miri/const eval: support MaybeDangling

[WaffleLapkin]

View all comments

r? RalfJung

[rustbot]

Some changes occurred to the CTFE / Miri interpreter

cc @rust-lang/miri

Some changes occurred to the CTFE machinery

cc @RalfJung, @oli-obk, @lcnr

The Miri subtree was changed

cc @rust-lang/miri

[theemathas]

Does this have insta-stable behavior change for ManuallyDrop in consteval?

[RalfJung]

It should only affect the behavior of code that still has UB until MaybeDangling is stabilized.

[RalfJung]

It is very import that we land #150447 before landing this, to avoid a situation where we generate LLVM IR with UB but Miri reports no UB.

[WaffleLapkin]

@RalfJung I think I've addressed the review comments and this is ready for review too :)

(still blocked on the compiler change though)

[RalfJung]

(still blocked on the compiler change though)

By "the compiler change" you mean #150447 ?

[WaffleLapkin]

yes

[rustbot]

Some changes occurred in compiler/rustc_codegen_gcc

cc @antoyo, @GuillaumeGomez

Some changes occurred in compiler/rustc_codegen_cranelift

cc @bjorn3

Some changes occurred in tests/codegen-llvm/sanitizer

cc @rcvalle

[RalfJung]

Please rebase so it's easier to see the diff. :) Also, CI doesn't seem entirely happy yet.
@rustbot author

[rustbot]

Error: shortcut handler unexpectedly failed in this comment: failed to add labels

Please file an issue on GitHub at triagebot if there's a problem with this bot, or reach out on #triagebot on Zulip.

[apiraino]

(retry for debugging)

@rustbot author

[Kobzol]

(It was a 500 GitHub error)

[rustbot]

This PR was rebased onto a different main commit. Here's a range-diff highlighting what actually changed.

Rebasing is a normal part of keeping PRs up to date, so no action is needed—this note is just to help reviewers.

[RalfJung]

Looks good overall, thanks! All nits are minor.

View changes since this review

[RalfJung]

Please add a doc comment.

[RalfJung]

This isn't even a borrow checking thing. Please move the test to tests/fail/validity and have it disable Stacked Borrows to ensure we don't rely on the aliasing model for catching this.

[RalfJung]

Suggested change

	let could_dangle = mem::replace(&mut self.may_dangle, true);
	let old_may_dangle = mem::replace(&mut self.may_dangle, true);

[RalfJung]

Suggested change

// FIXME this says "null pointer" when null but we need translate

While we're at it

[RalfJung]

This comment doesn't make sense any more since we're skipping that part when may_dangle is true.

[RalfJung]

Suggested change

	// Make sure this is non-null. We checked dereferenceability above, but if `size` is zero
	// that does not imply non-null.
	// Make sure this is non-null. This is obviously needed when `may_dangle` is set,
	// but even if we did check dereferenceability above that would still allow null
	// pointers if `size` is zero.

[RalfJung]

Given that this case was contentious, please also add a test like

// Under the current models, we do not forbid writing through
// `MaybeDangling<&i32>`. That's not yet finally decided, but meanwhile
// ensure we document this and notice when it changes.
fn write_through_shr(x: MaybeDangling<&i32>) {
  let y: *mut i32 = transmute(x);
  y.write(1);
}

let mutref = &mut 0i32;
write_through_shr(transmute(mutref));

[WaffleLapkin]

@RalfJung I think I addressed your nits, unless I missed something ^^'

[RalfJung]

I meant for this to just be a new test in the other file -- no reason to split it up.

[RalfJung]

Suggested change

	// Determine size and alignment of pointee.