Commit Graph

565 Commits

Author SHA1 Message Date
Ralf Jung
3dcba56349 add test for nasty example 2022-04-02 00:05:27 -04:00
bors
732461b4cd Auto merge of #2045 - RalfJung:strict-provenance, r=RalfJung
add -Zmiri-strict-provenance

This implements [strict provenance](https://github.com/rust-lang/rust/issues/95228) in Miri. The only change is that casting an integer to a pointer does not even attempt to produce a good provenance for the given address; instead, it always uses the invalid provenance. This stricter than even `-Zmiri-tag-raw-pointers` in that it also rejects the following example (which does not even involve Stacked Borrows):
```rust
fn main() {
    let x = 22;
    let ptr = &x as *const _ as *const u8;
    let roundtrip = ptr as usize as *const u8;
    let _ = unsafe { roundtrip.offset(1) };
}
```
The new flag also implies `-Zmiri-tag-raw-pointers` since the only reason one would *not* want to tag raw pointers is to support ptr-int-ptr roundtrips.

Note that the flag does *not* check against ptr-to-int *transmutes*; that still requires `-Zmiri-check-number-validity`. You can also check for strict provenance *without* Stacked Borrows by adding `-Zmiri-disable-stacked-borrows`.

The new "Miri hard mode" flags for maximal checking are `-Zmiri-strict-provenance -Zmiri-check-number-validity`. (Add `-Zmiri-symbolic-alignment-check` if you feel extra spicy today.)
2022-04-01 22:40:26 +00:00
Ralf Jung
aa04dc1eeb Rust values can be up to isize::MAX in size 2022-04-01 17:22:01 -04:00
Ralf Jung
9af03bf342 add -Zmiri-strict-provenance 2022-04-01 14:10:24 -04:00
Ralf Jung
ede470e1fc ensure that -Zmiri-check-number-validity detects integers with provenance 2022-03-26 14:33:13 -04:00
Ralf Jung
9772c85ebc another test for too big type 2022-03-26 11:08:11 -04:00
Ralf Jung
3275df31ea rustup 2022-03-24 10:06:33 -04:00
bors
57786678d4 Auto merge of #1975 - DrMeepster:backtrace_fix, r=RalfJung
Make backtraces work with #[global_allocator]

Currently, backtraces break when the global allocator is overridden because the allocator will attempt to deallocate memory allocated directly by Miri.

~~This PR fixes that by using a new memory kind and providing a function to deallocate it. We can't call the custom allocator to allocate because it's not possible to call a function in the middle of a shim.~~

This PR fixes that by adding a new version of the backtrace API accessible by setting `flags` to 1. Existing code still functions.

backtrace-rs PR: rust-lang/backtrace-rs#462

Fixes https://github.com/rust-lang/miri/issues/1996
2022-03-20 02:37:09 +00:00
DrMeepster
2c670b10df add new version of backtrace api using flags=1 2022-03-19 18:14:11 -07:00
Ralf Jung
b5d3a25b49 detect when unused bits of a SIMD bitmask are non-0 2022-03-17 13:08:01 -04:00
Ben Kimock
730cd27248 Print more in SB error diagnostics
This tries to clarify exactly why an access is not valid by printing
what memory range the access was over, which in combination with
tag-tracking may help a user figure out the source of the problem.
2022-03-16 20:12:04 -04:00
Ralf Jung
bae720c75b add ptr_offset_from OOB test, and update test errors 2022-03-10 18:56:19 -05:00
Ralf Jung
41ffce1145 implement simd_scatter 2022-03-09 19:29:05 -05:00
Ralf Jung
576e2bbed5 implement gather 2022-03-09 19:29:05 -05:00
Ralf Jung
db06d4998f implement simd_cast, simd_as 2022-03-07 09:40:23 -05:00
bors
3854a76ace Auto merge of #1970 - asquared31415:open_unix_varargs, r=RalfJung
Allow varargs for libc::open when it is allowed by the second argument

This PR allows `libc::open` to be called using two or three arguments as defined in https://man7.org/linux/man-pages/man2/open.2.html

The presence of the third argument depends on the value of the second argument.  If the second argument dictates that the third argument is *required* miri will emit an error if the argument is missing.  If the second argument does *not* require a third argument, then the argument is ignored and passed as 0 internally (it would be ignored by libc anyway)
2022-03-05 22:47:51 +00:00
asquared31415
8e97599af4 allow varargs for libc::open when it is allowed by the second argument 2022-03-05 17:29:48 -05:00
Ralf Jung
c0f7251055 add test for simd division overflow UB 2022-03-03 12:32:42 -05:00
Ralf Jung
97ddcf1f6b adjust for div/rem overflow being UB 2022-03-03 12:14:24 -05:00
Ralf Jung
798dc5a78a Make sure we notice when a u16 is loaded at offset 1 into a u8 allocation 2022-03-02 13:06:28 -05:00
Ralf Jung
e9b140b4a5 update fn ptr tests 2022-02-25 12:06:10 -05:00
Ralf Jung
444396d620 rustup 2022-02-24 10:55:40 -05:00
Ralf Jung
1ac1e55f3b implement simd_eq and simd_reduce_any 2022-02-21 21:41:52 -05:00
Ralf Jung
5ab0ea67f2 adjust output for calling convention check 2021-12-24 12:02:23 +01:00
Ralf Jung
44cad75069 fix iteration-order-dependent output 2021-12-15 16:51:40 +01:00
5225225
f0d915703c Add tests for double destroying various pthread items 2021-12-06 21:15:02 +00:00
5225225
eadeedde42 Handle uninit data in pthread_condattr_destroy 2021-12-05 19:47:29 +00:00
Ralf Jung
4414d96323 implement shl and shr SIMD intrinsics 2021-11-25 17:26:37 -05:00
Ralf Jung
a534bbbf8a portable SIMD: add rem intrinsic; test div and rem intrinsic UB 2021-11-25 17:13:33 -05:00
Ralf Jung
d8bee92aee rename track-raw-pointers flag to tag-raw-pointers 2021-11-13 15:48:27 -05:00
Noah Lev
1cca2acf95 Add test for uninit raw ptrs 2021-11-10 11:36:42 -08:00
Noah Lev
b3be6b44b6 Add tests for -Zmiri-check-number-validity 2021-11-10 11:36:42 -08:00
Noah Lev
6d1d8c69a0 rustup 2021-11-01 16:12:38 -07:00
Noah Lev
9af75a824f rustup
Update to the `HEAD` commit of rust-lang/rust and fix test failure.
2021-10-05 13:13:06 -07:00
DrMeepster
e6a27a68fa implement #[global_allocator] 2021-09-28 20:32:53 -07:00
hyd-dev
9a877b80fe
Add #[allow(dead_code)] in some tests 2021-09-11 18:58:57 +08:00
Ralf Jung
9a6a5119fc rustup 2021-08-16 17:09:21 +02:00
Ralf Jung
78b4c7bf79 rustup 2021-08-14 14:47:57 +02:00
hyd-dev
af7eb369b1
Fix tests for C-unwind ABI changes 2021-08-07 15:57:54 +08:00
Ralf Jung
5338a16018 adjust for ERR_ON_PARTIAL_PTR_OVERWRITE 2021-08-02 17:58:55 +02:00
bors
02f78b089c Auto merge of #1858 - RalfJung:thread-leaks, r=oli-obk
also ignore 'thread leaks' with -Zmiri-ignore-leaks

This is a step towards https://github.com/rust-lang/miri/issues/1371. The remaining hard part would be supporting checking for memory leaks when there are threads still running. For now we elegantly avoid this problem by using the same flag to control both of these checks. :)
2021-07-27 12:23:56 +00:00
Ralf Jung
24fa9deddc add test for mixing up System and Global memory 2021-07-25 14:36:00 +02:00
Ralf Jung
71efd950d1 also ignore 'thread leaks' with -Zmiri-ignore-leaks 2021-07-25 14:21:06 +02:00
Ralf Jung
cf26458376 test for negative offsets 2021-07-20 13:30:49 +02:00
Ralf Jung
a1233a721d adjust Miri to Pointer type overhaul 2021-07-16 10:10:12 +02:00
Ralf Jung
7f3dd37f1e rustup 2021-06-17 20:52:35 +02:00
bors
486b5dfe74 Auto merge of #1832 - hyd-dev:1776-follow-up, r=RalfJung
Report an error if a `#[no_mangle]`/`#[export_name = ...]` function has the same symbol name as a built-in shim

Implements https://github.com/rust-lang/miri/pull/1776#issuecomment-821322605.

The error looks like this:
```
error: found `malloc` symbol definition that clashes with a built-in shim
  --> tests/compile-fail/function_calls/exported_symbol_shim_clashing.rs:12:9
   |
12 |         malloc(0);
   |         ^^^^^^^^^ found `malloc` symbol definition that clashes with a built-in shim
   |
help: the `malloc` symbol is defined here

  --> tests/compile-fail/function_calls/exported_symbol_shim_clashing.rs:2:1
   |
2  | / extern "C" fn malloc(_: usize) -> *mut std::ffi::c_void {
3  | |     //~^ HELP the `malloc` symbol is defined here
4  | |     unreachable!()
5  | | }
   | |_^
   = note: inside `main` at tests/compile-fail/function_calls/exported_symbol_shim_clashing.rs:12:9
```

This does not implement "better error messages than we do currently for arg/ABI mismatches" in https://github.com/rust-lang/miri/pull/1776#issuecomment-821343175 -- I failed to remove all `check_arg_count()` and `check_abi()` (they are still used in `src/shims/intrinsics.rs` and `call_dlsym()`) and they don't receive the name of the shim.
2021-06-15 09:53:05 +00:00
hyd-dev
dfd7a6d5aa
Rustup 2021-06-15 16:12:47 +08:00
hyd-dev
e46aab5816
Use check_shim() for abort 2021-06-11 15:47:12 +08:00
hyd-dev
ce7040075a
Disallow #[no_mangle]/#[export_name = ...] functions that have the same symbol name as built-in shims 2021-06-11 15:18:47 +08:00