Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Miri incorrectly rejects pointer-as-bytes access with cttz #916

Closed
myrrlyn opened this issue Aug 22, 2019 · 3 comments · Fixed by rust-lang/rust#63839
Closed

Miri incorrectly rejects pointer-as-bytes access with cttz #916

myrrlyn opened this issue Aug 22, 2019 · 3 comments · Fixed by rust-lang/rust#63839
Labels
A-shims Area: This affects the external function shims C-bug Category: This is a bug.

Comments

@myrrlyn
Copy link

myrrlyn commented Aug 22, 2019

Expected behavior: Miri allows me to interpret a pointer as a usize, so that I may call cttz on it to see how aligned it is.

Actual behavior: it does not.

Output of rustup show:

active toolchain
----------------
nightly-x86_64-apple-darwin (directory override for '/Users/myrrlyn/Projects/Rust/miri_tests')
rustc 1.39.0-nightly (e44fdf979 2019-08-21)

Rust minimal test case:

pub union Pointer<T> {
    u: usize,
    r: *const T,
}

#[test]
fn cttz() { unsafe {
    let elt = 0u64;
    assert!(Pointer { r: &elt }.u.trailing_zeros() >= 3);
} }

Miri output:

   Compiling miri_tests v0.1.0 (/Users/myrrlyn/Projects/Rust/miri_tests)

running 1 test
error[E0080]: Miri evaluation error: a raw memory access tried to access part of a pointer value as raw bytes
    --> /Users/myrrlyn/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/src/libcore/num/mod.rs:2437:17
     |
2437 |                 intrinsics::cttz(self) as u32
     |                 ^^^^^^^^^^^^^^^^^^^^^^ Miri evaluation error: a raw memory access tried to access part of a pointer value as raw bytes
     |
note: inside call to `core::num::<impl usize>::trailing_zeros` at src/lib.rs:9:13
    --> src/lib.rs:9:13
     |
9    |     assert!(Pointer { r: &elt }.u.trailing_zeros() >= 3);
     |             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
note: inside call to `cttz` at src/lib.rs:7:1
    --> src/lib.rs:7:1
     |
7    | / fn cttz() { unsafe {
8    | |     let elt = 0u64;
9    | |     assert!(Pointer { r: &elt }.u.trailing_zeros() >= 3);
10   | | } }
     | |___^
     = note: inside call to closure at /Users/myrrlyn/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/src/libcore/ops/function.rs:235:5
     = note: inside call to `<[closure@src/lib.rs:7:1: 10:4] as std::ops::FnOnce<()>>::call_once - shim` at /Users/myrrlyn/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/src/libcore/ops/function.rs:235:5
     = note: inside call to `<fn() as std::ops::FnOnce<()>>::call_once - shim(fn())` at /Users/myrrlyn/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/src/libtest/lib.rs:1462:5
     = note: inside call to `test::__rust_begin_short_backtrace::<fn()>` at /Users/myrrlyn/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/src/libtest/lib.rs:1453:30
     = note: inside call to closure at /Users/myrrlyn/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/src/libcore/ops/function.rs:235:5
     = note: inside call to `<[closure@DefId(12:366 ~ test[51aa]::run_test[0]::{{closure}}[3]) 0:fn()] as std::ops::FnOnce<()>>::call_once - shim(vtable)` at /Users/myrrlyn/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/src/liballoc/boxed.rs:922:9
     = note: inside call to `<std::boxed::Box<dyn std::ops::FnOnce() + std::marker::Send> as std::ops::FnOnce<()>>::call_once` at /Users/myrrlyn/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/src/libstd/panic.rs:315:9
     = note: inside call to `<std::panic::AssertUnwindSafe<std::boxed::Box<dyn std::ops::FnOnce() + std::marker::Send>> as std::ops::FnOnce<()>>::call_once` at /Users/myrrlyn/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/src/libstd/panicking.rs:296:40
     = note: inside call to `std::panicking::try::do_call::<std::panic::AssertUnwindSafe<std::boxed::Box<dyn std::ops::FnOnce() + std::marker::Send>>, ()>` at /Users/myrrlyn/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/src/libstd/panicking.rs:292:5
     = note: inside call to `std::panicking::try::<(), std::panic::AssertUnwindSafe<std::boxed::Box<dyn std::ops::FnOnce() + std::marker::Send>>>` at /Users/myrrlyn/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/src/libstd/panic.rs:394:9
     = note: inside call to `std::panic::catch_unwind::<std::panic::AssertUnwindSafe<std::boxed::Box<dyn std::ops::FnOnce() + std::marker::Send>>, ()>` at /Users/myrrlyn/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/src/libtest/lib.rs:1408:26
     = note: inside call to closure at /Users/myrrlyn/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/src/libtest/lib.rs:1430:13
     = note: inside call to `test::run_test::run_test_inner` at /Users/myrrlyn/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/src/libtest/lib.rs:1449:28
     = note: inside call to `test::run_test` at /Users/myrrlyn/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/src/libtest/lib.rs:1102:13
     = note: inside call to `test::run_tests::<[closure@DefId(12:315 ~ test[51aa]::run_tests_console[0]::{{closure}}[2]) 0:&mut test::ConsoleTestState, 1:&mut std::boxed::Box<dyn test::formatters::OutputFormatter>]>` at /Users/myrrlyn/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/src/libtest/lib.rs:951:5
     = note: inside call to `test::run_tests_console` at /Users/myrrlyn/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/src/libtest/lib.rs:294:15
     = note: inside call to `test::test_main` at /Users/myrrlyn/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/src/libtest/lib.rs:328:5
     = note: inside call to `test::test_main_static`
     = note: inside call to `main` at /Users/myrrlyn/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/src/libstd/rt.rs:64:34
     = note: inside call to closure at /Users/myrrlyn/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/src/libstd/rt.rs:52:53
     = note: inside call to closure at /Users/myrrlyn/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/src/libstd/panicking.rs:296:40
     = note: inside call to `std::panicking::try::do_call::<[closure@DefId(1:5982 ~ std[87a5]::rt[0]::lang_start_internal[0]::{{closure}}[0]) 0:&dyn std::ops::Fn() -> i32 + std::marker::Sync + std::panic::RefUnwindSafe], i32>` at /Users/myrrlyn/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/src/libstd/panicking.rs:292:5
     = note: inside call to `std::panicking::try::<i32, [closure@DefId(1:5982 ~ std[87a5]::rt[0]::lang_start_internal[0]::{{closure}}[0]) 0:&dyn std::ops::Fn() -> i32 + std::marker::Sync + std::panic::RefUnwindSafe]>` at /Users/myrrlyn/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/src/libstd/panic.rs:394:9
     = note: inside call to `std::panic::catch_unwind::<[closure@DefId(1:5982 ~ std[87a5]::rt[0]::lang_start_internal[0]::{{closure}}[0]) 0:&dyn std::ops::Fn() -> i32 + std::marker::Sync + std::panic::RefUnwindSafe], i32>` at /Users/myrrlyn/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/src/libstd/rt.rs:52:25
     = note: inside call to `std::rt::lang_start_internal` at /Users/myrrlyn/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/src/libstd/rt.rs:64:5
     = note: inside call to `std::rt::lang_start::<()>`

error: aborting due to previous error

For more information about this error, try `rustc --explain E0080`.
test cttz ... 
error: Could not compile `miri_tests`.

To learn more, run the command again with --verbose.
@RalfJung
Copy link
Member

Whether such code is legal in LLVM is still up for debate (transmuting, instead of casting, between pointers and integers is a subtle topic). But until that is resolved, Miri should probably accept such code, I agree. It already does in other circumstances.

This is a missing force_bits somewhere.

@RalfJung RalfJung added A-shims Area: This affects the external function shims C-bug Category: This is a bug. labels Aug 23, 2019
@oli-obk
Copy link
Contributor

oli-obk commented Aug 23, 2019

I have a rustc ranch that fixes it, indeed just a force_bits

@myrrlyn myrrlyn mentioned this issue Aug 24, 2019
Closed
@oli-obk oli-obk mentioned this issue Aug 24, 2019
Merged
Centril added a commit to Centril/rust that referenced this issue Aug 24, 2019
@Centril
Rollup merge of rust-lang#63839 - oli-obk:intptrcast, r=RalfJung
19ad409 
Ensure miri can do bit ops on pointer values

r? @RalfJung

Fixes rust-lang/miri#916
Centril added a commit to Centril/rust that referenced this issue Aug 24, 2019
@Centril
Rollup merge of rust-lang#63839 - oli-obk:intptrcast, r=RalfJung
88bcbc6 
Ensure miri can do bit ops on pointer values

r? @RalfJung

Fixes rust-lang/miri#916
@RalfJung
Copy link
Member

For the fix to be shipped via rustup, we need to solve rust-lang/rust#63843 first.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-shims Area: This affects the external function shims C-bug Category: This is a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Ensure miri can do bit ops on pointer values oli-obk/rust
3 participants
@RalfJung @oli-obk @myrrlyn