debug_assert is disabled in the standard library due to poor assertion messages
#1740
Comments
celinval
added this to the Fix linking issues against std library (i.e.: MIR Linker) milestone
|
Another interesting one is that the checks are not encoded as normal |
This is a possible workaround for now to improve the UX around UB detection in intrinsics when using the MIR Linker. The issue is tracked here: model-checking#1740 Basically, the rust toolchain uses a release build that removes all debug assertions from the standard library. When we switched to using our custom build of the `std` we decided to enable the debug assertions in order to catch more potential UBs. However, the UX is not always great. The assertions don't have any clear descriptions and they may fail in unexpected places. E.g.: The violation of an intrinsic safety condition triggers the following failures: ``` > Failed checks: Called `Option::unwrap()` on a `None` value ```
This is a possible workaround for now to improve the UX around UB detection in intrinsics when using the MIR Linker. The issue is tracked here: #1740 Basically, the rust toolchain uses a release build that removes all debug assertions from the standard library. When we switched to using our custom build of the `std` we decided to enable the debug assertions in order to catch more potential UBs. However, the UX is not always great. The assertions don't have any clear descriptions and they may fail in unexpected places. E.g.: The violation of an intrinsic safety condition triggers the following failures: ``` > Failed checks: Called `Option::unwrap()` on a `None` value ```
tedinski
added
[C] Feature / Enhancement
tedinski
changed the title
--mir-linkerdebug_assert is disabled in the standard library due to poor assertion messages
celinval
removed this from the Fix linking issues against std library (i.e.: MIR Linker) milestone
|
The current behavior implemented for MIR Linker keeps the same behavior as before the MIR Linker. Enabling these checks are desirable but they are orthogonal to the MIR Linker work. Hence, I'm removing the link with the MIR Linker milestone. |
|
Hi, I've just run into this issue trying to verify a program that depends on #[cfg(feature = "std")]
std::debug_assert!(
false,
"Found broken indices in level run: found indices {}..{} for string of length {}",
level_run.start,
level_run.end,
text.len()
);This fails with an error: I'm very new to kani, so I'm not exactly sure if this is actually the same issue, or just user error. I just stumbled upon this issue when googling. Are there steps a user can take to work around this error? (Apologies if this is the wrong place to ask these sorts of questions 😅 ) |
|
Thanks for the bug report @cameron1024. Can you please file a separate issue and include information on how to reproduce the error, and the Kani version? Thanks! |
|
Opened #2187 |
The custom sysroot build for the MIR Linker introduced by #1717 builds the standard library in debug mode. This enables a bunch of safety checks and debug assertions from the standard library. Some of these checks are for intrinsics safety checks. The issues here are:
stdchecks are added before actually calling the intrinsic and they are not super user friendly.For example, the following testcase from the
expectedsuite:kani/tests/expected/intrinsics/copy-nonoverlapping/copy-overflow/main.rs
Lines 6 to 18 in 78761bd
Without the MIR Linker, it fails with the following error:
With the MIR Linker, the error is:
This happens because of the std check
is_nonoverlappingwhich has a call tochecked_mul().unwrap(). Thechecked_mul()is None in the overflow scenario.The text was updated successfully, but these errors were encountered: