Skip to content

Audit for transmute#1104

Merged
adpaco-aws merged 8 commits intomodel-checking:mainfrom
adpaco-aws:audit-transmute
Apr 26, 2022
Merged

Audit for transmute#1104
adpaco-aws merged 8 commits intomodel-checking:mainfrom
adpaco-aws:audit-transmute

Conversation

@adpaco-aws
Copy link
Contributor

@adpaco-aws adpaco-aws commented Apr 25, 2022

Description of changes:

Updates the transmute intrinsic with alignment checks for both the argument type and the result type. However, this does not seem to be working as I expected, and a large number of failures are being triggered on our regression.

In fact, the test added in this PR is failing with "transmute: result type is properly aligned" instead of "transmute: argument type is properly aligned". I don't know if I'm missing something.

Resolved issues:

Part of #727

Call-outs:

Testing:

  • How is this change tested? Adds one test.

  • Is this a refactor change? No.

Checklist

  • Each commit message has a non-empty body, explaining why the change was made
  • Methods or procedures are documented
  • Regression or unit tests are included, or existing tests cover the modified code
  • My PR is restricted to a single feature or bugfix

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses.

@adpaco-aws adpaco-aws requested a review from a team as a code owner April 25, 2022 22:30
celinval
celinval reviewed Apr 25, 2022
View reviewed changes
Copy link
Contributor

@celinval celinval left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please add a bit more test coverage to transmute? Things like transmute pointers, structures, slices? Thanks

kani-compiler/src/codegen_cprover_gotoc/codegen/intrinsic.rs Outdated
let arg_align_check = self.codegen_assert(
arg_align,
PropertyClass::DefaultAssertion,
"transmute: argument type is properly aligned",
Copy link
Contributor

@celinval celinval Apr 25, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: The failure message usually states the failure. Maybe change it to something like: transmute check: argument type isn't properly aligned or transmute check: argument type must be properly aligned

celinval
celinval approved these changes Apr 26, 2022
View reviewed changes
Copy link
Contributor

@celinval celinval left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! Thanks Adrian

@adpaco-aws
Copy link
Contributor Author

adpaco-aws commented Apr 26, 2022
edited
Loading

I have restored the original implementation and added 4 tests to check correct transmutations between

  • an array into a u32
  • an array into a struct
  • a &str into a &[u8]
  • a pointer into a function pointer.

This is in addition to another one that is present in the expected test suite (transmute between float and integer I think).

@adpaco-aws adpaco-aws merged commit 436ce88 into model-checking:main Apr 26, 2022
@adpaco-aws adpaco-aws mentioned this pull request Apr 27, 2022
Closed
tedinski pushed a commit that referenced this pull request Apr 27, 2022
@adpaco-aws @tedinski
Audit for transmute (#1104)
e862e49 
* Audit for `transmute`

* Add tests and minor fix

* remove `mut` from `packed`

* Restore original transmute codegen

* Fixes transmute restoration

* Remove alignment test

* Add tests for transmute
@adpaco-aws adpaco-aws mentioned this pull request May 13, 2022
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@celinval celinval celinval approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@adpaco-aws @celinval