Skip to content

Implement stub sets for reusable stub groups#4594

Open
feliperodri wants to merge 5 commits into
model-checking:mainfrom
feliperodri:stub-sets
Open

Implement stub sets for reusable stub groups#4594
feliperodri wants to merge 5 commits into
model-checking:mainfrom
feliperodri:stub-sets

Conversation

@feliperodri
Copy link
Copy Markdown
Contributor

@feliperodri feliperodri commented Apr 28, 2026

Add kani::stub_set! macro and #[kani::use_stub_set] attribute for defining reusable groups of stubs that can be applied to multiple proof harnesses without repeating individual #[kani::stub] annotations.

Resolves #2096.

Problem

When multiple proof harnesses need the same set of stubs (e.g., mocking I/O, randomness, or network calls), users must duplicate #[kani::stub(orig, repl)] annotations on every harness. This is verbose, error-prone, and makes it hard to maintain consistent stub configurations across a test suite.

Solution

kani::stub_set! macro

Defines a named, reusable group of stub pairs:

kani::stub_set! {
    pub my_io_stubs {
        stub(std::fs::read, mock_read)
        stub(std::fs::write, mock_write)
        use_stub_set(other_stubs)  // compose with other sets
    }
}

#[kani::use_stub_set] attribute

Applies a stub set to a harness:

#[kani::proof]
#[kani::use_stub_set(my_io_stubs)]
fn check_with_mocked_io() { ... }

Features

  • Composition: Stub sets can include use_stub_set(other_set) entries to compose sets
  • Visibility: pub modifier for cross-module access
  • Combining: #[kani::use_stub_set] works alongside individual #[kani::stub] attributes
  • Per-harness: Different harnesses can use different stub sets
  • Circular reference detection: Errors on circular use_stub_set references

Implementation

  • stub_set! generates a const with a #[kanitool::stub_set(...)] attribute encoding the stub pairs
  • use_stub_set resolution in attributes.rs reads the attribute, resolves paths relative to the harness module, and expands the pairs into the harness's stub list
  • Path resolution in resolve.rs extended to look up stub_set consts

Testing

5 tests covering:

  • stub_set_basic.rs — basic stub set definition and usage
  • stub_set_composed.rs — composing stub sets via use_stub_set entries
  • stub_set_module.rs — cross-module access with pub visibility
  • stub_set_per_harness.rs — different stub sets per harness
  • stub_set_with_individual.rs — combining stub sets with individual #[kani::stub]

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses.

@feliperodri feliperodri added this to the Stubbing milestone Apr 28, 2026
@feliperodri feliperodri added [C] Feature / Enhancement A new feature request or enhancement to an existing feature. Z-Contracts Issue related to code contracts labels Apr 28, 2026
@github-actions github-actions Bot added Z-EndToEndBenchCI Tag a PR to run benchmark CI Z-CompilerBenchCI Tag a PR to run benchmark CI labels Apr 28, 2026
@feliperodri feliperodri force-pushed the stub-sets branch 3 times, most recently from af1c2d1 to 0786b2f Compare April 28, 2026 15:09
@feliperodri feliperodri marked this pull request as ready for review April 28, 2026 15:16
@feliperodri feliperodri requested a review from a team as a code owner April 28, 2026 15:16
adpaco-aws
adpaco-aws reviewed May 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@adpaco-aws adpaco-aws left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Glad to see this feature becoming a reality!

Overall, it's looking great. We should add a couple test cases just to ensure no regressions in the future.

Comment thread kani-compiler/src/kani_middle/attributes.rs
Comment thread docs/src/reference/experimental/stubbing.md
@feliperodri
feat(stubbing): Implement stub sets (model-checking#2096)
83358f5 
Add kani::stub_set! macro and #[kani::use_stub_set] attribute for
defining reusable groups of stubs that can be applied to multiple
proof harnesses.

Stub sets support:
- Grouping multiple stub(original, replacement) pairs under a name
- Composing stub sets via use_stub_set(other_set) entries
- Visibility modifiers for cross-module access (pub)
- Combining with individual #[kani::stub] attributes
- Different stub sets per harness
- Circular reference detection

Implementation:
- stub_set! generates a const with #[kanitool::stub_set(...)] attribute
- use_stub_set resolves the const, reads the attribute, and expands
  the stub pairs into the harness's stub list
- Paths in stub sets are resolved relative to the harness module

Resolves model-checking#2096
@feliperodri
fix(stubbing): Fix stub_set doc-tests and pub visibility
22d62a7 
Mark stub_set! doc examples as `ignore` since kanitool is only
registered when running under the Kani compiler, not plain rustc.

Add a doc comment to the pub macro arm so pub stub sets appear
meaningfully in rustdoc. The non-pub arm already correctly applies
#[doc(hidden)].
@feliperodri
test(stubbing): Add expected-output test for stub set cycle detection
0998c16 
Add a test that verifies circular stub set references (set_a → set_b →
set_a) are detected and reported as errors. This exercises the DFS
stack-based cycle detection in collect_stubs_from_set.
@feliperodri
refactor(stubbing): Improve stub set error coverage and diagnostics
80a5df7 
Add expected-output test for invalid entries in stub_set! (e.g.,
unknown_entry(foo)) to verify the error path in collect_stubs_from_set.

Replace bare unreachable!() in the StubSet arm of harness_attributes
with a descriptive message for easier debugging if the invariant is
ever violated.
@feliperodri
test(stubbing): Add regression tests for stub set edge cases
0fa31af 
Add two new tests to cover stub set behaviors that were not previously
exercised:

1. `stub-set-not-a-stub-set` (expected-output test): Using a regular
   const (not defined via `kani::stub_set!`) in `#[kani::use_stub_set]`
   should produce a clear error: `is not a stub set (missing
   `kani::stub_set!` definition)`.

2. `stub_set_multiple_use` (kani test): Multiple
   `#[kani::use_stub_set(...)]` attributes on the same harness are all
   applied, and can be combined with individual `#[kani::stub]`
   attributes.
@feliperodri feliperodri enabled auto-merge May 13, 2026 20:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@adpaco-aws adpaco-aws adpaco-aws approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

[C] Feature / Enhancement A new feature request or enhancement to an existing feature. Z-CompilerBenchCI Tag a PR to run benchmark CI Z-Contracts Issue related to code contracts Z-EndToEndBenchCI Tag a PR to run benchmark CI

Projects

None yet

Milestone

Stubbing

Development

Successfully merging this pull request may close these issues.

Implement stub-sets

2 participants

@feliperodri @adpaco-aws