Rollup merge of #70532 - RalfJung:miri-assign, r=eddyb

Miri engine: stronger type-based sanity check for assignments r? @oli-obk @eddyb Fixes https://github.com/rust-lang/rust/issues/70405 That issue says > be sure to also add appropriate mutability checks to the patterns (mutable for the source, immutable for the dest) I decided not to do that because I see no good reason to do it. The engine does not care either way, the assignment will happen correctly.
2020-04-03 03:26:49 +02:00 · 2020-04-03 03:26:49 +02:00 · 4f0a791d5d
commit 4f0a791d5d
parent a80b491ef2 343b3f010c
4 changed files with 69 additions and 52 deletions
--- a/src/librustc_mir/interpret/eval_context.rs
+++ b/src/librustc_mir/interpret/eval_context.rs
@ -18,7 +18,7 @@
 use rustc_middle::ty::subst::SubstsRef;
 use rustc_middle::ty::{self, Ty, TyCtxt, TypeFoldable};
 use rustc_span::source_map::DUMMY_SP;
-use rustc_target::abi::{Align, HasDataLayout, LayoutOf, Size, TargetDataLayout};
+use rustc_target::abi::{Abi, Align, HasDataLayout, LayoutOf, Size, TargetDataLayout};

 use super::{
    Immediate, MPlaceTy, Machine, MemPlace, MemPlaceMeta, Memory, OpTy, Operand, Place, PlaceTy,
@ -210,6 +210,53 @@ fn layout_of(&self, ty: Ty<'tcx>) -> Self::TyAndLayout {
    }
 }

+/// Test if it is valid for a MIR assignment to assign `src`-typed place to `dest`-typed value.
+/// This test should be symmetric, as it is primarily about layout compatibility.
+pub(super) fn mir_assign_valid_types<'tcx>(
+    src: TyAndLayout<'tcx>,
+    dest: TyAndLayout<'tcx>,
+) -> bool {
+    if src.ty == dest.ty {
+        // Equal types, all is good.
+        return true;
+    }
+    // Type-changing assignments can happen for (at least) two reasons:
+    // - `&mut T` -> `&T` gets optimized from a reborrow to a mere assignment.
+    // - Subtyping is used. While all normal lifetimes are erased, higher-ranked lifetime
+    //   bounds are still around and can lead to type differences.
+    // There is no good way to check the latter, so we compare layouts instead -- but only
+    // for values with `Scalar`/`ScalarPair` abi.
+    // FIXME: Do something more accurate, type-based.
+    match &src.abi {
+        Abi::Scalar(..) | Abi::ScalarPair(..) => src.layout == dest.layout,
+        _ => false,
+    }
+}
+
+/// Use the already known layout if given (but sanity check in debug mode),
+/// or compute the layout.
+#[cfg_attr(not(debug_assertions), inline(always))]
+pub(super) fn from_known_layout<'tcx>(
+    known_layout: Option<TyAndLayout<'tcx>>,
+    compute: impl FnOnce() -> InterpResult<'tcx, TyAndLayout<'tcx>>,
+) -> InterpResult<'tcx, TyAndLayout<'tcx>> {
+    match known_layout {
+        None => compute(),
+        Some(known_layout) => {
+            if cfg!(debug_assertions) {
+                let check_layout = compute()?;
+                assert!(
+                    mir_assign_valid_types(check_layout, known_layout),
+                    "expected type differs from actual type.\nexpected: {:?}\nactual: {:?}",
+                    known_layout.ty,
+                    check_layout.ty,
+                );
+            }
+            Ok(known_layout)
+        }
+    }
+}
+
 impl<'mir, 'tcx, M: Machine<'mir, 'tcx>> InterpCx<'mir, 'tcx, M> {
    pub fn new(
        tcx: TyCtxtAt<'tcx>,
@ -377,7 +424,7 @@ pub fn layout_of_local(
        // have to support that case (mostly by skipping all caching).
        match frame.locals.get(local).and_then(|state| state.layout.get()) {
            None => {
-                let layout = crate::interpret::operand::from_known_layout(layout, || {
+                let layout = from_known_layout(layout, || {
                    let local_ty = frame.body.local_decls[local].ty;
                    let local_ty =
                        self.subst_from_frame_and_normalize_erasing_regions(frame, local_ty);
--- a/src/librustc_mir/interpret/mod.rs
+++ b/src/librustc_mir/interpret/mod.rs
@ -18,19 +18,13 @@
 pub use rustc_middle::mir::interpret::*; // have all the `interpret` symbols in one place: here

 pub use self::eval_context::{Frame, InterpCx, LocalState, LocalValue, StackPopCleanup};
-
-pub use self::place::{MPlaceTy, MemPlace, MemPlaceMeta, Place, PlaceTy};
-
-pub use self::memory::{AllocCheck, FnVal, Memory, MemoryKind};
-
+pub use self::intern::{intern_const_alloc_recursive, InternKind};
 pub use self::machine::{AllocMap, Machine, MayLeak, StackPopJump};
-
-pub use self::operand::{ImmTy, Immediate, OpTy, Operand, ScalarMaybeUndef};
-
+pub use self::memory::{AllocCheck, FnVal, Memory, MemoryKind};
+pub use self::operand::{ImmTy, Immediate, OpTy, Operand};
+pub use self::place::{MPlaceTy, MemPlace, MemPlaceMeta, Place, PlaceTy};
+pub use self::validity::RefTracking;
 pub use self::visitor::{MutValueVisitor, ValueVisitor};

-pub use self::validity::RefTracking;
-
-pub use self::intern::{intern_const_alloc_recursive, InternKind};
-
 crate use self::intrinsics::eval_nullary_intrinsic;
+use eval_context::{from_known_layout, mir_assign_valid_types};
--- a/src/librustc_mir/interpret/operand.rs
+++ b/src/librustc_mir/interpret/operand.rs
@ -2,21 +2,21 @@
 //! All high-level functions to read from memory work on operands as sources.

 use std::convert::TryFrom;
+use std::fmt::Write;

-use super::{InterpCx, MPlaceTy, Machine, MemPlace, Place, PlaceTy};
 use rustc_hir::def::Namespace;
 use rustc_macros::HashStable;
-pub use rustc_middle::mir::interpret::ScalarMaybeUndef;
-use rustc_middle::mir::interpret::{
-    sign_extend, truncate, AllocId, ConstValue, GlobalId, InterpResult, Pointer, Scalar,
-};
 use rustc_middle::ty::layout::{IntegerExt, PrimitiveExt, TyAndLayout};
 use rustc_middle::ty::print::{FmtPrinter, PrettyPrinter, Printer};
 use rustc_middle::ty::Ty;
 use rustc_middle::{mir, ty};
 use rustc_target::abi::{Abi, DiscriminantKind, HasDataLayout, Integer, LayoutOf, Size};
 use rustc_target::abi::{VariantIdx, Variants};
-use std::fmt::Write;
+
+use super::{
+    from_known_layout, sign_extend, truncate, AllocId, ConstValue, GlobalId, InterpCx,
+    InterpResult, MPlaceTy, Machine, MemPlace, Place, PlaceTy, Pointer, Scalar, ScalarMaybeUndef,
+};

 /// An `Immediate` represents a single immediate self-contained Rust value.
 ///
@ -203,29 +203,6 @@ pub fn from_int(i: impl Into<i128>, layout: TyAndLayout<'tcx>) -> Self {
    }
 }

-// Use the existing layout if given (but sanity check in debug mode),
-// or compute the layout.
-#[inline(always)]
-pub(super) fn from_known_layout<'tcx>(
-    layout: Option<TyAndLayout<'tcx>>,
-    compute: impl FnOnce() -> InterpResult<'tcx, TyAndLayout<'tcx>>,
-) -> InterpResult<'tcx, TyAndLayout<'tcx>> {
-    match layout {
-        None => compute(),
-        Some(layout) => {
-            if cfg!(debug_assertions) {
-                let layout2 = compute()?;
-                assert_eq!(
-                    layout.layout, layout2.layout,
-                    "mismatch in layout of supposedly equal-layout types {:?} and {:?}",
-                    layout.ty, layout2.ty
-                );
-            }
-            Ok(layout)
-        }
-    }
-}
-
 impl<'mir, 'tcx, M: Machine<'mir, 'tcx>> InterpCx<'mir, 'tcx, M> {
    /// Normalice `place.ptr` to a `Pointer` if this is a place and not a ZST.
    /// Can be helpful to avoid lots of `force_ptr` calls later, if this place is used a lot.
--- a/src/librustc_mir/interpret/place.rs
+++ b/src/librustc_mir/interpret/place.rs
@ -7,16 +7,15 @@

 use rustc_macros::HashStable;
 use rustc_middle::mir;
-use rustc_middle::mir::interpret::truncate;
 use rustc_middle::ty::layout::{PrimitiveExt, TyAndLayout};
 use rustc_middle::ty::{self, Ty};
 use rustc_target::abi::{Abi, Align, DiscriminantKind, FieldsShape};
 use rustc_target::abi::{HasDataLayout, LayoutOf, Size, VariantIdx, Variants};

 use super::{
-    AllocId, AllocMap, Allocation, AllocationExtra, ImmTy, Immediate, InterpCx, InterpResult,
-    LocalValue, Machine, MemoryKind, OpTy, Operand, Pointer, PointerArithmetic, RawConst, Scalar,
-    ScalarMaybeUndef,
+    mir_assign_valid_types, truncate, AllocId, AllocMap, Allocation, AllocationExtra, ImmTy,
+    Immediate, InterpCx, InterpResult, LocalValue, Machine, MemoryKind, OpTy, Operand, Pointer,
+    PointerArithmetic, RawConst, Scalar, ScalarMaybeUndef,
 };

 #[derive(Copy, Clone, Debug, Hash, PartialEq, Eq, HashStable)]
@ -869,10 +868,10 @@ fn copy_op_no_validate(
        // We do NOT compare the types for equality, because well-typed code can
        // actually "transmute" `&mut T` to `&T` in an assignment without a cast.
        assert!(
-            src.layout.layout == dest.layout.layout,
-            "Layout mismatch when copying!\nsrc: {:#?}\ndest: {:#?}",
-            src,
-            dest
+            mir_assign_valid_types(src.layout, dest.layout),
+            "type mismatch when copying!\nsrc: {:?},\ndest: {:?}",
+            src.layout.ty,
+            dest.layout.ty,
        );

        // Let us see if the layout is simple so we take a shortcut, avoid force_allocation.
@ -923,7 +922,7 @@ pub fn copy_op_transmute(
        src: OpTy<'tcx, M::PointerTag>,
        dest: PlaceTy<'tcx, M::PointerTag>,
    ) -> InterpResult<'tcx> {
-        if src.layout.layout == dest.layout.layout {
+        if mir_assign_valid_types(src.layout, dest.layout) {
            // Fast path: Just use normal `copy_op`
            return self.copy_op(src, dest);
        }