more int2ptr cast tests, and fix casting of addresses inside dead allocations

src/intptrcast.rs

@@ -90,8 +90,16 @@ impl<'mir, 'tcx> GlobalStateInner {
             }
         }?;
 
-        // We only use this provenance if it has been exposed.
-        if global_state.exposed.contains(&alloc_id) { Some(alloc_id) } else { None }
+        // We only use this provenance if it has been exposed, *and* is still live.
+        if global_state.exposed.contains(&alloc_id) {
+            // FIXME: this catches `InterpError`, which we should not usually do.
+            // We might need a proper fallible API from `memory.rs` to avoid this though.
+            if let Ok(_) = ecx.get_alloc_size_and_align(alloc_id, AllocCheck::Live) {
+                return Some(alloc_id);
+            }
+        }
+
+        None
     }
 
     pub fn expose_ptr(ecx: &mut MiriEvalContext<'mir, 'tcx>, alloc_id: AllocId, sb: SbTag) {

tests/fail/backtrace/bad-backtrace-flags.rs

@@ -4,6 +4,6 @@ extern "Rust" {
 
 fn main() {
     unsafe {
-        miri_get_backtrace(2, 0 as *mut _); //~ ERROR  unsupported operation: unknown `miri_get_backtrace` flags 2
+        miri_get_backtrace(2, std::ptr::null_mut()); //~ ERROR  unsupported operation: unknown `miri_get_backtrace` flags 2
     }
 }

tests/fail/backtrace/bad-backtrace-flags.stderr

@@ -1,23 +1,8 @@
-warning: pointer-to-integer cast
-  --> $DIR/bad-backtrace-flags.rs:LL:CC
-   |
-LL |         miri_get_backtrace(2, 0 as *mut _);
-   |                               ^^^^^^^^^^^ pointer-to-integer cast
-   |
-   = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`,
-   = help: which means that Miri might miss pointer bugs in this program
-   = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation
-   = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead
-   = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics
-   = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning
-           
-   = note: inside `main` at $DIR/bad-backtrace-flags.rs:LL:CC
-
 error: unsupported operation: unknown `miri_get_backtrace` flags 2
   --> $DIR/bad-backtrace-flags.rs:LL:CC
    |
-LL |         miri_get_backtrace(2, 0 as *mut _);
-   |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ unknown `miri_get_backtrace` flags 2
+LL |         miri_get_backtrace(2, std::ptr::null_mut());
+   |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ unknown `miri_get_backtrace` flags 2
    |
    = help: this is likely not a bug in the program; it indicates that the program performed an operation that the interpreter does not support
            
@@ -25,5 +10,5 @@ LL |         miri_get_backtrace(2, 0 as *mut _);
 
 note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
 
-error: aborting due to previous error; 1 warning emitted
+error: aborting due to previous error
 

tests/fail/backtrace/bad-backtrace-ptr.rs

@@ -4,6 +4,6 @@ extern "Rust" {
 
 fn main() {
     unsafe {
-        miri_resolve_frame(0 as *mut _, 0); //~ ERROR null pointer is not a valid pointer for this operation
+        miri_resolve_frame(std::ptr::null_mut(), 0); //~ ERROR null pointer is not a valid pointer for this operation
     }
 }

tests/fail/backtrace/bad-backtrace-ptr.stderr

@@ -1,23 +1,8 @@
-warning: pointer-to-integer cast
-  --> $DIR/bad-backtrace-ptr.rs:LL:CC
-   |
-LL |         miri_resolve_frame(0 as *mut _, 0);
-   |                            ^^^^^^^^^^^ pointer-to-integer cast
-   |
-   = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`,
-   = help: which means that Miri might miss pointer bugs in this program
-   = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation
-   = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead
-   = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics
-   = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning
-           
-   = note: inside `main` at $DIR/bad-backtrace-ptr.rs:LL:CC
-
 error: Undefined Behavior: null pointer is not a valid pointer for this operation
   --> $DIR/bad-backtrace-ptr.rs:LL:CC
    |
-LL |         miri_resolve_frame(0 as *mut _, 0);
-   |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ null pointer is not a valid pointer for this operation
+LL |         miri_resolve_frame(std::ptr::null_mut(), 0);
+   |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ null pointer is not a valid pointer for this operation
    |
    = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
    = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
@@ -26,5 +11,5 @@ LL |         miri_resolve_frame(0 as *mut _, 0);
 
 note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
 
-error: aborting due to previous error; 1 warning emitted
+error: aborting due to previous error
 

tests/fail/backtrace/bad-backtrace-resolve-flags.rs

@@ -15,7 +15,7 @@ extern "Rust" {
 
 fn main() {
     unsafe {
-        let mut buf = vec![0 as *mut _; miri_backtrace_size(0)];
+        let mut buf = vec![std::ptr::null_mut(); miri_backtrace_size(0)];
 
         miri_get_backtrace(1, buf.as_mut_ptr());
 

tests/fail/backtrace/bad-backtrace-resolve-flags.stderr

@@ -1,18 +1,3 @@
-warning: pointer-to-integer cast
-  --> $DIR/bad-backtrace-resolve-flags.rs:LL:CC
-   |
-LL |         let mut buf = vec![0 as *mut _; miri_backtrace_size(0)];
-   |                            ^^^^^^^^^^^ pointer-to-integer cast
-   |
-   = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`,
-   = help: which means that Miri might miss pointer bugs in this program
-   = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation
-   = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead
-   = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics
-   = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning
-           
-   = note: inside `main` at $DIR/bad-backtrace-resolve-flags.rs:LL:CC
-
 error: unsupported operation: unknown `miri_resolve_frame` flags 2
   --> $DIR/bad-backtrace-resolve-flags.rs:LL:CC
    |
@@ -25,5 +10,5 @@ LL |         miri_resolve_frame(buf[0], 2);
 
 note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
 
-error: aborting due to previous error; 1 warning emitted
+error: aborting due to previous error
 

tests/fail/backtrace/bad-backtrace-resolve-names-flags.rs

@@ -6,11 +6,11 @@ extern "Rust" {
 
 fn main() {
     unsafe {
-        let mut buf = vec![0 as *mut _; miri_backtrace_size(0)];
+        let mut buf = vec![std::ptr::null_mut(); miri_backtrace_size(0)];
 
         miri_get_backtrace(1, buf.as_mut_ptr());
 
         // miri_resolve_frame_names will error from an invalid backtrace before it will from invalid flags
-        miri_resolve_frame_names(buf[0], 2, 0 as *mut _, 0 as *mut _); //~ ERROR  unsupported operation: unknown `miri_resolve_frame_names` flags 2
+        miri_resolve_frame_names(buf[0], 2, std::ptr::null_mut(), std::ptr::null_mut()); //~ ERROR  unsupported operation: unknown `miri_resolve_frame_names` flags 2
     }
 }

tests/fail/backtrace/bad-backtrace-resolve-names-flags.stderr

@@ -1,23 +1,8 @@
-warning: pointer-to-integer cast
-  --> $DIR/bad-backtrace-resolve-names-flags.rs:LL:CC
-   |
-LL |         let mut buf = vec![0 as *mut _; miri_backtrace_size(0)];
-   |                            ^^^^^^^^^^^ pointer-to-integer cast
-   |
-   = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`,
-   = help: which means that Miri might miss pointer bugs in this program
-   = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation
-   = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead
-   = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics
-   = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning
-           
-   = note: inside `main` at $DIR/bad-backtrace-resolve-names-flags.rs:LL:CC
-
 error: unsupported operation: unknown `miri_resolve_frame_names` flags 2
   --> $DIR/bad-backtrace-resolve-names-flags.rs:LL:CC
    |
-LL | ...   miri_resolve_frame_names(buf[0], 2, 0 as *mut _, 0 as *mut _);
-   |       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ unknown `miri_resolve_frame_names` flags 2
+LL | ...   miri_resolve_frame_names(buf[0], 2, std::ptr::null_mut(), std::ptr::null_mut());
+   |       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ unknown `miri_resolve_frame_names` flags 2
    |
    = help: this is likely not a bug in the program; it indicates that the program performed an operation that the interpreter does not support
            
@@ -25,5 +10,5 @@ LL | ...   miri_resolve_frame_names(buf[0], 2, 0 as *mut _, 0 as *mut _);
 
 note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
 
-error: aborting due to previous error; 1 warning emitted
+error: aborting due to previous error
 

tests/fail/concurrency/thread_local_static_dealloc.rs

@@ -7,9 +7,12 @@
 #[thread_local]
 static mut TLS: u8 = 0;
 
+struct SendRaw(*const u8);
+unsafe impl Send for SendRaw {}
+
 fn main() {
     unsafe {
-        let dangling_ptr = std::thread::spawn(|| &TLS as *const u8 as usize).join().unwrap();
-        let _val = *(dangling_ptr as *const u8); //~ ERROR dereferenced after this allocation got freed
+        let dangling_ptr = std::thread::spawn(|| SendRaw(&TLS as *const u8)).join().unwrap();
+        let _val = *dangling_ptr.0; //~ ERROR dereferenced after this allocation got freed
     }
 }

tests/fail/concurrency/thread_local_static_dealloc.stderr

@@ -1,23 +1,8 @@
-warning: pointer-to-integer cast
-  --> $DIR/thread_local_static_dealloc.rs:LL:CC
-   |
-LL |         let _val = *(dangling_ptr as *const u8);
-   |                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^ pointer-to-integer cast
-   |
-   = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`,
-   = help: which means that Miri might miss pointer bugs in this program
-   = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation
-   = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead
-   = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics
-   = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning
-           
-   = note: inside `main` at $DIR/thread_local_static_dealloc.rs:LL:CC
-
 error: Undefined Behavior: pointer to ALLOC was dereferenced after this allocation got freed
   --> $DIR/thread_local_static_dealloc.rs:LL:CC
    |
-LL |         let _val = *(dangling_ptr as *const u8);
-   |                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pointer to ALLOC was dereferenced after this allocation got freed
+LL |         let _val = *dangling_ptr.0;
+   |                    ^^^^^^^^^^^^^^^ pointer to ALLOC was dereferenced after this allocation got freed
    |
    = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
    = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
@@ -26,5 +11,5 @@ LL |         let _val = *(dangling_ptr as *const u8);
 
 note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
 
-error: aborting due to previous error; 1 warning emitted
+error: aborting due to previous error
 

tests/fail/dangling_pointers/deref-invalid-ptr.rs

@@ -1,5 +1,5 @@
 // This should fail even without validation.
-// compile-flags: -Zmiri-disable-validation
+// compile-flags: -Zmiri-disable-validation -Zmiri-permissive-provenance
 
 fn main() {
     let x = 16usize as *const u32;

tests/fail/dangling_pointers/deref-invalid-ptr.stderr

@@ -1,18 +1,3 @@
-warning: pointer-to-integer cast
-  --> $DIR/deref-invalid-ptr.rs:LL:CC
-   |
-LL |     let x = 16usize as *const u32;
-   |             ^^^^^^^^^^^^^^^^^^^^^ pointer-to-integer cast
-   |
-   = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`,
-   = help: which means that Miri might miss pointer bugs in this program
-   = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation
-   = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead
-   = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics
-   = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning
-           
-   = note: inside `main` at $DIR/deref-invalid-ptr.rs:LL:CC
-
 error: Undefined Behavior: dereferencing pointer failed: 0x10 is not a valid pointer
   --> $DIR/deref-invalid-ptr.rs:LL:CC
    |
@@ -26,5 +11,5 @@ LL |     let _y = unsafe { &*x as *const u32 };
 
 note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
 
-error: aborting due to previous error; 1 warning emitted
+error: aborting due to previous error
 

tests/fail/dangling_pointers/storage_dead_dangling.rs

@@ -1,5 +1,5 @@
 // This should fail even without validation, but some MIR opts mask the error
-// compile-flags: -Zmiri-disable-validation -Zmir-opt-level=0
+// compile-flags: -Zmiri-disable-validation -Zmir-opt-level=0 -Zmiri-permissive-provenance
 
 static mut LEAK: usize = 0;
 
@@ -10,7 +10,7 @@ fn fill(v: &mut i32) {
 }
 
 fn evil() {
-    unsafe { &mut *(LEAK as *mut i32) }; //~ ERROR dereferenced after this allocation got freed
+    unsafe { &mut *(LEAK as *mut i32) }; //~ ERROR is not a valid pointer
 }
 
 fn main() {
@@ -21,6 +21,6 @@ fn main() {
         _y = x;
     }
     // Now we use a pointer to `x` which is no longer in scope, and thus dead (even though the
-    // `main` stack frame still exists).
+    // `main` stack frame still exists). We even try going through a `usize` for extra sneakiness!
     evil();
 }

tests/fail/dangling_pointers/storage_dead_dangling.stderr

@@ -1,28 +1,8 @@
-warning: pointer-to-integer cast
+error: Undefined Behavior: dereferencing pointer failed: $HEX is not a valid pointer
   --> $DIR/storage_dead_dangling.rs:LL:CC
    |
 LL |     unsafe { &mut *(LEAK as *mut i32) };
-   |                    ^^^^^^^^^^^^^^^^^^ pointer-to-integer cast
-   |
-   = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`,
-   = help: which means that Miri might miss pointer bugs in this program
-   = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation
-   = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead
-   = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics
-   = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning
-           
-   = note: inside `evil` at $DIR/storage_dead_dangling.rs:LL:CC
-note: inside `main` at $DIR/storage_dead_dangling.rs:LL:CC
-  --> $DIR/storage_dead_dangling.rs:LL:CC
-   |
-LL |     evil();
-   |     ^^^^^^
-
-error: Undefined Behavior: pointer to ALLOC was dereferenced after this allocation got freed
-  --> $DIR/storage_dead_dangling.rs:LL:CC
-   |
-LL |     unsafe { &mut *(LEAK as *mut i32) };
-   |              ^^^^^^^^^^^^^^^^^^^^^^^^ pointer to ALLOC was dereferenced after this allocation got freed
+   |              ^^^^^^^^^^^^^^^^^^^^^^^^ dereferencing pointer failed: $HEX is not a valid pointer
    |
    = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
    = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
@@ -36,5 +16,5 @@ LL |     evil();
 
 note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
 
-error: aborting due to previous error; 1 warning emitted
+error: aborting due to previous error
 

tests/fail/dangling_pointers/wild_pointer_deref.rs

@@ -1,3 +1,5 @@
+// compile-flags: -Zmiri-permissive-provenance
+
 fn main() {
     let p = 44 as *const i32;
     let x = unsafe { *p }; //~ ERROR is not a valid pointer

tests/fail/dangling_pointers/wild_pointer_deref.stderr

@@ -1,18 +1,3 @@
-warning: pointer-to-integer cast
-  --> $DIR/wild_pointer_deref.rs:LL:CC
-   |
-LL |     let p = 44 as *const i32;
-   |             ^^^^^^^^^^^^^^^^ pointer-to-integer cast
-   |
-   = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`,
-   = help: which means that Miri might miss pointer bugs in this program
-   = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation
-   = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead
-   = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics
-   = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning
-           
-   = note: inside `main` at $DIR/wild_pointer_deref.rs:LL:CC
-
 error: Undefined Behavior: dereferencing pointer failed: 0x2c is not a valid pointer
   --> $DIR/wild_pointer_deref.rs:LL:CC
    |
@@ -26,5 +11,5 @@ LL |     let x = unsafe { *p };
 
 note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
 
-error: aborting due to previous error; 1 warning emitted
+error: aborting due to previous error
 

tests/fail/intrinsics/ptr_offset_0_plus_0.rs

@@ -1,4 +1,5 @@
 // error-pattern: pointer arithmetic failed: null pointer is not a valid pointer
+// compile-flags: -Zmiri-permissive-provenance
 
 fn main() {
     let x = 0 as *mut i32;

tests/fail/intrinsics/ptr_offset_0_plus_0.stderr

@@ -1,18 +1,3 @@
-warning: pointer-to-integer cast
-  --> $DIR/ptr_offset_0_plus_0.rs:LL:CC
-   |
-LL |     let x = 0 as *mut i32;
-   |             ^^^^^^^^^^^^^ pointer-to-integer cast
-   |
-   = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`,
-   = help: which means that Miri might miss pointer bugs in this program
-   = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation
-   = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead
-   = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics
-   = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning
-           
-   = note: inside `main` at $DIR/ptr_offset_0_plus_0.rs:LL:CC
-
 error: Undefined Behavior: pointer arithmetic failed: null pointer is not a valid pointer
   --> RUSTLIB/core/src/ptr/mut_ptr.rs:LL:CC
    |
@@ -31,5 +16,5 @@ LL |     let _x = unsafe { x.offset(0) }; // UB despite offset 0, NULL is never
 
 note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
 
-error: aborting due to previous error; 1 warning emitted
+error: aborting due to previous error
 

tests/fail/intrinsics/ptr_offset_int_plus_int.rs

@@ -1,4 +1,5 @@
 // error-pattern: is not a valid pointer
+// compile-flags: -Zmiri-permissive-provenance
 
 fn main() {
     // Can't offset an integer pointer by non-zero offset.

tests/fail/intrinsics/ptr_offset_int_plus_int.stderr

@@ -1,18 +1,3 @@
-warning: pointer-to-integer cast
-  --> $DIR/ptr_offset_int_plus_int.rs:LL:CC
-   |
-LL |         let _val = (1 as *mut u8).offset(1);
-   |                    ^^^^^^^^^^^^^^ pointer-to-integer cast
-   |
-   = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`,
-   = help: which means that Miri might miss pointer bugs in this program
-   = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation
-   = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead
-   = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics
-   = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning
-           
-   = note: inside `main` at $DIR/ptr_offset_int_plus_int.rs:LL:CC
-
 error: Undefined Behavior: pointer arithmetic failed: 0x1 is not a valid pointer
   --> RUSTLIB/core/src/ptr/mut_ptr.rs:LL:CC
    |
@@ -31,5 +16,5 @@ LL |         let _val = (1 as *mut u8).offset(1);
 
 note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
 
-error: aborting due to previous error; 1 warning emitted
+error: aborting due to previous error
 

tests/fail/intrinsics/ptr_offset_int_plus_ptr.rs

@@ -1,4 +1,5 @@
 // error-pattern: is not a valid pointer
+// compile-flags: -Zmiri-permissive-provenance
 
 fn main() {
     let ptr = Box::into_raw(Box::new(0u32));

tests/fail/intrinsics/ptr_offset_int_plus_ptr.stderr

@@ -1,18 +1,3 @@
-warning: pointer-to-integer cast
-  --> $DIR/ptr_offset_int_plus_ptr.rs:LL:CC
-   |
-LL |         let _val = (1 as *mut u8).offset(ptr as isize);
-   |                    ^^^^^^^^^^^^^^ pointer-to-integer cast
-   |
-   = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`,
-   = help: which means that Miri might miss pointer bugs in this program
-   = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation
-   = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead
-   = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics
-   = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning
-           
-   = note: inside `main` at $DIR/ptr_offset_int_plus_ptr.rs:LL:CC
-
 error: Undefined Behavior: pointer arithmetic failed: 0x1 is not a valid pointer
   --> RUSTLIB/core/src/ptr/mut_ptr.rs:LL:CC
    |
@@ -31,5 +16,5 @@ LL |         let _val = (1 as *mut u8).offset(ptr as isize);
 
 note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
 
-error: aborting due to previous error; 1 warning emitted
+error: aborting due to previous error
 

tests/fail/provenance/permissive_provenance_transmute.stderr

@@ -1,20 +0,0 @@
-error: Undefined Behavior: dereferencing pointer failed: $HEX is not a valid pointer
-  --> $DIR/permissive_provenance_transmute.rs:LL:CC
-   |
-LL |         let _val = *left_ptr;
-   |                    ^^^^^^^^^ dereferencing pointer failed: $HEX is not a valid pointer
-   |
-   = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
-   = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
-           
-   = note: inside `deref` at $DIR/permissive_provenance_transmute.rs:LL:CC
-note: inside `main` at $DIR/permissive_provenance_transmute.rs:LL:CC
-  --> $DIR/permissive_provenance_transmute.rs:LL:CC
-   |
-LL |         deref(ptr1, ptr2.with_addr(ptr1.addr()));
-   |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
-
-error: aborting due to previous error
-

tests/fail/provenance/provenance_transmute.stderr

@@ -1,5 +1,5 @@
 error: Undefined Behavior: dereferencing pointer failed: $HEX is not a valid pointer
-  --> $DIR/strict_provenance_transmute.rs:LL:CC
+  --> $DIR/provenance_transmute.rs:LL:CC
    |
 LL |         let _val = *left_ptr;
    |                    ^^^^^^^^^ dereferencing pointer failed: $HEX is not a valid pointer
@@ -7,9 +7,9 @@ LL |         let _val = *left_ptr;
    = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
    = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
            
-   = note: inside `deref` at $DIR/strict_provenance_transmute.rs:LL:CC
-note: inside `main` at $DIR/strict_provenance_transmute.rs:LL:CC
-  --> $DIR/strict_provenance_transmute.rs:LL:CC
+   = note: inside `deref` at $DIR/provenance_transmute.rs:LL:CC
+note: inside `main` at $DIR/provenance_transmute.rs:LL:CC
+  --> $DIR/provenance_transmute.rs:LL:CC
    |
 LL |         deref(ptr1, ptr2.with_addr(ptr1.addr()));
    |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

tests/fail/provenance/strict_provenance_cast.rs

@@ -0,0 +1,6 @@
+// compile-flags: -Zmiri-strict-provenance
+
+fn main() {
+    let addr = &0 as *const i32 as usize;
+    let _ptr = addr as *const i32; //~ ERROR integer-to-pointer casts and `from_exposed_addr` are not supported
+}

tests/fail/provenance/strict_provenance_cast.stderr

@@ -0,0 +1,14 @@
+error: unsupported operation: integer-to-pointer casts and `from_exposed_addr` are not supported with `-Zmiri-strict-provenance`; use `with_addr` instead
+  --> $DIR/strict_provenance_cast.rs:LL:CC
+   |
+LL |     let _ptr = addr as *const i32;
+   |                ^^^^^^^^^^^^^^^^^^ integer-to-pointer casts and `from_exposed_addr` are not supported with `-Zmiri-strict-provenance`; use `with_addr` instead
+   |
+   = help: this is likely not a bug in the program; it indicates that the program performed an operation that the interpreter does not support
+           
+   = note: inside `main` at $DIR/strict_provenance_cast.rs:LL:CC
+
+note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
+
+error: aborting due to previous error
+

tests/fail/provenance/strict_provenance_transmute.rs

@@ -1,27 +0,0 @@
-// compile-flags: -Zmiri-strict-provenance
-#![feature(strict_provenance)]
-
-use std::mem;
-
-// This is the example from
-// <https://github.com/rust-lang/unsafe-code-guidelines/issues/286#issuecomment-1085144431>.
-
-unsafe fn deref(left: *const u8, right: *const u8) {
-    let left_int: usize = mem::transmute(left);
-    let right_int: usize = mem::transmute(right);
-    if left_int == right_int {
-        // The compiler is allowed to replace `left_int` by `right_int` here...
-        let left_ptr: *const u8 = mem::transmute(left_int);
-        // ...which however means here it could be dereferencing the wrong pointer.
-        let _val = *left_ptr; //~ERROR dereferencing pointer failed
-    }
-}
-
-fn main() {
-    let ptr1 = &0u8 as *const u8;
-    let ptr2 = &1u8 as *const u8;
-    unsafe {
-        // Two pointers with the same address but different provenance.
-        deref(ptr1, ptr2.with_addr(ptr1.addr()));
-    }
-}

tests/fail/stacked_borrows/unescaped_local.rs

@@ -1,3 +1,5 @@
+// compile-flags: -Zmiri-permissive-provenance
+
 // Make sure we cannot use raw ptrs to access a local that
 // we took the direct address of.
 fn main() {

tests/fail/stacked_borrows/unescaped_local.stderr

@@ -1,18 +1,3 @@
-warning: pointer-to-integer cast
-  --> $DIR/unescaped_local.rs:LL:CC
-   |
-LL |     let raw = &mut x as *mut i32 as usize as *mut i32;
-   |               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pointer-to-integer cast
-   |
-   = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`,
-   = help: which means that Miri might miss pointer bugs in this program
-   = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation
-   = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead
-   = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics
-   = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning
-           
-   = note: inside `main` at $DIR/unescaped_local.rs:LL:CC
-
 error: Undefined Behavior: attempting a write access using <wildcard> at ALLOC[0x0], but no exposed tags have suitable permission in the borrow stack for this location
   --> $DIR/unescaped_local.rs:LL:CC
    |
@@ -29,5 +14,5 @@ LL |         *raw = 13;
 
 note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
 
-error: aborting due to previous error; 1 warning emitted
+error: aborting due to previous error
 

tests/fail/unaligned_pointers/intptrcast_alignment_check.rs

@@ -1,4 +1,4 @@
-// compile-flags: -Zmiri-symbolic-alignment-check
+// compile-flags: -Zmiri-symbolic-alignment-check -Zmiri-permissive-provenance
 // With the symbolic alignment check, even with intptrcast and without
 // validation, we want to be *sure* to catch bugs that arise from pointers being
 // insufficiently aligned. The only way to achieve that is not not let programs

tests/fail/unaligned_pointers/intptrcast_alignment_check.stderr

@@ -1,18 +1,3 @@
-warning: pointer-to-integer cast
-  --> $DIR/intptrcast_alignment_check.rs:LL:CC
-   |
-LL |     let u16_ptr = base_addr_aligned as *mut u16;
-   |                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pointer-to-integer cast
-   |
-   = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`,
-   = help: which means that Miri might miss pointer bugs in this program
-   = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation
-   = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead
-   = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics
-   = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning
-           
-   = note: inside `main` at $DIR/intptrcast_alignment_check.rs:LL:CC
-
 error: Undefined Behavior: accessing memory with alignment ALIGN, but alignment ALIGN is required
   --> $DIR/intptrcast_alignment_check.rs:LL:CC
    |
@@ -26,5 +11,5 @@ LL |     unsafe { *u16_ptr = 2 };
 
 note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
 
-error: aborting due to previous error; 1 warning emitted
+error: aborting due to previous error
 

tests/fail/validity/cast_fn_ptr1.rs

@@ -1,3 +1,5 @@
+// compile-flags: -Zmiri-permissive-provenance
+
 fn main() {
     // Cast a function pointer such that on a call, the argument gets transmuted
     // from raw ptr to reference. This is ABI-compatible, so it's not the call that

tests/fail/validity/cast_fn_ptr1.stderr

@@ -1,18 +1,3 @@
-warning: pointer-to-integer cast
-  --> $DIR/cast_fn_ptr1.rs:LL:CC
-   |
-LL |     g(0usize as *const i32)
-   |       ^^^^^^^^^^^^^^^^^^^^ pointer-to-integer cast
-   |
-   = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`,
-   = help: which means that Miri might miss pointer bugs in this program
-   = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation
-   = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead
-   = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics
-   = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning
-           
-   = note: inside `main` at $DIR/cast_fn_ptr1.rs:LL:CC
-
 error: Undefined Behavior: type validation failed: encountered a null reference
   --> $DIR/cast_fn_ptr1.rs:LL:CC
    |
@@ -26,5 +11,5 @@ LL |     g(0usize as *const i32)
 
 note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
 
-error: aborting due to previous error; 1 warning emitted
+error: aborting due to previous error
 

tests/fail/validity/cast_fn_ptr2.rs

@@ -1,3 +1,5 @@
+// compile-flags: -Zmiri-permissive-provenance
+
 fn main() {
     // Cast a function pointer such that when returning, the return value gets transmuted
     // from raw ptr to reference. This is ABI-compatible, so it's not the call that

tests/fail/validity/cast_fn_ptr2.stderr

@@ -1,23 +1,3 @@
-warning: pointer-to-integer cast
-  --> $DIR/cast_fn_ptr2.rs:LL:CC
-   |
-LL |         0usize as *const i32
-   |         ^^^^^^^^^^^^^^^^^^^^ pointer-to-integer cast
-   |
-   = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`,
-   = help: which means that Miri might miss pointer bugs in this program
-   = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation
-   = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead
-   = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics
-   = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning
-           
-   = note: inside `main::f` at $DIR/cast_fn_ptr2.rs:LL:CC
-note: inside `main` at $DIR/cast_fn_ptr2.rs:LL:CC
-  --> $DIR/cast_fn_ptr2.rs:LL:CC
-   |
-LL |     let _x = g();
-   |              ^^^
-
 error: Undefined Behavior: type validation failed: encountered a null reference
   --> $DIR/cast_fn_ptr2.rs:LL:CC
    |
@@ -31,5 +11,5 @@ LL |     let _x = g();
 
 note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
 
-error: aborting due to previous error; 1 warning emitted
+error: aborting due to previous error
 

tests/pass/adjacent-allocs.rs

@@ -1,9 +1,9 @@
 // compile-flags: -Zmiri-permissive-provenance
 
-fn main() {
+fn test1() {
     // The slack between allocations is random.
     // Loop a few times to hit the zero-slack case.
-    for _ in 0..1024 {
+    for _ in 0..512 {
         let n = 0u64;
         let ptr: *const u64 = &n;
 
@@ -22,3 +22,26 @@ fn main() {
         unsafe { *zst }
     }
 }
+
+fn test2() {
+    fn foo() -> u64 {
+        0
+    }
+
+    for _ in 0..512 {
+        let n = 0u64;
+        let ptr: *const u64 = &n;
+        foo();
+        let iptr = ptr as usize;
+        unsafe {
+            let start = &*std::ptr::slice_from_raw_parts(iptr as *const (), 1);
+            let end = &*std::ptr::slice_from_raw_parts((iptr + 8) as *const (), 1);
+            assert_eq!(start.len(), end.len());
+        }
+    }
+}
+
+fn main() {
+    test1();
+    test2();
+}

tests/pass/align.rs

@@ -1,3 +1,5 @@
+// compile-flags: -Zmiri-permissive-provenance
+
 /// This manually makes sure that we have a pointer with the proper alignment.
 fn manual_alignment() {
     let x = &mut [0u8; 3];

tests/pass/align.stderr

@@ -1,20 +0,0 @@
-warning: pointer-to-integer cast
-  --> $DIR/align.rs:LL:CC
-   |
-LL |     let u16_ptr = base_addr_aligned as *mut u16;
-   |                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pointer-to-integer cast
-   |
-   = help: this program is using integer-to-pointer casts or (equivalently) `from_exposed_addr`,
-   = help: which means that Miri might miss pointer bugs in this program
-   = help: see https://doc.rust-lang.org/nightly/std/ptr/fn.from_exposed_addr.html for more details on that operation
-   = help: to ensure that Miri does not miss bugs in your program, use `with_addr` (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance) instead
-   = help: you can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `from_exposed_addr` semantics
-   = help: alternatively, the `-Zmiri-permissive-provenance` flag disables this warning
-           
-   = note: inside `manual_alignment` at $DIR/align.rs:LL:CC
-note: inside `main` at $DIR/align.rs:LL:CC
-  --> $DIR/align.rs:LL:CC
-   |
-LL |         manual_alignment();
-   |         ^^^^^^^^^^^^^^^^^^
-

tests/pass/intptrcast.rs

@@ -90,6 +90,16 @@ fn ptr_eq_integer() {
     assert!(x != 64 as *const i32);
 }
 
+fn zst_deref_of_dangling() {
+    let b = Box::new(0);
+    let addr = &*b as *const _ as usize;
+    drop(b);
+    // Now if we cast `addr` to a ptr it might pick up the dangling provenance.
+    // But if we only do a ZST deref there is no UB here!
+    let zst = addr as *const ();
+    let _val = unsafe { *zst };
+}
+
 fn main() {
     cast();
     cast_dangling();
@@ -101,4 +111,5 @@ fn main() {
     ptr_eq_out_of_bounds();
     ptr_eq_out_of_bounds_null();
     ptr_eq_integer();
+    zst_deref_of_dangling();
 }