From 80a0a12b07e4c3346cbacf70dcea810779ca0574 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Sat, 31 Oct 2020 13:56:46 +0100 Subject: [PATCH 1/5] Stacked Borrows: test raw-ref-to-field with raw ptr tracking --- tests/run-pass/stacked-borrows/int-to-ptr.rs | 13 +++++++ .../stacked-borrows/stacked-borrows.rs | 36 +++++++++++++------ 2 files changed, 38 insertions(+), 11 deletions(-) create mode 100644 tests/run-pass/stacked-borrows/int-to-ptr.rs diff --git a/tests/run-pass/stacked-borrows/int-to-ptr.rs b/tests/run-pass/stacked-borrows/int-to-ptr.rs new file mode 100644 index 00000000000..efba0da1b93 --- /dev/null +++ b/tests/run-pass/stacked-borrows/int-to-ptr.rs @@ -0,0 +1,13 @@ +fn main() { + ref_raw_int_raw(); +} + +// Just to make sure that casting a ref to raw, to int and back to raw +// and only then using it works. This rules out ideas like "do escape-to-raw lazily"; +// after casting to int and back, we lost the tag that could have let us do that. +fn ref_raw_int_raw() { + let mut x = 3; + let xref = &mut x; + let xraw = xref as *mut i32 as usize as *mut i32; + assert_eq!(unsafe { *xraw }, 3); +} diff --git a/tests/run-pass/stacked-borrows/stacked-borrows.rs b/tests/run-pass/stacked-borrows/stacked-borrows.rs index 765c6188b6e..ad1877fc019 100644 --- a/tests/run-pass/stacked-borrows/stacked-borrows.rs +++ b/tests/run-pass/stacked-borrows/stacked-borrows.rs @@ -1,8 +1,12 @@ +// compile-flags: -Zmiri-track-raw-pointers +// ignore-windows (FIXME: tracking raw pointers does not work on Windows) +#![feature(raw_ref_macros)] +use std::ptr; + // Test various stacked-borrows-related things. fn main() { read_does_not_invalidate1(); read_does_not_invalidate2(); - ref_raw_int_raw(); mut_raw_then_mut_shr(); mut_shr_then_mut_raw(); mut_raw_mut(); @@ -12,6 +16,7 @@ fn main() { two_raw(); shr_and_raw(); disjoint_mutable_subborrows(); + raw_ref_to_part(); } // Make sure that reading from an `&mut` does, like reborrowing to `&`, @@ -37,16 +42,6 @@ fn read_does_not_invalidate2() { assert_eq!(*foo(&mut (1, 2)), 2); } -// Just to make sure that casting a ref to raw, to int and back to raw -// and only then using it works. This rules out ideas like "do escape-to-raw lazily"; -// after casting to int and back, we lost the tag that could have let us do that. -fn ref_raw_int_raw() { - let mut x = 3; - let xref = &mut x; - let xraw = xref as *mut i32 as usize as *mut i32; - assert_eq!(unsafe { *xraw }, 3); -} - // Escape a mut to raw, then share the same mut and use the share, then the raw. // That should work. fn mut_raw_then_mut_shr() { @@ -162,3 +157,22 @@ fn disjoint_mutable_subborrows() { a.push_str(" world"); eprintln!("{:?} {:?}", a, b); } + +fn raw_ref_to_part() { + struct Part { + _lame: i32, + } + + #[repr(C)] + struct Whole { + part: Part, + extra: i32, + } + + let it = Box::new(Whole { part: Part { _lame: 0 }, extra: 42 }); + let whole = ptr::raw_mut!(*Box::leak(it)); + let part = unsafe { ptr::raw_mut!((*whole).part) }; + let typed = unsafe { &mut *(part as *mut Whole) }; + assert!(typed.extra == 42); + drop(unsafe { Box::from_raw(whole) }); +} From f936bc6b92dbee4e94988b9c46298f59481bd2ea Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Sat, 31 Oct 2020 16:22:16 +0100 Subject: [PATCH 2/5] fix writing to read-only raw pointer in thread-local test --- tests/run-pass/thread-local.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/run-pass/thread-local.rs b/tests/run-pass/thread-local.rs index 1aa442edad3..72ab973b0f0 100644 --- a/tests/run-pass/thread-local.rs +++ b/tests/run-pass/thread-local.rs @@ -58,7 +58,7 @@ fn main() { // Initialize the keys we use to check destructor ordering for (key, global) in KEYS.iter_mut().zip(GLOBALS.iter_mut()) { *key = create(Some(mem::transmute(dtor as unsafe extern fn(*mut u64)))); - set(*key, global as *const _ as *mut _); + set(*key, global as *mut _ as *mut u8); } // Initialize cannary From 00bc944eeac0eaa12a1facf2e623f7832f402e57 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Sat, 31 Oct 2020 16:23:41 +0100 Subject: [PATCH 3/5] test Rc with raw pointer tracking --- tests/run-pass/rc.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/run-pass/rc.rs b/tests/run-pass/rc.rs index 3dc61fe1f00..47f29992c45 100644 --- a/tests/run-pass/rc.rs +++ b/tests/run-pass/rc.rs @@ -1,3 +1,5 @@ +// compile-flags: -Zmiri-track-raw-pointers +// ignore-windows (FIXME: tracking raw pointers does not work on Windows) #![feature(new_uninit)] #![feature(get_mut_unchecked)] From 7eaba6684cab6247a791cd5620710773e5308c33 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Sat, 31 Oct 2020 16:28:56 +0100 Subject: [PATCH 4/5] fix trophy case URL --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4b09d1586ad..578ca0251c5 100644 --- a/README.md +++ b/README.md @@ -411,7 +411,7 @@ Violations of [Stacked Borrows] found that are likely bugs (but Stacked Borrows * [TiKV creating overlapping mutable reference and raw pointer](https://github.com/tikv/tikv/pull/7709) * [Windows `Env` iterator using a raw pointer outside its valid memory area](https://github.com/rust-lang/rust/pull/70479) * [`VecDeque::iter_mut` creating overlapping mutable references](https://github.com/rust-lang/rust/issues/74029) -* [Standard library `SipHasher` using a raw pointer outside its valid memory area](https://github.com/rust-lang/rust/pull/78484) +* [Various standard library aliasing issues involving raw pointers](https://github.com/rust-lang/rust/pull/78602) ## License From 571b48cc47a7a4826f16766a4668168dd090a6f8 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Tue, 3 Nov 2020 20:07:19 +0100 Subject: [PATCH 5/5] rustup --- rust-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust-version b/rust-version index 40aa78ae9a9..efb6b94d3b4 100644 --- a/rust-version +++ b/rust-version @@ -1 +1 @@ -a53fb30e3bf2655b0563da6d561c23cda5f3ec11 +5cdf5b882da9e8b7c73b5cadeb7745cb68f6ff63