Loop Contracts Annotation for While-Loop #3151

qinheping · 2024-04-19T06:49:35Z

This PR introduce the loop contracts annotation for while-loops using proc-macro.
A while loop of the form

#[kani::loop_invariant(inv)]
while guard {
   body
}

is annotated as

#[inline(never)]
#[kanitool::fn_marker = "kani_register_loop_contract"]
const fn kani_register_loop_contract_id<T, F: FnOnce() -> T>(f: F) -> T {
   unreachable!()
}
while 
kani_register_loop_contract_id(|| -> bool {inv}) && guard {
   loop_body;
}

We then replace the function body of the register function kani_register_loop_contract_id by a call to its function argument f.

In the loop-contract transformation, we move the calls to register functions to a new basic block as new loop latches and redirect all loop latches (for loops containing continue there can be multiple latches pointing to the same loop head) to the new loop latches to make sure that

each loop contain only one loop latch;
the terminator of the loop latch is a call to the register function.

In detail, we transform

loop_head_block: {
     loop_head_stmts
     _v = kani_register_loop_contract(move args) -> [return: next_idx];
}

 ...
loop_body_blocks
 ...

ori_loop_latch_block: {
     loop_latch_stmts
     goto -> loop_head_block;
}

to blocks

// loop head block
loop_head_block: {
     _v = true
     goto -> next_idx
}

...
loop_body_blocks
...

ori_loop_latch_block: {
     loop_latch_stmts
     goto -> new_loop_latch_block;
}

new_loop_latch_block: {
     _v = kani_register_loop_contract(move args) -> [return: next_idx];
}

The register functions will be transformed to

    bb0: {
        _0 = closure@fn as std::ops::FnOnce::call_once(move _1, ()) -> [return: bb1, unwind unreachable];
    }
    bb1: {
        return;
    }

At the end, the call to the register function will be codegened as backward goto with loop contracts annotated.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses.

celinval

I think I'm missing the big picture here, since the PR itself is currently a no-op and the attribute itself has no documentation.

library/kani_macros/src/lib.rs

library/kani/src/lib.rs

library/kani_macros/src/lib.rs

@celinval

Release notes are the following: ### Major Changes * Fix compilation issue with proc_macro2 (v1.0.80+) and Kani v0.49.0 (model-checking#3138). ### What's Changed * Implement valid value check for `write_bytes` by @celinval in model-checking#3108 * Rust toolchain upgraded to 2024-04-15 by @tautschnig @celinval **Full Changelog**: model-checking/kani@kani-0.49.0...kani-0.50.0

…-checking#3149) The toolchain upgrade itself didn't require any modification, but it looks like the rust toolchain script includes any untracked files to the PR, which is the root cause of the model-checking#3146 CI failure. Thus, I made the following changes (each one of them in its own commit): 1. Moved the upgrade step to its own script. 2. Added a bit of debugging and doc to the script. 3. Added a new step that cleans the workspace before the PR creation. 4. Actually update the toolchain. By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses.

Update Rust toolchain from nightly-2024-04-18 to nightly-2024-04-19 without any other source changes. This is an automatically generated pull request. If any of the CI checks fail, manual intervention is required. In such a case, review the changes at https://github.com/rust-lang/rust from rust-lang/rust@becebb3 up to rust-lang/rust@e3181b0.

I would like to propose that we stabilize the cover statement as is. Any further improvements or changes can be done separately, with or without an RFC. I am also updating the contracts RFC status since parts of it have been integrated to Kani, but it is still unstable. ### Call-out This PR requires at least 2 approvals.

Update Rust toolchain from nightly-2024-04-19 to nightly-2024-04-20 without any other source changes. This is an automatically generated pull request. If any of the CI checks fail, manual intervention is required. In such a case, review the changes at https://github.com/rust-lang/rust from rust-lang/rust@e3181b0 up to rust-lang/rust@f9b1614.

…3140) Bumps [tests/perf/s2n-quic](https://github.com/aws/s2n-quic) from `2d5e891` to `5f88e54`.

Dependency upgrade resulting from `cargo update`.

Update Rust toolchain from nightly-2024-04-20 to nightly-2024-04-21 without any other source changes. This is an automatically generated pull request. If any of the CI checks fail, manual intervention is required. In such a case, review the changes at https://github.com/rust-lang/rust from rust-lang/rust@f9b1614 up to rust-lang/rust@dbce3b4.

…3159) Bumps [tests/perf/s2n-quic](https://github.com/aws/s2n-quic) from `5f88e54` to `9730578`. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/aws/s2n-quic/commit/9730578c0d562d80bbbe663161b3a5408ed3116c"><code>9730578</code></a> chore: release 1.37.0 (<a href="https://redirect.github.com/aws/s2n-quic/issues/2187">#2187</a>)</li> <li><a href="https://github.com/aws/s2n-quic/commit/b862ad982859f03d7e45f5d6291f749697a04a0f"><code>b862ad9</code></a> s2n-quic-dc: initial commit (<a href="https://redirect.github.com/aws/s2n-quic/issues/2185">#2185</a>)</li> <li><a href="https://github.com/aws/s2n-quic/commit/e0f224b848e725f94e7c9050ca1dfec16eb39bd8"><code>e0f224b</code></a> feat(s2n-quic-core): allow forced PTO transmissions (<a href="https://redirect.github.com/aws/s2n-quic/issues/2130">#2130</a>)</li> <li><a href="https://github.com/aws/s2n-quic/commit/bfb921daed2330c21202d441594a538458a3e5f2"><code>bfb921d</code></a> feat(s2n-quic-core): Add ability to create an incremental reader initialized ...</li> <li><a href="https://github.com/aws/s2n-quic/commit/23b07e41b6ead9621972cb0687fc3610540f7f77"><code>23b07e4</code></a> feat(s2n-quic): allow disabling active connection migration support (<a href="https://redirect.github.com/aws/s2n-quic/issues/2182">#2182</a>)</li> <li>See full diff in <a href="https://github.com/aws/s2n-quic/compare/5f88e549821518e71b550faf353a8b9970a29deb...9730578c0d562d80bbbe663161b3a5408ed3116c">compare view</a></li> </ul> </details> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Fixes cargo audit CI job by updating `rustix`. By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses.

We had a spurious update attempt logged in model-checking#3155 for the job prior to this fix would empty out the version strings. This was caused by use of undefined variables. Resolves: model-checking#3155 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses. Co-authored-by: Adrian Palacios <73246657+adpaco-aws@users.noreply.github.com> Co-authored-by: Zyad Hassan <88045115+zhassan-aws@users.noreply.github.com>

Dependency upgrade resulting from `cargo update`. Co-authored-by: tautschnig <1144736+tautschnig@users.noreply.github.com>

…3166) Bumps [tests/perf/s2n-quic](https://github.com/aws/s2n-quic) from `9730578` to `1436af7`. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/aws/s2n-quic/commit/1436af712b6e73edc11640dc7c3cae23e456c0a8"><code>1436af7</code></a> ci: Remove neqo from required resumption test clients (<a href="https://redirect.github.com/aws/s2n-quic/issues/2191">#2191</a>)</li> <li><a href="https://github.com/aws/s2n-quic/commit/c0bcef639de0e2a6a89202e84c9933d99d431047"><code>c0bcef6</code></a> build: remove --cfg s2n_quic_unstable (<a href="https://redirect.github.com/aws/s2n-quic/issues/2190">#2190</a>)</li> <li><a href="https://github.com/aws/s2n-quic/commit/fed54a59dcfdbc70e7c3c2d4b1cf3c4991ad4403"><code>fed54a5</code></a> feat(s2n-quic-platform): make message methods public (<a href="https://redirect.github.com/aws/s2n-quic/issues/2189">#2189</a>)</li> <li>See full diff in <a href="https://github.com/aws/s2n-quic/compare/9730578c0d562d80bbbe663161b3a5408ed3116c...1436af712b6e73edc11640dc7c3cae23e456c0a8">compare view</a></li> </ul> </details> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…hecking#3134) The Rust specification does not guarantee that ZST-typed symbols are backed by unique objects, and `rustc` appears to make use of this as can be demonstrated for both locals and statics. For parameters no such example has been found, but as there remains a lack of a guarantee we err on the safe side. Resolves: model-checking#3129

This PR modifies the pattern used to exclude files from the copyright check for `expected` files. This ensures we check the copyright in files under `tests/expected/` while it skips the check for `expected` and `*.expected` files. It also adds/modifies copyright headers for some files that weren't being checked until now. Resolves model-checking#3141

…del-checking#3169) This is an additional fix for model-checking#3098. With this fix, Kani should be able to check for contracts using modifies clauses that contain references to types that doesn't implement `kani::Arbitrary`. The verification will still fail if the same contract is used as a verified stub. --------- Signed-off-by: Felipe R. Monteiro <felisous@amazon.com>

Dependency upgrade resulting from `cargo update`. Co-authored-by: tautschnig <1144736+tautschnig@users.noreply.github.com>

…3174) Bumps [tests/perf/s2n-quic](https://github.com/aws/s2n-quic) from `1436af7` to `6dd41e0`. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/aws/s2n-quic/commit/6dd41e09195bc22dbac93a48f8ab35f8063726dc"><code>6dd41e0</code></a> build: fix clippy warnings for 1.78 (<a href="https://redirect.github.com/aws/s2n-quic/issues/2199">#2199</a>)</li> <li><a href="https://github.com/aws/s2n-quic/commit/de5c33e800ffff14c235ed0ae7d695222f84dcca"><code>de5c33e</code></a> refactor(s2n-quic-core): improve reassembler error handling (<a href="https://redirect.github.com/aws/s2n-quic/issues/2197">#2197</a>)</li> <li><a href="https://github.com/aws/s2n-quic/commit/b085808f4c898f6d4d4e68b14d6a762170fb19b1"><code>b085808</code></a> chore(s2n-quic-crypto): remove custom aesgcm implementation (<a href="https://redirect.github.com/aws/s2n-quic/issues/2186">#2186</a>)</li> <li><a href="https://github.com/aws/s2n-quic/commit/7188ce4081096256267e44d63f532a40d2c7df64"><code>7188ce4</code></a> feat(dc): DcSupportedVersions transport parameter (<a href="https://redirect.github.com/aws/s2n-quic/issues/2193">#2193</a>)</li> <li>See full diff in <a href="https://github.com/aws/s2n-quic/compare/1436af712b6e73edc11640dc7c3cae23e456c0a8...6dd41e09195bc22dbac93a48f8ab35f8063726dc">compare view</a></li> </ul> </details> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

We should try to produce a source location wherever possible to ease debugging and coverage reporting.

Update Cargo.lock with the following package version changes: ``` anyhow 1.0.82 -> 1.0.83 getrandom 0.2.14 -> 0.2.15 num-bigint 0.4.4 -> 0.4.5 ryu 1.0.17 -> 1.0.18 syn 2.0.60 -> 2.0.61 winnow 0.6.7 -> 0.6.8 ``` By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses.

@celinval

For reference, here is the auto-generated changelog ## What's Changed * Upgrade toolchain to 2024-04-18 and improve toolchain workflow by @celinval in model-checking#3149 * Automatic toolchain upgrade to nightly-2024-04-19 by @github-actions in model-checking#3150 * Stabilize cover statement and update contracts RFC by @celinval in model-checking#3091 * Automatic toolchain upgrade to nightly-2024-04-20 by @github-actions in model-checking#3154 * Bump tests/perf/s2n-quic from `2d5e891` to `5f88e54` by @dependabot in model-checking#3140 * Automatic cargo update to 2024-04-22 by @github-actions in model-checking#3157 * Automatic toolchain upgrade to nightly-2024-04-21 by @github-actions in model-checking#3158 * Bump tests/perf/s2n-quic from `5f88e54` to `9730578` by @dependabot in model-checking#3159 * Fix cargo audit error by @jaisnan in model-checking#3160 * Fix cbmc-update CI job by @tautschnig in model-checking#3156 * Automatic cargo update to 2024-04-29 by @github-actions in model-checking#3165 * Bump tests/perf/s2n-quic from `9730578` to `1436af7` by @dependabot in model-checking#3166 * Do not assume that ZST-typed symbols refer to unique objects by @tautschnig in model-checking#3134 * Fix copyright check for `expected` tests by @adpaco-aws in model-checking#3170 * Remove kani::Arbitrary from the modifies contract instrumentation by @feliperodri in model-checking#3169 * Automatic cargo update to 2024-05-06 by @github-actions in model-checking#3172 * Bump tests/perf/s2n-quic from `1436af7` to `6dd41e0` by @dependabot in model-checking#3174 * Avoid unnecessary uses of Location::none() by @tautschnig in model-checking#3173 **Full Changelog**: model-checking/kani@kani-0.50.0...kani-0.51.0 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses. --------- Co-authored-by: Adrian Palacios <73246657+adpaco-aws@users.noreply.github.com>

celinval

Sorry, might need to sync about this one offline. I'm not sure I understand your transformation

library/kani_macros/src/sysroot/loop_contracts/mod.rs

kani-compiler/src/kani_middle/transform/loop_contracts.rs

kani-compiler/src/kani_middle/transform/body.rs

kani-compiler/src/kani_middle/transform/loop_contracts.rs

celinval

As we discussed offline, I am OK merging this just to unblock experimentation. This transformation is not sound since you are drastically moving where variables are used, and we cannot guarantee that the code does not violate the borrow checker (hence the fixme test).

Can you also please add a few more checks, including:

Function with multiple loops with annotations
Function with nested loops
Harness that invokes different functions that have loop contract in them
Test that has a loop_invariant but that does not pass -Z loop-contracts

Thanks

tests/expected/loop-contract/box.expected

kani-compiler/src/kani_middle/transform/loop_contracts.rs

tests/expected/loop-contract/box.rs

@zhassan-aws

Updated version in all `Cargo.toml` files (via `find . -name Cargo.toml -exec sed -i 's/version = "0.56.0"/version = "0.57.0"/' {} \;`) and ran `cargo build-dev` to have `Cargo.lock` files updated. GitHub generated release notes: ## What's Changed * Remove the overflow checks for wrapping_offset by @zhassan-aws in model-checking#3589 * `kani-cov`: A coverage tool for Kani by @adpaco-aws in model-checking#3121 * Automatic toolchain upgrade to nightly-2024-10-04 by @github-actions in model-checking#3570 * Automatic toolchain upgrade to nightly-2024-10-05 by @github-actions in model-checking#3591 * Automatic toolchain upgrade to nightly-2024-10-06 by @github-actions in model-checking#3592 * Exclude Charon from workspace by @zhassan-aws in model-checking#3580 * Support fully-qualified --package arguments by @celinval in model-checking#3593 * Automatic toolchain upgrade to nightly-2024-10-07 by @github-actions in model-checking#3595 * Automatic toolchain upgrade to nightly-2024-10-08 by @github-actions in model-checking#3597 * Automatic cargo update to 2024-10-14 by @github-actions in model-checking#3598 * Bump tests/perf/s2n-quic from `17171ec` to `7752afb` by @dependabot in model-checking#3601 * Automatic toolchain upgrade to nightly-2024-10-09 by @github-actions in model-checking#3600 * Automatic toolchain upgrade to nightly-2024-10-10 by @github-actions in model-checking#3602 * Automatic toolchain upgrade to nightly-2024-10-11 by @github-actions in model-checking#3603 * Loop Contracts Annotation for While-Loop by @qinheping in model-checking#3151 * Automatic toolchain upgrade to nightly-2024-10-12 by @github-actions in model-checking#3604 * Update toolchain to 2024-10-15 by @zhassan-aws in model-checking#3605 * Automatic toolchain upgrade to nightly-2024-10-16 by @github-actions in model-checking#3607 * Implement proper function pointer handling for validity checks by @celinval in model-checking#3606 * Update toolchain to 2024-10-17 by @zhassan-aws in model-checking#3610 * Add fn that checks pointers point to same allocation by @celinval in model-checking#3583 * Automatic toolchain upgrade to nightly-2024-10-18 by @github-actions in model-checking#3613 * [aeneas] Preserve variable names by @zhassan-aws in model-checking#3560 * [Breaking change] Make `kani::check` private by @celinval in model-checking#3614 * Emit an error when proof_for_contract function is not found by @zhassan-aws in model-checking#3609 * Automatic toolchain upgrade to nightly-2024-10-19 by @github-actions in model-checking#3617 * Automatic toolchain upgrade to nightly-2024-10-20 by @github-actions in model-checking#3619 * Update test small_slice_eq by @qinheping in model-checking#3618 * Automatic toolchain upgrade to nightly-2024-10-21 by @github-actions in model-checking#3621 * Automatic cargo update to 2024-10-21 by @github-actions in model-checking#3622 * Bump tests/perf/s2n-quic from `7752afb` to `cd0314b` by @dependabot in model-checking#3625 * Update coverage flag in docs by @zhassan-aws in model-checking#3626 * Automatic toolchain upgrade to nightly-2024-10-22 by @github-actions in model-checking#3628 * Automatic toolchain upgrade to nightly-2024-10-23 by @github-actions in model-checking#3635 * Remove dead Option layer from run_piped by @zhassan-aws in model-checking#3634 * Add `free(0)` to codegen of loop contracts by @qinheping in model-checking#3637 * [Lean] Rename user-facing options from Aeneas to Lean by @zhassan-aws in model-checking#3630 * Fix ICE due to mishandling of Aggregate rvalue for raw pointers to trait objects by @carolynzech in model-checking#3636 * Automatic toolchain upgrade to nightly-2024-10-24 by @github-actions in model-checking#3639 * Add regular & fixme tests for function contracts by @celinval in model-checking#3371 * Call `goto-instrument` with `DFCC` only once by @qinheping in model-checking#3642 * Build and include `kani-cov` in the bundle by @adpaco-aws in model-checking#3641 * Fix loop contracts transformation when loops in branching by @qinheping in model-checking#3640 * Update toolchain to 10/25 by @carolynzech in model-checking#3648 * Automatic toolchain upgrade to nightly-2024-10-26 by @github-actions in model-checking#3651 * Automatic toolchain upgrade to nightly-2024-10-27 by @github-actions in model-checking#3652 * Bump tests/perf/s2n-quic from `cd0314b` to `ed9db08` by @dependabot in model-checking#3655 * Automatic cargo update to 2024-10-28 by @github-actions in model-checking#3654 * Automatic toolchain upgrade to nightly-2024-10-28 by @github-actions in model-checking#3653 * Reduce the number of object bits for refcell test by @zhassan-aws in model-checking#3656 * Move any_slice_from_array to kani_core by @qinheping in model-checking#3646 * Upgrade toolchain to 2024-10-29 by @zhassan-aws in model-checking#3658 * Add a timeout option by @zhassan-aws in model-checking#3649 * Upgrade toolchain to 2024-10-30 by @tautschnig in model-checking#3661 * Upgrade Rust toolchain to 2024-10-31 by @zhassan-aws in model-checking#3668 * Upgrade toolchain to 2024-11-01 by @tautschnig in model-checking#3671 * Automatic toolchain upgrade to nightly-2024-11-02 by @github-actions in model-checking#3673 * Implement `Arbitrary` for `Range*` by @c410-f3r in model-checking#3666 * Automatic toolchain upgrade to nightly-2024-11-03 by @github-actions in model-checking#3674 * codegen: Ask the layout if it is uninhabited, not its impl detail by @workingjubilee in model-checking#3675 * Automatic cargo update to 2024-11-04 by @github-actions in model-checking#3677 * Bump tests/perf/s2n-quic from `192de7d` to `65d55a4` by @dependabot in model-checking#3678 * Update dependencies following Audit workflow failure. by @remi-delmas-3000 in model-checking#3680 * Harness output individual files by @Alexander-Aghili in model-checking#3360 * Update Charon submodule to 2024-11-04 by @zhassan-aws in model-checking#3686 * Add support for float_to_int_unchecked by @zhassan-aws in model-checking#3660 * Change `same_allocation` to accept wide pointers by @celinval in model-checking#3684 * Automatic upgrade of CBMC from 6.3.1 to 6.4.0 by @github-actions in model-checking#3689 * Derive `Arbitrary` for enums with a single variant by @AlgebraicWolf in model-checking#3692 * Update cbmc-viewer to 3.10 by @remi-delmas-3000 in model-checking#3683 * Apply loop contracts only if there exists some usage by @qinheping in model-checking#3694 * Remove symtab json support by @celinval in model-checking#3695 * Remove CBMC viewer and visualize option by @zhassan-aws in model-checking#3699 * Ignore derivative in Cargo deny by @qinheping in model-checking#3708 * Upgrade Rust toolchain to 2024-11-08 by @zhassan-aws in model-checking#3703 * Automatic cargo update to 2024-11-11 by @github-actions in model-checking#3704 * Update verify-std-check workflow to enable loop contracts by @qinheping in model-checking#3705 * Automatic toolchain upgrade to nightly-2024-11-09 by @github-actions in model-checking#3709 * Bump tests/perf/s2n-quic