-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kani for unsafe rust #16
Comments
Thanks for bringing this up!
Yes, much of the
I agree that this project needs more tests with limited scope (including unit tests), and fuzzing! Some crates will require additional code infrastructure like mocking. I've been thinking about this, and I believe that certain mocking utilities may be useful for application developers using these crates as well, allowing them to develop and debug their application code on their development system, without emulation, instead of on seL4. So we might get extra bang for our buck there. I've had a go at introducing Kani into this project (#30). I chose the I will report progress on all of these fronts in this issue. |
Very cool! I would be curious how your experience with Verus compares with Kani. |
Hi @nspin !
As we talked, I had a brief look at the unsafe code in
rust-sel4
and whether Kani could be helpful here:unsafe
logic is already fairly limited, e.g. a pointer dereference, memory transmutation or external function call. That is good (less unsafe code the better), but also there is not that much that Kani can test (not counting trivial properties, such as anyusize
ptr that is not null can be dereferenced)rust-sel4
crates, maybe we should start by adding tests/fuzzing? Don't get me wrong - your code looks really good, currently it is just hard to say why should we trust it works (maybe you have some ideas?)The text was updated successfully, but these errors were encountered: