Skip to content

Verify Rust Standard Library - Challenge 11: Safety of Methods for Numeric Primitive Types#985

Draft
dkcumming wants to merge 19 commits intomasterfrom
verify-rust-std/challenge-0011
Draft

Verify Rust Standard Library - Challenge 11: Safety of Methods for Numeric Primitive Types#985
dkcumming wants to merge 19 commits intomasterfrom
verify-rust-std/challenge-0011

Conversation

@dkcumming
Copy link
Collaborator

@dkcumming dkcumming commented Mar 13, 2026

This PR adds infrastructure for verify-rust-std (docs / github) challenges. challenges and implements Challenge 11: Safety of Methods for Numeric Primitives:

  • Proof harnesses verifying correctness under preconditions (symbolic inputs)
  • Fail harnesses verifying UB detection when preconditions are violated, with expected output
    files
  • All verify-rust-std proofs run with --terminate-on-thunk
  • K simplification lemmas added for shift mask identities

Part 3 (floats) is blocked: KMIR lacks float value support. Harnesses exist in to_int_unchecked-fail.rs and should be moved to to_int_unchecked.rs once passing.

Progress

Part 1 - Unsafe Integer Methods (i8i128, u8u128). Proofs for soundness and proofs catching UB:

  • unchecked_add
  • unchecked_sub
  • unchecked_mul
  • unchecked_shl
  • unchecked_shr
  • unchecked_neg (signed only)

Part 2 - Safe API Verification. Proofs for soundness:

  • wrapping_shl (i8i128, u8u128)
  • wrapping_shr (i8i128, u8u128)
  • widening_mul (u8u64)
  • carrying_mul (u8u64)

Part 3 — Float to Integer Conversion:

  • to_int_unchecked (f16, f32, f64, f128) FIXME: blocked on float support

@dkcumming dkcumming self-assigned this Mar 13, 2026
@dkcumming dkcumming mentioned this pull request Mar 14, 2026
Merged
automergerpr-permission-manager bot pushed a commit that referenced this pull request Mar 14, 2026
@dkcumming
Collapse prove-rs into prove (#986)
a322781 
Collapse `prove-rs` into `prove`:
- ProveRSOpts merged into ProveOpts
- `kmir prove` is the primary command (`prove-rs` kept as alias for
backwards compatibility)
- adds `parsed_smir` option for programmatic use (useful for tests with
many start symbols like #985)
dkcumming added 19 commits March 15, 2026 20:39
@dkcumming
Created make target and pytest harness to prove verify-rust-std
5e6bbb9
@dkcumming
Updated README with verification requirements
bdb7462
@dkcumming
wrapping_sub passing
10f3dbe
@dkcumming
unchecked_mul passing
70654ee
@dkcumming
unchecked_shl passing
6d61381
@dkcumming
Restricted make test-verify-std-rust to tests in the verify-std-rust/
a1c6579
@dkcumming
unchecked_shr passing
4182d26
@dkcumming
unchecked_neg passing
d29c959
@dkcumming
wrapping_shl added but fails with non-det branching
efccba7
@dkcumming
Added lemmas for wrapping_shl which is now passing
e568644
@dkcumming
wrapping_shr passing
5cf008c
@dkcumming
widening_mul passing
3de3a67
@dkcumming
carrying_mul passing
04c8165
@dkcumming
Added float harnesses under .txt as they have many thunks
be11fc5
@dkcumming
Added show for expected output on -fail tests
29c9a0d
@dkcumming
Added README.md for verify-rust-std
c7259e9
@dkcumming
All proofs are run with --terminate-on-thunk
24681b1 
This is needed while we still have `thunk` in the semantics to catch UB
@dkcumming
Added show output for failing tests and moved float test to runable
a737317
@dkcumming
Use parsed .smir.json to avoid repeated LLVM compilation
f54ce95 
Tested with `time make test-verify-rust-std TEST_ARGS='-k unchecked_add'` which resulted in a 17.8% reduction in time (110.643 seconds):
- Before: 10m22.304s
- After:   8m31.661s
@dkcumming dkcumming force-pushed the verify-rust-std/challenge-0011 branch from caf61b6 to f54ce95 Compare March 15, 2026 10:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@dkcumming dkcumming

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dkcumming