Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Memory predicates size computation is incorrect for ADTs with non-sized tail #3627

Closed
celinval opened this issue Oct 21, 2024 · 0 comments · Fixed by #3687
Closed

Memory predicates size computation is incorrect for ADTs with non-sized tail #3627

celinval opened this issue Oct 21, 2024 · 0 comments · Fixed by #3687
Assignees
Labels
[C] Bug This is a bug. Something isn't working. [F] Soundness Kani failed to detect an issue Z-UnstableFeature Issues that only occur if a unstable feature is enabled

Comments

@celinval
Copy link
Contributor

I tried this code:

extern crate kani;

use kani::mem::{can_dereference, can_write};

#[derive(Clone, Copy, kani::Arbitrary)]
struct Wrapper<T: ?Sized> {
    _size: usize,
    _value: T,
}

mod invalid_access {
    use super::*;
    use std::ptr;

    #[kani::proof]
    pub fn check_wrong_size_should_fail() {
        let mut var: Wrapper<[u64; 4]> = kani::any();
        let fat_ptr: *mut Wrapper<[u64]> = &mut var as *mut _;
        let (thin_ptr, size) = fat_ptr.to_raw_parts();
        let new_size: usize = size + 1;
        let new_ptr: *const [u64] = ptr::from_raw_parts(thin_ptr, new_size);
        // This should fail, however today we don't take the sized members into consideration.
        assert!(can_dereference(new_ptr));
    }

}

using the following command line invocation:

kani -Z mem-predicates wrapper.rs

with Kani version: 0.56.0

I expected to see this happen: Verification failed

Instead, this happened: Verification succeed

@celinval celinval added [C] Bug This is a bug. Something isn't working. [F] Soundness Kani failed to detect an issue Z-UnstableFeature Issues that only occur if a unstable feature is enabled labels Oct 21, 2024
@celinval celinval self-assigned this Oct 21, 2024
remi-delmas-3000 pushed a commit to remi-delmas-3000/kani that referenced this issue Oct 22, 2024
Update Rust toolchain from nightly-2024-05-27 to nightly-2024-05-28
without any other source changes.
This is an automatically generated pull request. If any of the CI checks
fail, manual intervention is required. In such a case, review the
changes at https://github.com/rust-lang/rust from
rust-lang/rust@bdbbb6c
up to
rust-lang/rust@84b40fc.
The log for this commit range is:
rust-lang/rust@84b40fc908 Auto merge of
#125628 - matthiaskrgr:rollup-3zk9v3w, r=matthiaskrgr
rust-lang/rust@4966e1ae35 Rollup merge of
#125625 - ChrisDenton:line-endings, r=Mark-Simulacrum
rust-lang/rust@61f9d35798 Rollup merge of
#125616 - RalfJung:mir-validate-downcast-projection, r=compiler-errors
rust-lang/rust@e8dd585dd8 Rollup merge of
#125542 - GuillaumeGomez:migrate-rustdoc-verify-output-files, r=jieyouxu
rust-lang/rust@8bd15878eb Rollup merge of
#125339 - tbu-:pr_tidy_ui_tests_u32, r=clubby789
rust-lang/rust@f00b02e6bb Auto merge of
#125599 - camelid:clarify-stability, r=notriddle,GuillaumeGomez
rust-lang/rust@7a847fc4fb Use grep to
implement verify-line-endings
rust-lang/rust@b0f8618938 Auto merge of
#125413 - lcnr:ambig-drop-region-constraints, r=compiler-errors
rust-lang/rust@7d24f87068 MIR validation:
ensure that downcast projection is followed by field projection
rust-lang/rust@f6e4703e91 Auto merge of
#125611 - GuillaumeGomez:rollup-dfavpgg, r=GuillaumeGomez
rust-lang/rust@bdf3864d51 Migrate
`run-make/rustdoc-verify-output-files` to `rmake.rs`
rust-lang/rust@f0ab814aec Add
`Rustdoc::output_format`
rust-lang/rust@1551fd1202 Add file path in
case it cannot be read in `Diff::actual_file`
rust-lang/rust@90fec5a087 Add `copy_dir_all`
and `recursive_diff` functions to `run-make-support`
rust-lang/rust@7083131c92 Rollup merge of
#125607 - GuillaumeGomez:migrate-compile-stdin, r=jieyouxu
rust-lang/rust@a9c125f864 Rollup merge of
#125597 - compiler-errors:early-binder, r=jackh726
rust-lang/rust@cfa7ab474f Rollup merge of
#125535 - onur-ozkan:remove-deprecated-field, r=clubby789
rust-lang/rust@f50b4f5034 Rollup merge of
#125530 - SparrowLii:expand2, r=petrochenkov
rust-lang/rust@ad37f40355 Rollup merge of
#125522 - spastorino:fix-lint-docs-edition-handling,
r=Urgau,michaelwoerister
rust-lang/rust@86f2fa35a2 Rollup merge of
#125148 - RalfJung:codegen-sh, r=scottmcm
rust-lang/rust@6dddc888fc Rollup merge of
#124870 - Lokathor:update-result-docs, r=dtolnay
rust-lang/rust@a59072ec4f Auto merge of
#125602 - RalfJung:interpret-mir-lifetime, r=oli-obk
rust-lang/rust@e4abfaeb62 Migrate
`run-make/compile-stdin` to `rmake.rs`
rust-lang/rust@b582f807fa Auto merge of
#125410 - fmease:adj-lint-diag-api, r=nnethercote
rust-lang/rust@fec98b3bbc Auto merge of
#125468 - BoxyUwU:remove_defid_from_regionparam, r=compiler-errors
rust-lang/rust@e8379c9598 interpret: get rid
of 'mir lifetime everywhere
rust-lang/rust@36d36a3e1f interpret: the MIR
is actually at lifetime 'tcx
rust-lang/rust@699d28f968 rustdoc: Show
"const" for const-unstable if also overall unstable
rust-lang/rust@cdc509f7c0 Auto merge of
#125580 - RalfJung:miri-sync, r=RalfJung
rust-lang/rust@f92292978f Use EarlyBinder in
rustc_type_ir, simplify imports
rust-lang/rust@993553ceb8 Uplift EarlyBinder
rust-lang/rust@529bb2573a Auto merge of
#125593 - workingjubilee:rollup-67qk7di, r=workingjubilee
rust-lang/rust@bbcdb4fd3e Give EarlyBinder a
tcx parameter
rust-lang/rust@4ff78692db Rollup merge of
#125582 - scottmcm:less-from-usize, r=jieyouxu
rust-lang/rust@45507e4304 Rollup merge of
#125566 - camelid:notify-accepted, r=GuillaumeGomez
rust-lang/rust@25b079a1cf Rollup merge of
#125559 - scottmcm:simplify-shift-ubcheck, r=workingjubilee
rust-lang/rust@c51fc1d02b Rollup merge of
#125544 - Urgau:check-cfg-mention-cargo-specific, r=jieyouxu
rust-lang/rust@b65b2b6ced Rollup merge of
#125469 - compiler-errors:dont-skip-inner-const-body, r=cjgillot
rust-lang/rust@09e75921f3 Rollup merge of
#125466 - compiler-errors:dont-probe-for-ambig-in-sugg, r=jieyouxu
rust-lang/rust@5860d43af3 Rollup merge of
#125046 - bjorn3:no_mutable_static_linkage, r=cjgillot
rust-lang/rust@866630d004 Rollup merge of
#124048 - veera-sivarajan:bugfix-123773-c23-variadics, r=compiler-errors
rust-lang/rust@0aad3f64e2 Auto merge of
#125576 - lnicola:sync-from-ra, r=lnicola
rust-lang/rust@d37f456b2a Avoid a
`FieldIdx::from_usize` in InstSimplify
rust-lang/rust@0963353634 Auto merge of model-checking#3631
- RalfJung:blocking-refactor, r=RalfJung
rust-lang/rust@2e89443b93 add a macro to
declare thread unblock callbacks
rust-lang/rust@8e861c6c4c Auto merge of model-checking#3632
- RalfJung:readdir, r=RalfJung
rust-lang/rust@350f5c88db unix/fs: a bit of
cleanup in macos_fbsd_readdir_r
rust-lang/rust@e09bf5694b Auto merge of model-checking#3633
- RalfJung:target, r=RalfJung
rust-lang/rust@cbec1288a2 fix './miri run
--dep --target _'
rust-lang/rust@e6bb468b53 data_race: vector
indices can be reused immediately when the thread is gone
rust-lang/rust@a131243557 completely refactor
how we manage blocking and unblocking threads
rust-lang/rust@f7ca8a6d66 Auto merge of #17296
- mathew-horner:no-clone-target, r=Veykril
rust-lang/rust@bd9cc02d10 Auto merge of #17295
- 0xJonas:fix_passing_env_vars_to_cpptools, r=Veykril
rust-lang/rust@5fa30f7eaa make release_clock
always work on the current thread
rust-lang/rust@fa7a3f9049 rustdoc: Elide
const-unstable if also unstable overall
rust-lang/rust@91b3ef5b4a Notify T-rustdoc for
beta-accepted and stable-accepted too
rust-lang/rust@9b480da367 It seems that anchor
names are implicitly all lowercase
rust-lang/rust@0c84361342 Simplify the
`unchecked_sh[lr]` ub-checks a bit
rust-lang/rust@f8279b10c3 Fix URL target, it's
in the module not the type.
rust-lang/rust@2b2f83e5ff github showed that
weird.
rust-lang/rust@2e8f14fb37 correct for copy
paste errors when fixing wrapping.
rust-lang/rust@22668e83f6 Resolve
rust-lang/rust#124870 (comment)
rust-lang/rust@939f2671a0 revert to the
inconsistent paragraph wrapping.
rust-lang/rust@eb9894f3c9 Removed return
rust-lang/rust@afa8dfc51f Avoid clone when
constructing runnable label.
rust-lang/rust@09677b03dd Formatting
rust-lang/rust@78fe45e273 Semicolon
rust-lang/rust@2315c6b764 Use correct format
for setting environment variables when debugging with cpptools
rust-lang/rust@331bb3f10d Auto merge of model-checking#3630
- rust-lang:rustup-2024-05-25, r=saethlin
rust-lang/rust@bebcb4e4b8 Also mention my-self
for check-cfg docs changes
rust-lang/rust@c76477d909 add change entry
rust-lang/rust@56dddd4c7e Remove deprecated
field `dist.missing-tools`
rust-lang/rust@1d0ad04993 Merge from rustc
rust-lang/rust@3cfcfbf083 Preparing for merge
from rustc
rust-lang/rust@41d4a95fca Add "better" edition
handling on lint-docs tool
rust-lang/rust@278212342e cleanup dependence
of `ExtCtxt` in transcribe when macro expansion
rust-lang/rust@24b5466892 drop region
constraints for ambiguous goals
rust-lang/rust@ed8e436916 move generics_of
call outside of iter
rust-lang/rust@56d77b9048 Auto merge of #17275
- roife:fix-issue-17012, r=Veykril
rust-lang/rust@796cb8031d Remove failing tests
rust-lang/rust@f856ee357c Remove `DefId` from
`EarlyParamRegion` (clippy/smir)
rust-lang/rust@fe2d7794ca Remove `DefId` from
`EarlyParamRegion` (tedium/diagnostics)
rust-lang/rust@bd6344d829 Remove `DefId` from
`EarlyParamRegion` (type system)
rust-lang/rust@b7b350cff7 docs
rust-lang/rust@008f6b3a3f Auto merge of model-checking#3626
- devnexen:pthread_name_illumos, r=oli-obk
rust-lang/rust@7fc41d1bdf Auto merge of model-checking#3625
- Strophox:miri-allocation-fix, r=RalfJung
rust-lang/rust@b84620ff17 extend comments
rust-lang/rust@88d519f718 Auto merge of model-checking#3628
- RalfJung:tokio, r=RalfJung
rust-lang/rust@561bd9a5ec add back some tokio
features
rust-lang/rust@10d414091b Auto merge of model-checking#3627
- rust-lang:rustup-2024-05-24, r=RalfJung
rust-lang/rust@4763eaf066 fmt
rust-lang/rust@debf88ae1a Merge from rustc
rust-lang/rust@9ce95c30b2 Preparing for merge
from rustc
rust-lang/rust@c58b7c9c81 Don't skip inner
const when looking for body for suggestion
rust-lang/rust@4bc41b91d7 Don't continue
probing for method if in suggestion and autoderef hits ambiguity
rust-lang/rust@7f5e0aade8 solaris add suport
for threadname.
rust-lang/rust@3c7a13d870 tests: update test
for runnables
rust-lang/rust@c10bda5577 Update docs
rust-lang/rust@1a37cfb703 Use cwd from
runnable.args for debugger
rust-lang/rust@7b54c8231e Revert "Debug use
cargo workspace root as cwd. fixes #13022"
rust-lang/rust@d83b267bc1 Add cwd to
CargoRunnable
rust-lang/rust@6259991f04 Auto merge of #17287
- Veykril:sysroot-encode-empty, r=Veykril
rust-lang/rust@f93256ca42 Allow sysroots to
only consist of the source root dir
rust-lang/rust@1b374dfd9b differentiate
between layout and alloc_layout
rust-lang/rust@56c363b43e fix alloc_bytes
(always allocate at least 1B)
rust-lang/rust@ecadf37df4 Auto merge of #17284
- Veykril:doc-links, r=Veykril
rust-lang/rust@616fdd04bb Use correct
toolchain channel when generating builtin type doc links
rust-lang/rust@6e8646df8b Auto merge of #17174
- Kohei316:fix-infer-async-block-with-tail-return-expr, r=Veykril
rust-lang/rust@425ed6a181 Update
crates/hir-ty/src/infer/expr.rs
rust-lang/rust@68fe34a4c2 Auto merge of #17140
- harrysarson:harry-unused-self, r=Veykril
rust-lang/rust@6ea763b9e2 Auto merge of model-checking#3624
- rust-lang:rustup-2024-05-23, r=RalfJung
rust-lang/rust@400835fd11 fmt
rust-lang/rust@f1ffb8d859 Merge from rustc
rust-lang/rust@807a0f8c21 Preparing for merge
from rustc
rust-lang/rust@37bf2d2dab Delay the
construction of early lint diag structs
rust-lang/rust@9f67c50128 Remove `DelayDm`
rust-lang/rust@06bc4fc671 Remove
`LintDiagnostic::msg`
rust-lang/rust@366ef95407 Slightly clean up
some lint infra code
rust-lang/rust@ac2708a347 Auto merge of #17270
- davidbarsky:david/fix-completions-from-associated-types, r=Veykril
rust-lang/rust@f2c3ef77b1 fix: ensure implied
bounds from associated types are considered in autocomplete
rust-lang/rust@04a9a1a531 Auto merge of model-checking#3614
- devnexen:illumos_time_support, r=oli-obk
rust-lang/rust@0916e72a34 Auto merge of #17251
- roife:fix-issue-17057, r=Veykril
rust-lang/rust@56ce7e0e06 Auto merge of #17252
- davidbarsky:david/refactor-standalone-bools-into-struct, r=Veykril
rust-lang/rust@f50f8fbcb9 Simplify
rust-lang/rust@7a21dff517 internal: refactor
`prefer_no_std`/`prefer_prelude` bools into a struct
rust-lang/rust@4e9b12870c fix: check
pseudo-block by local_id instead of ModuleOrigin
rust-lang/rust@ad810a51f0 Auto merge of #17277
- Veykril:find-path-fixes, r=Veykril
rust-lang/rust@3f638a9291 solaris/illumos
localtime_r / clock_getime support enabled.
rust-lang/rust@d9dda8f84f Auto merge of #17279
- Veykril:format_args-escape, r=Veykril
rust-lang/rust@2ff9bab2eb fix: Fix format_args
lowering passing incorrect parameters to rustc_parse_format
rust-lang/rust@39e6032445 Auto merge of #17248
- mladedav:dm/delay-clear, r=Veykril
rust-lang/rust@24bf53d993 Auto merge of #17268
- Veykril:signatures, r=Veykril
rust-lang/rust@b1830a5fe6 Update assists test
fixtures
rust-lang/rust@b29c755572 expectify find_path
tests
rust-lang/rust@5992af6506 fix: Fix general
find-path inconsistencies
rust-lang/rust@7fd1429754 Auto merge of model-checking#3623
- RalfJung:rustup, r=RalfJung
rust-lang/rust@abbe244a81 clippy
rust-lang/rust@a1bc030b70 Merge from rustc
rust-lang/rust@24138f0034 Preparing for merge
from rustc
rust-lang/rust@c8b0e5b1a4 The number of tests
does not depend on the architecture's pointer width
rust-lang/rust@719eee2d82 test: add tests for
extern preludes resolving in local mods
rust-lang/rust@41c006e21a Auto merge of model-checking#3610
- marc0246:missing-error-kinds, r=RalfJung
rust-lang/rust@37a37f6ab3 Use
`throw_unsup_format` instead of returning `ENOTSUP` in the mmap shim
rust-lang/rust@6438554bce Show fn traits in
signature info for trait implementors
rust-lang/rust@f42e55dfc8 Enable linked
locations for closure param inlay hints
rust-lang/rust@4b3d7f6039 Render closure fn
trait kind in siganture help
rust-lang/rust@7045044da3 Allow hir::Param to
refer to other entity params aside from functions
rust-lang/rust@9ff4ffb817 Update builtin tool
list
rust-lang/rust@ea2a16cadb fix: resolve extern
prelude for local mods in block modules
rust-lang/rust@1287e868e9 Clear diagnostics
only after new ones were received
rust-lang/rust@17bd43cb25 codegen:
tweak/extend shift comments
rust-lang/rust@b468f21051 Don't use `T` with
both Result and Option, improve explanation.
rust-lang/rust@531dae1cdf Only allow immutable
statics with #[linkage]
rust-lang/rust@10f8d1ffef use teletype on the
attribute name
rust-lang/rust@f94fa6bee3 Some Result
combinations work like an Option.
rust-lang/rust@dd16cbcb4e braces around {self}
in UseTree are not unnecessary
rust-lang/rust@39a653f632 Fix coercion of
async block
rust-lang/rust@f005b451c2 Support C23's
Variadics Without a Named Parameter
rust-lang/rust@62a104df98 Update Tests

Co-authored-by: qinheping <16714939+qinheping@users.noreply.github.com>
github-merge-queue bot pushed a commit that referenced this issue Nov 22, 2024
This change fixes how we compute size of the object in our mem
predicates, and provide user visible methods to try to retrieve the size
of the object if known and valid (`checked_size_of_raw` and
`checked_align_of_raw`.

Fixes #3612
Fixes #3627

## Call-outs

To simplify this PR, I moved the following changes to their own PRs:
1. #3644
2. #3718

I also removed the fix for the intrinsics `size_of_val` and
`align_of_val` from this PR, and I will create a follow up PR once this
one is merged.

---------

Co-authored-by: Carolyn Zech <cmzech@amazon.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
[C] Bug This is a bug. Something isn't working. [F] Soundness Kani failed to detect an issue Z-UnstableFeature Issues that only occur if a unstable feature is enabled
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant