creusot icon indicating copy to clipboard operation
creusot copied to clipboard

Published 20 hours ago verified publisher icon creusot-rs

How to compile modules using Creusot contracts?

Open Lysxia opened this issue 1 year ago • 6 comments
trafficstars

Following the Quickstart in the Creusot guide, I created a src/lib.rs file with some Creusot contracts. cargo creusot succeeds, but cargo build fails because some features are not enabled (which cargo creusot enabled implicitly to succeed). If I enable the features explicitly:

#![feature(stmt_expr_attributes,proc_macro_hygiene)]

Then cargo creusot complains because the features are enabled twice.

One workaround is to enable the feature conditionally:

#![cfg_attr(not(creusot),feature(stmt_expr_attributes,proc_macro_hygiene))]

Am I missing something? Could Creusot not enable those features, or enable them only if they are not already enabled?

Lysxia avatar May 08 '24 14:05 Lysxia

Unfortunately, that's the best way I know of doing things, I suppose the alternative would be for creusot to not enable these features and instead just require all client projects to unconditionally enable them? I'm open to suggestions on this.

xldenis avatar May 08 '24 14:05 xldenis

Yes, I think creusot should let users enable those features unconditionally.

#![feature(stmt_expr_attributes,proc_macro_hygiene)]

Lysxia avatar Oct 10 '24 08:10 Lysxia

I'd like a macro to generate these automatically each time we are using Creusot.

But here it is said that this is impossible:

https://users.rust-lang.org/t/how-to-generate-top-level-macro-calls-with-a-proc-macro/51142

Sad :'(

jhjourdan avatar Oct 10 '24 09:10 jhjourdan

The real solution is to just work to stablize these features :P

xldenis avatar Oct 10 '24 09:10 xldenis

I'm not confident that we will never use another unstable feature in the future.

jhjourdan avatar Oct 10 '24 09:10 jhjourdan

I'm not confident that we will never use another unstable feature in the future.

In our macros? That seems easier to guarantee, in the creusot compiler / contracts sure.

xldenis avatar Oct 10 '24 09:10 xldenis

If it is a goal to be able to compile verified projects with a stable toolchain, we will need to disable all unstable features when compiling.

stmt_expr_attributes and proc_macro_hygiene are the only two problematic features that I am aware of on that front. They are needed to write loop invariants. A workaround is to replace invariant(_) with cfg_attr(creusot, invariant(_)). It's ugly but I also don't see another way until those features are stabilized, which is not any time soon.

Are there other features needed to make Creusot's annotations just parseable?

If that's the way to go, then I think it makes sense for cargo creusot to keep enabling the features it needs implicitly. (There is a case where a user enables a feature also enabled by Creusot, then they need to guard it with not(creusot). That's much more of a corner case than currently, where users must enable stmt_expr_attributes and proc_macro_hygiene all the time anyway.)

Lysxia avatar Jan 17 '25 18:01 Lysxia

It would also be worth pushing the rust teams on those features since both are fairly stable.

xldenis avatar Jan 17 '25 18:01 xldenis

@jhjourdan proposed to have the dummy version of requires/ensures remove loop invariants, that avoids the need for cfg_attr, so I'm trying that now.

Lysxia avatar Jan 29 '25 09:01 Lysxia