Loop contracts issue: Failed Checks: Check that [some data] is assignable

[thanhnguyen-aws]

I tried this code:

fn copy2arr(src: &[u8], dst: &mut [u8]) -> usize {
    let mut index = 0;
    let l = dst.len();
    #[kani::loop_invariant( index <=l )]
    while (index < dst.len()) && (index < src.len()) {
        dst[index] = src[index];
        index += 1;
    }
    index
}

#[kani::proof]
#[kani::unwind(11)]
fn check_copy2arr() {
    let src: [u8; 10] = kani::any();
    let mut dst: [u8; 10] = kani::any();
    let i1: usize = kani::any_where(|i| *i <= src.len());
    let i2: usize = kani::any_where(|i| *i <= dst.len());
    let len = copy2arr(&src, &mut dst);
}

using the following command line invocation:

kani src/array_copy.rs  -Zloop-contracts --harness check_copy2arr

with Kani version: 0.57.0

I expected to see this happen: same results with/without the loop contract

Instead, this happened:

1. With loop contract:
   Failed Checks: Check that dst.data[var_22] is assignable
   File: "src/array_copy.rs", line 68, in copy2arr
2. Without loop contract:
   VERIFICATION:- SUCCESSFUL

[carolynzech]

You need to add a #[kani::modifies] clause to let Kani know that you're writing to the dst variable:

#[kani::modifies(dst)]
fn copy2arr(src: &[u8], dst: &mut [u8]) -> usize {
    let mut index = 0;
    let l = dst.len();
    #[kani::loop_invariant(index <=l)]
    while (index < dst.len()) && (index < src.len()) {
        dst[index] = src[index];
        index += 1;
    }
    index
}

When I do that, verification succeeds. (See the documentation for information about #[modifies]). See also #3106 for information about this error message--I agree that it could be more informative for users.