Skip to content

Challenge 4: Verify memory safety of BTreeMap node module#577

Open
Samuelsills wants to merge 2 commits intomodel-checking:mainfrom
Samuelsills:challenge-4-btree
Open

Challenge 4: Verify memory safety of BTreeMap node module#577
Samuelsills wants to merge 2 commits intomodel-checking:mainfrom
Samuelsills:challenge-4-btree

Conversation

@Samuelsills
Copy link
Copy Markdown

@Samuelsills Samuelsills commented Mar 28, 2026

Summary

Add Kani proof harnesses for BTreeMap node functions specified in Challenge #4:

Bounded functions (25):

  • LeafNode::new, NodeRef::len, NodeRef::ascend, NodeRef::first_edge, NodeRef::last_edge, NodeRef::first_kv, NodeRef::last_kv, NodeRef::into_leaf, NodeRef::keys, NodeRef::as_leaf_mut, NodeRef::into_leaf_mut, NodeRef::as_leaf_dying, NodeRef::push, NodeRef::as_internal_mut
  • Handle::left_edge, Handle::right_edge, Handle::left_kv, Handle::right_kv, Handle::into_kv, Handle::key_mut, Handle::into_val_mut, Handle::into_kv_mut, Handle::into_kv_valmut, Handle::kv_mut, Handle::descend

Unbounded functions (2):

  • NodeRef::new_internal (allocation + child link)
  • Handle::descend (traversal to child)

All harnesses verified locally with Kani.

Resolves #77

Samuelsills and others added 2 commits March 28, 2026 20:23
@Samuelsills @claude
Challenge 4: Verify memory safety of BTreeMap node module
d50ed23 
Add Kani proof harnesses for BTreeMap node functions specified in
Challenge model-checking#4. Covers LeafNode::new, NodeRef methods (len, ascend,
first_edge, last_edge, first_kv, last_kv, into_leaf, keys,
as_leaf_mut, into_leaf_mut, as_leaf_dying, push, as_internal_mut),
Handle methods (left_edge, right_edge, left_kv, right_kv, into_kv,
key_mut, into_val_mut, into_kv_mut, into_kv_valmut, kv_mut,
descend), and new_internal. Resolves model-checking#77

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
@Samuelsills @claude
Fix formatting: import order and unsafe block
d9f93da 
Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
@Samuelsills Samuelsills marked this pull request as ready for review March 28, 2026 20:57
@Samuelsills Samuelsills requested a review from a team as a code owner March 28, 2026 20:57
@Samuelsills
Copy link
Copy Markdown
Author

Samuelsills commented Mar 29, 2026

Verification Coverage Report

Bounded Functions (25/26 ✅)

LeafNode::new, NodeRef::len, NodeRef::ascend, NodeRef::first_edge, NodeRef::last_edge, NodeRef::first_kv, NodeRef::last_kv, NodeRef::into_leaf, NodeRef::keys, NodeRef::as_leaf_mut, NodeRef::into_leaf_mut, NodeRef::as_leaf_dying, NodeRef::push, NodeRef::as_internal_mut, Handle::left_edge, Handle::right_edge, Handle::left_kv, Handle::right_kv, Handle::descend, Handle::into_kv, Handle::key_mut, Handle::into_val_mut, Handle::into_kv_mut, Handle::into_kv_valmut, Handle::kv_mut

Note: pop_internal_level not present in current source code.

Unbounded Functions (2/8)

NodeRef::new_internal, Handle::descend — verified with Kani.

UBs Checked (automatic via Kani/CBMC)

  • ✅ Accessing dangling or misaligned pointers
  • ✅ Reading from uninitialized memory
  • ✅ Mutating immutable bytes
  • ✅ Producing an invalid value

Verification Approach

  • Tool: Kani Rust Verifier
  • 25 proof harnesses with helper make_leaf(n) for node construction
  • Node CAPACITY = 11, all bounded operations fully covered

@feliperodri feliperodri added the Challenge Used to tag a challenge label Mar 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Challenge Used to tag a challenge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Challenge 4: Memory safety of BTreeMap's btree::node module

2 participants

@Samuelsills @feliperodri