Auto merge of #99420 - RalfJung:vtable, r=oli-obk

bors · bors · commit f8e6494394a3 · 2022-07-22T01:33:49.000Z
make vtable pointers entirely opaque This implements the scheme discussed in rust-lang/unsafe-code-guidelines#338: vtable pointers should be considered entirely opaque and not even readable by Rust code, similar to function pointers. - We have a new kind of `GlobalAlloc` that symbolically refers to a vtable. - Miri uses that kind of allocation when generating a vtable. - The codegen backends, upon encountering such an allocation, call `vtable_allocation` to obtain an actually dataful allocation for this vtable. - We need new intrinsics to obtain the size and align from a vtable (for some `ptr::metadata` APIs), since direct accesses are UB now. I had to touch quite a bit of code that I am not very familiar with, so some of this might not make much sense... r? `@oli-obk`
diff --git a/core/src/intrinsics.rs b/core/src/intrinsics.rs
@@ -2291,6 +2291,16 @@ extern "rust-intrinsic" {
     /// [`std::hint::black_box`]: crate::hint::black_box
     #[rustc_const_unstable(feature = "const_black_box", issue = "none")]
     pub fn black_box<T>(dummy: T) -> T;
+
+    /// `ptr` must point to a vtable.
+    /// The intrinsic will return the size stored in that vtable.
+    #[cfg(not(bootstrap))]
+    pub fn vtable_size(ptr: *const ()) -> usize;
+
+    /// `ptr` must point to a vtable.
+    /// The intrinsic will return the alignment stored in that vtable.
+    #[cfg(not(bootstrap))]
+    pub fn vtable_align(ptr: *const ()) -> usize;
 }
 
 // Some functions are defined here because they accidentally got made
diff --git a/core/src/ptr/metadata.rs b/core/src/ptr/metadata.rs
@@ -180,10 +180,20 @@ pub struct DynMetadata<Dyn: ?Sized> {
     phantom: crate::marker::PhantomData<Dyn>,
 }
 
+#[cfg(not(bootstrap))]
+extern "C" {
+    /// Opaque type for accessing vtables.
+    ///
+    /// Private implementation detail of `DynMetadata::size_of` etc.
+    /// There is conceptually not actually any Abstract Machine memory behind this pointer.
+    type VTable;
+}
+
 /// The common prefix of all vtables. It is followed by function pointers for trait methods.
 ///
 /// Private implementation detail of `DynMetadata::size_of` etc.
 #[repr(C)]
+#[cfg(bootstrap)]
 struct VTable {
     drop_in_place: fn(*mut ()),
     size_of: usize,
@@ -194,13 +204,28 @@ impl<Dyn: ?Sized> DynMetadata<Dyn> {
     /// Returns the size of the type associated with this vtable.
     #[inline]
     pub fn size_of(self) -> usize {
-        self.vtable_ptr.size_of
+        // Note that "size stored in vtable" is *not* the same as "result of size_of_val_raw".
+        // Consider a reference like `&(i32, dyn Send)`: the vtable will only store the size of the
+        // `Send` part!
+        #[cfg(bootstrap)]
+        return self.vtable_ptr.size_of;
+        #[cfg(not(bootstrap))]
+        // SAFETY: DynMetadata always contains a valid vtable pointer
+        return unsafe {
+            crate::intrinsics::vtable_size(self.vtable_ptr as *const VTable as *const ())
+        };
     }
 
     /// Returns the alignment of the type associated with this vtable.
     #[inline]
     pub fn align_of(self) -> usize {
-        self.vtable_ptr.align_of
+        #[cfg(bootstrap)]
+        return self.vtable_ptr.align_of;
+        #[cfg(not(bootstrap))]
+        // SAFETY: DynMetadata always contains a valid vtable pointer
+        return unsafe {
+            crate::intrinsics::vtable_align(self.vtable_ptr as *const VTable as *const ())
+        };
     }
 
     /// Returns the size and alignment together as a `Layout`
