Comments (5)
This seems like something that ought to work. I'll try and have a look this weekend.
from mirai.
This is quite a subtle problem and I don't have a fix for it as yet. What is going on here is that the post condition can't be proved while constructing the summary for a_to_b. It should be, given the precondition, but it is tricky and it goes wrong in this case.
The summary, however, is complete enough that the calling code can prove the verify in main even without the explicit post condition. So your work around for now is just to omit the post condition.
In general, post conditions are seldom needed, so omit them by default.
from mirai.
Thanks for your explanation!
I agree that postconditions could be avoided in most cases. I tried to reform my sample program without using postcondition but still got unexpected result:
#![cfg_attr(mirai, allow(incomplete_features), feature(generic_const_exprs))]
extern crate mirai_annotations;
use mirai_annotations::*;
#[cfg(mirai)]
use mirai_annotations::TagPropagationSet;
#[cfg(mirai)]
struct SecretTaintKind<const MASK: TagPropagationSet> {}
#[cfg(mirai)]
const SECRET_TAINT: TagPropagationSet = TAG_PROPAGATION_ALL;
#[cfg(mirai)]
type SecretTaint = SecretTaintKind<SECRET_TAINT>;
#[cfg(not(mirai))]
type SecretTaint = ();
struct A(u32);
struct B(u32);
fn a_to_b(a: A) -> B {
precondition!(has_tag!(&a, SecretTaint));
let b = B(a.0 + 1);
b
}
fn b_to_a(b: B) -> A {
precondition!(has_tag!(&b, SecretTaint));
let a = A(b.0 + 1);
a
}
fn main() {
let a = A(1);
add_tag!(&a, SecretTaint);
let b = a_to_b(a);
verify!(has_tag!(&b, SecretTaint));
let a = b_to_a(b);
verify!(has_tag!(&a, SecretTaint));
// println!("reachable?");
}
Output of cargo mirai
:
warning: unsatisfied precondition
--> src/main.rs:42:13
|
42 | let a = b_to_a(b);
| ^^^^^^^^^
|
note: related location
--> src/main.rs:32:5
|
32 | precondition!(has_tag!(&b, SecretTaint));
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
= note: this warning originates in the macro `precondition` (in Nightly builds, run with -Z macro-backtrace for more info)
warning: this is unreachable, mark it as such by using the verify_unreachable! macro
--> src/main.rs:43:5
|
43 | verify!(has_tag!(&a, SecretTaint));
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
warning: `mirai_test` (bin "mirai_test") generated 2 warnings
Finished dev [unoptimized + debuginfo] target(s) in 0.60s
In this program, I add another function b_to_a()
and verify the same precondition at the beginning of b_to_a()
. However, this is unsatisfied. The thing most confusing me is MIRAI doesn't complain on verify!(has_tag!(&b, SecretTaint));
, which verifies the same thing as the precondition.
Besides, the last verify in main
is unreachable (verify!(has_tag!(&a, SecretTaint));
) and I don't know why. The commented println
could be printed out when uncommented and I'm confused.
I would be more than grateful if you can provide some insights about the potential reasons lead to these. I'm not pretty sure if MIRAI should be used in this way and please point out my mistakes if possible!
from mirai.
Taint that propagates to other elements of a structure/collection is hard to deal with in the MIRAI heap model because the model is sparse. Also add_tag!(&a, SecretTaint);
propagates from parent to child, whereas let b = a_to_b(a);
propagates taint from child to parent, hence the success of the first verify and the failure of the second.
You are not doing anything wrong, just using a feature that is complicated and not yet well tested. I hope to fix these problems in the coming weeks.
from mirai.
Thank you for the quick rely! I'm looking forward to seeing the updated features!
from mirai.
Related Issues (20)
- MIRAI fails analysing: error: could not compile <bin> HOT 2
- feature request: Annotating traits for attaching tags HOT 3
- question: propagation through closure containing tagged values HOT 14
- suggestion: add example + usage in the README HOT 1
- Memory Usage for rebuild_std.sh HOT 3
- Question: Foreign contracts HOT 6
- Add JSON structure reporting HOT 1
- MIRAI only sees one member of a workspace HOT 4
- Compiler unexpectedly panicked when execute `cargo mirai`
- How to pass `--cfg` to mirai? HOT 1
- Does the behavior of add_tag!() and does_not_have_tag!() be affected by type and clone()? HOT 1
- Evaluate Profile-Guided Optimization (PGO) and LLVM BOLT
- No warnings shown for library methods HOT 6
- Is it possible for it to work with async code
- OOM during cargo mirai project analysis
- MacOS Mirai errors HOT 1
- Panic while compiling `libm` HOT 3
- Panic on `std::f64::<impl f64>::log2` HOT 1
- Compilation issues on older versions of crates
- modifying MIR in rustc_interface
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mirai.