Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change array permissions to contain shapes #1484

Merged
merged 107 commits into from
Oct 19, 2021
Merged

Change array permissions to contain shapes #1484

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
107 commits
Select commit Hold shift + click to select a range
884b584
fixed the IRT description generation to match the recent change that …
Aug 31, 2021
e98bd33
Merge branch 'heapster-fix-memcpy-bug' into heapster-bugfix-bitvector…
Aug 31, 2021
6387369
Merge branch 'master' into heapster-bugfix-bitvector-irts
Aug 31, 2021
5b5f422
updated xor_swap_rust example to use the Rust type in the SAW script
Sep 1, 2021
7b7709f
added a case to the Rust to Heapster translator to handle function ty…
Sep 1, 2021
c18aec7
whoops, forgot to update the bitcode file for xor_swap_rust
Sep 1, 2021
5bc366a
bugfix in the Rust to Heapster translator: empty return types need to…
Sep 1, 2021
068b735
tweaked the error message for when Rust types do not translate correc…
Sep 1, 2021
f63c326
started adding support for string literals by moving all creation of …
Sep 2, 2021
2720516
added a formatting example in Rust, and started defining the necessar…
Sep 3, 2021
a6aee80
started trying to figure out how Rust stores string literals in its g…
Sep 3, 2021
cd01dab
Merge branch 'master' into heapster-string-literals
Sep 7, 2021
024287e
fixed the prtty-printing for constant values
Sep 7, 2021
917547e
changed TrueEnum::fmt to use the fmt method rather than the write! macro
Sep 7, 2021
389d0d2
whoops, changed the fmt method for TrueEnum back to using the write! …
Sep 7, 2021
f0ed90b
whoops, forgot to add the repr(u64) pragma to the TrueEnum type
Sep 7, 2021
1d6a5d7
added a type-checking command for TrueEnum::fmt
Sep 7, 2021
e987f42
moved some OpenTerm operators from SAWTranslation.hs to OpenTerm.hs
Sep 7, 2021
2752723
added llvmReadBlockOfShape
Sep 8, 2021
92d04e1
more work trying to translate globals
Sep 8, 2021
4f911f7
got string literals translated, but now there is some translation bug...
Sep 8, 2021
64d3006
whoops, translating a shape always yields exactly one term
Sep 8, 2021
01074a9
added helper function exprLLVMTypeBytes
Sep 9, 2021
d2b4a22
added support for Rust slice types
Sep 9, 2021
3941cdb
whoops, combined the two cases for translating shared vs mutable refe…
Sep 9, 2021
2982d1f
updated funPerm3FromArgLayout to handle layouts with existential perm…
Sep 9, 2021
281d602
updated the rust_data example to use string literals
Sep 13, 2021
dbb2b9f
added mapM and mapBVVecM
Sep 14, 2021
9ae8f75
added support for proving array permissions from other array permissi…
Sep 14, 2021
8caa577
added more definitions to the arrays example now that the implication…
Sep 14, 2021
f0e36a1
moved the LLVM globals code to a new file LLVMGlobalConst.hs
Sep 14, 2021
1eb2323
fixed the translation of LLVM array constants to generate SAW core BV…
Sep 14, 2021
9347756
regenerated Coq files for saw-core-coq
Sep 14, 2021
6a62a56
added support for the Crucible BVZext and BVTrunc instructions, and f…
Sep 14, 2021
0b6bf9d
added heapster_init_env_debug and heapster_init_env_from_file_debug c…
Sep 15, 2021
495e958
small tweaks to rust_data.saw to get it to work
Sep 15, 2021
7e94ba7
added another formatting example that we cannot handle yet...
Sep 15, 2021
84639a6
Merge branch 'master' into heapster-string-literals
Sep 15, 2021
b4bcb74
Merge branch 'heapster-string-literals' into heapster-array-impls
Sep 15, 2021
f7e53a9
RecurseFlag to Permissions.hs; added requireNamedPerm
Sep 15, 2021
9823bc0
widening now unfolds defined and recursive permissions
Sep 15, 2021
d91b753
whoops, forgot to insert a bindM into the translation of SImpl_LLVMAr…
Sep 15, 2021
899cf70
removed the old gen_block_perms hints that are no longer used anyway …
Sep 15, 2021
c77c095
Merge branch 'master' into heapster-array-impls
Sep 15, 2021
f213fbd
changed tupleTypeTrans to no longer having the trailing unit type on …
Sep 15, 2021
909d1a1
Merge branch 'master' into heapster-array-impls
Sep 15, 2021
fe25d91
small tweak to the expression type-checker to type-check the bodies o…
Sep 16, 2021
eef2cbf
expanded the translation of Rust slices to allow multiple fields
Sep 16, 2021
60bad84
updated mbox proof script to work with the recent changes, though not…
Sep 16, 2021
13e6b21
started updating the mbox proofs, but I got stuck...
Sep 16, 2021
e327986
moved formatting-related types in the rust_data example to their own …
Sep 16, 2021
0eef2f0
finished updating mbox proofs
Sep 16, 2021
f01c8d8
generalized array permissions and array shapes to use shapes for thei…
Sep 16, 2021
db7a743
updated examples to match the change to the SAW translation
Sep 16, 2021
15b7d19
updated the IRT translation to match the updates to the SAW translation
Sep 16, 2021
fa01fee
Merge branch 'heapster-array-impls' into heapster-shapes-in-arrays
Sep 16, 2021
6fa6a47
updated to use the new array permission with a shape for the cells
Sep 20, 2021
c66a0c6
started updating the permission implication prover with the new array…
Sep 20, 2021
e336c75
added support for array permissions in lowned permissions; fixed a fe…
Sep 22, 2021
e159917
more work moving two arrays with shapes for their cells
Sep 22, 2021
ba0030b
wrote implElimLLVMBlockForOffset; rewrote proveVarLLVMField in terms …
Sep 22, 2021
92f566a
trying to get the newly-writte Implication.hs to compile...
Sep 23, 2021
a48ee21
finally got Implication.hs to compile
Sep 23, 2021
d40f6ff
added support for the new LOwnedPermArray constructor
Sep 23, 2021
a9e4b71
small tweak to avoid warning
Sep 23, 2021
d5f2079
updated parser and type-checker for the new array permissions
Sep 23, 2021
da5b7a0
whoops, fixed some compilation errors in Widening.hs that were obscur…
Sep 23, 2021
f855cae
fixed typo in comment
Sep 23, 2021
6490c7e
removed comments
Sep 23, 2021
f3995e2
removed a use of the now outdated LLVMArrayField type
Sep 23, 2021
29281ef
fixed error message
Sep 23, 2021
41a10b3
udpated SAWTranslation.hs to compile with the new approach to array p…
Sep 23, 2021
36ee847
changed updBVVec to not require a proof that the index is in the array
Sep 23, 2021
f2ce290
updated IRTTranslation.hs to support the new form of the array permis…
Sep 23, 2021
0460dce
updated the arrays.saw example to use the new form of array permission
Sep 23, 2021
81c5977
whoops, fixed a bug in proveVarLLVMField; also added some extra debug…
Sep 23, 2021
dd65f94
incorporated unfolding into implGetLLVMPermForOffset; fixed llvmPermI…
Sep 24, 2021
8bd3759
whoops, should not have commented out the cases for eliminating block…
Sep 24, 2021
14f576f
changed typeTransF to a helper function that prints more debug info o…
Sep 24, 2021
8215901
whoops, fixed the translation of SImpl_ElimLLVMBlockField
Sep 24, 2021
33b2997
updated the linked_list example to use the new array permission
Sep 24, 2021
a19d3e7
whoops, used the wrong variant of implGetConjM in one of the proveVar…
Sep 24, 2021
4285452
updated the parsing for array shapes to more closely match the conven…
Sep 24, 2021
64f2518
clarified the fact that the cell type translation of an array permiss…
Sep 24, 2021
4fb4add
fixed a bug in the SImpl_ElimLLVMBlockArray: that rule should only wo…
Sep 24, 2021
b1fdfd8
updated the generated Coq files
Sep 24, 2021
ac9194a
updated array permissions in the examples to use the new array permis…
Sep 24, 2021
a3f9967
fixed a bug in implElimLLVMBlockForOffset, which was not handling non…
Sep 24, 2021
25235b6
fixed a subtle bug in offsetLLVMPermTrans applied to the translations…
Sep 24, 2021
d970fc6
fixed the pretty-printer for array shapes to use the < and * prefixes
Sep 24, 2021
c03016d
whoops, I accidentally swapped the input and output permissions of th…
Sep 24, 2021
af01464
Changed the SImpl_LLVMArrayCopy and SImpl_LLVMArrayBorrow rules to ge…
Sep 26, 2021
bb697a0
whoops, llvmMakeSubArray was keeping the borrows the could be disjoin…
Sep 26, 2021
cf12e29
changed the way tagged union shapes are proved to always try to prove…
Sep 27, 2021
d2d04c4
re-imagined how solveForPermListImpl works, by having solveForPermLis…
Sep 28, 2021
0857194
removed the checks that the block perm has the proper length in llvmB…
Sep 29, 2021
d1bce16
commented out proof in rust_data_proofs.v that no longer works
Oct 7, 2021
60a2d1c
*almost* got a use of the write! macro to work in the rust_data exmample
Oct 7, 2021
33f3e51
Merge branch 'master' into heapster-shapes-in-arrays
Oct 19, 2021
8345aad
wrapped an overly long line
Oct 19, 2021
d52c5b4
whoops, removed duplicate functions that were accidentally added duri…
Oct 19, 2021
1aa5e26
wrapped an overly long line
Oct 19, 2021
ab9eb6b
changed widening to drop permissions on unreachable variables
Oct 19, 2021
9b12e59
oops, finished updating the examples to use the correct syntax
Oct 19, 2021
fc15ae9
commented out some parts of the proofs for sum_inc_ptr in the arrays …
Oct 19, 2021
d72abef
wrapped some of the lines in rust_data.saw
Oct 19, 2021
4c28f0f
whoops, updated the ArgumentV1 type incorrectly in the last commit
Oct 19, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions heapster-saw/examples/arrays.saw
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ env <- heapster_init_env_from_file "arrays.sawcore" "arrays.bc";
heapster_define_perm env "int64" " " "llvmptr 64" "exists x:bv 64.eq(llvmword(x))";
heapster_define_perm env "int8" " " "llvmptr 8" "exists x:bv 8.eq(llvmword(x))";

heapster_define_perm env "int64array" "len:bv 64" "llvmptr 64" "array(0,<len,*8,[(W,0) |-> int64<>])";
heapster_define_perm env "int64array" "len:bv 64" "llvmptr 64" "array(W,0,<len,*8,fieldsh(int64<>))";


heapster_typecheck_fun env "contains0_rec_"
Expand Down Expand Up @@ -42,13 +42,13 @@ heapster_typecheck_fun env "filter_and_sum_pos"
\ arg0:int64array<len>, arg1:true, ret:int64<>";

heapster_typecheck_fun env "sum_2d"
"(l1:bv 64,l2:bv 64). arg0:array(0,<l1,*8,[(W,0) |-> array(0,<l2,*8,[(W,0) |-> int64<>])]), \
"(l1:bv 64,l2:bv 64). arg0:array(W,0,<l1,*8,fieldsh(array(W,0,<l2,*8,fieldsh(int64<>)))), \
\ arg1:eq(llvmword(l1)), arg2:eq(llvmword(l2)) -o \
\ arg0:array(0,<l1,*8,[(W,0) |-> array(0,<l2,*8,[(W,0) |-> int64<>])]), \
\ arg0:array(W,0,<l1,*8,fieldsh(array(W,0,<l2,*8,fieldsh(int64<>)))), \
\ arg1:true, arg2:true, ret:int64<>";

heapster_typecheck_fun env "sum_inc_ptr"
"(len:bv 64). arg0:array(0,<len,*1,[(W,0,8) |-> int8<>]), arg1:eq(llvmword(len)) -o \
\ arg0:array(0,<len,*1,[(W,0,8) |-> int8<>]), arg1:true, ret:int64<>";
"(len:bv 64). arg0:array(W,0,<len,*1,fieldsh(8,int8<>)), arg1:eq(llvmword(len)) -o \
\ arg0:array(W,0,<len,*1,fieldsh(8,int8<>)), arg1:true, ret:int64<>";

heapster_export_coq env "arrays_gen.v";
10 changes: 7 additions & 3 deletions heapster-saw/examples/arrays_proofs.v
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -150,19 +150,22 @@ Proof.
unfold noErrorsSpec, sum_inc_ptr_invar.
time "no_errors_sum_inc_ptr" prove_refinement.
all: try assumption.
(*
- assert (isBvult 64 a2 a1).
+ apply isBvule_to_isBvult_or_eq in e_assuming.
destruct e_assuming; [assumption |].
apply bvEq_bvSub_r in H.
symmetry in H; contradiction.
(* symmetry in H; contradiction. *) admit.
+ rewrite H in e_maybe; discriminate e_maybe.
- apply isBvult_to_isBvule_suc; assumption.
- repeat rewrite bvSub_eq_bvAdd_neg.
rewrite bvAdd_assoc; f_equal.
rewrite bvNeg_bvAdd_distrib; reflexivity.
- apply isBvule_zero_n.
- symmetry; apply bvSub_n_zero.
Qed.
*)
Admitted.
(* Qed. *)


Definition sum_inc_ptr_spec len : BVVec 64 len (bitvector 8) -> bitvector 64 :=
Expand All @@ -186,6 +189,7 @@ Proof.
3: prove_refinement_eauto; [| apply refinesM_returnM ].
7: prove_refinement_eauto; [| apply refinesM_returnM ].
(* same as no_errors_sum_inc_ptr *)
(*
- assert (isBvult 64 a2 a1).
+ apply isBvule_to_isBvult_or_eq in e_forall.
destruct e_forall; [assumption |].
Expand All @@ -206,5 +210,5 @@ Proof.
(* unique to this proof *)
- rewrite bvAdd_id_l.
repeat f_equal.
admit.
admit. *)
Admitted.
2 changes: 1 addition & 1 deletion heapster-saw/examples/clearbufs.saw
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ heapster_define_reachability_perm env "Bufs"
"x:llvmptr 64" "llvmptr 64"
"exists len:(bv 64).ptr((W,0) |-> Bufs<x>) * \
\ ptr((W,8) |-> eq(llvmword(len))) * \
\ array(16, <len, *8, [(W,0) |-> int64<>])"
\ array(W, 16, <len, *8, fieldsh(int64<>))"
"Mbox_def" "foldMbox" "unfoldMbox" "transMbox";

heapster_block_entry_hint env "clearbufs" 3
Expand Down
2 changes: 1 addition & 1 deletion heapster-saw/examples/linked_list.saw
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ heapster_typecheck_fun env "is_elem"

heapster_assume_fun env "malloc"
"(sz:bv 64). arg0:eq(llvmword(8*sz)) -o \
\ arg0:true, ret:array(0,<sz,*8,[(W,0) |-> true])"
\ arg0:true, ret:array(W,0,<sz,*8,fieldsh(true))"
"mallocSpec";

heapster_typecheck_fun env "any"
Expand Down
32 changes: 16 additions & 16 deletions heapster-saw/examples/mbox.saw
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,18 +20,18 @@ heapster_define_perm env "int32" " " "llvmptr 32" "exists x:bv 32.eq(llvmword(x)

heapster_define_perm env "int64" " " "llvmptr 64" "exists x:bv 64.eq(llvmword(x))";

heapster_define_perm env "state_t" " " "llvmptr 64" "array(0, <16, *1, [(W,0) |-> int64<>])";
heapster_define_perm env "state_t" " " "llvmptr 64" "array(W, 0, <16, *1, fieldsh(int64<>))";

heapster_define_perm env "aes_sw_ctx"
"rw1:rwmodality, rw2:rwmodality"
"llvmptr 64"
"array(0, <240, *1, [(rw1,0) |-> int64<>]) * ptr((rw2, 1920) |-> int64<>)";
"array(rw1, 0, <240, *1, fieldsh (int64<>)) * ptr((rw2, 1920) |-> int64<>)";

heapster_define_reachability_perm env "mbox"
"rw:rwmodality, x:llvmptr 64"
"llvmptr 64"
"ptr((rw,0) |-> int64<>) * ptr((rw,8) |-> int64<>) * ptr((rw,16) |-> mbox<rw,x>) * \
\ array(24, <128, *1, [(rw,0,8) |-> int8<>])"
\ array(W, 24, <128, *1, fieldsh(8,int8<>))"
"Mbox_def" "foldMbox" "unfoldMbox" "transMbox";

// heapster_define_perm env "mbox_nonnull"
Expand All @@ -44,7 +44,7 @@ heapster_define_reachability_perm env "mbox"
heapster_define_perm env "byte_array"
"rw:rwmodality, len:bv 64"
"llvmptr 64"
"array(0, <len, *1, [(rw,0,8) |-> int8<>])";
"array(W, 0, <len, *1, fieldsh(8,int8<>))";

heapster_define_perm env "boolean" " " "llvmptr 1" "exists x:bv 1.eq(llvmword(x))";

Expand Down Expand Up @@ -98,7 +98,7 @@ heapster_assume_fun env "mbox_new"

heapster_assume_fun env "mbox_free"
"(). arg0:ptr((W,0) |-> true) * ptr((W,8) |-> true) * ptr((W,16) |-> true) * \
\ array(24, <128, *1, [(W,0,8) |-> int8<>]) -o \
\ array(W, 24, <128, *1, fieldsh(8,int8<>)) -o \
\ arg0:true, ret:int32<>"
"mboxFreeSpec";

Expand Down Expand Up @@ -132,25 +132,25 @@ heapster_typecheck_fun env "mbox_eq"
heapster_block_entry_hint env "mbox_from_buffer" 24
"top1:bv 64, top2:llvmptr 64, top3:llvmptr 64"
"frm:llvmframe 64, ghost0:llvmptr 64, ghost1:bv 64"
"top1:true, top2:array(0, <top1, *1, [(W,0,8) |-> int8<>]), \
"top1:true, top2:array(W, 0, <top1, *1, fieldsh(8, int8<>)), \
\ top3:eq(llvmword(top1)), arg0:ptr((W,0) |-> true), \
\ arg1:ptr((W,0) |-> eq(top2)), arg2:ptr((W,0) |-> eq(llvmword(top1))), \
\ arg3:ptr((W,0) |-> mbox<W, ghost0>), arg4:ptr((W,0) |-> eq(ghost0)), \
\ arg5:ptr((W,0) |-> eq(llvmword(ghost1))), arg6:ptr((W,0) |-> true), \
\ frm:llvmframe [arg6:8, arg5:8, arg4:8, arg3:8, arg2:8, arg1:8, arg0:8], \
\ ghost0:ptr((W,0) |-> int64<>) * ptr((W,8) |-> int64<>) * \
\ ptr((W,16) |-> mbox<W, llvmword(0)>) * array(24, <128, *1, [(W,0,8) |-> int8<>]), \
\ ptr((W,16) |-> mbox<W, llvmword(0)>) * array(W, 24, <128, *1, fieldsh(8, int8<>)), \
\ ghost1:true";

heapster_typecheck_fun env "mbox_from_buffer"
"(len:bv 64). arg0:array(0,<len,*1,[(W,0,8) |-> int8<>]), arg1:eq(llvmword(len)) -o \
\ arg0:array(0,<len,*1,[(W,0,8) |-> int8<>]), arg1:true, ret:mbox<W,llvmword(0)>";
"(len:bv 64). arg0:array(W, 0,<len,*1,fieldsh(8, int8<>)), arg1:eq(llvmword(len)) -o \
\ arg0:array(W, 0,<len,*1,fieldsh(8, int8<>)), arg1:true, ret:mbox<W,llvmword(0)>";


heapster_block_entry_hint env "mbox_to_buffer" 32
"top1:bv 64, top2:llvmptr 64, top3:llvmptr 64, top4:llvmptr 64, top5:llvmptr 64"
"frm:llvmframe 64, ghost0:llvmptr 64"
"top1:true, top2:array(0, <top1, *1, [(W,0,8) |-> int8<>]), \
"top1:true, top2:array(W, 0, <top1, *1, fieldsh(8, int8<>)), \
\ top3:eq(llvmword(top1)), top4:mbox<W,ghost0>, \
\ top5:int64<>, arg0:ptr((W,0) |-> true), \
\ arg1:ptr((W,0) |-> eq(top2)), arg2:ptr((W,0) |-> eq(top3)), \
Expand All @@ -160,16 +160,16 @@ heapster_block_entry_hint env "mbox_to_buffer" 32
\ ghost0:mbox<W,llvmword(0)>";

heapster_typecheck_fun env "mbox_to_buffer"
"(len:bv 64). arg0:array(0,<len,*1,[(W,0,8) |-> int8<>]), \
"(len:bv 64). arg0:array(W, 0,<len,*1,fieldsh(8, int8<>)), \
\ arg1:eq(llvmword(len)), arg2:mbox<W, llvmword(0)>, arg3:int64<> -o \
\ arg0:array(0,<len,*1,[(W,0,8) |-> int8<>]), \
\ arg0:array(W, 0,<len,*1,fieldsh(8, int8<>)), \
\ arg1:true, arg2:mbox<W,llvmword(0)>, arg3:true, ret:int64<>";


heapster_typecheck_fun env "mbox_to_buffer_rec"
"(len:bv 64). arg0:array(0,<len,*1,[(W,0,8) |-> int8<>]), \
"(len:bv 64). arg0:array(W, 0,<len,*1,fieldsh(8, int8<>)), \
\ arg1:eq(llvmword(len)), arg2:mbox<W,llvmword(0)> -o \
\ arg0:array(0,<len,*1,[(W,0,8) |-> int8<>]), \
\ arg0:array(W, 0,<len,*1,fieldsh(8, int8<>)), \
\ arg1:true, arg2:mbox<W,llvmword(0)>, ret:true";

// heapster_typecheck_fun env "mbox_to_buffer_rec"
Expand Down Expand Up @@ -203,7 +203,7 @@ heapster_block_entry_hint env "mbox_concat_chains" 16
\ arg0:ptr((W,0) |-> eq(x0)), arg1:ptr((W,0) |-> eq(top2)), \
\ frm:llvmframe [arg1:8, arg0:8], \
\ x0:ptr((W,0) |-> int64<>) * ptr((W,8) |-> int64<>) * \
\ ptr((W,16) |-> mbox<W,llvmword(0)>) * array(24, <128, *1, [(W,0,8) |-> int8<>])";
\ ptr((W,16) |-> mbox<W,llvmword(0)>) * array(W, 24, <128, *1, fieldsh(8, int8<>))";

heapster_typecheck_fun env "mbox_concat_chains"
"(). arg0:mbox<W,llvmword(0)>, arg1:mbox<W,llvmword(0)> -o \
Expand Down Expand Up @@ -260,7 +260,7 @@ heapster_block_entry_hint env "mbox_randomize" 16
"top1:llvmptr 64"
"frm:llvmframe 64"
"top1:ptr((W,0) |-> int64<>) * ptr((W,8) |-> int64<>) * \
\ ptr((W,16) |-> mbox<W,llvmword(0)>) * array(24, <128, *1, [(W,0,8) |-> int8<>]), \
\ ptr((W,16) |-> mbox<W,llvmword(0)>) * array(W, 24, <128, *1, fieldsh(8, int8<>)), \
\ arg0:ptr((W,0,32) |-> true), arg1:ptr((W,0) |-> eq(top1)), arg2:ptr((W,0) |-> int64<>), \
\ frm:llvmframe [arg2:8, arg1:8, arg0:4]";

Expand Down
7 changes: 5 additions & 2 deletions heapster-saw/examples/memcpy.saw
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,14 @@ env <- heapster_init_env_from_file "memcpy.sawcore" "memcpy.bc";
heapster_define_perm env "int64" " " "llvmptr 64" "exists x:bv 64.eq(llvmword(x))";

heapster_assume_fun env "llvm.memcpy.p0i8.p0i8.i64"
"(rw:rwmodality, l1:lifetime, l2:lifetime, sh:llvmshape 64, b:llvmblock 64, len:bv 64). \
\ arg0:[l1]memblock(W,0,len,sh), arg1:[l2]memblock(rw,0,len,eqsh(b)), arg2:eq(llvmword(len)) -o \
"(rw:rwmodality, l1:lifetime, l2:lifetime, sh:llvmshape 64, \
\ b:llvmblock 64, len:bv 64). \
\ arg0:[l1]memblock(W,0,len,sh), arg1:[l2]memblock(rw,0,len,eqsh(b)), \
\ arg2:eq(llvmword(len)) -o \
\ arg0:[l1]memblock(W,0,len,eqsh(b)), arg1:[l2]memblock(rw,0,len,eqsh(b))"
"\\ (X:sort 0) (len:Vec 64 Bool) (x:X) (_:#()) -> returnM (#() * #()) ((),())";


heapster_typecheck_fun env "copy_int"
"().arg0:int64<> -o ret:int64<>";

Expand Down
82 changes: 64 additions & 18 deletions heapster-saw/examples/rust_data.saw
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,12 +38,12 @@ heapster_define_rust_type env "pub enum Option<X> { None, Some (X) }";
// we don't yet have implications on array cells
//heapster_define_llvmshape env "str" 64 "" "exsh len:bv 64.arraysh(len,1,[(8,int8<>)])";
heapster_define_llvmshape env "str" 64 ""
"exsh len:bv 64.arraysh(len,1,[(8,exists x:bv 8.eq(llvmword(x)))])";
"exsh len:bv 64.arraysh(<len,*1,fieldsh(8,int8<>))";
//heapster_define_rust_type env "type str = [u8];";

// The String type
heapster_define_llvmshape env "String" 64 ""
"exsh cap:bv 64. ptrsh(arraysh(cap,1,[(8,int8<>)])); \
"exsh cap:bv 64. ptrsh(arraysh(<cap,*1,fieldsh(8,int8<>))); \
\ fieldsh(int64<>);fieldsh(eq(llvmword(cap)))";

// List type
Expand Down Expand Up @@ -76,8 +76,12 @@ heapster_define_rust_type env "pub struct ThreeValues(u32,u32,u32);";
heapster_define_rust_type env "pub struct FourValues(u32,u32,u32,u32);";
heapster_define_rust_type env "pub struct FiveValues(u32,u32,u32,u32,u32);";

// The StrStruct type
heapster_define_rust_type env "pub struct StrStruct(String);";

// MixedStruct type
// heapster_define_llvmshape env "MixedStruct" 64 "" "String<>;fieldsh(64,int64<>);fieldsh(64,int64<>)";
// heapster_define_llvmshape env "MixedStruct" 64 ""
// "String<>;fieldsh(64,int64<>);fieldsh(64,int64<>)";
heapster_define_rust_type env
"pub struct MixedStruct { pub s: String, pub i1: u64, pub i2: u64, }";

Expand Down Expand Up @@ -145,7 +149,8 @@ heapster_define_rust_type env
heapster_define_rust_type_qual env "fmt" "pub struct Error { }";

// fmt::Result type
// FIXME: there seems to be some optimization in Rust that lays out fmt::Result as a 1-bit value
// FIXME: there seems to be some optimization in Rust that lays out fmt::Result
// as a 1-bit value
heapster_define_llvmshape env "fmt::Result" 64 ""
"fieldsh(1,eq(llvmword(0))) orsh fieldsh(1,eq(llvmword(1)))";
//heapster_define_rust_type_qual env "fmt"
Expand Down Expand Up @@ -179,9 +184,14 @@ heapster_define_rust_type_qual env "fmt"

// fmt::ArgumentV1 type
heapster_define_rust_type_qual env "fmt"
"pub struct ArgumentV1<'a> { \
\ value: &'a Void, \
\ formatter: for <'b> fn(&'b Void, &'b mut fmt::Formatter) -> fmt::Result, }";
"pub struct ArgumentV1 { value: Box<Void>, formatter: Box<Void> }";

// FIXME: this is the correct type, but Heapster cannot yet handle lifetime
// arguments for types
// heapster_define_rust_type_qual env "fmt"
// "pub struct ArgumentV1<'a> { \
// \ value: &'a Void, \
// \ formatter: for <'b> fn(&'b Void, &'b mut fmt::Formatter) -> fmt::Result, }";

// fmt::Arguments type
//heapster_define_rust_type_qual env "fmt"
Expand All @@ -190,6 +200,12 @@ heapster_define_rust_type_qual env "fmt"
// \ args: &'a [fmt::ArgumentV1<'a>], }";


heapster_define_rust_type_qual env "fmt"
"pub struct Arguments { pieces: Box<Void>, pieces_len:u64, \
\ fmt: Box<Void>, fmt_len: u64, args: Box<Void>, \
\ arg_len:u64, }";


/***
*** Assumed Functions
***/
Expand All @@ -207,13 +223,16 @@ heapster_assume_fun_rename env exchange_malloc_sym "exchange_malloc"

// memcpy
heapster_assume_fun env "llvm.memcpy.p0i8.p0i8.i64"
"(rw:rwmodality, l1:lifetime, l2:lifetime, sh:llvmshape 64, b:llvmblock 64, len:bv 64). \
\ arg0:[l1]memblock(W,0,len,sh), arg1:[l2]memblock(rw,0,len,eqsh(b)), arg2:eq(llvmword(len)) -o \
"(rw:rwmodality, l1:lifetime, l2:lifetime, sh:llvmshape 64, \
\ b:llvmblock 64, len:bv 64). \
\ arg0:[l1]memblock(W,0,len,sh), arg1:[l2]memblock(rw,0,len,eqsh(b)), \
\ arg2:eq(llvmword(len)) -o \
\ arg0:[l1]memblock(W,0,len,eqsh(b)), arg1:[l2]memblock(rw,0,len,eqsh(b))"
"\\ (X:sort 0) (len:Vec 64 Bool) (x:X) (_:#()) -> returnM (#() * #()) ((),())";

// <str as alloc::string::ToString>::to_string
to_string_str <- heapster_find_symbol env "$LT$str$u20$as$u20$alloc..string..ToString$GT$9to_string";
to_string_str <- heapster_find_symbol env
"$LT$str$u20$as$u20$alloc..string..ToString$GT$9to_string";
// NOTE: this is the more incorrect version, with no lifetime argument and no shapes
//heapster_assume_fun_rename env to_string_str "to_string_str"
// "(len:bv 64). arg0:memblock(W,0,24,emptysh),
Expand All @@ -230,7 +249,7 @@ to_string_str <- heapster_find_symbol env "$LT$str$u20$as$u20$alloc..string..ToS
// NOTE: this is the incorrect version, with no lifetime argument
heapster_assume_fun_rename env to_string_str "to_string_str"
"(len:bv 64). arg0:memblock(W,0,24,emptysh), \
\ arg1:array(0,<len,*1,[(R,0,8) |-> int8<>]), \
\ arg1:array(R,0,<len,*1,fieldsh(8,int8<>)), \
\ arg2:eq(llvmword(len)) -o \
\ arg0:memblock(W,0,24,String<>)"
"\\ (len:Vec 64 Bool) (_:#()) (str:BVVec 64 len (Vec 8 Bool)) -> \
Expand Down Expand Up @@ -286,10 +305,28 @@ heapster_assume_fun_rename_prim env String__fmt_sym "String__fmt"
*/


// ArgumentV1::new
//ArgumentV1_new <- heapster_find_symbol env "10ArgumentV13new";
//heapster_assume_fun_rename_prim env ArgumentV1_new "ArgumentV1_new"
// "<'a,'b,T> fn (x: &'b T, f: fn(&T, &mut fmt::Formatter) -> fmt::Result) \
// \ -> fmt::ArgumentV1<'b>";
//ArgumentV1_new_String <- heapster_find_symbol env
// "_ZN4core3fmt10ArgumentV13new17hdf7e5958686d74c0E";
//heapster_assume_fun_rename_prim env ArgumentV1_new_String "ArgumentV1_new_String"
// "<'a,'b> fn (x: &'b String, \
// \ f: for<'c,'d> fn (&'c String, &'d mut fmt::Formatter) -> fmt::Result) \
// \ -> fmt::ArgumentV1<'b>";
//heapster_assume_fun_rename_prim env ArgumentV1_new_String "ArgumentV1_new_String"
// "<'a,'b> fn (x: &'b String, f: Box<Void>) -> fmt::ArgumentV1<'b>";
//heapster_assume_fun_rename_prim env ArgumentV1_new_String "ArgumentV1_new_String"
// "<'a,'b> fn (x: &'b String, f: Box<Void>) -> fmt::ArgumentV1";

// Arguments::new_v1
Arguments__new_v1_sym <- heapster_find_symbol env "3fmt9Arguments6new_v1";
//heapster_assume_fun_rename_prim env Arguments__new_v1_sym "Arguments__new"
// "<'a> fn (pieces: &'a [&'a str], args: &'a [ArgumentV1<'a>]) -> Arguments<'a>";
// "<'a> fn (pieces: &'a [&'a str], args: &'a [fmt::ArgumentV1<'a>]) -> fmt::Arguments<'a>";
heapster_assume_fun_rename_prim env Arguments__new_v1_sym "Arguments__new"
"<'a> fn (pieces: &'a [&'a str], args: &'a [fmt::ArgumentV1]) -> fmt::Arguments";

// Formatter::write_str
Formatter__write_str_sym <- heapster_find_symbol env "9Formatter9write_str";
Expand Down Expand Up @@ -340,12 +377,20 @@ mixed_struct_get_i2 <- heapster_find_symbol env "11MixedStruct6get_i2";
heapster_typecheck_fun_rename env mixed_struct_get_i2 "MixedStruct_get_i2"
"<'a> fn (m:&'a MixedStruct) -> u64";

// MixedStruct::fmt
mixed_struct_fmt <- heapster_find_trait_method_symbol env
"core::fmt::Display::fmt<MixedStruct>";
heapster_typecheck_fun_rename env mixed_struct_fmt "MixedStruct_fmt"
"<'a, 'b> fn(&'a MixedStruct, f: &'b mut fmt::Formatter) -> fmt::Result";

cycle_true_enum_sym <- heapster_find_symbol env "15cycle_true_enum";
// NOTE: This typecheck requires full(er) support for disjunctive shapes, which Heapster currently lacks
// NOTE: This typecheck requires full(er) support for disjunctive shapes, which
// Heapster currently lacks
// heapster_typecheck_fun_rename env cycle_true_enum_sym "cycle_true_enum"
// "<'a> fn (te:&'a TrueEnum) -> TrueEnum";

TrueEnum__fmt_sym <- heapster_find_trait_method_symbol env "core::fmt::Display::fmt<TrueEnum>";
TrueEnum__fmt_sym <- heapster_find_trait_method_symbol env
"core::fmt::Display::fmt<TrueEnum>";
heapster_typecheck_fun_rename env TrueEnum__fmt_sym "TrueEnum__fmt"
"<'a, 'b> fn (&'a TrueEnum, f: &'b mut fmt::Formatter) -> fmt::Result";

Expand Down Expand Up @@ -390,11 +435,12 @@ str_struct_new <- heapster_find_symbol env "9StrStruct3new";
// \\ ptr((W,8) |-> int64<>) * ptr((W,16) |-> eq(llvmword(len')))";

// FIXME: this is the correct version, with the String shape
//heapster_typecheck_fun_rename env str_struct_new "str_struct_new"
// "(len:bv 64).arg0:memblock(W,0,24,emptysh), \
// \ arg1:array(0,<len,*1,[(R,0,8) |-> int8<>]), \
// \ arg2:eq(llvmword(len)) -o arg0:memblock(W,0,24,String<>)";
heapster_typecheck_fun_rename env str_struct_new "str_struct_new"
"(len:bv 64). arg0:memblock(W,0,24,emptysh), \
\ arg1:array(0,<len,*1,[(R,0,8) |-> int8<>]), \
\ arg2:eq(llvmword(len)) -o \
\ arg0:memblock(W,0,24,String<>)";
"<'a> fn (name:&'a str) -> StrStruct<>";

bintree_is_leaf_sym <- heapster_find_symbol env "15bintree_is_leaf";
heapster_typecheck_fun_rename env bintree_is_leaf_sym "bintree_is_leaf"
Expand Down
4 changes: 3 additions & 1 deletion heapster-saw/examples/rust_data_proofs.v
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,8 @@ Import SAWCorePrelude.

(* Print str_struct_new__tuple_fun. *)

Lemma no_errors_str_struct_new : refinesFun str_struct_new (fun _ _ _ => noErrorsSpec).
(* FIXME: need to handle mapBVVecM for this one to work!
Lemma no_errors_str_struct_new : refinesFun str_struct_new (fun _ _ _ _ => noErrorsSpec).
Proof.
unfold str_struct_new, str_struct_new__tuple_fun, noErrorsSpec, llvm__x2ememcpy__x2ep0i8__x2ep0i8__x2ei64, to_string_str.
prove_refinement.
Expand All @@ -44,3 +45,4 @@ Proof.
unfold str_struct_new, str_struct_new__tuple_fun, noErrorsSpec, llvm__x2ememcpy__x2ep0i8__x2ep0i8__x2ei64, to_string_str.
prove_refinement.
Qed.
*)
Loading