Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Runtime checks #1452

Draft
wants to merge 49 commits into
base: master
Choose a base branch
from
Draft

Runtime checks #1452

wants to merge 49 commits into from

Conversation

cedihegi
Copy link
Contributor

@cedihegi cedihegi commented Sep 6, 2023

The PR of my Master's thesis: Contract Checking at Runtime in a Rust Verifier.

  • adds the ability to check Prusti contracts at runtime
  • based on verification results, perform certain MIR optimizations.

Runtime checks:

  • supported "kinds" of contracts: pre / postconditions, pledges, type conditional specifications, external specifications, prusti_assume!, prusti_assert!, body_invariant!
  • supported contents of contracts: Any rust expressions that can contain old-expressions and quantifiers. Other prusti features like snapshot equality, predicates, or calls of prusti-specific functions like snap() and others will break the results of these checks.

How to use them (for now):

  • Either annotate contracts you want to be checked with #[insert_runtime_check] attribute, or set environment variable PRUSTI_RUNTIME_CHECK_ALL_CONTRACTS (which causes ast-rewriter to generate executable check methods for each contract).
  • Set PRUSTI_INSERT_RUNTIME_CHECKS (which will lead to insertion of calls to previously mentioned check methods into the MIR).
  • Produce an executable / Run the function: with prusti_rustc set PRUSTI_FULL_COMPILATION, or with cargo-prusti set PRUSTI_CARGO_COMMAND=run

Some examples can be found in prusti-tests/tests/runtime_checks/.

Mir optimizations:

2 kinds of optimizations based on verification results:

  • Elimination of unreachable blocks
  • elimination of unnecessary assertions and their corresponding checked operations (e.g. overflow checks for an addition that can be eliminated, will lead to removal of the corresponding assertion, and change the checked addition to a unchecked addition).

To use: set variable PRUSTI_REMOVE_DEAD_CODE.
Examples: prusti-tests/tests/mir_optimizations

cedihegi and others added 30 commits April 12, 2023 11:24
@cedihegi
Override built_mir method to have mutable access to mir
01923a9
@cedihegi
Change a single assertion to test output
613db71
@cedihegi
Add runtime checks for preconditions and insert them in MIR
531842a
@cedihegi
Fix the problem of introducing loops in CFG when modifying it.
9dc1072
@cedihegi
Check postconditions too and handle result
d4cbd89
@cedihegi
Handle old operator in runtime checks
2ecdda6
@cedihegi
Make postconditions with old expressions checkable at runtime
393748c
@cedihegi
Runtime check support for quantifiers, old stores and postconditions
00d47fc
@cedihegi
Add option, to provide boundaries for quantifier runtime checks manually
61355c2
@cedihegi
Fix bug with mem forget
a4ce18b
@cedihegi
Interpret moved values in postconditions as old values too
8001fe5
@cedihegi
Now able to insert runtime checks for pledges.
4759f3b 
Where to insert them is still an issue
@cedihegi
Add runtime checks for pledges
0351d45
@cedihegi
Fix a bug for runtime checks
fafabe0 
- when there was a pledge and a postcondition, the runtime check for the
  postcondition would be skipped
- also created template to find difference between mir_promoted and
  elaborated
@cedihegi
Runtime checks for prusti_assert and prusti_assume
96807d6
@cedihegi
Working old checks in prusti_assume, assert etc.
823e766
@cedihegi
Re-organized runtime check structure a bit, remove warnings
107ef3b
@cedihegi
Only clone arguments for old if they are mutable
17b73d7
@cedihegi
Runtime checks without store function for old values
3c82745 
We now manually clone old values instead of running a store function.
@cedihegi
Fix check signature mutability issues with runtime checks
ec781ae
@cedihegi
Insert drops for manually cloned MIR locals
a6daab3
@cedihegi
Merge remote-tracking branch 'upstream/master' into runtime-checks
ddcf67c
@cedihegi
Refactor runtime checks
a3b88e0
@cedihegi
Add boolean guards for pledge checks
b276862
@cedihegi
Optmization based on verification and reachability
6f089cd
@cedihegi
Pledges without annotations and Dead Code Eliminiation
4bff3d6 
expiration locations of pledges are now figured out automatically and
inserted, without using user annotations.
Dead code elimination now works using only the encoder, and no longer
modifying the MIR before verification.
@cedihegi
Fix pledge checks in case of zombie loans
f3ec99b
@cedihegi
Remove unneeded assertions and checked operations
98c0317
@cedihegi
cleanup changes that are no longer required
066ecc5
@cedihegi
Undo accidental formatting
bcbb303
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@cedihegi