Generate arbitrary Vec with symbolic length #4320
Description
I write a simple proof for Vec::append as follows. But it fails to check the post-condition.
use std::alloc::*;
#[kani::proof]
fn main() {
// Create a valid `Vec`
let cap = kani::any::<usize>();
kani::assume(cap <= isize::MAX as usize);
let mut _vec_1 = Vec::with_capacity(cap);
let length_1 = kani::any::<usize>();
kani::assume(length_1 <= cap);
unsafe {
_vec_1.set_len(length_1);
}
// Initialize `_vec_1[i]` with
let i = kani::any::<usize>();
let value_i = kani::any::<bool>();
kani::assume(length_1 > 1 && i < length_1);
_vec_1[i] = value_i;
// `_vec_2` is a `Vec` with only one non-deterministic value.
let n = 1;
let value_j = kani::any::<bool>();
let mut _vec_2 = vec![value_j; n];
// Assume that the growth do not overflow.
kani::assume(cap <= isize::MAX as usize / 2);
kani::assume(length_1 + n <= isize::MAX as usize);
// Append
_vec_1.append(&mut _vec_2);
assert!(_vec_1.len() == length_1 + n);
assert!(_vec_2.is_empty());
// Failed Checks: assertion failed: _vec_1[i] == value_i
// File: "<builtin-library-memcpy>", line 46, in memcpy
assert!(_vec_1[i] == value_i);
// Unreachable.
assert!(_vec_1[length_1] == value_j);
}The results are:
...
SUMMARY:
** 1 of 89 failed (5 unreachable)
Failed Checks: assertion failed: _vec_1[i] == value_i
File: "<builtin-library-memcpy>", line 46, in memcpy
VERIFICATION:- FAILED
Verification Time: 6.751468s
Manual Harness Summary:
Verification failed for - main
Complete - 0 successfully verified harnesses, 1 failure, 1 total.Is there a bug in Kani or CBMC? Or, something is wrong in the above code.