Enable fat pointer comparison for slices and add check for vtable ones #1195
Conversation
| BinOp::Gt => self.codegen_operand(e1).gt(self.codegen_operand(e2)), | ||
| _ => unreachable!(), | ||
| } | ||
| let left = self.codegen_operand(e1); |
| // Codegen an assertion failure since vtable comparison is not stable. | ||
| let ret_type = Type::Bool; | ||
| let body = vec
There was a problem hiding this comment.
Yes, we need a reference here.
| _ => unreachable!(), | ||
| } | ||
| let left = self.codegen_operand(e1); | ||
| let right = self.codegen_operand(e2); |
There was a problem hiding this comment.
Nit: left_op and right_op.
| self.codegen_assert_false( | ||
| PropertyClass::KaniCheck, | ||
| format!("Reached unstable vtable comparison '{:?}'", op).as_str(), | ||
| Location::None, |
There was a problem hiding this comment.
Is there a way to get the locations for these statements? If so, I suggest adding them.
There was a problem hiding this comment.
I can try to refactor things a bit to pass down the location.
| // It is different if any is different. | ||
| BinOp::Ne => data_cmp.or(metadata_cmp), | ||
| // If data is different, only compare data. | ||
| // If data is equal, apply operator to metadata. |
There was a problem hiding this comment.
Yes, we need a reference here.
1. This only works for pointers with the same provenance. 2. We should model vtable comparison a bit differently. Follow up commit
- Rename variables.
- Add location to the assertion and other statements.
- Added a link to the compiler PR that implemented fat pointer
comparison.
I did not change the assert / assume logic to a different function yet.
Co-authored-by: Zyad Hassan <[email protected]>
Description of changes:
Currently, we don't support fat pointer comparison. This issue adds support for slice fat pointer comparison and a proper check that will fail the verification if its trying to compare vtable fat pointers.
Resolved issues:
Resolves #327
Call-outs:
I documented in the original issue #327 why I don't think we should compare
vtablefat pointers. In a nutshell, this operation is not UB but it is unstable. I.e.: The behavior may depend on the compilation / linking process.I kept a similar behavior to thin pointers when comparing the data pointer portion of the fat pointer. Comparing pointers that have different precedence will also fail.
We could add optional support to the operations mentioned above using uninterpreted functions, but I will defer that to when we see demand for it.
Testing:
How is this change tested? New tests
Is this a refactor change? No
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses.