Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Compositional crux-mir #1117

Merged
merged 35 commits into from
Apr 26, 2021
Merged

Compositional crux-mir #1117

merged 35 commits into from
Apr 26, 2021

Conversation

spernsteiner
Copy link
Contributor

@spernsteiner spernsteiner commented Mar 9, 2021

This branch adds crux-mir-comp, a variant of crux-mir that supports compositional reasoning. This is a proof-of-concept implementation, which includes the essential functionality but is missing some usability features.

For details of the design, see crux-mir-comp/DESIGN.md.

The corresponding crucible/crux-mir changes are in GaloisInc/crucible#659.

Copy link
Contributor

@atomb atomb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great to me. I left a few comments that might suggest changes, but I'll leave that up to you. There were also some aspects of the MIR-related details that I probably can't properly review due to my lack of familiarity with the underlying MIR implementation for Crucible. I appreciate how many tests you included, though, and if all of those are passing I'm quite happy to merge this.

Map VarIndex Term {- ^ initial term substitution -} ->
Set VarIndex {- ^ initial free variables -} ->
W4.ProgramLoc {- ^ override location information -} ->
OverrideMatcher ext md a {- ^ matching action -} ->
IO (Either (OverrideFailure ext) (a, OverrideState ext))
OverrideMatcher' sym ext md m a {- ^ matching action -} ->
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good to know that this doesn't need to be in IO!

@@ -0,0 +1,237 @@
{-# LANGUAGE LambdaCase #-}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder whether this test framework is something that could be more shared between tools.


-- Handle return value and post-state PointsTos

-- TODO: clobber all writable memory that's accessible in the pre state
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How easily could this be implemented now? Or should we leave it until later?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I actually did it already, but forgot to remove the comment. The mechanism is a little bit indirect: for each accessible location, add_arg not only adds a pre-state PointsTo (representing a constraint on the contents of the initial memory), but also adds a post-state PointsTo that causes the value to be overwritten with a fresh symbolic variable.

@atomb
Copy link
Contributor

atomb commented Mar 12, 2021

Following on my test comment, I'd love to see those tests integrated into CI, but I know that'll require adding some substantial chunks to the configuration to make sure all the Rust tools are installed.

@spernsteiner
Copy link
Contributor Author

Following on my test comment, I'd love to see those tests integrated into CI, but I know that'll require adding some substantial chunks to the configuration to make sure all the Rust tools are installed.

Should I try copying over the relevant parts of the GaloisInc/crucible CI config? Or is the setup going to be complex enough that I should just leave it as a separate issue?

@atomb
Copy link
Contributor

atomb commented Apr 8, 2021

Following on my test comment, I'd love to see those tests integrated into CI, but I know that'll require adding some substantial chunks to the configuration to make sure all the Rust tools are installed.

Should I try copying over the relevant parts of the GaloisInc/crucible CI config? Or is the setup going to be complex enough that I should just leave it as a separate issue?

I think it's reasonable to leave that for a separate issue. We might also be able to get help from @LisannaAtGalois at some point.

@spernsteiner spernsteiner force-pushed the sp/crux-mir-comp branch 2 times, most recently from 7de3339 to 1fadf37 Compare April 19, 2021 17:25
@spernsteiner spernsteiner merged commit 5366093 into master Apr 26, 2021
@spernsteiner spernsteiner deleted the sp/crux-mir-comp branch April 26, 2021 21:47
@RyanGlScott RyanGlScott added the subsystem: crucible-mir Issues related to Rust verification with crucible-mir and/or mir-json label Mar 13, 2023
@RyanGlScott RyanGlScott added the subsystem: crucible-mir-comp Issues related to compositional Rust verification with crucible-mir-comp or crux-mir-comp label Jul 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
subsystem: crucible-mir Issues related to Rust verification with crucible-mir and/or mir-json subsystem: crucible-mir-comp Issues related to compositional Rust verification with crucible-mir-comp or crux-mir-comp
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants