prusti-dev icon indicating copy to clipboard operation
prusti-dev copied to clipboard
verified publisher icon viperproject

Termination Measures for Loops and Functions

Open JM4ier opened this issue 3 years ago • 1 comments

JM4ier avatar Aug 02 '22 12:08 JM4ier

@Aurel300 Are there still unmerged PRs that would be invalidated if we rustfmt prusti-viper and prusti-interface?

vakaras avatar Aug 02 '22 13:08 vakaras

@vakaras I think you still need the enum, what if we decide not to use a HashMap<u64, VerificationResult> for the data

JonasAlaif avatar Oct 19 '22 09:10 JonasAlaif

@vakaras I think you still need the enum, what if we decide not to use a HashMap<u64, VerificationResult> for the data

Do we want to support two versions of the cache at the same time? If not, I do not see why we need that.

vakaras avatar Oct 19 '22 12:10 vakaras

I mean you need to at least change this line to instead give an empty cache:

error!("Failed to read cache from \"{}\": {e}", cache_loc.display()),

JonasAlaif avatar Oct 19 '22 15:10 JonasAlaif

I mean you need to at least change this line to instead give an empty cache:

error!("Failed to read cache from \"{}\": {e}", cache_loc.display()),

Why the already existing code does not do that?

vakaras avatar Oct 19 '22 17:10 vakaras

I mean you need to at least change this line to instead give an empty cache:

error!("Failed to read cache from \"{}\": {e}", cache_loc.display()),

That already happens, right? In case of error the data_res remains None, so later the unwrap_or_else creates a fresh cache.

The only reason for the enum was to ensure that reading an old version of the cache doesn't succeed by mistake. However, I think that serde doesn't guarantees an error when deserializing with a different type, not even if the new type is in a new variant of the enumeration that we had. It can be, for example, that the serialization just calls 0 the last variant of an enumeration, and if so deserializing with the additional variant whould happily succeed. The order of the variants might not even be guaranteed across compiler versions, and when an enum has only one variant the discriminant might not even be serialized.

Adding a version field makes the check more explicit; we no longer rely on the serialization of the variants and I think it's better than before. The only failure that I think is still possible is that

  1. We change the HashMap to a Vec and bump the version of the cache.
  2. At the same time, a change in serde or the compiler swaps the order in which fields are deserialized.
  3. By chance, decoding the old version of the cache happens to produce a version that matches the bumped version that we expect.

Not knowing exactly what are the safety guarantees of serde, I assume that (3) is very unlikely but still possible. If there was a way to force the serialization to always serialize the version field first then I think we would be fully covered.

fpoli avatar Oct 20 '22 09:10 fpoli

bors r+

vakaras avatar Oct 20 '22 15:10 vakaras

Canceled.

bors[bot] avatar Oct 20 '22 19:10 bors[bot]

bors r+

vakaras avatar Oct 21 '22 15:10 vakaras

Timed out.

bors[bot] avatar Oct 21 '22 21:10 bors[bot]

bors r+

vakaras avatar Oct 22 '22 10:10 vakaras

Build succeeded:

bors[bot] avatar Oct 22 '22 11:10 bors[bot]