const-eval: full support for pointer fragments

Author: RalfJung

src/machine.rs

@@ -285,16 +285,16 @@ impl interpret::Provenance for Provenance {
         Ok(())
     }
 
-    fn join(left: Option<Self>, right: Option<Self>) -> Option<Self> {
+    fn join(left: Self, right: Self) -> Option<Self> {
         match (left, right) {
             // If both are the *same* concrete tag, that is the result.
             (
-                Some(Provenance::Concrete { alloc_id: left_alloc, tag: left_tag }),
-                Some(Provenance::Concrete { alloc_id: right_alloc, tag: right_tag }),
-            ) if left_alloc == right_alloc && left_tag == right_tag => left,
+                Provenance::Concrete { alloc_id: left_alloc, tag: left_tag },
+                Provenance::Concrete { alloc_id: right_alloc, tag: right_tag },
+            ) if left_alloc == right_alloc && left_tag == right_tag => Some(left),
             // If one side is a wildcard, the best possible outcome is that it is equal to the other
             // one, and we use that.
-            (Some(Provenance::Wildcard), o) | (o, Some(Provenance::Wildcard)) => o,
+            (Provenance::Wildcard, o) | (o, Provenance::Wildcard) => Some(o),
             // Otherwise, fall back to `None`.
             _ => None,
         }

src/shims/native_lib/mod.rs

@@ -246,7 +246,7 @@ trait EvalContextExtPriv<'tcx>: crate::MiriInterpCxExt<'tcx> {
                         let p_map = alloc.provenance();
                         for idx in overlap {
                             // If a provenance was read by the foreign code, expose it.
-                            if let Some(prov) = p_map.get(Size::from_bytes(idx), this) {
+                            if let Some((prov, _idx)) = p_map.get_byte(Size::from_bytes(idx), this) {
                                 this.expose_provenance(prov)?;
                             }
                         }

tests/fail/provenance/mix-ptrs1.rs

@@ -0,0 +1,21 @@
+use std::{mem, ptr};
+
+const PTR_SIZE: usize = mem::size_of::<&i32>();
+
+fn main() {
+    unsafe {
+        let ptr = &0 as *const i32;
+        let arr = [ptr; 2];
+        // We want to do a scalar read of a pointer at offset PTR_SIZE/2 into this array. But we
+        // cannot use a packed struct or `read_unaligned`, as those use the memcpy code path in
+        // Miri. So instead we shift the entire array by a bit and then the actual read we want to
+        // do is perfectly aligned.
+        let mut target_arr = [ptr::null::<i32>(); 3];
+        let target = target_arr.as_mut_ptr().cast::<u8>();
+        target.add(PTR_SIZE / 2).cast::<[*const i32; 2]>().write_unaligned(arr);
+        // Now target_arr[1] is a mix of the two `ptr` we had stored in `arr`.
+        // They all have the same provenance, but not in the right order, so we reject this.
+        let strange_ptr = target_arr[1];
+        assert_eq!(*strange_ptr.with_addr(ptr.addr()), 0); //~ERROR: no provenance
+    }
+}

tests/fail/provenance/mix-ptrs1.stderr

@@ -0,0 +1,16 @@
+error: Undefined Behavior: pointer not dereferenceable: pointer must be dereferenceable for 4 bytes, but got $HEX[noalloc] which is a dangling pointer (it has no provenance)
+  --> tests/fail/provenance/mix-ptrs1.rs:LL:CC
+   |
+LL |         assert_eq!(*strange_ptr.with_addr(ptr.addr()), 0);
+   |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Undefined Behavior occurred here
+   |
+   = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
+   = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
+   = note: BACKTRACE:
+   = note: inside `main` at RUSTLIB/core/src/macros/mod.rs:LL:CC
+   = note: this error originates in the macro `assert_eq` (in Nightly builds, run with -Z macro-backtrace for more info)
+
+note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
+
+error: aborting due to 1 previous error
+

