Add Challenge 19: Safety of RawVec (#314)

thanhnguyen-aws · tautschnig · web-flow · commit d37c183b503b · 2025-05-21T04:14:21.000Z
This PR adds Challenge 19: Safety of RawVec

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 and MIT licenses.

---------

Co-authored-by: Michael Tautschnig &lt;tautschn@amazon.com&gt;
Co-authored-by: Michael Tautschnig &lt;mt@debian.org&gt;
diff --git a/doc/src/SUMMARY.md b/doc/src/SUMMARY.md
@@ -32,6 +32,7 @@
   - [16: Verify the safety of Iterator functions](./challenges/0016-iter.md)
   - [17: Verify the safety of slice functions](./challenges/0017-slice.md)
   - [18: Verify the safety of slice iter functions](./challenges/0018-slice-iter.md)
+  - [19: Safety of `RawVec`](./challenges/0019-rawvec.md)
   - [20: Verify the safety of char-related functions in str::pattern](./challenges/0020-str-pattern-pt1.md)
   - [21: Verify the safety of substring-related functions in str::pattern](./challenges/0021-str-pattern-pt2.md)
   - [22: Verify the safety of str iter functions](./challenges/0022-str-iter.md)
diff --git a/doc/src/challenges/0019-rawvec.md b/doc/src/challenges/0019-rawvec.md
@@ -0,0 +1,67 @@
+# Challenge 25: Verify the safety of `RawVec` functions
+
+- **Status:** Open
+- **Tracking Issue:** [#283](https://github.com/model-checking/verify-rust-std/issues/283)
+- **Start date:** *2025-03-07*
+- **End date:** *2025-10-17*
+- **Reward:** *10000 USD*
+
+-------------------
+
+
+## Goal
+
+Verify the safety of `RawVec` functions in (library/alloc/src/raw_vec/mod.rs).
+
+## Motivation 
+
+`RawVec` is the type of the main component of both `Vec` and `VecDeque`: the buffer. Therefore, the safety of the functions of `Vec` and `VecDeque` depend on the safety of `RawVec`.
+
+### Success Criteria
+
+Verify the safety of the following functions in (library/alloc/src/raw_vec/mod.rs):
+
+Write and prove the contract for the safety of the following unsafe functions:
+
+| Function |
+|---------|
+|new_cap|
+|into_box|
+|from_raw_parts_in|
+|from_nonnull_in|
+|set_ptr_and_cap|
+|shrink_unchecked|
+|deallocate|
+
+Prove the absence of undefined behavior for following safe abstractions:
+
+| Function |
+|---------|
+|drop|
+|new_in|
+|with_capacity_in|
+|try_allocate_in|
+|current_memory|
+|try_reserve|
+|try_reserve_exact|
+|grow_amortized|
+|grow_exact|
+|shrink|
+|finish_grow|
+
+The verification must be unbounded---it must hold for slices of arbitrary length.
+
+The verification must hold for generic type `T` (no monomorphization).
+
+### List of UBs
+
+All proofs must automatically ensure the absence of the following undefined behaviors [ref](https://github.com/rust-lang/reference/blob/142b2ed77d33f37a9973772bd95e6144ed9dce43/src/behavior-considered-undefined.md):
+
+* Accessing (loading from or storing to) a place that is dangling or based on a misaligned pointer.
+* Reading from uninitialized memory except for padding or unions.
+* Mutating immutable bytes.
+* Producing an invalid value
+
+
+Note: All solutions to verification challenges need to satisfy the criteria established in the [challenge book](../general-rules.md)
+in addition to the ones listed above.
