kani: Investigate failed check in memcmp

This was discovered in #1332, but also occurs in a synchronous context:

#[kani::proof]
pub fn main() {
    let coll: Result<Vec<u32>, ()> = std::iter::empty().collect();
    assert_eq!(Ok(vec![]), coll);
}

Running this with Kani gives the result:

SUMMARY:
 ** 2 of 436 failed
Failed Checks: memcmp region 1 readable
 File: "<builtin-library-memcmp>", line 19, in memcmp
Failed Checks: memcpy region 2 readable
 File: "<builtin-library-memcmp>", line 21, in memcmp

VERIFICATION:- FAILED

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 19 (12 by maintainers)

Most upvoted comments

Sure, but currently it also rejects code that it potentially ought to accept, see this issue. The interesting part will be to accept that but still reject the UAF example.

+1
RalfJung on Aug 11, 2022
Read more comments on GitHub
← kani: CBMC invariant violation in precondition (exit code 134)
kani: kani fails to unwind 2 x 1 elements nested loop in firecracker code →