|
| 1 | +# Challenge 21: Verify the safety of `slice` iter functions - part 2 |
| 2 | + |
| 3 | +- **Status:** Open |
| 4 | +- **Tracking Issue:** [#29](https://github.com/model-checking/verify-rust-std/issues/29) |
| 5 | +- **Start date:** *2025/03/07* |
| 6 | +- **End date:** *2025/10/17* |
| 7 | +- **Reward:** *?* |
| 8 | + |
| 9 | +------------------- |
| 10 | + |
| 11 | + |
| 12 | +## Goal |
| 13 | + |
| 14 | +Verify the safety of iter functions that are defined in (library/core/src/iter/adapters): |
| 15 | + |
| 16 | + |
| 17 | + |
| 18 | +### Success Criteria |
| 19 | + |
| 20 | +Write and prove the contract for the safety of the following functions: |
| 21 | + |
| 22 | +| Function | Defined in | |
| 23 | +|---------| ---------| |
| 24 | +|next_back_remainder| array_chunks.rs| |
| 25 | +|fold| array_chunks.rs| |
| 26 | +|__iterator_get_unchecked| clone.rs| |
| 27 | +|fold| clone.rs| |
| 28 | +|next_unchecked| clone.rs| |
| 29 | +|__iterator_get_unchecked| copied.rs| |
| 30 | +|spec_next_chunk| copied.rs| |
| 31 | +|__iterator_get_unchecked| enumerate.rs| |
| 32 | +|next_chunk| filter.rs| |
| 33 | +|next_chunk| filter_map.rs| |
| 34 | +|__iterator_get_unchecked | fuse.rs| |
| 35 | +|__iterator_get_unchecked | map.rs| |
| 36 | +|next_unchecked | map.rs| |
| 37 | +|as_array_ref | map_windows.rs| |
| 38 | +|as_uninit_array_mut | map_windows.rs| |
| 39 | +|push | map_windows.rs| |
| 40 | +|drop | map_windows.rs| |
| 41 | +|__iterator_get_unchecked | skip.rs| |
| 42 | +|original_step | step_by.rs| |
| 43 | +|spec_fold| take.rs| |
| 44 | +|spec_for_each| take.rs| |
| 45 | +|__iterator_get_unchecked | zip.rs| |
| 46 | +|get_unchecked| zip.rs| |
| 47 | +|fold| zip.rs| |
| 48 | +|next| zip.rs| |
| 49 | +|nth| zip.rs| |
| 50 | +|next_back| zip.rs| |
| 51 | +|spec_fold| zip.rs| |
| 52 | + |
| 53 | +The verification must be unbounded---it must hold for slices of arbitrary length. |
| 54 | + |
| 55 | +The verification must be hold for generic type `T` (no monomorphization). |
| 56 | + |
| 57 | +### List of UBs |
| 58 | + |
| 59 | +All proofs must automatically ensure the absence of the following undefined behaviors [ref](https://github.com/rust-lang/reference/blob/142b2ed77d33f37a9973772bd95e6144ed9dce43/src/behavior-considered-undefined.md): |
| 60 | + |
| 61 | +* Accessing (loading from or storing to) a place that is dangling or based on a misaligned pointer. |
| 62 | +* Reading from uninitialized memory except for padding or unions. |
| 63 | +* Mutating immutable bytes. |
| 64 | +* Producing an invalid value |
| 65 | + |
| 66 | + |
| 67 | +Note: All solutions to verification challenges need to satisfy the criteria established in the [challenge book](../general-rules.md) |
| 68 | +in addition to the ones listed above. |
0 commit comments