Skip to content

Challenge 10: Verify memory safety of String functions#571

Open
Samuelsills wants to merge 2 commits intomodel-checking:mainfrom
Samuelsills:challenge-10-string
Open

Challenge 10: Verify memory safety of String functions#571
Samuelsills wants to merge 2 commits intomodel-checking:mainfrom
Samuelsills:challenge-10-string

Conversation

@Samuelsills
Copy link
Copy Markdown

@Samuelsills Samuelsills commented Mar 26, 2026

Summary

Add Kani proof harnesses for all 15 String functions specified in Challenge #10:

  • Bounded: pop, remove, insert, drain, into_boxed_str, leak
  • Unbounded: from_utf16le, from_utf16le_lossy, from_utf16be, from_utf16be_lossy, remove_matches, retain, insert_str, split_off, replace_range

All harnesses verified locally with Kani.

Resolves #61

Samuelsills and others added 2 commits March 26, 2026 22:14
@Samuelsills @claude
Challenge 10: Verify memory safety of String functions
b5eb2c2 
Add Kani proof harnesses for all 15 String functions specified in
Challenge model-checking#10: pop, remove, insert, insert_str, split_off, drain,
replace_range, into_boxed_str, leak, from_utf16le, from_utf16le_lossy,
from_utf16be, from_utf16be_lossy, retain, remove_matches.
Resolves model-checking#61

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
@Samuelsills @claude
Fix formatting: add blank line between use groups
cef17fd 
Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
@Samuelsills Samuelsills marked this pull request as ready for review March 27, 2026 07:15
@Samuelsills Samuelsills requested a review from a team as a code owner March 27, 2026 07:15
@Samuelsills
Copy link
Copy Markdown
Author

Samuelsills commented Mar 29, 2026

Verification Coverage Report

Functions Verified (15/15 ✅)

# Function Bounded/Unbounded Verified
1 from_utf16le unbounded
2 from_utf16le_lossy unbounded
3 from_utf16be unbounded
4 from_utf16be_lossy unbounded
5 pop bounded
6 remove bounded
7 remove_matches unbounded
8 retain unbounded
9 insert bounded
10 insert_str unbounded
11 split_off unbounded
12 drain bounded
13 replace_range unbounded
14 into_boxed_str bounded
15 leak bounded

UBs Checked (automatic via Kani/CBMC)

  • ✅ Accessing dangling or misaligned pointers
  • ✅ Reading from uninitialized memory
  • ✅ Mutating immutable bytes
  • ✅ Producing an invalid value

Verification Approach

  • Tool: Kani Rust Verifier
  • 15 proof harnesses using concrete strings (String::from("hello") etc.)
  • UTF-16 functions tested with small byte arrays

@feliperodri feliperodri added the Challenge Used to tag a challenge label Mar 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Challenge Used to tag a challenge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Challenge 10: Memory safety of String

2 participants

@Samuelsills @feliperodri