Introduce BoundedArbitrary trait and macro for bounded proofs #4000
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sgpthomas
changed the title
sgpthomas
force-pushed
the
bounded_arbitrary
branch
from
8d08836 to
99ef1cf
Compare
sgpthomas
force-pushed
the
bounded_arbitrary
branch
from
99ef1cf to
061abd7
Compare
zhassan-aws
reviewed
Apr 9, 2025
Contributor
zhassan-aws
left a comment
zhassan-aws
left a comment
There was a problem hiding this comment.
A few comments on the tests.
Contributor
|
This is a link to the rendered docs for the reference: https://github.com/sgpthomas/kani/blob/bounded_arbitrary/docs/src/reference/experimental/bounded_arbitrary.md |
zhassan-aws
reviewed
Apr 9, 2025
Contributor
zhassan-aws
left a comment
zhassan-aws
left a comment
There was a problem hiding this comment.
Some comments on the documentation
carolynzech
reviewed
Apr 10, 2025
Contributor
carolynzech
left a comment
carolynzech
left a comment
There was a problem hiding this comment.
Can you write tests for Option, Result, HashMap, etc. as well?
sgpthomas
force-pushed
the
bounded_arbitrary
branch
from
061abd7 to
6a5a3dd
Compare
zhassan-aws
reviewed
Apr 12, 2025
Contributor
zhassan-aws
left a comment
zhassan-aws
left a comment
There was a problem hiding this comment.
Another round of comments
sgpthomas
force-pushed
the
bounded_arbitrary
branch
4 times, most recently
from
b6fd641 to
0684144
Compare
carolynzech
reviewed
Apr 14, 2025
sgpthomas
force-pushed
the
bounded_arbitrary
branch
from
0684144 to
d8f8403
Compare
sgpthomas
force-pushed
the
bounded_arbitrary
branch
from
d8f8403 to
4d12a65
Compare
zhassan-aws
reviewed
Apr 17, 2025
Contributor
zhassan-aws
left a comment
zhassan-aws
left a comment
There was a problem hiding this comment.
Looks great! Mostly minor comments. Please make sure to add a description to all the tests.
zhassan-aws
reviewed
Apr 17, 2025
Contributor
zhassan-aws
left a comment
zhassan-aws
left a comment
There was a problem hiding this comment.
Also, can we make sure this doesn't break anything in https://github.com/model-checking/verify-rust-std/?
Merged
via the queue into
model-checking:main
with commit Apr 23, 2025
9de733a
25 of 26 checks passed
zhassan-aws
added a commit
that referenced
this pull request
Apr 23, 2025
This PR introduces the trait `BoundedArbitrary` which allows for creation of symbolic values for types up to some bound. This is useful for doing bounded proofs on types like strings and vecs. I wrote a more detailed overview of what this PR provides as a new section in the book. The implementation of BoundedArbitrary for the container types that I provide are pretty basic and experimental at the moment. Any pointers here would be useful, and we will probably need to iterate on their implementations based on actual performance testing. I added a test case that should fail verification using the `cover!` macro, however, I'm not sure that I used this correctly. Let me know if I should make this an expect test, or something else. I slightly restructured how we deal with the the `std/core` usage in `kani_core::kani_lib`. Previously we passed in either `std` or `core` to `kani_core::generate_arbitrary` and `generate_arbitrary` renamed the import with `use $core as core_path`. However, I couldn't use that same strategy for `kani_core::generate_bounded_arbitrary` because the import names would clash. So I lifted the `use $core as core_path` out of the `kani_core::generate_*` macros. By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses. --------- Co-authored-by: Sammy Thomas <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR introduces the trait
BoundedArbitrarywhich allows for creation of symbolic values for types up to some bound. This is useful for doing bounded proofs on types like strings and vecs. I wrote a more detailed overview of what this PR provides as a new section in the book.The implementation of BoundedArbitrary for the container types that I provide are pretty basic and experimental at the moment. Any pointers here would be useful, and we will probably need to iterate on their implementations based on actual performance testing.
I added a test case that should fail verification using the
cover!macro, however, I'm not sure that I used this correctly. Let me know if I should make this an expect test, or something else.I slightly restructured how we deal with the the
std/coreusage inkani_core::kani_lib. Previously we passed in eitherstdorcoretokani_core::generate_arbitraryandgenerate_arbitraryrenamed the import withuse $core as core_path. However, I couldn't use that same strategy forkani_core::generate_bounded_arbitrarybecause the import names would clash. So I lifted theuse $core as core_pathout of thekani_core::generate_*macros.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses.