From 4f4d03220a9bf4c921ec264c66321c3c81ec274a Mon Sep 17 00:00:00 2001 From: Zyad Hassan <88045115+zhassan-aws@users.noreply.github.com> Date: Thu, 18 Jul 2024 17:04:49 -0700 Subject: [PATCH] Add a challenge for `btree::node` module (#26) This challenge is concerned with verifying the memory safety of BTreeMap's `btree::node` module. By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses. --- doc/src/SUMMARY.md | 1 + doc/src/challenges/0004-btree-node.md | 68 +++++++++++++++++++++++++++ 2 files changed, 69 insertions(+) create mode 100644 doc/src/challenges/0004-btree-node.md diff --git a/doc/src/SUMMARY.md b/doc/src/SUMMARY.md index 21713571824ce..9a8023d63908a 100644 --- a/doc/src/SUMMARY.md +++ b/doc/src/SUMMARY.md @@ -16,4 +16,5 @@ - [Core Transmutation](./challenges/0001-core-transmutation.md) - [Memory safety of core intrinsics](./challenges/0002-intrinsics-memory.md) - [Pointer Arithmetic](./challenges/0003-pointer-arithmentic.md) + - [Memory safety of BTreeMap's `btree::node` module](./challenges/0004-btree-node.md) - [Inductive data type](./challenges/0005-linked-list.md) diff --git a/doc/src/challenges/0004-btree-node.md b/doc/src/challenges/0004-btree-node.md new file mode 100644 index 0000000000000..6f29ce23eba73 --- /dev/null +++ b/doc/src/challenges/0004-btree-node.md @@ -0,0 +1,68 @@ +# Challenge 4: Memory safety of BTreeMap's `btree::node` module + +- **Status:** Open +- **Tracking Issue:** [Link to issue](https://github.com/model-checking/verify-rust-std/issues/25) +- **Start date:** *2024-07-01* +- **End date:** *2024-12-10* + +------------------- + + +## Goal + +Verify the memory safety of the [`alloc::collections::btree::node` module](https://github.com/rust-lang/rust/blob/c290e9de32e8ba6a673ef125fde40eadd395d170/library/alloc/src/collections/btree/node.rs). +This is one of the main modules used for implementing the `BTreeMap` collection, and it includes a lot of unsafe code. + +### Success Criteria + +The memory safety of all public functions (especially safe ones) containing unsafe code must be verified, e.g.: + +1. `LeafNode::new` +1. `NodeRef::as_internal_mut` +1. `NodeRef::len` +1. `NodeRef::ascend` +1. `NodeRef::first_edge` +1. `NodeRef::last_edge` +1. `NodeRef::first_kv` +1. `NodeRef::last_kv` +1. `NodeRef::into_leaf` +1. `NodeRef::keys` +1. `NodeRef::as_leaf_mut` +1. `NodeRef::into_leaf_mut` +1. `NodeRef::as_leaf_dying` +1. `NodeRef::pop_internal_level` +1. `NodeRef::push` +1. `Handle::left_edge` +1. `Handle::right_edge` +1. `Handle::left_kv` +1. `Handle::right_kv` +1. `Handle::descend` +1. `Handle::into_kv` +1. `Handle::key_mut` +1. `Handle::into_val_mut` +1. `Handle::into_kv_mut` +1. `Handle::into_kv_valmut` +1. `Handle::kv_mut` + +Verification must be unbounded for functions that use recursion or contain loops, e.g. + +1. `NodeRef::new_internal` +1. `Handle::insert_recursing` +1. `BalancingContext::do_merge` +1. `BalancingContext::merge_tracking_child_edge` +1. `BalancingContext::steal_left` +1. `BalancingContext::steal_right` +1. `BalancingContext::bulk_steal_left` +1. `BalancingContext::bulk_steal_right` + +### List of UBs + +All proofs must automatically ensure the absence of the following [undefined behaviors](https://github.com/rust-lang/reference/blob/142b2ed77d33f37a9973772bd95e6144ed9dce43/src/behavior-considered-undefined.md): + +* Accessing (loading from or storing to) a place that is dangling or based on a misaligned pointer. +* Reading from uninitialized memory. +* Mutating immutable bytes. +* Producing an invalid value + +Note: All solutions to verification challenges need to satisfy the criteria established in the [challenge book](../general-rules.md) +in addition to the ones listed above.