-
Notifications
You must be signed in to change notification settings - Fork 98
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade the toolchain to nightly-2023-04-16 #2406
Conversation
- Fixed compilation errors but not runtime. - There are a few new variants that still need to be implemented.
- Discriminant calculation - Implement Cast transmute - Misaligned assertion check error message - Codegen ZST constant - Is user variable detection
It looks like the `if cfg!()` is no longer being propagated and the concrete playback code is increasing the logic that the compiler detects as reachable.
Fix parenthesis
Conflicts: cprover_bindings/src/goto_program/expr.rs kani-compiler/src/codegen_cprover_gotoc/codegen/intrinsic.rs kani-compiler/src/codegen_cprover_gotoc/codegen/rvalue.rs library/kani/src/lib.rs tests/ui/cbmc_checks/signed-overflow/expected tests/ui/cbmc_checks/unsigned-overflow/expected
Remove CBMC failure expectations that are now caught by the rust overflow check. This was due to the following Rust compiler change: - rust-lang/rust#108282
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Conflicts: kani-compiler/src/kani_middle/attributes.rs kani-compiler/src/kani_middle/analysis.rs
97e9af9
to
623420d
Compare
Great... 😕 It looks like the rust compiler API to retrieve attributes no longer works for non-local items. @oli-obk, do you know if this was by design? I'm happy to try to submit a fix if needed (I should also try the latest rustc to see if it hasn't been fixed yet). |
By the way, the error we are getting looks like:
|
It looks to me like this is specifically about closures, as we can definitely access attributes from non local items in general. I don't know how that happened, none of the changes look like they could be at fault. rust-lang/rust#108944 is the most suspicious one, but it makes no sense for it to affect attributes. I'll need to investigate with a computer, as it's too hard to do on mobile (I'm on sick leave). It may be until next week until I can get to it. |
Gotcha. Let me see if we can filter them out on our own since we don't care about them at this point. Thanks for taking a look though.
Oh, that's too bad. I hope you get better soon. Take care! |
a6f00a0
to
6d5ea83
Compare
- Support all instance types as part of the rechability analysis. - Skip assembly and closures for attribute checking due to rustc limitation. - Fix mir changes to the stats collector.
6d5ea83
to
fe800fe
Compare
Just to give an update, the issue seems related to the unwinding of a recursive drop logic. I am trying to figure out the culprit. I am investigating if the issue could be related to an update to the standard library |
I only see the perf CI failing. How do I reproduce this failure you're seeing? EDIT: Ah I see you fixed it by skipping closures, as you mentioned. |
I've done some analysis with the patch from #2433, and I believe this issue might be related to how we encode To test this hypothesis, I commented out all the other harnesses from the s2n_quic code and ran:
on my local machine, the verification takes about 42s. |
I found the issue. rust-lang/rust#109765 added While this makes sense for rustc, it's obviously an issue for analysis tools like kani. Unfortunately it's also performance relevant. I'll open a PR to see if there's a perf impact, if there is, we need to figure out how to let kani decide to encode that (or store these attributes in some other way). |
Keep encoding attributes for closures see model-checking/kani#2406 (comment) for some context. We stopped encoding attributes for closures, but some tools need them
The latest nightly should include rust-lang/rust#111381 now, if there are similar failures again in the future, you can use that PR to look up where to edit the match to keep more attributes in metadata |
Conflicts: kani-compiler/src/kani_middle/attributes.rs Required changes: kani-compiler/src/codegen_cprover_gotoc/codegen/rvalue.rs
New update: My initial hypothesis was actually wrong. Sorry! The reachability per harness made a huge difference in my preliminary analysis because I had rewritten the However, when rolling back my changes, the That said, @zhassan-aws helped me debug this issue further and understand why Bolero was having such a big impact in our analysis with this upgrade. We narrowed down to an issue with how We first noticed this issue during this upgrade and even created #2407 to fix it for our local crates. I have now created camshaft/bolero#148 to update Bolero, which will hopefully unblock this PR. |
Conflicts: kani-compiler/src/codegen_cprover_gotoc/compiler_interface.rs kani-compiler/src/codegen_cprover_gotoc/context/goto_ctx.rs Required change: kani-compiler/src/kani_middle/attributes.rs
Description of changes:
Update the toolchain to use nightly-2023-04-16. Changes were related to the following changes to the toolchain:
box_syntax
rust-lang/rust#108471Session
argument from some attribute functions rust-lang/rust#109358FieldIdx
in various things related to aggregates rust-lang/rust#109849&IndexSlice
instead of&IndexVec
where possible rust-lang/rust#109819IndexVec::last
→last_index
rust-lang/rust#109718assert_uninit_valid
intrinsic rust-lang/rust#105613mir::Field
→abi::FieldIdx
rust-lang/rust#109716FnPtr
trait that is implemented for all function pointers rust-lang/rust#108080Resolved issues:
Resolves #2383
Resolves #560
Related RFC:
Call-outs:
The checked shift right / left operations were optimized in this commit: rust-lang/rust#108282. The Rust compiler now adds an overflow check before actually performing the shift. With that, some of the CBMC shift overflow checks (which were already redundant) no longer fail. I updated the tests to either remove the expectation or to use the
unchecked_[shl|shr]
. However, these checks takeu32
for the shift distance, hence the check for negative distance is probably useless now.Testing:
How is this change tested? Existing tests + manually executed
--visualize
to check the traceIs this a refactor change?
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses.