Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CTFE engine refactor #53424

Merged
merged 32 commits into from
Aug 22, 2018
Merged

CTFE engine refactor #53424

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
7d4f5f7
Move some value-and-memory related things out of eval_context
RalfJung Aug 9, 2018
ad2de8b
miri/CTFE refactor
RalfJung Aug 13, 2018
7483ea8
generalize truncate and sign_extend to take a Size
RalfJung Aug 14, 2018
689c711
remove cur_frame from memory (validation is gone, new validation will…
RalfJung Aug 15, 2018
0807ad1
fix union field access and DST computations and dumping of places
RalfJung Aug 15, 2018
e860ab2
Tweak logging
RalfJung Aug 15, 2018
09b15e9
fix dropping with vtables
RalfJung Aug 15, 2018
1e137a7
fix drop typing; use same machinery for validating (sanity checking) …
RalfJung Aug 15, 2018
e314a4e
fix accessing unsized fields
RalfJung Aug 15, 2018
61e7ba1
fix dynamically determining size and alignment
RalfJung Aug 16, 2018
23d86b0
try_read_value_from_ptr -> try_read_value_from_mplace
RalfJung Aug 16, 2018
ad009ae
fix using copy_op to transmute
RalfJung Aug 16, 2018
730098b
avoid allocating for ZST
RalfJung Aug 16, 2018
b1df2ae
fix computing layout when calling virtual fn
RalfJung Aug 16, 2018
aa760a5
finally remove all traces of signs from memory
RalfJung Aug 16, 2018
f2aeb5b
fix operator handling when using 128bit intrinsics
RalfJung Aug 16, 2018
5099933
move validation to its own file
RalfJung Aug 17, 2018
ad8deba
fix formatting nits
RalfJung Aug 17, 2018
6f5cf12
test for detecting bad data inside trait objects / slices
RalfJung Aug 17, 2018
956b51f
optimize validation iterating over the elements of an array
RalfJung Aug 17, 2018
0b8c691
fix UI tests
RalfJung Aug 17, 2018
e3b4f8e
better error message when using NULL in to_ptr
RalfJung Aug 18, 2018
42a1239
avoid some redundant alignment checks
RalfJung Aug 18, 2018
49999e9
optimize sanity check path printing
RalfJung Aug 18, 2018
c3d392f
fix validating fat raw pointers
RalfJung Aug 19, 2018
8ad4047
optimize creating a stack frame
RalfJung Aug 19, 2018
54c81ac
in a Use statement, exploit the fact that type and hence layout are t…
RalfJung Aug 20, 2018
128c634
also avoid recomputing the layout for unary and binary ops, where pos…
RalfJung Aug 20, 2018
f3e7efc
fix layout sanity check
RalfJung Aug 20, 2018
14dc780
fix a comment in validity
RalfJung Aug 20, 2018
899bc14
fix validating fat pointers to user-defined unsized types
RalfJung Aug 22, 2018
4fec615
fix error reporting in validation
RalfJung Aug 22, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
test for detecting bad data inside trait objects / slices
  • Loading branch information
@RalfJung
RalfJung committed Aug 22, 2018
commit 6f5cf1289431ceb32ec652b7c26962e2f3048263
28 changes: 21 additions & 7 deletions src/test/ui/union-ub-fat-ptr.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,11 @@
// normalize-stderr-test "allocation \d+" -> "allocation N"
// normalize-stderr-test "size \d+" -> "size N"

union BoolTransmute {
val: u8,
bl: bool,
}

#[repr(C)]
#[derive(Copy, Clone)]
struct SliceRepr {
Expand Down Expand Up @@ -63,34 +68,43 @@ union DynTransmute {
}

trait Trait {}
impl Trait for bool {}

// OK
const A: &str = unsafe { SliceTransmute { repr: SliceRepr { ptr: &42, len: 1 } }.str};
// bad
// bad str
const B: &str = unsafe { SliceTransmute { repr: SliceRepr { ptr: &42, len: 999 } }.str};
//~^ ERROR this constant likely exhibits undefined behavior
// bad
// bad str
const C: &str = unsafe { SliceTransmute { bad: BadSliceRepr { ptr: &42, len: &3 } }.str};
//~^ ERROR this constant likely exhibits undefined behavior

// OK
const A2: &[u8] = unsafe { SliceTransmute { repr: SliceRepr { ptr: &42, len: 1 } }.slice};
// bad
// bad slice
const B2: &[u8] = unsafe { SliceTransmute { repr: SliceRepr { ptr: &42, len: 999 } }.slice};
//~^ ERROR this constant likely exhibits undefined behavior
// bad
// bad slice
const C2: &[u8] = unsafe { SliceTransmute { bad: BadSliceRepr { ptr: &42, len: &3 } }.slice};
//~^ ERROR this constant likely exhibits undefined behavior
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you also add a test where a trait object has the correct vtable and pointer but the object is wrong? So create the object unsafely with brokenness and then downcast

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added these:

// bad data *inside* the trait object
const G: &Trait = &unsafe { BoolTransmute { val: 3 }.bl };

// bad data *inside* the slice
const H: &[bool] = &[unsafe { BoolTransmute { val: 3 }.bl }];

Does that look like it is testing the right thing?

Copy link
Contributor

@oli-obk oli-obk Aug 17, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You forgot to push, but assuming that bool: Trait it should

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No I just waited for --bless to finish before pushing. ;)


// bad
// bad trait object
const D: &Trait = unsafe { DynTransmute { repr: DynRepr { ptr: &92, vtable: &3 } }.rust};
//~^ ERROR this constant likely exhibits undefined behavior
// bad
// bad trait object
const E: &Trait = unsafe { DynTransmute { repr2: DynRepr2 { ptr: &92, vtable: &3 } }.rust};
//~^ ERROR this constant likely exhibits undefined behavior
// bad
// bad trait object
const F: &Trait = unsafe { DynTransmute { bad: BadDynRepr { ptr: &92, vtable: 3 } }.rust};
//~^ ERROR this constant likely exhibits undefined behavior

// bad data *inside* the trait object
const G: &Trait = &unsafe { BoolTransmute { val: 3 }.bl };
//~^ ERROR this constant likely exhibits undefined behavior

// bad data *inside* the slice
const H: &[bool] = &[unsafe { BoolTransmute { val: 3 }.bl }];
//~^ ERROR this constant likely exhibits undefined behavior

fn main() {
}
32 changes: 24 additions & 8 deletions src/test/ui/union-ub-fat-ptr.stderr
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,59 +1,75 @@
error[E0080]: this constant likely exhibits undefined behavior
--> $DIR/union-ub-fat-ptr.rs:70:1
--> $DIR/union-ub-fat-ptr.rs:76:1
|
LL | const B: &str = unsafe { SliceTransmute { repr: SliceRepr { ptr: &42, len: 999 } }.str};
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ memory access at offset N, outside bounds of allocation N which has size N
|
= note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rust compiler repository if you believe it should not be considered undefined behavior

error[E0080]: this constant likely exhibits undefined behavior
--> $DIR/union-ub-fat-ptr.rs:73:1
--> $DIR/union-ub-fat-ptr.rs:79:1
|
LL | const C: &str = unsafe { SliceTransmute { bad: BadSliceRepr { ptr: &42, len: &3 } }.str};
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type validation failed: encountered length is not a valid integer
|
= note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rust compiler repository if you believe it should not be considered undefined behavior

error[E0080]: this constant likely exhibits undefined behavior
--> $DIR/union-ub-fat-ptr.rs:79:1
--> $DIR/union-ub-fat-ptr.rs:85:1
|
LL | const B2: &[u8] = unsafe { SliceTransmute { repr: SliceRepr { ptr: &42, len: 999 } }.slice};
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ memory access at offset N, outside bounds of allocation N which has size N
|
= note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rust compiler repository if you believe it should not be considered undefined behavior

error[E0080]: this constant likely exhibits undefined behavior
--> $DIR/union-ub-fat-ptr.rs:82:1
--> $DIR/union-ub-fat-ptr.rs:88:1
|
LL | const C2: &[u8] = unsafe { SliceTransmute { bad: BadSliceRepr { ptr: &42, len: &3 } }.slice};
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type validation failed: encountered length is not a valid integer
|
= note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rust compiler repository if you believe it should not be considered undefined behavior

error[E0080]: this constant likely exhibits undefined behavior
--> $DIR/union-ub-fat-ptr.rs:86:1
--> $DIR/union-ub-fat-ptr.rs:92:1
|
LL | const D: &Trait = unsafe { DynTransmute { repr: DynRepr { ptr: &92, vtable: &3 } }.rust};
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ tried to access memory with alignment N, but alignment N is required
|
= note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rust compiler repository if you believe it should not be considered undefined behavior

error[E0080]: this constant likely exhibits undefined behavior
--> $DIR/union-ub-fat-ptr.rs:89:1
--> $DIR/union-ub-fat-ptr.rs:95:1
|
LL | const E: &Trait = unsafe { DynTransmute { repr2: DynRepr2 { ptr: &92, vtable: &3 } }.rust};
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ a memory access tried to interpret some bytes as a pointer
|
= note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rust compiler repository if you believe it should not be considered undefined behavior

error[E0080]: this constant likely exhibits undefined behavior
--> $DIR/union-ub-fat-ptr.rs:92:1
--> $DIR/union-ub-fat-ptr.rs:98:1
|
LL | const F: &Trait = unsafe { DynTransmute { bad: BadDynRepr { ptr: &92, vtable: 3 } }.rust};
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type validation failed: encountered vtable address is not a pointer
|
= note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rust compiler repository if you believe it should not be considered undefined behavior

error: aborting due to 7 previous errors
error[E0080]: this constant likely exhibits undefined behavior
--> $DIR/union-ub-fat-ptr.rs:102:1
|
LL | const G: &Trait = &unsafe { BoolTransmute { val: 3 }.bl };
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type validation failed: encountered 3 at .data_ptr, but expected something in the range 0..=1
|
= note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rust compiler repository if you believe it should not be considered undefined behavior

error[E0080]: this constant likely exhibits undefined behavior
--> $DIR/union-ub-fat-ptr.rs:106:1
|
LL | const H: &[bool] = &[unsafe { BoolTransmute { val: 3 }.bl }];
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type validation failed: encountered 3 at .data_ptr[0], but expected something in the range 0..=1
|
= note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rust compiler repository if you believe it should not be considered undefined behavior

error: aborting due to 9 previous errors

For more information about this error, try `rustc --explain E0080`.