search

hacspec / hax

A Rust verification tool
https://hacspec.org/blog
Apache License 2.0
153 stars 15 forks source link

Double return bug #720

Open mamonet opened 2 weeks ago

mamonet commented 2 weeks ago

There are cases where extracted F files in libcrux-ml-kem have redundant third return value where just double are supposed to be at the receiving side. This breaks lax-check of affected F files. Here is an example of this bug https://github.com/cryspen/libcrux/blob/dev/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst#L34

It's fixed manually here https://github.com/cryspen/libcrux/blob/dev_ml_kem_lax/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst#L34

W95Psp commented 1 week ago

Thanks for the bug report Mamone!

I'm looking at it now, here is a minimized reproducer:

fn f(n: &mut usize) {
    for _ in 0..10 {
        *n += 1;
    }
}

The problem shows up only when n is a &mut.

W95Psp commented 5 days ago

Thanks for the issue! I spent a few hours on that, I don't have a fix yet.

I think this issue shows up mainly in functions that ends with a loop. A workaround is to add a () at the end of the function, e.g.:

fn f(n: &mut usize) {
    for _ in 0..10 {
        *n += 1;
    }
}

becomes:

fn f(n: &mut usize) {
    for _ in 0..10 {
        *n += 1;
    };
   ()
}