model-checking · tautschnig · Aug 12, 2025 · Aug 12, 2025
@@ -217,14 +217,16 @@ impl GotocCtx<'_> {
         // -------------------------
         //
         // In fetch functions of atomic_ptr such as https://doc.rust-lang.org/std/sync/atomic/struct.AtomicPtr.html#method.fetch_byte_add,
-        // the type of var2 can be pointer (invalid_mut).
-        // In such case, atomic binops are transformed as follows to avoid typecheck failure.
+        // the type of var1 is a pointer.
+        // In this case, var2 is guaranteed to be a usize,
+        // c.f. https://github.com/rust-lang/rust/blob/a1531335fe2807715fff569904d99602022643a7/library/core/src/intrinsics/mod.rs#L203
+        // We transform such binops as follows to avoid typecheck failure.
         // -------------------------
         // var = atomic_op(var1, var2)
         // -------------------------
         // unsigned char tmp;
         // tmp = *var1;
-        // *var1 = (typeof var1)op((size_t)*var1, (size_t)var2);
+        // *var1 = (typeof var1)op((size_t)*var1, var2);
         // var = tmp;
         // -------------------------
         //
@@ -238,9 +240,9 @@ impl GotocCtx<'_> {
                 let (tmp, decl_stmt) =
                     self.decl_temp_variable(var1.typ().clone(), Some(var1.to_owned()), loc);
                 let var2 = fargs.remove(0);
-                let op_expr = if var2.typ().is_pointer() {
+                let op_expr = if var1.typ().is_pointer() {
                     (var1.clone().cast_to(Type::c_size_t()))
-                        .$op(var2.cast_to(Type::c_size_t()))
+                        .$op(var2)
                         .with_location(loc)
                         .cast_to(var1.typ().clone())
                 } else {

@@ -2,5 +2,5 @@
 # SPDX-License-Identifier: Apache-2.0 OR MIT
 
 [toolchain]
-channel = "nightly-2025-08-09"
+channel = "nightly-2025-08-10"
 components = ["llvm-tools", "rustc-dev", "rust-src", "rustfmt"]
@@ -5,7 +5,7 @@
 // Specifically, it checks that Kani correctly handles atomic_ptr's fetch methods, in which the second argument is a pointer type.
 // These methods were not correctly handled as explained in https://github.com/model-checking/kani/issues/3042.
 
-#![feature(strict_provenance_atomic_ptr, strict_provenance)]
+#![feature(strict_provenance_atomic_ptr)]
 use std::sync::atomic::{AtomicPtr, Ordering};
 
 #[kani::proof]

@@ -25,11 +25,11 @@ fn main() {
     let c = 1 as u8;
 
     unsafe {
-        let x1 = atomic_xadd::<_, { AtomicOrdering::SeqCst }>(ptr_a1, b);
-        let x2 = atomic_xadd::<_, { AtomicOrdering::Acquire }>(ptr_a2, b);
-        let x3 = atomic_xadd::<_, { AtomicOrdering::AcqRel }>(ptr_a3, b);
-        let x4 = atomic_xadd::<_, { AtomicOrdering::Release }>(ptr_a4, b);
-        let x5 = atomic_xadd::<_, { AtomicOrdering::Relaxed }>(ptr_a5, b);
+        let x1 = atomic_xadd::<_, _, { AtomicOrdering::SeqCst }>(ptr_a1, b);
+        let x2 = atomic_xadd::<_, _, { AtomicOrdering::Acquire }>(ptr_a2, b);
+        let x3 = atomic_xadd::<_, _, { AtomicOrdering::AcqRel }>(ptr_a3, b);
+        let x4 = atomic_xadd::<_, _, { AtomicOrdering::Release }>(ptr_a4, b);
+        let x5 = atomic_xadd::<_, _, { AtomicOrdering::Relaxed }>(ptr_a5, b);
 
         assert!(x1 == 0);
         assert!(x2 == 0);

@@ -24,11 +24,11 @@ fn main() {
     let b = 0 as u8;
 
     unsafe {
-        let x1 = atomic_and::<_, { AtomicOrdering::SeqCst }>(ptr_a1, b);
-        let x2 = atomic_and::<_, { AtomicOrdering::Acquire }>(ptr_a2, b);
-        let x3 = atomic_and::<_, { AtomicOrdering::AcqRel }>(ptr_a3, b);
-        let x4 = atomic_and::<_, { AtomicOrdering::Release }>(ptr_a4, b);
-        let x5 = atomic_and::<_, { AtomicOrdering::Relaxed }>(ptr_a5, b);
+        let x1 = atomic_and::<_, _, { AtomicOrdering::SeqCst }>(ptr_a1, b);
+        let x2 = atomic_and::<_, _, { AtomicOrdering::Acquire }>(ptr_a2, b);
+        let x3 = atomic_and::<_, _, { AtomicOrdering::AcqRel }>(ptr_a3, b);
+        let x4 = atomic_and::<_, _, { AtomicOrdering::Release }>(ptr_a4, b);
+        let x5 = atomic_and::<_, _, { AtomicOrdering::Relaxed }>(ptr_a5, b);
 
         assert!(x1 == 1);
         assert!(x2 == 1);

@@ -24,11 +24,11 @@ fn main() {
     let b = u8::MAX as u8;
 
     unsafe {
-        let x1 = atomic_nand::<_, { AtomicOrdering::SeqCst }>(ptr_a1, b);
-        let x2 = atomic_nand::<_, { AtomicOrdering::Acquire }>(ptr_a2, b);
-        let x3 = atomic_nand::<_, { AtomicOrdering::AcqRel }>(ptr_a3, b);
-        let x4 = atomic_nand::<_, { AtomicOrdering::Release }>(ptr_a4, b);
-        let x5 = atomic_nand::<_, { AtomicOrdering::Relaxed }>(ptr_a5, b);
+        let x1 = atomic_nand::<_, _, { AtomicOrdering::SeqCst }>(ptr_a1, b);
+        let x2 = atomic_nand::<_, _, { AtomicOrdering::Acquire }>(ptr_a2, b);
+        let x3 = atomic_nand::<_, _, { AtomicOrdering::AcqRel }>(ptr_a3, b);
+        let x4 = atomic_nand::<_, _, { AtomicOrdering::Release }>(ptr_a4, b);
+        let x5 = atomic_nand::<_, _, { AtomicOrdering::Relaxed }>(ptr_a5, b);
 
         assert!(x1 == 0);
         assert!(x2 == 0);
@@ -42,11 +42,11 @@ fn main() {
         assert!(*ptr_a4 == b);
         assert!(*ptr_a5 == b);
 
-        let x1 = atomic_nand::<_, { AtomicOrdering::SeqCst }>(ptr_a1, b);
-        let x2 = atomic_nand::<_, { AtomicOrdering::Acquire }>(ptr_a2, b);
-        let x3 = atomic_nand::<_, { AtomicOrdering::AcqRel }>(ptr_a3, b);
-        let x4 = atomic_nand::<_, { AtomicOrdering::Release }>(ptr_a4, b);
-        let x5 = atomic_nand::<_, { AtomicOrdering::Relaxed }>(ptr_a5, b);
+        let x1 = atomic_nand::<_, _, { AtomicOrdering::SeqCst }>(ptr_a1, b);
+        let x2 = atomic_nand::<_, _, { AtomicOrdering::Acquire }>(ptr_a2, b);
+        let x3 = atomic_nand::<_, _, { AtomicOrdering::AcqRel }>(ptr_a3, b);
+        let x4 = atomic_nand::<_, _, { AtomicOrdering::Release }>(ptr_a4, b);
+        let x5 = atomic_nand::<_, _, { AtomicOrdering::Relaxed }>(ptr_a5, b);
 
         assert!(x1 == b);
         assert!(x2 == b);

@@ -25,11 +25,11 @@ fn main() {
     let c = 1 as u8;
 
     unsafe {
-        let x1 = atomic_or::<_, { AtomicOrdering::SeqCst }>(ptr_a1, b);
-        let x2 = atomic_or::<_, { AtomicOrdering::Acquire }>(ptr_a2, b);
-        let x3 = atomic_or::<_, { AtomicOrdering::AcqRel }>(ptr_a3, b);
-        let x4 = atomic_or::<_, { AtomicOrdering::Release }>(ptr_a4, b);
-        let x5 = atomic_or::<_, { AtomicOrdering::Relaxed }>(ptr_a5, b);
+        let x1 = atomic_or::<_, _, { AtomicOrdering::SeqCst }>(ptr_a1, b);
+        let x2 = atomic_or::<_, _, { AtomicOrdering::Acquire }>(ptr_a2, b);
+        let x3 = atomic_or::<_, _, { AtomicOrdering::AcqRel }>(ptr_a3, b);
+        let x4 = atomic_or::<_, _, { AtomicOrdering::Release }>(ptr_a4, b);
+        let x5 = atomic_or::<_, _, { AtomicOrdering::Relaxed }>(ptr_a5, b);
 
         assert!(x1 == 1);
         assert!(x2 == 1);

@@ -25,11 +25,11 @@ fn main() {
     let c = 0 as u8;
 
     unsafe {
-        let x1 = atomic_xsub::<_, { AtomicOrdering::SeqCst }>(ptr_a1, b);
-        let x2 = atomic_xsub::<_, { AtomicOrdering::Acquire }>(ptr_a2, b);
-        let x3 = atomic_xsub::<_, { AtomicOrdering::AcqRel }>(ptr_a3, b);
-        let x4 = atomic_xsub::<_, { AtomicOrdering::Release }>(ptr_a4, b);
-        let x5 = atomic_xsub::<_, { AtomicOrdering::Relaxed }>(ptr_a5, b);
+        let x1 = atomic_xsub::<_, _, { AtomicOrdering::SeqCst }>(ptr_a1, b);
+        let x2 = atomic_xsub::<_, _, { AtomicOrdering::Acquire }>(ptr_a2, b);
+        let x3 = atomic_xsub::<_, _, { AtomicOrdering::AcqRel }>(ptr_a3, b);
+        let x4 = atomic_xsub::<_, _, { AtomicOrdering::Release }>(ptr_a4, b);
+        let x5 = atomic_xsub::<_, _, { AtomicOrdering::Relaxed }>(ptr_a5, b);
 
         assert!(x1 == 1);
         assert!(x2 == 1);

@@ -24,11 +24,11 @@ fn main() {
     let b = 1 as u8;
 
     unsafe {
-        let x1 = atomic_xor::<_, { AtomicOrdering::SeqCst }>(ptr_a1, b);
-        let x2 = atomic_xor::<_, { AtomicOrdering::Acquire }>(ptr_a2, b);
-        let x3 = atomic_xor::<_, { AtomicOrdering::AcqRel }>(ptr_a3, b);
-        let x4 = atomic_xor::<_, { AtomicOrdering::Release }>(ptr_a4, b);
-        let x5 = atomic_xor::<_, { AtomicOrdering::Relaxed }>(ptr_a5, b);
+        let x1 = atomic_xor::<_, _, { AtomicOrdering::SeqCst }>(ptr_a1, b);
+        let x2 = atomic_xor::<_, _, { AtomicOrdering::Acquire }>(ptr_a2, b);
+        let x3 = atomic_xor::<_, _, { AtomicOrdering::AcqRel }>(ptr_a3, b);
+        let x4 = atomic_xor::<_, _, { AtomicOrdering::Release }>(ptr_a4, b);
+        let x5 = atomic_xor::<_, _, { AtomicOrdering::Relaxed }>(ptr_a5, b);
 
         assert!(x1 == 1);
         assert!(x2 == 1);