Introduce kani-verifier: proxy binaries (rust-lang#1039)

tedinski · tedinski · commit 2edb5b28e496 · 2022-04-14T15:30:28.000-05:00
diff --git a/.dockerignore b/.dockerignore
@@ -1,2 +1,4 @@
 .git
 firecracker
+target
+build
diff --git a/.gitignore b/.gitignore
@@ -86,3 +86,4 @@ tests/kani-multicrate/type-mismatch/mismatch/target
 /docs/book
 /docs/mdbook*
 /kani-*.tar.gz
+/src/kani-verifier/target
diff --git a/Cargo.toml b/Cargo.toml
@@ -16,10 +16,12 @@ members = [
 ]
 
 exclude = [
+  # temporarily exclude `kani-verifier` until we don't have colliding binary names (cargo-kani)
+  "src/kani-verifier",
   "build",
   "target",
   # dependency tests have their own workspace
   "tests/kani-dependency-test/dependency3",
   # cargo kani tests should also have their own workspace
-  "tests/cargo-kani"
+  "tests/cargo-kani",
 ]
diff --git a/scripts/ci/Dockerfile.release-bundle-test b/scripts/ci/Dockerfile.release-bundle-test
@@ -11,23 +11,9 @@ RUN apt-get update && \
     curl -sSf https://sh.rustup.rs | sh -s -- -y
 ENV PATH="/root/.cargo/bin:${PATH}"
 
-# This section is roughly (+tests) what "first time setup" will do:
-RUN rustup toolchain install nightly-2022-03-23
 WORKDIR /tmp/kani
 COPY ./tests ./tests
 COPY ./kani-latest-x86_64-unknown-linux-gnu.tar.gz ./
-RUN \
-    tar zxf kani-latest-x86_64-unknown-linux-gnu.tar.gz && \
-    ln -s cargo-kani kani-latest/bin/kani && \
-    ln -s /root/.rustup/toolchains/nightly-2022-03-23-x86_64-unknown-linux-gnu kani-latest/toolchain && \
-    python3 -m pip install cbmc-viewer==2.11 --target kani-latest/pyroot && \
-    python3 -m pip install colorama==0.4.3 --target kani-latest/pyroot && \
-    echo '[workspace]\nmembers = ["kani","kani_macros","std"]' > kani-latest/library/Cargo.toml && \
-    CARGO_ENCODED_RUSTFLAGS=--cfg=kani cargo +nightly-2022-03-23 build --manifest-path kani-latest/library/kani/Cargo.toml -Z unstable-options --out-dir kani-latest/lib --target-dir target && \
-    CARGO_ENCODED_RUSTFLAGS=--cfg=kani cargo +nightly-2022-03-23 build --manifest-path kani-latest/library/kani_macros/Cargo.toml -Z unstable-options --out-dir kani-latest/lib --target-dir target && \
-    CARGO_ENCODED_RUSTFLAGS=--cfg=kani cargo +nightly-2022-03-23 build --manifest-path kani-latest/library/std/Cargo.toml -Z unstable-options --out-dir kani-latest/lib --target-dir target && \
-    rm -rf target
-
-# This section will be set by our shim/proxy before invoking our binaries:
-ENV PATH="/tmp/kani/kani-latest/bin:/tmp/kani/kani-latest/pyroot/bin:/root/.rustup/toolchains/nightly-2022-03-23-x86_64-unknown-linux-gnu/bin:${PATH}" \
-    PYTHONPATH="/tmp/kani/kani-latest/pyroot"
+COPY ./src/kani-verifier/target/release/kani /root/.cargo/bin/
+COPY ./src/kani-verifier/target/release/cargo-kani /root/.cargo/bin/
+RUN cargo-kani setup --use-local-bundle ./kani-latest-x86_64-unknown-linux-gnu.tar.gz
diff --git a/src/kani-verifier/Cargo.toml b/src/kani-verifier/Cargo.toml
@@ -0,0 +1,31 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0 OR MIT
+
+[package]
+name = "kani-verifier"
+version = "0.1.0"
+edition = "2021"
+description = "A bit-precise model checker for Rust."
+# TODO: figure out how we can use our repo's root readme?
+#readme = ""
+keywords = ["model-checking", "verification"]
+categories = ["development-tools"]
+license = "MIT OR Apache-2.0"
+repository = "https://github.com/model-checking/kani"
+documentation = "https://model-checking.github.io/kani/"
+homepage = "https://github.com/model-checking/kani"
+
+[dependencies]
+anyhow = "1"
+home = "0.5"
+
+[[bin]]
+name = "kani"
+path = "src/bin/kani.rs"
+
+[[bin]]
+name = "cargo-kani"
+path = "src/bin/cargo_kani.rs"
+
+[profile.release]
+strip = "debuginfo"
diff --git a/src/kani-verifier/build.rs b/src/kani-verifier/build.rs
@@ -0,0 +1,13 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0 OR MIT
+
+use std::env::var;
+
+fn main() {
+    // We want to know what target triple we were built with, but this isn't normally provided to us.
+    // Note the difference between:
+    // https://doc.rust-lang.org/cargo/reference/environment-variables.html#environment-variables-cargo-sets-for-crates
+    // https://doc.rust-lang.org/cargo/reference/environment-variables.html#environment-variables-cargo-sets-for-build-scripts
+    // So "repeat" the info from build script (here) to our crate's build environment.
+    println!("cargo:rustc-env=TARGET={}", var("TARGET").unwrap());
+}
diff --git a/src/kani-verifier/src/bin/cargo_kani.rs b/src/kani-verifier/src/bin/cargo_kani.rs
@@ -0,0 +1,8 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0 OR MIT
+
+use anyhow::Result;
+
+fn main() -> Result<()> {
+    kani_verifier::proxy("cargo-kani")
+}
diff --git a/src/kani-verifier/src/bin/kani.rs b/src/kani-verifier/src/bin/kani.rs
@@ -0,0 +1,8 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0 OR MIT
+
+use anyhow::Result;
+
+fn main() -> Result<()> {
+    kani_verifier::proxy("kani")
+}
diff --git a/src/kani-verifier/src/lib.rs b/src/kani-verifier/src/lib.rs
@@ -0,0 +1,254 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0 OR MIT
+
+//! This crate includes two "proxy binaries": `kani` and `cargo-kani`.
+//! These are conveniences to make it easy to:
+//!
+//! ```bash
+//! cargo install --locked kani-verifer
+//! ```
+//!
+//! Upon first run, or upon running `cargo-kani setup`, these proxy
+//! binaries will download the appropriate Kani release bundle and invoke
+//! the "real" `kani` and `cargo-kani` binaries.
+
+#![warn(clippy::all, clippy::cargo)]
+
+use std::env;
+use std::ffi::OsString;
+use std::os::unix::prelude::CommandExt;
+use std::path::{Path, PathBuf};
+use std::process::Command;
+
+use anyhow::{bail, Context, Result};
+
+/// Comes from our Cargo.toml manifest file. Must correspond to our release verion.
+const VERSION: &str = env!("CARGO_PKG_VERSION");
+/// Set by our `build.rs`, reflects the Rust target triple we're building for
+const TARGET: &str = env!("TARGET");
+
+/// Typically `~/.kani/kani-1.x/`
+fn kani_dir() -> PathBuf {
+    home::home_dir()
+        .expect("Couldn't find home dir?")
+        .join(".kani")
+        .join(format!("kani-{}", VERSION))
+}
+
+/// The filename of the release bundle
+fn download_filename() -> String {
+    format!("kani-{}-{}.tar.gz", VERSION, TARGET)
+}
+
+/// Helper to find the download URL for this version of Kani
+fn download_url() -> String {
+    let tag: &str = &format!("kani-{}", VERSION);
+    let file: &str = &download_filename();
+    format!("https://github.com/model-checking/kani/releases/download/{}/{}", tag, file)
+}
+
+/// Effectively the entry point (i.e. `main` function) for both our proxy binaries.
+pub fn proxy(bin: &str) -> Result<()> {
+    // In an effort to keep our dependencies minimal, we do the bare minimum argument parsing
+    let args: Vec<_> = std::env::args_os().collect();
+    if args.len() >= 2 && args[1] == "setup" {
+        if args.len() >= 4 && args[2] == "--use-local-bundle" {
+            setup(Some(args[3].clone()))
+        } else {
+            setup(None)
+        }
+    } else {
+        if !appears_setup() {
+            setup(None)?;
+        }
+        exec(bin)
+    }
+}
+
+/// Fast check to see if we look setup already
+fn appears_setup() -> bool {
+    kani_dir().exists()
+}
+
+/// Sets up Kani by unpacking/installing to `~/.kani/kani-VERSION`
+fn setup(use_local_bundle: Option<OsString>) -> Result<()> {
+    let kani_dir = kani_dir();
+    // e.g. `~/.kani/`
+    let base_dir = kani_dir.parent().expect("No base directory?");
+
+    println!("[0/6] Running Kani first-time setup...");
+
+    println!("[1/6] Ensuring the existence of: {}", base_dir.display());
+    std::fs::create_dir_all(&base_dir)?;
+
+    if let Some(pathstr) = use_local_bundle {
+        let path = Path::new(&pathstr).canonicalize()?;
+        println!("[2/6] Installing local Kani bundle: {}", path.display());
+        Command::new("tar").arg("zxf").arg(&path).current_dir(base_dir).run()?;
+
+        // when given a local bundle, it's often "-latest" but we expect "-1.0" or something. Hack it up.
+        let file = path.file_name().expect("has filename").to_string_lossy();
+        let components: Vec<_> = file.split('-').collect();
+        let expected_dir = format!("{}-{}", components[0], components[1]);
+
+        std::fs::rename(base_dir.join(expected_dir), &kani_dir)?;
+    } else {
+        let filename = download_filename();
+        println!("[2/6] Downloading Kani release bundle: {}", &filename);
+        let bundle = base_dir.join(filename);
+        Command::new("curl")
+            .args(&["-sSLf", "-o"])
+            .arg(&bundle)
+            .arg(download_url())
+            .run()
+            .context("Failed to download Kani release bundle")?;
+
+        Command::new("tar").arg("zxf").arg(&bundle).current_dir(base_dir).run()?;
+
+        std::fs::remove_file(bundle)?;
+    }
+
+    let toolchain_version = std::fs::read_to_string(kani_dir.join("rust-toolchain-version"))
+        .context("Reading release bundle rust-toolchain-version")?;
+    println!("[3/6] Installing rust toolchain version: {}", &toolchain_version);
+    Command::new("rustup").args(&["toolchain", "install", &toolchain_version]).run()?;
+
+    let toolchain = home::rustup_home()?.join("toolchains").join(&toolchain_version);
+
+    Command::new("ln").arg("-s").arg(toolchain).arg(kani_dir.join("toolchain")).run()?;
+
+    println!("[4/6] Installing Kani python dependencies...");
+    let pyroot = kani_dir.join("pyroot");
+
+    // TODO: this is a repetition of versions from elsewhere
+    Command::new("python3")
+        .args(&["-m", "pip", "install", "cbmc-viewer==2.11", "--target"])
+        .arg(&pyroot)
+        .run()?;
+    Command::new("python3")
+        .args(&["-m", "pip", "install", "colorama==0.4.3", "--target"])
+        .arg(&pyroot)
+        .run()?;
+
+    println!("[5/6] Building Kani library prelude...");
+    // We need a workspace to build them in, otherwise repeated builds generate different hashes and `kani` can't find `kani_macros`
+    let contents = "[workspace]\nmembers = [\"kani\",\"kani_macros\",\"std\"]";
+    std::fs::write(kani_dir.join("library").join("Cargo.toml"), contents)?;
+
+    // A little helper for invoking Cargo repeatedly here
+    let cargo = |crate_name: &str| -> Result<()> {
+        let manifest = format!("library/{}/Cargo.toml", crate_name);
+        Command::new("cargo")
+            .args(&[
+                &format!("+{}", toolchain_version),
+                "build",
+                "-Z",
+                "unstable-options",
+                "--manifest-path",
+                &manifest,
+                "--out-dir",
+                "lib",
+                "--target-dir",
+                "target",
+            ])
+            .current_dir(&kani_dir)
+            // https://doc.rust-lang.org/cargo/reference/environment-variables.html
+            .env("CARGO_ENCODED_RUSTFLAGS", "--cfg=kani")
+            .run()
+            .with_context(|| format!("Failed to build Kani prelude library {}", crate_name))
+    };
+
+    // We seem to need 3 invocations because of the behavior of the `--out-dir` flag.
+    // It only seems to produce the requested artifact, not its dependencies.
+    cargo("kani")?;
+    cargo("kani_macros")?;
+    cargo("std")?;
+
+    std::fs::remove_dir_all(kani_dir.join("target"))?;
+
+    println!("[6/6] Successfully completed Kani first-time setup.");
+
+    Ok(())
+}
+
+/// Executes `cargo-kani` in `bin` mode, augmenting environment variables to accomodate our release environment
+fn exec(bin: &str) -> Result<()> {
+    let kani_dir = kani_dir();
+    let program = kani_dir.join("bin").join("cargo-kani");
+    let pyroot = kani_dir.join("pyroot");
+    let bin_kani = kani_dir.join("bin");
+    let bin_pyroot = pyroot.join("bin");
+    let bin_toolchain = kani_dir.join("toolchain").join("bin");
+
+    // Allow python scripts to find dependencies under our pyroot
+    let pythonpath = augment_search(&[pyroot], env::var_os("PYTHONPATH"))?;
+    // Add: kani, cbmc, viewer (pyroot), and our rust toolchain directly to our PATH
+    let path = augment_search(&[bin_kani, bin_pyroot, bin_toolchain], env::var_os("PATH"))?;
+
+    let mut cmd = Command::new(program);
+    cmd.args(std::env::args_os().skip(1)).env("PYTHONPATH", pythonpath).env("PATH", path).arg0(bin);
+
+    std::process::exit(cmd.status()?.code().expect("No exit code?"));
+}
+
+/// Prepend paths to an environment variable
+fn augment_search(paths: &[PathBuf], original: Option<OsString>) -> Result<OsString> {
+    match original {
+        None => Ok(env::join_paths(paths)?),
+        Some(original) => {
+            let orig = env::split_paths(&original);
+            let new_iter = paths.iter().cloned().chain(orig);
+            Ok(env::join_paths(new_iter)?)
+        }
+    }
+}
+
+/// Helper trait to fallibly run commands
+trait AutoRun {
+    fn run(&mut self) -> Result<()>;
+}
+impl AutoRun for Command {
+    fn run(&mut self) -> Result<()> {
+        // This can sometimes fail during the set-up of the forked process before exec,
+        // for example by setting `current_dir` to a directory that does not exist.
+        let status = self.status().with_context(|| {
+            format!(
+                "Internal failure before invoking command: {}",
+                render_command(self).to_string_lossy()
+            )
+        })?;
+        if !status.success() {
+            bail!("Failed command: {}", render_command(self).to_string_lossy());
+        }
+        Ok(())
+    }
+}
+
+/// Render a Command as a string, to log it
+pub fn render_command(cmd: &Command) -> OsString {
+    let mut str = OsString::new();
+
+    for (k, v) in cmd.get_envs() {
+        if let Some(v) = v {
+            str.push(k);
+            str.push("=\"");
+            str.push(v);
+            str.push("\" ");
+        }
+    }
+
+    str.push(cmd.get_program());
+
+    for a in cmd.get_args() {
+        str.push(" ");
+        if a.to_string_lossy().contains(' ') {
+            str.push("\"");
+            str.push(a);
+            str.push("\"");
+        } else {
+            str.push(a);
+        }
+    }
+
+    str
+}
diff --git a/tools/make-kani-release/src/main.rs b/tools/make-kani-release/src/main.rs

-Original file line number
+Diff line change
@@ @@ -1,2 +1,4 @@ @@
 .git
 firecracker
 +target
 +build
Original file line number	Diff line number	Diff line change
`@@ -16,10 +16,12 @@ members = [`
`16`	`16`	`]`
`17`	`17`
`18`	`18`	`exclude = [`
	`19`	+ # temporarily exclude `kani-verifier` until we don't have colliding binary names (cargo-kani)
	`20`	`+ "src/kani-verifier",`
`19`	`21`	`"build",`
`20`	`22`	`"target",`
`21`	`23`	`# dependency tests have their own workspace`
`22`	`24`	`"tests/kani-dependency-test/dependency3",`
`23`	`25`	`# cargo kani tests should also have their own workspace`
`24`		`- "tests/cargo-kani"`
	`26`	`+ "tests/cargo-kani",`
`25`	`27`	`]`