tests/fail/provenance/mix-ptrs2.rs

@@ -0,0 +1,37 @@
+use std::mem;
+
+const PTR_SIZE: usize = mem::size_of::<&i32>();
+
+/// Overwrite one byte of a pointer, then restore it.
+fn main() {
+    unsafe fn ptr_bytes<'x>(ptr: &'x mut *const i32) -> &'x mut [mem::MaybeUninit<u8>; PTR_SIZE] {
+        mem::transmute(ptr)
+    }
+
+    // Returns a value with the same provenance as `x` but 0 for the integer value.
+    // `x` must be initialized.
+    unsafe fn zero_with_provenance(x: mem::MaybeUninit<u8>) -> mem::MaybeUninit<u8> {
+        let ptr = [x; PTR_SIZE];
+        let ptr: *const i32 = mem::transmute(ptr);
+        let mut ptr = ptr.with_addr(0);
+        ptr_bytes(&mut ptr)[0]
+    }
+
+    unsafe {
+        let ptr = &42;
+        let mut ptr = ptr as *const i32;
+        // Get a bytewise view of the pointer.
+        let ptr_bytes = ptr_bytes(&mut ptr);
+
+        // The highest bytes must be 0 for this to work.
+        let hi = if cfg!(target_endian = "little") { ptr_bytes.len() - 1 } else { 0 };
+        assert_eq!(*ptr_bytes[hi].as_ptr().cast::<u8>(), 0);
+        // Overwrite provenance on the last byte.
+        ptr_bytes[hi] = mem::MaybeUninit::new(0);
+        // Restore it from the another byte.
+        ptr_bytes[hi] = zero_with_provenance(ptr_bytes[1]);
+
+        // Now ptr is almost good, except the provenance fragment indices do not work out...
+        assert_eq!(*ptr, 42); //~ERROR: no provenance
+    }
+}

tests/fail/provenance/mix-ptrs2.stderr

@@ -0,0 +1,16 @@
+error: Undefined Behavior: pointer not dereferenceable: pointer must be dereferenceable for 4 bytes, but got $HEX[noalloc] which is a dangling pointer (it has no provenance)
+  --> tests/fail/provenance/mix-ptrs2.rs:LL:CC
+   |
+LL |         assert_eq!(*ptr, 42);
+   |         ^^^^^^^^^^^^^^^^^^^^ Undefined Behavior occurred here
+   |
+   = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
+   = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
+   = note: BACKTRACE:
+   = note: inside `main` at RUSTLIB/core/src/macros/mod.rs:LL:CC
+   = note: this error originates in the macro `assert_eq` (in Nightly builds, run with -Z macro-backtrace for more info)
+
+note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
+
+error: aborting due to 1 previous error
+

tests/fail/uninit/uninit_alloc_diagnostic_with_provenance.rs

@@ -9,22 +9,21 @@ use std::alloc::{Layout, alloc, dealloc};
 use std::mem::{self, MaybeUninit};
 use std::slice::from_raw_parts;
 
-fn byte_with_provenance<T>(val: u8, prov: *const T) -> MaybeUninit<u8> {
-    let ptr = prov.with_addr(val as usize);
+fn byte_with_provenance<T>(val: u8, prov: *const T, frag_idx: usize) -> MaybeUninit<u8> {
+    let ptr = prov.with_addr(usize::from_ne_bytes([val; _]));
     let bytes: [MaybeUninit<u8>; mem::size_of::<*const ()>()] = unsafe { mem::transmute(ptr) };
-    let lsb = if cfg!(target_endian = "little") { 0 } else { bytes.len() - 1 };
-    bytes[lsb]
+    bytes[frag_idx]
 }
 
 fn main() {
     let layout = Layout::from_size_align(16, 8).unwrap();
     unsafe {
         let ptr = alloc(layout);
         let ptr_raw = ptr.cast::<MaybeUninit<u8>>();
-        *ptr_raw.add(0) = byte_with_provenance(0x42, &42u8);
+        *ptr_raw.add(0) = byte_with_provenance(0x42, &42u8, 0);
         *ptr.add(1) = 0x12;
         *ptr.add(2) = 0x13;
-        *ptr_raw.add(3) = byte_with_provenance(0x43, &0u8);
+        *ptr_raw.add(3) = byte_with_provenance(0x43, &0u8, 1);
         let slice1 = from_raw_parts(ptr, 8);
         let slice2 = from_raw_parts(ptr.add(8), 8);
         drop(slice1.cmp(slice2));

tests/fail/uninit/uninit_alloc_diagnostic_with_provenance.stderr

@@ -17,7 +17,7 @@ LL |         drop(slice1.cmp(slice2));
 
 Uninitialized memory occurred at ALLOC[0x4..0x8], in this allocation:
 ALLOC (Rust heap, size: 16, align: 8) {
-    ╾42[ALLOC]<TAG> (1 ptr byte)╼ 12 13 ╾43[ALLOC]<TAG> (1 ptr byte)╼ __ __ __ __ __ __ __ __ __ __ __ __ │ ━..━░░░░░░░░░░░░
+    ╾42[ALLOC]<TAG> (ptr fragment 0)╼ 12 13 ╾43[ALLOC]<TAG> (ptr fragment 1)╼ __ __ __ __ __ __ __ __ __ __ __ __ │ ━..━░░░░░░░░░░░░
 }
 ALLOC (global (static or const), size: 1, align: 1) {
     2a                                              │ *

tests/native-lib/fail/tracing/partial_init.stderr

@@ -35,7 +35,7 @@ LL |     partial_init();
 
 Uninitialized memory occurred at ALLOC[0x2..0x3], in this allocation:
 ALLOC (stack variable, size: 3, align: 1) {
-    ╾00[wildcard] (1 ptr byte)╼ ╾00[wildcard] (1 ptr byte)╼ __                                        │ ━━░
+    ╾00[wildcard] (ptr fragment 0)╼ ╾00[wildcard] (ptr fragment 0)╼ __                                        │ ━━░
 }
 
 note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace

tests/pass/provenance.rs

@@ -6,7 +6,6 @@ const PTR_SIZE: usize = mem::size_of::<&i32>();
 
 fn main() {
     basic();
-    partial_overwrite_then_restore();
     bytewise_ptr_methods();
     bytewise_custom_memcpy();
     bytewise_custom_memcpy_chunked();
@@ -29,40 +28,6 @@ fn basic() {
     assert_eq!(unsafe { *ptr_back }, 42);
 }
 
-/// Overwrite one byte of a pointer, then restore it.
-fn partial_overwrite_then_restore() {
-    unsafe fn ptr_bytes<'x>(ptr: &'x mut *const i32) -> &'x mut [mem::MaybeUninit<u8>; PTR_SIZE] {
-        mem::transmute(ptr)
-    }
-
-    // Returns a value with the same provenance as `x` but 0 for the integer value.
-    // `x` must be initialized.
-    unsafe fn zero_with_provenance(x: mem::MaybeUninit<u8>) -> mem::MaybeUninit<u8> {
-        let ptr = [x; PTR_SIZE];
-        let ptr: *const i32 = mem::transmute(ptr);
-        let mut ptr = ptr.with_addr(0);
-        ptr_bytes(&mut ptr)[0]
-    }
-
-    unsafe {
-        let ptr = &42;
-        let mut ptr = ptr as *const i32;
-        // Get a bytewise view of the pointer.
-        let ptr_bytes = ptr_bytes(&mut ptr);
-
-        // The highest bytes must be 0 for this to work.
-        let hi = if cfg!(target_endian = "little") { ptr_bytes.len() - 1 } else { 0 };
-        assert_eq!(*ptr_bytes[hi].as_ptr().cast::<u8>(), 0);
-        // Overwrite provenance on the last byte.
-        ptr_bytes[hi] = mem::MaybeUninit::new(0);
-        // Restore it from the another byte.
-        ptr_bytes[hi] = zero_with_provenance(ptr_bytes[1]);
-
-        // Now ptr should be good again.
-        assert_eq!(*ptr, 42);
-    }
-}
-
 fn bytewise_ptr_methods() {
     let mut ptr1 = &1;
     let mut ptr2 = &2;