2018-10-26 04:31:20 -05:00
|
|
|
use std::cell::RefCell;
|
2018-10-16 11:01:50 -05:00
|
|
|
|
2018-11-05 09:05:17 -06:00
|
|
|
use rustc::ty::{self, layout::Size};
|
2018-11-09 03:53:28 -06:00
|
|
|
use rustc::hir::{Mutability, MutMutable, MutImmutable};
|
2018-10-16 11:01:50 -05:00
|
|
|
|
2018-11-01 02:55:03 -05:00
|
|
|
use crate::{
|
2018-11-13 05:48:20 -06:00
|
|
|
EvalResult, EvalErrorKind, MiriEvalContext, HelpersEvalContextExt, Evaluator, MutValueVisitor,
|
2018-11-12 01:54:12 -06:00
|
|
|
MemoryKind, MiriMemoryKind, RangeMap, AllocId, Allocation, AllocationExtra,
|
2018-11-07 07:56:25 -06:00
|
|
|
Pointer, MemPlace, Scalar, Immediate, ImmTy, PlaceTy, MPlaceTy,
|
2018-10-16 11:01:50 -05:00
|
|
|
};
|
2018-10-16 04:21:38 -05:00
|
|
|
|
|
|
|
pub type Timestamp = u64;
|
|
|
|
|
2018-11-05 09:05:17 -06:00
|
|
|
/// Information about which kind of borrow was used to create the reference this is tagged
|
|
|
|
/// with.
|
2018-10-16 04:21:38 -05:00
|
|
|
#[derive(Copy, Clone, Debug, Hash, PartialEq, Eq)]
|
|
|
|
pub enum Borrow {
|
2018-11-05 09:05:17 -06:00
|
|
|
/// A unique (mutable) reference.
|
|
|
|
Uniq(Timestamp),
|
|
|
|
/// A shared reference. This is also used by raw pointers, which do not track details
|
|
|
|
/// of how or when they were created, hence the timestamp is optional.
|
|
|
|
/// Shr(Some(_)) does NOT mean that the destination of this reference is frozen;
|
|
|
|
/// that depends on the type! Only those parts outside of an `UnsafeCell` are actually
|
|
|
|
/// frozen.
|
|
|
|
Shr(Option<Timestamp>),
|
2018-10-16 04:21:38 -05:00
|
|
|
}
|
|
|
|
|
2018-10-16 11:01:50 -05:00
|
|
|
impl Borrow {
|
|
|
|
#[inline(always)]
|
2018-11-09 03:53:28 -06:00
|
|
|
pub fn is_shared(self) -> bool {
|
2018-10-24 04:39:31 -05:00
|
|
|
match self {
|
2018-11-05 09:05:17 -06:00
|
|
|
Borrow::Shr(_) => true,
|
2018-10-24 04:39:31 -05:00
|
|
|
_ => false,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
#[inline(always)]
|
2018-11-09 03:53:28 -06:00
|
|
|
pub fn is_unique(self) -> bool {
|
2018-10-16 11:01:50 -05:00
|
|
|
match self {
|
2018-11-05 09:05:17 -06:00
|
|
|
Borrow::Uniq(_) => true,
|
2018-10-16 11:01:50 -05:00
|
|
|
_ => false,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-10-30 10:46:28 -05:00
|
|
|
impl Default for Borrow {
|
|
|
|
fn default() -> Self {
|
2018-11-05 09:05:17 -06:00
|
|
|
Borrow::Shr(None)
|
2018-10-30 10:46:28 -05:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-11-05 09:05:17 -06:00
|
|
|
/// An item in the per-location borrow stack
|
2018-10-16 04:21:38 -05:00
|
|
|
#[derive(Copy, Clone, Debug, Hash, PartialEq, Eq)]
|
|
|
|
pub enum BorStackItem {
|
2018-11-05 09:05:17 -06:00
|
|
|
/// Indicates the unique reference that may mutate.
|
|
|
|
Uniq(Timestamp),
|
|
|
|
/// Indicates that the location has been shared. Used for raw pointers, but
|
|
|
|
/// also for shared references. The latter *additionally* get frozen
|
|
|
|
/// when there is no `UnsafeCell`.
|
|
|
|
Shr,
|
2018-10-17 08:15:53 -05:00
|
|
|
/// A barrier, tracking the function it belongs to by its index on the call stack
|
|
|
|
#[allow(dead_code)] // for future use
|
|
|
|
FnBarrier(usize)
|
2018-10-16 04:21:38 -05:00
|
|
|
}
|
|
|
|
|
2018-10-30 10:46:28 -05:00
|
|
|
impl BorStackItem {
|
|
|
|
#[inline(always)]
|
|
|
|
pub fn is_fn_barrier(self) -> bool {
|
|
|
|
match self {
|
|
|
|
BorStackItem::FnBarrier(_) => true,
|
|
|
|
_ => false,
|
|
|
|
}
|
2018-10-16 04:21:38 -05:00
|
|
|
}
|
|
|
|
}
|
2018-10-16 11:01:50 -05:00
|
|
|
|
2018-11-05 09:05:17 -06:00
|
|
|
/// Extra per-location state
|
|
|
|
#[derive(Clone, Debug)]
|
|
|
|
pub struct Stack {
|
|
|
|
borrows: Vec<BorStackItem>, // used as a stack; never empty
|
|
|
|
frozen_since: Option<Timestamp>, // virtual frozen "item" on top of the stack
|
|
|
|
}
|
|
|
|
|
|
|
|
impl Default for Stack {
|
|
|
|
fn default() -> Self {
|
|
|
|
Stack {
|
|
|
|
borrows: vec![BorStackItem::Shr],
|
|
|
|
frozen_since: None,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
impl Stack {
|
|
|
|
#[inline(always)]
|
|
|
|
pub fn is_frozen(&self) -> bool {
|
|
|
|
self.frozen_since.is_some()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-11-09 03:53:28 -06:00
|
|
|
/// What kind of reference is being used?
|
2018-10-19 09:07:40 -05:00
|
|
|
#[derive(Copy, Clone, Debug, Hash, PartialEq, Eq)]
|
2018-11-09 03:53:28 -06:00
|
|
|
pub enum RefKind {
|
|
|
|
/// &mut
|
|
|
|
Unique,
|
|
|
|
/// & without interior mutability
|
|
|
|
Frozen,
|
|
|
|
/// * (raw pointer) or & to `UnsafeCell`
|
2018-10-19 09:07:40 -05:00
|
|
|
Raw,
|
|
|
|
}
|
|
|
|
|
2018-10-16 11:01:50 -05:00
|
|
|
/// Extra global machine state
|
|
|
|
#[derive(Clone, Debug)]
|
|
|
|
pub struct State {
|
2018-10-26 04:31:20 -05:00
|
|
|
clock: Timestamp
|
2018-10-16 11:01:50 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
impl State {
|
|
|
|
pub fn new() -> State {
|
2018-10-26 04:31:20 -05:00
|
|
|
State { clock: 0 }
|
2018-10-16 11:01:50 -05:00
|
|
|
}
|
2018-11-09 03:53:28 -06:00
|
|
|
|
|
|
|
fn increment_clock(&mut self) -> Timestamp {
|
|
|
|
let val = self.clock;
|
|
|
|
self.clock = val + 1;
|
|
|
|
val
|
|
|
|
}
|
2018-10-16 11:01:50 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
/// Extra per-allocation state
|
|
|
|
#[derive(Clone, Debug, Default)]
|
|
|
|
pub struct Stacks {
|
2018-10-26 04:31:20 -05:00
|
|
|
// Even reading memory can have effects on the stack, so we need a `RefCell` here.
|
2018-10-16 11:01:50 -05:00
|
|
|
stacks: RefCell<RangeMap<Stack>>,
|
|
|
|
}
|
|
|
|
|
2018-11-09 03:53:28 -06:00
|
|
|
/// Core per-location operations: deref, access, create.
|
|
|
|
/// We need to make at least the following things true:
|
|
|
|
///
|
|
|
|
/// U1: After creating a Uniq, it is at the top (+unfrozen).
|
|
|
|
/// U2: If the top is Uniq (+unfrozen), accesses must be through that Uniq or pop it.
|
|
|
|
/// U3: If an access (deref sufficient?) happens with a Uniq, it requires the Uniq to be in the stack.
|
|
|
|
///
|
|
|
|
/// F1: After creating a &, the parts outside `UnsafeCell` are frozen.
|
|
|
|
/// F2: If a write access happens, it unfreezes.
|
|
|
|
/// F3: If an access (well, a deref) happens with an & outside `UnsafeCell`, it requires the location to still be frozen.
|
2018-10-16 11:01:50 -05:00
|
|
|
impl<'tcx> Stack {
|
2018-11-09 03:53:28 -06:00
|
|
|
/// Deref `bor`: Check if the location is frozen and the tag in the stack.
|
|
|
|
/// This dos *not* constitute an access! "Deref" refers to the `*` operator
|
|
|
|
/// in Rust, and includs cases like `&*x` or `(*x).foo` where no or only part
|
|
|
|
/// of the memory actually gets accessed. Also we cannot know if we are
|
|
|
|
/// going to read or write.
|
|
|
|
/// Returns the index of the item we matched, `None` if it was the frozen one.
|
|
|
|
/// `kind` indicates which kind of reference is being dereferenced.
|
|
|
|
fn deref(&self, bor: Borrow, kind: RefKind) -> Result<Option<usize>, String> {
|
|
|
|
// Checks related to freezing
|
|
|
|
match bor {
|
|
|
|
Borrow::Shr(Some(bor_t)) if kind == RefKind::Frozen => {
|
|
|
|
// We need the location to be frozen. This ensures F3.
|
|
|
|
let frozen = self.frozen_since.map_or(false, |itm_t| itm_t <= bor_t);
|
|
|
|
return if frozen { Ok(None) } else {
|
|
|
|
Err(format!("Location is not frozen long enough"))
|
2018-11-05 09:05:17 -06:00
|
|
|
}
|
|
|
|
}
|
2018-11-09 03:53:28 -06:00
|
|
|
Borrow::Shr(_) if self.frozen_since.is_some() => {
|
|
|
|
return Ok(None) // Shared deref to frozen location, looking good
|
|
|
|
}
|
|
|
|
_ => {} // Not sufficient, go on looking.
|
2018-11-05 09:05:17 -06:00
|
|
|
}
|
2018-11-09 03:53:28 -06:00
|
|
|
// If we got here, we have to look for our item in the stack.
|
|
|
|
for (idx, &itm) in self.borrows.iter().enumerate().rev() {
|
2018-11-05 09:05:17 -06:00
|
|
|
match (itm, bor) {
|
2018-11-09 03:53:28 -06:00
|
|
|
(BorStackItem::FnBarrier(_), _) => break,
|
2018-11-05 09:05:17 -06:00
|
|
|
(BorStackItem::Uniq(itm_t), Borrow::Uniq(bor_t)) if itm_t == bor_t => {
|
2018-11-09 03:53:28 -06:00
|
|
|
// Found matching unique item. This satisfies U3.
|
2018-11-05 09:05:17 -06:00
|
|
|
return Ok(Some(idx))
|
2018-10-16 11:01:50 -05:00
|
|
|
}
|
2018-11-05 09:05:17 -06:00
|
|
|
(BorStackItem::Shr, Borrow::Shr(_)) => {
|
|
|
|
// Found matching shared/raw item.
|
|
|
|
return Ok(Some(idx))
|
|
|
|
}
|
|
|
|
// Go on looking.
|
|
|
|
_ => {}
|
2018-10-16 11:01:50 -05:00
|
|
|
}
|
|
|
|
}
|
2018-11-09 03:53:28 -06:00
|
|
|
// If we got here, we did not find our item. We have to error to satisfy U3.
|
|
|
|
Err(format!(
|
|
|
|
"Borrow being dereferenced ({:?}) does not exist on the stack, or is guarded by a barrier",
|
|
|
|
bor
|
|
|
|
))
|
2018-10-23 08:59:50 -05:00
|
|
|
}
|
|
|
|
|
2018-11-09 03:53:28 -06:00
|
|
|
/// Perform an actual memory access using `bor`. We do not know any types here
|
|
|
|
/// or whether things should be frozen, but we *do* know if this is reading
|
|
|
|
/// or writing.
|
|
|
|
fn access(&mut self, bor: Borrow, is_write: bool) -> EvalResult<'tcx> {
|
|
|
|
// Check if we can match the frozen "item".
|
|
|
|
// Not possible on writes!
|
2018-11-05 09:05:17 -06:00
|
|
|
if self.is_frozen() {
|
2018-11-09 03:53:28 -06:00
|
|
|
if !is_write {
|
|
|
|
// When we are frozen, we just accept all reads. No harm in this.
|
|
|
|
// The deref already checked that `Uniq` items are in the stack, and that
|
|
|
|
// the location is frozen if it should be.
|
|
|
|
return Ok(());
|
|
|
|
}
|
|
|
|
trace!("access: Unfreezing");
|
2018-11-05 09:05:17 -06:00
|
|
|
}
|
2018-11-09 03:53:28 -06:00
|
|
|
// Unfreeze on writes. This ensures F2.
|
2018-11-05 09:05:17 -06:00
|
|
|
self.frozen_since = None;
|
2018-11-09 03:53:28 -06:00
|
|
|
// Pop the stack until we have something matching.
|
|
|
|
while let Some(&itm) = self.borrows.last() {
|
|
|
|
match (itm, bor) {
|
|
|
|
(BorStackItem::FnBarrier(_), _) => break,
|
|
|
|
(BorStackItem::Uniq(itm_t), Borrow::Uniq(bor_t)) if itm_t == bor_t => {
|
|
|
|
// Found matching unique item.
|
|
|
|
return Ok(())
|
|
|
|
}
|
|
|
|
(BorStackItem::Shr, _) if !is_write => {
|
|
|
|
// When reading, everything can use a shared item!
|
|
|
|
// We do not want to do this when writing: Writing to an `&mut`
|
|
|
|
// should reaffirm its exclusivity (i.e., make sure it is
|
|
|
|
// on top of the stack).
|
|
|
|
return Ok(())
|
|
|
|
}
|
|
|
|
(BorStackItem::Shr, Borrow::Shr(_)) => {
|
|
|
|
// Found matching shared item.
|
|
|
|
return Ok(())
|
|
|
|
}
|
|
|
|
_ => {
|
|
|
|
// Pop this. This ensures U2.
|
|
|
|
let itm = self.borrows.pop().unwrap();
|
|
|
|
trace!("access: Popping {:?}", itm);
|
|
|
|
}
|
|
|
|
}
|
2018-10-23 08:59:50 -05:00
|
|
|
}
|
2018-11-09 03:53:28 -06:00
|
|
|
// If we got here, we did not find our item.
|
|
|
|
err!(MachineError(format!(
|
|
|
|
"Borrow being accessed ({:?}) does not exist on the stack, or is guarded by a barrier",
|
|
|
|
bor
|
|
|
|
)))
|
2018-10-16 11:01:50 -05:00
|
|
|
}
|
|
|
|
|
2018-11-05 09:05:17 -06:00
|
|
|
/// Initiate `bor`; mostly this means pushing.
|
2018-10-29 13:48:43 -05:00
|
|
|
/// This operation cannot fail; it is up to the caller to ensure that the precondition
|
2018-11-07 09:56:25 -06:00
|
|
|
/// is met: We cannot push `Uniq` onto frozen stacks.
|
2018-11-09 03:53:28 -06:00
|
|
|
/// `kind` indicates which kind of reference is being created.
|
|
|
|
fn create(&mut self, bor: Borrow, kind: RefKind) {
|
|
|
|
// First, push the item. We do this even if we will later freeze, because we
|
|
|
|
// will allow mutation of shared data at the expense of unfreezing.
|
2018-11-13 10:05:47 -06:00
|
|
|
if self.frozen_since.is_some() {
|
|
|
|
// A frozen location, this should be impossible!
|
|
|
|
bug!("We should never try pushing to a frozen stack");
|
|
|
|
}
|
|
|
|
// First, push.
|
|
|
|
let itm = match bor {
|
|
|
|
Borrow::Uniq(t) => BorStackItem::Uniq(t),
|
|
|
|
Borrow::Shr(_) => BorStackItem::Shr,
|
|
|
|
};
|
|
|
|
if *self.borrows.last().unwrap() == itm {
|
|
|
|
assert!(bor.is_shared());
|
|
|
|
trace!("create: Sharing a shared location is a NOP");
|
2018-11-05 09:05:17 -06:00
|
|
|
} else {
|
2018-11-13 10:05:47 -06:00
|
|
|
// This ensures U1.
|
|
|
|
trace!("create: Pushing {:?}", itm);
|
|
|
|
self.borrows.push(itm);
|
|
|
|
}
|
|
|
|
// Then, maybe freeze. This is part 2 of ensuring F1.
|
|
|
|
if kind == RefKind::Frozen {
|
|
|
|
let bor_t = match bor {
|
|
|
|
Borrow::Shr(Some(t)) => t,
|
|
|
|
_ => bug!("Creating illegal borrow {:?} for frozen ref", bor),
|
2018-11-05 09:05:17 -06:00
|
|
|
};
|
2018-11-13 10:05:47 -06:00
|
|
|
trace!("create: Freezing");
|
|
|
|
self.frozen_since = Some(bor_t);
|
2018-10-16 11:01:50 -05:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-11-09 03:53:28 -06:00
|
|
|
/// Higher-level per-location operations: deref, access, reborrow.
|
2018-10-17 08:15:53 -05:00
|
|
|
impl<'tcx> Stacks {
|
2018-11-09 03:53:28 -06:00
|
|
|
/// Check that this stack is fine with being dereferenced
|
|
|
|
fn deref(
|
2018-10-17 08:15:53 -05:00
|
|
|
&self,
|
|
|
|
ptr: Pointer<Borrow>,
|
|
|
|
size: Size,
|
2018-11-09 03:53:28 -06:00
|
|
|
kind: RefKind,
|
2018-10-17 08:15:53 -05:00
|
|
|
) -> EvalResult<'tcx> {
|
2018-11-09 03:53:28 -06:00
|
|
|
trace!("deref for tag {:?} as {:?}: {:?}, size {}",
|
|
|
|
ptr.tag, kind, ptr, size.bytes());
|
2018-10-17 08:15:53 -05:00
|
|
|
let mut stacks = self.stacks.borrow_mut();
|
2018-11-09 03:53:28 -06:00
|
|
|
// We need `iter_mut` because `iter` would skip gaps!
|
2018-10-17 08:15:53 -05:00
|
|
|
for stack in stacks.iter_mut(ptr.offset, size) {
|
2018-11-09 03:53:28 -06:00
|
|
|
stack.deref(ptr.tag, kind).map_err(EvalErrorKind::MachineError)?;
|
2018-10-17 08:15:53 -05:00
|
|
|
}
|
2018-11-05 09:05:17 -06:00
|
|
|
Ok(())
|
|
|
|
}
|
2018-10-17 08:15:53 -05:00
|
|
|
|
2018-11-09 03:53:28 -06:00
|
|
|
/// `ptr` got used, reflect that in the stack.
|
|
|
|
fn access(
|
2018-11-05 09:05:17 -06:00
|
|
|
&self,
|
|
|
|
ptr: Pointer<Borrow>,
|
|
|
|
size: Size,
|
2018-11-09 03:53:28 -06:00
|
|
|
is_write: bool,
|
|
|
|
) -> EvalResult<'tcx> {
|
|
|
|
trace!("{} access of tag {:?}: {:?}, size {}",
|
|
|
|
if is_write { "read" } else { "write" },
|
2018-11-07 09:56:25 -06:00
|
|
|
ptr.tag, ptr, size.bytes());
|
2018-11-15 07:25:23 -06:00
|
|
|
// Even reads can have a side-effect, by invalidating other references.
|
|
|
|
// This is fundamentally necessary since `&mut` asserts that there
|
|
|
|
// are no accesses through other references, not even reads.
|
2018-11-05 09:05:17 -06:00
|
|
|
let mut stacks = self.stacks.borrow_mut();
|
|
|
|
for stack in stacks.iter_mut(ptr.offset, size) {
|
2018-11-09 03:53:28 -06:00
|
|
|
stack.access(ptr.tag, is_write)?;
|
2018-11-05 09:05:17 -06:00
|
|
|
}
|
2018-11-09 03:53:28 -06:00
|
|
|
Ok(())
|
2018-10-17 08:15:53 -05:00
|
|
|
}
|
2018-10-22 11:01:32 -05:00
|
|
|
|
2018-11-09 03:53:28 -06:00
|
|
|
/// Reborrow the given pointer to the new tag for the given kind of reference.
|
2018-11-15 07:25:23 -06:00
|
|
|
/// This works on `&self` because we might encounter references to constant memory.
|
2018-11-09 03:53:28 -06:00
|
|
|
fn reborrow(
|
2018-11-05 09:05:17 -06:00
|
|
|
&self,
|
|
|
|
ptr: Pointer<Borrow>,
|
|
|
|
size: Size,
|
2018-11-09 03:53:28 -06:00
|
|
|
new_bor: Borrow,
|
|
|
|
new_kind: RefKind,
|
2018-11-05 09:05:17 -06:00
|
|
|
) -> EvalResult<'tcx> {
|
2018-11-16 01:40:00 -06:00
|
|
|
assert_eq!(new_bor.is_unique(), new_kind == RefKind::Unique);
|
2018-11-09 03:53:28 -06:00
|
|
|
trace!("reborrow for tag {:?} to {:?} as {:?}: {:?}, size {}",
|
|
|
|
ptr.tag, new_bor, new_kind, ptr, size.bytes());
|
2018-11-05 09:05:17 -06:00
|
|
|
let mut stacks = self.stacks.borrow_mut();
|
|
|
|
for stack in stacks.iter_mut(ptr.offset, size) {
|
2018-11-09 03:53:28 -06:00
|
|
|
// Access source `ptr`, create new ref.
|
|
|
|
let ptr_idx = stack.deref(ptr.tag, new_kind).map_err(EvalErrorKind::MachineError)?;
|
2018-11-13 06:39:03 -06:00
|
|
|
// If we can deref the new tag already, and if that tag lives higher on
|
|
|
|
// the stack than the one we come from, just use that.
|
|
|
|
// IOW, we check if `new_bor` *already* is "derived from" `ptr.tag`.
|
|
|
|
// This also checks frozenness, if required.
|
2018-11-13 07:49:04 -06:00
|
|
|
let bor_redundant = match (ptr_idx, stack.deref(new_bor, new_kind)) {
|
2018-11-13 06:39:03 -06:00
|
|
|
// If the new borrow works with the frozen item, or else if it lives
|
|
|
|
// above the old one in the stack, our job here is done.
|
|
|
|
(_, Ok(None)) => true,
|
|
|
|
(Some(ptr_idx), Ok(Some(new_idx))) if new_idx >= ptr_idx => true,
|
|
|
|
// Otherwise we need to create a new borrow.
|
|
|
|
_ => false,
|
|
|
|
};
|
2018-11-13 07:49:04 -06:00
|
|
|
if bor_redundant {
|
2018-11-13 06:39:03 -06:00
|
|
|
assert!(new_bor.is_shared(), "A unique reborrow can never be redundant");
|
2018-11-13 07:49:04 -06:00
|
|
|
trace!("reborrow is redundant");
|
2018-11-13 06:39:03 -06:00
|
|
|
continue;
|
2018-11-07 09:56:25 -06:00
|
|
|
}
|
2018-11-13 06:39:03 -06:00
|
|
|
// We need to do some actual work.
|
2018-11-09 03:53:28 -06:00
|
|
|
stack.access(ptr.tag, new_kind == RefKind::Unique)?;
|
|
|
|
stack.create(new_bor, new_kind);
|
2018-11-05 09:05:17 -06:00
|
|
|
}
|
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/// Hooks and glue
|
2018-11-12 01:54:12 -06:00
|
|
|
impl AllocationExtra<Borrow> for Stacks {
|
2018-10-29 13:48:43 -05:00
|
|
|
#[inline(always)]
|
2018-11-12 01:54:12 -06:00
|
|
|
fn memory_read<'tcx>(
|
|
|
|
alloc: &Allocation<Borrow, Stacks>,
|
2018-10-29 13:48:43 -05:00
|
|
|
ptr: Pointer<Borrow>,
|
|
|
|
size: Size,
|
|
|
|
) -> EvalResult<'tcx> {
|
2018-11-09 03:53:28 -06:00
|
|
|
alloc.extra.access(ptr, size, /*is_write*/false)
|
2018-10-29 13:48:43 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
#[inline(always)]
|
2018-11-12 01:54:12 -06:00
|
|
|
fn memory_written<'tcx>(
|
|
|
|
alloc: &mut Allocation<Borrow, Stacks>,
|
2018-10-29 13:48:43 -05:00
|
|
|
ptr: Pointer<Borrow>,
|
|
|
|
size: Size,
|
|
|
|
) -> EvalResult<'tcx> {
|
2018-11-09 03:53:28 -06:00
|
|
|
alloc.extra.access(ptr, size, /*is_write*/true)
|
2018-10-29 13:48:43 -05:00
|
|
|
}
|
|
|
|
|
2018-11-12 01:54:12 -06:00
|
|
|
#[inline(always)]
|
2018-11-14 09:03:38 -06:00
|
|
|
fn memory_deallocated<'tcx>(
|
|
|
|
alloc: &mut Allocation<Borrow, Stacks>,
|
2018-10-29 13:48:43 -05:00
|
|
|
ptr: Pointer<Borrow>,
|
|
|
|
size: Size,
|
|
|
|
) -> EvalResult<'tcx> {
|
|
|
|
// This is like mutating
|
2018-11-09 03:53:28 -06:00
|
|
|
alloc.extra.access(ptr, size, /*is_write*/true)
|
2018-10-29 13:48:43 -05:00
|
|
|
// FIXME: Error out of there are any barriers?
|
|
|
|
}
|
2018-11-14 09:03:38 -06:00
|
|
|
}
|
2018-10-29 13:48:43 -05:00
|
|
|
|
2018-11-14 09:03:38 -06:00
|
|
|
impl<'tcx> Stacks {
|
2018-11-05 09:05:17 -06:00
|
|
|
/// Pushes the first item to the stacks.
|
|
|
|
pub fn first_item(
|
2018-10-22 11:01:32 -05:00
|
|
|
&mut self,
|
2018-11-05 09:05:17 -06:00
|
|
|
itm: BorStackItem,
|
2018-10-22 11:01:32 -05:00
|
|
|
size: Size
|
|
|
|
) {
|
2018-11-05 09:05:17 -06:00
|
|
|
assert!(!itm.is_fn_barrier());
|
2018-10-22 11:01:32 -05:00
|
|
|
for stack in self.stacks.get_mut().iter_mut(Size::ZERO, size) {
|
2018-11-05 09:05:17 -06:00
|
|
|
assert!(stack.borrows.len() == 1);
|
|
|
|
assert_eq!(stack.borrows.pop().unwrap(), BorStackItem::Shr);
|
|
|
|
stack.borrows.push(itm);
|
2018-10-22 11:01:32 -05:00
|
|
|
}
|
|
|
|
}
|
2018-10-17 08:15:53 -05:00
|
|
|
}
|
|
|
|
|
2018-11-05 09:05:17 -06:00
|
|
|
|
|
|
|
|
2018-10-16 11:01:50 -05:00
|
|
|
pub trait EvalContextExt<'tcx> {
|
2018-11-17 02:54:58 -06:00
|
|
|
fn ptr_dereference(
|
2018-10-16 11:01:50 -05:00
|
|
|
&self,
|
2018-11-05 09:05:17 -06:00
|
|
|
place: MPlaceTy<'tcx, Borrow>,
|
2018-10-18 09:59:08 -05:00
|
|
|
size: Size,
|
2018-11-09 03:53:28 -06:00
|
|
|
mutability: Option<Mutability>,
|
2018-11-17 02:54:58 -06:00
|
|
|
) -> EvalResult<'tcx>;
|
2018-10-22 11:01:32 -05:00
|
|
|
|
|
|
|
fn tag_new_allocation(
|
|
|
|
&mut self,
|
|
|
|
id: AllocId,
|
|
|
|
kind: MemoryKind<MiriMemoryKind>,
|
|
|
|
) -> Borrow;
|
2018-10-24 10:17:44 -05:00
|
|
|
|
2018-11-15 07:25:23 -06:00
|
|
|
/// Reborrow the given place, returning the newly tagged ptr to it.
|
2018-11-09 03:53:28 -06:00
|
|
|
fn reborrow(
|
2018-11-15 07:25:23 -06:00
|
|
|
&mut self,
|
|
|
|
place: MPlaceTy<'tcx, Borrow>,
|
|
|
|
size: Size,
|
|
|
|
new_bor: Borrow
|
|
|
|
) -> EvalResult<'tcx, Pointer<Borrow>>;
|
|
|
|
|
|
|
|
/// Retag an indidual pointer, returning the retagged version.
|
|
|
|
fn retag_reference(
|
2018-11-07 07:56:25 -06:00
|
|
|
&mut self,
|
|
|
|
ptr: ImmTy<'tcx, Borrow>,
|
2018-11-09 03:53:28 -06:00
|
|
|
mutbl: Mutability,
|
2018-11-07 07:56:25 -06:00
|
|
|
) -> EvalResult<'tcx, Immediate<Borrow>>;
|
|
|
|
|
2018-10-24 10:17:44 -05:00
|
|
|
fn retag(
|
|
|
|
&mut self,
|
|
|
|
fn_entry: bool,
|
|
|
|
place: PlaceTy<'tcx, Borrow>
|
|
|
|
) -> EvalResult<'tcx>;
|
2018-10-16 11:01:50 -05:00
|
|
|
|
2018-11-07 07:56:25 -06:00
|
|
|
fn escape_to_raw(
|
2018-10-26 04:31:20 -05:00
|
|
|
&mut self,
|
2018-11-05 09:05:17 -06:00
|
|
|
place: MPlaceTy<'tcx, Borrow>,
|
2018-10-26 04:31:20 -05:00
|
|
|
size: Size,
|
2018-11-07 07:56:25 -06:00
|
|
|
) -> EvalResult<'tcx>;
|
|
|
|
}
|
2018-10-16 11:01:50 -05:00
|
|
|
|
2018-11-07 07:56:25 -06:00
|
|
|
impl<'a, 'mir, 'tcx> EvalContextExt<'tcx> for MiriEvalContext<'a, 'mir, 'tcx> {
|
2018-11-07 09:56:25 -06:00
|
|
|
fn tag_new_allocation(
|
|
|
|
&mut self,
|
|
|
|
id: AllocId,
|
|
|
|
kind: MemoryKind<MiriMemoryKind>,
|
|
|
|
) -> Borrow {
|
|
|
|
let time = match kind {
|
|
|
|
MemoryKind::Stack => {
|
|
|
|
// New unique borrow. This `Uniq` is not accessible by the program,
|
|
|
|
// so it will only ever be used when using the local directly (i.e.,
|
|
|
|
// not through a pointer). IOW, whenever we directly use a local this will pop
|
|
|
|
// everything else off the stack, invalidating all previous pointers
|
|
|
|
// and, in particular, *all* raw pointers. This subsumes the explicit
|
|
|
|
// `reset` which the blog post [1] says to perform when accessing a local.
|
|
|
|
//
|
|
|
|
// [1] https://www.ralfj.de/blog/2018/08/07/stacked-borrows.html
|
|
|
|
self.machine.stacked_borrows.increment_clock()
|
|
|
|
}
|
|
|
|
_ => {
|
|
|
|
// Nothing to do for everything else
|
|
|
|
return Borrow::default()
|
|
|
|
}
|
|
|
|
};
|
|
|
|
// Make this the active borrow for this allocation
|
|
|
|
let alloc = self.memory_mut().get_mut(id).expect("This is a new allocation, it must still exist");
|
|
|
|
let size = Size::from_bytes(alloc.bytes.len() as u64);
|
|
|
|
alloc.extra.first_item(BorStackItem::Uniq(time), size);
|
|
|
|
Borrow::Uniq(time)
|
|
|
|
}
|
|
|
|
|
2018-11-09 03:53:28 -06:00
|
|
|
/// Called for value-to-place conversion. `mutability` is `None` for raw pointers.
|
2018-10-19 09:07:40 -05:00
|
|
|
///
|
|
|
|
/// Note that this does NOT mean that all this memory will actually get accessed/referenced!
|
|
|
|
/// We could be in the middle of `&(*var).1`.
|
2018-11-17 02:54:58 -06:00
|
|
|
fn ptr_dereference(
|
2018-10-16 11:01:50 -05:00
|
|
|
&self,
|
2018-11-05 09:05:17 -06:00
|
|
|
place: MPlaceTy<'tcx, Borrow>,
|
2018-10-18 09:59:08 -05:00
|
|
|
size: Size,
|
2018-11-09 03:53:28 -06:00
|
|
|
mutability: Option<Mutability>,
|
2018-11-17 02:54:58 -06:00
|
|
|
) -> EvalResult<'tcx> {
|
|
|
|
trace!("ptr_dereference: Accessing {} reference for {:?} (pointee {})",
|
2018-11-09 03:53:28 -06:00
|
|
|
if let Some(mutability) = mutability { format!("{:?}", mutability) } else { format!("raw") },
|
|
|
|
place.ptr, place.layout.ty);
|
2018-11-07 07:56:25 -06:00
|
|
|
let ptr = place.ptr.to_ptr()?;
|
2018-10-19 09:07:40 -05:00
|
|
|
// In principle we should not have to do anything here. However, with transmutes involved,
|
2018-11-09 03:53:28 -06:00
|
|
|
// it can happen that the tag of `ptr` does not actually match `mutability`, and we
|
2018-10-19 09:07:40 -05:00
|
|
|
// should adjust for that.
|
|
|
|
// Notably, the compiler can introduce such transmutes by optimizing away `&[mut]*`.
|
|
|
|
// That can transmute a raw ptr to a (shared/mut) ref, and a mut ref to a shared one.
|
2018-11-09 03:53:28 -06:00
|
|
|
match (mutability, ptr.tag) {
|
|
|
|
(None, _) => {
|
2018-11-17 02:54:58 -06:00
|
|
|
// No further validation on raw accesses.
|
|
|
|
return Ok(());
|
2018-10-22 11:01:32 -05:00
|
|
|
}
|
2018-11-09 03:53:28 -06:00
|
|
|
(Some(MutMutable), Borrow::Uniq(_)) |
|
|
|
|
(Some(MutImmutable), Borrow::Shr(_)) => {
|
2018-10-19 09:07:40 -05:00
|
|
|
// Expected combinations. Nothing to do.
|
|
|
|
}
|
2018-11-09 03:53:28 -06:00
|
|
|
(Some(MutMutable), Borrow::Shr(None)) => {
|
2018-11-12 09:18:02 -06:00
|
|
|
// Raw transmuted to mut ref. This is something real unsafe code does.
|
|
|
|
// We cannot reborrow here because we do not want to mutate state on a deref.
|
2018-10-19 09:07:40 -05:00
|
|
|
}
|
2018-11-09 03:53:28 -06:00
|
|
|
(Some(MutImmutable), Borrow::Uniq(_)) => {
|
2018-11-03 05:42:38 -05:00
|
|
|
// A mut got transmuted to shr. Can happen even from compiler transformations:
|
|
|
|
// `&*x` gets optimized to `x` even when `x` is a `&mut`.
|
2018-10-19 09:07:40 -05:00
|
|
|
}
|
2018-11-09 03:53:28 -06:00
|
|
|
(Some(MutMutable), Borrow::Shr(Some(_))) => {
|
2018-11-05 09:05:17 -06:00
|
|
|
// This is just invalid: A shr got transmuted to a mut.
|
2018-10-19 09:07:40 -05:00
|
|
|
// If we ever allow this, we have to consider what we do when a turn a
|
|
|
|
// `Raw`-tagged `&mut` into a raw pointer pointing to a frozen location.
|
|
|
|
// We probably do not want to allow that, but we have to allow
|
|
|
|
// turning a `Raw`-tagged `&` into a raw ptr to a frozen location.
|
|
|
|
return err!(MachineError(format!("Encountered mutable reference with frozen tag {:?}", ptr.tag)))
|
|
|
|
}
|
|
|
|
}
|
2018-11-05 09:05:17 -06:00
|
|
|
|
2018-11-07 09:56:25 -06:00
|
|
|
// Get the allocation
|
2018-10-19 12:51:41 -05:00
|
|
|
self.memory().check_bounds(ptr, size, false)?;
|
|
|
|
let alloc = self.memory().get(ptr.alloc_id).expect("We checked that the ptr is fine!");
|
2018-11-07 09:56:25 -06:00
|
|
|
// If we got here, we do some checking, *but* we leave the tag unchanged.
|
|
|
|
if let Borrow::Shr(Some(_)) = ptr.tag {
|
2018-11-09 03:53:28 -06:00
|
|
|
assert_eq!(mutability, Some(MutImmutable));
|
2018-11-07 09:56:25 -06:00
|
|
|
// We need a frozen-sensitive check
|
|
|
|
self.visit_freeze_sensitive(place, size, |cur_ptr, size, frozen| {
|
2018-11-09 03:53:28 -06:00
|
|
|
let kind = if frozen { RefKind::Frozen } else { RefKind::Raw };
|
|
|
|
alloc.extra.deref(cur_ptr, size, kind)
|
2018-11-05 09:05:17 -06:00
|
|
|
})?;
|
2018-11-07 09:56:25 -06:00
|
|
|
} else {
|
|
|
|
// Just treat this as one big chunk
|
2018-11-09 03:53:28 -06:00
|
|
|
let kind = if mutability == Some(MutMutable) { RefKind::Unique } else { RefKind::Raw };
|
|
|
|
alloc.extra.deref(ptr, size, kind)?;
|
2018-10-19 09:07:40 -05:00
|
|
|
}
|
2018-11-05 09:05:17 -06:00
|
|
|
|
2018-11-17 02:54:58 -06:00
|
|
|
// All is good
|
|
|
|
Ok(())
|
2018-10-16 11:01:50 -05:00
|
|
|
}
|
2018-10-22 11:01:32 -05:00
|
|
|
|
2018-11-07 09:56:25 -06:00
|
|
|
/// The given place may henceforth be accessed through raw pointers.
|
2018-11-15 07:25:23 -06:00
|
|
|
#[inline(always)]
|
2018-11-07 09:56:25 -06:00
|
|
|
fn escape_to_raw(
|
2018-10-22 11:01:32 -05:00
|
|
|
&mut self,
|
2018-11-07 09:56:25 -06:00
|
|
|
place: MPlaceTy<'tcx, Borrow>,
|
|
|
|
size: Size,
|
|
|
|
) -> EvalResult<'tcx> {
|
2018-11-15 07:25:23 -06:00
|
|
|
self.reborrow(place, size, Borrow::default())?;
|
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
|
|
|
|
fn reborrow(
|
|
|
|
&mut self,
|
|
|
|
place: MPlaceTy<'tcx, Borrow>,
|
|
|
|
size: Size,
|
|
|
|
new_bor: Borrow
|
|
|
|
) -> EvalResult<'tcx, Pointer<Borrow>> {
|
2018-11-09 03:53:28 -06:00
|
|
|
let ptr = place.ptr.to_ptr()?;
|
2018-11-15 07:25:23 -06:00
|
|
|
let new_ptr = Pointer::new_with_tag(ptr.alloc_id, ptr.offset, new_bor);
|
|
|
|
trace!("reborrow: Creating new reference for {:?} (pointee {}): {:?}",
|
|
|
|
ptr, place.layout.ty, new_bor);
|
|
|
|
|
|
|
|
// Get the allocation. It might not be mutable, so we cannot use `get_mut`.
|
|
|
|
self.memory().check_bounds(ptr, size, false)?;
|
2018-11-07 09:56:25 -06:00
|
|
|
let alloc = self.memory().get(ptr.alloc_id).expect("We checked that the ptr is fine!");
|
2018-11-15 07:25:23 -06:00
|
|
|
// Update the stacks.
|
|
|
|
if let Borrow::Shr(Some(_)) = new_bor {
|
|
|
|
// Reference that cares about freezing. We need a frozen-sensitive reborrow.
|
|
|
|
self.visit_freeze_sensitive(place, size, |cur_ptr, size, frozen| {
|
|
|
|
let kind = if frozen { RefKind::Frozen } else { RefKind::Raw };
|
|
|
|
alloc.extra.reborrow(cur_ptr, size, new_bor, kind)
|
|
|
|
})?;
|
|
|
|
} else {
|
|
|
|
// Just treat this as one big chunk.
|
|
|
|
let kind = if new_bor.is_unique() { RefKind::Unique } else { RefKind::Raw };
|
|
|
|
alloc.extra.reborrow(ptr, size, new_bor, kind)?;
|
|
|
|
}
|
|
|
|
Ok(new_ptr)
|
2018-10-22 11:01:32 -05:00
|
|
|
}
|
2018-10-24 10:17:44 -05:00
|
|
|
|
2018-11-15 07:25:23 -06:00
|
|
|
fn retag_reference(
|
2018-11-07 07:56:25 -06:00
|
|
|
&mut self,
|
|
|
|
val: ImmTy<'tcx, Borrow>,
|
2018-11-09 03:53:28 -06:00
|
|
|
mutbl: Mutability,
|
2018-11-07 07:56:25 -06:00
|
|
|
) -> EvalResult<'tcx, Immediate<Borrow>> {
|
|
|
|
// We want a place for where the ptr *points to*, so we get one.
|
|
|
|
let place = self.ref_to_mplace(val)?;
|
|
|
|
let size = self.size_and_align_of_mplace(place)?
|
|
|
|
.map(|(size, _)| size)
|
|
|
|
.unwrap_or_else(|| place.layout.size);
|
|
|
|
if size == Size::ZERO {
|
|
|
|
// Nothing to do for ZSTs.
|
|
|
|
return Ok(*val);
|
|
|
|
}
|
|
|
|
|
2018-11-15 07:25:23 -06:00
|
|
|
// Compute new borrow.
|
2018-11-07 07:56:25 -06:00
|
|
|
let time = self.machine.stacked_borrows.increment_clock();
|
|
|
|
let new_bor = match mutbl {
|
2018-11-09 03:53:28 -06:00
|
|
|
MutMutable => Borrow::Uniq(time),
|
|
|
|
MutImmutable => Borrow::Shr(Some(time)),
|
2018-11-07 07:56:25 -06:00
|
|
|
};
|
|
|
|
|
2018-11-15 07:25:23 -06:00
|
|
|
// Reborrow.
|
|
|
|
let new_ptr = self.reborrow(place, size, new_bor)?;
|
2018-11-07 07:56:25 -06:00
|
|
|
|
2018-11-07 09:56:25 -06:00
|
|
|
// Return new ptr
|
|
|
|
let new_place = MemPlace { ptr: Scalar::Ptr(new_ptr), ..*place };
|
2018-11-07 07:56:25 -06:00
|
|
|
Ok(new_place.to_ref())
|
|
|
|
}
|
|
|
|
|
2018-10-24 10:17:44 -05:00
|
|
|
fn retag(
|
|
|
|
&mut self,
|
|
|
|
_fn_entry: bool,
|
2018-10-26 04:31:20 -05:00
|
|
|
place: PlaceTy<'tcx, Borrow>
|
2018-10-24 10:17:44 -05:00
|
|
|
) -> EvalResult<'tcx> {
|
2018-11-07 07:56:25 -06:00
|
|
|
// TODO: Honor `fn_entry`.
|
2018-11-13 05:48:20 -06:00
|
|
|
|
|
|
|
// We need a visitor to visit all references. However, that requires
|
|
|
|
// a `MemPlace`, so we have a fast path for reference types that
|
|
|
|
// avoids allocating.
|
|
|
|
match place.layout.ty.sty {
|
|
|
|
ty::Ref(_, _, mutbl) => {
|
|
|
|
// fast path
|
|
|
|
let val = self.read_immediate(self.place_to_op(place)?)?;
|
2018-11-15 07:25:23 -06:00
|
|
|
let val = self.retag_reference(val, mutbl)?;
|
2018-11-13 05:48:20 -06:00
|
|
|
self.write_immediate(val, place)?;
|
2018-11-15 07:25:23 -06:00
|
|
|
return Ok(());
|
2018-11-13 05:48:20 -06:00
|
|
|
}
|
|
|
|
_ => {}, // handled with the general case below
|
2018-10-26 04:31:20 -05:00
|
|
|
};
|
2018-11-13 05:48:20 -06:00
|
|
|
let place = self.force_allocation(place)?;
|
|
|
|
|
|
|
|
let mut visitor = RetagVisitor { ecx: self };
|
|
|
|
visitor.visit_value(place)?;
|
|
|
|
|
|
|
|
// The actual visitor
|
|
|
|
struct RetagVisitor<'ecx, 'a, 'mir, 'tcx> {
|
|
|
|
ecx: &'ecx mut MiriEvalContext<'a, 'mir, 'tcx>,
|
|
|
|
}
|
|
|
|
impl<'ecx, 'a, 'mir, 'tcx>
|
|
|
|
MutValueVisitor<'a, 'mir, 'tcx, Evaluator<'tcx>>
|
|
|
|
for
|
|
|
|
RetagVisitor<'ecx, 'a, 'mir, 'tcx>
|
|
|
|
{
|
|
|
|
type V = MPlaceTy<'tcx, Borrow>;
|
|
|
|
|
|
|
|
#[inline(always)]
|
|
|
|
fn ecx(&mut self) -> &mut MiriEvalContext<'a, 'mir, 'tcx> {
|
|
|
|
&mut self.ecx
|
|
|
|
}
|
|
|
|
|
|
|
|
// Primitives of reference type, that is the one thing we are interested in.
|
|
|
|
fn visit_primitive(&mut self, place: MPlaceTy<'tcx, Borrow>) -> EvalResult<'tcx>
|
|
|
|
{
|
2018-11-17 03:05:30 -06:00
|
|
|
let mutbl = match place.layout.ty.sty {
|
|
|
|
ty::Ref(_, _, mutbl) => mutbl,
|
|
|
|
ty::Adt(..) if place.layout.ty.is_box() => MutMutable,
|
|
|
|
_ => return Ok(()), // nothing to do
|
|
|
|
};
|
|
|
|
let val = self.ecx.read_immediate(place.into())?;
|
|
|
|
let val = self.ecx.retag_reference(val, mutbl)?;
|
|
|
|
self.ecx.write_immediate(val, place.into())?;
|
2018-11-13 05:48:20 -06:00
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-10-24 10:17:44 -05:00
|
|
|
Ok(())
|
|
|
|
}
|
2018-10-16 11:01:50 -05:00
|
|
|
}
|