Skip to content

Commit

Permalink
Merge branch 'main' into challenge-14-intrinsics-simd
Browse files Browse the repository at this point in the history
  • Loading branch information
karthikbhargavan authored Nov 28, 2024
2 parents 68779b4 + 014965a commit 8e2615f
Show file tree
Hide file tree
Showing 23 changed files with 842 additions and 72 deletions.
5 changes: 4 additions & 1 deletion .github/pull_requests.toml
Original file line number Diff line number Diff line change
Expand Up @@ -15,5 +15,8 @@ members = [
"carolynzech",
"robdockins",
"HuStmpHrrr",
"Eh2406"
"Eh2406",
"jswrenn",
"havelund",
"jorajeev"
]
19 changes: 9 additions & 10 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,24 +7,23 @@
This repository is a fork of the official Rust programming
language repository, created solely to verify the Rust standard
library. It should not be used as an alternative to the official
Rust releases. The repository is tool agnostic and welcomes the addition of
Rust releases. The repository is tool agnostic and welcomes the addition of
new tools.

The goal is to have a verified [Rust standard library](https://doc.rust-lang.org/std/) and prove that it is safe.
1. Contributing to the core mechanism of verifying the rust standard library
2. Creating new techniques to perform scalable verification
3. Apply techniques to verify previously unverified parts of the standard library.

## [Kani](https://github.com/model-checking/kani)
For that we are launching a contest that includes a series of challenges that focus on verifying
memory safety and a subset of undefined behaviors in the Rust standard library.
Each challenge describes the goal, the success criteria, and whether it has a financial award to be awarded upon its
successful completion.

The Kani Rust Verifier is a bit-precise model checker for Rust.
Kani verifies:
* Memory safety (e.g., null pointer dereferences)
* User-specified assertions (i.e `assert!(...)`)
* The absence of panics (eg., `unwrap()` on `None` values)
* The absence of some types of unexpected behavior (e.g., arithmetic overflows).
See [our book](https://model-checking.github.io/verify-rust-std/intro.html) for more details on the challenge rules
and the list of existing challenges.

You can find out more about Kani from the [Kani book](https://model-checking.github.io/kani/) or the [Kani repository on Github](https://github.com/model-checking/kani).
We welcome everyone to participate!

## Contact

Expand All @@ -40,7 +39,7 @@ See [SECURITY](https://github.com/model-checking/kani/security/policy) for more
Kani is distributed under the terms of both the MIT license and the Apache License (Version 2.0).
See [LICENSE-APACHE](https://github.com/model-checking/kani/blob/main/LICENSE-APACHE) and [LICENSE-MIT](https://github.com/model-checking/kani/blob/main/LICENSE-MIT) for details.

## Rust
### Rust
Rust is primarily distributed under the terms of both the MIT license and the Apache License (Version 2.0), with portions covered by various BSD-like licenses.

See [the Rust repository](https://github.com/rust-lang/rust) for details.
Expand Down
6 changes: 4 additions & 2 deletions doc/src/challenge_template.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,9 @@
- **Status:** *One of the following: \[Open | Resolved | Expired\]*
- **Solution:** *Option field to point to the PR that solved this challenge.*
- **Tracking Issue:** *Link to issue*
- **Start date:** *YY/MM/DD*
- **End date:** *YY/MM/DD*
- **Start date:** *YYYY/MM/DD*
- **End date:** *YYYY/MM/DD*
- **Reward:** *TBD*[^reward]

-------------------

Expand Down Expand Up @@ -49,3 +50,4 @@ Note: All solutions to verification challenges need to satisfy the criteria esta
in addition to the ones listed above.

[^challenge_id]: The number of the challenge sorted by publication date.
[^reward]: Leave it as TBD when creating a new challenge. This should only be filled by the reward committee.
5 changes: 3 additions & 2 deletions doc/src/challenges/0001-core-transmutation.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,9 @@

- **Status:** Open
- **Tracking Issue:** [#19](https://github.com/model-checking/verify-rust-std/issues/19)
- **Start date:** 2024-06-12
- **End date:** 2024-12-10
- **Start date:** *2024/06/12*
- **End date:** *2025/04/10*
- **Reward:** *N/A*

-------------------

Expand Down
5 changes: 3 additions & 2 deletions doc/src/challenges/0002-intrinsics-memory.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,9 @@

- **Status:** Open
- **Tracking Issue:** [#16](https://github.com/model-checking/verify-rust-std/issues/16)
- **Start date:** *24/06/12*
- **End date:** *24/12/10*
- **Start date:** *2024/06/12*
- **End date:** *2025/04/10*
- **Reward:** *N/A*

