Skip to content

Kani miss overflow when computing size_of_val #3616

New issue
New issue
Closed
#3734
Closed
Kani miss overflow when computing size_of_val#3616
#3734
Assignees
celinval
Labels
[C] BugThis is a bug. Something isn't working.[F] SoundnessKani failed to detect an issue
@celinval

Description

@celinval
celinval
opened on Oct 18, 2024

I tried this code:

#[kani::proof]
pub fn check_size_of_overflows() {
    let var:  [u64; 4] = kani::any();
    let fat_ptr: *const [u64] = &var as *const _;
    let (thin_ptr, size) = fat_ptr.to_raw_parts();
    let new_size: usize = kani::any();
    let new_ptr:  *const [u64] = ptr::from_raw_parts(thin_ptr, new_size);
    if let Some(expected_size) = new_size.checked_mul(size_of::<u64>()) {
        assert_eq!(unsafe { size_of_val_raw(new_ptr) }, expected_size);
    } else {
        // Expect UB detection
        let _should_ub = unsafe { size_of_val_raw(new_ptr) };
    }
}

using the following command line invocation:

kani slice.rs

with Kani version: 0.56.0

I expected to see this happen: UB should be detected

Instead, this happened: Verification succeed

Metadata

Metadata

Assignees

Labels

[C] BugThis is a bug. Something isn't working.[F] SoundnessKani failed to detect an issue

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions