Auto merge of #113974 - RalfJung:miri, r=RalfJung

update Miri

r? `@ghost`
This commit is contained in:
bors 2023-07-23 08:47:28 +00:00
commit 2a4a8c8106
24 changed files with 166 additions and 100 deletions

View File

@ -115,7 +115,12 @@ jobs:
run: cargo install -f rustup-toolchain-install-master
- name: Install "master" toolchain
run: ./miri toolchain
run: |
if [[ ${{ github.event_name }} == 'schedule' ]]; then
echo "Building against latest rustc git version"
git ls-remote https://github.com/rust-lang/rust/ HEAD | cut -f 1 > rust-version
fi
./miri toolchain
- name: Show Rust version
run: |
@ -203,7 +208,7 @@ jobs:
./miri fmt --check || (./miri fmt && git commit -am "fmt")
- name: Push changes to a branch
run: |
BRANCH="rustup$(date -u +%Y-%m-%d)"
BRANCH="rustup-$(date -u +%Y-%m-%d)"
git switch -c $BRANCH
git push -u origin $BRANCH
- name: Create Pull Request

View File

@ -74,12 +74,19 @@ behavior** in your program, and cannot run all programs:
unobservable by compiled programs running on real hardware when `SeqCst` fences are used, and it
cannot produce all behaviors possibly observable on real hardware.
Moreover, Miri fundamentally cannot tell you whether your code is *sound*. [Soundness] is the property
of never causing undefined behavior when invoked from arbitrary safe code, even in combination with
other sound code. In contrast, Miri can just tell you if *a particular way of interacting with your
code* (e.g., a test suite) causes any undefined behavior. It is up to you to ensure sufficient
coverage.
[rust]: https://www.rust-lang.org/
[mir]: https://github.com/rust-lang/rfcs/blob/master/text/1211-mir.md
[`unreachable_unchecked`]: https://doc.rust-lang.org/stable/std/hint/fn.unreachable_unchecked.html
[`copy_nonoverlapping`]: https://doc.rust-lang.org/stable/std/ptr/fn.copy_nonoverlapping.html
[Stacked Borrows]: https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md
[Tree Borrows]: https://perso.crans.org/vanille/treebor/
[Soundness]: https://rust-lang.github.io/unsafe-code-guidelines/glossary.html#soundness-of-code--of-a-library
## Using Miri
@ -400,15 +407,11 @@ to Miri failing to detect cases of undefined behavior in a program.
application instead of raising an error within the context of Miri (and halting
execution). Note that code might not expect these operations to ever panic, so
this flag can lead to strange (mis)behavior.
* `-Zmiri-retag-fields` changes Stacked Borrows retagging to recurse into *all* fields.
This means that references in fields of structs/enums/tuples/arrays/... are retagged,
and in particular, they are protected when passed as function arguments.
(The default is to recurse only in cases where rustc would actually emit a `noalias` attribute.)
* `-Zmiri-retag-fields=<all|none|scalar>` controls when Stacked Borrows retagging recurses into
fields. `all` means it always recurses (like `-Zmiri-retag-fields`), `none` means it never
recurses, `scalar` (the default) means it only recurses for types where we would also emit
`noalias` annotations in the generated LLVM IR (types passed as individual scalars or pairs of
scalars). Setting this to `none` is **unsound**.
* `-Zmiri-retag-fields[=<all|none|scalar>]` controls when Stacked Borrows retagging recurses into
fields. `all` means it always recurses (the default, and equivalent to `-Zmiri-retag-fields`
without an explicit value), `none` means it never recurses, `scalar` means it only recurses for
types where we would also emit `noalias` annotations in the generated LLVM IR (types passed as
individual scalars or pairs of scalars). Setting this to `none` is **unsound**.
* `-Zmiri-tag-gc=<blocks>` configures how often the pointer tag garbage collector runs. The default
is to search for and remove unreachable tags once every `10000` basic blocks. Setting this to
`0` disables the garbage collector, which causes some programs to have explosive memory usage

View File

@ -97,7 +97,9 @@ toolchain)
CUR_COMMIT=$(rustc +miri --version -v 2>/dev/null | grep "^commit-hash: " | cut -d " " -f 2)
if [[ "$CUR_COMMIT" == "$NEW_COMMIT" ]]; then
echo "miri toolchain is already at commit $CUR_COMMIT."
rustup override set miri
if [[ "$TOOLCHAIN" != "miri" ]]; then
rustup override set miri
fi
exit 0
fi
# Install and setup new toolchain.

View File

@ -1 +1 @@
33a2c2487ac5d9927830ea4c1844335c6b9f77db
cec34a43b1b14f4e39363f3b283d7ac4f593ee81

View File

@ -413,7 +413,7 @@ impl AllocState {
alloc_id: AllocId,
prov_extra: ProvenanceExtra,
range: AllocRange,
machine: &mut MiriMachine<'_, 'tcx>,
machine: &MiriMachine<'_, 'tcx>,
) -> InterpResult<'tcx> {
match self {
AllocState::StackedBorrows(sb) =>
@ -434,7 +434,7 @@ impl AllocState {
alloc_id: AllocId,
prov_extra: ProvenanceExtra,
range: AllocRange,
machine: &mut MiriMachine<'_, 'tcx>,
machine: &MiriMachine<'_, 'tcx>,
) -> InterpResult<'tcx> {
match self {
AllocState::StackedBorrows(sb) =>

View File

@ -6,11 +6,19 @@ use rustc_span::{Span, SpanData};
use rustc_target::abi::Size;
use crate::borrow_tracker::{
stacked_borrows::{err_sb_ub, Permission},
AccessKind, GlobalStateInner, ProtectorKind,
stacked_borrows::Permission, AccessKind, GlobalStateInner, ProtectorKind,
};
use crate::*;
/// Error reporting
fn err_sb_ub<'tcx>(
msg: String,
help: Vec<String>,
history: Option<TagHistory>,
) -> InterpError<'tcx> {
err_machine_stop!(TerminationInfo::StackedBorrowsUb { msg, help, history })
}
#[derive(Clone, Debug)]
pub struct AllocHistory {
id: AllocId,
@ -61,12 +69,15 @@ struct Invalidation {
#[derive(Clone, Debug)]
enum InvalidationCause {
Access(AccessKind),
Retag(Permission, RetagCause),
Retag(Permission, RetagInfo),
}
impl Invalidation {
fn generate_diagnostic(&self) -> (String, SpanData) {
let message = if let InvalidationCause::Retag(_, RetagCause::FnEntry) = self.cause {
let message = if matches!(
self.cause,
InvalidationCause::Retag(_, RetagInfo { cause: RetagCause::FnEntry, .. })
) {
// For a FnEntry retag, our Span points at the caller.
// See `DiagnosticCx::log_invalidation`.
format!(
@ -87,8 +98,8 @@ impl fmt::Display for InvalidationCause {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
match self {
InvalidationCause::Access(kind) => write!(f, "{kind}"),
InvalidationCause::Retag(perm, kind) =>
write!(f, "{perm:?} {retag}", retag = kind.summary()),
InvalidationCause::Retag(perm, info) =>
write!(f, "{perm:?} {retag}", retag = info.summary()),
}
}
}
@ -129,13 +140,13 @@ impl<'ecx, 'mir, 'tcx> DiagnosticCxBuilder<'ecx, 'mir, 'tcx> {
pub fn retag(
machine: &'ecx MiriMachine<'mir, 'tcx>,
cause: RetagCause,
info: RetagInfo,
new_tag: BorTag,
orig_tag: ProvenanceExtra,
range: AllocRange,
) -> Self {
let operation =
Operation::Retag(RetagOp { cause, new_tag, orig_tag, range, permission: None });
Operation::Retag(RetagOp { info, new_tag, orig_tag, range, permission: None });
DiagnosticCxBuilder { machine, operation }
}
@ -179,13 +190,19 @@ enum Operation {
#[derive(Debug, Clone)]
struct RetagOp {
cause: RetagCause,
info: RetagInfo,
new_tag: BorTag,
orig_tag: ProvenanceExtra,
range: AllocRange,
permission: Option<Permission>,
}
#[derive(Debug, Clone, Copy, PartialEq)]
pub struct RetagInfo {
pub cause: RetagCause,
pub in_field: bool,
}
#[derive(Debug, Clone, Copy, PartialEq)]
pub enum RetagCause {
Normal,
@ -258,11 +275,11 @@ impl<'history, 'ecx, 'mir, 'tcx> DiagnosticCx<'history, 'ecx, 'mir, 'tcx> {
pub fn log_invalidation(&mut self, tag: BorTag) {
let mut span = self.machine.current_span();
let (range, cause) = match &self.operation {
Operation::Retag(RetagOp { cause, range, permission, .. }) => {
if *cause == RetagCause::FnEntry {
Operation::Retag(RetagOp { info, range, permission, .. }) => {
if info.cause == RetagCause::FnEntry {
span = self.machine.caller_span();
}
(*range, InvalidationCause::Retag(permission.unwrap(), *cause))
(*range, InvalidationCause::Retag(permission.unwrap(), *info))
}
Operation::Access(AccessOp { kind, range, .. }) =>
(*range, InvalidationCause::Access(*kind)),
@ -372,9 +389,13 @@ impl<'history, 'ecx, 'mir, 'tcx> DiagnosticCx<'history, 'ecx, 'mir, 'tcx> {
self.history.id,
self.offset.bytes(),
);
let mut helps = vec![operation_summary(&op.info.summary(), self.history.id, op.range)];
if op.info.in_field {
helps.push(format!("errors for retagging in fields are fairly new; please reach out to us (e.g. at <https://rust-lang.zulipchat.com/#narrow/stream/269128-miri>) if you find this error troubling"));
}
err_sb_ub(
format!("{action}{}", error_cause(stack, op.orig_tag)),
Some(operation_summary(&op.cause.summary(), self.history.id, op.range)),
helps,
op.orig_tag.and_then(|orig_tag| self.get_logs_relevant_to(orig_tag, None)),
)
}
@ -397,7 +418,7 @@ impl<'history, 'ecx, 'mir, 'tcx> DiagnosticCx<'history, 'ecx, 'mir, 'tcx> {
);
err_sb_ub(
format!("{action}{}", error_cause(stack, op.tag)),
Some(operation_summary("an access", self.history.id, op.range)),
vec![operation_summary("an access", self.history.id, op.range)],
op.tag.and_then(|tag| self.get_logs_relevant_to(tag, None)),
)
}
@ -423,7 +444,7 @@ impl<'history, 'ecx, 'mir, 'tcx> DiagnosticCx<'history, 'ecx, 'mir, 'tcx> {
Operation::Dealloc(_) =>
err_sb_ub(
format!("deallocating while item {item:?} is {protected} by call {call_id:?}",),
None,
vec![],
None,
),
Operation::Retag(RetagOp { orig_tag: tag, .. })
@ -432,7 +453,7 @@ impl<'history, 'ecx, 'mir, 'tcx> DiagnosticCx<'history, 'ecx, 'mir, 'tcx> {
format!(
"not granting access to tag {tag:?} because that would remove {item:?} which is {protected} because it is an argument of call {call_id:?}",
),
None,
vec![],
tag.and_then(|tag| self.get_logs_relevant_to(tag, Some(item.tag()))),
),
}
@ -450,7 +471,7 @@ impl<'history, 'ecx, 'mir, 'tcx> DiagnosticCx<'history, 'ecx, 'mir, 'tcx> {
alloc_id = self.history.id,
cause = error_cause(stack, op.tag),
),
None,
vec![],
op.tag.and_then(|tag| self.get_logs_relevant_to(tag, None)),
)
}
@ -496,14 +517,18 @@ fn error_cause(stack: &Stack, prov_extra: ProvenanceExtra) -> &'static str {
}
}
impl RetagCause {
impl RetagInfo {
fn summary(&self) -> String {
match self {
let mut s = match self.cause {
RetagCause::Normal => "retag",
RetagCause::FnEntry => "function-entry retag",
RetagCause::InPlaceFnPassing => "in-place function argument/return passing protection",
RetagCause::TwoPhase => "two-phase retag",
}
.to_string()
.to_string();
if self.in_field {
s.push_str(" (of a reference/box inside this compound value)");
}
s
}
}

View File

@ -5,9 +5,11 @@ pub mod diagnostics;
mod item;
mod stack;
use log::trace;
use std::cmp;
use std::fmt::Write;
use std::mem;
use log::trace;
use rustc_data_structures::fx::FxHashSet;
use rustc_middle::mir::{Mutability, RetagKind};
@ -19,12 +21,12 @@ use rustc_middle::ty::{
use rustc_target::abi::{Abi, Size};
use crate::borrow_tracker::{
stacked_borrows::diagnostics::{AllocHistory, DiagnosticCx, DiagnosticCxBuilder, TagHistory},
stacked_borrows::diagnostics::{AllocHistory, DiagnosticCx, DiagnosticCxBuilder},
AccessKind, GlobalStateInner, ProtectorKind, RetagFields,
};
use crate::*;
use diagnostics::RetagCause;
use diagnostics::{RetagCause, RetagInfo};
pub use item::{Item, Permission};
pub use stack::Stack;
@ -168,15 +170,6 @@ impl NewPermission {
}
}
/// Error reporting
pub fn err_sb_ub<'tcx>(
msg: String,
help: Option<String>,
history: Option<TagHistory>,
) -> InterpError<'tcx> {
err_machine_stop!(TerminationInfo::StackedBorrowsUb { msg, help, history })
}
// # Stacked Borrows Core Begin
/// We need to make at least the following things true:
@ -244,7 +237,7 @@ impl<'tcx> Stack {
fn item_invalidated(
item: &Item,
global: &GlobalStateInner,
dcx: &mut DiagnosticCx<'_, '_, '_, 'tcx>,
dcx: &DiagnosticCx<'_, '_, '_, 'tcx>,
cause: ItemInvalidationCause,
) -> InterpResult<'tcx> {
if !global.tracked_pointer_tags.is_empty() {
@ -575,7 +568,7 @@ impl Stacks {
alloc_id: AllocId,
tag: ProvenanceExtra,
range: AllocRange,
machine: &mut MiriMachine<'_, 'tcx>,
machine: &MiriMachine<'_, 'tcx>,
) -> InterpResult<'tcx> {
trace!(
"write access with tag {:?}: {:?}, size {}",
@ -596,7 +589,7 @@ impl Stacks {
alloc_id: AllocId,
tag: ProvenanceExtra,
range: AllocRange,
machine: &mut MiriMachine<'_, 'tcx>,
machine: &MiriMachine<'_, 'tcx>,
) -> InterpResult<'tcx> {
trace!("deallocation with tag {:?}: {:?}, size {}", tag, alloc_id, range.size.bytes());
let dcx = DiagnosticCxBuilder::dealloc(machine, tag);
@ -623,7 +616,7 @@ trait EvalContextPrivExt<'mir: 'ecx, 'tcx: 'mir, 'ecx>: crate::MiriInterpCxExt<'
size: Size,
new_perm: NewPermission,
new_tag: BorTag,
retag_cause: RetagCause, // What caused this retag, for diagnostics only
retag_info: RetagInfo, // diagnostics info about this retag
) -> InterpResult<'tcx, Option<AllocId>> {
let this = self.eval_context_mut();
@ -670,7 +663,7 @@ trait EvalContextPrivExt<'mir: 'ecx, 'tcx: 'mir, 'ecx>: crate::MiriInterpCxExt<'
// FIXME: can this be done cleaner?
let dcx = DiagnosticCxBuilder::retag(
&this.machine,
retag_cause,
retag_info,
new_tag,
orig_tag,
alloc_range(base_offset, size),
@ -761,7 +754,7 @@ trait EvalContextPrivExt<'mir: 'ecx, 'tcx: 'mir, 'ecx>: crate::MiriInterpCxExt<'
let global = machine.borrow_tracker.as_ref().unwrap().borrow();
let dcx = DiagnosticCxBuilder::retag(
machine,
retag_cause,
retag_info,
new_tag,
orig_tag,
alloc_range(base_offset, size),
@ -804,7 +797,7 @@ trait EvalContextPrivExt<'mir: 'ecx, 'tcx: 'mir, 'ecx>: crate::MiriInterpCxExt<'
let global = this.machine.borrow_tracker.as_ref().unwrap().borrow();
let dcx = DiagnosticCxBuilder::retag(
&this.machine,
retag_cause,
retag_info,
new_tag,
orig_tag,
alloc_range(base_offset, size),
@ -834,7 +827,7 @@ trait EvalContextPrivExt<'mir: 'ecx, 'tcx: 'mir, 'ecx>: crate::MiriInterpCxExt<'
&mut self,
val: &ImmTy<'tcx, Provenance>,
new_perm: NewPermission,
cause: RetagCause, // What caused this retag, for diagnostics only
info: RetagInfo, // diagnostics info about this retag
) -> InterpResult<'tcx, ImmTy<'tcx, Provenance>> {
let this = self.eval_context_mut();
// We want a place for where the ptr *points to*, so we get one.
@ -852,7 +845,7 @@ trait EvalContextPrivExt<'mir: 'ecx, 'tcx: 'mir, 'ecx>: crate::MiriInterpCxExt<'
let new_tag = this.machine.borrow_tracker.as_mut().unwrap().get_mut().new_ptr();
// Reborrow.
let alloc_id = this.sb_reborrow(&place, size, new_perm, new_tag, cause)?;
let alloc_id = this.sb_reborrow(&place, size, new_perm, new_tag, info)?;
// Adjust pointer.
let new_place = place.map_provenance(|p| {
@ -886,12 +879,12 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriInterpCxExt<'mir, 'tcx> {
) -> InterpResult<'tcx, ImmTy<'tcx, Provenance>> {
let this = self.eval_context_mut();
let new_perm = NewPermission::from_ref_ty(val.layout.ty, kind, this);
let retag_cause = match kind {
let cause = match kind {
RetagKind::TwoPhase { .. } => RetagCause::TwoPhase,
RetagKind::FnEntry => unreachable!(),
RetagKind::Raw | RetagKind::Default => RetagCause::Normal,
};
this.sb_retag_reference(val, new_perm, retag_cause)
this.sb_retag_reference(val, new_perm, RetagInfo { cause, in_field: false })
}
fn sb_retag_place_contents(
@ -906,7 +899,8 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriInterpCxExt<'mir, 'tcx> {
RetagKind::FnEntry => RetagCause::FnEntry,
RetagKind::Default => RetagCause::Normal,
};
let mut visitor = RetagVisitor { ecx: this, kind, retag_cause, retag_fields };
let mut visitor =
RetagVisitor { ecx: this, kind, retag_cause, retag_fields, in_field: false };
return visitor.visit_value(place);
// The actual visitor.
@ -915,6 +909,7 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriInterpCxExt<'mir, 'tcx> {
kind: RetagKind,
retag_cause: RetagCause,
retag_fields: RetagFields,
in_field: bool,
}
impl<'ecx, 'mir, 'tcx> RetagVisitor<'ecx, 'mir, 'tcx> {
#[inline(always)] // yes this helps in our benchmarks
@ -922,10 +917,13 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriInterpCxExt<'mir, 'tcx> {
&mut self,
place: &PlaceTy<'tcx, Provenance>,
new_perm: NewPermission,
retag_cause: RetagCause,
) -> InterpResult<'tcx> {
let val = self.ecx.read_immediate(&self.ecx.place_to_op(place)?)?;
let val = self.ecx.sb_retag_reference(&val, new_perm, retag_cause)?;
let val = self.ecx.sb_retag_reference(
&val,
new_perm,
RetagInfo { cause: self.retag_cause, in_field: self.in_field },
)?;
self.ecx.write_immediate(*val, place)?;
Ok(())
}
@ -943,7 +941,7 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriInterpCxExt<'mir, 'tcx> {
fn visit_box(&mut self, place: &PlaceTy<'tcx, Provenance>) -> InterpResult<'tcx> {
// Boxes get a weak protectors, since they may be deallocated.
let new_perm = NewPermission::from_box_ty(place.layout.ty, self.kind, self.ecx);
self.retag_ptr_inplace(place, new_perm, self.retag_cause)
self.retag_ptr_inplace(place, new_perm)
}
fn visit_value(&mut self, place: &PlaceTy<'tcx, Provenance>) -> InterpResult<'tcx> {
@ -960,7 +958,7 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriInterpCxExt<'mir, 'tcx> {
ty::Ref(..) => {
let new_perm =
NewPermission::from_ref_ty(place.layout.ty, self.kind, self.ecx);
self.retag_ptr_inplace(place, new_perm, self.retag_cause)?;
self.retag_ptr_inplace(place, new_perm)?;
}
ty::RawPtr(..) => {
// We do *not* want to recurse into raw pointers -- wide raw pointers have
@ -984,7 +982,9 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriInterpCxExt<'mir, 'tcx> {
}
};
if recurse {
let in_field = mem::replace(&mut self.in_field, true); // remember and restore old value
self.walk_value(place)?;
self.in_field = in_field;
}
}
}
@ -1011,7 +1011,11 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriInterpCxExt<'mir, 'tcx> {
access: Some(AccessKind::Write),
protector: Some(ProtectorKind::StrongProtector),
};
let _new_ptr = this.sb_retag_reference(&ptr, new_perm, RetagCause::InPlaceFnPassing)?;
let _new_ptr = this.sb_retag_reference(
&ptr,
new_perm,
RetagInfo { cause: RetagCause::InPlaceFnPassing, in_field: false },
)?;
// We just throw away `new_ptr`, so nobody can access this memory while it is protected.
Ok(())

View File

@ -22,7 +22,7 @@ pub enum TerminationInfo {
UnsupportedInIsolation(String),
StackedBorrowsUb {
msg: String,
help: Option<String>,
help: Vec<String>,
history: Option<TagHistory>,
},
TreeBorrowsUb {
@ -224,11 +224,10 @@ pub fn report_error<'tcx, 'mir>(
(None, format!("or pass `-Zmiri-isolation-error=warn` to configure Miri to return an error code from isolated operations (if supported for that operation) and continue with a warning")),
],
StackedBorrowsUb { help, history, .. } => {
let url = "https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md";
msg.extend(help.clone());
let mut helps = vec![
(None, format!("this indicates a potential bug in the program: it performed an invalid operation, but the Stacked Borrows rules it violated are still experimental")),
(None, format!("see {url} for further information")),
(None, format!("see https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md for further information")),
];
if let Some(TagHistory {created, invalidated, protected}) = history.clone() {
helps.push((Some(created.1), created.0));

View File

@ -183,7 +183,7 @@ impl Default for MiriConfig {
mute_stdout_stderr: false,
preemption_rate: 0.01, // 1%
report_progress: None,
retag_fields: RetagFields::OnlyScalar,
retag_fields: RetagFields::Yes,
external_so_file: None,
gc_interval: 10_000,
num_cpus: 1,

View File

@ -18,14 +18,14 @@ use crate::*;
const PTHREAD_MUTEX_NORMAL_FLAG: i32 = 0x8000000;
fn is_mutex_kind_default<'mir, 'tcx: 'mir>(
ecx: &mut MiriInterpCx<'mir, 'tcx>,
ecx: &MiriInterpCx<'mir, 'tcx>,
kind: i32,
) -> InterpResult<'tcx, bool> {
Ok(kind == ecx.eval_libc_i32("PTHREAD_MUTEX_DEFAULT"))
}
fn is_mutex_kind_normal<'mir, 'tcx: 'mir>(
ecx: &mut MiriInterpCx<'mir, 'tcx>,
ecx: &MiriInterpCx<'mir, 'tcx>,
kind: i32,
) -> InterpResult<'tcx, bool> {
let mutex_normal_kind = ecx.eval_libc_i32("PTHREAD_MUTEX_NORMAL");

View File

@ -14,6 +14,7 @@ mod safe {
from_raw_parts_mut(ptr, len - mid), // BUG: should be "mid" instead of "len - mid"
from_raw_parts_mut(ptr.offset(mid as isize), len - mid),
)
//~[stack]^^^^ ERROR: /retag .* tag does not exist in the borrow stack/
}
}
}
@ -21,7 +22,6 @@ mod safe {
fn main() {
let mut array = [1, 2, 3, 4];
let (a, b) = safe::split_at_mut(&mut array, 0);
//~[stack]^ ERROR: /retag .* tag does not exist in the borrow stack/
a[1] = 5;
b[1] = 6;
//~[tree]^ ERROR: /write access through .* is forbidden/

View File

@ -1,11 +1,15 @@
error: Undefined Behavior: trying to retag from <TAG> for Unique permission at ALLOC[0x0], but that tag does not exist in the borrow stack for this location
--> $DIR/buggy_split_at_mut.rs:LL:CC
|
LL | let (a, b) = safe::split_at_mut(&mut array, 0);
| ^
| |
| trying to retag from <TAG> for Unique permission at ALLOC[0x0], but that tag does not exist in the borrow stack for this location
| this error occurs as part of retag at ALLOC[0x0..0x10]
LL | / (
LL | | from_raw_parts_mut(ptr, len - mid), // BUG: should be "mid" instead of "len - mid"
LL | | from_raw_parts_mut(ptr.offset(mid as isize), len - mid),
LL | | )
| | ^
| | |
| | trying to retag from <TAG> for Unique permission at ALLOC[0x0], but that tag does not exist in the borrow stack for this location
| |_____________this error occurs as part of retag (of a reference/box inside this compound value) at ALLOC[0x0..0x10]
| errors for retagging in fields are fairly new; please reach out to us (e.g. at <https://rust-lang.zulipchat.com/#narrow/stream/269128-miri>) if you find this error troubling
|
= help: this indicates a potential bug in the program: it performed an invalid operation, but the Stacked Borrows rules it violated are still experimental
= help: see https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md for further information
@ -20,7 +24,12 @@ help: <TAG> was later invalidated at offsets [0x0..0x10] by a Unique retag
LL | from_raw_parts_mut(ptr.offset(mid as isize), len - mid),
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
= note: BACKTRACE (of the first span):
= note: inside `main` at $DIR/buggy_split_at_mut.rs:LL:CC
= note: inside `safe::split_at_mut::<i32>` at $DIR/buggy_split_at_mut.rs:LL:CC
note: inside `main`
--> $DIR/buggy_split_at_mut.rs:LL:CC
|
LL | let (a, b) = safe::split_at_mut(&mut array, 0);
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace

View File

@ -5,7 +5,8 @@ LL | foo(some_xref);
| ^^^^^^^^^
| |
| trying to retag from <TAG> for SharedReadOnly permission at ALLOC[0x0], but that tag does not exist in the borrow stack for this location
| this error occurs as part of retag at ALLOC[0x0..0x4]
| this error occurs as part of retag (of a reference/box inside this compound value) at ALLOC[0x0..0x4]
| errors for retagging in fields are fairly new; please reach out to us (e.g. at <https://rust-lang.zulipchat.com/#narrow/stream/269128-miri>) if you find this error troubling
|
= help: this indicates a potential bug in the program: it performed an invalid operation, but the Stacked Borrows rules it violated are still experimental
= help: see https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md for further information

View File

@ -5,7 +5,8 @@ LL | foo(pair_xref);
| ^^^^^^^^^
| |
| trying to retag from <TAG> for SharedReadOnly permission at ALLOC[0x0], but that tag does not exist in the borrow stack for this location
| this error occurs as part of retag at ALLOC[0x0..0x4]
| this error occurs as part of retag (of a reference/box inside this compound value) at ALLOC[0x0..0x4]
| errors for retagging in fields are fairly new; please reach out to us (e.g. at <https://rust-lang.zulipchat.com/#narrow/stream/269128-miri>) if you find this error troubling
|
= help: this indicates a potential bug in the program: it performed an invalid operation, but the Stacked Borrows rules it violated are still experimental
= help: see https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md for further information

View File

@ -5,7 +5,8 @@ LL | ret
| ^^^
| |
| trying to retag from <TAG> for SharedReadOnly permission at ALLOC[0x4], but that tag does not exist in the borrow stack for this location
| this error occurs as part of retag at ALLOC[0x4..0x8]
| this error occurs as part of retag (of a reference/box inside this compound value) at ALLOC[0x4..0x8]
| errors for retagging in fields are fairly new; please reach out to us (e.g. at <https://rust-lang.zulipchat.com/#narrow/stream/269128-miri>) if you find this error troubling
|
= help: this indicates a potential bug in the program: it performed an invalid operation, but the Stacked Borrows rules it violated are still experimental
= help: see https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md for further information

View File

@ -5,7 +5,8 @@ LL | ret
| ^^^
| |
| trying to retag from <TAG> for SharedReadOnly permission at ALLOC[0x4], but that tag does not exist in the borrow stack for this location
| this error occurs as part of retag at ALLOC[0x4..0x8]
| this error occurs as part of retag (of a reference/box inside this compound value) at ALLOC[0x4..0x8]
| errors for retagging in fields are fairly new; please reach out to us (e.g. at <https://rust-lang.zulipchat.com/#narrow/stream/269128-miri>) if you find this error troubling
|
= help: this indicates a potential bug in the program: it performed an invalid operation, but the Stacked Borrows rules it violated are still experimental
= help: see https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md for further information

View File

@ -1,4 +1,5 @@
//@only-target-x86_64: uses x86 target features
//@ignore-target-x86_64-apple-darwin: that target actually has ssse3
fn main() {
assert!(!is_x86_feature_detected!("ssse3"));

View File

@ -1,4 +1,4 @@
//@compile-flags: -Zmiri-disable-validation
//@compile-flags: -Zmiri-disable-validation -Zmiri-disable-stacked-borrows
#![feature(generators, generator_trait)]
use std::{
@ -10,9 +10,10 @@ fn firstn() -> impl Generator<Yield = u64, Return = ()> {
static move || {
let mut num = 0;
let num = &mut num;
*num += 0;
yield *num;
*num += 1; //~ ERROR: dereferenced after this allocation got freed
*num += 1; //~ERROR: dereferenced after this allocation got freed
}
}

View File

@ -5,7 +5,8 @@ LL | ret
| ^^^
| |
| trying to retag from <TAG> for Unique permission at ALLOC[0x4], but that tag does not exist in the borrow stack for this location
| this error occurs as part of retag at ALLOC[0x4..0x8]
| this error occurs as part of retag (of a reference/box inside this compound value) at ALLOC[0x4..0x8]
| errors for retagging in fields are fairly new; please reach out to us (e.g. at <https://rust-lang.zulipchat.com/#narrow/stream/269128-miri>) if you find this error troubling
|
= help: this indicates a potential bug in the program: it performed an invalid operation, but the Stacked Borrows rules it violated are still experimental
= help: see https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md for further information

View File

@ -5,7 +5,8 @@ LL | ret
| ^^^
| |
| trying to retag from <TAG> for Unique permission at ALLOC[0x4], but that tag does not exist in the borrow stack for this location
| this error occurs as part of retag at ALLOC[0x4..0x8]
| this error occurs as part of retag (of a reference/box inside this compound value) at ALLOC[0x4..0x8]
| errors for retagging in fields are fairly new; please reach out to us (e.g. at <https://rust-lang.zulipchat.com/#narrow/stream/269128-miri>) if you find this error troubling
|
= help: this indicates a potential bug in the program: it performed an invalid operation, but the Stacked Borrows rules it violated are still experimental
= help: see https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md for further information

View File

@ -13,7 +13,7 @@ use std::ptr;
use std::sync::atomic::{AtomicUsize, Ordering};
fn basic() {
fn finish<T>(mut amt: usize, mut t: T) -> T::Return
fn finish<T>(mut amt: usize, self_referential: bool, mut t: T) -> T::Return
where
T: Generator<Yield = usize>,
{
@ -22,7 +22,10 @@ fn basic() {
loop {
let state = t.as_mut().resume(());
// Test if the generator is valid (according to type invariants).
let _ = unsafe { ManuallyDrop::new(ptr::read(t.as_mut().get_unchecked_mut())) };
// For self-referential generators however this is UB!
if !self_referential {
let _ = unsafe { ManuallyDrop::new(ptr::read(t.as_mut().get_unchecked_mut())) };
}
match state {
GeneratorState::Yielded(y) => {
amt -= y;
@ -40,9 +43,9 @@ fn basic() {
panic!()
}
finish(1, || yield 1);
finish(1, false, || yield 1);
finish(3, || {
finish(3, false, || {
let mut x = 0;
yield 1;
x += 1;
@ -52,27 +55,27 @@ fn basic() {
assert_eq!(x, 2);
});
finish(7 * 8 / 2, || {
finish(7 * 8 / 2, false, || {
for i in 0..8 {
yield i;
}
});
finish(1, || {
finish(1, false, || {
if true {
yield 1;
} else {
}
});
finish(1, || {
finish(1, false, || {
if false {
} else {
yield 1;
}
});
finish(2, || {
finish(2, false, || {
if {
yield 1;
false
@ -83,9 +86,20 @@ fn basic() {
yield 1;
});
// also test a self-referential generator
// also test self-referential generators
assert_eq!(
finish(5, || {
finish(5, true, static || {
let mut x = 5;
let y = &mut x;
*y = 5;
yield *y;
*y = 10;
x
}),
10
);
assert_eq!(
finish(5, true, || {
let mut x = Box::new(5);
let y = &mut *x;
*y = 5;
@ -97,7 +111,7 @@ fn basic() {
);
let b = true;
finish(1, || {
finish(1, false, || {
yield 1;
if b {
return;
@ -109,7 +123,7 @@ fn basic() {
drop(x);
});
finish(3, || {
finish(3, false, || {
yield 1;
#[allow(unreachable_code)]
let _x: (String, !) = (String::new(), {

View File

@ -1,4 +1,3 @@
//@compile-flags: -Zmiri-retag-fields
use std::cell::{Cell, Ref, RefCell, RefMut, UnsafeCell};
use std::mem::{self, MaybeUninit};

View File

@ -1,4 +1,3 @@
//@compile-flags: -Zmiri-retag-fields
#![feature(allocator_api)]
use std::ptr;

View File

@ -1,4 +1,3 @@
//@compile-flags: -Zmiri-retag-fields
// Checks that the test does not run forever (which relies on a fast path).
#![allow(dropping_copy_types)]