From 9a23878ea7486cf1667e4f30cbc58d3bed5e86e2 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Sun, 14 Jul 2024 18:43:15 +0200 Subject: [PATCH] add test for intermediate reference in '&(*x).0 as *const i32' --- .../dangling_pointer_to_raw_pointer.rs | 20 +++++++++++++++++++ .../dangling_pointer_to_raw_pointer.stderr | 20 +++++++++++++++++++ 2 files changed, 40 insertions(+) create mode 100644 src/tools/miri/tests/fail/dangling_pointers/dangling_pointer_to_raw_pointer.rs create mode 100644 src/tools/miri/tests/fail/dangling_pointers/dangling_pointer_to_raw_pointer.stderr diff --git a/src/tools/miri/tests/fail/dangling_pointers/dangling_pointer_to_raw_pointer.rs b/src/tools/miri/tests/fail/dangling_pointers/dangling_pointer_to_raw_pointer.rs new file mode 100644 index 0000000000000..023bce1616b89 --- /dev/null +++ b/src/tools/miri/tests/fail/dangling_pointers/dangling_pointer_to_raw_pointer.rs @@ -0,0 +1,20 @@ +#![feature(raw_ref_op)] +#![feature(strict_provenance)] +use std::ptr; + +fn direct_raw(x: *const (i32, i32)) -> *const i32 { + unsafe { &raw const (*x).0 } +} + +// Ensure that if a raw pointer is created via an intermediate +// reference, we catch that. (Just in case someone decides to +// desugar this differenly or so.) +fn via_ref(x: *const (i32, i32)) -> *const i32 { + unsafe { &(*x).0 as *const i32 } //~ERROR: dangling pointer +} + +fn main() { + let ptr = ptr::without_provenance(0x10); + direct_raw(ptr); // this is fine + via_ref(ptr); // this is not +} diff --git a/src/tools/miri/tests/fail/dangling_pointers/dangling_pointer_to_raw_pointer.stderr b/src/tools/miri/tests/fail/dangling_pointers/dangling_pointer_to_raw_pointer.stderr new file mode 100644 index 0000000000000..37f2bb3955763 --- /dev/null +++ b/src/tools/miri/tests/fail/dangling_pointers/dangling_pointer_to_raw_pointer.stderr @@ -0,0 +1,20 @@ +error: Undefined Behavior: out-of-bounds pointer use: 0x10[noalloc] is a dangling pointer (it has no provenance) + --> $DIR/dangling_pointer_to_raw_pointer.rs:LL:CC + | +LL | unsafe { &(*x).0 as *const i32 } + | ^^^^^^^ out-of-bounds pointer use: 0x10[noalloc] is a dangling pointer (it has no provenance) + | + = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior + = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information + = note: BACKTRACE: + = note: inside `via_ref` at $DIR/dangling_pointer_to_raw_pointer.rs:LL:CC +note: inside `main` + --> $DIR/dangling_pointer_to_raw_pointer.rs:LL:CC + | +LL | via_ref(ptr); // this is not + | ^^^^^^^^^^^^ + +note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace + +error: aborting due to 1 previous error +