-------------------

Expand Down
6 changes: 3 additions & 3 deletions doc/src/challenges/0003-pointer-arithmentic.md
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
# Challenge 3: Verifying Raw Pointer Arithmetic Operations

- **Status:** Open
- **Solution:**
- **Tracking Issue:** [#76](https://github.com/model-checking/verify-rust-std/issues/76)
- **Start date:** 24/06/24
- **End date:** 24/12/10
- **Start date:** *2024/06/24*
- **End date:** *2025/04/10*
- **Reward:** *N/A*

-------------------

Expand Down
5 changes: 3 additions & 2 deletions doc/src/challenges/0004-btree-node.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,9 @@

- **Status:** Open
- **Tracking Issue:** [#77](https://github.com/model-checking/verify-rust-std/issues/77)
- **Start date:** *2024-07-01*
- **End date:** *2024-12-10*
- **Start date:** *2024/07/01*
- **End date:** *2025/04/10*
- **Reward:** *10,000 USD*

-------------------

Expand Down
7 changes: 4 additions & 3 deletions doc/src/challenges/0005-linked-list.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,9 @@

- **Status:** Open
- **Tracking Issue:** [#29](https://github.com/model-checking/verify-rust-std/issues/29)
- **Start date:** *24/07/01*
- **End date:** *24/12/10*
- **Start date:** *2024/07/01*
- **End date:** *2025/04/10*
- **Reward:** *5,000 USD*

-------------------

Expand All @@ -23,7 +24,7 @@ The memory safety of the following public functions that iterating over the inte

| Function | Location |
|---------|---------|
|clearn | alloc::collections::linked_list |
|clear| alloc::collections::linked_list |
|contains| alloc::collections::linked_list |
|split_off| alloc::collections::linked_list |
|remove| alloc::collections::linked_list |
Expand Down
5 changes: 3 additions & 2 deletions doc/src/challenges/0006-nonnull.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,9 @@

- **Status:** Open
- **Tracking Issue:** [#53](https://github.com/model-checking/verify-rust-std/issues/53)
- **Start date:** *2024-08-16*
- **End date:** *2024-12-10*
- **Start date:** *2024/08/16*
- **End date:** *2025/04/10*
- **Reward:** *N/A*

-------------------

Expand Down
5 changes: 3 additions & 2 deletions doc/src/challenges/0007-atomic-types.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,9 @@

- **Status:** Open
- **Tracking Issue:** [#83](https://github.com/model-checking/verify-rust-std/issues/83)
- **Start date:** *2024-10-30*
- **End date:** *2024-12-10*
- **Start date:** *2024/10/30*
- **End date:** *2025/04/10*
- **Reward:** *10,000 USD*

-------------------

Expand Down
5 changes: 3 additions & 2 deletions doc/src/challenges/0008-smallsort.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,9 @@

- **Status:** Open
- **Tracking Issue:** [#56](https://github.com/model-checking/verify-rust-std/issues/56)
- **Start date:** *2024-08-17*
- **End date:** *2024-12-10*
- **Start date:** *2024/08/17*
- **End date:** *2025/04/10*
- **Reward:** *10,000 USD*

-------------------

Expand Down
5 changes: 3 additions & 2 deletions doc/src/challenges/0009-duration.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,9 @@

- **Status:** Open
- **Tracking Issue:** [#72](https://github.com/model-checking/verify-rust-std/issues/72)
- **Start date:** *2024-08-20*
- **End date:** *2024-12-20*
- **Start date:** *2024/08/20*
- **End date:** *2025/04/10*
- **Reward:** *N/A*

-------------------

Expand Down
5 changes: 3 additions & 2 deletions doc/src/challenges/0010-string.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,9 @@

- **Status:** Open
- **Tracking Issue:** [#61](https://github.com/model-checking/verify-rust-std/issues/61)
- **Start date:** *2024-08-19*
- **End date:** *2024-12-10*
- **Start date:** *2024/08/19*
- **End date:** *2025/04/10*
- **Reward:** *N/A*

-------------------

Expand Down
5 changes: 3 additions & 2 deletions doc/src/challenges/0011-floats-ints.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,9 @@

- **Status:** Open
- **Tracking Issue:** [#59](https://github.com/model-checking/verify-rust-std/issues/59)
- **Start date:** *2024-08-20*
- **End date:** *2024-12-10*
- **Start date:** *2024/08/20*
- **End date:** *2025/04/10*
- **Reward:** *N/A*

-------------------

Expand Down
5 changes: 3 additions & 2 deletions doc/src/challenges/0012-nonzero.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,9 @@

