[DRAFT] Support MMIO regions #1328
Conversation
|
Why not simply have |
(Ignore, it is already) |
| assert_eq!(*p2, val1); | ||
| assert_eq!(*p1, val2); |
There was a problem hiding this comment.
I guess that these should be changed like
assert_ne!(*p2, val1);
assert_ne!(*p1, val2);
| pub fn mmio_region(attr: TokenStream, item: TokenStream) -> TokenStream { | ||
| let mut result = TokenStream::new(); | ||
|
|
||
| // Translate #[kani::unwind(arg)] to #[kanitool::unwind(arg)] |
|
|
||
| /// Set Loop unwind limit for proof harnesses | ||
| /// The attribute '#[kani::unwind(arg)]' can only be called alongside '#[kani::proof]'. | ||
| /// arg - Takes in a integer value (u32) that represents the unwind value for the harness. |
| // If we didn't successfully process, give an error message | ||
| self.tcx | ||
| .sess | ||
| .span_err(attr.span, "Expected exactly two integers are the argument to 'mmio_region'"); |
There was a problem hiding this comment.
Can you print or at least log which values we got?
| @@ -16,4 +16,6 @@ pub struct HarnessMetadata { | |||
| pub original_line: String, | |||
| /// Optional data to store unwind value | |||
| pub unwind_value: Option<u32>, | |||
| /// Optional MMIO regions | |||
| pub mmio_regions: Vec<(u128, u128)>, | |||
There was a problem hiding this comment.
Should we use usize instead?
| @@ -0,0 +1,26 @@ | |||
| Status: SUCCESS\ | |||
| Description: "offset: attempt to compute number in bytes which would overflow" | |||
There was a problem hiding this comment.
This seems irrelevant for your test. I would just remove it.
| //BUFFER+2 is not in the MMIO region. Expect pointer check failures. | ||
| *(BUFFER.offset(2)) = val; | ||
| //BUFFER2 is not in the MMIO region. Expect pointer check failures. | ||
| *BUFFER2 = val; |
There was a problem hiding this comment.
You are not really checking that both fail though. This test will succeed if only one of these fail. You can either add the line in the file to the expected file or break this into two harness and add the function name. I prefer the second since it is always painful to maintain LoC up to date.
| #[cfg(kani)] | ||
| #[kani::proof] | ||
| #[kani::mmio_region(0x8000, 8)] | ||
| fn test_write() { |
There was a problem hiding this comment.
can you rename this to check_invalid_write() or something like that?
| } | ||
| } | ||
|
|
||
| //TODO Weirdly, these fail even tho the other tests pass??? |
There was a problem hiding this comment.
This looks like a blocker to me. Maybe we should investigate this behavior a bit better.
| #[kani::proof] | ||
| #[kani::mmio_region(0x8000, 4)] | ||
| fn test_read_after_write_doesnt_havoc() { | ||
| let val = 12; |
| @@ -0,0 +1,63 @@ | |||
| // Copyright Kani Contributors | |||
There was a problem hiding this comment.
Can you please document what these tests are testing?
| @@ -0,0 +1,39 @@ | |||
| // Copyright Kani Contributors | |||
There was a problem hiding this comment.
Can you cover 0 sized operations?
| #[cfg(kani)] | ||
| #[kani::proof] | ||
| #[kani::mmio_region(0x8000, 4)] | ||
| fn test_read_is_stable() { |
|
@danielsn any news here? |
Description of changes:
Adds support for MMIO regions to kani proof harnesses.
Resolved issues:
Resolves #1304
Call-outs:
Testing:
How is this change tested? New regression tests.
Is this a refactor change? No
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses.