forked from model-checking/kani
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Remove kani::Arbitrary from the modifies contract instrumentation (mo…
…del-checking#3169) This is an additional fix for model-checking#3098. With this fix, Kani should be able to check for contracts using modifies clauses that contain references to types that doesn't implement `kani::Arbitrary`. The verification will still fail if the same contract is used as a verified stub. --------- Signed-off-by: Felipe R. Monteiro <felisous@amazon.com>
- Loading branch information
1 parent
ae14b49
commit c128918
Showing
3 changed files
with
73 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 change: 1 addition & 0 deletions
1
tests/expected/function-contract/modifies/simple_only_verification_modifies.expected
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
VERIFICATION:- SUCCESSFUL |
28 changes: 28 additions & 0 deletions
28
tests/expected/function-contract/modifies/simple_only_verification_modifies.rs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
// Copyright Kani Contributors | ||
// SPDX-License-Identifier: Apache-2.0 OR MIT | ||
// kani-flags: -Zfunction-contracts | ||
|
||
//! Check that is possible to use `modifies` clause for verification, but not stubbing. | ||
//! Here, we cover the case when the modifies clause contains references to function | ||
//! parameters of generic types. Noticed that here the type T is not annotated with | ||
//! `kani::Arbitrary` since this is no longer a requirement if the contract is only | ||
//! use for verification. | ||
pub mod contracts { | ||
#[kani::modifies(x)] | ||
#[kani::modifies(y)] | ||
pub fn swap<T>(x: &mut T, y: &mut T) { | ||
core::mem::swap(x, y) | ||
} | ||
} | ||
|
||
mod verify { | ||
use super::*; | ||
|
||
#[kani::proof_for_contract(contracts::swap)] | ||
pub fn check_swap_primitive() { | ||
let mut x: u8 = kani::any(); | ||
let mut y: u8 = kani::any(); | ||
contracts::swap(&mut x, &mut y) | ||
} | ||
} |