- **Status:** Open
- **Tracking Issue:** [#71](https://github.com/model-checking/verify-rust-std/issues/71)
- **Start date:** *2024-08-23*
- **End date:** *2024-12-10*
- **Start date:** *2024/08/23*
- **End date:** *2025/04/10*
- **Reward:** *N/A*

-------------------

Expand Down
5 changes: 3 additions & 2 deletions doc/src/challenges/0013-cstr.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,9 @@
- **Status:** Open
- **Solution:**
- **Tracking Issue:** [#150](https://github.com/model-checking/verify-rust-std/issues/150)
- **Start date:** 2024/11/04
- **End date:** 2025/01/31
- **Start date:** *2024/11/04*
- **End date:** *2025/04/10*
- **Reward:** *N/A*

-------------------
## Goal
Expand Down
14 changes: 12 additions & 2 deletions doc/src/intro.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,22 @@ library](https://doc.rust-lang.org/std/). The goal of this is
to provide automated verification that can be used to verify that a
given Rust standard library implementation is safe.

Verifying the Rust libraries is difficult because:
1. Lack of a specification,
2. Lack of an existing verification mechanism in the Rust ecosystem,
3. The large size of the verification problem,
4. The unknowns of scalable verification.

Given the magnitude and scope of the effort, we believe this should be a community owned effort.
For that, we are launching a contest that includes a series of challenges that focus on verifying
memory safety and a subset of undefined behaviors in the Rust standard library.

Efforts are largely classified in the following areas:

1. Contributing to the core mechanism of verifying the rust standard library
2. Creating new techniques to perform scalable verification
3. Apply techniques to verify previously unverified parts of the standard library.

There is a financial award tied to each challenge per its specification, which is awarded upon its successful completion.

We encourage everyone to watch this repository to be notified of any
changes.
We encourage everyone to watch this repository to be notified of any changes.
2 changes: 1 addition & 1 deletion doc/src/tool_template.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ _Please list the license(s) that are used by your tool, and if to your knowledge
3. \[and so on...\]

## Artifacts
_If there are noteworthy examples of using the tool to perform verificaiton, please include them in this section.Links, papers, etc._
_If there are noteworthy examples of using the tool to perform verification, please include them in this section.Links, papers, etc._

## CI & Versioning
_Please describe how you version the tool and how it will be supported in CI pipelines._
43 changes: 43 additions & 0 deletions library/core/src/ffi/c_str.rs
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,11 @@ use crate::ptr::NonNull;
use crate::slice::memchr;
use crate::{fmt, intrinsics, ops, slice, str};

use crate::ub_checks::Invariant;

#[cfg(kani)]
use crate::kani;

// FIXME: because this is doc(inline)d, we *have* to use intra-doc links because the actual link
// depends on where the item is being documented. however, since this is libcore, we can't
// actually reference libstd or liballoc in intra-doc links. so, the best we can do is remove the
Expand Down Expand Up @@ -207,6 +212,22 @@ impl fmt::Display for FromBytesWithNulError {
}
}

#[unstable(feature = "ub_checks", issue = "none")]
impl Invariant for &CStr {
/**
* Safety invariant of a valid CStr:
* 1. An empty CStr should have a null byte.
* 2. A valid CStr should end with a null-terminator and contains
* no intermediate null bytes.
*/
fn is_safe(&self) -> bool {
let bytes: &[c_char] = &self.inner;
let len = bytes.len();

!bytes.is_empty() && bytes[len - 1] == 0 && !bytes[..len-1].contains(&0)
}
}

impl CStr {
/// Wraps a raw C string with a safe C string wrapper.
///
Expand Down Expand Up @@ -833,3 +854,25 @@ impl Iterator for Bytes<'_> {

#[unstable(feature = "cstr_bytes", issue = "112115")]
impl FusedIterator for Bytes<'_> {}

#[cfg(kani)]
#[unstable(feature = "kani", issue = "none")]
mod verify {
use super::*;

// pub const fn from_bytes_until_nul(bytes: &[u8]) -> Result<&CStr, FromBytesUntilNulError>
#[kani::proof]
#[kani::unwind(32)] // 7.3 seconds when 16; 33.1 seconds when 32
fn check_from_bytes_until_nul() {
const MAX_SIZE: usize = 32;
let string: [u8; MAX_SIZE] = kani::any();
// Covers the case of a single null byte at the end, no null bytes, as
// well as intermediate null bytes
let slice = kani::slice::any_slice_of_array(&string);

let result = CStr::from_bytes_until_nul(slice);
if let Ok(c_str) = result {
assert!(c_str.is_safe());
}
}
}
Loading

0 comments on commit 8e2615f

Please sign in to comment.