from `65d55a4` to `cb41b35` by @dependabot in model-checking#3706 * Add support for f16 and f128 in float_to_int_unchecked intrinsic by @zhassan-aws in model-checking#3701 * Upgrade toolchain to nightly-2024-11-11 by @qinheping in model-checking#3710 * Automatic toolchain upgrade to nightly-2024-11-12 by @github-actions in model-checking#3713 * Update charon submodule by @zhassan-aws in model-checking#3716 * Revert "Ignore derivative in Cargo deny" by @qinheping in model-checking#3712 * Upgrade toolchain to nightly-2024-11-13 by @qinheping in model-checking#3715 * Automatic toolchain upgrade to nightly-2024-11-14 by @github-actions in model-checking#3719 * Automatic toolchain upgrade to nightly-2024-11-15 by @github-actions in model-checking#3720 * Fix codegen for rvalue aggregate raw pointer to an adt with slice tail by @carolynzech in model-checking#3644 * Improve Kani handling of function markers by @celinval in model-checking#3718 * Automatic toolchain upgrade to nightly-2024-11-16 by @github-actions in model-checking#3722 * Automatic toolchain upgrade to nightly-2024-11-17 by @github-actions in model-checking#3724 * Automatic cargo update to 2024-11-18 by @github-actions in model-checking#3723 * Bump tests/perf/s2n-quic from `cb41b35` to `4c3ba69` by @dependabot in model-checking#3725 * Automatic toolchain upgrade to nightly-2024-11-18 by @github-actions in model-checking#3727 * Enable contracts for const generic functions by @qinheping in model-checking#3726 * List Subcommand Improvements by @carolynzech in model-checking#3729 * Automatic toolchain upgrade to nightly-2024-11-19 by @github-actions in model-checking#3730 * add support for enum, struct, tuple in llbc backend by @thanhnguyen-aws in model-checking#3721 * Fix issues with how we compute DST size by @celinval in model-checking#3687 * Bump tests/perf/s2n-quic from `4c3ba69` to `c84ba19` by @dependabot in model-checking#3736 * Fix size and alignment computation for intrinsics by @celinval in model-checking#3734 * Automatic cargo update to 2024-11-25 by @github-actions in model-checking#3735 * Cleanup a few internal compiler deps by @celinval in model-checking#3739 * Add a Kani function that checks if the range of a float is valid for conversion to int by @zhassan-aws in model-checking#3742 * Dropping support for Ubuntu 18.04 / AL2. by @thanhnguyen-aws in model-checking#3744 * Update toolchain to nightly-2024-11-26 by @celinval in model-checking#3740 * Automatic upgrade of CBMC from 6.4.0 to 6.4.1 by @github-actions in model-checking#3748 * Automatic cargo update to 2024-12-02 by @github-actions in model-checking#3749 * Update download-artifact, upload-artifact and checkout to v4 by @thanhnguyen-aws in model-checking#3745 * Bump tests/perf/s2n-quic from `c84ba19` to `96d2e22` by @dependabot in model-checking#3750 * Upgrade toolchain to 2024-11-27 by @tautschnig in model-checking#3751 * Upgrade toolchain to 2024-11-28 by @tautschnig in model-checking#3753 * Setup/CI: cleanup Ubuntu 18.04 and cbmc-viewer left-overs and enable 24.04 by @tautschnig in model-checking#3758 * Automatic cargo update to 2024-12-09 by @github-actions in model-checking#3766 * Bump tests/perf/s2n-quic from `96d2e22` to `e4a2365` by @dependabot in model-checking#3767 * Upgrade toolchain to 2024-12-09 by @carolynzech in model-checking#3768 * Add out of bounds check for `offset` intrinsics by @celinval in model-checking#3755 * Upgrade toolchain to 2024-12-12 by @carolynzech in model-checking#3774 * Automatic toolchain upgrade to nightly-2024-12-13 by @github-actions in model-checking#3775 ## New Contributors * @c410-f3r made their first contribution in model-checking#3666 * @workingjubilee made their first contribution in model-checking#3675 * @Alexander-Aghili made their first contribution in model-checking#3360 * @AlgebraicWolf made their first contribution in model-checking#3692 * @thanhnguyen-aws made their first contribution in model-checking#3721 **Full Changelog**: model-checking/kani@kani-0.56.0...kani-0.57.0

Loop Contracts Annotation for While-Loop

0e49d50

qinheping requested a review from a team as a code owner April 19, 2024 06:49

github-actions bot added the Z-BenchCI Tag a PR to run benchmark CI label Apr 19, 2024

celinval reviewed Apr 19, 2024

View reviewed changes

qinheping mentioned this pull request Apr 23, 2024

[CONTRACTS] Support for Kani Loop Contracts diffblue/cbmc#8260

Closed

7 tasks

celinval and others added 25 commits May 8, 2024 23:20

Bump tests/perf/s2n-quic from 2d5e891 to 5f88e54 (model-checking#…

dd6e60f

…3140) Bumps [tests/perf/s2n-quic](https://github.com/aws/s2n-quic) from `2d5e891` to `5f88e54`.

Automatic cargo update to 2024-04-22 (model-checking#3157)

a542ede

Dependency upgrade resulting from `cargo update`.

Fix cargo audit error (model-checking#3160)

e5b0a2a

Fixes cargo audit CI job by updating `rustix`. By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses.

Automatic cargo update to 2024-04-29 (model-checking#3165)

ec29ffd

Dependency upgrade resulting from `cargo update`. Co-authored-by: tautschnig <1144736+tautschnig@users.noreply.github.com>

Annotate loop contracts as statement expression

5edab5d

Automatic cargo update to 2024-05-06 (model-checking#3172)

c8ecefe

Dependency upgrade resulting from `cargo update`. Co-authored-by: tautschnig <1144736+tautschnig@users.noreply.github.com>

Avoid unnecessary uses of Location::none() (model-checking#3173)

eaf5b42

We should try to produce a source location wherever possible to ease debugging and coverage reporting.

Merge branch 'main' into features/loop-contracts-annotation

195c453

Remove leftover code

52878c5

Remove unused import

6547dcd

qinheping added 5 commits October 8, 2024 14:54

Merge branch 'main' into features/loop-contracts-annotation

4337947

Fix format

077985d

Fix format

ab4f484

Ignore loop contract macros when loop contracts disabled

04492fb

Fix copyright

7920f91

qinheping marked this pull request as ready for review October 8, 2024 22:16

qinheping assigned celinval and unassigned qinheping Oct 8, 2024

This was referenced Oct 9, 2024

Compilation error when using loop contracts in const fn #3586

Closed

Support malloc and free in loops with loop contracts #3587

Open

celinval added the submodules Pull requests that update Submodules code label Oct 9, 2024

celinval reviewed Oct 9, 2024

View reviewed changes

qinheping added 5 commits October 9, 2024 18:52

Merge branch 'main' into features/loop-contracts-annotation

cf52ca9

Add checkks for unspport invariants

52f94a8

Merge branch 'main' into features/loop-contracts-annotation

c912349

Code simplification

aa31528

Add more tests

faf50e9

celinval approved these changes Oct 11, 2024

View reviewed changes

qinheping mentioned this pull request Oct 14, 2024

Loop contracts in closures and coroutines #3599

Open

qinheping added 5 commits October 14, 2024 01:28

Use DFCC

3c1a64a

Merge branch 'main' into features/loop-contracts-annotation

5cf2ec1

Fix format

f008223

Merge branch 'main' into features/loop-contracts-annotation

8b90842

Add expected

b1ef46d

qinheping added this pull request to the merge queue Oct 15, 2024

Merged via the queue into model-checking:main with commit 056d4bc Oct 15, 2024
27 checks passed

qinheping deleted the features/loop-contracts-annotation branch October 15, 2024 16:33

tautschnig mentioned this pull request Dec 13, 2024

Bump Kani version to 0.57.0 #3777

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Loop Contracts Annotation for While-Loop #3151

Loop Contracts Annotation for While-Loop #3151

qinheping commented Apr 19, 2024 •

edited

Loading

celinval left a comment

celinval left a comment

celinval left a comment

Loop Contracts Annotation for While-Loop #3151

Loop Contracts Annotation for While-Loop #3151

Conversation

qinheping commented Apr 19, 2024 • edited Loading

celinval left a comment

Choose a reason for hiding this comment

celinval left a comment

Choose a reason for hiding this comment

celinval left a comment

Choose a reason for hiding this comment

qinheping commented Apr 19, 2024 •

edited

Loading