From d8a1454dd858ea6188a264a4690b7fffb9cd19bf Mon Sep 17 00:00:00 2001 From: Noah Lev Date: Sat, 4 Sep 2021 16:07:20 -0700 Subject: [PATCH] miri: Detect uninitialized integers and floats Change the Miri engine to allow configuring whether to check initialization of integers and floats. This allows the Miri tool to optionally check for initialization if requested by the user. --- compiler/rustc_const_eval/src/interpret/machine.rs | 9 +++++++++ compiler/rustc_const_eval/src/interpret/validity.rs | 8 +++----- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/compiler/rustc_const_eval/src/interpret/machine.rs b/compiler/rustc_const_eval/src/interpret/machine.rs index 323e102b8723b..51207828935d2 100644 --- a/compiler/rustc_const_eval/src/interpret/machine.rs +++ b/compiler/rustc_const_eval/src/interpret/machine.rs @@ -131,6 +131,10 @@ pub trait Machine<'mir, 'tcx>: Sized { /// Whether to enforce the validity invariant fn enforce_validity(ecx: &InterpCx<'mir, 'tcx, Self>) -> bool; + /// Whether to enforce validity (e.g., initialization and not having ptr provenance) + /// of integers and floats. + fn enforce_number_validity(ecx: &InterpCx<'mir, 'tcx, Self>) -> bool; + /// Whether function calls should be [ABI](Abi)-checked. fn enforce_abi(_ecx: &InterpCx<'mir, 'tcx, Self>) -> bool { true @@ -426,6 +430,11 @@ pub macro compile_time_machine(<$mir: lifetime, $tcx: lifetime>) { false // for now, we don't enforce validity } + #[inline(always)] + fn enforce_number_validity(_ecx: &InterpCx<$mir, $tcx, Self>) -> bool { + true + } + #[inline(always)] fn call_extra_fn( _ecx: &mut InterpCx<$mir, $tcx, Self>, diff --git a/compiler/rustc_const_eval/src/interpret/validity.rs b/compiler/rustc_const_eval/src/interpret/validity.rs index fc69770bf6a30..6be3e19a833f4 100644 --- a/compiler/rustc_const_eval/src/interpret/validity.rs +++ b/compiler/rustc_const_eval/src/interpret/validity.rs @@ -520,7 +520,7 @@ impl<'rt, 'mir, 'tcx: 'mir, M: Machine<'mir, 'tcx>> ValidityVisitor<'rt, 'mir, ' let value = self.read_scalar(value)?; // NOTE: Keep this in sync with the array optimization for int/float // types below! - if self.ctfe_mode.is_some() { + if M::enforce_number_validity(self.ecx) { // Integers/floats in CTFE: Must be scalar bits, pointers are dangerous let is_bits = value.check_init().map_or(false, |v| v.try_to_int().is_ok()); if !is_bits { @@ -528,9 +528,6 @@ impl<'rt, 'mir, 'tcx: 'mir, M: Machine<'mir, 'tcx>> ValidityVisitor<'rt, 'mir, ' { "{}", value } expected { "initialized plain (non-pointer) bytes" } ) } - } else { - // At run-time, for now, we accept *anything* for these types, including - // uninit. We should fix that, but let's start low. } Ok(true) } @@ -855,9 +852,10 @@ impl<'rt, 'mir, 'tcx: 'mir, M: Machine<'mir, 'tcx>> ValueVisitor<'mir, 'tcx, M> } }; + let allow_uninit_and_ptr = !M::enforce_number_validity(self.ecx); match alloc.check_bytes( alloc_range(Size::ZERO, size), - /*allow_uninit_and_ptr*/ self.ctfe_mode.is_none(), + allow_uninit_and_ptr, ) { // In the happy case, we needn't check anything else. Ok(()) => {}