Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for atomic_min* and atomic_umin* intrinsics #1212

Merged
merged 8 commits into from
May 26, 2022
Merged

Add support for atomic_min* and atomic_umin* intrinsics #1212

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
ec60b1b
Define `min` expression
adpaco-aws May 23, 2022
43d3743
Add `atomic_min*` intrinsics
adpaco-aws May 23, 2022
4b833aa
Add test and remove negative ones
adpaco-aws May 23, 2022
59ffdd5
Add support for `atomic_umin*`
adpaco-aws May 23, 2022
b9faf99
Add test for `umin` and remove negative ones
adpaco-aws May 23, 2022
d7bf342
Complete `is_side_effect` and use in `min`
adpaco-aws May 25, 2022
fdf5aa4
Use `any` instead of local function
adpaco-aws May 25, 2022
5585467
Merge branch 'main' into atomic-min
danielsn May 26, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 30 additions & 1 deletion cprover_bindings/src/goto_program/expr.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -282,13 +282,33 @@ impl Expr {
_ => false,
}
}

/// Returns whether an expression causes side effects or not
pub fn is_side_effect(&self) -> bool {
match *self.value {
match &*self.value {
// These expressions always cause side effects
Assign { .. }
| FunctionCall { .. }
| Nondet
| SelfOp { .. }
| StatementExpression { .. } => true,
// These expressions do not cause side effects, but the expressions
// they contain may do. All we need to do are recursive calls.
AddressOf(e) => e.is_side_effect(),
Array { elems } => elems.iter().any(|e| e.is_side_effect()),
ArrayOf { elem } => elem.is_side_effect(),
BinOp { op: _, lhs, rhs } => lhs.is_side_effect() || rhs.is_side_effect(),
ByteExtract { e, offset: _ } => e.is_side_effect(),
Dereference(e) => e.is_side_effect(),
If { c, t, e } => c.is_side_effect() || t.is_side_effect() || e.is_side_effect(),
Index { array, index } => array.is_side_effect() || index.is_side_effect(),
Member { lhs, field: _ } => lhs.is_side_effect(),
Struct { values } => values.iter().any(|e| e.is_side_effect()),
Typecast(e) => e.is_side_effect(),
Union { value, field: _ } => value.is_side_effect(),
UnOp { op: _, e } => e.is_side_effect(),
Vector { elems } => elems.iter().any(|e| e.is_side_effect()),
// The rest of expressions (constants) do not cause side effects
_ => false,
}
}
Expand Down Expand Up @@ -1080,6 +1100,15 @@ impl Expr {
pub fn r_ok(self, e: Expr) -> Expr {
self.binop(ROk, e)
}

// Expressions defined on top of other expressions

/// `min(self, e)`
pub fn min(self, e: Expr) -> Expr {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If there are side effects, this will evaluate them twice

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please take a look at the new changes, which complete the definition for is_side_effect and assert that neither of these cause side effects.

assert!(!self.is_side_effect() && !e.is_side_effect());
let cmp = self.clone().lt(e.clone());
cmp.ternary(self, e)
}
}

/// Constructors for self operations
Expand Down
10 changes: 10 additions & 0 deletions kani-compiler/src/codegen_cprover_gotoc/codegen/intrinsic.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -412,6 +412,11 @@ impl<'tcx> GotocCtx<'tcx> {
"atomic_load_acq" => self.codegen_atomic_load(intrinsic, fargs, p, loc),
"atomic_load_relaxed" => self.codegen_atomic_load(intrinsic, fargs, p, loc),
"atomic_load_unordered" => self.codegen_atomic_load(intrinsic, fargs, p, loc),
"atomic_min" => codegen_atomic_binop!(min),
"atomic_min_acq" => codegen_atomic_binop!(min),
"atomic_min_acqrel" => codegen_atomic_binop!(min),
"atomic_min_rel" => codegen_atomic_binop!(min),
"atomic_min_relaxed" => codegen_atomic_binop!(min),
"atomic_nand" => codegen_atomic_binop!(bitnand),
"atomic_nand_acq" => codegen_atomic_binop!(bitnand),
"atomic_nand_acqrel" => codegen_atomic_binop!(bitnand),
Expand All @@ -430,6 +435,11 @@ impl<'tcx> GotocCtx<'tcx> {
"atomic_store_rel" => self.codegen_atomic_store(intrinsic, fargs, p, loc),
"atomic_store_relaxed" => self.codegen_atomic_store(intrinsic, fargs, p, loc),
"atomic_store_unordered" => self.codegen_atomic_store(intrinsic, fargs, p, loc),
"atomic_umin" => codegen_atomic_binop!(min),
"atomic_umin_acq" => codegen_atomic_binop!(min),
"atomic_umin_acqrel" => codegen_atomic_binop!(min),
"atomic_umin_rel" => codegen_atomic_binop!(min),
"atomic_umin_relaxed" => codegen_atomic_binop!(min),
"atomic_xadd" => codegen_atomic_binop!(plus),
"atomic_xadd_acq" => codegen_atomic_binop!(plus),
"atomic_xadd_acqrel" => codegen_atomic_binop!(plus),
Expand Down
47 changes: 47 additions & 0 deletions tests/kani/Intrinsics/Atomic/Unstable/AtomicMin/main.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
// Copyright Kani Contributors
// SPDX-License-Identifier: Apache-2.0 OR MIT

// Check that `atomic_min` and other variants (unstable version) return the
// expected result.

#![feature(core_intrinsics)]
use std::intrinsics::{
atomic_min, atomic_min_acq, atomic_min_acqrel, atomic_min_rel, atomic_min_relaxed,
};

#[kani::proof]
fn main() {
let mut a1 = 1 as u8;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason we only test for u8? Could we make this take a <T> and then test multiple bitwidths?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, that's pending in #25. But I'd like to do it once all atomic tests are in.

let mut a2 = 1 as u8;
let mut a3 = 1 as u8;
let mut a4 = 1 as u8;
let mut a5 = 1 as u8;

let ptr_a1: *mut u8 = &mut a1;
let ptr_a2: *mut u8 = &mut a2;
let ptr_a3: *mut u8 = &mut a3;
let ptr_a4: *mut u8 = &mut a4;
let ptr_a5: *mut u8 = &mut a5;

let b = 0 as u8;

unsafe {
let x1 = atomic_min(ptr_a1, b);
let x2 = atomic_min_acq(ptr_a2, b);
let x3 = atomic_min_acqrel(ptr_a3, b);
let x4 = atomic_min_rel(ptr_a4, b);
let x5 = atomic_min_relaxed(ptr_a5, b);

assert!(x1 == 1);
assert!(x2 == 1);
assert!(x3 == 1);
assert!(x4 == 1);
assert!(x5 == 1);

assert!(*ptr_a1 == b);
assert!(*ptr_a2 == b);
assert!(*ptr_a3 == b);
assert!(*ptr_a4 == b);
assert!(*ptr_a5 == b);
}
}
22 changes: 0 additions & 22 deletions tests/kani/Intrinsics/Atomic/Unstable/AtomicMin/min.rs
View file
Open in desktop

This file was deleted.

22 changes: 0 additions & 22 deletions tests/kani/Intrinsics/Atomic/Unstable/AtomicMin/min_acq.rs
View file
Open in desktop

This file was deleted.

22 changes: 0 additions & 22 deletions tests/kani/Intrinsics/Atomic/Unstable/AtomicMin/min_acqrel.rs
View file
Open in desktop

This file was deleted.

22 changes: 0 additions & 22 deletions tests/kani/Intrinsics/Atomic/Unstable/AtomicMin/min_rel.rs
View file
Open in desktop

This file was deleted.

22 changes: 0 additions & 22 deletions tests/kani/Intrinsics/Atomic/Unstable/AtomicMin/min_relaxed.rs
View file
Open in desktop

This file was deleted.

47 changes: 47 additions & 0 deletions tests/kani/Intrinsics/Atomic/Unstable/AtomicUmin/main.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
// Copyright Kani Contributors
// SPDX-License-Identifier: Apache-2.0 OR MIT

// Check that `atomic_umin` and other variants (unstable version) return the
// expected result.

#![feature(core_intrinsics)]
use std::intrinsics::{
atomic_umin, atomic_umin_acq, atomic_umin_acqrel, atomic_umin_rel, atomic_umin_relaxed,
};

#[kani::proof]
fn main() {
let mut a1 = 1 as u8;
let mut a2 = 1 as u8;
let mut a3 = 1 as u8;
let mut a4 = 1 as u8;
let mut a5 = 1 as u8;

let ptr_a1: *mut u8 = &mut a1;
let ptr_a2: *mut u8 = &mut a2;
let ptr_a3: *mut u8 = &mut a3;
let ptr_a4: *mut u8 = &mut a4;
let ptr_a5: *mut u8 = &mut a5;

let b = 0 as u8;

unsafe {
let x1 = atomic_umin(ptr_a1, b);
let x2 = atomic_umin_acq(ptr_a2, b);
let x3 = atomic_umin_acqrel(ptr_a3, b);
let x4 = atomic_umin_rel(ptr_a4, b);
let x5 = atomic_umin_relaxed(ptr_a5, b);

assert!(x1 == 1);
assert!(x2 == 1);
assert!(x3 == 1);
assert!(x4 == 1);
assert!(x5 == 1);

assert!(*ptr_a1 == b);
assert!(*ptr_a2 == b);
assert!(*ptr_a3 == b);
assert!(*ptr_a4 == b);
assert!(*ptr_a5 == b);
}
}
22 changes: 0 additions & 22 deletions tests/kani/Intrinsics/Atomic/Unstable/AtomicUmin/umin.rs
View file
Open in desktop

This file was deleted.

22 changes: 0 additions & 22 deletions tests/kani/Intrinsics/Atomic/Unstable/AtomicUmin/umin_acq.rs
View file
Open in desktop

This file was deleted.

22 changes: 0 additions & 22 deletions tests/kani/Intrinsics/Atomic/Unstable/AtomicUmin/umin_acqrel.rs
View file
Open in desktop

This file was deleted.

22 changes: 0 additions & 22 deletions tests/kani/Intrinsics/Atomic/Unstable/AtomicUmin/umin_rel.rs
View file
Open in desktop

This file was deleted.

Loading