Skip to content

AnySlice may yield unexpected results #1009

New issue
Jump to bottom
New issue
Jump to bottom
Closed
#1011
Closed
AnySlice may yield unexpected results#1009
#1011
Assignees
zhassan-aws
Labels
[C] BugThis is a bug. Something isn't working.[F] SoundnessKani failed to detect an issue
@celinval

Description

@celinval
celinval
opened on Apr 4, 2022

I tried this code:

#[kani::proof]
fn check_out_of_bounds() {
    let mut bytes = kani::slice::any_slice::<u8, 5>();
    let val = unsafe { *bytes.get_slice().as_ptr().add(4) };
    kani::assume(val != 0);
    assert_ne!(val, 0);
}

using the following command line invocation:

kani check.rs

I expected to see this happen: I expected that accessing position 4 of any_slice may fail with out of bounds access.

Instead, this happened: The verification succeeded. Because any_slice always allocates a buffer with size MAX_SIZE (in this case 5), the access to position 4 is always valid.

Metadata

Assignees

Labels

[C] BugThis is a bug. Something isn't working.[F] SoundnessKani failed to detect an issue

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions