Support MIR string slices #1997
Labels
subsystem: crucible-mir
Issues related to Rust verification with crucible-mir and/or mir-json
type: enhancement
Issues describing an improvement to an existing feature or capability
Comments
RyanGlScott
added
type: enhancement
29 tasks
|
Another question we will have to answer: should we emulate Rust's ability to check if a string slice over a subrange uses invalid indexing? Take this example from The Rust Programming Language: let hello = "Здравствуйте";
let s = &hello[0..1];This will panic at runtime because the Cyrillic letter The question: Should |
RyanGlScott
added a commit
that referenced
this issue
Feb 7, 2024
This adds rudimentary support for constructing MIR `str` slice references via the new `mir_str_slice_value` and `mir_str_slice_range_value` SAWScript functions. These behave much like their cousins `mir_slice_value` and `mir_slice_range_value` (which work for array slices), except that they return something of type `&str` instead of, say, `&[u8]`. See the manual for the full details and current limitations of the approach. The `mir_str_slice_value`/`mir_str_slice_range_value` functions mostly share the same implementation as `mir_slice_value`/`mir_slice_range_value`, except for some minor differences regarding how the underlying types are handled. There is now a new `MirSliceInfo` data type that signals whether we are dealing with a `str` slice or an array slice. Fixes #1997.
Merged
RyanGlScott
added a commit
that referenced
this issue
Mar 29, 2024
This adds rudimentary support for constructing MIR `str` slice references via the new `mir_str_slice_value` and `mir_str_slice_range_value` SAWScript functions. These behave much like their cousins `mir_slice_value` and `mir_slice_range_value` (which work for array slices), except that they return something of type `&str` instead of, say, `&[u8]`. See the manual for the full details and current limitations of the approach. The `mir_str_slice_value`/`mir_str_slice_range_value` functions mostly share the same implementation as `mir_slice_value`/`mir_slice_range_value`, except for some minor differences regarding how the underlying types are handled. There is now a new `MirSliceInfo` data type that signals whether we are dealing with a `str` slice or an array slice. Fixes #1997.
RyanGlScott
added a commit
that referenced
this issue
Jul 2, 2024
This adds rudimentary support for constructing MIR `str` slice references via the new `mir_str_slice_value` and `mir_str_slice_range_value` SAWScript functions. These behave much like their cousins `mir_slice_value` and `mir_slice_range_value` (which work for array slices), except that they return something of type `&str` instead of, say, `&[u8]`. See the manual for the full details and current limitations of the approach. The `mir_str_slice_value`/`mir_str_slice_range_value` functions mostly share the same implementation as `mir_slice_value`/`mir_slice_range_value`, except for some minor differences regarding how the underlying types are handled. There is now a new `MirSliceInfo` data type that signals whether we are dealing with a `str` slice or an array slice. Fixes #1997.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, the SAW MIR backend supports creating slices of type
&[T], but it does not support creating a slice of type&str. In principle, however, SAW could support the latter without too much additional effort. Here is a sketch of how this would work in SAW:We'd need
mir_slice_str_value : MIRValue -> MIRValueandmir_slice_str_range_value : MIRValue -> Int -> Int -> MIRValuefunctions in SAWScript. Each of these functions would take aMIRValueargument representing a reference to an array of bytes (i.e.,u8s) and return aMIRValuerepresenting a&strslice.Why an array of bytes? This is a consequence of how
crucible-mirdesugars&strslices. Specifically,crucible-mirrepresents a&strslice as a reference to a UTF-8–encoded sequence of bytes. Therefore, taking an array of bytes is the most natural way to interface withcrucible-mir.How are users expected to create these arrays of bytes? Most of the time, Cryptol's string literals will be a natural tool for the job. If you write something like
"abc"in Cryptol, it will desugar to a sequence of bytes, so"abc" : [3][8]. As luck would have it, that is exactly what we need forcrucible-mir.This approach isn't perfect, since Cryptol isn't yet capable of handling Unicode string literals (see this issue). For instance, the expression
"roșu"simply doesn't typecheck in Cryptol, since the character'ș'would require 10 bits to represent instead of 8. Instead, you would have to manually encode the string into UTF-8 and write"ro\200\153u", where"\200\153"is the UTF-8 encoding of the character'ș'. If we want to do better, we'd need to change Cryptol first.The text was updated successfully, but these errors were encountered: