Commit Graph

47 Commits

Author SHA1 Message Date
Ben Kimock
3cfb9915fc Add a protector test that demonstrates the base tag diagnostic 2022-08-31 21:37:44 -04:00
Ralf Jung
671a4b8b0f make backtrace header a bit more visible 2022-08-31 17:32:39 +02:00
Ben Kimock
da0d4829bf Use the better FnEntry spans in protector errors 2022-08-29 18:06:30 -04:00
Ralf Jung
abe890d2ce slightly improve protector-related error messages
also rename some tests that still used outdated "barrier" terminology
2022-08-28 09:27:10 -04:00
Ralf Jung
7397c8e9cf re-bless after rebase 2022-08-18 16:36:53 -04:00
Ben Kimock
14e72e7ffa Improve information sharing across SB diagnostics
Previous Stacked Borrows diagnostics were missing a lot of information
about the state of the interpreter, and it was difficult to add
additional state because it was threaded through all the intervening
function signatures.

This change factors a lot of the arguments which used to be passed
individually to many stacked borrows functions into a single
`DiagnosticCx`, which is built in `Stacks::for_each`, and since it
wraps a handle to `AllocHistory`, we can now handle more nuanced
things like heterogeneous borrow of `!Freeze` types.
2022-08-18 15:01:03 -04:00
Ralf Jung
db43ee5714 defend test against overly smart Miri 2022-08-15 20:23:19 -04:00
Ralf Jung
297ddffff3 add test that we do not merge neighboring SRW 2022-08-15 18:32:14 -04:00
Ralf Jung
a6b35412d8 adjust for symbolic vtables 2022-07-22 07:18:34 -04:00
Ralf Jung
9782b7b039 rustup 2022-07-16 23:40:36 -04:00
bors
e16705de25 Auto merge of #2369 - RalfJung:reborrow, r=RalfJung
reborrow error: clarify that we are reborrowing *from* that tag

`@saethlin` I found the current message not entirely clear, so what do you think about this?
2022-07-14 00:04:40 +00:00
Ralf Jung
cc42cb1b21 reborrow error: clarify that we are reborrowing *from* that tag 2022-07-13 19:40:53 -04:00
Ralf Jung
757e88c901 use ui_test regex capabilities 2022-07-13 18:59:33 -04:00
Oli Scherer
837bf84271 Error patterns can be regexes 2022-07-13 14:36:03 +00:00
bors
db5a2b9747 Auto merge of #2315 - saethlin:shrink-item, r=saethlin
Optimizing Stacked Borrows (part 2): Shrink Item

This moves protectors out of `Item`, storing them both in a global `HashSet` which contains all currently-protected tags as well as a `Vec<SbTag>` on each `Frame` so that when we return from a function we know which tags to remove from the protected set.

This also bit-packs the 64-bit tag and the 2-bit permission together when they are stored in memory. This means we theoretically run out of tags sooner, but I doubt that limit will ever be hit.

Together these optimizations reduce the memory footprint of Miri when executing programs which stress Stacked Borrows by ~66%. For example, running a test with isolation off which only panics currently peaks at ~19 GB, with this PR it peaks at ~6.2 GB.

To-do
- [x] Enforce the 62-bit limit
- [x] Decide if there is a better order to pack the tag and permission in
- [x] Wait for `UnsafeCell` to become infectious, or express offsets + tags in the global protector set

Benchmarks before:
```
Benchmark 1: cargo +miri miri run --manifest-path bench-cargo-miri/backtraces/Cargo.toml
  Time (mean ± σ):      8.948 s ±  0.253 s    [User: 8.752 s, System: 0.158 s]
  Range (min … max):    8.619 s …  9.279 s    5 runs

Benchmark 1: cargo +miri miri run --manifest-path bench-cargo-miri/mse/Cargo.toml
  Time (mean ± σ):      2.129 s ±  0.037 s    [User: 1.849 s, System: 0.248 s]
  Range (min … max):    2.086 s …  2.176 s    5 runs

Benchmark 1: cargo +miri miri run --manifest-path bench-cargo-miri/serde1/Cargo.toml
  Time (mean ± σ):      3.334 s ±  0.017 s    [User: 3.211 s, System: 0.103 s]
  Range (min … max):    3.315 s …  3.352 s    5 runs

Benchmark 1: cargo +miri miri run --manifest-path bench-cargo-miri/serde2/Cargo.toml
  Time (mean ± σ):      3.316 s ±  0.038 s    [User: 3.207 s, System: 0.095 s]
  Range (min … max):    3.282 s …  3.375 s    5 runs

Benchmark 1: cargo +miri miri run --manifest-path bench-cargo-miri/unicode/Cargo.toml
  Time (mean ± σ):      6.391 s ±  0.323 s    [User: 5.928 s, System: 0.412 s]
  Range (min … max):    6.090 s …  6.917 s    5 runs
 ```
 After:
 ```
Benchmark 1: cargo +miri miri run --manifest-path bench-cargo-miri/backtraces/Cargo.toml
  Time (mean ± σ):      6.955 s ±  0.051 s    [User: 6.807 s, System: 0.132 s]
  Range (min … max):    6.900 s …  7.038 s    5 runs

Benchmark 1: cargo +miri miri run --manifest-path bench-cargo-miri/mse/Cargo.toml
  Time (mean ± σ):      1.784 s ±  0.012 s    [User: 1.627 s, System: 0.156 s]
  Range (min … max):    1.772 s …  1.797 s    5 runs

Benchmark 1: cargo +miri miri run --manifest-path bench-cargo-miri/serde1/Cargo.toml
  Time (mean ± σ):      2.505 s ±  0.095 s    [User: 2.311 s, System: 0.096 s]
  Range (min … max):    2.405 s …  2.603 s    5 runs

Benchmark 1: cargo +miri miri run --manifest-path bench-cargo-miri/serde2/Cargo.toml
  Time (mean ± σ):      2.449 s ±  0.031 s    [User: 2.306 s, System: 0.100 s]
  Range (min … max):    2.395 s …  2.467 s    5 runs

Benchmark 1: cargo +miri miri run --manifest-path bench-cargo-miri/unicode/Cargo.toml
  Time (mean ± σ):      3.667 s ±  0.110 s    [User: 3.498 s, System: 0.140 s]
  Range (min … max):    3.564 s …  3.814 s    5 runs
 ```
 The decrease in system time is probably due to spending less time in the page fault handler.
2022-07-13 01:44:01 +00:00
Ben Kimock
4eff60ad6e Rearrange and document the new implementation
stacked_borrow now has an item module, and its own FrameExtra. These
serve to protect the implementation of Item (which is a bunch of
bit-packing tricks) from the primary logic of Stacked Borrows, and the
FrameExtra we have separates Stacked Borrows more cleanly from the
interpreter itself.

The new strategy for checking protectors also makes some subtle
performance tradeoffs, so they are now documented in Stack::item_popped
because that function primarily benefits from them, and it also touches
every aspect of them.

Also separating the actual CallId that is protecting a Tag from the Tag
makes it inconvienent to reproduce exactly the same protector errors, so
this also takes the opportunity to use some slightly cleaner English in
those errors. We need to make some change, might as well make it good.
2022-07-12 21:03:54 -04:00
Ben Kimock
afa1dddcf9 Store protectors outside Item, pack Tag and Perm
Previously, Item was a struct of a NonZeroU64, an Option which was
usually unset or irrelevant, and a 4-variant enum. So collectively, the
size of an Item was 24 bytes, but only 8 bytes were used for the most
part.

So this takes advantage of the fact that it is probably impossible to
exhaust the total space of SbTags, and steals 3 bits from it to pack the
whole struct into a single u64. This bit-packing means that we reduce
peak memory usage when Miri goes memory-bound by ~3x. We also get CPU
performance improvements of varying size, because not only are we simply
accessing less memory, we can now compare a Vec<Item> using a memcmp
because it does not have any padding.
2022-07-12 21:01:33 -04:00
Oli Scherer
f3496cbe4b require level and colon in //~ style comments 2022-07-11 11:48:56 +00:00
Oli Scherer
6e106617f1 Port all tests 2022-07-08 16:08:32 +00:00
Oli Scherer
389915e09b Replace all //error-pattern comments with strict syntax and fix other comments in the same files 2022-07-08 15:55:37 +00:00
Ralf Jung
f3f4bafa1b rustup 2022-07-05 18:16:20 -04:00
Ralf Jung
98254f67af pointer tag tracking: on creation, log the offsets it is created for 2022-07-02 11:33:29 -04:00
Ralf Jung
a2e61aeeff rustup 2022-06-29 21:31:27 -04:00
Ralf Jung
c4e86e103e add option for recursive field retagging 2022-06-29 18:22:30 -04:00
Ralf Jung
294ef15adb more int2ptr cast tests, and fix casting of addresses inside dead allocations 2022-06-26 22:19:56 -04:00
Ralf Jung
13d425daeb make permissive provenance and raw-ptr tagging the default 2022-06-26 21:14:42 -04:00
Ralf Jung
5aeba7f86b make a bunch of tests look more like how they did before rustfmt 2022-06-25 23:31:24 -04:00
Ralf Jung
d3ca71ba37 test that &mut !Unpin references are protected 2022-06-25 19:15:11 -04:00
Ralf Jung
58c79c5b6f tweaks and feedback 2022-06-24 22:02:17 -04:00
Ralf Jung
4fbb284a99 implement 'delimited' expose tracking so we still detect some UB 2022-06-24 20:05:56 -04:00
Ralf Jung
8d6fdaa024 make the tests pass
(and some formatting)
2022-06-24 18:03:02 -04:00
Ralf Jung
2deb9e5dae add exposed_only_ro test 2022-06-24 16:21:47 -04:00
bors
655eed35b7 Auto merge of #2248 - RalfJung:arc-drop-fix, r=RalfJung
do not protect SRW items

