Skip to content

amount: use Kani to prove some arithmetic properties#1415

Merged
apoelstra merged 2 commits intorust-bitcoin:masterfrom
apoelstra:2022-11--kani
Nov 28, 2022
Merged

amount: use Kani to prove some arithmetic properties#1415
apoelstra merged 2 commits intorust-bitcoin:masterfrom
apoelstra:2022-11--kani

Conversation

@apoelstra
Copy link
Copy Markdown
Member

@apoelstra apoelstra commented Nov 27, 2022

A first exploration into using Kani. See #1370.

@apoelstra
amount: use kani to check some arithmetic properties
c11645b 
Kani can't really handle string processing, and appears to be unable
to check integer multiplication (for now), but we do several checks
for addition and subtraction, and conversion between signedness,
that Kani can easily prove.
@apoelstra
github: add Kani to Github CI
d4bfc3d
@Kixunil Kixunil added the Tests label Nov 27, 2022
Kixunil
Kixunil approved these changes Nov 27, 2022
View reviewed changes
Copy link
Copy Markdown
Collaborator

@Kixunil Kixunil left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome first step!

ACK d4bfc3d

tcharding
tcharding approved these changes Nov 28, 2022
View reviewed changes
Copy link
Copy Markdown
Member

@tcharding tcharding left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK d4bfc3d

@tcharding
Copy link
Copy Markdown
Member

tcharding commented Nov 28, 2022

This is totally new to me but looks like a step forward. Whats the next step, more kani tests for other modules? Do we keep the fuzzing we have or is the idea to move to Bolero (which I also no nothing about)?

@apoelstra
Copy link
Copy Markdown
Member Author

apoelstra commented Nov 28, 2022

This is totally new to me but looks like a step forward. Whats the next step, more kani tests for other modules?

Yep.

Do we keep the fuzzing we have or is the idea to move to Bolero (which I also no nothing about)?

We'll keep the fuzzing we have. The benefit of Bolero is that it lets us switch fuzz backends, which we don't really need, including to use a Kani backend, which I don't think really makes sense. (Fuzzers are good at open-ended search of strings and stuff, which is what Kani is horrible at.)

@apoelstra apoelstra merged commit a39ffea into rust-bitcoin:master Nov 28, 2022
@apoelstra apoelstra deleted the 2022-11--kani branch November 28, 2022 13:58
@apoelstra apoelstra mentioned this pull request Dec 19, 2022
Merged
@apoelstra apoelstra mentioned this pull request Apr 17, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Kixunil Kixunil Kixunil approved these changes

@tcharding tcharding tcharding approved these changes

Assignees

No one assigned

Labels

aggregate release notes mention Tests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@apoelstra @tcharding @Kixunil