Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change array permissions to contain shapes #1484

Merged
merged 107 commits into from
Oct 19, 2021
Merged

Change array permissions to contain shapes #1484

merged 107 commits into from
Oct 19, 2021

Conversation

eddywestbrook
Copy link
Contributor

This PR changes LLVM array pointer permissions each array cell is described by an arbitrary LLVM shape, rather than as a sequence of field permissions.

Eddy Westbrook added 30 commits August 31, 2021 12:27
fixed the IRT description generation to match the recent change that …
884b584 
…made the translation of bitvector permissions to just be bitvectors
Merge branch 'heapster-fix-memcpy-bug' into heapster-bugfix-bitvector…
e98bd33 
…-irts
Merge branch 'master' into heapster-bugfix-bitvector-irts
6387369
updated xor_swap_rust example to use the Rust type in the SAW script
5b5f422
added a case to the Rust to Heapster translator to handle function ty…
7b7709f 
…pes with no return value
whoops, forgot to update the bitcode file for xor_swap_rust
c18aec7
bugfix in the Rust to Heapster translator: empty return types need to…
5bc366a 
… be converted to unit, not to the empty struct
tweaked the error message for when Rust types do not translate correc…
068b735 
…tly to the expected LLVM type
started adding support for string literals by moving all creation of …
f63c326 
…a HeapsterEnv into a single function which iterates through the globals and adds those it can handle
added a formatting example in Rust, and started defining the necessar…
2720516 
…y types for it
started trying to figure out how Rust stores string literals in its g…
a6aee80 
…enerated LLVM files
Merge branch 'master' into heapster-string-literals
cd01dab
fixed the prtty-printing for constant values
024287e
changed TrueEnum::fmt to use the fmt method rather than the write! macro
917547e
whoops, changed the fmt method for TrueEnum back to using the write! …
389d0d2 
…macro, because that seems to be the proper way to do things
whoops, forgot to add the repr(u64) pragma to the TrueEnum type
f0ed90b
added a type-checking command for TrueEnum::fmt
1d6a5d7
moved some OpenTerm operators from SAWTranslation.hs to OpenTerm.hs
e987f42
added llvmReadBlockOfShape
2752723
more work trying to translate globals
92d04e1
got string literals translated, but now there is some translation bug...
4f911f7
whoops, translating a shape always yields exactly one term
64d3006
added helper function exprLLVMTypeBytes
01074a9
added support for Rust slice types
d2b4a22
whoops, combined the two cases for translating shared vs mutable refe…
3941cdb 
…rences into one
updated funPerm3FromArgLayout to handle layouts with existential perm…
2982d1f 
…issions
updated the rust_data example to use string literals
281d602
added mapM and mapBVVecM
dbb2b9f
added support for proving array permissions from other array permissi…
9ae8f75 
…ons with different fields using the SImpl_LLVMArrayContents rule; to get the translation of the SImpl_LLVMArrayContents to work correctly, I had to change local implications to not use strict tuples, which in turn required changing the translation of lowned permissions (which are themselves local implications) to not use strict tuples as well
added more definitions to the arrays example now that the implication…
8caa577 
… prover can map array permission contents
Eddy Westbrook added 20 commits September 24, 2021 07:49
updated the generated Coq files
b1fdfd8
updated array permissions in the examples to use the new array permis…
ac9194a 
…sion syntax
fixed a bug in implElimLLVMBlockForOffset, which was not handling non…
a3f9967 
…-conjunctive permissions returned by implElimLLVMBlock; added pretty-printing and typing information for the names bound by local implications
fixed a subtle bug in offsetLLVMPermTrans applied to the translations…
25235b6 
… of defined permissions
fixed the pretty-printer for array shapes to use the < and * prefixes
d970fc6
whoops, I accidentally swapped the input and output permissions of th…
c03016d 
…e local implication used to prove array contents!
Changed the SImpl_LLVMArrayCopy and SImpl_LLVMArrayBorrow rules to ge…
af01464 
…nerate the sub-array being borrowed, and to only take the borrows from the larger array that could overlap with the sub-array; Added cases to prove field permissions from arrays of smaller strides; added more debug information
whoops, llvmMakeSubArray was keeping the borrows the could be disjoin…
bb697a0 
…t from the sub-array instead of those the could overlap with it
changed the way tagged union shapes are proved to always try to prove…
cf12e29 
… a tag first, thereby reducing the cases in which they bottom out into general disjunctions
re-imagined how solveForPermListImpl works, by having solveForPermLis…
d2d04c4 
…tImplBlock delete all the BVRanges of perms on the left-hand size from the BVRange of the right-hande side, and then creating blocks with existentially-quantified shapes for those ranges
removed the checks that the block perm has the proper length in llvmB…
0857194 
…lockPermToField and llvmBlockPermToArray, because these do not take the current partial substitution into account
commented out proof in rust_data_proofs.v that no longer works
d1bce16
*almost* got a use of the write! macro to work in the rust_data exmample
60a2d1c
Merge branch 'master' into heapster-shapes-in-arrays
33f3e51
wrapped an overly long line
8345aad
whoops, removed duplicate functions that were accidentally added duri…
d52c5b4 
…ng the recent merge
wrapped an overly long line
1aa5e26
changed widening to drop permissions on unreachable variables
ab9eb6b
oops, finished updating the examples to use the correct syntax
9b12e59
commented out some parts of the proofs for sum_inc_ptr in the arrays …
fc15ae9 
…example that no longer work
@m-yac m-yac added the subsystem: heapster Issues specifically related to memory verification using Heapster label Oct 19, 2021
@m-yac m-yac mentioned this pull request Oct 19, 2021
Open
3 tasks
m-yac
m-yac approved these changes Oct 19, 2021
View reviewed changes
Copy link
Contributor

@m-yac m-yac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, with the caveat that I really only glanced through large portions of the changes in Permissions.hs and SAWTranslation.hs as well as basically all of Implication.hs, simply because I'm not comfortable enough with what happens in these files to understand the changes being made. That being said, my understanding that is for a lot of the changes in this PR, there was only one way to adapt the existing code to use the new form of arrays. Plus, all the array examples work, which is the benchmark for correctness at the moment.

@eddywestbrook eddywestbrook added the PR: ready to merge Magic flag for pull requests to ask Mergify to merge given an approval and a successful CI run label Oct 19, 2021
@eddywestbrook eddywestbrook merged commit 156e9d6 into master Oct 19, 2021
@mergify mergify bot deleted the heapster-shapes-in-arrays branch October 19, 2021 23:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@m-yac m-yac m-yac approved these changes

Assignees
No one assigned
Labels
PR: ready to merge Magic flag for pull requests to ask Mergify to merge given an approval and a successful CI run subsystem: heapster Issues specifically related to memory verification using Heapster
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@eddywestbrook @m-yac