Replace vector-map by linear-map dependency (rust-lang#1120)

The `vector-map` crate indirectly depends on a vulnerable version of
rand_core. This crate hasn't been released for the past 2 years,
and there hasn't been any activity in their github either. I'm replacing
it by `linear-map` for now to fix the security warnings.

Note that linear-map last release was 6 years ago, so we may have to
remove it eventually. At least this crate only depends on serde.

Author: celinval

Cargo.lock

@@ -18,7 +18,7 @@ version = "0.7.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fcb51a0695d8f838b1ee009b3fbf66bda078cd64590202a864a8f3e8c4315c47"
 dependencies = [
- "getrandom 0.2.6",
+ "getrandom",
  "once_cell",
  "version_check",
 ]
@@ -170,29 +170,18 @@ dependencies = [
  "winapi",
 ]
 
-[[package]]
-name = "contracts"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c9424f2ca1e42776615720e5746eed6efa19866fdbaac2923ab51c294ac4d1f2"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
-
 [[package]]
 name = "cprover_bindings"
 version = "0.0.0"
 dependencies = [
  "lazy_static",
+ "linear-map",
  "num",
  "num-traits",
  "serde",
  "serde_test",
  "string-interner",
  "tracing",
- "vector-map",
 ]
 
 [[package]]
@@ -280,17 +269,6 @@ dependencies = [
  "unicode-width",
 ]
 
-[[package]]
-name = "getrandom"
-version = "0.1.16"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8fc3cb4d91f53b50155bdcfd23f6a4c39ae1969c2ae85982b135750cccaf5fce"
-dependencies = [
- "cfg-if",
- "libc",
- "wasi 0.9.0+wasi-snapshot-preview1",
-]
-
 [[package]]
 name = "getrandom"
 version = "0.2.6"
@@ -299,7 +277,7 @@ checksum = "9be70c98951c83b8d2f8f60d7065fa6d5146873094452a1008da8c2f1e4205ad"
 dependencies = [
  "cfg-if",
  "libc",
- "wasi 0.10.2+wasi-snapshot-preview1",
+ "wasi",
 ]
 
 [[package]]
@@ -450,6 +428,16 @@ version = "0.2.124"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "21a41fed9d98f27ab1c6d161da622a4fa35e8a54a8adc24bbf3ddd0ef70b0e50"
 
+[[package]]
+name = "linear-map"
+version = "1.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bfae20f6b19ad527b550c223fddc3077a547fc70cda94b9b566575423fd303ee"
+dependencies = [
+ "serde",
+ "serde_test",
+]
+
 [[package]]
 name = "lock_api"
 version = "0.4.7"
@@ -678,12 +666,6 @@ version = "0.2.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e280fbe77cc62c91527259e9442153f4688736748d24660126286329742b4c6c"
 
-[[package]]
-name = "ppv-lite86"
-version = "0.2.16"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eb9f9e6e233e5c4a35559a617bf40a4ec447db2e84c20b55a6f83167b7e57872"
-
 [[package]]
 name = "proc-macro-error"
 version = "1.0.4"
@@ -737,47 +719,6 @@ dependencies = [
  "proc-macro2",
 ]
 
-[[package]]
-name = "rand"
-version = "0.7.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03"
-dependencies = [
- "getrandom 0.1.16",
- "libc",
- "rand_chacha",
- "rand_core",
- "rand_hc",
-]
-
-[[package]]
-name = "rand_chacha"
-version = "0.2.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f4c8ed856279c9737206bf725bf36935d8666ead7aa69b52be55af369d193402"
-dependencies = [
- "ppv-lite86",
- "rand_core",
-]
-
-[[package]]
-name = "rand_core"
-version = "0.5.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19"
-dependencies = [
- "getrandom 0.1.16",
-]
-
-[[package]]
-name = "rand_hc"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ca3129af7b92a17112d59ad498c6f81eaf463253766b90396d39ea7a39d6613c"
-dependencies = [
- "rand_core",
-]
-
 [[package]]
 name = "rayon"
 version = "1.5.2"
@@ -1181,16 +1122,6 @@ version = "0.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191"
 
