Auto merge of #118567 - RalfJung:miri, r=RalfJung

Miri subtree update

r? `@ghost`

src/tools/miri/README.md

@@ -589,6 +589,7 @@ Definite bugs found:
 * [`regex` incorrectly handling unaligned `Vec<u8>` buffers](https://www.reddit.com/r/rust/comments/vq3mmu/comment/ienc7t0?context=3)
 * [Incorrect use of `compare_exchange_weak` in `once_cell`](https://github.com/matklad/once_cell/issues/186)
 * [Dropping with unaligned pointers in `vec::IntoIter`](https://github.com/rust-lang/rust/pull/106084)
+* [Deallocating with the wrong layout in new specializations for in-place `Iterator::collect`](https://github.com/rust-lang/rust/pull/118460)
 
 Violations of [Stacked Borrows] found that are likely bugs (but Stacked Borrows is currently just an experiment):
 

src/tools/miri/rust-version

@@ -1 +1 @@
-3668a8af1b81447c4afa1f82f60d7b94b71a549f
+225e36cff9809948d6567ab16f75d7b087ea83a7

src/tools/miri/src/borrow_tracker/stacked_borrows/mod.rs

@@ -37,8 +37,6 @@ pub struct Stacks {
     history: AllocHistory,
     /// The set of tags that have been exposed inside this allocation.
     exposed_tags: FxHashSet<BorTag>,
-    /// Whether this memory has been modified since the last time the tag GC ran
-    modified_since_last_gc: bool,
 }
 
 /// Indicates which permissions to grant to the retagged pointer.
@@ -450,15 +448,10 @@ impl<'tcx> Stack {
 /// Integration with the BorTag garbage collector
 impl Stacks {
     pub fn remove_unreachable_tags(&mut self, live_tags: &FxHashSet<BorTag>) {
-        if self.modified_since_last_gc {
-            for (_stack_range, stack) in self.stacks.iter_mut_all() {
-                if stack.len() > 64 {
-                    stack.retain(live_tags);
-                }
-            }
-            self.history.retain(live_tags);
-            self.modified_since_last_gc = false;
+        for (_stack_range, stack) in self.stacks.iter_mut_all() {
+            stack.retain(live_tags);
         }
+        self.history.retain(live_tags);
     }
 }
 
@@ -488,7 +481,6 @@ impl<'tcx> Stacks {
             stacks: RangeMap::new(size, stack),
             history: AllocHistory::new(id, item, machine),
             exposed_tags: FxHashSet::default(),
-            modified_since_last_gc: false,
         }
     }
 
@@ -503,7 +495,6 @@ impl<'tcx> Stacks {
             &mut FxHashSet<BorTag>,
         ) -> InterpResult<'tcx>,
     ) -> InterpResult<'tcx> {
-        self.modified_since_last_gc = true;
         for (stack_range, stack) in self.stacks.iter_mut(range.start, range.size) {
             let mut dcx = dcx_builder.build(&mut self.history, Size::from_bytes(stack_range.start));
             f(stack, &mut dcx, &mut self.exposed_tags)?;

src/tools/miri/src/shims/intrinsics/simd.rs

@@ -1,6 +1,7 @@
 use rustc_apfloat::{Float, Round};
 use rustc_middle::ty::layout::{HasParamEnv, LayoutOf};
 use rustc_middle::{mir, ty, ty::FloatTy};
+use rustc_span::{sym, Symbol};
 use rustc_target::abi::{Endian, HasDataLayout};
 
 use crate::*;
@@ -25,7 +26,12 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriInterpCxExt<'mir, 'tcx> {
             | "floor"
             | "round"
             | "trunc"
-            | "fsqrt" => {
+            | "fsqrt"
+            | "ctlz"
+            | "cttz"
+            | "bswap"
+            | "bitreverse"
+            => {
                 let [op] = check_arg_count(args)?;
                 let (op, op_len) = this.operand_to_simd(op)?;
                 let (dest, dest_len) = this.place_to_simd(dest)?;
@@ -38,6 +44,7 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriInterpCxExt<'mir, 'tcx> {
                     Abs,
                     Sqrt,
                     Round(rustc_apfloat::Round),
+                    Numeric(Symbol),
                 }
                 let which = match intrinsic_name {
                     "neg" => Op::MirOp(mir::UnOp::Neg),
@@ -47,6 +54,10 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriInterpCxExt<'mir, 'tcx> {
                     "floor" => Op::Round(rustc_apfloat::Round::TowardNegative),
                     "round" => Op::Round(rustc_apfloat::Round::NearestTiesToAway),
                     "trunc" => Op::Round(rustc_apfloat::Round::TowardZero),
+                    "ctlz" => Op::Numeric(sym::ctlz),
+                    "cttz" => Op::Numeric(sym::cttz),
+                    "bswap" => Op::Numeric(sym::bswap),
+                    "bitreverse" => Op::Numeric(sym::bitreverse),
                     _ => unreachable!(),
                 };
 
@@ -101,6 +112,20 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriInterpCxExt<'mir, 'tcx> {
                                 }
                             }
                         }
+                        Op::Numeric(name) => {
+                            assert!(op.layout.ty.is_integral());
+                            let size = op.layout.size;
+                            let bits = op.to_scalar().to_bits(size).unwrap();
+                            let extra = 128u128.checked_sub(u128::from(size.bits())).unwrap();
+                            let bits_out = match name {
+                                sym::ctlz => u128::from(bits.leading_zeros()).checked_sub(extra).unwrap(),
+                                sym::cttz => u128::from((bits << extra).trailing_zeros()).checked_sub(extra).unwrap(),
+                                sym::bswap => (bits << extra).swap_bytes(),
+                                sym::bitreverse => (bits << extra).reverse_bits(),
+                                _ => unreachable!(),
+                            };
+                            Scalar::from_uint(bits_out, size)
+                        }
                     };
                     this.write_scalar(val, &dest)?;
                 }
@@ -126,7 +151,8 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriInterpCxExt<'mir, 'tcx> {
             | "fmin"
             | "saturating_add"
             | "saturating_sub"
-            | "arith_offset" => {
+            | "arith_offset"
+            => {
                 use mir::BinOp;
 
                 let [left, right] = check_arg_count(args)?;
@@ -386,7 +412,6 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriInterpCxExt<'mir, 'tcx> {
                 let (dest, dest_len) = this.place_to_simd(dest)?;
                 let bitmask_len = dest_len.max(8);
 
-                assert!(mask.layout.ty.is_integral());
                 assert!(bitmask_len <= 64);
                 assert_eq!(bitmask_len, mask.layout.size.bits());
                 assert_eq!(dest_len, yes_len);
@@ -394,8 +419,18 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriInterpCxExt<'mir, 'tcx> {
                 let dest_len = u32::try_from(dest_len).unwrap();
                 let bitmask_len = u32::try_from(bitmask_len).unwrap();
 
-                let mask: u64 =
-                    this.read_scalar(mask)?.to_bits(mask.layout.size)?.try_into().unwrap();
+                // The mask can be a single integer or an array.
+                let mask: u64 = match mask.layout.ty.kind() {
+                    ty::Int(..) | ty::Uint(..) =>
+                        this.read_scalar(mask)?.to_bits(mask.layout.size)?.try_into().unwrap(),
+                    ty::Array(elem, _) if matches!(elem.kind(), ty::Uint(ty::UintTy::U8)) => {
+                        let mask_ty = this.machine.layouts.uint(mask.layout.size).unwrap();
+                        let mask = mask.transmute(mask_ty, this)?;
+                        this.read_scalar(&mask)?.to_bits(mask_ty.size)?.try_into().unwrap()
+                    }
+                    _ => bug!("simd_select_bitmask: invalid mask type {}", mask.layout.ty),
+                };
+
                 for i in 0..dest_len {
                     let mask = mask
                         & 1u64

src/tools/miri/tests/fail/tree_borrows/reserved/cell-protected-write.rs

@@ -1,3 +1,4 @@
+// We disable the GC for this test because it would change what is printed.
 //@compile-flags: -Zmiri-tree-borrows -Zmiri-provenance-gc=0
 
 // Check how a Reserved with interior mutability

src/tools/miri/tests/fail/tree_borrows/reserved/int-protected-write.rs

@@ -1,3 +1,4 @@
+// We disable the GC for this test because it would change what is printed.
 //@compile-flags: -Zmiri-tree-borrows -Zmiri-provenance-gc=0
 
 #[path = "../../../utils/mod.rs"]

src/tools/miri/tests/fail/uninit/uninit_alloc_diagnostic.rs

@@ -1,3 +1,4 @@
+//@compile-flags: -Zmiri-disable-validation
 //@error-in-other-file: memory is uninitialized at [0x4..0x10]
 
 #![allow(dropping_copy_types)]

src/tools/miri/tests/fail/uninit/uninit_alloc_diagnostic.stderr

@@ -10,7 +10,7 @@ LL |         let mut order = unsafe { compare_bytes(left.as_ptr(), right.as_ptr(
    = note: inside `<u8 as core::slice::cmp::SliceOrd>::compare` at RUSTLIB/core/src/slice/cmp.rs:LL:CC
    = note: inside `core::slice::cmp::<impl std::cmp::Ord for [u8]>::cmp` at RUSTLIB/core/src/slice/cmp.rs:LL:CC
 note: inside `main`
-  --> $DIR/uninit_buffer.rs:LL:CC
+  --> $DIR/uninit_alloc_diagnostic.rs:LL:CC
    |
 LL |         drop(slice1.cmp(slice2));
    |              ^^^^^^^^^^^^^^^^^^

src/tools/miri/tests/fail/uninit/uninit_alloc_diagnostic_with_provenance.rs

@@ -1,3 +1,4 @@
+//@compile-flags: -Zmiri-disable-validation
 //@error-in-other-file: memory is uninitialized at [0x4..0x8]
 //@normalize-stderr-test: "a[0-9]+" -> "ALLOC"
 #![feature(strict_provenance)]

src/tools/miri/tests/fail/uninit/uninit_alloc_diagnostic_with_provenance.stderr

@@ -10,7 +10,7 @@ LL |         let mut order = unsafe { compare_bytes(left.as_ptr(), right.as_ptr(
    = note: inside `<u8 as core::slice::cmp::SliceOrd>::compare` at RUSTLIB/core/src/slice/cmp.rs:LL:CC
    = note: inside `core::slice::cmp::<impl std::cmp::Ord for [u8]>::cmp` at RUSTLIB/core/src/slice/cmp.rs:LL:CC
 note: inside `main`
-  --> $DIR/uninit_buffer_with_provenance.rs:LL:CC
+  --> $DIR/uninit_alloc_diagnostic_with_provenance.rs:LL:CC
    |
 LL |         drop(slice1.cmp(slice2));
    |              ^^^^^^^^^^^^^^^^^^

src/tools/miri/tests/fail/validity/invalid_bool_op.stderr

@@ -1,5 +1,5 @@
 error: Undefined Behavior: interpreting an invalid 8-bit value as a bool: 0x02
-  --> $DIR/invalid_bool.rs:LL:CC
+  --> $DIR/invalid_bool_op.rs:LL:CC
    |
 LL |     let _x = b == std::hint::black_box(true);
    |              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ interpreting an invalid 8-bit value as a bool: 0x02
@@ -7,7 +7,7 @@ LL |     let _x = b == std::hint::black_box(true);
    = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
    = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
    = note: BACKTRACE:
-   = note: inside `main` at $DIR/invalid_bool.rs:LL:CC
+   = note: inside `main` at $DIR/invalid_bool_op.rs:LL:CC
 
 note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
 

src/tools/miri/tests/fail/validity/invalid_char_op.stderr

@@ -1,5 +1,5 @@
 error: Undefined Behavior: interpreting an invalid 32-bit value as a char: $HEX
-  --> $DIR/invalid_char.rs:LL:CC
+  --> $DIR/invalid_char_op.rs:LL:CC
    |
 LL |     let _x = c == 'x';
    |              ^^^^^^^^ interpreting an invalid 32-bit value as a char: $HEX
@@ -7,7 +7,7 @@ LL |     let _x = c == 'x';
    = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
    = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
    = note: BACKTRACE:
-   = note: inside `main` at $DIR/invalid_char.rs:LL:CC
+   = note: inside `main` at $DIR/invalid_char_op.rs:LL:CC
 
 note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
 

src/tools/miri/tests/fail/validity/invalid_enum_op.stderr

@@ -1,5 +1,5 @@
 error: Undefined Behavior: enum value has invalid tag: $HEX
-  --> $DIR/invalid_enum_tag.rs:LL:CC
+  --> $DIR/invalid_enum_op.rs:LL:CC
    |
 LL |     let _val = mem::discriminant(&f);
    |                ^^^^^^^^^^^^^^^^^^^^^ enum value has invalid tag: $HEX
@@ -7,7 +7,7 @@ LL |     let _val = mem::discriminant(&f);
    = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
    = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
    = note: BACKTRACE:
-   = note: inside `main` at $DIR/invalid_enum_tag.rs:LL:CC
+   = note: inside `main` at $DIR/invalid_enum_op.rs:LL:CC
 
 note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
 

src/tools/miri/tests/fail/validity/invalid_int_op.stderr

@@ -1,5 +1,5 @@
 error: Undefined Behavior: using uninitialized data, but this operation requires initialized memory
-  --> $DIR/invalid_int.rs:LL:CC
+  --> $DIR/invalid_int_op.rs:LL:CC
    |
 LL |     let i = unsafe { std::mem::MaybeUninit::<i32>::uninit().assume_init() };
    |                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ using uninitialized data, but this operation requires initialized memory
@@ -7,7 +7,7 @@ LL |     let i = unsafe { std::mem::MaybeUninit::<i32>::uninit().assume_init() }
    = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
    = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
    = note: BACKTRACE:
-   = note: inside `main` at $DIR/invalid_int.rs:LL:CC
+   = note: inside `main` at $DIR/invalid_int_op.rs:LL:CC
 
 note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
 

src/tools/miri/tests/pass/concurrency/sync.rs

@@ -83,7 +83,7 @@ fn check_conditional_variables_timed_wait_notimeout() {
         cvar.notify_one();
     });
 
-    let (_guard, timeout) = cvar.wait_timeout(guard, Duration::from_millis(500)).unwrap();
+    let (_guard, timeout) = cvar.wait_timeout(guard, Duration::from_millis(1000)).unwrap();
     assert!(!timeout.timed_out());
     handle.join().unwrap();
 }

src/tools/miri/tests/pass/portable-simd.rs

@@ -197,6 +197,24 @@ fn simd_ops_i32() {
     assert_eq!(b.reduce_or(), -1);
     assert_eq!(a.reduce_xor(), 0);
     assert_eq!(b.reduce_xor(), -4);
+
+    assert_eq!(b.leading_zeros(), u32x4::from_array([31, 30, 30, 0]));
+    assert_eq!(b.trailing_zeros(), u32x4::from_array([0, 1, 0, 2]));
+    assert_eq!(b.leading_ones(), u32x4::from_array([0, 0, 0, 30]));
+    assert_eq!(b.trailing_ones(), u32x4::from_array([1, 0, 2, 0]));
+    assert_eq!(
+        b.swap_bytes(),
+        i32x4::from_array([0x01000000, 0x02000000, 0x03000000, 0xfcffffffu32 as i32])
+    );
+    assert_eq!(
+        b.reverse_bits(),
+        i32x4::from_array([
+            0x80000000u32 as i32,
+            0x40000000,
+            0xc0000000u32 as i32,
+            0x3fffffffu32 as i32
+        ])
+    );
 }
 
 fn simd_mask() {
@@ -247,6 +265,22 @@ fn simd_mask() {
             assert_eq!(bitmask2, [0b0001]);
         }
     }
+
+    // This used to cause an ICE.
+    let bitmask = u8x8::from_array([0b01000101, 0, 0, 0, 0, 0, 0, 0]);
+    assert_eq!(
+        mask32x8::from_bitmask_vector(bitmask),
+        mask32x8::from_array([true, false, true, false, false, false, true, false]),
+    );
+    let bitmask =
+        u8x16::from_array([0b01000101, 0b11110000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]);
+    assert_eq!(
+        mask32x16::from_bitmask_vector(bitmask),
+        mask32x16::from_array([
+            true, false, true, false, false, false, true, false, false, false, false, false, true,
+            true, true, true,
+        ]),
+    );
 }
 
 fn simd_cast() {

src/tools/miri/tests/pass/stacked-borrows/stack-printing.rs

@@ -1,4 +1,7 @@
-//@compile-flags: -Zmiri-permissive-provenance
+// We disable the GC for this test because it would change what is printed. We are testing the
+// printing, not how it interacts with the GC.
+//@compile-flags: -Zmiri-permissive-provenance -Zmiri-provenance-gc=0
+
 #![feature(strict_provenance)]
 use std::{
     alloc::{self, Layout},

src/tools/miri/tests/pass/tree_borrows/cell-alternate-writes.rs

@@ -1,3 +1,4 @@
+// We disable the GC for this test because it would change what is printed.
 //@compile-flags: -Zmiri-tree-borrows -Zmiri-provenance-gc=0
 #[path = "../../utils/mod.rs"]
 #[macro_use]

src/tools/miri/tests/pass/tree_borrows/end-of-protector.rs

@@ -1,3 +1,4 @@
+// We disable the GC for this test because it would change what is printed.
 //@compile-flags: -Zmiri-tree-borrows -Zmiri-provenance-gc=0
 
 // Check that a protector goes back to normal behavior when the function

src/tools/miri/tests/pass/tree_borrows/formatting.rs

@@ -1,3 +1,4 @@
+// We disable the GC for this test because it would change what is printed.
 //@compile-flags: -Zmiri-tree-borrows -Zmiri-provenance-gc=0
 
 #[path = "../../utils/mod.rs"]

src/tools/miri/tests/pass/tree_borrows/reborrow-is-read.rs

@@ -1,3 +1,4 @@
+// We disable the GC for this test because it would change what is printed.
 //@compile-flags: -Zmiri-tree-borrows -Zmiri-provenance-gc=0
 
 #[path = "../../utils/mod.rs"]

src/tools/miri/tests/pass/tree_borrows/reserved.rs

@@ -1,3 +1,4 @@
+// We disable the GC for this test because it would change what is printed.
 //@compile-flags: -Zmiri-tree-borrows -Zmiri-provenance-gc=0
 
 #[path = "../../utils/mod.rs"]

src/tools/miri/tests/pass/tree_borrows/unique.rs

@@ -1,4 +1,5 @@
 //@revisions: default uniq
+// We disable the GC for this test because it would change what is printed.
 //@compile-flags: -Zmiri-tree-borrows -Zmiri-provenance-gc=0
 //@[uniq]compile-flags: -Zmiri-unique-is-unique
 

src/tools/miri/tests/pass/tree_borrows/vec_unique.rs

@@ -1,4 +1,5 @@
 //@revisions: default uniq
+// We disable the GC for this test because it would change what is printed.
 //@compile-flags: -Zmiri-tree-borrows -Zmiri-provenance-gc=0
 //@[uniq]compile-flags: -Zmiri-unique-is-unique