Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unexpected kani panic: assign statement with unequal types #3631

Closed
QinyuanWu opened this issue Oct 22, 2024 · 0 comments · Fixed by #3636
Closed

Unexpected kani panic: assign statement with unequal types #3631

QinyuanWu opened this issue Oct 22, 2024 · 0 comments · Fixed by #3636
Assignees
Labels
[C] Bug This is a bug. Something isn't working. T-User Tag user issues / requests

Comments

@QinyuanWu
Copy link

QinyuanWu commented Oct 22, 2024

This issue is related to the NonNull module verification.

This is a POC:

#![feature(ptr_metadata)]

use std::ptr::NonNull;

trait SampleTrait {
    fn get_value(&self) -> i32;
}

struct SampleStruct {
    value: i32,
}

impl SampleTrait for SampleStruct {
    fn get_value(&self) -> i32 {
        self.value
    }
}

#[cfg(kani)]
#[kani::proof]
fn main() {

    // Create a SampleTrait object from SampleStruct
    let sample_struct = SampleStruct { value: kani::any() };
    let trait_object: &dyn SampleTrait = &sample_struct;

    // Get the raw data pointer and metadata for the trait object
    let trait_ptr = NonNull::new(trait_object as *const dyn SampleTrait as *mut ()).unwrap();
    let metadata = std::ptr::metadata(trait_object);

    // Create NonNull<dyn SampleTrait> from the data pointer and metadata
    let nonnull_trait_object: NonNull<dyn SampleTrait> = NonNull::from_raw_parts(trait_ptr, metadata);

    unsafe {
        // Ensure trait method and member is preserved
        kani::assert( trait_object.get_value() == nonnull_trait_object.as_ref().get_value(), "trait method and member must correctly preserve");
    }
}

using the following command line invocation:

cargo kani

with Kani version: 0.56.0
Platform: MacOS M2

I expected to see verification results but received the following compilation error:

error: Failed to compile `kani_bugs` due to an internal compiler error.: error: internal compiler error: Kani unexpectedly panicked at panicked at cprover_bindings/src/goto_program/stmt.rs:172:9:
                                assertion `left == right` failed: Error: assign statement with unequal types lhs StructTag("tag-_80076268767659083946749461790619121878::FatPtr") rhs Pointer { typ: TypeDef { name: "_80076268767659083946749461790619121878Inner", typ: StructTag("tag-Unit") } }
                                  left: StructTag("tag-_80076268767659083946749461790619121878::FatPtr")
                                 right: Pointer { typ: TypeDef { name: "_80076268767659083946749461790619121878Inner", typ: StructTag("tag-Unit") } }.

This issue still persists with assigning sample_struct with a concrete value such as:

let sample_struct = SampleStruct { value: 5 };

@zhassan-aws

@QinyuanWu QinyuanWu added the [C] Bug This is a bug. Something isn't working. label Oct 22, 2024
@celinval celinval added the T-User Tag user issues / requests label Oct 22, 2024
github-merge-queue bot pushed a commit that referenced this issue Oct 23, 2024
…ait objects (#3636)

Add a match arm for the
`AggregateKind::RawPtr(TyKind::RigidTy(RigidTy::Dynamic(..)))` case.
Pointers to trait objects [are
fat](https://github.com/rust-lang/rust/blob/master/library/core/src/ptr/metadata.rs#L20-#L27),
so generate a fat pointer for the rvalue.

Resolves #3631

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 and MIT licenses.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
[C] Bug This is a bug. Something isn't working. T-User Tag user issues / requests
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants