mathieu/os-rust
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add Miri tests for PtrMetadata UB

Browse source
This commit is contained in:
Scott McMurray 2024-05-26 14:20:32 -07:00
parent 7150839552
commit 5a8c1f372a
6 changed files with 142 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
src/tools/miri/tests/fail/intrinsics/ptr_metadata_uninit_slice_data.rs Normal file
View file

@ -0,0 +1,22 @@
//@compile-flags: -Zmiri-disable-validation
#![feature(core_intrinsics, custom_mir)]
use std::intrinsics::mir::*;
// This disables validation and uses custom MIR hit exactly the UB in the intrinsic,
// rather than getting UB from the typed load or parameter passing.
#[custom_mir(dialect = "runtime")]
pub unsafe fn deref_meta(p: *const *const [i32]) -> usize {
mir!({
RET = PtrMetadata(*p); //~ ERROR: Undefined Behavior: using uninitialized data
Return()
})
}
fn main() {
let mut p = std::mem::MaybeUninit::<*const [i32]>::uninit();
unsafe {
(*p.as_mut_ptr().cast::<[usize; 2]>())[1] = 4;
let _meta = deref_meta(p.as_ptr().cast());
}
}

20
src/tools/miri/tests/fail/intrinsics/ptr_metadata_uninit_slice_data.stderr Normal file
View file

@ -0,0 +1,20 @@
error: Undefined Behavior: using uninitialized data, but this operation requires initialized memory
--> $DIR/ptr_metadata_uninit_slice_data.rs:LL:CC
|
LL | RET = PtrMetadata(*p);
| ^^^^^^^^^^^^^^^^^^^^^ using uninitialized data, but this operation requires initialized memory
|
= help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
= help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
= note: BACKTRACE:
= note: inside `deref_meta` at $DIR/ptr_metadata_uninit_slice_data.rs:LL:CC
note: inside `main`
--> $DIR/ptr_metadata_uninit_slice_data.rs:LL:CC
|
LL | let _meta = deref_meta(p.as_ptr().cast());
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
error: aborting due to 1 previous error

22
src/tools/miri/tests/fail/intrinsics/ptr_metadata_uninit_slice_len.rs Normal file
View file

@ -0,0 +1,22 @@
//@compile-flags: -Zmiri-disable-validation
#![feature(core_intrinsics, custom_mir)]
use std::intrinsics::mir::*;
// This disables validation and uses custom MIR hit exactly the UB in the intrinsic,
// rather than getting UB from the typed load or parameter passing.
#[custom_mir(dialect = "runtime")]
pub unsafe fn deref_meta(p: *const *const [i32]) -> usize {
mir!({
RET = PtrMetadata(*p); //~ ERROR: Undefined Behavior: using uninitialized data
Return()
})
}
fn main() {
let mut p = std::mem::MaybeUninit::<*const [i32]>::uninit();
unsafe {
(*p.as_mut_ptr().cast::<[*const i32; 2]>())[0] = 4 as *const i32;
let _meta = deref_meta(p.as_ptr().cast());
}
}

35
src/tools/miri/tests/fail/intrinsics/ptr_metadata_uninit_slice_len.stderr Normal file
View file

@ -0,0 +1,35 @@
warning: integer-to-pointer cast
--> $DIR/ptr_metadata_uninit_slice_len.rs:LL:CC
|
LL | (*p.as_mut_ptr().cast::<[*const i32; 2]>())[0] = 4 as *const i32;
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ integer-to-pointer cast
|
= help: This program is using integer-to-pointer casts or (equivalently) `ptr::with_exposed_provenance`,
= help: which means that Miri might miss pointer bugs in this program.
= help: See https://doc.rust-lang.org/nightly/std/ptr/fn.with_exposed_provenance.html for more details on that operation.
= help: To ensure that Miri does not miss bugs in your program, use Strict Provenance APIs (https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance, https://crates.io/crates/sptr) instead.
= help: You can then pass the `-Zmiri-strict-provenance` flag to Miri, to ensure you are not relying on `with_exposed_provenance` semantics.
= help: Alternatively, the `-Zmiri-permissive-provenance` flag disables this warning.
= note: BACKTRACE:
= note: inside `main` at $DIR/ptr_metadata_uninit_slice_len.rs:LL:CC
error: Undefined Behavior: using uninitialized data, but this operation requires initialized memory
--> $DIR/ptr_metadata_uninit_slice_len.rs:LL:CC
|
LL | RET = PtrMetadata(*p);
| ^^^^^^^^^^^^^^^^^^^^^ using uninitialized data, but this operation requires initialized memory
|
= help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
= help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
= note: BACKTRACE:
= note: inside `deref_meta` at $DIR/ptr_metadata_uninit_slice_len.rs:LL:CC
note: inside `main`
--> $DIR/ptr_metadata_uninit_slice_len.rs:LL:CC
|
LL | let _meta = deref_meta(p.as_ptr().cast());
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
error: aborting due to 1 previous error; 1 warning emitted

23
src/tools/miri/tests/fail/intrinsics/ptr_metadata_uninit_thin.rs Normal file
View file

@ -0,0 +1,23 @@
//@compile-flags: -Zmiri-disable-validation
#![feature(core_intrinsics, custom_mir)]
use std::intrinsics::mir::*;
// This disables validation and uses custom MIR hit exactly the UB in the intrinsic,
// rather than getting UB from the typed load or parameter passing.
#[custom_mir(dialect = "runtime")]
pub unsafe fn deref_meta(p: *const *const i32) -> () {
mir!({
RET = PtrMetadata(*p); //~ ERROR: Undefined Behavior: using uninitialized data
Return()
})
}
fn main() {
// Even though the meta is the trivially-valid `()`, this is still UB
let p = std::mem::MaybeUninit::<*const i32>::uninit();
unsafe {
let _meta = deref_meta(p.as_ptr());
}
}

20
src/tools/miri/tests/fail/intrinsics/ptr_metadata_uninit_thin.stderr Normal file
View file

@ -0,0 +1,20 @@
error: Undefined Behavior: using uninitialized data, but this operation requires initialized memory
--> $DIR/ptr_metadata_uninit_thin.rs:LL:CC
|
LL | RET = PtrMetadata(*p);
| ^^^^^^^^^^^^^^^^^^^^^ using uninitialized data, but this operation requires initialized memory
|
= help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
= help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
= note: BACKTRACE:
= note: inside `deref_meta` at $DIR/ptr_metadata_uninit_thin.rs:LL:CC
note: inside `main`
--> $DIR/ptr_metadata_uninit_thin.rs:LL:CC
|
LL | let _meta = deref_meta(p.as_ptr());
| ^^^^^^^^^^^^^^^^^^^^^^
note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
error: aborting due to 1 previous error