rust/miri/fn_call.rs
2017-12-14 11:35:33 +01:00

662 lines
26 KiB
Rust

use rustc::ty::{self, Ty};
use rustc::ty::layout::LayoutOf;
use rustc::hir::def_id::{DefId, CRATE_DEF_INDEX};
use rustc::mir;
use syntax::attr;
use syntax::abi::Abi;
use syntax::codemap::Span;
use std::mem;
use rustc::traits;
use super::*;
use tls::MemoryExt;
use super::memory::MemoryKind;
pub trait EvalContextExt<'tcx> {
fn call_c_abi(
&mut self,
def_id: DefId,
args: &[ValTy<'tcx>],
dest: Place,
dest_ty: Ty<'tcx>,
dest_block: mir::BasicBlock,
) -> EvalResult<'tcx>;
fn resolve_path(&self, path: &[&str]) -> EvalResult<'tcx, ty::Instance<'tcx>>;
fn call_missing_fn(
&mut self,
instance: ty::Instance<'tcx>,
destination: Option<(Place, mir::BasicBlock)>,
args: &[ValTy<'tcx>],
sig: ty::FnSig<'tcx>,
path: String,
) -> EvalResult<'tcx>;
fn eval_fn_call(
&mut self,
instance: ty::Instance<'tcx>,
destination: Option<(Place, mir::BasicBlock)>,
args: &[ValTy<'tcx>],
span: Span,
sig: ty::FnSig<'tcx>,
) -> EvalResult<'tcx, bool>;
fn write_null(&mut self, dest: Place, dest_ty: Ty<'tcx>) -> EvalResult<'tcx>;
}
impl<'a, 'tcx> EvalContextExt<'tcx> for EvalContext<'a, 'tcx, super::Evaluator<'tcx>> {
fn eval_fn_call(
&mut self,
instance: ty::Instance<'tcx>,
destination: Option<(Place, mir::BasicBlock)>,
args: &[ValTy<'tcx>],
span: Span,
sig: ty::FnSig<'tcx>,
) -> EvalResult<'tcx, bool> {
trace!("eval_fn_call: {:#?}, {:#?}", instance, destination);
let mir = match self.load_mir(instance.def) {
Ok(mir) => mir,
Err(EvalError { kind: EvalErrorKind::NoMirFor(path), .. }) => {
self.call_missing_fn(
instance,
destination,
args,
sig,
path,
)?;
return Ok(true);
}
Err(other) => return Err(other),
};
let (return_place, return_to_block) = match destination {
Some((place, block)) => (place, StackPopCleanup::Goto(block)),
None => (Place::undef(), StackPopCleanup::None),
};
self.push_stack_frame(
instance,
span,
mir,
return_place,
return_to_block,
)?;
Ok(false)
}
fn call_c_abi(
&mut self,
def_id: DefId,
args: &[ValTy<'tcx>],
dest: Place,
dest_ty: Ty<'tcx>,
dest_block: mir::BasicBlock,
) -> EvalResult<'tcx> {
let attrs = self.tcx.get_attrs(def_id);
let link_name = match attr::first_attr_value_str_by_name(&attrs, "link_name") {
Some(name) => name.as_str(),
None => self.tcx.item_name(def_id),
};
match &link_name[..] {
"malloc" => {
let size = self.value_to_primval(args[0])?.to_u64()?;
if size == 0 {
self.write_null(dest, dest_ty)?;
} else {
let align = self.memory.pointer_size();
let ptr = self.memory.allocate(size, align, Some(MemoryKind::C.into()))?;
self.write_primval(dest, PrimVal::Ptr(ptr), dest_ty)?;
}
}
"free" => {
let ptr = self.into_ptr(args[0].value)?;
if !ptr.is_null()? {
self.memory.deallocate(
ptr.to_ptr()?,
None,
MemoryKind::C.into(),
)?;
}
}
"syscall" => {
// TODO: read `syscall` ids like `sysconf` ids and
// figure out some way to actually process some of them
//
// libc::syscall(NR_GETRANDOM, buf.as_mut_ptr(), buf.len(), GRND_NONBLOCK)
// is called if a `HashMap` is created the regular way.
match self.value_to_primval(args[0])?.to_u64()? {
318 | 511 => {
return err!(Unimplemented(
"miri does not support random number generators".to_owned(),
))
}
id => {
return err!(Unimplemented(
format!("miri does not support syscall id {}", id),
))
}
}
}
"dlsym" => {
let _handle = self.into_ptr(args[0].value)?;
let symbol = self.into_ptr(args[1].value)?.to_ptr()?;
let symbol_name = self.memory.read_c_str(symbol)?;
let err = format!("bad c unicode symbol: {:?}", symbol_name);
let symbol_name = ::std::str::from_utf8(symbol_name).unwrap_or(&err);
return err!(Unimplemented(format!(
"miri does not support dynamically loading libraries (requested symbol: {})",
symbol_name
)));
}
"__rust_maybe_catch_panic" => {
// fn __rust_maybe_catch_panic(f: fn(*mut u8), data: *mut u8, data_ptr: *mut usize, vtable_ptr: *mut usize) -> u32
// We abort on panic, so not much is going on here, but we still have to call the closure
let u8_ptr_ty = self.tcx.mk_mut_ptr(self.tcx.types.u8);
let f = self.into_ptr(args[0].value)?.to_ptr()?;
let data = self.into_ptr(args[1].value)?;
let f_instance = self.memory.get_fn(f)?;
self.write_null(dest, dest_ty)?;
// Now we make a function call. TODO: Consider making this re-usable? EvalContext::step does sth. similar for the TLS dtors,
// and of course eval_main.
let mir = self.load_mir(f_instance.def)?;
self.push_stack_frame(
f_instance,
mir.span,
mir,
Place::undef(),
StackPopCleanup::Goto(dest_block),
)?;
let mut args = self.frame().mir.args_iter();
let arg_local = args.next().ok_or(
EvalErrorKind::AbiViolation(
"Argument to __rust_maybe_catch_panic does not take enough arguments."
.to_owned(),
),
)?;
let arg_dest = self.eval_place(&mir::Place::Local(arg_local))?;
self.write_ptr(arg_dest, data, u8_ptr_ty)?;
assert!(args.next().is_none(), "__rust_maybe_catch_panic argument has more arguments than expected");
// We ourselves return 0
self.write_null(dest, dest_ty)?;
// Don't fall through
return Ok(());
}
"__rust_start_panic" => {
return err!(Panic);
}
"memcmp" => {
let left = self.into_ptr(args[0].value)?;
let right = self.into_ptr(args[1].value)?;
let n = self.value_to_primval(args[2])?.to_u64()?;
let result = {
let left_bytes = self.memory.read_bytes(left, n)?;
let right_bytes = self.memory.read_bytes(right, n)?;
use std::cmp::Ordering::*;
match left_bytes.cmp(right_bytes) {
Less => -1i8,
Equal => 0,
Greater => 1,
}
};
self.write_primval(
dest,
PrimVal::Bytes(result as u128),
dest_ty,
)?;
}
"memrchr" => {
let ptr = self.into_ptr(args[0].value)?;
let val = self.value_to_primval(args[1])?.to_u64()? as u8;
let num = self.value_to_primval(args[2])?.to_u64()?;
if let Some(idx) = self.memory.read_bytes(ptr, num)?.iter().rev().position(
|&c| c == val,
)
{
let new_ptr = ptr.offset(num - idx as u64 - 1, &self)?;
self.write_ptr(dest, new_ptr, dest_ty)?;
} else {
self.write_null(dest, dest_ty)?;
}
}
"memchr" => {
let ptr = self.into_ptr(args[0].value)?;
let val = self.value_to_primval(args[1])?.to_u64()? as u8;
let num = self.value_to_primval(args[2])?.to_u64()?;
if let Some(idx) = self.memory.read_bytes(ptr, num)?.iter().position(
|&c| c == val,
)
{
let new_ptr = ptr.offset(idx as u64, &self)?;
self.write_ptr(dest, new_ptr, dest_ty)?;
} else {
self.write_null(dest, dest_ty)?;
}
}
"getenv" => {
let result = {
let name_ptr = self.into_ptr(args[0].value)?.to_ptr()?;
let name = self.memory.read_c_str(name_ptr)?;
match self.machine.env_vars.get(name) {
Some(&var) => PrimVal::Ptr(var),
None => PrimVal::Bytes(0),
}
};
self.write_primval(dest, result, dest_ty)?;
}
"unsetenv" => {
let mut success = None;
{
let name_ptr = self.into_ptr(args[0].value)?;
if !name_ptr.is_null()? {
let name = self.memory.read_c_str(name_ptr.to_ptr()?)?;
if !name.is_empty() && !name.contains(&b'=') {
success = Some(self.machine.env_vars.remove(name));
}
}
}
if let Some(old) = success {
if let Some(var) = old {
self.memory.deallocate(var, None, MemoryKind::Env.into())?;
}
self.write_null(dest, dest_ty)?;
} else {
self.write_primval(dest, PrimVal::from_i128(-1), dest_ty)?;
}
}
"setenv" => {
let mut new = None;
{
let name_ptr = self.into_ptr(args[0].value)?;
let value_ptr = self.into_ptr(args[1].value)?.to_ptr()?;
let value = self.memory.read_c_str(value_ptr)?;
if !name_ptr.is_null()? {
let name = self.memory.read_c_str(name_ptr.to_ptr()?)?;
if !name.is_empty() && !name.contains(&b'=') {
new = Some((name.to_owned(), value.to_owned()));
}
}
}
if let Some((name, value)) = new {
// +1 for the null terminator
let value_copy = self.memory.allocate(
(value.len() + 1) as u64,
1,
Some(MemoryKind::Env.into()),
)?;
self.memory.write_bytes(value_copy.into(), &value)?;
let trailing_zero_ptr = value_copy.offset(value.len() as u64, &self)?.into();
self.memory.write_bytes(trailing_zero_ptr, &[0])?;
if let Some(var) = self.machine.env_vars.insert(
name.to_owned(),
value_copy,
)
{
self.memory.deallocate(var, None, MemoryKind::Env.into())?;
}
self.write_null(dest, dest_ty)?;
} else {
self.write_primval(dest, PrimVal::from_i128(-1), dest_ty)?;
}
}
"write" => {
let fd = self.value_to_primval(args[0])?.to_u64()?;
let buf = self.into_ptr(args[1].value)?;
let n = self.value_to_primval(args[2])?.to_u64()?;
trace!("Called write({:?}, {:?}, {:?})", fd, buf, n);
let result = if fd == 1 || fd == 2 {
// stdout/stderr
use std::io::{self, Write};
let buf_cont = self.memory.read_bytes(buf, n)?;
let res = if fd == 1 {
io::stdout().write(buf_cont)
} else {
io::stderr().write(buf_cont)
};
match res {
Ok(n) => n as isize,
Err(_) => -1,
}
} else {
warn!("Ignored output to FD {}", fd);
n as isize // pretend it all went well
}; // now result is the value we return back to the program
self.write_primval(
dest,
PrimVal::Bytes(result as u128),
dest_ty,
)?;
}
"strlen" => {
let ptr = self.into_ptr(args[0].value)?.to_ptr()?;
let n = self.memory.read_c_str(ptr)?.len();
self.write_primval(dest, PrimVal::Bytes(n as u128), dest_ty)?;
}
// Some things needed for sys::thread initialization to go through
"signal" | "sigaction" | "sigaltstack" => {
self.write_primval(dest, PrimVal::Bytes(0), dest_ty)?;
}
"sysconf" => {
let name = self.value_to_primval(args[0])?.to_u64()?;
trace!("sysconf() called with name {}", name);
// cache the sysconf integers via miri's global cache
let paths = &[
(&["libc", "_SC_PAGESIZE"], PrimVal::Bytes(4096)),
(&["libc", "_SC_GETPW_R_SIZE_MAX"], PrimVal::from_i128(-1)),
];
let mut result = None;
for &(path, path_value) in paths {
if let Ok(instance) = self.resolve_path(path) {
let cid = GlobalId {
instance,
promoted: None,
};
// compute global if not cached
let val = match self.tcx.interpret_interner.borrow().get_cached(cid) {
Some(ptr) => ptr,
None => eval_body(self.tcx, instance, ty::ParamEnv::empty(traits::Reveal::All)).0?.0,
};
let val = self.value_to_primval(ValTy { value: Value::ByRef(val), ty: args[0].ty })?.to_u64()?;
if val == name {
result = Some(path_value);
break;
}
}
}
if let Some(result) = result {
self.write_primval(dest, result, dest_ty)?;
} else {
return err!(Unimplemented(
format!("Unimplemented sysconf name: {}", name),
));
}
}
// Hook pthread calls that go to the thread-local storage memory subsystem
"pthread_key_create" => {
let key_ptr = self.into_ptr(args[0].value)?;
// Extract the function type out of the signature (that seems easier than constructing it ourselves...)
let dtor = match self.into_ptr(args[1].value)?.into_inner_primval() {
PrimVal::Ptr(dtor_ptr) => Some(self.memory.get_fn(dtor_ptr)?),
PrimVal::Bytes(0) => None,
PrimVal::Bytes(_) => return err!(ReadBytesAsPointer),
PrimVal::Undef => return err!(ReadUndefBytes),
};
// Figure out how large a pthread TLS key actually is. This is libc::pthread_key_t.
let key_type = args[0].ty.builtin_deref(true, ty::LvaluePreference::NoPreference)
.ok_or(EvalErrorKind::AbiViolation("Wrong signature used for pthread_key_create: First argument must be a raw pointer.".to_owned()))?.ty;
let key_size = self.layout_of(key_type)?.size;
// Create key and write it into the memory where key_ptr wants it
let key = self.memory.create_tls_key(dtor) as u128;
if key_size.bits() < 128 && key >= (1u128 << key_size.bits() as u128) {
return err!(OutOfTls);
}
self.memory.write_primval(
key_ptr.to_ptr()?,
PrimVal::Bytes(key),
key_size.bytes(),
false,
)?;
// Return success (0)
self.write_null(dest, dest_ty)?;
}
"pthread_key_delete" => {
// The conversion into TlsKey here is a little fishy, but should work as long as usize >= libc::pthread_key_t
let key = self.value_to_primval(args[0])?.to_u64()? as TlsKey;
self.memory.delete_tls_key(key)?;
// Return success (0)
self.write_null(dest, dest_ty)?;
}
"pthread_getspecific" => {
// The conversion into TlsKey here is a little fishy, but should work as long as usize >= libc::pthread_key_t
let key = self.value_to_primval(args[0])?.to_u64()? as TlsKey;
let ptr = self.memory.load_tls(key)?;
self.write_ptr(dest, ptr, dest_ty)?;
}
"pthread_setspecific" => {
// The conversion into TlsKey here is a little fishy, but should work as long as usize >= libc::pthread_key_t
let key = self.value_to_primval(args[0])?.to_u64()? as TlsKey;
let new_ptr = self.into_ptr(args[1].value)?;
self.memory.store_tls(key, new_ptr)?;
// Return success (0)
self.write_null(dest, dest_ty)?;
}
// Stub out all the other pthread calls to just return 0
link_name if link_name.starts_with("pthread_") => {
info!("ignoring C ABI call: {}", link_name);
self.write_null(dest, dest_ty)?;
}
_ => {
return err!(Unimplemented(
format!("can't call C ABI function: {}", link_name),
));
}
}
// Since we pushed no stack frame, the main loop will act
// as if the call just completed and it's returning to the
// current frame.
self.dump_local(dest);
self.goto_block(dest_block);
Ok(())
}
/// Get an instance for a path.
fn resolve_path(&self, path: &[&str]) -> EvalResult<'tcx, ty::Instance<'tcx>> {
self.tcx
.crates()
.iter()
.find(|&&krate| self.tcx.original_crate_name(krate) == path[0])
.and_then(|krate| {
let krate = DefId {
krate: *krate,
index: CRATE_DEF_INDEX,
};
let mut items = self.tcx.item_children(krate);
let mut path_it = path.iter().skip(1).peekable();
while let Some(segment) = path_it.next() {
for item in mem::replace(&mut items, Default::default()).iter() {
if item.ident.name == *segment {
if path_it.peek().is_none() {
return Some(ty::Instance::mono(self.tcx, item.def.def_id()));
}
items = self.tcx.item_children(item.def.def_id());
break;
}
}
}
None
})
.ok_or_else(|| {
let path = path.iter().map(|&s| s.to_owned()).collect();
EvalErrorKind::PathNotFound(path).into()
})
}
fn call_missing_fn(
&mut self,
instance: ty::Instance<'tcx>,
destination: Option<(Place, mir::BasicBlock)>,
args: &[ValTy<'tcx>],
sig: ty::FnSig<'tcx>,
path: String,
) -> EvalResult<'tcx> {
// In some cases in non-MIR libstd-mode, not having a destination is legit. Handle these early.
match &path[..] {
"std::panicking::rust_panic_with_hook" |
"core::panicking::panic_fmt::::panic_impl" |
"std::rt::begin_panic_fmt" => return err!(Panic),
_ => {}
}
let dest_ty = sig.output();
let (dest, dest_block) = destination.ok_or_else(
|| EvalErrorKind::NoMirFor(path.clone()),
)?;
if sig.abi == Abi::C {
// An external C function
// TODO: That functions actually has a similar preamble to what follows here. May make sense to
// unify these two mechanisms for "hooking into missing functions".
self.call_c_abi(
instance.def_id(),
args,
dest,
dest_ty,
dest_block,
)?;
return Ok(());
}
match &path[..] {
// Allocators are magic. They have no MIR, even when the rest of libstd does.
"alloc::heap::::__rust_alloc" => {
let size = self.value_to_primval(args[0])?.to_u64()?;
let align = self.value_to_primval(args[1])?.to_u64()?;
if size == 0 {
return err!(HeapAllocZeroBytes);
}
if !align.is_power_of_two() {
return err!(HeapAllocNonPowerOfTwoAlignment(align));
}
let ptr = self.memory.allocate(size, align, Some(MemoryKind::Rust.into()))?;
self.write_primval(dest, PrimVal::Ptr(ptr), dest_ty)?;
}
"alloc::heap::::__rust_alloc_zeroed" => {
let size = self.value_to_primval(args[0])?.to_u64()?;
let align = self.value_to_primval(args[1])?.to_u64()?;
if size == 0 {
return err!(HeapAllocZeroBytes);
}
if !align.is_power_of_two() {
return err!(HeapAllocNonPowerOfTwoAlignment(align));
}
let ptr = self.memory.allocate(size, align, Some(MemoryKind::Rust.into()))?;
self.memory.write_repeat(ptr.into(), 0, size)?;
self.write_primval(dest, PrimVal::Ptr(ptr), dest_ty)?;
}
"alloc::heap::::__rust_dealloc" => {
let ptr = self.into_ptr(args[0].value)?.to_ptr()?;
let old_size = self.value_to_primval(args[1])?.to_u64()?;
let align = self.value_to_primval(args[2])?.to_u64()?;
if old_size == 0 {
return err!(HeapAllocZeroBytes);
}
if !align.is_power_of_two() {
return err!(HeapAllocNonPowerOfTwoAlignment(align));
}
self.memory.deallocate(
ptr,
Some((old_size, align)),
MemoryKind::Rust.into(),
)?;
}
"alloc::heap::::__rust_realloc" => {
let ptr = self.into_ptr(args[0].value)?.to_ptr()?;
let old_size = self.value_to_primval(args[1])?.to_u64()?;
let old_align = self.value_to_primval(args[2])?.to_u64()?;
let new_size = self.value_to_primval(args[3])?.to_u64()?;
let new_align = self.value_to_primval(args[4])?.to_u64()?;
if old_size == 0 || new_size == 0 {
return err!(HeapAllocZeroBytes);
}
if !old_align.is_power_of_two() {
return err!(HeapAllocNonPowerOfTwoAlignment(old_align));
}
if !new_align.is_power_of_two() {
return err!(HeapAllocNonPowerOfTwoAlignment(new_align));
}
let new_ptr = self.memory.reallocate(
ptr,
old_size,
old_align,
new_size,
new_align,
MemoryKind::Rust.into(),
)?;
self.write_primval(dest, PrimVal::Ptr(new_ptr), dest_ty)?;
}
// A Rust function is missing, which means we are running with MIR missing for libstd (or other dependencies).
// Still, we can make many things mostly work by "emulating" or ignoring some functions.
"std::io::_print" => {
warn!(
"Ignoring output. To run programs that print, make sure you have a libstd with full MIR."
);
}
"std::thread::Builder::new" => {
return err!(Unimplemented("miri does not support threading".to_owned()))
}
"std::env::args" => {
return err!(Unimplemented(
"miri does not support program arguments".to_owned(),
))
}
"std::panicking::panicking" |
"std::rt::panicking" => {
// we abort on panic -> `std::rt::panicking` always returns false
let bool = self.tcx.types.bool;
self.write_primval(dest, PrimVal::from_bool(false), bool)?;
}
"std::sys::imp::c::::AddVectoredExceptionHandler" |
"std::sys::imp::c::::SetThreadStackGuarantee" => {
let usize = self.tcx.types.usize;
// any non zero value works for the stdlib. This is just used for stackoverflows anyway
self.write_primval(dest, PrimVal::Bytes(1), usize)?;
},
_ => return err!(NoMirFor(path)),
}
// Since we pushed no stack frame, the main loop will act
// as if the call just completed and it's returning to the
// current frame.
self.dump_local(dest);
self.goto_block(dest_block);
return Ok(());
}
fn write_null(&mut self, dest: Place, dest_ty: Ty<'tcx>) -> EvalResult<'tcx> {
self.write_primval(dest, PrimVal::Bytes(0), dest_ty)
}
}