Skip to content

Verify pkg/slayers#18

Open
henriman wants to merge 22 commits intosif-io-specfrom
sif-pkg-slayers-scratch
Open

Verify pkg/slayers#18
henriman wants to merge 22 commits intosif-io-specfrom
sif-pkg-slayers-scratch

Conversation

@henriman
Copy link
Copy Markdown
Owner

@henriman henriman commented Sep 30, 2025
edited
Loading

It turned out that verifying pkg/slayers/scion_test.gobra was fairly trivial, and that the failing implementation proofs were not related to Gobra issue 948 -- I just needed to re-verify the already verified packages considering the changes to the Path interface. Thus, this should now verify completely.

This PR still contains workarounds for Gobra issues 846, 888, 946, and 955.

  • In scion_spec.gobra, I commented out a package clause due to issue 946; in other cases, I tried to model the effect of the package clause by exhaling/inhaling the appropriate definitions. As explained in a TODO there, this has not been done here (yet), as I didn't deem this worth the effort here (considering it is just a workaround).
  • I marked the places where one can (already) abstract sensitivity of slices using an IsLowSlice function and fix-846 (cf. Use fix-846 and implement hyper functions for abstracting over sensitivity #10).

Furthermore, I added contracts in pkg/slayers/path/scion which have not been verified yet (as the package has not been verified yet, either).

@henriman
Relate GetByte of split ranges to original slice
dafe7fd 
Also required some additional annotations to satisfy low control flow.
This might require modifications to previous packages
@henriman
Save work
8269b6c
@henriman
Make scion.go verify
44c6864
@henriman
Make scmp.go verify
dd48b10
@henriman
Stop verification effort (henriman)
3587d7e 
This package verifies successfully except for `scion_test`. Furthermore,
there are some problems with "surrounding" packages
@henriman henriman mentioned this pull request Sep 30, 2025
Open
henriman added 17 commits October 3, 2025 16:44
@henriman
Make HostSVC implement net.Addr
cf5158d
@henriman
Change line endings in path.go
21b7a9d
@henriman
Merge branch 'sif-io-spec' into sif-pkg-slayers-scratch
b5d1579
@henriman
General clean up and add TODO[henri] comments
3342df2
@henriman
Adjust TODOs for IsLowSlice
3ac41ad
@henriman
Clean up IsLow functions
c7274d2 
Where possible implement as true, otherwise add proper TODO.
@henriman
Attempt to correct trigger
1709ac5 
Before, some triggers contained `end-start`; however, this leads to
invalid triggers in the Viper encoding. I replaced these by
`len(s[start:end])`.
@henriman
Minimize assertions
0ef453c
@henriman
Clean up extn.go
27e9317
@henriman
Introduce IsLow for SerializeBuffer
e173b7d
@henriman
Address TODOs in pkg/slayers/path
e46dccb 
In the same vein, I resolved the remaining verification issues
- I verified scion_test.gobra as this turned out simpler than expected
- The other issues did not stem from Gobra issue #948, but rather from
  me adding postconditions to some methods of the `Path` interface which
  weren't satisfied by other implementing types
@henriman
Use IsLow functions in more places
3e50b0b
@henriman
Save work
bc0a8ee
@henriman
Clean up last commit
c8aa466
@henriman
Rename IsLow functions of DecodingLayer and SerializableLayer
0cd247f 
As `IsLowDecodingLayer` was more widely used and has a more general
form, I decided to rename:
- `SerializableLayer.IsLow` -> `SerializableLayer.IsLowSerializableLayer`
- `DecodingLayer.IsLowDecodingLayer` -> `DecodingLayer.IsLow`
@henriman
Replace assume by exhale/inhale for package clauses
26bd291
@henriman
Address TODOs in scion_spec.gobra
c72a390
@henriman henriman marked this pull request as ready for review October 8, 2025 01:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@henriman