Rewrite loops with multiple back edges to having a single back edge only (rust-lang#1117)

tedinski · tautschnig · danielsn · web-flow · commit 6acc2cf0ac28 · 2022-04-28T13:41:57.000-04:00
rustc reasonably translates if statements at end of a loop body to backwards jumps to the loop head. This, however, causes CBMC's symbolic execution to spuriously treat these as nested loops. This commit now enables a rewrite step that had previously been built for exactly such cases. This treatment as nested loops implied that seemingly lower unwinding bounds were sufficient (as the loop unwinding counter got reset). Three of the tests exhibited this behaviour, which now makes larger unwinding bounds necessary. Fixes: rust-lang#1046 Co-authored-by: Daniel Schwartz-Narbonne <dsn@amazon.com> Co-authored-by: Michael Tautschnig <tautschn@amazon.com> Co-authored-by: Daniel Schwartz-Narbonne <dsn@amazon.com>
diff --git a/docs/src/tutorial/arbitrary-variables/Cargo.toml b/docs/src/tutorial/arbitrary-variables/Cargo.toml
@@ -11,4 +11,4 @@ vector-map = "1.0.1"
 [workspace]
 
 [workspace.metadata.kani]
-flags = { default-checks = false, unwind = "2" }
+flags = { unwind = "3" }
diff --git a/kani-driver/src/call_goto_instrument.rs b/kani-driver/src/call_goto_instrument.rs
@@ -23,6 +23,8 @@ impl KaniSession {
             self.just_drop_unused_functions(output)?;
         }
 
+        self.rewrite_back_edges(output)?;
+
         if self.args.gen_c {
             if !self.args.quiet {
                 println!("Generated C code written to {}", output.to_string_lossy());
@@ -100,6 +102,16 @@ impl KaniSession {
         self.call_goto_instrument(args)
     }
 
+    fn rewrite_back_edges(&self, file: &Path) -> Result<()> {
+        let args: Vec<OsString> = vec![
+            "--ensure-one-backedge-per-target".into(),
+            file.to_owned().into_os_string(), // input
+            file.to_owned().into_os_string(), // output
+        ];
+
+        self.call_goto_instrument(args)
+    }
+
     /// Generate a .c file from a goto binary (i.e. --gen-c)
     pub fn gen_c(&self, file: &Path) -> Result<()> {
         let output_filename = alter_extension(file, "c");
diff --git a/tests/kani/AssociatedTypes/into_iter.rs b/tests/kani/AssociatedTypes/into_iter.rs
@@ -19,7 +19,7 @@ impl<'a> MyStruct<'a> {
 }
 
 #[kani::proof]
-#[kani::unwind(2)]
+#[kani::unwind(3)]
 pub fn check_into_iter_type() {
     let original = "h";
     let mut wrapper = MyStruct::new(original.chars());
diff --git a/tests/kani/Intrinsics/Count/ctpop.rs b/tests/kani/Intrinsics/Count/ctpop.rs
@@ -20,11 +20,6 @@ macro_rules! test_ctpop {
                 if bit != 0 {
                     count += 1;
                 }
-                // The assertion below mitigates a low performance issue in this
-                // test due to the loop having a conditional jump at the end,
-                // see https://github.com/model-checking/kani/issues/1046 for
-                // more details.
-                assert!(count >= 0);
             }
             count
         }

Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ impl<'a> MyStruct<'a> {`
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`#[kani::proof]`
`22`		`-#[kani::unwind(2)]`
	`22`	`+#[kani::unwind(3)]`
`23`	`23`	`pub fn check_into_iter_type() {`
`24`	`24`	`let original = "h";`
`25`	`25`	`let mut wrapper = MyStruct::new(original.chars());`
Original file line number	Diff line number	Diff line change
`@@ -20,11 +20,6 @@ macro_rules! test_ctpop {`
`20`	`20`	`if bit != 0 {`
`21`	`21`	`count += 1;`
`22`	`22`	`}`
`23`		`- // The assertion below mitigates a low performance issue in this`
`24`		`- // test due to the loop having a conditional jump at the end,`
`25`		`- // see https://github.com/model-checking/kani/issues/1046 for`
`26`		`- // more details.`
`27`		`- assert!(count >= 0);`
`28`	`23`	`}`
`29`	`24`	`count`
`30`	`25`	`}`