Open zhassan-aws opened 1 week ago
To double check that the two versions are equivalent, I wrote this harness:
#[kani::proof]
#[kani::unwind(4)]
fn main() {
let buf: [u8; 3] = kani::any();
if let Ok(s) = std::str::from_utf8(&buf) {
let index = kani::any_where(|i| *i <= s.len() && s.is_char_boundary(*i));
let slice1 = &s[index..];
let slice2 = s.get(index..).unwrap();
assert!(slice1 == slice2);
}
}
which successfully verifies (up to 3 bytes). Beyond 3 bytes, it runs out of memory.
For the following program:
CBMC's memory usage exceeds 24 GB after running for 2 minutes. These are the last few lines it prints before running out of memory:
For the commented-out version of the slice indexing operation (which is supposedly equivalent), verification is successful in ~26 seconds with less than 1 GB of memory usage: