffblue/cbmc#8573
6e87470 
Signed-off-by: Hanno Becker <[email protected]>
@hanno-becker hanno-becker mentioned this pull request Jan 25, 2025
Closed
@hanno-becker
Copy link

mlkem-native test here: pq-code-package/mlkem-native#688

@remi-delmas-3000
Copy link
Collaborator Author

Closing, will split the PR in two separate PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tautschnig tautschnig tautschnig approved these changes

@feliperodri feliperodri feliperodri approved these changes

@kroening kroening Awaiting requested review from kroening kroening is a code owner

@peterschrammel peterschrammel Awaiting requested review from peterschrammel peterschrammel is a code owner

Assignees
No one assigned
Labels
Code Contracts Function and loop contracts
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@remi-delmas-3000 @hanno-becker @tautschnig @feliperodri