Upgrade Rust toolchain to nightly-2025-12-04

.github/workflows/kani.yml

@@ -60,6 +60,11 @@ jobs:
 
   perf:
     runs-on: ubuntu-24.04
+    # The full perf suite baseline runs in ~45 min; with the per-test --timeout
+    # in scripts/kani-perf.sh as a guardrail, the worst-case suite duration is
+    # 15 x 600s = 150 min. A retry doubles that ceiling, so the job timeout
+    # has to sit above (step timeout) x (max_attempts) to let the retry land.
+    timeout-minutes: 380
     permissions:
       contents: read
     steps:
@@ -72,7 +77,14 @@ jobs:
           os: ubuntu-24.04
 
       - name: Execute Kani performance tests
-        run: ./scripts/kani-perf.sh
+        # Retry on infra-driven failures (spot preemption / runner shutdown).
+        # The script itself bounds per-test wall time, so functional regressions
+        # surface as normal test failures and are not retried indefinitely.
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 180
+          max_attempts: 2
+          command: ./scripts/kani-perf.sh
         env:
           RUST_TEST_THREADS: 1
 

kani-compiler/src/kani_middle/reachability.rs

@@ -32,13 +32,14 @@ use rustc_public::mir::{
 use rustc_public::rustc_internal;
 use rustc_public::ty::{Allocation, ClosureKind, ConstantKind, RigidTy, Ty, TyKind};
 use rustc_public::{CrateDef, ItemKind};
+#[cfg(debug_assertions)]
 use rustc_session::config::OutputType;
+use std::collections::{HashMap, HashSet};
 use std::fmt::{Display, Formatter};
-use std::{
-    collections::{HashMap, HashSet},
-    fs::File,
-    io::{BufWriter, Write},
-};
+#[cfg(debug_assertions)]
+use std::fs::File;
+#[cfg(debug_assertions)]
+use std::io::{BufWriter, Write};
 
 use crate::kani_middle::coercion;
 use crate::kani_middle::coercion::CoercionBase;
@@ -580,6 +581,7 @@ impl CallGraph {
 
     /// Print the graph in DOT format to a file.
     /// See <https://graphviz.org/doc/info/lang.html> for more information.
+    #[cfg(debug_assertions)]
     fn dump_dot(&self, tcx: TyCtxt, initial: Option<MonoItem>) -> std::io::Result<()> {
         if let Ok(target) = std::env::var("KANI_REACH_DEBUG") {
             debug!(?target, "dump_dot");
@@ -608,6 +610,7 @@ impl CallGraph {
     }
 
     /// Write all notes to the given writer.
+    #[cfg(debug_assertions)]
     fn dump_all<W: Write>(&self, writer: &mut W) -> std::io::Result<()> {
         tracing::info!(nodes=?self.nodes.len(), edges=?self.edges.len(), "dump_all");
         for node in &self.nodes {
@@ -621,6 +624,7 @@ impl CallGraph {
     }
 
     /// Write all notes that may have led to the discovery of the given target.
+    #[cfg(debug_assertions)]
     fn dump_reason<W: Write>(&self, writer: &mut W, target: &str) -> std::io::Result<()> {
         let mut queue: Vec<Node> =
             self.nodes.iter().filter(|item| item.to_string().contains(target)).cloned().collect();

rust-toolchain.toml

@@ -2,5 +2,5 @@
 # SPDX-License-Identifier: Apache-2.0 OR MIT
 
 [toolchain]
-channel = "nightly-2025-12-03"
+channel = "nightly-2025-12-04"
 components = ["llvm-tools", "rustc-dev", "rust-src", "rustfmt"]

scripts/kani-fmt.sh

@@ -30,7 +30,13 @@ cargo fmt ${check_flag} || error=1
 # Check test source files.
 TESTS=("tests" "docs/src/tutorial")
 # Add ignore patterns for code we don't want to format.
-IGNORE=("*/perf/s2n-quic/*")
+# `*/perf/s2n-quic/*` excludes the upstream submodule.
+# `*/perf/overlays/*` excludes the overlay sources (see
+# `tests/perf/overlays/README.md`): these are partial copies of submodule
+# files staged for `cp -r` by `scripts/kani-perf.sh`, and they can reference
+# `mod` declarations whose siblings only exist in the submodule, so rustfmt
+# cannot standalone-parse them.
+IGNORE=("*/perf/s2n-quic/*" "*/perf/overlays/*")
 
 # Arguments for the find command for excluding the IGNORE paths
 IGNORE_ARGS=()

scripts/kani-perf.sh

@@ -26,8 +26,15 @@ done
 
 suite="perf"
 mode="cargo-kani-test"
-echo "Check compiletest suite=$suite mode=$mode"
-cargo run -p compiletest -- --suite $suite --mode $mode --no-fail-fast
+# Bound each test's wall time so a runaway case (e.g. an OOM-prone harness)
+# fails as a normal test failure with output, instead of triggering an
+# unattributable runner OOM-kill / shutdown signal in CI.
+# Default 600s (10 min) is well above the typical perf-case runtime (seconds
+# to a couple of minutes) and keeps the worst-case suite duration compatible
+# with the workflow step timeout. Override via KANI_PERF_TEST_TIMEOUT.
+timeout_secs="${KANI_PERF_TEST_TIMEOUT:-600}"
+echo "Check compiletest suite=$suite mode=$mode timeout=${timeout_secs}s"
+cargo run -p compiletest -- --suite $suite --mode $mode --no-fail-fast --timeout "$timeout_secs"
 exit_code=$?
 
 echo "Cleaning up..."