Skip to content

Commit 79bf129

Browse files
ShadowCurseroypat
authored andcommitted
fix(iovec): update default used constants
Use `FIRECRACKER_MAX_QUEUE_SIZE` for default type alias. Use `L` const generic in the stub for `push_back` for kani. Signed-off-by: Egor Lazarchuk <yegorlz@amazon.co.uk>
1 parent 841de95 commit 79bf129

File tree

1 file changed

+20
-18
lines changed

1 file changed

+20
-18
lines changed

src/vmm/src/devices/virtio/iovec.rs

Lines changed: 20 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -482,10 +482,12 @@ mod tests {
482482
use super::IoVecBuffer;
483483
// Redefine `IoVecBufferMut` with specific length. Otherwise
484484
// Rust will not know what to do.
485-
type IoVecBufferMut = super::IoVecBufferMut<256>;
485+
type IoVecBufferMutDefault = super::IoVecBufferMut<FIRECRACKER_MAX_QUEUE_SIZE>;
486486

487487
use crate::devices::virtio::iov_deque::IovDeque;
488-
use crate::devices::virtio::queue::{Queue, VIRTQ_DESC_F_NEXT, VIRTQ_DESC_F_WRITE};
488+
use crate::devices::virtio::queue::{
489+
Queue, FIRECRACKER_MAX_QUEUE_SIZE, VIRTQ_DESC_F_NEXT, VIRTQ_DESC_F_WRITE,
490+
};
489491
use crate::devices::virtio::test_utils::VirtQueue;
490492
use crate::test_utils::multi_region_mem;
491493
use crate::vstate::memory::{Bytes, GuestAddress, GuestMemoryMmap};
@@ -614,12 +616,12 @@ mod tests {
614616
let (mut q, _) = read_only_chain(&mem);
615617
let head = q.pop().unwrap();
616618
// SAFETY: This descriptor chain is only loaded into one buffer
617-
unsafe { IoVecBufferMut::from_descriptor_chain(&mem, head).unwrap_err() };
619+
unsafe { IoVecBufferMutDefault::from_descriptor_chain(&mem, head).unwrap_err() };
618620

619621
let (mut q, _) = write_only_chain(&mem);
620622
let head = q.pop().unwrap();
621623
// SAFETY: This descriptor chain is only loaded into one buffer
622-
unsafe { IoVecBufferMut::from_descriptor_chain(&mem, head).unwrap() };
624+
unsafe { IoVecBufferMutDefault::from_descriptor_chain(&mem, head).unwrap() };
623625
}
624626

625627
#[test]
@@ -640,7 +642,8 @@ mod tests {
640642
let head = q.pop().unwrap();
641643

642644
// SAFETY: This descriptor chain is only loaded once in this test
643-
let mut iovec = unsafe { IoVecBufferMut::from_descriptor_chain(&mem, head).unwrap() };
645+
let mut iovec =
646+
unsafe { IoVecBufferMutDefault::from_descriptor_chain(&mem, head).unwrap() };
644647
assert_eq!(iovec.len(), 4 * 64);
645648

646649
// We are creating a new queue where we can get descriptors from. Probably, this is not
@@ -717,7 +720,8 @@ mod tests {
717720
let head = q.pop().unwrap();
718721

719722
// SAFETY: This descriptor chain is only loaded into one buffer
720-
let mut iovec = unsafe { IoVecBufferMut::from_descriptor_chain(&mem, head).unwrap() };
723+
let mut iovec =
724+
unsafe { IoVecBufferMutDefault::from_descriptor_chain(&mem, head).unwrap() };
721725
let buf = vec![0u8, 1, 2, 3, 4];
722726

723727
// One test vector for each part of the chain
@@ -814,8 +818,8 @@ mod verification {
814818
use crate::devices::virtio::iov_deque::IovDeque;
815819
// Redefine `IoVecBufferMut` and `IovDeque` with specific length. Otherwise
816820
// Rust will not know what to do.
817-
type IoVecBufferMut256 = super::IoVecBufferMut<256>;
818-
type IovDeque256 = IovDeque<256>;
821+
type IoVecBufferMutDefault = super::IoVecBufferMut<FIRECRACKER_MAX_QUEUE_SIZE>;
822+
type IovDequeDefault = IovDeque<FIRECRACKER_MAX_QUEUE_SIZE>;
819823

820824
use crate::arch::PAGE_SIZE;
821825
use crate::devices::virtio::queue::FIRECRACKER_MAX_QUEUE_SIZE;
@@ -860,10 +864,10 @@ mod verification {
860864
);
861865

862866
let offset = (deque.start + deque.len) as usize;
863-
let mirror = if offset >= FIRECRACKER_MAX_QUEUE_SIZE as usize {
864-
offset - FIRECRACKER_MAX_QUEUE_SIZE as usize
867+
let mirror = if offset >= L as usize {
868+
offset - L as usize
865869
} else {
866-
offset + FIRECRACKER_MAX_QUEUE_SIZE as usize
870+
offset + L as usize
867871
};
868872

869873
// SAFETY: self.iov is a valid pointer and `self.start + self.len` is within range (we
@@ -904,22 +908,22 @@ mod verification {
904908
}
905909
}
906910

907-
fn create_iov_deque() -> IovDeque256 {
911+
fn create_iov_deque() -> IovDequeDefault {
908912
// SAFETY: safe because the layout has non-zero size
909913
let mem = unsafe {
910914
std::alloc::alloc(std::alloc::Layout::from_size_align_unchecked(
911915
2 * PAGE_SIZE,
912916
PAGE_SIZE,
913917
))
914918
};
915-
IovDeque256 {
919+
IovDequeDefault {
916920
iov: mem.cast(),
917921
start: kani::any_where(|&start| start < FIRECRACKER_MAX_QUEUE_SIZE),
918922
len: 0,
919923
}
920924
}
921925

922-
fn create_iovecs_mut(mem: *mut u8, size: usize, nr_descs: usize) -> (IovDeque256, u32) {
926+
fn create_iovecs_mut(mem: *mut u8, size: usize, nr_descs: usize) -> (IovDequeDefault, u32) {
923927
let mut vecs = create_iov_deque();
924928
let mut len = 0u32;
925929
for _ in 0..nr_descs {
@@ -939,7 +943,7 @@ mod verification {
939943
(vecs, len)
940944
}
941945

942-
impl IoVecBufferMut256 {
946+
impl IoVecBufferMutDefault {
943947
fn any_of_length(nr_descs: usize) -> Self {
944948
// We only write into `IoVecBufferMut` objects, so we can simply create a guest memory
945949
// object initialized to zeroes, trying to be nice to Kani.
@@ -1029,12 +1033,10 @@ mod verification {
10291033
#[kani::proof]
10301034
#[kani::unwind(5)]
10311035
#[kani::solver(cadical)]
1032-
// The `IovDeque` is defined as type alias in the kani module. Because of this
1033-
// we need to specify original type here for stub to work.
10341036
#[kani::stub(IovDeque::push_back, stubs::push_back)]
10351037
fn verify_write_to_iovec() {
10361038
for nr_descs in 0..MAX_DESC_LENGTH {
1037-
let mut iov_mut = IoVecBufferMut256::any_of_length(nr_descs);
1039+
let mut iov_mut = IoVecBufferMutDefault::any_of_length(nr_descs);
10381040

10391041
let mut buf = kani::vec::any_vec::<u8, GUEST_MEMORY_SIZE>();
10401042
let offset: u32 = kani::any();

0 commit comments

Comments
 (0)