This is the Miri version of https://github.com/rust-lang/rust/pull/98017.
2022-06-22 21:39:41 +00:00
bors
5e584d25ef Auto merge of #2252 - dtolnay-contrib:rustfmt5, r=oli-obk
Format tests with rustfmt (225-275 of 300)

Extracted from #2097.

These cases all involve a line comment at the end of a block that rustfmt has chosen to wrap.

```diff
- unsafe { (*ptr).set(20); } //~ ERROR does not exist in the borrow stack
+ unsafe {
+     (*ptr).set(20);
+ } //~ ERROR does not exist in the borrow stack
```

I have moved all of those comments back onto the same line as the content of the block instead, as was indicated being `@RalfJung's` preference in https://github.com/rust-lang/miri/pull/2097#discussion_r862436672.

```diff
+ unsafe {
+     (*ptr).set(20); //~ ERROR does not exist in the borrow stack
+ }
```
2022-06-22 09:04:44 +00:00
David Tolnay
f1044d2f77
Bless stderr files after rustfmt 2022-06-21 11:46:10 -07:00
David Tolnay
7326da7ce3
Manual adjustments 2022-06-21 11:46:09 -07:00
David Tolnay
6827ac2f37
Format tests with rustfmt (225-275 of 300) 2022-06-21 11:46:09 -07:00
David Tolnay
7d40530c52
Bless stderr files after rustfmt 2022-06-21 11:32:15 -07:00
David Tolnay
5490e775df
Format tests with rustfmt (201-224 of 300) 2022-06-21 11:32:06 -07:00
Ralf Jung
1b214a0d12 do not protect SRW items 2022-06-21 09:32:58 -07:00
David Tolnay
1c66163871
Bless stderr files after rustfmt 2022-06-20 23:50:49 -07:00
David Tolnay
069f5b6615
Format tests with rustfmt (151-200 of 300) 2022-06-20 23:50:40 -07:00
David Tolnay
817adda794
Add rustfmt::skip to some files
Five of the files being skipped here are because rustfmt is buggy (see
the error messages below). The others have clearly preferable manual
formatting.

    error[internal]: left behind trailing whitespace
      --> tests/fail/validity/transmute_through_ptr.rs:18:18:1
       |
    18 |
       | ^^^^
       |

    warning: rustfmt has failed to format. See previous 1 errors.

    error[internal]: left behind trailing whitespace
      --> tests/fail/stacked_borrows/illegal_read2.rs:10:10:1
       |
    10 |
       | ^^^^
       |

    warning: rustfmt has failed to format. See previous 1 errors.

    error[internal]: left behind trailing whitespace
      --> tests/fail/stacked_borrows/illegal_read5.rs:15:15:1
       |
    15 |
       | ^^^^
       |

    warning: rustfmt has failed to format. See previous 1 errors.

    error[internal]: left behind trailing whitespace
      --> tests/fail/stacked_borrows/illegal_read1.rs:10:10:1
       |
    10 |
       | ^^^^
       |

    warning: rustfmt has failed to format. See previous 1 errors.

    error[internal]: left behind trailing whitespace
     --> tests/fail/erroneous_const2.rs:9:9:1
      |
    9 |
      | ^^^^
      |

    warning: rustfmt has failed to format. See previous 1 errors.
2022-06-19 17:21:57 -07:00
Ralf Jung
6ed05d976e bless 2022-06-11 22:34:01 -07:00
Ralf Jung
069d8fdb71 test for Stacked Borrows error during vtable validation 2022-06-11 17:42:23 -07:00
Ralf Jung
7f5cfa54d9 port some tests away from flags we want to remove 2022-06-06 11:44:36 -04:00
Ralf Jung
3d634c975c rename test suite directories 2022-06-01 10:53:38 -04:00