pipe shim ICEs when testing ciborium

[saethlin]

From https://github.com/enarx/ciborium/blob/b88768015e5664e41634c094966ac989057bffca/ciborium/tests/fuzz.rs#L22-L29

extern "C" {
    fn pipe(pipefd: &mut [i32; 2]) -> i32;
}

fn main() {
    let mut fds: [i32; 2] = [0; 2]; 
    assert_eq!(unsafe { pipe(&mut fds) }, 0); 
}

ICEs with

error: internal compiler error: /rustc/eff09483c67e6fc96c8098ba46dce476162754c5/compiler/rustc_const_eval/src/interpret/place.rs:693:21: write_immediate_to_mplace: invalid Scalar layout: TyAndLayout {
                                    ty: [i32; 2],
                                    layout: Layout {
                                        size: Size(8 bytes),
                                        align: AbiAndPrefAlign {
                                            abi: Align(4 bytes),
                                            pref: Align(4 bytes),
                                        },
                                        abi: Aggregate {
                                            sized: true,
                                        },
                                        fields: Array {
                                            stride: Size(4 bytes),
                                            count: 2,
                                        },
                                        largest_niche: None,
                                        variants: Single {
                                            index: 0,
                                        },
                                        max_repr_align: None,
                                        unadjusted_abi_align: Align(4 bytes),
                                    },
                                }
 --> src/main.rs:7:25
  |
7 |     assert_eq!(unsafe { pipe(&mut fds) }, 0); 
  |                         ^^^^^^^^^^^^^^

thread 'rustc' panicked at /rustc/eff09483c67e6fc96c8098ba46dce476162754c5/compiler/rustc_const_eval/src/interpret/place.rs:693:21:
Box<dyn Any>
stack backtrace:
   0:     0x7e67511e699d - <std::sys::backtrace::BacktraceLock::print::DisplayBacktrace as core::fmt::Display>::fmt::hc52021f622191de4
   1:     0x7e6751a04cd7 - core::fmt::write::hcdd22493dd2fff52
   2:     0x7e6752cbe811 - std::io::Write::write_fmt::hb1a8197d2998f705
   3:     0x7e67511e907b - std::panicking::default_hook::{{closure}}::h0013c51af6c71699
   4:     0x7e67511e8cee - std::panicking::default_hook::h0e82bf9b48ac3ade
   5:     0x7e6750361689 - std[a74ff42ed24b2296]::panicking::update_hook::<alloc[9347f615a225ec4e]::boxed::Box<rustc_driver_impl[8c87a20454b4ff0d]::install_ice_hook::{closure#0}>>::{closure#0}
   6:     0x7e67511e9997 - std::panicking::rust_panic_with_hook::h0e80238b22d50311
   7:     0x7e675039b781 - std[a74ff42ed24b2296]::panicking::begin_panic::<rustc_errors[52b293a074cde15e]::ExplicitBug>::{closure#0}
   8:     0x7e675038e7c6 - std[a74ff42ed24b2296]::sys::backtrace::__rust_end_short_backtrace::<std[a74ff42ed24b2296]::panicking::begin_panic<rustc_errors[52b293a074cde15e]::ExplicitBug>::{closure#0}, !>
   9:     0x7e675038e776 - std[a74ff42ed24b2296]::panicking::begin_panic::<rustc_errors[52b293a074cde15e]::ExplicitBug>
  10:     0x7e67503a4801 - <rustc_errors[52b293a074cde15e]::diagnostic::BugAbort as rustc_errors[52b293a074cde15e]::diagnostic::EmissionGuarantee>::emit_producing_guarantee
  11:     0x5c4b5a13198d - <rustc_errors[52b293a074cde15e]::DiagCtxtHandle>::span_bug::<rustc_span[38bea5b6c652289b]::span_encoding::Span, alloc[9347f615a225ec4e]::string::String>
  12:     0x5c4b5a16a7a6 - rustc_middle[1a3d06b7e54ec02a]::util::bug::opt_span_bug_fmt::<rustc_span[38bea5b6c652289b]::span_encoding::Span>::{closure#0}
  13:     0x5c4b5a16b0fa - rustc_middle[1a3d06b7e54ec02a]::ty::context::tls::with_opt::<rustc_middle[1a3d06b7e54ec02a]::util::bug::opt_span_bug_fmt<rustc_span[38bea5b6c652289b]::span_encoding::Span>::{closure#0}, !>::{closure#0}
  14:     0x5c4b5a156bab - rustc_middle[1a3d06b7e54ec02a]::ty::context::tls::with_context_opt::<rustc_middle[1a3d06b7e54ec02a]::ty::context::tls::with_opt<rustc_middle[1a3d06b7e54ec02a]::util::bug::opt_span_bug_fmt<rustc_span[38bea5b6c652289b]::span_encoding::Span>::{closure#0}, !>::{closure#0}, !>
  15:     0x5c4b5a15522a - rustc_middle[1a3d06b7e54ec02a]::util::bug::span_bug_fmt::<rustc_span[38bea5b6c652289b]::span_encoding::Span>
  16:     0x5c4b5a1b422f - <rustc_const_eval[32b65078a189004d]::interpret::eval_context::InterpCx<miri[3e6e5f8d607e5306]::machine::MiriMachine>>::write_immediate_to_mplace_no_validate
  17:     0x5c4b5a2a0849 - <rustc_const_eval[32b65078a189004d]::interpret::eval_context::InterpCx<miri[3e6e5f8d607e5306]::machine::MiriMachine> as miri[3e6e5f8d607e5306]::shims::unix::unnamed_socket::EvalContextExt>::pipe2
  18:     0x5c4b5a270264 - <rustc_const_eval[32b65078a189004d]::interpret::eval_context::InterpCx<miri[3e6e5f8d607e5306]::machine::MiriMachine> as miri[3e6e5f8d607e5306]::shims::unix::foreign_items::EvalContextExt>::emulate_foreign_item_inner
  19:     0x5c4b5a30d51d - <rustc_const_eval[32b65078a189004d]::interpret::eval_context::InterpCx<miri[3e6e5f8d607e5306]::machine::MiriMachine> as miri[3e6e5f8d607e5306]::shims::foreign_items::EvalContextExtPriv>::emulate_foreign_item_inner
  20:     0x5c4b5a30947e - <rustc_const_eval[32b65078a189004d]::interpret::eval_context::InterpCx<miri[3e6e5f8d607e5306]::machine::MiriMachine> as miri[3e6e5f8d607e5306]::shims::foreign_items::EvalContextExt>::emulate_foreign_item
  21:     0x5c4b5a1abd35 - <rustc_const_eval[32b65078a189004d]::interpret::eval_context::InterpCx<miri[3e6e5f8d607e5306]::machine::MiriMachine>>::init_fn_call
  22:     0x5c4b5a21ff92 - miri[3e6e5f8d607e5306]::eval::eval_entry
  23:     0x5c4b5a0c9000 - <miri[4197b2d647790cd1]::MiriCompilerCalls as rustc_driver_impl[8c87a20454b4ff0d]::Callbacks>::after_analysis
  24:     0x7e67527e4cab - rustc_interface[7c1a0e79cf958a4b]::interface::run_compiler::<core[37dd08887ff85f22]::result::Result<(), rustc_span[38bea5b6c652289b]::ErrorGuaranteed>, rustc_driver_impl[8c87a20454b4ff0d]::run_compiler::{closure#0}>::{closure#1}
  25:     0x7e67528bee44 - std[a74ff42ed24b2296]::sys::backtrace::__rust_begin_short_backtrace::<rustc_interface[7c1a0e79cf958a4b]::util::run_in_thread_with_globals<rustc_interface[7c1a0e79cf958a4b]::util::run_in_thread_pool_with_globals<rustc_interface[7c1a0e79cf958a4b]::interface::run_compiler<core[37dd08887ff85f22]::result::Result<(), rustc_span[38bea5b6c652289b]::ErrorGuaranteed>, rustc_driver_impl[8c87a20454b4ff0d]::run_compiler::{closure#0}>::{closure#1}, core[37dd08887ff85f22]::result::Result<(), rustc_span[38bea5b6c652289b]::ErrorGuaranteed>>::{closure#0}, core[37dd08887ff85f22]::result::Result<(), rustc_span[38bea5b6c652289b]::ErrorGuaranteed>>::{closure#0}::{closure#0}, core[37dd08887ff85f22]::result::Result<(), rustc_span[38bea5b6c652289b]::ErrorGuaranteed>>
  26:     0x7e67528bf4b0 - <<std[a74ff42ed24b2296]::thread::Builder>::spawn_unchecked_<rustc_interface[7c1a0e79cf958a4b]::util::run_in_thread_with_globals<rustc_interface[7c1a0e79cf958a4b]::util::run_in_thread_pool_with_globals<rustc_interface[7c1a0e79cf958a4b]::interface::run_compiler<core[37dd08887ff85f22]::result::Result<(), rustc_span[38bea5b6c652289b]::ErrorGuaranteed>, rustc_driver_impl[8c87a20454b4ff0d]::run_compiler::{closure#0}>::{closure#1}, core[37dd08887ff85f22]::result::Result<(), rustc_span[38bea5b6c652289b]::ErrorGuaranteed>>::{closure#0}, core[37dd08887ff85f22]::result::Result<(), rustc_span[38bea5b6c652289b]::ErrorGuaranteed>>::{closure#0}::{closure#0}, core[37dd08887ff85f22]::result::Result<(), rustc_span[38bea5b6c652289b]::ErrorGuaranteed>>::{closure#1} as core[37dd08887ff85f22]::ops::function::FnOnce<()>>::call_once::{shim:vtable#0}
  27:     0x7e67528bf82b - std::sys::pal::unix::thread::Thread::new::thread_start::h984f8670a8c2f19f
  28:     0x7e6753fb539d - <unknown>
  29:     0x7e675403a49c - <unknown>
  30:                0x0 - <unknown>

[tiif]

This might be caused by these four lines:

miri/src/shims/unix/unnamed_socket.rs

Lines 379 to 382 in cb55919

	let pipefd0 = Scalar::from_int(pipefd0, pipefd.layout.size);
	let pipefd1 = Scalar::from_int(pipefd1, pipefd.layout.size);
	this.write_scalar(pipefd0, &pipefd)?;
	this.write_scalar(pipefd1, &pipefd.offset(pipefd.layout.size, pipefd.layout, this)?)?;

.

When I only run the first 2 lines:

let pipefd0 = Scalar::from_int(3, pipefd.layout.size);
this.write_scalar(pipefd0, &pipefd)?;

It shows the exact ICE as described.

But when I only run the last 2 lines,

let pipefd1 = Scalar::from_int(4, pipefd.layout.size);
this.write_scalar(pipefd1, &pipefd.offset(pipefd.layout.size, pipefd.layout, this)?)?;

miri will throw UB error:

error: Undefined Behavior: memory access failed: expected a pointer to 8 bytes of memory, but got alloc1145+0x8 which is at or beyond the end of the allocation of size 8 bytes
   --> ./tests/pass-dep/libc/libc-pipe.rs:104:25
    |
104 |     assert_eq!(unsafe { pipe(&mut fds) }, 0);
    |                         ^^^^^^^^^^^^^^ memory access failed: expected a pointer to 8 bytes of memory, but got alloc1145+0x8 which is at or beyond the end of the allocation of size 8 bytes
    |
    = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
    = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information

[RalfJung]

Fix is up at #3840.

We really need to always use deref_pointer_as since we can't trust the type given by the programmer. There's tons of ICEs one can trigger otherwise. And once we use deref_pointer_as everywhere we can again make "scalar size mismatch" just a panic rather than reporting it as UB.

[RalfJung]

#3841 tracks fixing the remaining cases of this.

What I am not sure is how to avoid people re-introducing more deref_pointer_as calls. Ideally we'd lint against that, but I don't see how that would be possible. We could pre-process the OpTy and if they are a pointer, change the pointer type to *mut () or so?