Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Kani miss overflow when computing size_of_val #3616

Open
celinval opened this issue Oct 18, 2024 · 0 comments
Open

Kani miss overflow when computing size_of_val #3616

celinval opened this issue Oct 18, 2024 · 0 comments
Assignees
Labels
[C] Bug This is a bug. Something isn't working. [F] Soundness Kani failed to detect an issue

Comments

@celinval
Copy link
Contributor

I tried this code:

#[kani::proof]
pub fn check_size_of_overflows() {
    let var:  [u64; 4] = kani::any();
    let fat_ptr: *const [u64] = &var as *const _;
    let (thin_ptr, size) = fat_ptr.to_raw_parts();
    let new_size: usize = kani::any();
    let new_ptr:  *const [u64] = ptr::from_raw_parts(thin_ptr, new_size);
    #[cfg(blah)]
    if let Some(expected_size) = new_size.checked_mul(size_of::<u64>()) {
        assert_eq!(unsafe { size_of_val_raw(new_ptr) }, expected_size);
    } else {
        // Expect UB detection
        let _should_ub = unsafe { size_of_val_raw(new_ptr) };
    }
}

using the following command line invocation:

kani slice.rs

with Kani version: 0.56.0

I expected to see this happen: UB should be detected

Instead, this happened: Verification succeed

@celinval celinval added [C] Bug This is a bug. Something isn't working. [F] Soundness Kani failed to detect an issue labels Oct 18, 2024
@celinval celinval self-assigned this Oct 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
[C] Bug This is a bug. Something isn't working. [F] Soundness Kani failed to detect an issue
Projects
None yet
Development

No branches or pull requests

1 participant