Rollup merge of #104647 - RalfJung:alloc-strict-provenance, r=thomcc

enable fuzzy_provenance_casts lint in liballoc and libstd r? ````@thomcc````
2022-11-22 22:54:41 -05:00 · 2022-11-22 22:54:41 -05:00 · 316bda89e4
commit 316bda89e4
parent 54b6292855 1a6966602a
8 changed files with 19 additions and 10 deletions
--- a/library/alloc/benches/lib.rs
+++ b/library/alloc/benches/lib.rs
@ -5,7 +5,9 @@
 #![feature(iter_next_chunk)]
 #![feature(repr_simd)]
 #![feature(slice_partition_dedup)]
+#![feature(strict_provenance)]
 #![feature(test)]
+#![deny(fuzzy_provenance_casts)]

 extern crate test;

--- a/library/alloc/src/lib.rs
+++ b/library/alloc/src/lib.rs
@ -82,6 +82,7 @@
 //
 // Lints:
 #![deny(unsafe_op_in_unsafe_fn)]
+#![deny(fuzzy_provenance_casts)]
 #![warn(deprecated_in_future)]
 #![warn(missing_debug_implementations)]
 #![warn(missing_docs)]
--- a/library/alloc/tests/fmt.rs
+++ b/library/alloc/tests/fmt.rs
@ -2,6 +2,7 @@

 use std::cell::RefCell;
 use std::fmt::{self, Write};
+use std::ptr;

 #[test]
 fn test_format() {
@ -76,14 +77,14 @@ fn test_format_macro_interface() {
    t!(format!("{}", "foo"), "foo");
    t!(format!("{}", "foo".to_string()), "foo");
    if cfg!(target_pointer_width = "32") {
-        t!(format!("{:#p}", 0x1234 as *const isize), "0x00001234");
-        t!(format!("{:#p}", 0x1234 as *mut isize), "0x00001234");
+        t!(format!("{:#p}", ptr::invalid::<isize>(0x1234)), "0x00001234");
+        t!(format!("{:#p}", ptr::invalid_mut::<isize>(0x1234)), "0x00001234");
    } else {
-        t!(format!("{:#p}", 0x1234 as *const isize), "0x0000000000001234");
-        t!(format!("{:#p}", 0x1234 as *mut isize), "0x0000000000001234");
+        t!(format!("{:#p}", ptr::invalid::<isize>(0x1234)), "0x0000000000001234");
+        t!(format!("{:#p}", ptr::invalid_mut::<isize>(0x1234)), "0x0000000000001234");
    }
-    t!(format!("{:p}", 0x1234 as *const isize), "0x1234");
-    t!(format!("{:p}", 0x1234 as *mut isize), "0x1234");
+    t!(format!("{:p}", ptr::invalid::<isize>(0x1234)), "0x1234");
+    t!(format!("{:p}", ptr::invalid_mut::<isize>(0x1234)), "0x1234");
    t!(format!("{A:x}"), "aloha");
    t!(format!("{B:X}"), "adios");
    t!(format!("foo {} ☃☃☃☃☃☃", "bar"), "foo bar ☃☃☃☃☃☃");
--- a/library/alloc/tests/lib.rs
+++ b/library/alloc/tests/lib.rs
@ -47,6 +47,7 @@
 #![feature(strict_provenance)]
 #![feature(once_cell)]
 #![feature(drain_keep_rest)]
+#![deny(fuzzy_provenance_casts)]

 use std::collections::hash_map::DefaultHasher;
 use std::hash::{Hash, Hasher};
--- a/library/std/src/lib.rs
+++ b/library/std/src/lib.rs
@ -220,6 +220,7 @@
 #![allow(explicit_outlives_requirements)]
 #![allow(unused_lifetimes)]
 #![deny(rustc::existing_doc_keyword)]
+#![deny(fuzzy_provenance_casts)]
 // Ensure that std can be linked against panic_abort despite compiled with `-C panic=unwind`
 #![deny(ffi_unwind_calls)]
 // std may use features in a platform-specific way
@ -598,7 +599,7 @@ mod panicking;
 mod personality;

 #[path = "../../backtrace/src/lib.rs"]
-#[allow(dead_code, unused_attributes)]
+#[allow(dead_code, unused_attributes, fuzzy_provenance_casts)]
 mod backtrace_rs;

 // Re-export macros defined in libcore.
--- a/library/std/src/os/windows/io/socket.rs
+++ b/library/std/src/os/windows/io/socket.rs
@ -90,6 +90,7 @@ impl OwnedSocket {
    }

    // FIXME(strict_provenance_magic): we defined RawSocket to be a u64 ;-;
+    #[allow(fuzzy_provenance_casts)]
    #[cfg(not(target_vendor = "uwp"))]
    pub(crate) fn set_no_inherit(&self) -> io::Result<()> {
        cvt(unsafe {
--- a/library/std/src/personality/dwarf/eh.rs
+++ b/library/std/src/personality/dwarf/eh.rs
@ -13,6 +13,7 @@

 use super::DwarfReader;
 use core::mem;
+use core::ptr;

 pub const DW_EH_PE_omit: u8 = 0xFF;
 pub const DW_EH_PE_absptr: u8 = 0x00;
@ -151,7 +152,7 @@ unsafe fn read_encoded_pointer(

    // DW_EH_PE_aligned implies it's an absolute pointer value
    if encoding == DW_EH_PE_aligned {
-        reader.ptr = round_up(reader.ptr as usize, mem::size_of::<usize>())? as *const u8;
+        reader.ptr = reader.ptr.with_addr(round_up(reader.ptr.addr(), mem::size_of::<usize>())?);
        return Ok(reader.read::<usize>());
    }

@ -171,7 +172,7 @@ unsafe fn read_encoded_pointer(
    result += match encoding & 0x70 {
        DW_EH_PE_absptr => 0,
        // relative to address of the encoded value, despite the name
-        DW_EH_PE_pcrel => reader.ptr as usize,
+        DW_EH_PE_pcrel => reader.ptr.expose_addr(),
        DW_EH_PE_funcrel => {
            if context.func_start == 0 {
                return Err(());
@ -184,7 +185,7 @@ unsafe fn read_encoded_pointer(
    };

    if encoding & DW_EH_PE_indirect != 0 {
-        result = *(result as *const usize);
+        result = *ptr::from_exposed_addr::<usize>(result);
    }

    Ok(result)
--- a/library/std/src/sys/sgx/mod.rs
+++ b/library/std/src/sys/sgx/mod.rs
@ -3,6 +3,7 @@
 //! This module contains the facade (aka platform-specific) implementations of
 //! OS level functionality for Fortanix SGX.
 #![deny(unsafe_op_in_unsafe_fn)]
+#![allow(fuzzy_provenance_casts)] // FIXME: this entire module systematically confuses pointers and integers

 use crate::io::ErrorKind;
 use crate::sync::atomic::{AtomicBool, Ordering};