Regression in contract verification from 0.45.0 to 0.46.0 #3035

roypat · 2024-02-20T09:56:03Z

While upgrading the kani version used in Firecracker's CI to 0.46.0 I started noticing one of our harnesses started to fail with a failure that should have been ruled out by the contract's requires clause ("Failed Checks: x > 0 && y > 0", see https://buildkite.com/firecracker/firecracker-pr/builds/9140#018dc0ef-ba26-42b3-8b0f-124c00dad946 for the verification failure).

I was able to minimize the example to the following:

#[kani::requires(x != 0)]
fn function(x: u32) {
    assert_ne!(x, 0);
}

#[kani::proof_for_contract(function)]
fn function_harness() {
    function(kani::any());
}

using the following command line invocation:

cargo kani -p vmm --harness function_harness --enable-unstable -Zfunction-contracts

with Kani version:

I expected to see this happen: The verification passes with kani 0.45.0 (both the firecracker example, and the minimal reproducer), so I was expecting it to also pass in 0.46.0 (although the interesting thing is that 0.45.0 only has 20 checks, while 0.46.0 has over 1000, so maybe there was something wrong in 0.45.0 that got fixed in 0.46.0?)

Instead, this happened: Verification failed (output: https://pastebin.com/EDUN0TVq, sorry it was too long for a github comment :( )

The text was updated successfully, but these errors were encountered:

Fixes model-checking#3035 Signed-off-by: Felipe R. Monteiro <[email protected]>

Fixes #3035. By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses. --------- Signed-off-by: Felipe R. Monteiro <[email protected]>

Remove the pin of kani to 0.45.0. We introduced this pin in 2f01981 due to model-checking/kani#3035. Kani fixed the issue in 0.48.0 (verifier by installing kani 0.48.0 locally and executing the gcd proof), so we can remove the pin and pick up a new kani version the next time we rebuild the docker container. Signed-off-by: Patrick Roy <[email protected]>

roypat added the [C] Bug This is a bug. Something isn't working. label Feb 20, 2024

roypat mentioned this issue Feb 20, 2024

Update Rust Toolchain to 1.76.0 firecracker-microvm/firecracker#4457

Merged

9 tasks

feliperodri added a commit to feliperodri/kani that referenced this issue Feb 28, 2024

Retrieve info for recursion tracker reliably

3ee180a

Fixes model-checking#3035 Signed-off-by: Felipe R. Monteiro <[email protected]>

feliperodri added a commit to feliperodri/kani that referenced this issue Feb 28, 2024

Retrieve info for recursion tracker reliably

123cbbf

Fixes model-checking#3035 Signed-off-by: Felipe R. Monteiro <[email protected]>

feliperodri mentioned this issue Feb 28, 2024

Retrieve info for recursion tracker reliably #3045

Merged

feliperodri self-assigned this Feb 28, 2024

feliperodri added a commit to feliperodri/kani that referenced this issue Feb 29, 2024

Retrieve info for recursion tracker reliably

d5479c0

Fixes model-checking#3035 Signed-off-by: Felipe R. Monteiro <[email protected]>

feliperodri closed this as completed in #3045 Mar 2, 2024

roypat mentioned this issue Mar 19, 2024

fix: unpin kani-verifier version in Dockerfile firecracker-microvm/firecracker#4515

Merged

9 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Regression in contract verification from 0.45.0 to 0.46.0 #3035

Regression in contract verification from 0.45.0 to 0.46.0 #3035

roypat commented Feb 20, 2024

Regression in contract verification from 0.45.0 to 0.46.0 #3035

Regression in contract verification from 0.45.0 to 0.46.0 #3035

Comments

roypat commented Feb 20, 2024