diff --git a/README.md b/README.md index 50586c9ecea..efdbf5143d9 100644 --- a/README.md +++ b/README.md @@ -306,7 +306,7 @@ environment variable. We first document the most relevant and most commonly used * `-Zmiri-strict-provenance` enables [strict provenance](https://github.com/rust-lang/rust/issues/95228) checking in Miri. This means that casting an integer to a pointer yields a result with 'invalid' provenance, i.e., with provenance - that cannot be used for any memory access. Also implies `-Zmiri-tag-raw-pointers`. + that cannot be used for any memory access. The remaining flags are for advanced use only, and more likely to change or be removed. Some of these are **unsound**, which means they can lead @@ -321,7 +321,7 @@ to Miri failing to detect cases of undefined behavior in a program. integers via `mem::transmute` or union/pointer type punning. This has two effects: it disables the check against integers storing a pointer (i.e., data with provenance), thus allowing pointer-to-integer transmutation, and it treats integer-to-pointer transmutation as equivalent to - a cast. Using this flag is **unsound** and + a cast. Implies `-Zmiri-permissive-provenance`. Using this flag is **unsound** and [deprecated](https://github.com/rust-lang/miri/issues/2188). * `-Zmiri-disable-abi-check` disables checking [function ABI]. Using this flag is **unsound**. @@ -354,15 +354,11 @@ to Miri failing to detect cases of undefined behavior in a program. application instead of raising an error within the context of Miri (and halting execution). Note that code might not expect these operations to ever panic, so this flag can lead to strange (mis)behavior. -* `-Zmiri-permissive-provenance` is **experimental**. This will make Miri do a - best-effort attempt to implement the semantics of - [`expose_addr`](https://doc.rust-lang.org/nightly/std/primitive.pointer.html#method.expose_addr) - and - [`ptr::from_exposed_addr`](https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html) - for pointer-to-int and int-to-pointer casts, respectively. This will - necessarily miss some bugs as those semantics are not efficiently - implementable in a sanitizer, but it will only miss bugs that concerns - memory/pointers which is subject to these operations. +* `-Zmiri-permissive-provenance` disables the warning for integer-to-pointer casts and + [`ptr::from_exposed_addr`](https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html). + This will necessarily miss some bugs as those operations are not efficiently and accurately + implementable in a sanitizer, but it will only miss bugs that concern memory/pointers which is + subject to these operations. * `-Zmiri-symbolic-alignment-check` makes the alignment check more strict. By default, alignment is checked by casting the pointer to an integer, and making sure that is a multiple of the alignment. This can lead to cases where a @@ -389,13 +385,6 @@ to Miri failing to detect cases of undefined behavior in a program. happening and where in your code would be a good place to look for it. Specifying this argument multiple times does not overwrite the previous values, instead it appends its values to the list. Listing a tag multiple times has no effect. -* `-Zmiri-tag-raw-pointers` makes Stacked Borrows assign proper tags even for raw pointers. This can - make valid code using int-to-ptr casts fail to pass the checks, but also can help identify latent - aliasing issues in code that Miri accepts by default. You can recognize false positives by - `` occurring in the message -- this indicates a pointer that was cast from an integer, - so Miri was unable to track this pointer. Note that it is not currently guaranteed that code that - works with `-Zmiri-tag-raw-pointers` also works without `-Zmiri-tag-raw-pointers`, but for the - vast majority of code, this will be the case. [function ABI]: https://doc.rust-lang.org/reference/items/functions.html#extern-function-qualifier diff --git a/src/bin/miri.rs b/src/bin/miri.rs index 91148400c99..7bced912645 100644 --- a/src/bin/miri.rs +++ b/src/bin/miri.rs @@ -340,6 +340,7 @@ fn main() { Please let us know at if you rely on this flag." ); miri_config.allow_ptr_int_transmute = true; + miri_config.provenance_mode = ProvenanceMode::Permissive; } else if arg == "-Zmiri-disable-abi-check" { miri_config.check_abi = false; } else if arg == "-Zmiri-disable-isolation" { @@ -374,20 +375,18 @@ fn main() { } else if arg == "-Zmiri-panic-on-unsupported" { miri_config.panic_on_unsupported = true; } else if arg == "-Zmiri-tag-raw-pointers" { - miri_config.tag_raw = true; + eprintln!("WARNING: `-Zmiri-tag-raw-pointers` has no effect; it is enabled by default"); } else if arg == "-Zmiri-strict-provenance" { miri_config.provenance_mode = ProvenanceMode::Strict; - miri_config.tag_raw = true; + miri_config.allow_ptr_int_transmute = false; } else if arg == "-Zmiri-permissive-provenance" { miri_config.provenance_mode = ProvenanceMode::Permissive; - miri_config.tag_raw = true; } else if arg == "-Zmiri-mute-stdout-stderr" { miri_config.mute_stdout_stderr = true; } else if arg == "-Zmiri-track-raw-pointers" { eprintln!( "WARNING: -Zmiri-track-raw-pointers has been renamed to -Zmiri-tag-raw-pointers, the old name is deprecated." ); - miri_config.tag_raw = true; } else if let Some(param) = arg.strip_prefix("-Zmiri-seed=") { if miri_config.seed.is_some() { panic!("Cannot specify -Zmiri-seed multiple times!"); diff --git a/src/diagnostics.rs b/src/diagnostics.rs index 6986d9c5727..d17d1e6ed4c 100644 --- a/src/diagnostics.rs +++ b/src/diagnostics.rs @@ -69,6 +69,7 @@ pub enum NonHaltingDiagnostic { FreedAlloc(AllocId), RejectedIsolatedOp(String), ProgressReport, + Int2Ptr, } /// Level of Miri specific diagnostics @@ -468,15 +469,35 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx format!("{op} was made to return an error due to isolation"), ProgressReport => format!("progress report: current operation being executed is here"), + Int2Ptr => format!("pointer-to-integer cast"), }; let (title, diag_level) = match e { RejectedIsolatedOp(_) => ("operation rejected by isolation", DiagLevel::Warning), - _ => ("tracking was triggered", DiagLevel::Note), + Int2Ptr => ("pointer-to-integer cast", DiagLevel::Warning), + CreatedPointerTag(..) + | PoppedPointerTag(..) + | CreatedCallId(..) + | CreatedAlloc(..) + | FreedAlloc(..) + | ProgressReport => ("tracking was triggered", DiagLevel::Note), }; - report_msg(this, diag_level, title, vec![msg], vec![], &stacktrace); + let helps = match e { + Int2Ptr => + vec![ + (None, format!("this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`,")), + (None, format!("which means that Miri might miss pointer bugs in this program")), + (None, format!("see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation")), + (None, format!("to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead")), + (None, format!("you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics")), + (None, format!("alternatively, the `-Zmiri-permissive-provenance` flag disables this warning")), + ], + _ => vec![], + }; + + report_msg(this, diag_level, title, vec![msg], helps, &stacktrace); } }); } diff --git a/src/eval.rs b/src/eval.rs index 7beb2ec9c4a..fa252953fe6 100644 --- a/src/eval.rs +++ b/src/eval.rs @@ -101,8 +101,6 @@ pub struct MiriConfig { pub tracked_call_ids: HashSet, /// The allocation ids to report about. pub tracked_alloc_ids: HashSet, - /// Whether to track raw pointers in stacked borrows. - pub tag_raw: bool, /// Determine if data race detection should be enabled pub data_race_detector: bool, /// Determine if weak memory emulation should be enabled. Requires data race detection to be enabled @@ -146,14 +144,13 @@ impl Default for MiriConfig { tracked_pointer_tags: HashSet::default(), tracked_call_ids: HashSet::default(), tracked_alloc_ids: HashSet::default(), - tag_raw: false, data_race_detector: true, weak_memory_emulation: true, cmpxchg_weak_failure_rate: 0.8, // 80% measureme_out: None, panic_on_unsupported: false, backtrace_style: BacktraceStyle::Short, - provenance_mode: ProvenanceMode::Legacy, + provenance_mode: ProvenanceMode::Default, mute_stdout_stderr: false, preemption_rate: 0.01, // 1% report_progress: None, diff --git a/src/intptrcast.rs b/src/intptrcast.rs index cfaf61f9d5c..c92954a218c 100644 --- a/src/intptrcast.rs +++ b/src/intptrcast.rs @@ -11,16 +11,13 @@ use crate::*; #[derive(Copy, Clone, Debug, PartialEq, Eq)] pub enum ProvenanceMode { - /// Int2ptr casts return pointers with "wildcard" provenance - /// that basically matches that of all exposed pointers - /// (and SB tags, if enabled). + /// We support `expose_addr`/`from_exposed_addr` via "wildcard" provenance. + /// However, we want on `from_exposed_addr` to alert the user of the precision loss. + Default, + /// Like `Default`, but without the warning. Permissive, - /// Int2ptr casts return pointers with an invalid provenance, - /// i.e., not valid for any memory access. + /// We error on `from_exposed_addr`, ensuring no precision loss. Strict, - /// Int2ptr casts determine the allocation they point to at cast time. - /// All allocations are considered exposed. - Legacy, } pub type GlobalState = RefCell; @@ -66,6 +63,8 @@ impl<'mir, 'tcx> GlobalStateInner { let pos = global_state.int_to_ptr_map.binary_search_by_key(&addr, |(addr, _)| *addr); + // Determine the in-bounds provenance for this pointer. + // (This is only called on an actual access, so in-bounds is the only possible kind of provenance.) let alloc_id = match pos { Ok(pos) => Some(global_state.int_to_ptr_map[pos].1), Err(0) => None, @@ -91,21 +90,14 @@ impl<'mir, 'tcx> GlobalStateInner { } }?; - // In legacy mode, we consider all allocations exposed. - if global_state.provenance_mode == ProvenanceMode::Legacy - || global_state.exposed.contains(&alloc_id) - { - Some(alloc_id) - } else { - None - } + // We only use this provenance if it has been exposed. + if global_state.exposed.contains(&alloc_id) { Some(alloc_id) } else { None } } pub fn expose_ptr(ecx: &mut MiriEvalContext<'mir, 'tcx>, alloc_id: AllocId, sb: SbTag) { let global_state = ecx.machine.intptrcast.get_mut(); - // In legacy and strict mode, we don't need this, so we can save some cycles - // by not tracking it. - if global_state.provenance_mode == ProvenanceMode::Permissive { + // In strict mode, we don't need this, so we can save some cycles by not tracking it. + if global_state.provenance_mode != ProvenanceMode::Strict { trace!("Exposing allocation id {alloc_id:?}"); global_state.exposed.insert(alloc_id); if ecx.machine.stacked_borrows.is_some() { @@ -120,42 +112,43 @@ impl<'mir, 'tcx> GlobalStateInner { ) -> Pointer> { trace!("Transmuting 0x{:x} to a pointer", addr); - if ecx.machine.allow_ptr_int_transmute { - // When we allow transmutes, treat them like casts. - Self::ptr_from_addr_cast(ecx, addr) + let provenance = if ecx.machine.allow_ptr_int_transmute { + // When we allow transmutes, treat them like casts: generating a wildcard pointer. + Some(Tag::Wildcard) } else { - // We consider transmuted pointers to be "invalid" (`None` provenance). - Pointer::new(None, Size::from_bytes(addr)) - } + // Usually, we consider transmuted pointers to be "invalid" (`None` provenance). + None + }; + Pointer::new(provenance, Size::from_bytes(addr)) } pub fn ptr_from_addr_cast( ecx: &MiriEvalContext<'mir, 'tcx>, addr: u64, - ) -> Pointer> { + ) -> InterpResult<'tcx, Pointer>> { trace!("Casting 0x{:x} to a pointer", addr); let global_state = ecx.machine.intptrcast.borrow(); match global_state.provenance_mode { - ProvenanceMode::Legacy => { - // Determine the allocation this points to at cast time. - let alloc_id = Self::alloc_id_from_addr(ecx, addr); - Pointer::new( - alloc_id.map(|alloc_id| Tag::Concrete { alloc_id, sb: SbTag::Untagged }), - Size::from_bytes(addr), - ) + ProvenanceMode::Default => { + // The first time this happens, print a warning. + use std::sync::atomic::{AtomicBool, Ordering}; + static FIRST_WARNING: AtomicBool = AtomicBool::new(true); + if FIRST_WARNING.swap(false, Ordering::Relaxed) { + register_diagnostic(NonHaltingDiagnostic::Int2Ptr); + } } ProvenanceMode::Strict => { - // We don't support int2ptr casts in this mode (i.e., we treat them like - // transmutes). - Pointer::new(None, Size::from_bytes(addr)) - } - ProvenanceMode::Permissive => { - // This is how wildcard pointers are born. - Pointer::new(Some(Tag::Wildcard), Size::from_bytes(addr)) + throw_unsup_format!( + "integer-to-pointer casts and `from_exposed_addr` are not supported with `-Zmiri-strict-provenance`; use `with_addr` instead" + ) } + ProvenanceMode::Permissive => {} } + + // This is how wildcard pointers are born. + Ok(Pointer::new(Some(Tag::Wildcard), Size::from_bytes(addr))) } fn alloc_base_addr(ecx: &MiriEvalContext<'mir, 'tcx>, alloc_id: AllocId) -> u64 { @@ -214,6 +207,8 @@ impl<'mir, 'tcx> GlobalStateInner { dl.overflowing_offset(base_addr, offset.bytes()).0 } + /// Whena pointer is used for a memory access, this computes where in which allocation the + /// access is going. pub fn abs_ptr_to_rel( ecx: &MiriEvalContext<'mir, 'tcx>, ptr: Pointer, @@ -224,7 +219,6 @@ impl<'mir, 'tcx> GlobalStateInner { alloc_id } else { // A wildcard pointer. - assert_eq!(ecx.machine.intptrcast.borrow().provenance_mode, ProvenanceMode::Permissive); GlobalStateInner::alloc_id_from_addr(ecx, addr.bytes())? }; diff --git a/src/machine.rs b/src/machine.rs index 3621744e802..d6a65a2a44c 100644 --- a/src/machine.rs +++ b/src/machine.rs @@ -353,7 +353,6 @@ impl<'mir, 'tcx> Evaluator<'mir, 'tcx> { Some(RefCell::new(stacked_borrows::GlobalStateInner::new( config.tracked_pointer_tags.clone(), config.tracked_call_ids.clone(), - config.tag_raw, ))) } else { None @@ -696,7 +695,7 @@ impl<'mir, 'tcx> Machine<'mir, 'tcx> for Evaluator<'mir, 'tcx> { ecx: &MiriEvalContext<'mir, 'tcx>, addr: u64, ) -> InterpResult<'tcx, Pointer>> { - Ok(intptrcast::GlobalStateInner::ptr_from_addr_cast(ecx, addr)) + intptrcast::GlobalStateInner::ptr_from_addr_cast(ecx, addr) } #[inline(always)] diff --git a/src/stacked_borrows.rs b/src/stacked_borrows.rs index 6fa70ddfc5d..23408027626 100644 --- a/src/stacked_borrows.rs +++ b/src/stacked_borrows.rs @@ -219,11 +219,7 @@ impl fmt::Display for RefKind { /// Utilities for initialization and ID generation impl GlobalStateInner { - pub fn new( - tracked_pointer_tags: HashSet, - tracked_call_ids: HashSet, - tag_raw: bool, - ) -> Self { + pub fn new(tracked_pointer_tags: HashSet, tracked_call_ids: HashSet) -> Self { GlobalStateInner { next_ptr_id: NonZeroU64::new(1).unwrap(), base_ptr_ids: FxHashMap::default(), @@ -231,7 +227,7 @@ impl GlobalStateInner { active_calls: FxHashSet::default(), tracked_pointer_tags, tracked_call_ids, - tag_raw, + tag_raw: true, } } diff --git a/test-cargo-miri/run-test.py b/test-cargo-miri/run-test.py index 19965639489..42978c481bf 100755 --- a/test-cargo-miri/run-test.py +++ b/test-cargo-miri/run-test.py @@ -124,11 +124,6 @@ def test_cargo_miri_test(): "test.cross-target.stdout.ref", "test.stderr-empty.ref", env={'MIRIFLAGS': "-Zmiri-disable-isolation"}, ) - test("`cargo miri test` (raw-ptr tracking)", - cargo_miri("test"), - default_ref, "test.stderr-empty.ref", - env={'MIRIFLAGS': "-Zmiri-tag-raw-pointers"}, - ) test("`cargo miri test` (with filter)", cargo_miri("test") + ["--", "--format=pretty", "le1"], filter_ref, "test.stderr-empty.ref", diff --git a/tests/fail/backtrace/bad-backtrace-flags.stderr b/tests/fail/backtrace/bad-backtrace-flags.stderr index f6ffe3c93c8..ba16335fce3 100644 --- a/tests/fail/backtrace/bad-backtrace-flags.stderr +++ b/tests/fail/backtrace/bad-backtrace-flags.stderr @@ -1,3 +1,18 @@ +warning: pointer-to-integer cast + --> $DIR/bad-backtrace-flags.rs:LL:CC + | +LL | miri_get_backtrace(2, 0 as *mut _); + | ^^^^^^^^^^^ pointer-to-integer cast + | + = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`, + = help: which means that Miri might miss pointer bugs in this program + = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation + = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead + = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics + = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning + + = note: inside `main` at $DIR/bad-backtrace-flags.rs:LL:CC + error: unsupported operation: unknown `miri_get_backtrace` flags 2 --> $DIR/bad-backtrace-flags.rs:LL:CC | @@ -10,5 +25,5 @@ LL | miri_get_backtrace(2, 0 as *mut _); note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace -error: aborting due to previous error +error: aborting due to previous error; 1 warning emitted diff --git a/tests/fail/backtrace/bad-backtrace-ptr.stderr b/tests/fail/backtrace/bad-backtrace-ptr.stderr index ed726a5dcdc..75268b66714 100644 --- a/tests/fail/backtrace/bad-backtrace-ptr.stderr +++ b/tests/fail/backtrace/bad-backtrace-ptr.stderr @@ -1,3 +1,18 @@ +warning: pointer-to-integer cast + --> $DIR/bad-backtrace-ptr.rs:LL:CC + | +LL | miri_resolve_frame(0 as *mut _, 0); + | ^^^^^^^^^^^ pointer-to-integer cast + | + = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`, + = help: which means that Miri might miss pointer bugs in this program + = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation + = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead + = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics + = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning + + = note: inside `main` at $DIR/bad-backtrace-ptr.rs:LL:CC + error: Undefined Behavior: null pointer is not a valid pointer for this operation --> $DIR/bad-backtrace-ptr.rs:LL:CC | @@ -11,5 +26,5 @@ LL | miri_resolve_frame(0 as *mut _, 0); note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace -error: aborting due to previous error +error: aborting due to previous error; 1 warning emitted diff --git a/tests/fail/backtrace/bad-backtrace-resolve-flags.stderr b/tests/fail/backtrace/bad-backtrace-resolve-flags.stderr index 49495651dfe..fad9ffe1192 100644 --- a/tests/fail/backtrace/bad-backtrace-resolve-flags.stderr +++ b/tests/fail/backtrace/bad-backtrace-resolve-flags.stderr @@ -1,3 +1,18 @@ +warning: pointer-to-integer cast + --> $DIR/bad-backtrace-resolve-flags.rs:LL:CC + | +LL | let mut buf = vec![0 as *mut _; miri_backtrace_size(0)]; + | ^^^^^^^^^^^ pointer-to-integer cast + | + = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`, + = help: which means that Miri might miss pointer bugs in this program + = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation + = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead + = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics + = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning + + = note: inside `main` at $DIR/bad-backtrace-resolve-flags.rs:LL:CC + error: unsupported operation: unknown `miri_resolve_frame` flags 2 --> $DIR/bad-backtrace-resolve-flags.rs:LL:CC | @@ -10,5 +25,5 @@ LL | miri_resolve_frame(buf[0], 2); note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace -error: aborting due to previous error +error: aborting due to previous error; 1 warning emitted diff --git a/tests/fail/backtrace/bad-backtrace-resolve-names-flags.stderr b/tests/fail/backtrace/bad-backtrace-resolve-names-flags.stderr index d575caa4ff4..18b03df21c6 100644 --- a/tests/fail/backtrace/bad-backtrace-resolve-names-flags.stderr +++ b/tests/fail/backtrace/bad-backtrace-resolve-names-flags.stderr @@ -1,3 +1,18 @@ +warning: pointer-to-integer cast + --> $DIR/bad-backtrace-resolve-names-flags.rs:LL:CC + | +LL | let mut buf = vec![0 as *mut _; miri_backtrace_size(0)]; + | ^^^^^^^^^^^ pointer-to-integer cast + | + = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`, + = help: which means that Miri might miss pointer bugs in this program + = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation + = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead + = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics + = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning + + = note: inside `main` at $DIR/bad-backtrace-resolve-names-flags.rs:LL:CC + error: unsupported operation: unknown `miri_resolve_frame_names` flags 2 --> $DIR/bad-backtrace-resolve-names-flags.rs:LL:CC | @@ -10,5 +25,5 @@ LL | ... miri_resolve_frame_names(buf[0], 2, 0 as *mut _, 0 as *mut _); note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace -error: aborting due to previous error +error: aborting due to previous error; 1 warning emitted diff --git a/tests/fail/concurrency/thread_local_static_dealloc.stderr b/tests/fail/concurrency/thread_local_static_dealloc.stderr index 2a3a8f0f55c..31a64eec368 100644 --- a/tests/fail/concurrency/thread_local_static_dealloc.stderr +++ b/tests/fail/concurrency/thread_local_static_dealloc.stderr @@ -1,3 +1,18 @@ +warning: pointer-to-integer cast + --> $DIR/thread_local_static_dealloc.rs:LL:CC + | +LL | let _val = *(dangling_ptr as *const u8); + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ pointer-to-integer cast + | + = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`, + = help: which means that Miri might miss pointer bugs in this program + = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation + = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead + = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics + = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning + + = note: inside `main` at $DIR/thread_local_static_dealloc.rs:LL:CC + error: Undefined Behavior: pointer to ALLOC was dereferenced after this allocation got freed --> $DIR/thread_local_static_dealloc.rs:LL:CC | @@ -11,5 +26,5 @@ LL | let _val = *(dangling_ptr as *const u8); note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace -error: aborting due to previous error +error: aborting due to previous error; 1 warning emitted diff --git a/tests/fail/dangling_pointers/deref-invalid-ptr.stderr b/tests/fail/dangling_pointers/deref-invalid-ptr.stderr index f4361d9fefa..ffd7fb1980d 100644 --- a/tests/fail/dangling_pointers/deref-invalid-ptr.stderr +++ b/tests/fail/dangling_pointers/deref-invalid-ptr.stderr @@ -1,3 +1,18 @@ +warning: pointer-to-integer cast + --> $DIR/deref-invalid-ptr.rs:LL:CC + | +LL | let x = 16usize as *const u32; + | ^^^^^^^^^^^^^^^^^^^^^ pointer-to-integer cast + | + = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`, + = help: which means that Miri might miss pointer bugs in this program + = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation + = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead + = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics + = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning + + = note: inside `main` at $DIR/deref-invalid-ptr.rs:LL:CC + error: Undefined Behavior: dereferencing pointer failed: 0x10 is not a valid pointer --> $DIR/deref-invalid-ptr.rs:LL:CC | @@ -11,5 +26,5 @@ LL | let _y = unsafe { &*x as *const u32 }; note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace -error: aborting due to previous error +error: aborting due to previous error; 1 warning emitted diff --git a/tests/fail/dangling_pointers/storage_dead_dangling.stderr b/tests/fail/dangling_pointers/storage_dead_dangling.stderr index aed14105ad0..3a94a7fa58e 100644 --- a/tests/fail/dangling_pointers/storage_dead_dangling.stderr +++ b/tests/fail/dangling_pointers/storage_dead_dangling.stderr @@ -1,3 +1,23 @@ +warning: pointer-to-integer cast + --> $DIR/storage_dead_dangling.rs:LL:CC + | +LL | unsafe { &mut *(LEAK as *mut i32) }; + | ^^^^^^^^^^^^^^^^^^ pointer-to-integer cast + | + = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`, + = help: which means that Miri might miss pointer bugs in this program + = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation + = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead + = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics + = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning + + = note: inside `evil` at $DIR/storage_dead_dangling.rs:LL:CC +note: inside `main` at $DIR/storage_dead_dangling.rs:LL:CC + --> $DIR/storage_dead_dangling.rs:LL:CC + | +LL | evil(); + | ^^^^^^ + error: Undefined Behavior: pointer to ALLOC was dereferenced after this allocation got freed --> $DIR/storage_dead_dangling.rs:LL:CC | @@ -16,5 +36,5 @@ LL | evil(); note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace -error: aborting due to previous error +error: aborting due to previous error; 1 warning emitted diff --git a/tests/fail/dangling_pointers/wild_pointer_deref.stderr b/tests/fail/dangling_pointers/wild_pointer_deref.stderr index b20f310da08..960f9c9ce3e 100644 --- a/tests/fail/dangling_pointers/wild_pointer_deref.stderr +++ b/tests/fail/dangling_pointers/wild_pointer_deref.stderr @@ -1,3 +1,18 @@ +warning: pointer-to-integer cast + --> $DIR/wild_pointer_deref.rs:LL:CC + | +LL | let p = 44 as *const i32; + | ^^^^^^^^^^^^^^^^ pointer-to-integer cast + | + = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`, + = help: which means that Miri might miss pointer bugs in this program + = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation + = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead + = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics + = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning + + = note: inside `main` at $DIR/wild_pointer_deref.rs:LL:CC + error: Undefined Behavior: dereferencing pointer failed: 0x2c is not a valid pointer --> $DIR/wild_pointer_deref.rs:LL:CC | @@ -11,5 +26,5 @@ LL | let x = unsafe { *p }; note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace -error: aborting due to previous error +error: aborting due to previous error; 1 warning emitted diff --git a/tests/fail/intrinsics/ptr_offset_0_plus_0.stderr b/tests/fail/intrinsics/ptr_offset_0_plus_0.stderr index 741314ea8a6..2474820545d 100644 --- a/tests/fail/intrinsics/ptr_offset_0_plus_0.stderr +++ b/tests/fail/intrinsics/ptr_offset_0_plus_0.stderr @@ -1,3 +1,18 @@ +warning: pointer-to-integer cast + --> $DIR/ptr_offset_0_plus_0.rs:LL:CC + | +LL | let x = 0 as *mut i32; + | ^^^^^^^^^^^^^ pointer-to-integer cast + | + = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`, + = help: which means that Miri might miss pointer bugs in this program + = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation + = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead + = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics + = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning + + = note: inside `main` at $DIR/ptr_offset_0_plus_0.rs:LL:CC + error: Undefined Behavior: pointer arithmetic failed: null pointer is not a valid pointer --> RUSTLIB/core/src/ptr/mut_ptr.rs:LL:CC | @@ -16,5 +31,5 @@ LL | let _x = unsafe { x.offset(0) }; // UB despite offset 0, NULL is never note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace -error: aborting due to previous error +error: aborting due to previous error; 1 warning emitted diff --git a/tests/fail/intrinsics/ptr_offset_int_plus_int.stderr b/tests/fail/intrinsics/ptr_offset_int_plus_int.stderr index e6b8f102f39..f5cbd4bbbf7 100644 --- a/tests/fail/intrinsics/ptr_offset_int_plus_int.stderr +++ b/tests/fail/intrinsics/ptr_offset_int_plus_int.stderr @@ -1,3 +1,18 @@ +warning: pointer-to-integer cast + --> $DIR/ptr_offset_int_plus_int.rs:LL:CC + | +LL | let _val = (1 as *mut u8).offset(1); + | ^^^^^^^^^^^^^^ pointer-to-integer cast + | + = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`, + = help: which means that Miri might miss pointer bugs in this program + = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation + = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead + = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics + = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning + + = note: inside `main` at $DIR/ptr_offset_int_plus_int.rs:LL:CC + error: Undefined Behavior: pointer arithmetic failed: 0x1 is not a valid pointer --> RUSTLIB/core/src/ptr/mut_ptr.rs:LL:CC | @@ -16,5 +31,5 @@ LL | let _val = (1 as *mut u8).offset(1); note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace -error: aborting due to previous error +error: aborting due to previous error; 1 warning emitted diff --git a/tests/fail/intrinsics/ptr_offset_int_plus_ptr.stderr b/tests/fail/intrinsics/ptr_offset_int_plus_ptr.stderr index f88ad758d43..577a377f076 100644 --- a/tests/fail/intrinsics/ptr_offset_int_plus_ptr.stderr +++ b/tests/fail/intrinsics/ptr_offset_int_plus_ptr.stderr @@ -1,3 +1,18 @@ +warning: pointer-to-integer cast + --> $DIR/ptr_offset_int_plus_ptr.rs:LL:CC + | +LL | let _val = (1 as *mut u8).offset(ptr as isize); + | ^^^^^^^^^^^^^^ pointer-to-integer cast + | + = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`, + = help: which means that Miri might miss pointer bugs in this program + = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation + = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead + = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics + = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning + + = note: inside `main` at $DIR/ptr_offset_int_plus_ptr.rs:LL:CC + error: Undefined Behavior: pointer arithmetic failed: 0x1 is not a valid pointer --> RUSTLIB/core/src/ptr/mut_ptr.rs:LL:CC | @@ -16,5 +31,5 @@ LL | let _val = (1 as *mut u8).offset(ptr as isize); note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace -error: aborting due to previous error +error: aborting due to previous error; 1 warning emitted diff --git a/tests/fail/provenance/ptr_legacy_provenance.rs b/tests/fail/provenance/ptr_legacy_provenance.rs deleted file mode 100644 index 538ec4484ed..00000000000 --- a/tests/fail/provenance/ptr_legacy_provenance.rs +++ /dev/null @@ -1,22 +0,0 @@ -// compile-flags: -Zmiri-disable-stacked-borrows -// normalize-stderr-test: "offset -[0-9]+" -> "offset -XX" -#![feature(strict_provenance)] - -use std::ptr; - -// Make sure that with legacy provenance, the allocation id of -// a casted pointer is determined at cast-time -fn main() { - let x: i32 = 0; - let y: i32 = 1; - - let x_ptr = &x as *const i32; - let y_ptr = &y as *const i32; - - let x_usize = x_ptr.expose_addr(); - let y_usize = y_ptr.expose_addr(); - - let ptr = ptr::from_exposed_addr::(y_usize); - let ptr = ptr.with_addr(x_usize); - assert_eq!(unsafe { *ptr }, 0); //~ ERROR is out-of-bounds -} diff --git a/tests/fail/provenance/ptr_legacy_provenance.stderr b/tests/fail/provenance/ptr_legacy_provenance.stderr deleted file mode 100644 index 4552be08145..00000000000 --- a/tests/fail/provenance/ptr_legacy_provenance.stderr +++ /dev/null @@ -1,15 +0,0 @@ -error: Undefined Behavior: dereferencing pointer failed: ALLOC has size 4, so pointer to 4 bytes starting at offset -XX is out-of-bounds - --> $DIR/ptr_legacy_provenance.rs:LL:CC - | -LL | assert_eq!(unsafe { *ptr }, 0); - | ^^^^ dereferencing pointer failed: ALLOC has size 4, so pointer to 4 bytes starting at offset -XX is out-of-bounds - | - = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior - = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information - - = note: inside `main` at $DIR/ptr_legacy_provenance.rs:LL:CC - -note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace - -error: aborting due to previous error - diff --git a/tests/fail/stacked_borrows/aliasing_mut3.stderr b/tests/fail/stacked_borrows/aliasing_mut3.stderr index a4187be0a25..66220cfbfc4 100644 --- a/tests/fail/stacked_borrows/aliasing_mut3.stderr +++ b/tests/fail/stacked_borrows/aliasing_mut3.stderr @@ -1,20 +1,20 @@ -error: Undefined Behavior: trying to reborrow for SharedReadOnly permission at ALLOC[0x0], but that tag does not exist in the borrow stack for this location +error: Undefined Behavior: trying to reborrow for SharedReadOnly permission at ALLOC[0x0], but that tag does not exist in the borrow stack for this location --> $DIR/aliasing_mut3.rs:LL:CC | LL | pub fn safe(_x: &mut i32, _y: &i32) {} | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | | - | trying to reborrow for SharedReadOnly permission at ALLOC[0x0], but that tag does not exist in the borrow stack for this location + | trying to reborrow for SharedReadOnly permission at ALLOC[0x0], but that tag does not exist in the borrow stack for this location | this error occurs as part of a reborrow at ALLOC[0x0..0x4] | = help: this indicates a potential bug in the program: it performed an invalid operation, but the Stacked Borrows rules it violated are still experimental = help: see https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md for further information -help: tag was most recently created at offsets [0x0..0x4] +help: was created by a retag at offsets [0x0..0x4] --> $DIR/aliasing_mut3.rs:LL:CC | LL | safe_raw(xraw, xshr); | ^^^^ -help: tag was later invalidated at offsets [0x0..0x4] +help: was later invalidated at offsets [0x0..0x4] --> $DIR/aliasing_mut3.rs:LL:CC | LL | pub fn safe(_x: &mut i32, _y: &i32) {} diff --git a/tests/fail/stacked_borrows/box_exclusive_violation1.rs b/tests/fail/stacked_borrows/box_exclusive_violation1.rs index 3ca480ae7ab..66d092d6277 100644 --- a/tests/fail/stacked_borrows/box_exclusive_violation1.rs +++ b/tests/fail/stacked_borrows/box_exclusive_violation1.rs @@ -8,7 +8,7 @@ fn demo_mut_advanced_unique(mut our: Box) -> i32 { unknown_code_2(); // We know this will return 5 - *our //~ ERROR borrow stack + *our } // Now comes the evil context @@ -24,7 +24,7 @@ fn unknown_code_1(x: &i32) { fn unknown_code_2() { unsafe { - *LEAK = 7; + *LEAK = 7; //~ ERROR borrow stack } } diff --git a/tests/fail/stacked_borrows/box_exclusive_violation1.stderr b/tests/fail/stacked_borrows/box_exclusive_violation1.stderr index 3c3e6bbf1bc..06c2dc340b7 100644 --- a/tests/fail/stacked_borrows/box_exclusive_violation1.stderr +++ b/tests/fail/stacked_borrows/box_exclusive_violation1.stderr @@ -1,31 +1,30 @@ -error: Undefined Behavior: attempting a read access using at ALLOC[0x0], but that tag does not exist in the borrow stack for this location +error: Undefined Behavior: attempting a write access using at ALLOC[0x0], but that tag does not exist in the borrow stack for this location --> $DIR/box_exclusive_violation1.rs:LL:CC | -LL | *our - | ^^^^ - | | - | attempting a read access using at ALLOC[0x0], but that tag does not exist in the borrow stack for this location - | this error occurs as part of an access at ALLOC[0x0..0x4] +LL | *LEAK = 7; + | ^^^^^^^^^ + | | + | attempting a write access using at ALLOC[0x0], but that tag does not exist in the borrow stack for this location + | this error occurs as part of an access at ALLOC[0x0..0x4] | = help: this indicates a potential bug in the program: it performed an invalid operation, but the Stacked Borrows rules it violated are still experimental = help: see https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md for further information help: was created by a retag at offsets [0x0..0x4] --> $DIR/box_exclusive_violation1.rs:LL:CC | -LL | / fn demo_mut_advanced_unique(mut our: Box) -> i32 { -LL | | unknown_code_1(&*our); -LL | | -LL | | // This "re-asserts" uniqueness of the reference: After writing, we know -... | -LL | | *our -LL | | } - | |_^ +LL | LEAK = x as *const _ as *mut _; + | ^ help: was later invalidated at offsets [0x0..0x4] --> $DIR/box_exclusive_violation1.rs:LL:CC | -LL | *LEAK = 7; - | ^^^^^^^^^ - = note: inside `demo_mut_advanced_unique` at $DIR/box_exclusive_violation1.rs:LL:CC +LL | *our = 5; + | ^^^^^^^^ + = note: inside `unknown_code_2` at $DIR/box_exclusive_violation1.rs:LL:CC +note: inside `demo_mut_advanced_unique` at $DIR/box_exclusive_violation1.rs:LL:CC + --> $DIR/box_exclusive_violation1.rs:LL:CC + | +LL | unknown_code_2(); + | ^^^^^^^^^^^^^^^^ note: inside `main` at $DIR/box_exclusive_violation1.rs:LL:CC --> $DIR/box_exclusive_violation1.rs:LL:CC | diff --git a/tests/fail/stacked_borrows/illegal_read3.rs b/tests/fail/stacked_borrows/illegal_read3.rs index 3de8f57d622..0173ca14b22 100644 --- a/tests/fail/stacked_borrows/illegal_read3.rs +++ b/tests/fail/stacked_borrows/illegal_read3.rs @@ -5,7 +5,7 @@ use std::mem; union HiddenRef { - // We avoid retagging at this type, so shared vs mutable does not matter. + // We avoid retagging at this type, and we only read, so shared vs mutable does not matter. r: &'static i32, } diff --git a/tests/fail/stacked_borrows/illegal_read6.stderr b/tests/fail/stacked_borrows/illegal_read6.stderr index 9782f1aa3a5..2098dbdc6a4 100644 --- a/tests/fail/stacked_borrows/illegal_read6.stderr +++ b/tests/fail/stacked_borrows/illegal_read6.stderr @@ -1,20 +1,20 @@ -error: Undefined Behavior: attempting a read access using at ALLOC[0x0], but that tag does not exist in the borrow stack for this location +error: Undefined Behavior: attempting a read access using at ALLOC[0x0], but that tag does not exist in the borrow stack for this location --> $DIR/illegal_read6.rs:LL:CC | LL | let _val = *raw; | ^^^^ | | - | attempting a read access using at ALLOC[0x0], but that tag does not exist in the borrow stack for this location + | attempting a read access using at ALLOC[0x0], but that tag does not exist in the borrow stack for this location | this error occurs as part of an access at ALLOC[0x0..0x4] | = help: this indicates a potential bug in the program: it performed an invalid operation, but the Stacked Borrows rules it violated are still experimental = help: see https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md for further information -help: tag was most recently created at offsets [0x0..0x4] +help: was created by a retag at offsets [0x0..0x4] --> $DIR/illegal_read6.rs:LL:CC | LL | let raw = x as *mut _; | ^ -help: tag was later invalidated at offsets [0x0..0x4] +help: was later invalidated at offsets [0x0..0x4] --> $DIR/illegal_read6.rs:LL:CC | LL | let x = &mut *x; // kill `raw` diff --git a/tests/fail/stacked_borrows/illegal_write1.rs b/tests/fail/stacked_borrows/illegal_write1.rs index 1f566f18c1f..58600402e4e 100644 --- a/tests/fail/stacked_borrows/illegal_write1.rs +++ b/tests/fail/stacked_borrows/illegal_write1.rs @@ -3,7 +3,7 @@ fn main() { let xref = &*target; { let x: *mut u32 = xref as *const _ as *mut _; - unsafe { *x = 42 }; // invalidates shared ref, activates raw + unsafe { *x = 42 }; //~ ERROR only grants SharedReadOnly permission } - let _x = *xref; //~ ERROR borrow stack + let _x = *xref; } diff --git a/tests/fail/stacked_borrows/illegal_write1.stderr b/tests/fail/stacked_borrows/illegal_write1.stderr index 1731e3c1de1..b2084da862f 100644 --- a/tests/fail/stacked_borrows/illegal_write1.stderr +++ b/tests/fail/stacked_borrows/illegal_write1.stderr @@ -1,24 +1,19 @@ -error: Undefined Behavior: attempting a read access using at ALLOC[0x0], but that tag does not exist in the borrow stack for this location +error: Undefined Behavior: attempting a write access using at ALLOC[0x0], but that tag only grants SharedReadOnly permission for this location --> $DIR/illegal_write1.rs:LL:CC | -LL | let _x = *xref; - | ^^^^^ - | | - | attempting a read access using at ALLOC[0x0], but that tag does not exist in the borrow stack for this location - | this error occurs as part of an access at ALLOC[0x0..0x4] +LL | unsafe { *x = 42 }; + | ^^^^^^^ + | | + | attempting a write access using at ALLOC[0x0], but that tag only grants SharedReadOnly permission for this location + | this error occurs as part of an access at ALLOC[0x0..0x4] | = help: this indicates a potential bug in the program: it performed an invalid operation, but the Stacked Borrows rules it violated are still experimental = help: see https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md for further information help: was created by a retag at offsets [0x0..0x4] --> $DIR/illegal_write1.rs:LL:CC | -LL | let xref = &*target; - | ^^^^^^^^ -help: was later invalidated at offsets [0x0..0x4] - --> $DIR/illegal_write1.rs:LL:CC - | -LL | unsafe { *x = 42 }; // invalidates shared ref, activates raw - | ^^^^^^^ +LL | let x: *mut u32 = xref as *const _ as *mut _; + | ^^^^ = note: inside `main` at $DIR/illegal_write1.rs:LL:CC note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace diff --git a/tests/fail/stacked_borrows/illegal_write2.stderr b/tests/fail/stacked_borrows/illegal_write2.stderr index 7e896c530ac..09784bd79a1 100644 --- a/tests/fail/stacked_borrows/illegal_write2.stderr +++ b/tests/fail/stacked_borrows/illegal_write2.stderr @@ -1,20 +1,20 @@ -error: Undefined Behavior: attempting a write access using at ALLOC[0x0], but that tag does not exist in the borrow stack for this location +error: Undefined Behavior: attempting a write access using at ALLOC[0x0], but that tag does not exist in the borrow stack for this location --> $DIR/illegal_write2.rs:LL:CC | LL | unsafe { *target2 = 13 }; | ^^^^^^^^^^^^^ | | - | attempting a write access using at ALLOC[0x0], but that tag does not exist in the borrow stack for this location + | attempting a write access using at ALLOC[0x0], but that tag does not exist in the borrow stack for this location | this error occurs as part of an access at ALLOC[0x0..0x4] | = help: this indicates a potential bug in the program: it performed an invalid operation, but the Stacked Borrows rules it violated are still experimental = help: see https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md for further information -help: tag was most recently created at offsets [0x0..0x4] +help: was created by a retag at offsets [0x0..0x4] --> $DIR/illegal_write2.rs:LL:CC | LL | let target2 = target as *mut _; | ^^^^^^ -help: tag was later invalidated at offsets [0x0..0x4] +help: was later invalidated at offsets [0x0..0x4] --> $DIR/illegal_write2.rs:LL:CC | LL | drop(&mut *target); // reborrow diff --git a/tests/fail/stacked_borrows/illegal_write3.stderr b/tests/fail/stacked_borrows/illegal_write3.stderr index 7e9c82769d6..983894dad06 100644 --- a/tests/fail/stacked_borrows/illegal_write3.stderr +++ b/tests/fail/stacked_borrows/illegal_write3.stderr @@ -1,15 +1,15 @@ -error: Undefined Behavior: attempting a write access using at ALLOC[0x0], but that tag only grants SharedReadOnly permission for this location +error: Undefined Behavior: attempting a write access using at ALLOC[0x0], but that tag only grants SharedReadOnly permission for this location --> $DIR/illegal_write3.rs:LL:CC | LL | unsafe { *ptr = 42 }; | ^^^^^^^^^ | | - | attempting a write access using at ALLOC[0x0], but that tag only grants SharedReadOnly permission for this location + | attempting a write access using at ALLOC[0x0], but that tag only grants SharedReadOnly permission for this location | this error occurs as part of an access at ALLOC[0x0..0x4] | = help: this indicates a potential bug in the program: it performed an invalid operation, but the Stacked Borrows rules it violated are still experimental = help: see https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md for further information -help: tag was most recently created at offsets [0x0..0x4] +help: was created by a retag at offsets [0x0..0x4] --> $DIR/illegal_write3.rs:LL:CC | LL | let ptr = r#ref as *const _ as *mut _; // raw ptr, with raw tag diff --git a/tests/fail/stacked_borrows/illegal_write4.rs b/tests/fail/stacked_borrows/illegal_write4.rs index be4f89ba289..654a23d382b 100644 --- a/tests/fail/stacked_borrows/illegal_write4.rs +++ b/tests/fail/stacked_borrows/illegal_write4.rs @@ -6,8 +6,8 @@ fn main() { // Even just creating it unfreezes. let raw = &mut target as *mut _; // let this leak to raw let reference = unsafe { &*raw }; // freeze - let ptr = reference as *const _ as *mut i32; // raw ptr, with raw tag - let _mut_ref: &mut i32 = unsafe { mem::transmute(ptr) }; // &mut, with raw tag + let _ptr = reference as *const _ as *mut i32; // raw ptr, with raw tag + let _mut_ref: &mut i32 = unsafe { mem::transmute(raw) }; // &mut, with raw tag // Now we retag, making our ref top-of-stack -- and, in particular, unfreezing. let _val = *reference; //~ ERROR borrow stack } diff --git a/tests/fail/stacked_borrows/illegal_write4.stderr b/tests/fail/stacked_borrows/illegal_write4.stderr index 404e13d1138..ac4dd68bbc7 100644 --- a/tests/fail/stacked_borrows/illegal_write4.stderr +++ b/tests/fail/stacked_borrows/illegal_write4.stderr @@ -17,7 +17,7 @@ LL | let reference = unsafe { &*raw }; // freeze help: was later invalidated at offsets [0x0..0x4] --> $DIR/illegal_write4.rs:LL:CC | -LL | let _mut_ref: &mut i32 = unsafe { mem::transmute(ptr) }; // &mut, with raw tag +LL | let _mut_ref: &mut i32 = unsafe { mem::transmute(raw) }; // &mut, with raw tag | ^^^^^^^^^^^^^^^^^^^ = note: inside `main` at $DIR/illegal_write4.rs:LL:CC diff --git a/tests/fail/stacked_borrows/illegal_write6.stderr b/tests/fail/stacked_borrows/illegal_write6.stderr index 11757cca9b6..563397e062d 100644 --- a/tests/fail/stacked_borrows/illegal_write6.stderr +++ b/tests/fail/stacked_borrows/illegal_write6.stderr @@ -1,17 +1,17 @@ -error: Undefined Behavior: not granting access to tag because incompatible item is protected: [Unique for (call ID)] +error: Undefined Behavior: not granting access to tag because incompatible item is protected: [Unique for (call ID)] --> $DIR/illegal_write6.rs:LL:CC | LL | unsafe { *y = 2 }; - | ^^^^^^ not granting access to tag because incompatible item is protected: [Unique for (call ID)] + | ^^^^^^ not granting access to tag because incompatible item is protected: [Unique for (call ID)] | = help: this indicates a potential bug in the program: it performed an invalid operation, but the Stacked Borrows rules it violated are still experimental = help: see https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md for further information -help: tag was most recently created at offsets [0x0..0x4] +help: was created by a retag at offsets [0x0..0x4] --> $DIR/illegal_write6.rs:LL:CC | LL | let p = x as *mut u32; | ^ -help: was protected due to a tag which was created here +help: was protected due to which was created here --> $DIR/illegal_write6.rs:LL:CC | LL | foo(x, p); diff --git a/tests/fail/stacked_borrows/invalidate_against_barrier1.stderr b/tests/fail/stacked_borrows/invalidate_against_barrier1.stderr index 08d597ea189..826cdc9b5f8 100644 --- a/tests/fail/stacked_borrows/invalidate_against_barrier1.stderr +++ b/tests/fail/stacked_borrows/invalidate_against_barrier1.stderr @@ -1,17 +1,17 @@ -error: Undefined Behavior: not granting access to tag because incompatible item is protected: [Unique for (call ID)] +error: Undefined Behavior: not granting access to tag because incompatible item is protected: [Unique for (call ID)] --> $DIR/invalidate_against_barrier1.rs:LL:CC | LL | let _val = unsafe { *x }; - | ^^ not granting access to tag because incompatible item is protected: [Unique for (call ID)] + | ^^ not granting access to tag because incompatible item is protected: [Unique for (call ID)] | = help: this indicates a potential bug in the program: it performed an invalid operation, but the Stacked Borrows rules it violated are still experimental = help: see https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md for further information -help: tag was most recently created at offsets [0x0..0x4] +help: was created by a retag at offsets [0x0..0x4] --> $DIR/invalidate_against_barrier1.rs:LL:CC | LL | let xraw = &mut x as *mut _; | ^^^^^^ -help: was protected due to a tag which was created here +help: was protected due to which was created here --> $DIR/invalidate_against_barrier1.rs:LL:CC | LL | inner(xraw, xref); diff --git a/tests/fail/stacked_borrows/invalidate_against_barrier2.stderr b/tests/fail/stacked_borrows/invalidate_against_barrier2.stderr index 6aefa216ed5..1cf90f91db0 100644 --- a/tests/fail/stacked_borrows/invalidate_against_barrier2.stderr +++ b/tests/fail/stacked_borrows/invalidate_against_barrier2.stderr @@ -1,17 +1,17 @@ -error: Undefined Behavior: not granting access to tag because incompatible item is protected: [SharedReadOnly for (call ID)] +error: Undefined Behavior: not granting access to tag because incompatible item is protected: [SharedReadOnly for (call ID)] --> $DIR/invalidate_against_barrier2.rs:LL:CC | LL | unsafe { *x = 0 }; - | ^^^^^^ not granting access to tag because incompatible item is protected: [SharedReadOnly for (call ID)] + | ^^^^^^ not granting access to tag because incompatible item is protected: [SharedReadOnly for (call ID)] | = help: this indicates a potential bug in the program: it performed an invalid operation, but the Stacked Borrows rules it violated are still experimental = help: see https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md for further information -help: tag was most recently created at offsets [0x0..0x4] +help: was created by a retag at offsets [0x0..0x4] --> $DIR/invalidate_against_barrier2.rs:LL:CC | LL | let xraw = &mut x as *mut _; | ^^^^^^ -help: was protected due to a tag which was created here +help: was protected due to which was created here --> $DIR/invalidate_against_barrier2.rs:LL:CC | LL | inner(xraw, xref); diff --git a/tests/fail/stacked_borrows/mut_exclusive_violation1.stderr b/tests/fail/stacked_borrows/mut_exclusive_violation1.stderr index ea14536a399..8afb4fee18b 100644 --- a/tests/fail/stacked_borrows/mut_exclusive_violation1.stderr +++ b/tests/fail/stacked_borrows/mut_exclusive_violation1.stderr @@ -1,20 +1,20 @@ -error: Undefined Behavior: attempting a write access using at ALLOC[0x0], but that tag does not exist in the borrow stack for this location +error: Undefined Behavior: attempting a write access using at ALLOC[0x0], but that tag does not exist in the borrow stack for this location --> $DIR/mut_exclusive_violation1.rs:LL:CC | LL | *LEAK = 7; | ^^^^^^^^^ | | - | attempting a write access using at ALLOC[0x0], but that tag does not exist in the borrow stack for this location + | attempting a write access using at ALLOC[0x0], but that tag does not exist in the borrow stack for this location | this error occurs as part of an access at ALLOC[0x0..0x4] | = help: this indicates a potential bug in the program: it performed an invalid operation, but the Stacked Borrows rules it violated are still experimental = help: see https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md for further information -help: tag was most recently created at offsets [0x0..0x4] +help: was created by a retag at offsets [0x0..0x4] --> $DIR/mut_exclusive_violation1.rs:LL:CC | LL | LEAK = x as *const _ as *mut _; | ^ -help: tag was later invalidated at offsets [0x0..0x4] +help: was later invalidated at offsets [0x0..0x4] --> $DIR/mut_exclusive_violation1.rs:LL:CC | LL | *our = 5; diff --git a/tests/fail/stacked_borrows/outdated_local.stderr b/tests/fail/stacked_borrows/outdated_local.stderr index fe3bdd00f46..c218d500cf8 100644 --- a/tests/fail/stacked_borrows/outdated_local.stderr +++ b/tests/fail/stacked_borrows/outdated_local.stderr @@ -1,20 +1,20 @@ -error: Undefined Behavior: attempting a read access using at ALLOC[0x0], but that tag does not exist in the borrow stack for this location +error: Undefined Behavior: attempting a read access using at ALLOC[0x0], but that tag does not exist in the borrow stack for this location --> $DIR/outdated_local.rs:LL:CC | LL | assert_eq!(unsafe { *y }, 1); | ^^ | | - | attempting a read access using at ALLOC[0x0], but that tag does not exist in the borrow stack for this location + | attempting a read access using at ALLOC[0x0], but that tag does not exist in the borrow stack for this location | this error occurs as part of an access at ALLOC[0x0..0x4] | = help: this indicates a potential bug in the program: it performed an invalid operation, but the Stacked Borrows rules it violated are still experimental = help: see https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md for further information -help: tag was most recently created at offsets [0x0..0x4] +help: was created by a retag at offsets [0x0..0x4] --> $DIR/outdated_local.rs:LL:CC | LL | let y: *const i32 = &x; | ^^ -help: tag was later invalidated at offsets [0x0..0x4] +help: was later invalidated at offsets [0x0..0x4] --> $DIR/outdated_local.rs:LL:CC | LL | x = 1; // this invalidates y by reactivating the lowermost uniq borrow for this local diff --git a/tests/fail/stacked_borrows/pointer_smuggling.stderr b/tests/fail/stacked_borrows/pointer_smuggling.stderr index 68ac631ec09..a3ab1b9fc5e 100644 --- a/tests/fail/stacked_borrows/pointer_smuggling.stderr +++ b/tests/fail/stacked_borrows/pointer_smuggling.stderr @@ -1,20 +1,20 @@ -error: Undefined Behavior: attempting a read access using at ALLOC[0x0], but that tag does not exist in the borrow stack for this location +error: Undefined Behavior: attempting a read access using at ALLOC[0x0], but that tag does not exist in the borrow stack for this location --> $DIR/pointer_smuggling.rs:LL:CC | LL | let _x = unsafe { *PTR }; | ^^^^ | | - | attempting a read access using at ALLOC[0x0], but that tag does not exist in the borrow stack for this location + | attempting a read access using at ALLOC[0x0], but that tag does not exist in the borrow stack for this location | this error occurs as part of an access at ALLOC[0x0..0x1] | = help: this indicates a potential bug in the program: it performed an invalid operation, but the Stacked Borrows rules it violated are still experimental = help: see https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md for further information -help: tag was most recently created at offsets [0x0..0x1] +help: was created by a retag at offsets [0x0..0x1] --> $DIR/pointer_smuggling.rs:LL:CC | LL | PTR = x; | ^ -help: tag was later invalidated at offsets [0x0..0x1] +help: was later invalidated at offsets [0x0..0x1] --> $DIR/pointer_smuggling.rs:LL:CC | LL | *val = 2; // this invalidates any raw ptrs `fun1` might have created. diff --git a/tests/fail/stacked_borrows/raw_tracking.rs b/tests/fail/stacked_borrows/raw_tracking.rs index 0b9c058f06e..49fe9831255 100644 --- a/tests/fail/stacked_borrows/raw_tracking.rs +++ b/tests/fail/stacked_borrows/raw_tracking.rs @@ -1,4 +1,3 @@ -// compile-flags: -Zmiri-tag-raw-pointers //! This demonstrates a provenance problem that requires tracking of raw pointers to be detected. fn main() { diff --git a/tests/fail/stacked_borrows/shr_frozen_violation1.stderr b/tests/fail/stacked_borrows/shr_frozen_violation1.stderr index 0808d8471b4..55872300713 100644 --- a/tests/fail/stacked_borrows/shr_frozen_violation1.stderr +++ b/tests/fail/stacked_borrows/shr_frozen_violation1.stderr @@ -1,15 +1,15 @@ -error: Undefined Behavior: attempting a write access using at ALLOC[0x0], but that tag only grants SharedReadOnly permission for this location +error: Undefined Behavior: attempting a write access using at ALLOC[0x0], but that tag only grants SharedReadOnly permission for this location --> $DIR/shr_frozen_violation1.rs:LL:CC | LL | *(x as *const i32 as *mut i32) = 7; | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | | - | attempting a write access using at ALLOC[0x0], but that tag only grants SharedReadOnly permission for this location + | attempting a write access using at ALLOC[0x0], but that tag only grants SharedReadOnly permission for this location | this error occurs as part of an access at ALLOC[0x0..0x4] | = help: this indicates a potential bug in the program: it performed an invalid operation, but the Stacked Borrows rules it violated are still experimental = help: see https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md for further information -help: tag was most recently created at offsets [0x0..0x4] +help: was created by a retag at offsets [0x0..0x4] --> $DIR/shr_frozen_violation1.rs:LL:CC | LL | *(x as *const i32 as *mut i32) = 7; diff --git a/tests/fail/stacked_borrows/transmute-is-no-escape.stderr b/tests/fail/stacked_borrows/transmute-is-no-escape.stderr index a9682f806ba..91c3ff9f863 100644 --- a/tests/fail/stacked_borrows/transmute-is-no-escape.stderr +++ b/tests/fail/stacked_borrows/transmute-is-no-escape.stderr @@ -1,15 +1,19 @@ -error: Undefined Behavior: attempting a write access using at ALLOC[0x0], but that tag does not exist in the borrow stack for this location +error: Undefined Behavior: attempting a write access using at ALLOC[0x0], but that tag does not exist in the borrow stack for this location --> $DIR/transmute-is-no-escape.rs:LL:CC | LL | unsafe { *raw = 13 }; | ^^^^^^^^^ | | - | attempting a write access using at ALLOC[0x0], but that tag does not exist in the borrow stack for this location + | attempting a write access using at ALLOC[0x0], but that tag does not exist in the borrow stack for this location | this error occurs as part of an access at ALLOC[0x0..0x4] | = help: this indicates a potential bug in the program: it performed an invalid operation, but the Stacked Borrows rules it violated are still experimental = help: see https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md for further information - +help: was created by a retag at offsets [0x4..0x8] + --> $DIR/transmute-is-no-escape.rs:LL:CC + | +LL | let raw = (&mut x[1] as *mut i32).wrapping_offset(-1); + | ^^^^^^^^^ = note: inside `main` at $DIR/transmute-is-no-escape.rs:LL:CC note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace diff --git a/tests/fail/stacked_borrows/unescaped_local.stderr b/tests/fail/stacked_borrows/unescaped_local.stderr index 616c60b8aa1..2f6605c058b 100644 --- a/tests/fail/stacked_borrows/unescaped_local.stderr +++ b/tests/fail/stacked_borrows/unescaped_local.stderr @@ -1,27 +1,33 @@ -error: Undefined Behavior: attempting a write access using at ALLOC[0x0], but that tag does not exist in the borrow stack for this location +warning: pointer-to-integer cast + --> $DIR/unescaped_local.rs:LL:CC + | +LL | let raw = &mut x as *mut i32 as usize as *mut i32; + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pointer-to-integer cast + | + = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`, + = help: which means that Miri might miss pointer bugs in this program + = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation + = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead + = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics + = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning + + = note: inside `main` at $DIR/unescaped_local.rs:LL:CC + +error: Undefined Behavior: attempting a write access using at ALLOC[0x0], but no exposed tags have suitable permission in the borrow stack for this location --> $DIR/unescaped_local.rs:LL:CC | LL | *raw = 13; | ^^^^^^^^^ | | - | attempting a write access using at ALLOC[0x0], but that tag does not exist in the borrow stack for this location + | attempting a write access using at ALLOC[0x0], but no exposed tags have suitable permission in the borrow stack for this location | this error occurs as part of an access at ALLOC[0x0..0x4] | = help: this indicates a potential bug in the program: it performed an invalid operation, but the Stacked Borrows rules it violated are still experimental = help: see https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md for further information -help: tag was most recently created at offsets [0x0..0x4] - --> $DIR/unescaped_local.rs:LL:CC - | -LL | let raw = &mut x as *mut i32 as usize as *mut i32; - | ^^^^^^ -help: tag was later invalidated at offsets [0x0..0x4] - --> $DIR/unescaped_local.rs:LL:CC - | -LL | let _ptr = &mut x; - | ^^^^^^ + = note: inside `main` at $DIR/unescaped_local.rs:LL:CC note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace -error: aborting due to previous error +error: aborting due to previous error; 1 warning emitted diff --git a/tests/fail/stacked_borrows/unescaped_static.stderr b/tests/fail/stacked_borrows/unescaped_static.stderr index a0ac19f0429..621e9617fdf 100644 --- a/tests/fail/stacked_borrows/unescaped_static.stderr +++ b/tests/fail/stacked_borrows/unescaped_static.stderr @@ -1,15 +1,19 @@ -error: Undefined Behavior: attempting a read access using at ALLOC[0x1], but that tag does not exist in the borrow stack for this location +error: Undefined Behavior: attempting a read access using at ALLOC[0x1], but that tag does not exist in the borrow stack for this location --> $DIR/unescaped_static.rs:LL:CC | LL | let _val = unsafe { *ptr_to_first.add(1) }; | ^^^^^^^^^^^^^^^^^^^^ | | - | attempting a read access using at ALLOC[0x1], but that tag does not exist in the borrow stack for this location + | attempting a read access using at ALLOC[0x1], but that tag does not exist in the borrow stack for this location | this error occurs as part of an access at ALLOC[0x1..0x2] | = help: this indicates a potential bug in the program: it performed an invalid operation, but the Stacked Borrows rules it violated are still experimental = help: see https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md for further information - +help: was created by a retag at offsets [0x0..0x1] + --> $DIR/unescaped_static.rs:LL:CC + | +LL | let ptr_to_first = &ARRAY[0] as *const u8; + | ^^^^^^^^^ = note: inside `main` at $DIR/unescaped_static.rs:LL:CC note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace diff --git a/tests/fail/unaligned_pointers/intptrcast_alignment_check.stderr b/tests/fail/unaligned_pointers/intptrcast_alignment_check.stderr index 347486187e1..bd8d161de83 100644 --- a/tests/fail/unaligned_pointers/intptrcast_alignment_check.stderr +++ b/tests/fail/unaligned_pointers/intptrcast_alignment_check.stderr @@ -1,3 +1,18 @@ +warning: pointer-to-integer cast + --> $DIR/intptrcast_alignment_check.rs:LL:CC + | +LL | let u16_ptr = base_addr_aligned as *mut u16; + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pointer-to-integer cast + | + = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`, + = help: which means that Miri might miss pointer bugs in this program + = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation + = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead + = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics + = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning + + = note: inside `main` at $DIR/intptrcast_alignment_check.rs:LL:CC + error: Undefined Behavior: accessing memory with alignment ALIGN, but alignment ALIGN is required --> $DIR/intptrcast_alignment_check.rs:LL:CC | @@ -11,5 +26,5 @@ LL | unsafe { *u16_ptr = 2 }; note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace -error: aborting due to previous error +error: aborting due to previous error; 1 warning emitted diff --git a/tests/fail/uninit_byte_read.rs b/tests/fail/uninit_byte_read.rs index 6868e589550..683088e78bf 100644 --- a/tests/fail/uninit_byte_read.rs +++ b/tests/fail/uninit_byte_read.rs @@ -1,3 +1,4 @@ +// compile-flags: -Zmiri-disable-stacked-borrows fn main() { let v: Vec = Vec::with_capacity(10); let undef = unsafe { *v.get_unchecked(5) }; //~ ERROR uninitialized diff --git a/tests/fail/validity/cast_fn_ptr1.stderr b/tests/fail/validity/cast_fn_ptr1.stderr index d048377a779..d7585790005 100644 --- a/tests/fail/validity/cast_fn_ptr1.stderr +++ b/tests/fail/validity/cast_fn_ptr1.stderr @@ -1,3 +1,18 @@ +warning: pointer-to-integer cast + --> $DIR/cast_fn_ptr1.rs:LL:CC + | +LL | g(0usize as *const i32) + | ^^^^^^^^^^^^^^^^^^^^ pointer-to-integer cast + | + = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`, + = help: which means that Miri might miss pointer bugs in this program + = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation + = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead + = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics + = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning + + = note: inside `main` at $DIR/cast_fn_ptr1.rs:LL:CC + error: Undefined Behavior: type validation failed: encountered a null reference --> $DIR/cast_fn_ptr1.rs:LL:CC | @@ -11,5 +26,5 @@ LL | g(0usize as *const i32) note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace -error: aborting due to previous error +error: aborting due to previous error; 1 warning emitted diff --git a/tests/fail/validity/cast_fn_ptr2.stderr b/tests/fail/validity/cast_fn_ptr2.stderr index 10b9b9b8602..d47b39356ff 100644 --- a/tests/fail/validity/cast_fn_ptr2.stderr +++ b/tests/fail/validity/cast_fn_ptr2.stderr @@ -1,3 +1,23 @@ +warning: pointer-to-integer cast + --> $DIR/cast_fn_ptr2.rs:LL:CC + | +LL | 0usize as *const i32 + | ^^^^^^^^^^^^^^^^^^^^ pointer-to-integer cast + | + = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`, + = help: which means that Miri might miss pointer bugs in this program + = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation + = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead + = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics + = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning + + = note: inside `main::f` at $DIR/cast_fn_ptr2.rs:LL:CC +note: inside `main` at $DIR/cast_fn_ptr2.rs:LL:CC + --> $DIR/cast_fn_ptr2.rs:LL:CC + | +LL | let _x = g(); + | ^^^ + error: Undefined Behavior: type validation failed: encountered a null reference --> $DIR/cast_fn_ptr2.rs:LL:CC | @@ -11,5 +31,5 @@ LL | let _x = g(); note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace -error: aborting due to previous error +error: aborting due to previous error; 1 warning emitted diff --git a/tests/pass/adjacent-allocs.rs b/tests/pass/adjacent-allocs.rs index 509965fe4fa..925430ae203 100644 --- a/tests/pass/adjacent-allocs.rs +++ b/tests/pass/adjacent-allocs.rs @@ -1,3 +1,5 @@ +// compile-flags: -Zmiri-permissive-provenance + fn main() { // The slack between allocations is random. // Loop a few times to hit the zero-slack case. diff --git a/tests/pass/align.stderr b/tests/pass/align.stderr new file mode 100644 index 00000000000..9a15ec2cda6 --- /dev/null +++ b/tests/pass/align.stderr @@ -0,0 +1,20 @@ +warning: pointer-to-integer cast + --> $DIR/align.rs:LL:CC + | +LL | let u16_ptr = base_addr_aligned as *mut u16; + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pointer-to-integer cast + | + = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`, + = help: which means that Miri might miss pointer bugs in this program + = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation + = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead + = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics + = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning + + = note: inside `manual_alignment` at $DIR/align.rs:LL:CC +note: inside `main` at $DIR/align.rs:LL:CC + --> $DIR/align.rs:LL:CC + | +LL | manual_alignment(); + | ^^^^^^^^^^^^^^^^^^ + diff --git a/tests/pass/box.rs b/tests/pass/box.rs index c2ecc370717..7bbe7be516b 100644 --- a/tests/pass/box.rs +++ b/tests/pass/box.rs @@ -47,7 +47,7 @@ fn boxed_pair_to_vec() { struct Foo(u64); fn reinterstruct(box_pair: Box) -> Vec { let ref_pair = Box::leak(box_pair) as *mut PairFoo; - let ptr_foo = unsafe { &mut (*ref_pair).fst as *mut Foo }; + let ptr_foo = unsafe { std::ptr::addr_of_mut!((*ref_pair).fst) }; unsafe { Vec::from_raw_parts(ptr_foo, 2, 2) } } diff --git a/tests/pass/box.stderr b/tests/pass/box.stderr new file mode 100644 index 00000000000..eac98bf2d12 --- /dev/null +++ b/tests/pass/box.stderr @@ -0,0 +1,20 @@ +warning: pointer-to-integer cast + --> $DIR/box.rs:LL:CC + | +LL | let r2 = ((r as usize) + 0) as *mut i32; + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pointer-to-integer cast + | + = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`, + = help: which means that Miri might miss pointer bugs in this program + = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation + = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead + = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics + = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning + + = note: inside `into_raw` at $DIR/box.rs:LL:CC +note: inside `main` at $DIR/box.rs:LL:CC + --> $DIR/box.rs:LL:CC + | +LL | into_raw(); + | ^^^^^^^^^^ + diff --git a/tests/pass/concurrency/tls_pthread_drop_order.rs b/tests/pass/concurrency/tls_pthread_drop_order.rs index 4d69449821c..29c57bf49a3 100644 --- a/tests/pass/concurrency/tls_pthread_drop_order.rs +++ b/tests/pass/concurrency/tls_pthread_drop_order.rs @@ -4,6 +4,7 @@ extern crate libc; use std::mem; +use std::ptr; pub type Key = libc::pthread_key_t; @@ -11,7 +12,7 @@ static mut RECORD: usize = 0; static mut KEYS: [Key; 2] = [0; 2]; static mut GLOBALS: [u64; 2] = [1, 0]; -static mut CANNARY: *mut u64 = 0 as *mut _; // this serves as a cannary: if TLS dtors are not run properly, this will not get deallocated, making the test fail. +static mut CANNARY: *mut u64 = ptr::null_mut(); // this serves as a cannary: if TLS dtors are not run properly, this will not get deallocated, making the test fail. pub unsafe fn create(dtor: Option) -> Key { let mut key = 0; @@ -30,7 +31,7 @@ pub fn record(r: usize) { } unsafe extern "C" fn dtor(ptr: *mut u64) { - assert!(CANNARY != 0 as *mut _); // make sure we do not get run too often + assert!(CANNARY != ptr::null_mut()); // make sure we do not get run too often let val = *ptr; let which_key = @@ -48,7 +49,7 @@ unsafe extern "C" fn dtor(ptr: *mut u64) { // The correct sequence is: First key 0, then key 1, then key 0. if RECORD == 0_1_0 { drop(Box::from_raw(CANNARY)); - CANNARY = 0 as *mut _; + CANNARY = ptr::null_mut(); } } diff --git a/tests/pass/extern_types.stderr b/tests/pass/extern_types.stderr new file mode 100644 index 00000000000..730a4304253 --- /dev/null +++ b/tests/pass/extern_types.stderr @@ -0,0 +1,15 @@ +warning: pointer-to-integer cast + --> $DIR/extern_types.rs:LL:CC + | +LL | let x: &Foo = unsafe { &*(16 as *const Foo) }; + | ^^^^^^^^^^^^^^^^^^ pointer-to-integer cast + | + = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`, + = help: which means that Miri might miss pointer bugs in this program + = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation + = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead + = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics + = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning + + = note: inside `main` at $DIR/extern_types.rs:LL:CC + diff --git a/tests/pass/intptrcast.rs b/tests/pass/intptrcast.rs index aafa90204fc..a5e1d196529 100644 --- a/tests/pass/intptrcast.rs +++ b/tests/pass/intptrcast.rs @@ -1,3 +1,5 @@ +// compile-flags: -Zmiri-permissive-provenance + // This strips provenance fn transmute_ptr_to_int(x: *const T) -> usize { unsafe { std::mem::transmute(x) } diff --git a/tests/pass/intrinsics.rs b/tests/pass/intrinsics.rs index 9e310082f35..0042872a3b4 100644 --- a/tests/pass/intrinsics.rs +++ b/tests/pass/intrinsics.rs @@ -1,3 +1,4 @@ +// compile-flags: -Zmiri-permissive-provenance #![feature(core_intrinsics, const_raw_ptr_comparison)] #![feature(layout_for_ptr)] diff --git a/tests/pass/linux-getrandom-without-isolation.rs b/tests/pass/linux-getrandom-without-isolation.rs index ad1a1f27c77..56a53699477 100644 --- a/tests/pass/linux-getrandom-without-isolation.rs +++ b/tests/pass/linux-getrandom-without-isolation.rs @@ -3,13 +3,15 @@ #![feature(rustc_private)] extern crate libc; +use std::ptr; + fn main() { let mut buf = [0u8; 5]; unsafe { assert_eq!( libc::syscall( libc::SYS_getrandom, - 0 as *mut libc::c_void, + ptr::null_mut::(), 0 as libc::size_t, 0 as libc::c_uint, ), @@ -26,7 +28,7 @@ fn main() { ); assert_eq!( - libc::getrandom(0 as *mut libc::c_void, 0 as libc::size_t, 0 as libc::c_uint), + libc::getrandom(ptr::null_mut::(), 0 as libc::size_t, 0 as libc::c_uint), 0, ); assert_eq!( diff --git a/tests/pass/linux-getrandom.rs b/tests/pass/linux-getrandom.rs index 7d3f899f440..a3596e4c7a9 100644 --- a/tests/pass/linux-getrandom.rs +++ b/tests/pass/linux-getrandom.rs @@ -2,13 +2,15 @@ #![feature(rustc_private)] extern crate libc; +use std::ptr; + fn main() { let mut buf = [0u8; 5]; unsafe { assert_eq!( libc::syscall( libc::SYS_getrandom, - 0 as *mut libc::c_void, + ptr::null_mut::(), 0 as libc::size_t, 0 as libc::c_uint, ), @@ -25,7 +27,7 @@ fn main() { ); assert_eq!( - libc::getrandom(0 as *mut libc::c_void, 0 as libc::size_t, 0 as libc::c_uint), + libc::getrandom(ptr::null_mut::(), 0 as libc::size_t, 0 as libc::c_uint), 0, ); assert_eq!( diff --git a/tests/pass/panic/catch_panic.rs b/tests/pass/panic/catch_panic.rs index 2fb00391cd7..3979fb3b071 100644 --- a/tests/pass/panic/catch_panic.rs +++ b/tests/pass/panic/catch_panic.rs @@ -1,5 +1,5 @@ // We test the `align_offset` panic below, make sure we test the interpreter impl and not the "real" one. -// compile-flags: -Zmiri-symbolic-alignment-check +// compile-flags: -Zmiri-symbolic-alignment-check -Zmiri-permissive-provenance #![feature(never_type)] #![allow(unconditional_panic, non_fmt_panics)] diff --git a/tests/pass/ptr_int_casts.rs b/tests/pass/ptr_int_casts.rs index 889b6bd04f9..ffe6a114c66 100644 --- a/tests/pass/ptr_int_casts.rs +++ b/tests/pass/ptr_int_casts.rs @@ -1,3 +1,4 @@ +// compile-flags: -Zmiri-permissive-provenance use std::mem; use std::ptr; diff --git a/tests/pass/ptr_offset.rs b/tests/pass/ptr_offset.rs index 1b25df72145..b16a06a7260 100644 --- a/tests/pass/ptr_offset.rs +++ b/tests/pass/ptr_offset.rs @@ -1,3 +1,4 @@ +// compile-flags: -Zmiri-permissive-provenance use std::{mem, ptr}; fn main() { diff --git a/tests/pass/stacked-borrows/2phase.rs b/tests/pass/stacked-borrows/2phase.rs index 345cb64ccf7..eb543d691e1 100644 --- a/tests/pass/stacked-borrows/2phase.rs +++ b/tests/pass/stacked-borrows/2phase.rs @@ -1,5 +1,3 @@ -// compile-flags: -Zmiri-tag-raw-pointers - trait S: Sized { fn tpb(&mut self, _s: Self) {} } diff --git a/tests/pass/stacked-borrows/interior_mutability.rs b/tests/pass/stacked-borrows/interior_mutability.rs index 9ee8af45aef..79958ab5539 100644 --- a/tests/pass/stacked-borrows/interior_mutability.rs +++ b/tests/pass/stacked-borrows/interior_mutability.rs @@ -1,4 +1,3 @@ -// compile-flags: -Zmiri-tag-raw-pointers use std::cell::{Cell, RefCell, UnsafeCell}; use std::mem::{self, MaybeUninit}; diff --git a/tests/pass/stacked-borrows/stacked-borrows.rs b/tests/pass/stacked-borrows/stacked-borrows.rs index 131783ef4fb..eb0ff167eb1 100644 --- a/tests/pass/stacked-borrows/stacked-borrows.rs +++ b/tests/pass/stacked-borrows/stacked-borrows.rs @@ -1,4 +1,3 @@ -// compile-flags: -Zmiri-tag-raw-pointers use std::ptr; // Test various stacked-borrows-related things. diff --git a/tests/pass/zst.rs b/tests/pass/zst.rs index 3a853e7d8a6..fade1e0dad8 100644 --- a/tests/pass/zst.rs +++ b/tests/pass/zst.rs @@ -1,3 +1,4 @@ +// compile-flags: -Zmiri-permissive-provenance #[derive(PartialEq, Debug)] struct A;