-[[package]]
-name = "vector-map"
-version = "1.0.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "550f72ae94a45c0e2139188709e6c4179f0b5ff9bdaa435239ad19048b0cd68c"
-dependencies = [
- "contracts",
- "rand",
-]
-
 [[package]]
 name = "version_check"
 version = "0.9.4"
@@ -1208,12 +1139,6 @@ dependencies = [
  "winapi-util",
 ]
 
-[[package]]
-name = "wasi"
-version = "0.9.0+wasi-snapshot-preview1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519"
-
 [[package]]
 name = "wasi"
 version = "0.10.2+wasi-snapshot-preview1"

cprover_bindings/Cargo.toml

@@ -5,6 +5,7 @@
 name = "cprover_bindings"
 version = "0.0.0"
 edition = "2018"
+license = "MIT OR Apache-2.0"
 
 [lib]
 test = true
@@ -17,7 +18,7 @@ num-traits = "0.2"
 serde = {version = "1", features = ["derive"]}
 string-interner = "0.14.0"
 tracing = "0.1"
-vector-map = "1.0.1"
+linear-map = {version = "1.2", features = ["serde_impl"]}
 
 [dev-dependencies]
 serde_test = "1"

cprover_bindings/src/irep/irep.rs

@@ -6,9 +6,9 @@ use super::super::goto_program::{Location, Type};
 use super::super::MachineModel;
 use super::{IrepId, ToIrep};
 use crate::cbmc_string::InternedString;
+use linear_map::LinearMap;
 use num::BigInt;
 use std::fmt::Debug;
-use vector_map::VecMap;
 
 /// The CBMC serialization format for goto-programs.
 /// CBMC implementation code is at:
@@ -17,7 +17,7 @@ use vector_map::VecMap;
 pub struct Irep {
     pub id: IrepId,
     pub sub: Vec<Irep>,
-    pub named_sub: VecMap<IrepId, Irep>,
+    pub named_sub: LinearMap<IrepId, Irep>,
 }
 
 /// Getters
@@ -102,7 +102,7 @@ impl Irep {
     }
 
     pub fn just_id(id: IrepId) -> Irep {
-        Irep { id: id, sub: Vec::new(), named_sub: VecMap::new() }
+        Irep { id: id, sub: Vec::new(), named_sub: LinearMap::new() }
     }
 
     pub fn just_int_id<T>(i: T) -> Irep
@@ -111,7 +111,7 @@ impl Irep {
     {
         Irep::just_id(IrepId::from_int(i))
     }
-    pub fn just_named_sub(named_sub: VecMap<IrepId, Irep>) -> Irep {
+    pub fn just_named_sub(named_sub: LinearMap<IrepId, Irep>) -> Irep {
         Irep { id: IrepId::EmptyString, sub: vec![], named_sub: named_sub }
     }
 
@@ -120,7 +120,7 @@ impl Irep {
     }
 
     pub fn just_sub(sub: Vec<Irep>) -> Irep {
-        Irep { id: IrepId::EmptyString, sub: sub, named_sub: VecMap::new() }
+        Irep { id: IrepId::EmptyString, sub: sub, named_sub: LinearMap::new() }
     }
 
     pub fn nil() -> Irep {

cprover_bindings/src/irep/serialize.rs

@@ -5,23 +5,6 @@ use crate::irep::{Irep, IrepId, Symbol, SymbolTable};
 use crate::InternedString;
 use serde::ser::{SerializeMap, Serializer};
 use serde::Serialize;
-use vector_map::VecMap;
-
-// Wrapper type to allow impl of trait (otherwise impossible when both trait and type are external).
-struct MapWrapper<'a, K, V>(&'a VecMap<K, V>);
-
-impl<K: serde::Serialize, V: serde::Serialize> Serialize for MapWrapper<'_, K, V> {
-    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
-    where
-        S: Serializer,
-    {
-        let mut obj = serializer.serialize_map(None)?;
-        for (k, v) in self.0 {
-            obj.serialize_entry(k, v)?;
-        }
-        obj.end()
-    }
-}
 
 impl Serialize for Irep {
     fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
@@ -34,7 +17,7 @@ impl Serialize for Irep {
             obj.serialize_entry("sub", &self.sub)?;
         }
         if !self.named_sub.is_empty() {
-            obj.serialize_entry("namedSub", &MapWrapper(&self.named_sub))?;
+            obj.serialize_entry("namedSub", &self.named_sub)?;
         }
         obj.end()
     }