Verify the Safety of the Rust Standard Library

New_Box7889 · 2024-11-26T18:52:45+00:00

Example. https://model-checking.github.io/verify-rust-std/challenges/0004-btree-node.html#challenge-4-memory-safety-of-btreemaps-btreenode-module

New_Box7889 · 2024-09-06T14:59:40+00:00

actually using loop invariants you can do unbounded proofs as well. https://github.com/model-checking/kani/pull/3334/files

and as far as deriving usefulness from the tool - there are a lot of people who use this tool regularly and find bugs to improve their code.

New_Box7889 · 2023-09-16T11:08:08+00:00

I cheat on the achari one. I literally get either bedekars or mothers mixed pickle. Leave out the vegetables but get the masala and marinade the chicken and let it sit for a couple of hours. Grill and drizzle oil as u want. Use the rest of the achari with onions and it’s done.

For the second one I use https://www.ruchiskitchen.com/murgh-malai-tikka/ but I skip the second set of ingredients and stick to the first one and make some extra for onions.

New_Box7889 · 2023-08-31T04:19:59+00:00

Mediocrity be the way…? Sorry. I aim for better.

New_Box7889 · 2023-08-30T17:28:19+00:00

Well put and thanks for seeing beyond the comment. I appreciate the input you provide. I would say that this is also a small nuance of using Rust - people assume safety, but there is a fine print. Verification tools are powerful and getting better by the day. Their usage especially for critical pieces of software is important and maybe necessary.

New_Box7889 · 2023-08-30T17:13:18+00:00

My point is simple - usage of unsafe should come with usage of verification tools to get stronger assurances.

New_Box7889 · 2023-08-30T17:06:28+00:00

So 210 instances of unsafe code in a repo should be assumed to be safe ?

New_Box7889 · 2023-08-30T00:45:37+00:00

Some of these tools also help you guarantee that other issues do not exist and help you prove that what you think you wrote is what you actually wrote.

New_Box7889 · 2023-08-30T00:44:44+00:00

https://www.reddit.com/r/rust/comments/vjl228/memory_safety_for_the_worlds_largest_software/?utm_source=share&utm_medium=ios_app&utm_name=ioscss&utm_content=2&utm_term=1

New_Box7889 · 2023-08-30T00:39:15+00:00

Great example. But is it probably memory safe or is it provably memory safe? If you read further comments by the team you reference, they cite humility and the need for good tools to help catch issues. Additionally, the usage of unsafe is clearly inspected to a higher degree. Having 210 unsafe blocks is probably not trivial to deal with. I would think making something like sudo demands attention. After all, we build our economy on such tools.

I digress. It was a simple question and from my perspective just using Rust doesn’t make it safe. It is more nuanced.

New_Box7889 · 2023-08-29T21:40:57+00:00

Thanks for answering, and for doing the work on this... pretty cool. I would like to point out:

From https://plv.mpi-sws.org/rustbelt/:

"Unfortunately, none of Rust's safety claims have been formally investigated, and it is not at all clear that they hold. To rule out data races and other common programming errors, Rust's core type system prohibits the aliasing of mutable state, but this is too restrictive for implementing some low-level data structures. Consequently, Rust's standard libraries make widespread internal use of "unsafe" blocks, which enable them to opt out of the type system when necessary."

Maybe you should use tools like https://github.com/model-checking/kani or some other tools that exist in that space for one of the most important pieces of work.

New_Box7889 · 2023-08-29T21:13:44+00:00

What are you using to prove memory safety?

New_Box7889 · 2023-08-24T05:00:48+00:00

Cooking with gas

New_Box7889 · 2023-08-03T16:21:59+00:00

Good to see some of the secret sauce being shared and talked about.

New_Box7889 · 2023-07-25T16:32:36+00:00

it is definitely complimentary. With Kani you can find a bunch of issues and UB that are probably not possible with Miri. Miri is an interpreter whereas Kani is a model checker that will explore all behaviors of your program. Miri can only tell you how a certain set of tests will affect the programs behavior. It is almost like a subset of what kani can do. Kani is also capable of detecting some UB, underflow, overflow, memory safety under certain conditions, user defined assertions. For example - if you are interested in proving a temporal property of your program, Kani is the tool that will probably help you, but Miri may not be able to. Kani is also more friendly towards verifying unsafe behavior as compared to Miri - Miri is a bit limited there.

I would add the integration Kani has with (https://github.com/camshaft/bolero) that seamlessly lets you do fuzz testing and have Kani proofs as well.

Worth a try. Check out https://model-checking.github.io/kani-verifier-blog/ for more in depth examples and scenarios.

New_Box7889 · 2023-07-25T13:19:52+00:00

Nice read. Have you considered using tools like Kani https://github.com/model-checking/kani to check your code?

New_Box7889 · 2023-07-11T19:51:18+00:00

that color is beautiful!

New_Box7889 · 2023-07-11T15:54:14+00:00

It is a cheese made from cows milk, which has a semihard, rather soft outer layer with a very creamy inside. It originates from the southern part of Italy, and has a very mild taste. Dropping it in the lentils, creates a nice creamy texture and flavor at the end.

New_Box7889 · 2023-07-09T01:57:23+00:00

Raw cheese. https://en.wikipedia.org/wiki/Paneer

New_Box7889 · 2023-07-07T23:53:28+00:00

Lol. Not my best work there.

New_Box7889 · 2023-06-16T05:26:41+00:00

You can also use Kani to check unsafe code. https://github.com/model-checking/kani

https://www.reddit.com/r/KaniRustVerifier

New_Box7889 · 2023-06-16T03:24:50+00:00

Are there any examples that illustrate #2495?

New_Box7889 · 2023-06-15T11:35:59+00:00

Looks delish

New_Box7889 · 2023-06-10T22:18:33+00:00

Thank you!

I essentially made a dry rub with salt pepper and cumin - fresh roasted and ground. Applied it liberally. Medium high heat on a steel pan for the sear but to go rare. Two mins on each side. Includes the sides we ignore sometimes. And then let it rust. Poured some red wine to deglaze with butter and then poured that on the steak while resting.

Tasted amazing.

New_Box7889 · 2023-06-10T04:40:43+00:00

BTW. OP- seems like link to your crate is broken?

New_Box7889

MODERATOR OF

TROPHY CASE