miri/const eval: support MaybeDangling

Author: WaffleLapkin

compiler/rustc_const_eval/src/interpret/validity.rs

@@ -7,6 +7,7 @@
 use std::borrow::Cow;
 use std::fmt::Write;
 use std::hash::Hash;
+use std::mem;
 use std::num::NonZero;
 
 use either::{Left, Right};
@@ -288,6 +289,7 @@ struct ValidityVisitor<'rt, 'tcx, M: Machine<'tcx>> {
     /// If this is `Some`, then `reset_provenance_and_padding` must be true (but not vice versa:
     /// we might not track data vs padding bytes if the operand isn't stored in memory anyway).
     data_bytes: Option<RangeSet>,
+    may_dangle: bool,
 }
 
 impl<'rt, 'tcx, M: Machine<'tcx>> ValidityVisitor<'rt, 'tcx, M> {
@@ -503,27 +505,29 @@ impl<'rt, 'tcx, M: Machine<'tcx>> ValidityVisitor<'rt, 'tcx, M> {
             // alignment and size determined by the layout (size will be 0,
             // alignment should take attributes into account).
             .unwrap_or_else(|| (place.layout.size, place.layout.align.abi));
-        // Direct call to `check_ptr_access_align` checks alignment even on CTFE machines.
-        try_validation!(
-            self.ecx.check_ptr_access(
-                place.ptr(),
-                size,
-                CheckInAllocMsg::Dereferenceable, // will anyway be replaced by validity message
-            ),
-            self.path,
-            Ub(DanglingIntPointer { addr: 0, .. }) => NullPtr { ptr_kind, maybe: false },
-            Ub(DanglingIntPointer { addr: i, .. }) => DanglingPtrNoProvenance {
-                ptr_kind,
-                // FIXME this says "null pointer" when null but we need translate
-                pointer: format!("{}", Pointer::<Option<AllocId>>::without_provenance(i))
-            },
-            Ub(PointerOutOfBounds { .. }) => DanglingPtrOutOfBounds {
-                ptr_kind
-            },
-            Ub(PointerUseAfterFree(..)) => DanglingPtrUseAfterFree {
-                ptr_kind,
-            },
-        );
+        if !self.may_dangle {
+            // Direct call to `check_ptr_access_align` checks alignment even on CTFE machines.
+            try_validation!(
+                self.ecx.check_ptr_access(
+                    place.ptr(),
+                    size,
+                    CheckInAllocMsg::Dereferenceable, // will anyway be replaced by validity message
+                ),
+                self.path,
+                Ub(DanglingIntPointer { addr: 0, .. }) => NullPtr { ptr_kind, maybe: false },
+                Ub(DanglingIntPointer { addr: i, .. }) => DanglingPtrNoProvenance {
+                    ptr_kind,
+                    // FIXME this says "null pointer" when null but we need translate
+                    pointer: format!("{}", Pointer::<Option<AllocId>>::without_provenance(i))
+                },
+                Ub(PointerOutOfBounds { .. }) => DanglingPtrOutOfBounds {
+                    ptr_kind
+                },
+                Ub(PointerUseAfterFree(..)) => DanglingPtrUseAfterFree {
+                    ptr_kind,
+                },
+            );
+        }
         try_validation!(
             self.ecx.check_ptr_align(
                 place.ptr(),
@@ -536,6 +540,7 @@ impl<'rt, 'tcx, M: Machine<'tcx>> ValidityVisitor<'rt, 'tcx, M> {
                 found_bytes: has.bytes()
             },
         );
+
         // Make sure this is non-null. We checked dereferenceability above, but if `size` is zero
         // that does not imply non-null.
         let scalar = Scalar::from_maybe_pointer(place.ptr(), self.ecx);
@@ -1265,6 +1270,14 @@ impl<'rt, 'tcx, M: Machine<'tcx>> ValueVisitor<'tcx, M> for ValidityVisitor<'rt,
                     ty::PatternKind::Or(_patterns) => {}
                 }
             }
+            ty::Adt(adt, _) if adt.is_maybe_dangling() => {
+                let could_dangle = mem::replace(&mut self.may_dangle, true);
+
+                let inner = self.ecx.project_field(val, FieldIdx::ZERO)?;
+                self.visit_value(&inner)?;
+
+                self.may_dangle = could_dangle;
+            }
             _ => {
                 // default handler
                 try_validation!(
@@ -1350,6 +1363,7 @@ impl<'tcx, M: Machine<'tcx>> InterpCx<'tcx, M> {
                 ecx,
                 reset_provenance_and_padding,
                 data_bytes: reset_padding.then_some(RangeSet(Vec::new())),
+                may_dangle: false,
             };
             v.visit_value(val)?;
             v.reset_padding(val)?;

src/tools/miri/src/borrow_tracker/stacked_borrows/mod.rs

@@ -917,6 +917,7 @@ pub trait EvalContextExt<'tcx>: crate::MiriInterpCxExt<'tcx> {
                     RetagInfo { cause: self.retag_cause, in_field: self.in_field },
                 )?;
                 self.ecx.write_immediate(*val, place)?;
+
                 interp_ok(())
             }
         }
@@ -964,6 +965,9 @@ pub trait EvalContextExt<'tcx>: crate::MiriInterpCxExt<'tcx> {
                         // even if field retagging is not enabled. *shrug*)
                         self.walk_value(place)?;
                     }
+                    ty::Adt(adt, _) if adt.is_maybe_dangling() => {
+                        // Skip traversing for everything inside of `MaybeDangling`
+                    }
                     _ => {
                         // Not a reference/pointer/box. Recurse.
                         let in_field = mem::replace(&mut self.in_field, true); // remember and restore old value

src/tools/miri/src/borrow_tracker/tree_borrows/mod.rs

@@ -523,6 +523,9 @@ pub trait EvalContextExt<'tcx>: crate::MiriInterpCxExt<'tcx> {
                         // even if field retagging is not enabled. *shrug*)
                         self.walk_value(place)?;
                     }
+                    ty::Adt(adt, _) if adt.is_maybe_dangling() => {
+                        // Skip traversing for everything inside of `MaybeDangling`
+                    }
                     _ => {
                         // Not a reference/pointer/box. Recurse.
                         self.walk_value(place)?;

src/tools/miri/tests/fail/both_borrows/maybe_dangling_null.rs

@@ -0,0 +1,8 @@
+#![feature(maybe_dangling)]
+use std::mem::{transmute, MaybeDangling};
+use std::ptr::null;
+
+fn main() {
+    unsafe { transmute::<MaybeDangling<*const u8>, MaybeDangling<&u8>>(MaybeDangling::new(null())) };
+    //~^ ERROR: Undefined Behavior: constructing invalid value: encountered a null reference
+}

src/tools/miri/tests/fail/both_borrows/maybe_dangling_null.stderr

@@ -0,0 +1,13 @@
+error: Undefined Behavior: constructing invalid value: encountered a null reference
+  --> tests/fail/both_borrows/maybe_dangling_null.rs:LL:CC
+   |
+LL |     unsafe { transmute::<MaybeDangling<*const u8>, MaybeDangling<&u8>>(MaybeDangling::new(null())) };
+   |              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Undefined Behavior occurred here
+   |
+   = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
+   = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
+
+note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
+
+error: aborting due to 1 previous error
+

src/tools/miri/tests/fail/both_borrows/maybe_dangling_unalighed.rs

@@ -0,0 +1,8 @@
+#![feature(maybe_dangling)]
+use std::mem::{transmute, MaybeDangling};
+
+fn main() {
+    let a = [1u16, 0u16];
+    unsafe { transmute::<MaybeDangling<*const u16>, MaybeDangling<&u16>>(MaybeDangling::new(a.as_ptr().byte_add(1))) };
+    //~^ ERROR: Undefined Behavior: constructing invalid value: encountered an unaligned reference
+}

src/tools/miri/tests/fail/both_borrows/maybe_dangling_unalighed.stderr

@@ -0,0 +1,13 @@
+error: Undefined Behavior: constructing invalid value: encountered an unaligned reference (required ALIGN byte alignment but found ALIGN)
+  --> tests/fail/both_borrows/maybe_dangling_unalighed.rs:LL:CC
+   |
+LL |     unsafe { transmute::<MaybeDangling<*const u16>, MaybeDangling<&u16>>(MaybeDangling::new(a.as_ptr().byte_add(1))) };
+   |              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Undefined Behavior occurred here
+   |
+   = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
+   = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
+
+note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
+
+error: aborting due to 1 previous error
+

src/tools/miri/tests/pass/both_borrows/maybe_dangling.rs

@@ -0,0 +1,10 @@
+#![feature(maybe_dangling)]
+use std::mem::{self, MaybeDangling};
+use std::ptr::drop_in_place;
+
+fn main() {
+    let mut x = MaybeDangling::new(Box::new(1));
+    unsafe { drop_in_place(x.as_mut()) };
+    let x = x; // move
+    mem::forget(x);
+}

src/tools/miri/tests/pass/stacked_borrows/stack-printing.stdout

@@ -1,6 +1,6 @@
 0..1: [ SharedReadWrite<TAG> ]
 0..1: [ SharedReadWrite<TAG> ]
 0..1: [ SharedReadWrite<TAG> ]
-0..1: [ SharedReadWrite<TAG> Unique<TAG> Unique<TAG> Unique<TAG> Unique<TAG> Unique<TAG> Unique<TAG> Unique<TAG> Unique<TAG> Unique<TAG> Unique<TAG> Unique<TAG> ]
-0..1: [ SharedReadWrite<TAG> Disabled<TAG> Disabled<TAG> Disabled<TAG> Disabled<TAG> Disabled<TAG> Disabled<TAG> Disabled<TAG> Disabled<TAG> Disabled<TAG> Disabled<TAG> Disabled<TAG> SharedReadOnly<TAG> ]
+0..1: [ SharedReadWrite<TAG> Unique<TAG> Unique<TAG> Unique<TAG> Unique<TAG> Unique<TAG> Unique<TAG> Unique<TAG> ]
+0..1: [ SharedReadWrite<TAG> Disabled<TAG> Disabled<TAG> Disabled<TAG> Disabled<TAG> Disabled<TAG> Disabled<TAG> Disabled<TAG> SharedReadOnly<TAG> ]
 0..1: [ unknown-bottom(..<TAG>) ]