diff --git a/tests/expected/shadow/slices/slice_of_array/expected b/tests/expected/shadow/slices/slice_of_array/expected new file mode 100644 index 000000000000..34c886c358cb --- /dev/null +++ b/tests/expected/shadow/slices/slice_of_array/expected @@ -0,0 +1 @@ +VERIFICATION:- SUCCESSFUL diff --git a/tests/expected/shadow/slices/slice_of_array/test.rs b/tests/expected/shadow/slices/slice_of_array/test.rs new file mode 100644 index 000000000000..b5ac3abae126 --- /dev/null +++ b/tests/expected/shadow/slices/slice_of_array/test.rs @@ -0,0 +1,34 @@ +// Copyright Kani Contributors +// SPDX-License-Identifier: Apache-2.0 OR MIT +// kani-flags: -Zghost-state + +// This test demonstrates a possible usage of the shadow memory API to check that +// every element of an arbitrary slice of an array is initialized. +// Since the instrumentation is done manually in the harness only but not inside +// the library functions, the test only verifies that the slices point to memory +// that is within the original array. + +const N: usize = 16; + +static mut SM: kani::shadow::ShadowMem = kani::shadow::ShadowMem::new(false); + +#[kani::proof] +#[kani::unwind(31)] +fn check_slice_init() { + let arr: [char; N] = kani::any(); + // tag every element of the array as initialized + for i in &arr { + unsafe { + SM.set(i as *const char, true); + } + } + // create an arbitrary slice of the array + let end: usize = kani::any_where(|x| *x <= N); + let begin: usize = kani::any_where(|x| *x < end); + let slice = &arr[begin..end]; + + // verify that all elements of the slice are initialized + for i in slice { + assert!(unsafe { SM.get(i as *const char) }); + } +} diff --git a/tests/expected/shadow/slices/slice_reverse/expected b/tests/expected/shadow/slices/slice_reverse/expected new file mode 100644 index 000000000000..34c886c358cb --- /dev/null +++ b/tests/expected/shadow/slices/slice_reverse/expected @@ -0,0 +1 @@ +VERIFICATION:- SUCCESSFUL diff --git a/tests/expected/shadow/slices/slice_reverse/test.rs b/tests/expected/shadow/slices/slice_reverse/test.rs new file mode 100644 index 000000000000..4810958e2fe1 --- /dev/null +++ b/tests/expected/shadow/slices/slice_reverse/test.rs @@ -0,0 +1,28 @@ +// Copyright Kani Contributors +// SPDX-License-Identifier: Apache-2.0 OR MIT +// kani-flags: -Zghost-state + +// This test demonstrates a possible usage of the shadow memory API to check that +// every element of a reversed array is initialized. +// Since the instrumentation is done manually in the harness only but not inside +// the `reverse` function, the test only verifies that the resulting array +// occupies the same memory as the original one. + +const N: usize = 32; + +static mut SM: kani::shadow::ShadowMem = kani::shadow::ShadowMem::new(false); + +#[kani::proof] +fn check_reverse() { + let mut a: [u16; N] = kani::any(); + for i in &a { + unsafe { SM.set(i as *const u16, true) }; + } + a.reverse(); + + for i in &a { + unsafe { + assert!(SM.get(i as *const u16)); + } + } +} diff --git a/tests/expected/shadow/slices/slice_split/expected b/tests/expected/shadow/slices/slice_split/expected new file mode 100644 index 000000000000..34c886c358cb --- /dev/null +++ b/tests/expected/shadow/slices/slice_split/expected @@ -0,0 +1 @@ +VERIFICATION:- SUCCESSFUL diff --git a/tests/expected/shadow/slices/slice_split/test.rs b/tests/expected/shadow/slices/slice_split/test.rs new file mode 100644 index 000000000000..273d717572d1 --- /dev/null +++ b/tests/expected/shadow/slices/slice_split/test.rs @@ -0,0 +1,35 @@ +// Copyright Kani Contributors +// SPDX-License-Identifier: Apache-2.0 OR MIT +// kani-flags: -Zghost-state + +// This test demonstrates a possible usage of the shadow memory API to check that +// every element of an array split into two slices is initialized. +// Since the instrumentation is done manually in the harness only but not inside +// the `split_at_checked` function, the test only verifies that the resulting +// slices occupy the same memory as the original array. + +const N: usize = 16; + +static mut SM: kani::shadow::ShadowMem = kani::shadow::ShadowMem::new(false); + +#[kani::proof] +#[kani::unwind(17)] +fn check_reverse() { + let a: [bool; N] = kani::any(); + for i in &a { + unsafe { SM.set(i as *const bool, true) }; + } + let index: usize = kani::any_where(|x| *x <= N); + let (s1, s2) = a.split_at_checked(index).unwrap(); + + for i in s1 { + unsafe { + assert!(SM.get(i as *const bool)); + } + } + for i in s2 { + unsafe { + assert!(SM.get(i as *const bool)); + } + } +}