Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MendSlice *might* be UB. #25

Closed
eddyb opened this issue Sep 17, 2018 · 9 comments · Fixed by #28
Closed

MendSlice *might* be UB. #25

eddyb opened this issue Sep 17, 2018 · 9 comments · Fixed by #28
Labels
breaking-change bug

Comments

@eddyb
Copy link

eddyb commented Sep 17, 2018

IIUC, it's fine within a memory allocation (what C calls "an object"), but across them, you're usually not allowed to do a lot. cc @RalfJung @solson
@bluss
Copy link
Owner

bluss commented Sep 17, 2018

Good point, makes sense

@eddyb
Copy link
Author

eddyb commented Sep 17, 2018

Note that I'm not sure, hoping @RalfJung can answer, or bring up in "unsafe code guidelines" discussions.

@bluss
Copy link
Owner

bluss commented Sep 17, 2018

Context link to the docs https://docs.rs/odds/0.3.1/odds/slice/struct.MendSlices.html

@RalfJung
Copy link

RalfJung commented Sep 22, 2018
edited
Loading

What exactly is mend_slices doing? The docs link to https://docs.rs/odds/0.3.1/odds/trait.Itertools.html#method.mend_slices but that doesn't exist.

EDIT: Found https://docs.rs/odds/0.3.1/odds/slice/trait.SliceIterExt.html#method.mend_slices but I still didn't find the actual code that @eddyb asks whether it is UB.

@RalfJung
Copy link

Oh I think I found it at https://docs.rs/odds/0.3.1/src/odds/slice/mod.rs.html#309

Yeah I think this doesn't work. So you are comparing the end address of one slice with the beginning of another. That's an extremely gray area of memory models -- an area where C and C++ differ and we have no idea what the heck LLVM implements. But LLVM is pretty clear that you can do getelementptr only within an allocation, so if it happens to be the case that two allocations exist right next to each other, and you "mend" them together, I am pretty sure you are on UB territory here.

The funny thing is that this will actually work reliably on miri because that assumes allocations never sit right next to each other. ;)

@bluss bluss added the bug label Nov 19, 2018
@bluss
Copy link
Owner

bluss commented Nov 19, 2018

It's very old code, don't think it is used. It can be removed if this library is updated, because I think mend_slices was more of a cool trick and not a utility.

Is the whole stack an allocation? I assume we are not allowed to "mend" together slices of two adjacent arrays on the stack.

@RalfJung
Copy link

Is the whole stack an allocation?

No. Every local variable is its own allocation.

@HeroicKatora HeroicKatora mentioned this issue Jul 19, 2019
Open
@HeroicKatora
Copy link

HeroicKatora commented Jul 19, 2019
edited
Loading

The code here unfortunately does not only exhibit UB for the cases of mending separate allocations. It also does not ensure that the new slice with length a.len() + b.len() does not lead to a slice which has more than isize::MAX bytes.

@RalfJung
Copy link

Also see oberien/str-concat#8

@bluss bluss mentioned this issue Sep 27, 2019
Merged
@bluss bluss closed this as completed in #28 Sep 27, 2019
@RalfJung RalfJung mentioned this issue Nov 5, 2019
Closed
@jplatte jplatte mentioned this issue Dec 18, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
breaking-change bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove .mend_slices() bluss/odds
4 participants
@eddyb @RalfJung @bluss @HeroicKatora