Fix compiler_builtins upstream monomorphizations errors by inlining kani_contract_mode #4312
Conversation
error: `compiler_builtins` cannot call functions through upstream monomorphizations;
encountered invalid call from `core::ops::index_range::IndexRange::next_unchecked`
to `core::ops::index_range::IndexRange::next_unchecked::kani_contract_mode`
--> /home/gh-zjp-CN/distributed-verification/verify-rust-std/library/core/src/ops/index_range.rs:63:5
|
63 | #[cfg_attr(kani, kani::modifies(self))] // 👈 annotated on core::ops::index_range::IndexRange::next_unchecked
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ in this attribute macro expansion
github-actions
bot
added
Z-EndToEndBenchCI
| @@ -71,7 +71,7 @@ impl<'a> ContractConditionsHandler<'a> { | |||
| } | |||
| // Dummy function that we replace to pick the contract mode. | |||
| // By default, return ORIGINAL | |||
| #[inline(never)] | |||
| #[inline] | |||
There was a problem hiding this comment.
Wouldn't inlining break Kani's ability to replace the function by a mode set at Kani runtime?
There was a problem hiding this comment.
I have no idea on this. Is there a test for your concern?
There was a problem hiding this comment.
I hope we do; the code of concern is the following:
kani/kani-compiler/src/kani_middle/transform/contracts.rs
Lines 424 to 435 in 8b8b897
I don't think this would continue to work if the call had been inlined.
There was a problem hiding this comment.
I think kani tests have already covered this logic, because the referenced snippet is from iterator.find_map(__find__kani_contract_mode__).unwrap(), meaning if kani_contract_mode call is not found, kani will panic and current tests will fail.
inline is a codegen attribute, while kani is an alternative rustc backend. I think code won't be eagerly "inlined" until codegen, so kani will see kani_contract_mode in MIR the Rust IR that only exists before codegen.
There was a problem hiding this comment.
What efforts are needed to have this merged?
There was a problem hiding this comment.
@tautschnig are we good here?
Resolves model-checking/verify-rust-std#477
Resolves os-checker/distributed-verification#111
kani_contract_mode with
inline(never)will instantiate in libcore rather than compiler_builtins, which breaks the requirement that calls in compiler_builtins must be instantiated inside compiler_builtins. Rustc tools like dv will codegen such calls, while kani won't, so verify-rust-std doesn't have the error.This PR make kani_contract_mode inline to make kani annotated APIs that are called in
compiler_builtinsbe instantiated incompiler_builtinsrather than libcore. I've tested the fix and it works for me.Not sure why functions like kani_force_fn_once are fine even if they're marked
#[inline(never)]to cause the trouble.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses.